Commit upstream/1.18.2 - krb5

+1

-1

.travis-ci.sh less more

0	0	cd src
1	1	autoreconf
2		./configure --enable-maintainer-mode --with-ldap
	2	./configure --enable-maintainer-mode --with-ldap $CONFIGURE_OPTS
3	3	make $MAKEVARS
4	4	make check
5	5	make distclean

+8

-10

.travis.yml less more

0	0	language: c++
1	1
2	2	sudo: required
	3
	4	dist: xenial
3	5
4	6	matrix:
5	7	include:
6	8	- compiler: clang
7	9	env: MAKEVARS=CPPFLAGS=-Werror
	10	- compiler: clang
	11	env:
	12	- MAKEVARS=CPPFLAGS=-Werror
	13	- CONFIGURE_OPTS=--with-crypto-impl=openssl
8	14	- compiler: gcc
9	15
10	16	before_install:
11	17	- sudo apt-get update -qq
12		- sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev libssl-dev python3-paste slapd tcl-dev tcsh
13		- mkdir -p cmocka/build
14		- cd cmocka
15		- wget https://cmocka.org/files/1.1/cmocka-1.1.1.tar.xz
16		- tar -xvf cmocka-1.1.1.tar.xz
17		- cd build
18		- cmake ../cmocka-1.1.1 -DCMAKE_INSTALL_PREFIX=/usr
19		- make
20		- sudo make install
21		- cd ../..
	18	- sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libssl-dev python3-kdcproxy python3-pip slapd tcl-dev tcsh
	19	- pip3 install pyrad
22	20
23	21	script: sh -ex .travis-ci.sh

+1

-1

NOTICE less more

0		Copyright (C) 1985-2019 by the Massachusetts Institute of Technology.
	0	Copyright (C) 1985-2020 by the Massachusetts Institute of Technology.
1	1
2	2	All rights reserved.
3	3

+217

-177

README less more

0		Kerberos Version 5, Release 1.17
	0	Kerberos Version 5, Release 1.18
1	1
2	2	Release Notes
3	3	The MIT Kerberos Team

5	5	Copyright and Other Notices
6	6	---------------------------
7	7
8		Copyright (C) 1985-2019 by the Massachusetts Institute of Technology
	8	Copyright (C) 1985-2020 by the Massachusetts Institute of Technology
9	9	and its contributors. All rights reserved.
10	10
11	11	Please see the file named NOTICE for additional notices.

21	21	Additionally, you may find copies of the HTML format documentation
22	22	online at
23	23
24		http://web.mit.edu/kerberos/krb5-latest/doc/
	24	https://web.mit.edu/kerberos/krb5-latest/doc/
25	25
26	26	for the most recent supported release, or at
27	27
28		http://web.mit.edu/kerberos/krb5-devel/doc/
	28	https://web.mit.edu/kerberos/krb5-devel/doc/
29	29
30	30	for the release under development.
31	31
32	32	More information about Kerberos may be found at
33	33
34		http://web.mit.edu/kerberos/
	34	https://web.mit.edu/kerberos/
35	35
36	36	and at the MIT Kerberos Consortium web site
37	37
38		http://kerberos.org/
	38	https://kerberos.org/
39	39
40	40	Building and Installing Kerberos 5
41	41	----------------------------------

57	57
58	58	You may view bug reports by visiting
59	59
60		http://krbdev.mit.edu/rt/
	60	https://krbdev.mit.edu/rt/
61	61
62	62	and using the "Guest Login" button. Please note that the web
63	63	interface to our bug database is read-only for guests, and the primary
64	64	way to interact with our bug database is via email.
65	65
66		DES transition
67		--------------
68
69		The Data Encryption Standard (DES) is widely recognized as weak. The
70		krb5-1.7 release contains measures to encourage sites to migrate away
71		from using single-DES cryptosystems. Among these is a configuration
72		variable that enables "weak" enctypes, which defaults to "false"
73		beginning with krb5-1.8.
74
75		Major changes in 1.17 (2019-01-08)
	66	DES no longer supported
	67	-----------------------
	68
	69	Beginning with the krb5-1.18 release, single-DES encryption types are
	70	no longer supported.
	71
	72	Major changes in 1.18.2 (2020-05-21)
	73	------------------------------------
	74
	75	This is a bug fix release.
	76
	77	* Fix a SPNEGO regression where an acceptor using the default
	78	credential would improperly filter mechanisms, causing a negotiation
	79	failure.
	80
	81	* Fix a bug where the KDC would fail to issue tickets if the local
	82	krbtgt principal's first key has a single-DES enctype.
	83
	84	* Add stub functions to allow old versions of OpenSSL libcrypto to
	85	link against libkrb5.
	86
	87	* Fix a NegoEx bug where the client name and delegated credential
	88	might not be reported.
	89
	90	krb5-1.18.2 changes by ticket ID
	91	--------------------------------
	92
	93	8898 Fix overzealous SPNEGO src_name/deleg_cred release
	94	8905 Add stubs for some removed replay cache functions
	95	8906 KDC can select local TGT key of unsupported enctype
	96	8908 Fix SPNEGO acceptor mech filtering
	97
	98
	99	Major changes in 1.18.1 (2020-04-13)
	100	------------------------------------
	101
	102	This is a bug fix release.
	103
	104	* Fix a crash when qualifying short hostnames when the system has no
	105	primary DNS domain.
	106
	107	* Fix a regression when an application imports "service@" as a GSS
	108	host-based name for its acceptor credential handle.
	109
	110	* Fix KDC enforcement of auth indicators when they are modified by the
	111	KDB module.
	112
	113	* Fix removal of require_auth string attributes when the LDAP KDB
	114	module is used.
	115
	116	* Fix a compile error when building with musl libc on Linux.
	117
	118	* Fix a compile error when building with gcc 4.x.
	119
	120	* Change the KDC constrained delegation precedence order for
	121	consistency with Windows KDCs.
	122
	123	krb5-1.18.1 changes by ticket ID
	124	--------------------------------
	125
	126	8876 Fix AS-REQ checking of KDB-modified indicators
	127	8877 Cannot remove require_auth attribute with LDAP KDB module
	128	8880 Fix Linux build error with musl libc
	129	8881 Segfault in k5_primary_domain
	130	8884 Change KDC constrained-delegation precedence order
	131	8886 Document client keytab usage
	132	8888 compile failure on red hat 6
	133	8891 Codespell report for "krb5" (on fossies.org)
	134	8894 Correct formatting of trace log microseconds
	135	8895 ksu does not honor KRB5CCNAME
	136	8896 Fix typo in SPAKE modprinc example
	137
	138
	139	Major changes in 1.18 (2019-02-12)
76	140	----------------------------------
77	141
78	142	Administrator experience:
79	143
80		* A new Kerberos database module using the Lightning Memory-Mapped
81		Database library (LMDB) has been added. The LMDB KDB module should
82		be more performant and more robust than the DB2 module, and may
83		become the default module for new databases in a future release.
84
85		* "kdb5_util dump" will no longer dump policy entries when specific
86		principal names are requested.
	144	* Remove support for single-DES encryption types.
	145
	146	* Change the replay cache format to be more efficient and robust.
	147	Replay cache filenames using the new format end with ".rcache2" by
	148	default.
	149
	150	* setuid programs will automatically ignore environment variables that
	151	normally affect krb5 API functions, even if the caller does not use
	152	krb5_init_secure_context().
	153
	154	* Add an "enforce_ok_as_delegate" krb5.conf relation to disable
	155	credential forwarding during GSSAPI authentication unless the KDC
	156	sets the ok-as-delegate bit in the service ticket.
	157
	158	* Use the permitted_enctypes krb5.conf setting as the default value
	159	for default_tkt_enctypes and default_tgs_enctypes.
87	160
88	161	Developer experience:
89	162
90		* The new krb5_get_etype_info() API can be used to retrieve enctype,
91		salt, and string-to-key parameters from the KDC for a client
92		principal.
93
94		* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
95		principal names to be used with GSS-API functions.
96
97		* KDC and kadmind modules which call com_err() will now write to the
98		log file in a format more consistent with other log messages.
99
100		* Programs which use large numbers of memory credential caches should
101		perform better.
	163	* Implement krb5_cc_remove_cred() for all credential cache types.
	164
	165	* Add the krb5_pac_get_client_info() API to get the client account
	166	name from a PAC.
102	167
103	168	Protocol evolution:
104	169
105		* The SPAKE pre-authentication mechanism is now supported. This
106		mechanism protects against password dictionary attacks without
107		requiring any additional infrastructure such as certificates. SPAKE
108		is enabled by default on clients, but must be manually enabled on
109		the KDC for this release.
110
111		* PKINIT freshness tokens are now supported. Freshness tokens can
112		protect against scenarios where an attacker uses temporary access to
113		a smart card to generate authentication requests for the future.
114
115		* Password change operations now prefer TCP over UDP, to avoid
116		spurious error messages about replays when a response packet is
117		dropped.
118
119		* The KDC now supports cross-realm S4U2Self requests when used with a
120		third-party KDB module such as Samba's. The client code for
121		cross-realm S4U2Self requests is also now more robust.
	170	* Add KDC support for S4U2Self requests where the user is identified
	171	by X.509 certificate. (Requires support for certificate lookup from
	172	a third-party KDB module.)
	173
	174	* Remove support for an old ("draft 9") variant of PKINIT.
	175
	176	* Add support for Microsoft NegoEx. (Requires one or more third-party
	177	GSS modules implementing NegoEx mechanisms.)
	178
	179	* Honor the transited-policy-checked ticket flag on application
	180	servers, eliminating the requirement to configure capaths on
	181	servers in some scenarios.
122	182
123	183	User experience:
124	184
125		* The new ktutil addent -f flag can be used to fetch salt information
126		from the KDC for password-based keys.
127
128		* The new kdestroy -p option can be used to destroy a credential cache
129		within a collection by client principal name.
130
131		* The Kerberos man page has been restored, and documents the
132		environment variables that affect programs using the Kerberos
133		library.
	185	* Add support for "dns_canonicalize_hostname=fallback""`, causing
	186	host-based principal names to be tried first without DNS
	187	canonicalization, and again with DNS canonicalization if the
	188	un-canonicalized server is not found.
	189
	190	* Expand single-component hostnames in host-based principal names when
	191	DNS canonicalization is not used, adding the system's first DNS
	192	search path as a suffix. Add a "qualify_shortname" krb5.conf
	193	relation to override this suffix or disable expansion.
134	194
135	195	Code quality:
136	196
137		* Python test scripts now use Python 3.
138
139		* Python test scripts now display markers in verbose output, making it
140		easier to find where a failure occurred within the scripts.
141
142		* The Windows build system has been simplified and updated to work
143		with more recent versions of Visual Studio. A large volume of
144		unused Windows-specific code has been removed. Visual Studio 2013
145		or later is now required.
146
147		krb5-1.17 changes by ticket ID
	197	* The libkrb5 serialization code (used to export and import krb5 GSS
	198	security contexts) has been simplified and made type-safe.
	199
	200	* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
	201	messages has been revised to conform to current coding practices.
	202
	203	* The test suite has been modified to work with macOS System Integrity
	204	Protection enabled.
	205
	206	* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
	207	support can always be tested.
	208
	209	krb5-1.18 changes by ticket ID
148	210	------------------------------
149	211
150		7905 Password changes can result in replay error
151		8202 memory ccache cursors are invalidated by initialize
152		8270 No logging when a non-root ksu with command fails authorization
153		8587 ktutil addent should be able to fetch etype-info2 for principal
154		8629 etype-info not included in hint list for REQUIRES_HW_AUTH principals
155		8630 Logging from KDC/kadmind plugin modules
156		8634 Trace log on k5tls load failure
157		8635 Fix a few German translation prepositions
158		8636 PKINIT certid option cannot handle leading zero
159		8641 Make public headers work with gcc -Wundef
160		8642 etype-info conflated for initial, final reply key enctype
161		8647 Add SPAKE preauth support
162		8648 Implement PKINIT freshness tokens
163		8650 Exit with status 0 from kadmind
164		8651 profile library may try to reread from special device files
165		8652 Report extended errors in kinit -k -t KDB:
166		8653 Include preauth name in trace output if possible
167		8654 Prevent fallback from SPAKE to encrypted timestamp
168		8655 Need per-realm client configuration to deny encrypted timestamp
169		8657 SPAKE support for Windows build
170		8659 SPAKE client asks for password before checking second-factor support
171		8661 ksu segfaults when argc == 0
172		8662 Windows README does not document MFC requirement
173		8663 TLS is not free on library unload
174		8664 Avoid simultaneous KDB/ulog locks in ulog_replay
175		8665 Display more extended errors in kdb5_util
176		8673 Improve error for kadmind -proponly without iprop
177		8674 Add LMDB KDB module
178		8677 Escape curly braces in def-check.pl regexes
179		8678 Don't specify MFC library in Leash build
180		8679 Fix Leash build error with recent Visual Studio
181		8680 Update kfw installer for VS2017, WiX 3.11.1
182		8682 Stop building CNS for Windows
183		8684 Fix option parsing on Windows
184		8685 Make plugin auto-registration work on Windows
185		8686 Process profile includedir in sorted order
186		8687 Repeated lookups of local computer name on Windows
187		8689 t_path.c build failure with NDEBUG
188		8690 Fix Windows strerror_r() implementation
189		8691 Use pkg.m4 macros
190		8692 Make docs build python3-compatible
191		8693 Resource leak in domain_fallback_realm()
192		8694 Add documentation on dictionary attacks
193		8695 Resource leak in krb5_524_conv_principal()
194		8696 Resource leak in krb5_425_conv_principal()
195		8697 Resource leak in krb5_gss_inquire_cred()
196		8698 Resource leak in aname_replacer()
197		8699 Resource leak in k5_os_hostaddr()
198		8700 Resource leak in krb5int_get_fq_local_hostname()
199		8702 Resource leak in kdb5_purge_mkeys()
200		8703 Resource leak in RPC UDP cache code
201		8704 Resource leak in read_secret_file()
202		8707 Resource leak in ulog_map()
203		8708 Incorrect error handling in OTP plugin
204		8709 Explicitly look for python2 in configure.in
205		8710 Convert Python tests to Python 3
206		8711 Use SHA-256 instead of MD5 for audit ticket IDs
207		8713 Zap copy of secret in RC4 string-to-key
208		8715 Make krb5kdc -p affect TCP ports
209		8716 Remove outdated note in krb5kdc man page
210		8718 krb5_get_credentials incorrectly matches user to user ticket
211		8719 Extend gss-sample timeout from 10s to 300s
212		8720 Don't include all MEMORY ccaches in collection
213		8721 Don't tag S4U2Proxy result creds as user-to-user
214		8722 Use a hash table for MEMORY ccache resolution
215		8723 Use PTHREAD_CFLAGS when testing for getpwnam_r()
216		8724 Add kdestroy -p option
217		8725 Update many documentation links to https
218		8726 Null deref on some invalid PKINIT identities
219		8727 Check strdup return in kadm5_get_config_params()
220		8728 doc: kswitch manual "see also" subsection typo
221		8729 Memory leak in gss_add_cred() creation case
222		8730 Add kvno option for user-to-user
223		8731 Document that DESTDIR must be an absolute path
224		8732 Fix name of .pdb file in ccapi/test/Makefile.in
225		8733 Multiple pkinit_identities semantics are unclear and perhaps not useful
226		8734 gss_add_cred() aliases memory when creating extended cred
227		8736 Check mech cred in gss_inquire_cred_by_mech()
228		8737 gss_add_cred() ignores desired_name if creating a new credential
229		8738 Use the term "replica KDC" in source and docs
230		8741 S4U2Self client code fails with no default realm
231		8742 Use "replica" in iprop settings
232		8743 Fix incorrect TRACE usages to use {str}
233		8744 KDC/kadmind may not follow master key change before purge_mkeys
234		8745 libss without readline can interfere with reading passwords
235		8746 Fix 64-bit Windows socket write error handling
236		8747 Allow referrals for cross-realm S4U2Self requests
237		8748 Add more constraints to S4U2Self processing
238		8749 Add PAC APIs which can include a client realm
239		8750 Resource leak in ktutil_add()
240		8751 Fix up kdb5_util documentation
241		8752 Don't dump policies if principals are specified
242		8753 Prevent SIGPIPE from socket writes on UNIX-likes
243		8754 Correct kpasswd_server description in krb5.conf(5)
244		8755 Bring back general kerberos man page
245		8756 Add GSS_KRB5_NT_ENTERPRISE_NAME name type
246		8757 Start S4U2Self realm lookup at server realm
247		8759 Resource leak in kadm5_randkey_principal_3()
248		8760 Retry KCM writes once on remote hangup
249		8762 Fix spelling of auth_to_local example
250		8763 Ignore password attributes for S4U2Self requests
251		8767 Remove incorrect KDC assertion
252		8768 Fix double-close in ksu get_authorized_princ_names
253		8769 Fix build issues with Solaris native compiler
	212	5891 kdb_ldap should treat entries with "nsAccountLock: true" as locked
	213	7135 gssapi mechanism glue dlcloses objects potentially after they are already unloaded
	214	7765 Some ccache functions not exported
	215	7871 KDC should not fail requests due to forwardable/proxiable option
	216	8349 use __APPLE_USE_RFC_3542 to get IPV6_PKTINFO on Mac OS X
	217	8761 ksu doesn't allow acquisition of non-forwardable tickets
	218	8764 get_creds can add redundant cache entry for referral ticket
	219	8765 Add dns_canonicalize_hostname=fallback support
	220	8773 Mark deprecated enctypes when used
	221	8775 Process SPNEGO error tokens through mech
	222	8777 S4U2Self with X.509 certificate bugs
	223	8778 Add new kvno protocol transition options
	224	8780 Expand S4U2Self exception in KDC lineage check
	225	8781 Add KDC support for X.509 S4U2Self requests
	226	8784 Use better name type for PKINIT KDC certs
	227	8785 Use memory replay cache for DO_TIME auth contexts
	228	8786 Hash-based replay cache implementation
	229	8788 Rename configure.in to configure.ac
	230	8791 Add option to build without libkeyutils
	231	8792 Implement krb5_cc_remove_cred for remaining types
	232	8793 Remove srvtab support
	233	8794 Remove kadmin RPC support for setting v4 key
	234	8795 configure: chech for libncursesw, if libncurses is not found
	235	8798 Remove ovsec_adm_export dump format support
	236	8799 Check more errors in OpenSSL crypto backend
	237	8800 Add secure_getenv() support
	238	8804 Remove checksum type profile variables
	239	8805 Modernize example enctypes in documentation
	240	8806 kdb5_util errors on command arguments matching command names
	241	8807 Set a more modern default ksu CMD_PATH
	242	8808 Remove single-DES support
	243	8811 In klist, display ticket server if different
	244	8812 Remove support for no-flags SAM-2 preauth
	245	8815 Verify PAC client name independently of name-type
	246	8816 kproplog cannot display LOCKDOWN_KEYS attribute
	247	8817 Remove PKINIT draft 9 support
	248	8819 gss_set_allowable_enctypes() fails if any enctypes aren't recognized
	249	8823 Allow the KDB to see and modify auth indicators
	250	8827 Change definition of KRB5_KDB_FLAG_CROSS_REALM
	251	8828 Add API to get client account name from PAC
	252	8829 Fix authdata signatures for non-TGT AS-REQs
	253	8833 Add environment variable for GSS mech config
	254	8842 Record start time of AS requests earlier in KDC
	255	8843 Allow client canonicalization in non-krbtgt AS-REP
	256	8844 SPNEGO should filter mechs on acceptor with gss_acquire_cred()
	257	8845 SPNEGO init/accept output parameter bugs
	258	8847 Add enforce_ok_as_delegate setting
	259	8849 Install gssapi/gssapi_alloc.h properly
	260	8851 NegoEx
	261	8855 Qualify short hostnames when not using DNS
	262	8856 segfault in krb5-1.17.1/src/lib/krb5/krb/authdata.c
	263	8857 Don't warn in kadmin when no policy is specified
	264	8858 Do not always canonicalize enterprise principals
	265	8859 Remove KRB5_KDB_FLAG_ALIAS_OK
	266	8860 Allow kprop over NATs
	267	8861 Fix LDAP policy enforcement of pw_expiration
	268	8864 Fix error handling in gssint_mechglue_init()
	269	8865 Check cross-realm TGT name for RBCD requests
	270	8866 Fix S4U client authdata handling
	271	8867 Fix KDC crash in handle_signticket
	272	8868 Allow cross-realm RBCD with PAC and other authdata
	273	8869 Apply permitted_enctypes to KDC request enctypes
	274	8870 Honor transited-policy-checked flag in servers
	275	8872 Put KDB authdata first
	276	8873 Don't assume OpenSSL failures are memory errors
	277	8874 Always use S4U2Proxy second ticket parsed authdata
254	278
255	279	Acknowledgements
256	280	----------------

352	376	Brian Almeida
353	377	Michael B Allen
354	378	Pooja Anil
	379	Jeffrey Arbuckle
355	380	Heinz-Ado Arnolds
356	381	Derek Atkins
357	382	Mark Bannister

362	387	Adam Bernstein
363	388	Arlene Berry
364	389	Jeff Blaine
	390	Toby Blake
365	391	Radoslav Bodo
366	392	Sumit Bose
367	393	Emmanuel Bouillon

409	435	Remi Ferrand
410	436	Paul Fertser
411	437	Fabiano Fidêncio
	438	Frank Filz
412	439	William Fiveash
413	440	Jacques Florent
414	441	Ákos Frohner
415	442	Sebastian Galiano
416	443	Marcus Granado
417	444	Dylan Gray
	445	Norm Green
418	446	Scott Grizzard
419	447	Helmut Grohne
420	448	Steve Grubb

444	472	Pavel Jindra
445	473	Brian Johannesmeyer
446	474	Joel Johnson
	475	Lutz Justen
447	476	Alexander Karaivanov
448	477	Anders Kaseorg
449	478	Bar Katz

452	481	W. Trevor King
453	482	Patrik Kis
454	483	Martin Kittel
	484	Thomas Klausner
455	485	Matthew Krupcale
456	486	Mikkel Kruse
457	487	Reinhard Kugler
458	488	Tomas Kuthan
459	489	Pierre Labastie
	490	Andreas Ladanyi
460	491	Chris Leick
461	492	Volker Lendecke
462	493	Jan iankko Lieskovsky

469	500	Nuno Lopes
470	501	Todd Lubin
471	502	Ryan Lynch
	503	Glenn Machin
472	504	Roland Mainz
473	505	Sorin Manolache
	506	Robert Marshall
474	507	Andrei Maslennikov
475	508	Michael Mattioli
476	509	Nathaniel McCallum

491	524	Andrej Ota
492	525	Dmitri Pal
493	526	Javier Palacios
	527	Dilyan Palauzov
494	528	Tom Parker
	529	Eric Pauly
	530	Leonard Peirce
495	531	Ezra Peisach
496	532	Alejandro Perez
497	533	Zoran Pericic

512	548	Mike Roszkowski
513	549	Guillaume Rousse
514	550	Joshua Schaeffer
	551	Jens Schleusener
515	552	Andreas Schneider
516	553	Paul Seyfert
517	554	Tom Shaw
518	555	Jim Shi
	556	Jerry Shipman
519	557	Peter Shoults
520	558	Richard Silverman
521	559	Cel Skeggs

523	561	Michael Spang
524	562	Michael Ströder
525	563	Bjørn Tore Sund
	564	Ondřej Surý
526	565	Joe Travaglini
527	566	Tim Uglow
528	567	Rathor Vipin

542	581	Nicolas Williams
543	582	Ross Wilper
544	583	Augustin Wolf
	584	Garrett Wollman
545	585	David Woodhouse
546	586	Tsu-Phong Wu
547	587	Xu Qiang

+1

-1

doc/_templates/layout.html less more

37	37	{% if logo %}
38	38	<p class="logo">
39	39	{# Link logo to kerberos.org #}
40		<a href="http://kerberos.org"> <img class="logo"
	40	<a href="https://kerberos.org"> <img class="logo"
41	41	src="{{ pathto('_static/' + logo, 1) }}" alt="Logo" /></a>
42	42	</p>
43	43	{% endif %}

+5

-5

doc/admin/admin_commands/kadmin_local.rst less more

418	418	Example::
419	419
420	420	kadmin: addprinc jennifer
421		WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU";
	421	No policy specified for "jennifer@ATHENA.MIT.EDU";
422	422	defaulting to no policy.
423	423	Enter password for principal jennifer@ATHENA.MIT.EDU:
424	424	Re-enter password for principal jennifer@ATHENA.MIT.EDU:

568	568	Principal: tlyu/admin@BLEEP.COM
569	569	Expiration date: [never]
570	570	Last password change: Mon Aug 12 14:16:47 EDT 1996
571		Password expiration date: [none]
	571	Password expiration date: [never]
572	572	Maximum ticket life: 0 days 10:00:00
573	573	Maximum renewable life: 7 days 00:00:00
574	574	Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
575	575	Last successful authentication: [never]
576	576	Last failed authentication: [never]
577	577	Failed password attempts: 0
578		Number of keys: 2
579		Key: vno 1, des-cbc-crc
580		Key: vno 1, des-cbc-crc:v4
	578	Number of keys: 1
	579	Key: vno 1, aes256-cts-hmac-sha384-192
	580	MKey: vno 1
581	581	Attributes:
582	582	Policy: [none]
583	583

+1

-2

doc/admin/admin_commands/kadmind.rst less more

73	73
74	74	-nofork
75	75	causes the server to remain in the foreground and remain
76		associated to the terminal. In normal operation, you should allow
77		the server to place itself in the background.
	76	associated to the terminal.
78	77
79	78	-proponly
80	79	causes the server to only listen and respond to Kerberos replica

+48

-68

doc/admin/admin_commands/kdb5_ldap_util.rst less more

28	28
29	29	.. _kdb5_ldap_util_options:
30	30
	31	-r realm
	32	Specifies the realm to be operated on.
	33
31	34	-D user_dn
32	35	Specifies the Distinguished Name (DN) of the user who has
33	36	sufficient rights to perform the operation on the LDAP server.

37	40	recommended.
38	41
39	42	-H ldapuri
40		Specifies the URI of the LDAP server. It is recommended to use
41		``ldapi://`` or ``ldaps://`` to connect to the LDAP server.
	43	Specifies the URI of the LDAP server.
	44
	45	By default, kdb5_ldap_util operates on the default realm (as specified
	46	in :ref:`krb5.conf(5)`) and connects and authenticates to the LDAP
	47	server in the same manner as :ref:kadmind(8)` would given the
	48	parameters in :ref:`dbdefaults` in :ref:`kdc.conf(5)`.
42	49
43	50	.. _kdb5_ldap_util_options_end:
44	51

57	64	[-containerref container_reference_dn]
58	65	[-k mkeytype]
59	66	[-kv mkeyVNO]
	67	[-M mkeyname]
60	68	[-m\|-P password\\|\ -sf stashfilename]
61	69	[-s]
62		[-r realm]
63	70	[-maxtktlife max_ticket_life]
64	71	[-maxrenewlife max_renewable_ticket_life]
65	72	[ticket_flags]

91	98	Specifies the version number of the master key in the database;
92	99	the default is 1. Note that 0 is not allowed.
93	100
	101	-M mkeyname
	102	Specifies the principal name for the master key in the database.
	103	If not specified, the name is determined by the
	104	master_key_name variable in :ref:`kdc.conf(5)`.
	105
94	106	-m
95	107	Specifies that the master database password should be read from
96	108	the TTY rather than fetched from a file on the disk.

98	110	-P password
99	111	Specifies the master database password. This option is not
100	112	recommended.
101
102		-r realm
103		Specifies the Kerberos realm of the database.
104	113
105	114	-sf stashfilename
106	115	Specifies the stash file of the master database password.

124	133	Example::
125	134
126	135	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
127		create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU
	136	-r ATHENA.MIT.EDU create -subtrees o=org -sscope SUB
128	137	Password for "cn=admin,o=org":
129	138	Initializing database for realm 'ATHENA.MIT.EDU'
130	139	You will be prompted for the database Master Password.

143	152	[-subtrees subtree_dn_list]
144	153	[-sscope search_scope]
145	154	[-containerref container_reference_dn]
146		[-r realm]
147	155	[-maxtktlife max_ticket_life]
148	156	[-maxrenewlife max_renewable_ticket_life]
149	157	[ticket_flags]

164	172	container object in which the principals of a realm will be
165	173	created.
166	174
167		-r realm
168		Specifies the Kerberos realm of the database.
169
170	175	-maxtktlife max_ticket_life
171	176	(:ref:`getdate` string) Specifies maximum ticket life for
172	177	principals in this realm.

182	187
183	188	Example::
184	189
185		shell% kdb5_ldap_util -D cn=admin,o=org -H
186		ldaps://ldap-server1.mit.edu modify +requires_preauth -r
187		ATHENA.MIT.EDU
	190	shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	191	ldaps://ldap-server1.mit.edu modify +requires_preauth
188	192	Password for "cn=admin,o=org":
189	193	shell%
190	194

195	199
196	200	.. _kdb5_ldap_util_view:
197	201
198		view [-r realm]
199
200		Displays the attributes of a realm. Options:
201
202		-r realm
203		Specifies the Kerberos realm of the database.
204
205		Example::
206
207		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
208		view -r ATHENA.MIT.EDU
	202	view
	203
	204	Displays the attributes of a realm.
	205
	206	Example::
	207
	208	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	209	-r ATHENA.MIT.EDU view
209	210	Password for "cn=admin,o=org":
210	211	Realm Name: ATHENA.MIT.EDU
211	212	Subtree: ou=users,o=org

222	223
223	224	.. _kdb5_ldap_util_destroy:
224	225
225		destroy [-f] [-r realm]
	226	destroy [-f]
226	227
227	228	Destroys an existing realm. Options:
228	229
229	230	-f
230	231	If specified, will not prompt the user for confirmation.
231	232
232		-r realm
233		Specifies the Kerberos realm of the database.
234
235		Example::
236
237		shell% kdb5_ldap_util -D cn=admin,o=org -H
238		ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
	233	Example::
	234
	235	shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	236	ldaps://ldap-server1.mit.edu destroy
239	237	Password for "cn=admin,o=org":
240	238	Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
241	239	(type 'yes' to confirm)? yes

251	249
252	250	list
253	251
254		Lists the name of realms.
	252	Lists the names of realms under the container.
255	253
256	254	Example::
257	255

307	305	.. _kdb5_ldap_util_create_policy:
308	306
309	307	create_policy
310		[-r realm]
311	308	[-maxtktlife max_ticket_life]
312	309	[-maxrenewlife max_renewable_ticket_life]
313	310	[ticket_flags]
314	311	policy_name
315	312
316	313	Creates a ticket policy in the directory. Options:
317
318		-r realm
319		Specifies the Kerberos realm of the database.
320	314
321	315	-maxtktlife max_ticket_life
322	316	(:ref:`getdate` string) Specifies maximum ticket life for

338	332	Example::
339	333
340	334	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
341		create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day"
	335	-r ATHENA.MIT.EDU create_policy -maxtktlife "1 day"
342	336	-maxrenewlife "1 week" -allow_postdated +needchange
343	337	-allow_forwardable tktpolicy
344	338	Password for "cn=admin,o=org":

351	345	.. _kdb5_ldap_util_modify_policy:
352	346
353	347	modify_policy
354		[-r realm]
355	348	[-maxtktlife max_ticket_life]
356	349	[-maxrenewlife max_renewable_ticket_life]
357	350	[ticket_flags]

363	356	Example::
364	357
365	358	kdb5_ldap_util -D cn=admin,o=org -H
366		ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU
	359	ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify_policy
367	360	-maxtktlife "60 minutes" -maxrenewlife "10 hours"
368	361	+allow_postdated -requires_preauth tktpolicy
369	362	Password for "cn=admin,o=org":

376	369	.. _kdb5_ldap_util_view_policy:
377	370
378	371	view_policy
379		[-r realm]
380	372	policy_name
381	373
382		Displays the attributes of a ticket policy. Options:
383
384		policy_name
385		Specifies the name of the ticket policy.
386
387		Example::
388
389		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
390		view_policy -r ATHENA.MIT.EDU tktpolicy
	374	Displays the attributes of the named ticket policy.
	375
	376	Example::
	377
	378	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	379	-r ATHENA.MIT.EDU view_policy tktpolicy
391	380	Password for "cn=admin,o=org":
392	381	Ticket policy: tktpolicy
393	382	Maximum ticket life: 0 days 01:00:00

402	391	.. _kdb5_ldap_util_destroy_policy:
403	392
404	393	destroy_policy
405		[-r realm]
406	394	[-force]
407	395	policy_name
408	396
409	397	Destroys an existing ticket policy. Options:
410
411		-r realm
412		Specifies the Kerberos realm of the database.
413	398
414	399	-force
415	400	Forces the deletion of the policy object. If not specified, the

421	406	Example::
422	407
423	408	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
424		destroy_policy -r ATHENA.MIT.EDU tktpolicy
	409	-r ATHENA.MIT.EDU destroy_policy tktpolicy
425	410	Password for "cn=admin,o=org":
426	411	This will delete the policy object 'tktpolicy', are you sure?
427	412	(type 'yes' to confirm)? yes

435	420	.. _kdb5_ldap_util_list_policy:
436	421
437	422	list_policy
438		[-r realm]
439
440		Lists the ticket policies in realm if specified or in the default
441		realm. Options:
442
443		-r realm
444		Specifies the Kerberos realm of the database.
445
446		Example::
447
448		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
449		list_policy -r ATHENA.MIT.EDU
	423
	424	Lists ticket policies.
	425
	426	Example::
	427
	428	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	429	-r ATHENA.MIT.EDU list_policy
450	430	Password for "cn=admin,o=org":
451	431	tktpolicy
452	432	tmppolicy

+7

-14

doc/admin/admin_commands/kdb5_util.rst less more

135	135
136	136	.. _kdb5_util_dump:
137	137
138		dump [-b7\\|\ -ov\\|\ -r13\\|\ -r18]
	138	dump [-b7\\|\ -r13\\|\ -r18]
139	139	[-verbose] [-mkey_convert] [-new_mkey_file
140	140	mkey_file] [-rev] [-recurse] [filename
141	141	[principals...]]

149	149	causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util
150	150	load_dump version 4"). This was the dump format produced on
151	151	releases prior to 1.2.2.
152
153		-ov
154		causes the dump to be in "ovsec_adm_export" format.
155	152
156	153	-r13
157	154	causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util

203	200
204	201	.. _kdb5_util_load:
205	202
206		load [-b7\\|\ -ov\\|\ -r13\\|\ -r18] [-hash]
	203	load [-b7\\|\ -r13\\|\ -r18] [-hash]
207	204	[-verbose] [-update] filename
208	205
209	206	Loads a database dump from the named file into the named database. If

220	217	requires the database to be in the Kerberos 5 Beta 7 format
221	218	("kdb5_util load_dump version 4"). This was the dump format
222	219	produced on releases prior to 1.2.2.
223
224		-ov
225		requires the database to be in "ovsec_adm_import" format. Must be
226		used with the -update option.
227	220
228	221	-r13
229	222	requires the database to be in Kerberos 5 1.3 format ("kdb5_util

482	475	$ kdb5_util tabdump -o keyinfo.txt keyinfo
483	476	$ cat keyinfo.txt
484	477	name keyindex kvno enctype salttype salt
	478	K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
485	479	foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
486	480	bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
487		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
488	481	$ sqlite3
489	482	sqlite> .mode tabs
490	483	sqlite> .import keyinfo.txt keyinfo
491		sqlite> select * from keyinfo where enctype like 'des-cbc-%';
492		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	484	sqlite> select * from keyinfo where enctype like 'aes256-%';
	485	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
493	486	sqlite> .quit
494		$ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
495		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	487	$ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
	488	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
496	489
497	490
498	491	ENVIRONMENT

+5

-5

doc/admin/admin_commands/krb5kdc.rst less more

30	30	-------
31	31
32	32	The -r realm option specifies the realm for which the server
33		should provide service.
	33	should provide service. This option may be specified multiple times
	34	to serve multiple realms. If no -r option is given, the default
	35	realm (as specified in :ref:`krb5.conf(5)`) will be served.
34	36
35	37	The -d dbname option specifies the name under which the
36	38	principal database can be found. This option does not apply to the

38	40
39	41	The -k keytype option specifies the key type of the master key
40	42	to be entered manually as a password when -m is given; the default
41		is ``des-cbc-crc``.
	43	is \|defmkey\|.
42	44
43	45	The -M mkeyname option specifies the principal name for the
44	46	master key in the database (usually ``K/M`` in the KDC's realm).

47	49	be fetched from the keyboard rather than from a stash file.
48	50
49	51	The -n option specifies that the KDC does not put itself in the
50		background and does not disassociate itself from the terminal. In
51		normal operation, you should always allow the KDC to place itself in
52		the background.
	52	background and does not disassociate itself from the terminal.
53	53
54	54	The -P pid_file option tells the KDC to write its PID into
55	55	pid_file after it starts up. This can be used to identify whether

+2

-20

doc/admin/admin_commands/ktutil.rst less more

12	12	-----------
13	13
14	14	The ktutil command invokes a command interface from which an
15		administrator can read, write, or edit entries in a keytab or Kerberos
16		V4 srvtab file.
	15	administrator can read, write, or edit entries in a keytab. (Kerberos
	16	V4 srvtab files are no longer supported.)
17	17
18	18
19	19	COMMANDS

37	37
38	38	Alias: rkt
39	39
40		read_st
41		~~~~~~~
42
43		read_st srvtab
44
45		Read the Kerberos V4 srvtab file srvtab into the current keylist.
46
47		Alias: rst
48
49	40	write_kt
50	41	~~~~~~~~
51	42

54	45	Write the current keylist into the Kerberos V5 keytab file keytab.
55	46
56	47	Alias: wkt
57
58		write_st
59		~~~~~~~~
60
61		write_st srvtab
62
63		Write the current keylist into the Kerberos V4 srvtab file srvtab.
64
65		Alias: wst
66	48
67	49	clear_list
68	50	~~~~~~~~~~

+0

-1

doc/admin/advanced/index.rst less more

4	4	.. toctree::
5	5	:maxdepth: 1
6	6
7		ldapbackend.rst
8	7	retiring-des.rst

+0

-143

~~doc/admin/advanced/ldapbackend.rst~~ less more

0		.. _ldap_be_ubuntu:
1
2		LDAP backend on Ubuntu 10.4 (lucid)
3		===================================
4
5		Setting up Kerberos v1.9 with LDAP backend on Ubuntu 10.4 (Lucid Lynx)
6
7
8		Prerequisites
9		-------------
10
11		Install the following packages: slapd, ldap-utils and libldap2-dev
12
13		You can install the necessary packages with these commands::
14
15		sudo apt-get install slapd
16		sudo apt-get install ldap-utils
17		sudo apt-get install libldap2-dev
18
19		Extend the user schema using schemas from standart OpenLDAP
20		distribution: cosine, mics, nis, inetcomperson ::
21
22		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
23		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/mics.ldif
24		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
25		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetcomperson.ldif
26
27
28		Building Kerberos from source
29		-----------------------------
30
31		::
32
33		./configure --with-ldap
34		make
35		sudo make install
36
37
38		Setting up Kerberos
39		-------------------
40
41		Configuration
42		~~~~~~~~~~~~~
43
44		Update kdc.conf with the LDAP back-end information::
45
46		[realms]
47		EXAMPLE.COM = {
48		database_module = LDAP
49		}
50
51		[dbmodules]
52		LDAP = {
53		db_library = kldap
54		ldap_kerberos_container_dn = cn=krbContainer,dc=example,dc=com
55		ldap_kdc_dn = cn=admin,dc=example,dc=com
56		ldap_kadmind_dn = cn=admin,dc=example,dc=com
57		ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
58		ldap_servers = ldapi:///
59		}
60
61
62		Schema
63		~~~~~~
64
65		From the source tree copy
66		``src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema`` into
67		``/etc/ldap/schema``
68
69		Warning: this step should be done after slapd is installed to avoid
70		problems with slapd installation.
71
72		To convert kerberos.schema to run-time configuration (``cn=config``)
73		do the following:
74
75		#. Create a temporary file ``/tmp/schema_convert.conf`` with the
76		following content::
77
78		include /etc/ldap/schema/kerberos.schema
79
80		#. Create a temporary directory ``/tmp/krb5_ldif``.
81
82		#. Run::
83
84		slaptest -f /tmp/schema_convert.conf -F /tmp/krb5_ldif
85
86		This should in a new file named
87		``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif``.
88
89		#. Edit ``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif`` by
90		replacing the lines::
91
92		dn: cn={0}kerberos
93		cn: {0}kerberos
94
95		with
96
97		dn: cn=kerberos,cn=schema,cn=config
98		cn: kerberos
99
100		Also, remove following attribute-value pairs::
101
102		structuralObjectClass: olcSchemaConfig
103		entryUUID: ...
104		creatorsName: cn=config
105		createTimestamp: ...
106		entryCSN: ...
107		modifiersName: cn=config
108		modifyTimestamp: ...
109
110		#. Load the new schema with ldapadd (with the proper authentication)::
111
112		ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif
113
114		which should result the message ``adding new entry
115		"cn=kerberos,cn=schema,cn=config"``.
116
117
118		Create Kerberos database
119		------------------------
120
121		Using LDAP administrator credentials, create Kerberos database and
122		master key stash::
123
124		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
125
126		Stash the LDAP administrative passwords::
127
128		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// stashsrvpw cn=admin,dc=example,dc=com
129
130		Start :ref:`krb5kdc(8)`::
131
132		krb5kdc
133
134		To destroy database run::
135
136		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// destroy -f
137
138
139		Useful references
140		-----------------
141
142		* `Kerberos and LDAP <https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html>`_

+5

-0

doc/admin/advanced/retiring-des.rst less more

20	20	However, deployments of krb5 using Kerberos databases created with older
21	21	versions of krb5 will not necessarily start using strong crypto for
22	22	ordinary operation without administrator intervention.
	23
	24	MIT krb5 began flagging deprecated encryption types with release 1.17,
	25	and removed DES (single-DES) support in release 1.18. As a
	26	consequence, a release prior to 1.18 is required to perform these
	27	migrations.
23	28
24	29	Types of keys
25	30	-------------

+37

-0

doc/admin/appl_servers.rst less more

57	57	.. include:: admin_commands/kadmin_local.rst
58	58	:start-after: _ktremove:
59	59	:end-before: _ktremove_end:
	60
	61
	62	Using a keytab to acquire client credentials
	63	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	64
	65	While keytabs are ordinarily used to accept credentials from clients,
	66	they can also be used to acquire initial credentials, allowing one
	67	service to authenticate to another.
	68
	69	To manually obtain credentials using a keytab, use the :ref:`kinit(1)`
	70	-k option, together with the -t option if the keytab is not in
	71	the default location.
	72
	73	Beginning with release 1.11, GSSAPI applications can be configured to
	74	automatically obtain initial credentials from a keytab as needed. The
	75	recommended configuration is as follows:
	76
	77	#. Create a keytab containing a single entry for the desired client
	78	identity.
	79
	80	#. Place the keytab in a location readable by the service, and set the
	81	KRB5_CLIENT_KTNAME environment variable to its filename.
	82	Alternatively, use the default_client_keytab_name profile
	83	variable in :ref:`libdefaults`, or use the default location of
	84	\|ckeytab\|.
	85
	86	#. Set KRB5CCNAME to a filename writable by the service, which
	87	will not be used for any other purpose. Do not manually obtain
	88	credentials at this location. (Another credential cache type
	89	besides FILE can be used if desired, as long the cache will not
	90	conflict with another use. A MEMORY cache can be used if the
	91	service runs as a long-lived process. See :ref:`ccache_definition`
	92	for details.)
	93
	94	#. Start the service. When it authenticates using GSSAPI, it will
	95	automatically obtain credentials from the client keytab into the
	96	specified credential cache, and refresh them before they expire.
60	97
61	98
62	99	Clock Skew

+9

-22

doc/admin/conf_files/kdc_conf.rst less more

380	380	listed in host_based_services. ``no_host_referral = *`` will
381	381	disable referral processing altogether.
382	382
383		des_crc_session_supported
384		(Boolean value). If set to true, the KDC will assume that service
385		principals support des-cbc-crc for session key enctype negotiation
386		purposes. If allow_weak_crypto in :ref:`libdefaults` is
387		false, or if des-cbc-crc is not a permitted enctype, then this
388		variable has no effect. Defaults to true. New in release 1.11.
389
390	383	reject_bad_transit
391	384	(Boolean value.) If set to true, the KDC will check the list of
392	385	transited realms for cross-realm tickets against the transit path

452	445	* ldap_kadmind_sasl_mech
453	446	* ldap_kadmind_sasl_realm
454	447	* ldap_service_password_file
455		* ldap_servers
456	448	* ldap_conns_per_server
457	449
458	450

648	640	facility is specified, the default is AUTH.
649	641
650	642	In the following example, the logging messages from the KDC will go to
651		the console and to the system log under the facility LOG_DAEMON with
652		default severity of LOG_INFO; and the logging messages from the
653		administrative server will be appended to the file
654		``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. ::
	643	the console and to the system log under the facility LOG_DAEMON, and
	644	the logging messages from the administrative server will be appended
	645	to the file ``/var/adm/kadmin.log`` and sent to the device
	646	``/dev/tty04``. ::
655	647
656	648	[logging]
657	649	kdc = CONSOLE
658	650	kdc = SYSLOG:INFO:DAEMON
659	651	admin_server = FILE:/var/adm/kadmin.log
660	652	admin_server = DEVICE=/dev/tty04
	653
	654	If no logging specification is given, the default is to use syslog.
	655	To disable logging entirely, specify ``default = DEVICE=/dev/null``.
661	656
662	657
663	658	.. _otp:

847	842	not recommended for use.
848	843
849	844	==================================================== =========================================================
850		des-cbc-crc DES cbc mode with CRC-32 (weak)
851		des-cbc-md4 DES cbc mode with RSA-MD4 (weak)
852		des-cbc-md5 DES cbc mode with RSA-MD5 (weak)
853		des-cbc-raw DES cbc mode raw (weak)
854	845	des3-cbc-raw Triple DES cbc mode raw (weak)
855	846	des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1
856		des-hmac-sha1 DES with HMAC/sha1 (weak)
857	847	aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC
858	848	aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC
859	849	aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC

862	852	arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak)
863	853	camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC
864	854	camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC
865		des The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
866	855	des3 The triple DES family: des3-cbc-sha1
867	856	aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128
868	857	rc4 The RC4 family: arcfour-hmac

874	863	from the current list by prefixing them with a minus sign ("-").
875	864	Types or families can be prefixed with a plus sign ("+") for symmetry;
876	865	it has the same meaning as just listing the type or family. For
877		example, "``DEFAULT -des``" would be the default set of encryption
878		types with DES types removed, and "``des3 DEFAULT``" would be the
	866	example, "``DEFAULT -rc4``" would be the default set of encryption
	867	types with RC4 types removed, and "``des3 DEFAULT``" would be the
879	868	default set of encryption types with triple DES types moved to the
880	869	front.
881	870

916	905
917	906	================= ============================================
918	907	normal default for Kerberos Version 5
919		v4 the only type used by Kerberos Version 4 (no salt)
920	908	norealm same as the default, without using realm information
921	909	onlyrealm uses only realm information as the salt
922		afs3 AFS version 3, only used for compatibility with Kerberos 4 in AFS
923	910	special generate a random salt
924	911	================= ============================================
925	912

+46

-65

doc/admin/conf_files/krb5_conf.rst less more

34	34	baz = quux
35	35	}
36	36
37		Placing a '\' at the end of a line indicates that this is the final*
38		value for the tag. This means that neither the remainder of this
39		configuration file nor any other configuration file will be checked
40		for any other values for this tag.
41
42		For example, if you have the following lines::
43
44		foo = bar*
45		foo = baz
46
47		then the second value of ``foo`` (``baz``) would never be read.
	37	Placing a '\*' after the closing bracket of a section name indicates
	38	that the section is final, meaning that if the same section appears
	39	within a later file specified in KRB5_CONFIG, it will be ignored.
	40	A subsection can be marked as final by placing a '\*' after either the
	41	tag name or the closing brace.
48	42
49	43	The krb5.conf file can include other files using either of the
50	44	following directives at the beginning of a line::

105	99	in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered
106	100	out of the lists default_tgs_enctypes,
107	101	default_tkt_enctypes, and permitted_enctypes. The default
108		value for this tag is false, which may cause authentication
109		failures in existing Kerberos infrastructures that do not support
110		strong crypto. Users in affected environments should set this tag
111		to true until their infrastructure adopts stronger ciphers.
112
113		ap_req_checksum_type
114		An integer which specifies the type of AP-REQ checksum to use in
115		authenticators. This variable should be unset so the appropriate
116		checksum for the encryption key in use will be used. This can be
117		set if backward compatibility requires a specific checksum type.
118		See the kdc_req_checksum_type configuration option for the
119		possible values and their meanings.
	102	value for this tag is false.
120	103
121	104	canonicalize
122	105	If this flag is set to true, initial ticket requests to the KDC

158	141	application servers such as sshd. The default is \|keytab\|. This
159	142	relation is subject to parameter expansion (see below).
160	143
	144	default_rcache_name
	145	This relation specifies the name of the default replay cache.
	146	The default is ``dfl:``. This relation is subject to parameter
	147	expansion (see below). New in release 1.18.
	148
161	149	default_realm
162	150	Identifies the default Kerberos realm for the client. Set its
163	151	value to your Kerberos realm. If this value is not set, then a

170	158	preference from highest to lowest. The list may be delimited with
171	159	commas or whitespace. See :ref:`Encryption_types` in
172	160	:ref:`kdc.conf(5)` for a list of the accepted values for this tag.
173		The default value is \|defetypes\|, but single-DES encryption types
174		will be implicitly removed from this list if the value of
175		allow_weak_crypto is false.
	161	Starting in release 1.18, the default value is the value of
	162	permitted_enctypes. For previous releases or if
	163	permitted_enctypes is not set, the default value is
	164	\|defetypes\|.
176	165
177	166	Do not set this unless required for specific backward
178	167	compatibility purposes; stale values of this setting can prevent

183	172	Identifies the supported list of session key encryption types that
184	173	the client should request when making an AS-REQ, in order of
185	174	preference from highest to lowest. The format is the same as for
186		default_tgs_enctypes. The default value for this tag is
187		\|defetypes\|, but single-DES encryption types will be implicitly
188		removed from this list if the value of allow_weak_crypto is
189		false.
	175	default_tgs_enctypes. Starting in release 1.18, the default
	176	value is the value of permitted_enctypes. For previous
	177	releases or if permitted_enctypes is not set, the default
	178	value is \|defetypes\|.
190	179
191	180	Do not set this unless required for specific backward
192	181	compatibility purposes; stale values of this setting can prevent

199	188	to false can improve security by reducing reliance on DNS, but
200	189	means that short hostnames will not be canonicalized to
201	190	fully-qualified hostnames. The default value is true.
	191
	192	If this option is set to ``fallback`` (new in release 1.18), DNS
	193	canonicalization will only be performed the server hostname is not
	194	found with the original name when requesting credentials.
202	195
203	196	dns_lookup_kdc
204	197	Indicate whether DNS SRV records should be used to locate the KDCs

222	215	krb5.conf information for the realm. SRV records are used as a
223	216	fallback if no URI records were found. The default value is true.
224	217	New in release 1.15.
	218
	219	enforce_ok_as_delegate
	220	If this flag to true, GSSAPI credential delegation will be
	221	disabled when the ``ok-as-delegate`` flag is not set in the
	222	service ticket. If this flag is false, the ``ok-as-delegate``
	223	ticket flag is only enforced when an application specifically
	224	requests enforcement. The default value is false.
225	225
226	226	err_fmt
227	227	This relation allows for custom error message formatting. If a

292	292	corrective factor is only used by the Kerberos library; it is not
293	293	used to change the system clock. The default value is 1.
294	294
295		kdc_req_checksum_type
296		An integer which specifies the type of checksum to use for the KDC
297		requests, for compatibility with very old KDC implementations.
298		This value is only used for DES keys; other keys use the preferred
299		checksum type for those keys.
300
301		The possible values and their meanings are as follows.
302
303		======== ===============================
304		1 CRC32
305		2 RSA MD4
306		3 RSA MD4 DES
307		4 DES CBC
308		7 RSA MD5
309		8 RSA MD5 DES
310		9 NIST SHA
311		12 HMAC SHA1 DES3
312		-138 Microsoft MD5 HMAC checksum type
313		======== ===============================
314
315	295	noaddresses
316	296	If this flag is true, requests for initial tickets will not be
317	297	made with address restrictions set, allowing the tickets to be
318	298	used across NATs. The default value is true.
319	299
320	300	permitted_enctypes
321		Identifies all encryption types that are permitted for use in
322		session key encryption. The default value for this tag is
323		\|defetypes\|, but single-DES encryption types will be implicitly
324		removed from this list if the value of allow_weak_crypto is
325		false.
	301	Identifies the encryption types that servers will permit for
	302	session keys and for ticket and authenticator encryption, ordered
	303	by preference from highest to lowest. Starting in release 1.18,
	304	this tag also acts as the default value for
	305	default_tgs_enctypes and default_tkt_enctypes. The
	306	default value for this tag is \|defetypes\|.
326	307
327	308	plugin_base_dir
328	309	If set, determines the base directory where krb5 plugins are

339	320	proxiable
340	321	If this flag is true, initial tickets will be proxiable by
341	322	default, if allowed by the KDC. The default value is false.
	323
	324	qualify_shortname
	325	If this string is set, it determines the domain suffix for
	326	single-component hostnames when DNS canonicalization is not used
	327	(either because dns_canonicalize_hostname is false or because
	328	forward canonicalization failed). The default value is the first
	329	search domain of the system's DNS configuration. To disable
	330	qualification of shortnames, set this relation to the empty string
	331	with ``qualify_shortname = ""``. (New in release 1.18.)
342	332
343	333	rdns
344	334	If this flag is true, reverse name lookup will be used in addition

359	349	renew_lifetime
360	350	(:ref:`duration` string.) Sets the default renewable lifetime
361	351	for initial ticket requests. The default value is 0.
362
363		safe_checksum_type
364		An integer which specifies the type of checksum to use for the
365		KRB-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
366		compatibility with applications linked against DCE version 1.1 or
367		earlier Kerberos libraries, use a value of 3 to use the RSA MD4
368		DES instead. This field is ignored when its value is incompatible
369		with the session key type. See the kdc_req_checksum_type
370		configuration option for the possible values and their meanings.
371	352
372	353	spake_preauth_groups
373	354	A whitespace or comma-separated list of words which specifies the

1141	1122	specifies X509_user_identity on the command line.
1142	1123
1143	1124	pkinit_kdc_hostname
1144		The presense of this option indicates that the client is willing
	1125	The presence of this option indicates that the client is willing
1145	1126	to accept a KDC certificate with a dNSName SAN (Subject
1146	1127	Alternative Name) rather than requiring the id-pkinit-san as
1147	1128	defined in :rfc:`4556`. This option may be specified multiple

+55

-85

doc/admin/conf_ldap.rst less more

3	3	===========================================
4	4
5	5
6		1. Set up SSL on the OpenLDAP server and client to ensure secure
7		communication when the KDC service and LDAP server are on different
8		machines. ``ldapi://`` can be used if the LDAP server and KDC
9		service are running on the same machine.
	6	1. Make sure the LDAP server is using local authentication
	7	(``ldapi://``) or TLS (``ldaps``). See
	8	https://www.openldap.org/doc/admin24/tls.html for instructions on
	9	configuring TLS support in OpenLDAP.
10	10
11		A. Setting up SSL on the OpenLDAP server:
	11	2. Add the Kerberos schema file to the LDAP Server using the OpenLDAP
	12	LDIF file from the krb5 source directory
	13	(``src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif``).
	14	The following example uses local authentication::
12	15
13		i) Get a CA certificate using OpenSSL tools
14		ii) Configure OpenLDAP server for using SSL/TLS
15
16		For the latter, you need to specify the location of CA
17		certificate location in slapd.conf file.
18
19		Refer to the following link for more information:
20		https://www.openldap.org/doc/admin23/tls.html
21
22		B. Setting up SSL on OpenLDAP client:
23
24		i) For the KDC and Admin Server, you need to do the client-side
25		configuration in ldap.conf. For example::
26
27		TLS_CACERT /etc/openldap/certs/cacert.pem
28
29		2. Include the Kerberos schema file (kerberos.schema) in the
30		configuration file (slapd.conf) on the LDAP Server, by providing
31		the location where it is stored::
32
33		include /etc/openldap/schema/kerberos.schema
	16	ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/kerberos.openldap.ldif
34	17
35	18	3. Choose DNs for the :ref:`krb5kdc(8)` and :ref:`kadmind(8)` servers
36		to bind to the LDAP server, and create them if necessary. These DNs
37		will be specified with the ldap_kdc_dn and ldap_kadmind_dn
38		directives in :ref:`kdc.conf(5)`; their passwords can be stashed
39		with "``kdb5_ldap_util stashsrvpw``" and the resulting file
40		specified with the ldap_service_password_file directive.
	19	to bind to the LDAP server, and create them if necessary. Specify
	20	these DNs with the ldap_kdc_dn and ldap_kadmind_dn
	21	directives in :ref:`kdc.conf(5)`. The kadmind DN will also be
	22	used for administrative commands such as :ref:`kdb5_util(8)`.
41	23
42		4. Choose a DN for the global Kerberos container entry (but do not
43		create the entry at this time). This DN will be specified with the
	24	Alternatively, you may configure krb5kdc and kadmind to use SASL
	25	authentication to access the LDAP server; see the :ref:`dbmodules`
	26	relations ldap_kdc_sasl_mech and similar.
	27
	28	4. Specify a location for the LDAP service password file by setting
	29	ldap_service_password_file. Use ``kdb5_ldap_util stashsrvpw``
	30	to stash passwords for the KDC and kadmind DNs chosen above. For
	31	example::
	32
	33	kdb5_ldap_util stashsrvpw -f /path/to/service.keyfile cn=krbadmin,dc=example,dc=com
	34
	35	Skip this step if you are using SASL authentication and the
	36	mechanism does not require a password.
	37
	38	5. Choose a DN for the global Kerberos container entry (but do not
	39	create the entry at this time). Specify this DN with the
44	40	ldap_kerberos_container_dn directive in :ref:`kdc.conf(5)`.
45	41	Realm container entries will be created underneath this DN.
46	42	Principal entries may exist either underneath the realm container
47	43	(the default) or in separate trees referenced from the realm
48	44	container.
49	45
50		5. Configure the LDAP server ACLs to enable the KDC and kadmin server
	46	6. Configure the LDAP server ACLs to enable the KDC and kadmin server
51	47	DNs to read and write the Kerberos data. If
52	48	disable_last_success and disable_lockout are both set to
53	49	true in the :ref:`dbmodules` subsection for the realm, then the

61	57	access to dn.base="cn=Subschema"
62	58	by * read
63	59
64		access to attrs=userPassword,userPKCS12
65		by self write
66		by * auth
67
68		access to attrs=shadowLastChange
69		by self write
70		by * read
71
72		# Providing access to realm container
	60	# Provide access to the realm container.
73	61	access to dn.subtree= "cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com"
74	62	by dn.exact="cn=kdc-service,dc=example,dc=com" write
75	63	by dn.exact="cn=adm-service,dc=example,dc=com" write
76	64	by * none
77	65
78		# Providing access to principals, if not underneath realm container
	66	# Provide access to principals, if not underneath the realm container.
79	67	access to dn.subtree= "ou=users,dc=example,dc=com"
80	68	by dn.exact="cn=kdc-service,dc=example,dc=com" write
81	69	by dn.exact="cn=adm-service,dc=example,dc=com" write

84	72	access to *
85	73	by * read
86	74
87		If the locations of the container and principals or the DNs of
88		the service objects for a realm are changed then this
89		information should be updated.
	75	If the locations of the container and principals or the DNs of the
	76	service objects for a realm are changed then this information
	77	should be updated.
90	78
91		6. Start the LDAP server as follows::
	79	7. In :ref:`kdc.conf(5)`, make sure the following relations are set
	80	in the :ref:`dbmodules` subsection for the realm::
92	81
93		slapd -h "ldapi:/// ldaps:///"
94
95		7. Modify the :ref:`kdc.conf(5)` file to include LDAP specific items
96		listed below::
97
98		realms
99		database_module
100
101		dbmodules
102		db_library
103		db_module_dir
104		ldap_kdc_dn
105		ldap_kadmind_dn
106		ldap_service_password_file
107		ldap_servers
108		ldap_conns_per_server
	82	db_library (set to ``kldap``)
	83	ldap_kerberos_container_dn
	84	ldap_kdc_dn
	85	ldap_kadmind_dn
	86	ldap_service_password_file
	87	ldap_servers
109	88
110	89	8. Create the realm using :ref:`kdb5_ldap_util(8)` (see
111	90	:ref:`ldap_create_realm`)::
112	91
113		kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees ou=users,dc=example,dc=com -r EXAMPLE.COM -s
	92	kdb5_ldap_util create -subtrees ou=users,dc=example,dc=com -s
114	93
115	94	Use the -subtrees option if the principals are to exist in a
116	95	separate subtree from the realm container. Before executing the

122	101	For more information, refer to the section :ref:`ops_on_ldap`.
123	102
124	103	The realm object is created under the
125		ldap_kerberos_container_dn specified in the configuration file.
126		This operation will also create the Kerberos container, if not
127		present already. This will be used to store information related to
128		all realms.
	104	ldap_kerberos_container_dn specified in the configuration
	105	file. This operation will also create the Kerberos container, if
	106	not present already. This container can be used to store
	107	information related to multiple realms.
129	108
130		9. Stash the password of the service object used by the KDC and
131		Administration service to bind to the LDAP server using the
132		:ref:`kdb5_ldap_util(8)` stashsrvpw command (see
133		:ref:`stash_ldap`). The object DN should be the same as
134		ldap_kdc_dn and ldap_kadmind_dn values specified in the
135		:ref:`kdc.conf(5)` file::
136
137		kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f /etc/kerberos/service.keyfile cn=krbadmin,dc=example,dc=com
138
139		10. Add ``krbPrincipalName`` to the indexes in slapd.conf to speed up
140		the access.
	109	9. Add an ``eq`` index for ``krbPrincipalName`` to speed up principal
	110	lookup operations. See
	111	https://www.openldap.org/doc/admin24/tuning.html#Indexes for
	112	details.
141	113
142	114	With the LDAP back end it is possible to provide aliases for principal
143		entries. Currently we provide no mechanism provided for creating
144		aliases, so it must be done by direct manipulation of the LDAP
145		entries.
	115	entries. Currently we provide no administrative utilities for
	116	creating aliases, so it must be done by direct manipulation of the
	117	LDAP entries.
146	118
147	119	An entry with aliases contains multiple values of the
148	120	krbPrincipalName attribute. Since LDAP attribute values are not

158	130	service principals; for client principals, an explicit flag is often
159	131	required (e.g., ``kinit -C``) and canonicalization is only performed
160	132	for initial ticket requests.
161
162		.. seealso:: :ref:`ldap_be_ubuntu`

+5

-25

doc/admin/database.rst less more

102	102	all you need to do is::
103	103
104	104	kadmin: addprinc -x dn=cn=jennifer,dc=example,dc=com jennifer
105		WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU";
	105	No policy specified for "jennifer@ATHENA.MIT.EDU";
106	106	defaulting to no policy.
107	107	Enter password for principal jennifer@ATHENA.MIT.EDU: <= Type the password.
108	108	Re-enter password for principal jennifer@ATHENA.MIT.EDU: <=Type it again.

113	113	link to an existing LDAP object, all you need to do is::
114	114
115	115	kadmin: addprinc -x containerdn=dc=example,dc=com -x linkdn=cn=david,dc=example,dc=com david
116		WARNING: no policy specified for "david@ATHENA.MIT.EDU";
	116	No policy specified for "david@ATHENA.MIT.EDU";
117	117	defaulting to no policy.
118	118	Enter password for principal david@ATHENA.MIT.EDU: <= Type the password.
119	119	Re-enter password for principal david@ATHENA.MIT.EDU: <=Type it again.

391	391
392	392	If the database file exists, and the -update flag was not
393	393	given, kdb5_util will overwrite the existing database.
394
395		Using kdb5_util to upgrade a master KDC from krb5 1.1.x:
396
397		::
398
399		shell% kdb5_util dump old-kdb-dump
400		shell% kdb5_util dump -ov old-kdb-dump.ov
401		[Create a new KDC installation, using the old stash file/master password]
402		shell% kdb5_util load old-kdb-dump
403		shell% kdb5_util load -update old-kdb-dump.ov
404
405		The use of old-kdb-dump.ov for an extra dump and load is necessary
406		to preserve per-principal policy information, which is not included in
407		the default dump format of krb5 1.1.x.
408	394
409	395	.. note::
410	396

496	482
497	483	$ kdb5_util list_mkeys
498	484	Master keys for Principal: K/M@KRBTEST.COM
499		KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
	485	KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
500	486
501	487	#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
502	488	master key activation list is present in the database. This step

774	760	types supported by the krbtgt service (see
775	761	:ref:`session_key_selection`). Because non-MIT Kerberos clients
776	762	sometimes send a limited set of encryption types when making AS
777		requests, it can be important to for the krbtgt service to support
	763	requests, it can be important for the krbtgt service to support
778	764	multiple encryption types. This can be accomplished by giving the
779	765	krbtgt principal multiple keys, which is usually as simple as not
780	766	specifying any -e option when changing the krbtgt key, or by

806	792	size. A process on each replica KDC connects to a service on the
807	793	master KDC (currently implemented in the :ref:`kadmind(8)` server) and
808	794	periodically requests the changes that have been made since the last
809		check. By default, this check is done every two minutes. If the
810		database has just been modified in the previous several seconds
811		(currently the threshold is hard-coded at 10 seconds), the replica
812		will not retrieve updates, but instead will pause and try again soon
813		after. This reduces the likelihood that incremental update queries
814		will cause delays for an administrator trying to make a bunch of
815		changes to the database at the same time.
	795	check. By default, this check is done every two minutes.
816	796
817	797	Incremental propagation uses the following entries in the per-realm
818	798	data in the KDC config file (See :ref:`kdc.conf(5)`):

+23

-23

doc/admin/enctypes.rst less more

47	47	The KDC chooses the session key enctype by taking the intersection of
48	48	its permitted_enctypes list, the list of long-term keys for the
49	49	most recent kvno of the service, and the client's requested list of
50		enctypes. If allow_weak_crypto is true, all services are assumed
51		to support des-cbc-crc.
	50	enctypes.
52	51
53		Starting in krb5-1.11, des_crc_session_supported in
54		:ref:`kdc.conf(5)` allows additional control over whether the KDC
55		issues des-cbc-crc session keys.
56
57		Also starting in krb5-1.11, it is possible to set a string attribute
58		on a service principal to control what session key enctypes the KDC
59		may issue for service tickets for that principal. See
60		:ref:`set_string` in :ref:`kadmin(1)` for details.
	52	Starting in krb5-1.11, it is possible to set a string attribute on a
	53	service principal to control what session key enctypes the KDC may
	54	issue for service tickets for that principal. See :ref:`set_string`
	55	in :ref:`kadmin(1)` for details.
61	56
62	57
63	58	Choosing enctypes for a service

85	80
86	81	allow_weak_crypto
87	82	defaults to false starting with krb5-1.8. When false, removes
88		single-DES enctypes (and other weak enctypes) from
89		permitted_enctypes, default_tkt_enctypes, and
90		default_tgs_enctypes. Do not set this to true unless the
91		use of weak enctypes is an acceptable risk for your environment
92		and the weak enctypes are required for backward compatibility.
	83	weak enctypes from permitted_enctypes,
	84	default_tkt_enctypes, and default_tgs_enctypes. Do not
	85	set this to true unless the use of weak enctypes is an
	86	acceptable risk for your environment and the weak enctypes are
	87	required for backward compatibility.
93	88
94	89	permitted_enctypes
95		controls the set of enctypes that a service will accept as session
96		keys.
	90	controls the set of enctypes that a service will permit for
	91	session keys and for ticket and authenticator encryption. The KDC
	92	and other programs that access the Kerberos database will ignore
	93	keys of non-permitted enctypes. Starting in release 1.18, this
	94	setting also acts as the default for default_tkt_enctypes and
	95	defaut_tgs_enctypes.
97	96
98	97	default_tkt_enctypes
99	98	controls the default set of enctypes that the Kerberos client

126	125	========================== ===== ======== =======
127	126	enctype weak? krb5 Windows
128	127	========================== ===== ======== =======
129		des-cbc-crc weak all >=2000
130		des-cbc-md4 weak all ?
131		des-cbc-md5 weak all >=2000
	128	des-cbc-crc weak <1.18 >=2000
	129	des-cbc-md4 weak <1.18 ?
	130	des-cbc-md5 weak <1.18 >=2000
132	131	des3-cbc-sha1 >=1.1 none
133	132	arcfour-hmac >=1.3 >=2000
134	133	arcfour-hmac-exp weak >=1.3 >=2000

140	139	camellia256-cts-cmac >=1.9 none
141	140	========================== ===== ======== =======
142	141
143		krb5 releases 1.8 and later disable the single-DES enctypes by
144		default. Microsoft Windows releases Windows 7 and later disable
145		single-DES enctypes by default.
	142	krb5 releases 1.18 and later do not support single-DES. krb5 releases
	143	1.8 and later disable the single-DES enctypes by default. Microsoft
	144	Windows releases Windows 7 and later disable single-DES enctypes by
	145	default.

+19

-15

doc/admin/host_config.rst less more

91	91	# only principals in OTHER.REALM are matched.
92	92	#
93	93	# s/@OTHER\.REALM$// removes the realm name, leaving behind the
94		# principal name as the acount name.
	94	# principal name as the account name.
95	95	auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$//
96	96
97	97	# Also allow principals from the default realm. Omit this line

198	198	~~~~~~~~~~~~~~~~~~~~~~~~
199	199
200	200	GSSAPI mechanism modules are registered using the file
201		``/etc/gss/mech`` or configuration files in the ``/etc/gss/mech.d/``
202		directory. Only files with a ``.conf`` suffix will be read from the
203		``/etc/gss/mech.d/`` directory. Each line in these files has the
204		form::
205
206		oid pathname [options] <type>
207
208		Only the oid and pathname are required. oid is the object
209		identifier of the GSSAPI mechanism to be registered. pathname is a
210		path to the module shared object or DLL. options (if present) are
211		options provided to the plugin module, surrounded in square brackets.
212		type (if present) can be used to indicate a special type of module.
213		Currently the only special module type is "interposer", for a module
214		designed to intercept calls to other mechanisms.
	201	\|sysconfdir\|\ ``/gss/mech`` or configuration files in the
	202	\|sysconfdir\|\ ``/gss/mech.d`` directory with a ``.conf``
	203	suffix. Each line in these files has the form::
	204
	205	name oid pathname [options] <type>
	206
	207	Only the name, oid, and pathname are required. name is the
	208	mechanism name, which may be used for debugging or logging purposes.
	209	oid is the object identifier of the GSSAPI mechanism to be
	210	registered. pathname is a path to the module shared object or DLL.
	211	options (if present) are options provided to the plugin module,
	212	surrounded in square brackets. type (if present) can be used to
	213	indicate a special type of module. Currently the only special module
	214	type is "interposer", for a module designed to intercept calls to
	215	other mechanisms.
	216
	217	If the environment variable GSS_MECH_CONFIG is set, its value is
	218	used as the sole mechanism configuration filename.
215	219
216	220
217	221	.. _profile_plugin_config:

+1

-1

doc/admin/install.rst less more

17	17	#. Debian: `Setting up MIT Kerberos 5
18	18	<http://techpubs.spinlocksolutions.com/dklar/kerberos.html>`_
19	19	#. Solaris: `Configuring the Kerberos Service
20		<http://download.oracle.com/docs/cd/E19253-01/816-4557/6maosrjv2/index.html>`_
	20	<https://docs.oracle.com/cd/E19253-01/816-4557/6maosrjv2/index.html>`_

+7

-12

doc/admin/install_appl_srv.rst less more

43	43	``trillium.mit.edu``)::
44	44
45	45	trillium% kadmin
46		kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
47		pop/trillium.mit.edu
48		kadmin: Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with
49		kvno 3, encryption type DES-CBC-CRC added to keytab
50		FILE:/etc/krb5.keytab.
51		kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with
52		kvno 3, encryption type DES-CBC-CRC added to keytab
53		FILE:/etc/krb5.keytab.
54		kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with
55		kvno 3, encryption type DES-CBC-CRC added to keytab
56		FILE:/etc/krb5.keytab.
57		kadmin5: quit
	46	Authenticating as principal root/admin@ATHENA.MIT.EDU with password.
	47	Password for root/admin@ATHENA.MIT.EDU:
	48	kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
	49	Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	50	kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	51	kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	52	kadmin: quit
58	53	trillium%
59	54
60	55	If you generate the keytab file on another host, you need to get a

+4

-4

doc/admin/install_kdc.rst less more

238	238
239	239	kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU
240	240
241		WARNING: no policy specified for "admin/admin@ATHENA.MIT.EDU";
	241	No policy specified for "admin/admin@ATHENA.MIT.EDU";
242	242	assigning "default".
243	243	Enter password for principal admin/admin@ATHENA.MIT.EDU: <= Enter a password.
244	244	Re-enter password for principal admin/admin@ATHENA.MIT.EDU: <= Type it again.

315	315
316	316	shell% kadmin
317	317	kadmin: addprinc -randkey host/kerberos.mit.edu
318		NOTICE: no policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default"
	318	No policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default"
319	319	Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created.
320	320
321	321	kadmin: addprinc -randkey host/kerberos-1.mit.edu
322		NOTICE: no policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default"
	322	No policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default"
323	323	Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created.
324	324
325	325	It is not strictly necessary to have the master KDC server in the

339	339	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
340	340	type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
341	341	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
342		type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
	342	type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
343	343	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
344	344	type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
345	345

+2

-2

doc/admin/pkinit.rst less more

45	45	The result of these commands will be two files, cakey.pem and
46	46	cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which
47	47	must be carefully protected. cacert.pem will contain the CA
48		certificate, which must be placed in the filesytems of the KDC and
	48	certificate, which must be placed in the filesystems of the KDC and
49	49	each client host. cakey.pem will be required to create KDC and client
50	50	certificates.
51	51

71	71	principal_name=EXP:1,SEQUENCE:kdc_principal_seq
72	72
73	73	[kdc_principal_seq]
74		name_type=EXP:0,INTEGER:1
	74	name_type=EXP:0,INTEGER:2
75	75	name_string=EXP:1,SEQUENCE:kdc_principals
76	76
77	77	[kdc_principals]

+1

-1

doc/admin/spake.rst less more

26	26	Set the +requires_preauth and -allow_svr flags on client
27	27	principal entries, as you would for any preauthentication mechanism::
28	28
29		kadmin: modprinc +requires_preauth -allow_srv PRINCNAME
	29	kadmin: modprinc +requires_preauth -allow_svr PRINCNAME
30	30
31	31	Clients which do not implement SPAKE preauthentication will fall back
32	32	to encrypted timestamp.

+6

-12

doc/admin/various_envs.rst less more

3	3	Whitepapers
4	4	-----------
5	5
6		#. http://kerberos.org/software/whitepapers.html
	6	#. https://kerberos.org/software/whitepapers.html
7	7
8	8
9	9	Tutorials
10	10	---------
11	11
12		#. Fulvio Ricciardi <http://www.kerberos.org/software/tutorial.html>_
	12	#. Fulvio Ricciardi <https://www.kerberos.org/software/tutorial.html>_
13	13
14	14
15	15	Troubleshooting
16	16	---------------
17	17
18		#. http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/troubleshooting.html
	18	#. https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting
19	19
20		#. http://nfsv4.bullopensource.org/doc/kerberosnfs/krbnfs_howto_v3.pdf
	20	#. https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html
21	21
22		#. http://sysdoc.doors.ch/HP/T1417-90005.pdf
	22	#. https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html
23	23
24		#. http://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html
25
26		#. http://download.oracle.com/docs/cd/E19253-01/816-4557/trouble-1/index.html
27
28		#. http://technet.microsoft.com/en-us/library/bb463167.aspx#EBAA
	24	#. https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10)#EBAA
29	25
30	26	#. https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528
31
32		#. http://h71000.www7.hp.com/doc/83final/ba548_90007/ch06s05.html

+16

-25

doc/appdev/gssapi.rst less more

257	257
258	258	To perform a constrained delegation operation, the intermediate
259	259	service must submit to the KDC an "evidence ticket" from the client to
260		the intermediate service with the forwardable bit set. An evidence
261		ticket can be acquired when the client authenticates to the
262		intermediate service with Kerberos, or with an S4U2Self request if the
263		KDC allows it. The MIT krb5 GSSAPI library represents an evidence
264		ticket using a "proxy credential", which is a special kind of
265		gss_cred_id_t object whose underlying credential cache contains the
266		evidence ticket and a krbtgt ticket for the intermediate service.
	260	the intermediate service. An evidence ticket can be acquired when the
	261	client authenticates to the intermediate service with Kerberos, or
	262	with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI
	263	library represents an evidence ticket using a "proxy credential",
	264	which is a special kind of gss_cred_id_t object whose underlying
	265	credential cache contains the evidence ticket and a krbtgt ticket for
	266	the intermediate service.
267	267
268	268	To acquire a proxy credential during client authentication, the
269	269	service should first create an acceptor credential using the

272	272	and also pass a delegated_cred_handle output parameter to receive a
273	273	proxy credential containing the evidence ticket. The output value of
274	274	delegated_cred_handle may be a delegated ticket-granting ticket if
275		the client sent one, or a proxy credential if the client authenticated
276		with a forwardable service ticket, or GSS_C_NO_CREDENTIAL if
277		neither is the case.
	275	the client sent one, or a proxy credential if not. If the library can
	276	determine that the client's ticket is not a valid evidence ticket, it
	277	will place GSS_C_NO_CREDENTIAL in delegated_cred_handle.
278	278
279	279	To acquire a proxy credential using an S4U2Self request, the service
280	280	can use the following GSSAPI extension::

295	295	intermediate service. Both icred and desired_name are required
296	296	for this function; passing GSS_C_NO_CREDENTIAL or
297	297	GSS_C_NO_NAME will cause the call to fail. icred must contain a
298		krbtgt ticket for the intermediate service. If the KDC returns a
299		forwardable ticket, the result of this operation is a proxy
300		credential; if it is not forwardable, the result is a regular
301		credential for desired_name.
302
303		A recent KDC will usually allow any service to acquire a ticket from a
304		client to itself with an S4U2Self request, but the ticket will only be
305		forwardable if the service has a specific privilege. In the MIT krb5
306		KDC, this privilege is determined by the ok_to_auth_as_delegate
307		bit on the intermediate service's principal entry, which can be
308		configured with :ref:`kadmin(1)`.
	298	krbtgt ticket for the intermediate service. The result of this
	299	operation is a proxy credential. (Prior to release 1.18, the result
	300	of this operation may be a regular credential for desired_name, if
	301	the KDC issues a non-forwardable ticket.)
309	302
310	303	Once the intermediate service has a proxy credential, it can simply
311	304	pass it to gss_init_sec_context_ as the initiator_cred_handle

618	611	iov[1].buffer.value = "message";
619	612	iov[1].buffer.length = 7;
620	613
621		major = gss_wrap_iov_length(&minor, ctx, 1, GSS_C_QOP_DEFAULT,
622		NULL, iov, 2);
	614	major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
623	615	if (GSS_ERROR(major))
624	616	handle_error(major, minor);
625	617	if (iov[0].buffer.length > sizeof(data))
626	618	handle_out_of_space_error();
627	619	iov[0].buffer.value = data;
628	620
629		major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL,
630		iov, 2);
	621	major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
631	622	if (GSS_ERROR(major))
632	623	handle_error(major, minor);
633	624

+1

-4

doc/appdev/h5l_mit_apidiff.rst less more

18	18	:c:func:`krb5_auth_con_setsendsubkey()` H5l: Not implemented as of version 1.3.3
19	19	:c:func:`krb5_cc_set_config()` MIT: Before version 1.10 it was assumed that
20	20	the last argument data is ALWAYS non-zero.
21		:c:func:`krb5_cccol_last_change_time()` H5l takes 3 arguments: krb5_context context,
22		const char \type, krb5_timestamp \change_time
23		MIT takes two arguments: krb5_context context,
24		krb5_timestamp \*change_time
	21	:c:func:`krb5_cccol_last_change_time()` MIT: not implemented
25	22	:c:func:`krb5_set_default_realm()` H5l: Caches the computed default realm context
26	23	field. If the second argument is NULL,
27	24	it tries to retrieve it from libdefaults or DNS.

+1

-6

doc/appdev/refs/api/index.rst less more

156	156	krb5_cc_get_config.rst
157	157	krb5_cc_get_flags.rst
158	158	krb5_cc_get_full_name.rst
159		krb5_cc_last_change_time.rst
160		krb5_cc_lock.rst
161	159	krb5_cc_move.rst
162	160	krb5_cc_next_cred.rst
163	161	krb5_cc_remove_cred.rst

170	168	krb5_cc_store_cred.rst
171	169	krb5_cc_support_switch.rst
172	170	krb5_cc_switch.rst
173		krb5_cc_unlock.rst
174	171	krb5_cccol_cursor_free.rst
175	172	krb5_cccol_cursor_new.rst
176	173	krb5_cccol_cursor_next.rst
177	174	krb5_cccol_have_content.rst
178		krb5_cccol_last_change_time.rst
179		krb5_cccol_lock.rst
180		krb5_cccol_unlock.rst
181	175	krb5_clear_error_message.rst
182	176	krb5_check_clockskew.rst
183	177	krb5_copy_addresses.rst

258	252	krb5_pac_sign_ext.rst
259	253	krb5_pac_verify.rst
260	254	krb5_pac_verify_ext.rst
	255	krb5_pac_get_client_info.rst
261	256	krb5_prepend_error_message.rst
262	257	krb5_principal2salt.rst
263	258	krb5_rd_cred.rst

+2

-0

doc/appdev/refs/macros/index.rst less more

53	53	ENCTYPE_DES3_CBC_ENV.rst
54	54	ENCTYPE_DES3_CBC_RAW.rst
55	55	ENCTYPE_DES3_CBC_SHA.rst
	56	ENCTYPE_DES3_CBC_SHA1.rst
56	57	ENCTYPE_DES3_CBC_SHA1.rst
57	58	ENCTYPE_DES_CBC_CRC.rst
58	59	ENCTYPE_DES_CBC_MD4.rst

259	260	KRB5_PADATA_OTP_CHALLENGE.rst
260	261	KRB5_PADATA_OTP_PIN_CHANGE.rst
261	262	KRB5_PADATA_OTP_REQUEST.rst
	263	KRB5_PADATA_PAC_OPTIONS.rst
262	264	KRB5_PADATA_PAC_REQUEST.rst
263	265	KRB5_PADATA_PKINIT_KX.rst
264	266	KRB5_PADATA_PK_AS_REP.rst

+7

-0

doc/basic/ccache_def.rst less more

50	50	requirement is for parent directory to exist and the current
51	51	process must have permissions to create the directory if it does
52	52	not exist. See :ref:`col_ccache` for details. New in release 1.10.
	53	The following residual forms are supported:
	54
	55	* DIR:dirname
	56	* DIR::dirpath/filename - a single cache within the directory
	57
	58	Switching to a ccache of the latter type causes it to become the
	59	primary for the directory.
53	60
54	61	#. FILE caches are the simplest and most portable. A simple flat
55	62	file format is used to store one credential after another. This is

+2

-4

doc/basic/keytab_def.rst less more

11	11
12	12	Keytabs are named using the format type\ ``:``\ value. Usually
13	13	type is ``FILE`` and value is the absolute pathname of the file.
14		Other possible values for type are ``SRVTAB``, which indicates a
15		file in the deprecated Kerberos 4 srvtab format, and ``MEMORY``, which
16		indicates a temporary keytab stored in the memory of the current
17		process.
	14	The other possible value for type is ``MEMORY``, which indicates a
	15	temporary keytab stored in the memory of the current process.
18	16
19	17	A keytab contains one or more entries, where each entry consists of a
20	18	timestamp (indicating when the entry was written to the keytab), a

+48

-34

doc/basic/rcache_def.rst less more

8	8	the application program.
9	9
10	10	The replay cache interface, like the credential cache and
11		:ref:`keytab_definition` interfaces, uses `type:value` strings to
	11	:ref:`keytab_definition` interfaces, uses `type:residual` strings to
12	12	indicate the type of replay cache and any associated cache naming
13	13	data to use.
14	14

56	56	authenticator triggers some interesting action in the service being
57	57	attacked.
58	58
59		Default rcache type
60		-------------------
61
62		There is currently only one implemented kind of replay cache, called
63		dfl. It stores replay data in one file, occasionally rewriting it
64		to purge old, expired entries.
65
66		The default type can be overridden by the KRB5RCACHETYPE
67		environment variable.
68
69		The placement of the replay cache file is determined by the following:
70
71		#. The KRB5RCACHEDIR environment variable;
72
73		#. If KRB5RCACHEDIR is unspecified, on UNIX, the library
74		will fall back to the environment variable TMPDIR, and then to
75		a temporary directory determined at configuration time such as
76		/tmp or /var/tmp; on Windows, it will check the environment
77		variables TEMP and TMP, and fall back to the directory C:\\.
78
79		Performance issues
	59	Replay cache types
80	60	------------------
81	61
82		Several known minor performance issues that may occur when replay
83		cache is enabled on the Kerberos system include: delays due to writing
84		the authenticator data to disk slowing down response time for very
85		heavily loaded servers, and delays during the rewrite that may be
86		unacceptable to high-performance services.
	62	Unlike the credential cache and keytab interfaces, replay cache types
	63	are in lowercase. The following types are defined:
87	64
88		For use cases where replays are adequately defended against for all
89		protocols using a given service principal name, or where performance
90		or other considerations outweigh the risk of replays, the special
91		replay cache type "none" can be specified::
	65	#. none disables the replay cache. The residual value is ignored.
92	66
93		KRB5RCACHETYPE=none
	67	#. file2 (new in release 1.18) uses a hash-based format to store
	68	replay records. The file may grow to accommodate hash collisions.
	69	The residual value is the filename.
94	70
95		It doesn't record any information about authenticators, and reports
96		that any authenticator seen is not a replay.
	71	#. dfl is the default type if no environment variable or
	72	configuration specifies a different type. It stores replay data in
	73	a file2 replay cache with a filename based on the effective uid.
	74	The residual value is ignored.
	75
	76	For the dfl type, the location of the replay cache file is determined
	77	as follows:
	78
	79	#. The directory is taken from the KRB5RCACHEDIR environment
	80	variable, or the TMPDIR environment variable, or a temporary
	81	directory determined at configuration time such as ``/var/tmp``, in
	82	descending order of preference.
	83
	84	#. The filename is ``krb5_EUID.rcache2`` where EUID is the effective
	85	uid of the process.
	86
	87	#. The file is opened without following symbolic links, and ownership
	88	of the file is verified to match the effective uid.
	89
	90	On Windows, the directory for the dfl type is the local appdata
	91	directory, unless overridden by the KRB5RCACHEDIR environment
	92	variable. The filename on Windows is ``krb5.rcache2``, and the file
	93	is opened normally.
	94
	95	Default replay cache name
	96	-------------------------
	97
	98	The default replay cache name is determined by the following, in
	99	descending order of priority:
	100
	101	#. The KRB5RCACHENAME environment variable (new in release 1.18).
	102
	103	#. The KRB5RCACHETYPE environment variable. If this variable is
	104	set, the residual value is empty.
	105
	106	#. The default_rcache_name profile variable in :ref:`libdefaults`
	107	(new in release 1.18).
	108
	109	#. If none of the above are set, the default replay cache name is
	110	``dfl:``.

+4

-0

doc/build/options2configure.rst less more

386	386	``--without-krb5-config`` to disable the use of krb5-config and
387	387	use the usual built-in defaults.
388	388
	389	-\ -without-keyutils
	390	Build without libkeyutils support. This disables the KEYRING
	391	credential cache type.
	392
389	393
390	394	Examples
391	395	--------

+1

-1

doc/build_this.rst less more

2	2
3	3	Pre-requisites for a simple build, or to update man pages:
4	4
5		* Sphinx 1.0.4 or higher (See http://www.sphinx-doc.org) with the
	5	* Sphinx 1.0.4 or higher (See https://www.sphinx-doc.org) with the
6	6	autodoc extension installed.
7	7
8	8	Additional prerequisites to include the API reference based on Doxygen

+0

-281

~~doc/ccapi/Doxyfile~~ less more

0		# Doxyfile 1.5.3
1
2		#---------------------------------------------------------------------------
3		# Project related configuration options
4		#---------------------------------------------------------------------------
5		DOXYFILE_ENCODING = UTF-8
6		PROJECT_NAME = "Credentials Cache API "
7		PROJECT_NUMBER =
8		OUTPUT_DIRECTORY = .
9		CREATE_SUBDIRS = NO
10		OUTPUT_LANGUAGE = English
11		BRIEF_MEMBER_DESC = YES
12		REPEAT_BRIEF = YES
13		ABBREVIATE_BRIEF = "The $name class " \
14		"The $name widget " \
15		"The $name file " \
16		is \
17		provides \
18		specifies \
19		contains \
20		represents \
21		a \
22		an \
23		the
24		ALWAYS_DETAILED_SEC = YES
25		INLINE_INHERITED_MEMB = NO
26		FULL_PATH_NAMES = NO
27		STRIP_FROM_PATH =
28		STRIP_FROM_INC_PATH =
29		SHORT_NAMES = NO
30		JAVADOC_AUTOBRIEF = NO
31		QT_AUTOBRIEF = NO
32		MULTILINE_CPP_IS_BRIEF = NO
33		DETAILS_AT_TOP = YES
34		INHERIT_DOCS = YES
35		SEPARATE_MEMBER_PAGES = NO
36		TAB_SIZE = 8
37		ALIASES =
38		OPTIMIZE_OUTPUT_FOR_C = YES
39		OPTIMIZE_OUTPUT_JAVA = NO
40		BUILTIN_STL_SUPPORT = NO
41		CPP_CLI_SUPPORT = NO
42		DISTRIBUTE_GROUP_DOC = NO
43		SUBGROUPING = YES
44		#---------------------------------------------------------------------------
45		# Build related configuration options
46		#---------------------------------------------------------------------------
47		EXTRACT_ALL = YES
48		EXTRACT_PRIVATE = NO
49		EXTRACT_STATIC = NO
50		EXTRACT_LOCAL_CLASSES = NO
51		EXTRACT_LOCAL_METHODS = NO
52		EXTRACT_ANON_NSPACES = NO
53		HIDE_UNDOC_MEMBERS = NO
54		HIDE_UNDOC_CLASSES = NO
55		HIDE_FRIEND_COMPOUNDS = NO
56		HIDE_IN_BODY_DOCS = YES
57		INTERNAL_DOCS = NO
58		CASE_SENSE_NAMES = YES
59		HIDE_SCOPE_NAMES = YES
60		SHOW_INCLUDE_FILES = NO
61		INLINE_INFO = YES
62		SORT_MEMBER_DOCS = NO
63		SORT_BRIEF_DOCS = NO
64		SORT_BY_SCOPE_NAME = NO
65		GENERATE_TODOLIST = YES
66		GENERATE_TESTLIST = YES
67		GENERATE_BUGLIST = YES
68		GENERATE_DEPRECATEDLIST= YES
69		ENABLED_SECTIONS =
70		MAX_INITIALIZER_LINES = 30
71		SHOW_USED_FILES = NO
72		SHOW_DIRECTORIES = NO
73		FILE_VERSION_FILTER =
74		#---------------------------------------------------------------------------
75		# configuration options related to warning and progress messages
76		#---------------------------------------------------------------------------
77		QUIET = NO
78		WARNINGS = YES
79		WARN_IF_UNDOCUMENTED = YES
80		WARN_IF_DOC_ERROR = YES
81		WARN_NO_PARAMDOC = YES
82		WARN_FORMAT = "$file:$line: $text "
83		WARN_LOGFILE =
84		#---------------------------------------------------------------------------
85		# configuration options related to the input files
86		#---------------------------------------------------------------------------
87		INPUT = ../../Sources/include/CredentialsCache.h
88		INPUT_ENCODING = UTF-8
89		FILE_PATTERNS = *.c \
90		*.cc \
91		*.cxx \
92		*.cpp \
93		*.c++ \
94		*.d \
95		*.java \
96		*.ii \
97		*.ixx \
98		*.ipp \
99		*.i++ \
100		*.inl \
101		*.h \
102		*.hh \
103		*.hxx \
104		*.hpp \
105		*.h++ \
106		*.idl \
107		*.odl \
108		*.cs \
109		*.php \
110		*.php3 \
111		*.inc \
112		*.m \
113		*.mm \
114		*.dox \
115		*.py \
116		*.C \
117		*.CC \
118		*.C++ \
119		*.II \
120		*.I++ \
121		*.H \
122		*.HH \
123		*.H++ \
124		*.CS \
125		*.PHP \
126		*.PHP3 \
127		*.M \
128		*.MM \
129		*.PY
130		RECURSIVE = YES
131		EXCLUDE =
132		EXCLUDE_SYMLINKS = NO
133		EXCLUDE_PATTERNS =
134		EXCLUDE_SYMBOLS =
135		EXAMPLE_PATH =
136		EXAMPLE_PATTERNS = *
137		EXAMPLE_RECURSIVE = NO
138		IMAGE_PATH =
139		INPUT_FILTER =
140		FILTER_PATTERNS =
141		FILTER_SOURCE_FILES = NO
142		#---------------------------------------------------------------------------
143		# configuration options related to source browsing
144		#---------------------------------------------------------------------------
145		SOURCE_BROWSER = NO
146		INLINE_SOURCES = NO
147		STRIP_CODE_COMMENTS = YES
148		REFERENCED_BY_RELATION = YES
149		REFERENCES_RELATION = YES
150		REFERENCES_LINK_SOURCE = YES
151		USE_HTAGS = NO
152		VERBATIM_HEADERS = NO
153		#---------------------------------------------------------------------------
154		# configuration options related to the alphabetical class index
155		#---------------------------------------------------------------------------
156		ALPHABETICAL_INDEX = NO
157		COLS_IN_ALPHA_INDEX = 5
158		IGNORE_PREFIX =
159		#---------------------------------------------------------------------------
160		# configuration options related to the HTML output
161		#---------------------------------------------------------------------------
162		GENERATE_HTML = YES
163		HTML_OUTPUT = html
164		HTML_FILE_EXTENSION = .html
165		HTML_HEADER =
166		HTML_FOOTER =
167		HTML_STYLESHEET =
168		HTML_ALIGN_MEMBERS = NO
169		GENERATE_HTMLHELP = NO
170		HTML_DYNAMIC_SECTIONS = NO
171		CHM_FILE =
172		HHC_LOCATION =
173		GENERATE_CHI = NO
174		BINARY_TOC = NO
175		TOC_EXPAND = NO
176		DISABLE_INDEX = YES
177		ENUM_VALUES_PER_LINE = 4
178		GENERATE_TREEVIEW = NO
179		TREEVIEW_WIDTH = 250
180		#---------------------------------------------------------------------------
181		# configuration options related to the LaTeX output
182		#---------------------------------------------------------------------------
183		GENERATE_LATEX = NO
184		LATEX_OUTPUT = latex
185		LATEX_CMD_NAME = latex
186		MAKEINDEX_CMD_NAME = makeindex
187		COMPACT_LATEX = NO
188		PAPER_TYPE = letter
189		EXTRA_PACKAGES =
190		LATEX_HEADER =
191		PDF_HYPERLINKS = YES
192		USE_PDFLATEX = YES
193		LATEX_BATCHMODE = NO
194		LATEX_HIDE_INDICES = NO
195		#---------------------------------------------------------------------------
196		# configuration options related to the RTF output
197		#---------------------------------------------------------------------------
198		GENERATE_RTF = YES
199		RTF_OUTPUT = rtf
200		COMPACT_RTF = YES
201		RTF_HYPERLINKS = YES
202		RTF_STYLESHEET_FILE =
203		RTF_EXTENSIONS_FILE =
204		#---------------------------------------------------------------------------
205		# configuration options related to the man page output
206		#---------------------------------------------------------------------------
207		GENERATE_MAN = NO
208		MAN_OUTPUT = man
209		MAN_EXTENSION = .3
210		MAN_LINKS = NO
211		#---------------------------------------------------------------------------
212		# configuration options related to the XML output
213		#---------------------------------------------------------------------------
214		GENERATE_XML = NO
215		XML_OUTPUT = xml
216		XML_SCHEMA =
217		XML_DTD =
218		XML_PROGRAMLISTING = YES
219		#---------------------------------------------------------------------------
220		# configuration options for the AutoGen Definitions output
221		#---------------------------------------------------------------------------
222		GENERATE_AUTOGEN_DEF = NO
223		#---------------------------------------------------------------------------
224		# configuration options related to the Perl module output
225		#---------------------------------------------------------------------------
226		GENERATE_PERLMOD = NO
227		PERLMOD_LATEX = NO
228		PERLMOD_PRETTY = YES
229		PERLMOD_MAKEVAR_PREFIX =
230		#---------------------------------------------------------------------------
231		# Configuration options related to the preprocessor
232		#---------------------------------------------------------------------------
233		ENABLE_PREPROCESSING = YES
234		MACRO_EXPANSION = NO
235		EXPAND_ONLY_PREDEF = NO
236		SEARCH_INCLUDES = NO
237		INCLUDE_PATH =
238		INCLUDE_FILE_PATTERNS =
239		PREDEFINED =
240		EXPAND_AS_DEFINED =
241		SKIP_FUNCTION_MACROS = YES
242		#---------------------------------------------------------------------------
243		# Configuration::additions related to external references
244		#---------------------------------------------------------------------------
245		TAGFILES =
246		GENERATE_TAGFILE =
247		ALLEXTERNALS = NO
248		EXTERNAL_GROUPS = NO
249		PERL_PATH = /usr/bin/perl
250		#---------------------------------------------------------------------------
251		# Configuration options related to the dot tool
252		#---------------------------------------------------------------------------
253		CLASS_DIAGRAMS = NO
254		MSCGEN_PATH = /Volumes/Ragna-Blade/Developer/Doxygen/Doxygen.app/Contents/Resources/
255		HIDE_UNDOC_RELATIONS = YES
256		HAVE_DOT = NO
257		CLASS_GRAPH = YES
258		COLLABORATION_GRAPH = YES
259		GROUP_GRAPHS = YES
260		UML_LOOK = NO
261		TEMPLATE_RELATIONS = NO
262		INCLUDE_GRAPH = YES
263		INCLUDED_BY_GRAPH = YES
264		CALL_GRAPH = NO
265		CALLER_GRAPH = NO
266		GRAPHICAL_HIERARCHY = YES
267		DIRECTORY_GRAPH = YES
268		DOT_IMAGE_FORMAT = png
269		DOT_PATH =
270		DOTFILE_DIRS =
271		DOT_GRAPH_MAX_NODES = 50
272		MAX_DOT_GRAPH_DEPTH = 1000
273		DOT_TRANSPARENT = NO
274		DOT_MULTI_TARGETS = NO
275		GENERATE_LEGEND = YES
276		DOT_CLEANUP = YES
277		#---------------------------------------------------------------------------
278		# Configuration::additions related to the search engine
279		#---------------------------------------------------------------------------
280		SEARCHENGINE = NO

+0

-1217

~~doc/ccapi/ccache-api-v2.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
1		"http://www.w3.org/TR/REC-html40/loose.dtd">
2		<HTML>
3		<HEAD>
4		<TITLE>Credentials Cache API v2 Specification</TITLE>
5		</HEAD>
6		<BODY>
7		<H1>Credentials Cache API v2 Specification</H1>
8		<H3>This version of the API is deprecated. <BR>
9		Please refer to CCAPI version 3 or later for the current API.</H3>
10
11		<UL>
12		<LI><A HREF="#TypeDefinitions">Type Definitions</A>
13
14		<UL CLASS=small>
15		<LI><A HREF="#cc_int32">cc_int32 & cc_uint32</A>
16
17		<LI><A HREF="#cc_time_t">cc_time_t</A>
18
19		<LI><A HREF="#cc_nc_flags">cc_nc_flags</A>
20
21		<LI><A HREF="#typedefCC_Cred">cc_cred</A>
22
23		<LI><A HREF="#typedefCC_Data">cc_data</A>
24
25		<LI><A HREF="#typedefV4Cred_type">V4Cred_type</A>
26
27		<LI><A HREF="#enumStringToKey_Type">StringToKey_Type</A>
28
29		<LI><A HREF="#enumCc_cred_vers">cc_cred_vers</A>
30
31		<LI><A HREF="#unionCred_ptr_union">cred_ptr_union</A>
32
33		<LI><A HREF="#unionCred_union">cred_union</A>
34
35		<LI><A HREF="#typdefInfoNC">infoNC</A>
36
37		<LI><A HREF="#opaque_types">opaque types</A>
38		</UL>
39
40		<LI><A HREF="#ErrorCodeDefinitions">Error Code Definitions</A>
41
42		<LI><A HREF="#ImplementationNotes">Implementation Notes</A>
43
44		<LI><A HREF="#FunctionDefinitions">Function Definitions</A>
45
46		<UL>
47		<LI><A HREF="#MainCacheFunctions">Main Cache Functions</A>
48
49		<UL CLASS=small>
50		<LI><A HREF="#cc_initialize">cc_initialize</A>
51
52		<LI><A HREF="#cc_create">cc_create</A>
53
54		<LI><A HREF="#cc_open">cc_open</A>
55
56		<LI><A HREF="#cc_close">cc_close</A>
57
58		<LI><A HREF="#cc_destroy">cc_destroy</A>
59
60		<LI><A HREF="#cc_shutdown">cc_shutdown</A>
61
62		<LI><A HREF="#cc_initialize">cc_initialize</A>
63
64		<LI><A HREF="#cc_get_change_time">cc_get_change_time</A>
65
66		<LI><A HREF="#cc_get_NC_info">cc_get_NC_info</A>
67
68		<LI><A HREF="#cc_seq_fetch_NCs_begin">cc_seq_fetch_NCs_begin</A>
69
70		<LI><A HREF="#cc_seq_fetch_NCs_next">cc_seq_fetch_NCs_next</A>
71
72		<LI><A HREF="#cc_seq_fetch_NCs_end">cc_seq_fetch_NCs_end</A>
73
74		</UL>
75
76		<LI><A HREF="#NCFunctions">NC Functions</A>
77
78		<UL CLASS=small>
79		<LI><A HREF="#cc_get_name">cc_get_name</A>
80
81		<LI><A HREF="#cc_get_cred_version">cc_get_cred_version</A>
82
83		<LI><A HREF="#cc_get_principal">cc_get_principal</A>
84
85		<LI><A HREF="#cc_get_instance">cc_get_instance</A>
86
87		<LI><A HREF="#cc_remove_cred">cc_remove_cred</A>
88
89		<LI><A HREF="#cc_store">cc_store</A>
90
91		<LI><A HREF="#cc_get_instance">cc_get_instance</A>
92
93		<LI><A HREF="#cc_seq_fetch_creds_begin">cc_seq_fetch_creds_begin</A>
94
95		<LI><A HREF="#cc_seq_fetch_creds_next">cc_seq_fetch_creds_next</A>
96
97		<LI><A HREF="#cc_seq_fetch_creds_end">cc_seq_fetch_creds_end</A>
98
99		<LI><A HREF="#cc_lock_request">cc_lock_request</A>
100		</UL>
101
102		<LI><A HREF="#LiberationFunctions">Liberation Functions</A>
103
104		<UL CLASS=small>
105		<LI><A HREF="#cc_free_principal">cc_free_principal</A>
106
107		<LI><A HREF="#cc_free_name">cc_free_name</A>
108
109		<LI><A HREF="#cc_free_creds">cc_free_creds</A>
110
111		<LI><A HREF="#cc_free_NC_info">cc_free_NC_info</A>
112		</UL>
113		</UL>
114
115		<LI><A HREF="#RevisionNotes">Revision History/Notes</A>
116
117		<UL>
118		<LI><A HREF="#ChangesRev3">Changes made during revsion 3</A>
119		</UL>
120
121		<LI><A HREF="#FutureIdeas">Ideas for Future Versions</A>
122
123		<LI><A HREF="#Abstract">Abstract</A>
124		</UL>
125
126		<P>
127		<HR>
128		<A NAME="Abstract"></A>
129
130		<H2>Abstract</H2>
131
132		<P>This is the specification for an API which provides Credentials
133		Cache services for both
134		<A HREF="http://web.mit.edu/kerberos/www/">Kerberos V5</A> and V4.
135		The idea behind this API is that multiple Kerberos implementations
136		can share a single Credentials Cache, mediated by this API
137		specification. On the Microsoft Windows platform this will allow
138		single-signon, even when more than one Kerberos DLL is in use on a
139		particular system. Ideally, this problem could be solved by
140		standardizing the Kerberos V5 API library interface. However, the
141		Kerberos API is complicated enough that this would be hard to
142		accomplish. Standardizing the interface for credentials cache access
143		is much simpler. This API has also been adopted in the MIT Kerberos
144		for the Macintosh implementation.
145
146		<P>This specification has been revised to allow storage and
147		manipulation of both V4 and V5 tickets. A cache contains one or more
148		"Named Cache"s. It is assumed that V4 and V5 credentials would each
149		be stored in separate "Named Cache"s and not mixed in a single "Named
150		Cache".
151
152		<P>Below, "NC" refers to "Named Cache".<BR>
153
154
155
156		<P>
157		<HR>
158		<A NAME="RevisionNotes"></A>
159
160		<H2><B>Revision History/Notes</B></H2>
161
162		<H4>Original version (Draft Version 1)</H4>
163
164		<P>1/27/96 by
165		<A HREF="http://web.mit.edu/tytso/www/home.html">Theodore Ts'o</A>
166
167		<H4>Revision 2 (Draft Version 1)</H4>
168
169		<P>970628 by <A HREF="http://www.umich.edu/~sgr">Steve Rothwell</A>
170		for the V4Cache Team (Paul Hill, Jenny Khuon, Jean Luker, Dave
171		Detlefs, Allan Bjorklund, & Steve Rothwell)
172
173		<P><A NAME="ChangesRev3"></A>
174
175		<H4>Revision 3 (Draft Version 1)</H4>
176
177		<P>970725 by Steve Rothwell after initial implementation and alpha
178		release. The term "credentials cache" was previously used to mean
179		both "the main cache" and individual "named cache"s within the main
180		cache. I have started using the term "NC" for "named cache" to make
181		the distinction clearer and to reduce the overloading of the word
182		"cache".
183
184		<H5>Changes made for revision 3 of this API:</H5>
185
186		<UL>
187		<LI>Added cred version type to cc_create() & cc_open()
188
189		<LI>New functions
190
191		<UL>
192		<LI>cc_get_NC_info(), returns NC_info list for all NCs
193
194		<LI>cc_free_NC_info(), frees NC_info list
195
196		<LI>cc_get_cred_version(), returns version type of NC
197
198		<LI>cc_get_name(), returns name of NC
199
200		<LI>cc_free_name(), frees name aquired via cc_get_name()
201
202		<LI>cc_seq_fetch_NCs(), iterate over all NCs
203		</UL>
204
205		<LI>New return codes
206
207		<UL>
208		<LI>CC_BAD_PARM
209
210		<LI>CC_ERR_CACHE_ATTACH
211
212		<LI>CC_ERR_CACHE_RELEASE
213
214		<LI>CC_ERR_CACHE_FULL
215
216		<LI>CC_ERR_CRED_VERSION
217		</UL>
218
219		<LI>Modified functions
220
221		<UL>
222		<LI>cc_create(), cc_open(), pass version type of NC
223
224		<LI>cc_store(), cc_remove(), cc_
225		</UL>
226
227		<LI>New & Modified typedefs & data structures
228
229		<UL>
230		<LI>cc_cred_vers { CC_CRED_VUNKNOWN, CC_CRED_V4, CC_CRED_V5 }
231
232		<LI>cred_ptr_union : contains pointer to credentials (either V4
233		or V5)
234
235		<LI>cred_union : contains version type and cred_ptr_union
236
237		<LI>modified V4Cred_type
238
239		<LI>enum StringToKey_Type { STK_AFS or STK_DES }
240
241		<LI>copies of the maximum V4 string size indicators
242		KRB_PRINCIPAL_SZ, KRB_SERVICE_SZ, KRB_INSTANCE_SZ,
243		KRB_REALM_SZ, ADDR_SZ
244		</UL>
245		</UL>
246
247		<H4>Revision 4 (Draft Version 1)</H4>
248
249		<P>970908 by Steve Rothwell to incorporate changes initiated by Ted
250		Tso. Further changes are expected in the comments for cc_create() and
251		cc_get_change_time().
252
253		<H4>Revision 4a (Final Version 1)</H4>
254
255		<P>980603 by <A HREF="mailto:smcguire@mit.edu">Scott McGuire</A> to
256		correct typographical errors, HTML errors, and minor clarifications.
257		Final API Version 1 spec.
258
259		<H4>Revision 5 (Draft Version 2)</H4>
260
261		<P>990201 by <A HREF="mailto:smcguire@mit.edu">Scott McGuire</A>.
262
263		<UL>
264		<LI>Increased API version number to 2.
265
266		<LI>Added enum's defining version numbers.
267
268		<LI>Changes to cc_initialize() to specify how to deal with
269		different API version numbers.
270
271		<LI>Added description of cc_int32 and cc_uint32 types.
272
273		<LI>Change some cc_int32's to cc_uint32's.
274
275		<LI>Changed way cc_create() will behave when called on an existing
276		cache.
277
278		<LI>Replaced cc_seq_fetch_NCs() with cc_seq_fetch_NCs_begin(),
279		cc_seq_fetch_NCs_next(), and cc_seq_fetch_NCs_end();
280
281		<LI>Replaced cc_seq_fetch_creds() with cc_seq_fetch_creds_begin(),
282		cc_seq_fetch_creds_next(), and cc_seq_fetch_creds_end();
283
284		<LI>Replaced enum type references in structs and function
285		paramenters with cc_int32 references;
286
287		<LI>Replaced int type references in function parameters with
288		cc_int32;
289
290		<LI>Added return type of cc_int32 to all functions;
291
292		<LI>Removed #ifdef from cred_union structure;
293
294		<LI>Constant definitions and changes to V4Cred_type structure;
295
296		<LI>Removed incorrect const ccache_p * parameters from cc_store()
297		and cc_remove_cred();
298
299		<LI>Added CC_NOERROR and CC_BAD_PARM as possible return codes from
300		all functions (except no CC_BAD_PARM from cc_shutdown() );
301
302		<LI>Added CC_ERR_CRED_VERSION as possible return code from
303		cc_open() and cc_create();
304
305		<LI>Moved infoNC structure definition up to be with rest of
306		structure definitions;
307
308		<LI>Changed "struct _infoNC" to "infoNC" in parameter type
309		references.
310
311		<LI>cc_free_principal() and cc_free_name() now take char **
312		instead of char * for final parameter. (This change was made
313		between rev 4a and rev 5, but I'm re-emphasizing it here.)
314
315		<LI>Added Implementation Notes section with requirement that all
316		functions must be atomic and name requirements for Windows DLL's.
317
318		<LI>Renamed "the proposed changes to this API are" section to
319		"Ideas for Future Versions" -- but removed all items but one
320		because they'd all been done.
321
322		<LI>Removed most of the notes about differences with the Win NT/95
323		implementation of the API -- the differences have been reconciled.
324
325		<LI>Removed unnecessary and inconsistent italicizing.
326		</UL>
327
328		<H4>Revsion 5a (Final Version 2)</H4>
329
330		<P>990723 by <A HREF="mailto:smcguire@mit.edu">Scott McGuire</A>.
331
332		<UL>
333		<LI>cc_create(): Removed text about "expected" form of name.
334		Removed note about "the alpha version does not do this."
335
336		<LI>cc_destroy(): Clarified that you do not need to call
337		cc_close() on the cache_pointer after calling this function.
338
339		<LI>Removed note about Windows cc_get_instance() and
340		cc_set_instance() functions, they are no longer part of the
341		Windows code!
342		</UL>
343
344		<H2><A NAME="FutureIdeas"></A>Ideas for Future Versions</H2>
345
346		<UL>
347		<LI>Define Get/Set functions for all components of _cc_creds?
348		(This will allow future changes to the data structure to be
349		transparent to the caller. This also makes backward compatibility
350		much easier to maintain.)
351		</UL>
352
353		<P><!-- -----------------------------------------------------------------------------------><!-- type definitions --><!-- -----------------------------------------------------------------------------------><BR>
354
355
356		<HR>
357		<A NAME="TypeDefinitions"></A>
358
359		<H2>Type definitions</H2>
360
361		<PRE>// enums for API versions used in cc_initialize()
362		enum {
363		CC_API_VER_1 = 1,
364		CC_API_VER_2 = 2
365		};
366
367		<A NAME="cc_int32"></A>
368		// cc_int32 and cc_uint32 are not exactly defined in this API due
369		// to a lack of standard 32-bit integer size between platforms
370		// (although there is the C9X standard).
371		// However, we will place the following constraints:
372		//
373		// cc_int32 is a signed integer that is at least 32 bits wide.
374		// cc_uint32 is an unsigned integer that is at least 32 bits wide
375
376		<A NAME="cc_time_t"></A>
377		typedef cc_int32 cc_time_t; //see <A HREF="#cc_time_t_Note">notes below</A>
378		<A NAME="cc_nc_flags"></A>
379		typedef cc_uint32 cc_nc_flags;
380
381
382		<A NAME="opaque_types"></A>
383		typedef struct opaque_dll_control_block_type* apiCB;
384		typedef struct opaque_ccache_pointer_type* ccache_p;
385		typedef struct opaque_credential_iterator_type* ccache_cit;
386
387		// These really are intended to be opaque. All implementations of the cache API must have
388		// them but what they are is implementation specific. In the case of SGR's implementation,
389		// the cc_ctx returned available after a call to cc_initialize, is a CCache_ctx class object. The
390		// code that normally calls the cc_initialize function is straight C, which means the calling
391		// application doesn't have a chance in hell of manipulating this directly. The API is designed
392		// so that it does not have to. It does have to pass the pointer to the class around, one reason
393		// being so that the destructor can eventually be called.
394
395
396		<A NAME="typedefCC_Data"></A>
397		typedef struct _cc_data {
398		cc_uint32            type;
399		cc_uint32            length;
400		unsigned char*      data;
401		} cc_data;
402
403		<A NAME="typedefCC_Cred"></A>
404		typedef struct _cc_creds {
405		char*       client; /* client's principal identifier */
406		char*       server; /* server's principal identifier */
407		cc_data     keyblock;       /* session encryption key info */
408		cc_time_t   authtime;
409		cc_time_t   starttime;
410		cc_time_t   endtime;
411		cc_time_t   renew_till;
412		cc_uint32    is_skey;        /* true if ticket is encrypted in
413		another ticket's skey */
414		cc_uint32    ticket_flags;   /* flags in ticket */
415		cc_data**   addresses;      /* addrs in ticket */
416		cc_data     ticket;         /* ticket string itself */
417		cc_data     second_ticket;  /* second ticket, if related to
418		ticket (via DUPLICATE-SKEY or
419		ENC-TKT-IN-SKEY) */
420		cc_data**   authdata;       /* authorization data */
421		} cc_creds;
422
423
424		// use an enumerated type so all callers infer the same meaning
425		// these values are what krbv4win uses internally.
426		<A NAME="enumStringToKey_Type"></A>
427		enum StringToKey_Type { STK_AFS = 0, STK_DES = 1 };
428
429		enum { MAX_V4_CRED_LEN = 1250 };
430
431
432		// V4 Credentials
433		<A NAME="typedefV4Cred_type"></A>
434		enum {
435		KRB_NAME_SZ = 40,
436		KRB_INSTANCE_SZ = 40,
437		KRB_REALM_SZ = 40
438		};
439
440		typedef struct _V4credential {
441		unsigned char        kversion;
442		char                  principal[KRB_NAME_SZ+1];
443		char                  principal_instance[KRB_INSTANCE_SZ+1];
444		char                  service[KRB_NAME_SZ+1];
445		char                  service_instance[KRB_INSTANCE_SZ+1];
446		char                   realm[KRB_REALM_SZ+1];
447		unsigned char       session_key[8];
448		cc_int32            kvno;                   // k95 used BYTE skvno
449		cc_int32                   str_to_key;             // k4 infers dynamically, k95 stores; of type enum StringToKey_Type
450		long                   issue_date;             // k95 called this issue_time
451		cc_int32            lifetime;               // k95 used LONG expiration_time
452		cc_uint32               address;        // IP Address of local host as an unsigned 32-bit integer
453		cc_int32            ticket_sz;              // k95 used BYTE, k4 ktext uses int to hold up to 1250
454		unsigned char       ticket[MAX_V4_CRED_LEN];
455		unsigned long       oops;                   // zero to catch runaways
456		} V4Cred_type;
457
458		<A NAME="enumCc_cred_vers"></A>
459		enum cc_cred_vers {
460		CC_CRED_VUNKNOWN = 0,       // For validation
461		CC_CRED_V4 = 1,
462		CC_CRED_V5 = 2,
463		CC_CRED_VMAX = 3            // For validation
464		};
465
466		<A NAME="unionCred_ptr_union"></A>
467		typedef union cred_ptr_union_type {
468		V4Cred_type* pV4Cred;
469		cc_creds*    pV5Cred;
470		} cred_ptr_union;
471
472		<A NAME="unionCred_union"></A>
473		typedef struct cred_union_type {
474		cc_int32 cred_type; // cc_cred_vers
475		<A HREF="#unionCred_ptr_union">cred_ptr_union</A> cred;
476		} cred_union;
477
478		<A NAME="typdefInfoNC"></A>
479		typedef struct _infoNC {
480		char*   name;
481		char*   principal;
482		cc_int32 vers; // cc_cred_vers
483		} infoNC;</PRE>
484
485		<H4>The cc_data structure</H4>
486
487		<P>The cc_data structure is used to store the following elements:
488
489		<UL>
490		<LI>keyblock
491
492		<LI>addresses
493
494		<LI>ticket (and second_ticket)
495
496		<LI>authorization data
497		</UL>
498
499		<P>For cc_creds.ticket and cc_creds.second_ticket, the cc_data.type
500		field MUST be zero. For the cc_creds.addresses, cc_creds.authdata,
501		and cc_data.keyblock, the cc_data.type field should be the address
502		type, authorization data type, and encryption type, as defined by the
503		Kerberos V5 protocol definition.
504
505		<H4><A NAME="cc_time_t_Note"></A>cc_time_t</H4>
506
507		<P>The cc_time_t fields are used to represent time. The time must be
508		stored as the number of seconds since midnight GMT on January 1,
509		1970.
510
511		<H4>Principal names</H4>
512
513		<P>Principal names are stored as C strings in this API. The C strings
514		may contain UTF-8 encoded strings for internationalization
515		purposes.<BR>
516
517
518		<HR>
519		<A NAME="ErrorCodeDefinitions"></A>
520
521		<H2>Error Codes Definition</H2>
522
523		<P><TABLE BORDER=1>
524		<TR>
525		<TD>
526		<P>0
527		</TD><TD>
528		<P>CC_NOERROR
529		</TD><TD>
530		<P>"Successful return"
531		</TD></TR>
532		<TR>
533		<TD>
534		<P>1
535		</TD><TD>
536		<P>CC_BADNAME
537		</TD><TD>
538		<P>"Bad credential cache name format"
539		</TD></TR>
540		<TR>
541		<TD>
542		<P>2
543		</TD><TD>
544		<P>CC_NOTFOUD
545		</TD><TD>
546		<P>"Matching credential not found"
547		</TD></TR>
548		<TR>
549		<TD>
550		<P>3
551		</TD><TD>
552		<P>CC_END
553		</TD><TD>
554		<P>"End of credential cache reached"
555		</TD></TR>
556		<TR>
557		<TD>
558		<P>4
559		</TD><TD>
560		<P>CC_IO
561		</TD><TD>
562		<P>"Credentials cache I/O operation failed"
563		</TD></TR>
564		<TR>
565		<TD>
566		<P>5
567		</TD><TD>
568		<P>CC_WRITE
569		</TD><TD>
570		<P>"Error writing to credentials cache file"
571		</TD></TR>
572		<TR>
573		<TD>
574		<P>6
575		</TD><TD>
576		<P>CC_NOMEM
577		</TD><TD>
578		<P>"No memory"
579		</TD></TR>
580		<TR>
581		<TD>
582		<P>7
583		</TD><TD>
584		<P>CC_FORMAT
585		</TD><TD>
586		<P>"Corrupted credentials cache"
587		</TD></TR>
588		<TR>
589		<TD>
590		<P>8
591		</TD><TD>
592		<P>CC_LOCKED
593		</TD><TD>
594		<P>"The credentials cache or NC is locked"
595		</TD></TR>
596		<TR>
597		<TD>
598		<P>9
599		</TD><TD>
600		<P>CC_BAD_API_VERSION
601		</TD><TD>
602		<P>"Unsupported API version"
603		</TD></TR>
604		<TR>
605		<TD>
606		<P>10
607		</TD><TD>
608		<P>CC_NO_EXIST
609		</TD><TD>
610		<P>"Credentials cache or NC does not exist"
611		</TD></TR>
612		<TR>
613		<TD>
614		<P>11
615		</TD><TD>
616		<P>CC_NOT_SUPP
617		</TD><TD>
618		<P>"Function not supported"
619		</TD></TR>
620		<TR>
621		<TD>
622		<P>12
623		</TD><TD>
624		<P>CC_BAD_PARM
625		</TD><TD>
626		<P>"Bad Paramter Passed"
627		</TD></TR>
628		<TR>
629		<TD>
630		<P>13
631		</TD><TD>
632		<P>CC_ERR_CACHE_ATTACH
633		</TD><TD>
634		<P>"Failed to attach cache"
635		</TD></TR>
636		<TR>
637		<TD>
638		<P>14
639		</TD><TD>
640		<P>CC_ERR_CACHE_RELEASE
641		</TD><TD>
642		<P>"Failed to release cache"
643		</TD></TR>
644		<TR>
645		<TD>
646		<P>15
647		</TD><TD>
648		<P>CC_ERR_CACHE_FULL
649		</TD><TD>
650		<P>"Cache FULL"
651		</TD></TR>
652		<TR>
653		<TD>
654		<P>16
655		</TD><TD>
656		<P>CC_ERR_CRED_VERSION
657		</TD><TD>
658		<P>"Wrong Cred Version"
659		</TD></TR>
660		</TABLE>
661
662		<P>
663		<HR>
664		<A NAME="ImplementationNotes"></A>
665
666		<H2>Implementation Notes</H2>
667
668		<H4>All functions are atomic</H4>
669
670		<P>All Credentials Cache API functions must be atomic.
671
672		<P><B>Windows</B>
673
674		<P>DLLs should be named KrbCC16.dll and KrbCC32.dll.
675
676		<P>
677		<HR>
678		<A NAME="FunctionDefinitions"></A>
679
680		<H2>Function definitions</H2>
681
682		<P><A NAME="MainCacheFunctions"></A>
683
684		<H3>Main Cache Functions</H3>
685
686		<P><!-- -----------------------------------------------------------------------------------><!-- cc_initialize --><!-- ----------------------------------------------------------------------------------->
687
688
689		<P><A NAME="cc_initialize"></A>
690
691		<H4>cc_initialize</H4>
692
693		<PRE>cc_int32 cc_initialize(apiCB** cc_ctx, cc_int32 api_version, cc_int32* api_supported, char** vendor)</PRE>
694
695		<P>This function performs any initialization required by the
696		<I>API</I>. It must be called before any other function in the
697		<I>API</I> is called. The cc_ctx returned by this function must be
698		passed to all other <I>API</I> functions as the first argument.
699
700		<P>The application must pass in the maximum version number of the API
701		it supports in the <B>api_version</B> parameter.
702
703		<P>If <B>api_supported</B> non-NULL, then cc_initialize will store
704		the maximum API version number supported by the library implementing
705		the API there.
706
707		<P>If the version requested by <B>api_version</B> is not equal to the
708		version supported by the library, CC_BAD_API_VERSION will be returned
709		as the error code (along with the version the library does support in
710		<B>api_supported</B>) and cc_initialize should not allocate any
711		memory.
712
713		<P>If the <B>vendor</B> is non-NULL, then cc_initialize will store a
714		pointer to a read/only C string which contains a string describing
715		the vendor which implemented the credentials cache <I>API</I>.
716
717		<P>Possible error codes: CC_NOERROR, CC_NOMEM, CC_BAD_API_VERSION,
718		CC_BAD_PARM
719
720		<P><!-- -----------------------------------------------------------------------------------><!-- cc_shutdown --><!-- -----------------------------------------------------------------------------------><BR>
721
722		<A NAME="cc_shutdown"></A>
723
724		<H4>cc_shutdown</H4>
725
726		<PRE>cc_int32 cc_shutdown(apiCB** cc_ctx)</PRE>
727
728		<P>This function performs any cleanup required by the <I>API</I>.
729		cc_ctx will be NULL on return. The application program must call
730		cc_initialize() again before making any credentials cache <I>API</I>
731		calls.
732
733		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
734
735		<P><!-- -----------------------------------------------------------------------------------><!-- cc_get_change_time --><!-- -----------------------------------------------------------------------------------><BR>
736
737		<A NAME="cc_get_change_time"></A>
738
739		<H4>cc_get_change_time</H4>
740
741		<PRE>cc_int32 cc_get_change_time(apiCB* cc_ctx, cc_time_t* time)</PRE>
742
743		<P>This function returns the time of the most recent change for the
744		entire cache. There is ONE timestamp maintained for the entire cache.
745		By maintaining a local copy the caller can deduce whether "something
746		changed" or not.
747
748		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_NOMEM,
749		CC_BAD_PARM
750
751		<P><!-- -----------------------------------------------------------------------------------><!-- cc_get_NC_info --><!-- -----------------------------------------------------------------------------------><BR>
752
753		<A NAME="cc_get_NC_info"></A>
754
755		<H4>cc_get_NC_info</H4>
756
757		<PRE>cc_int32 cc_get_NC_info(apiCB* cc_ctx, infoNC*** ppNCi)</PRE>
758
759		<P>cc_get_NC_info() is a wrapper for cc_seq_fetch_NCs(),
760		cc_get_name() cc_get_cred_version(), and cc_get_principal(). It
761		returns all the information needed to uniquely identify each NC in
762		the cache (name and cred_version) and the associated principal.
763		Specifically it returns a null terminated list of pointers to infoNC
764		structs. Each infoNC struct contain a pointer to the NC's name, a
765		pointer to the the principal associated with the NC, and the version
766		number (as an enumerated type) of the credentials stored in this NC.
767
768		<P>The ppNCi (the entire data structure) aquired by this routine
769		should be freed with cc_free_NC_info().
770
771		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_NOMEM,
772		CC_BAD_PARM
773
774		<P><!-- -----------------------------------------------------------------------------------><!-- cc_open --><!-- -----------------------------------------------------------------------------------><BR>
775
776		<A NAME="cc_open"></A>
777
778		<H4>cc_open</H4>
779
780		<PRE>cc_int32 cc_open(apiCB* cc_ctx, const char* name, cc_int32 cred_vers, cc_uint32 cc_flags,
781		ccache_p** ccache_pointer)</PRE>
782
783		<P>Opens an already exising NC identified by both <B>name</B>, and
784		<B>cred_vers</B>. It fills in the parameter **ccache_pointer with a
785		pointer to the NC.
786
787		<P>The list of cache names, principals, and credentials versions may
788		be retrieved via cc_seq_fetch_NCs(), cc_get_name(),
789		cc_get_cred_version(), & cc_get_principal() OR via
790		cc_get_NC_info().
791
792		<P>Possible error codes: CC_NOERROR, CC_BADNAME, CC_NO_EXIST,
793		CC_NOMEM, CC_ERR_CRED_VERSION, CC_BAD_PARM
794
795		<P><!-- -----------------------------------------------------------------------------------><!-- cc_create --><!-- -----------------------------------------------------------------------------------><BR>
796
797		<A NAME="cc_create"></A>
798
799		<H4>cc_create</H4>
800
801		<PRE>cc_int32 cc_create(apiCB* cc_ctx, const char* name, const char* principal,
802		cc_int32 cred_vers, cc_uint32 cc_flags, ccache_p** ccache_pointer)</PRE>
803
804		<P>Create a new NC. The NC is uniquely identified by the combination
805		of it's name and the "cc_creds_vers" (i.e. which credentials version
806		it holds). The principal given is also associated with the NC. A NULL
807		<B>name</B> is not allowed (and CC_BADNAME should be returned if one
808		is passed in). If <B>name</B> is non-null and there is already a NC
809		named <B>name</B>, all credentials in the cache are removed, and
810		handle for the existing cache is returned. If there is already a NC
811		named name, all existing handles for this cache remain valid. The NC
812		is created with a primary principal specified by <B>principal</B>.
813
814		<P><I>(Removed text about the "expected" form of the NC name.)</I>
815
816		<P>An NC is intended to hold credentials for a single principal in a
817		single realm, and for a single credentials version (i.e. V4 or V5).
818		The cache can contain credentials for other credential versions,
819		other realms, and even other principals, but each in a separate NC.
820		This rule will allow callers that can only handle a single principal
821		in a single realm to continue to work by dealing with only one NC.
822		Callers that can deal with multiple principals, multiple realms,
823		and/or multiple credentials versions can do so by dealing with
824		multiple NCs. By doing it this way, the callers that are able to
825		handle multiple principals, realms, and/or versions can do so without
826		interfering with "differently abled" code.
827
828		<P>The list of cache names, principals, & cred_versions may be
829		retrieved via cc_get_NC_info().
830
831		<P>Possible error codes: CC_NOERROR, CC_BADNAME, CC_BAD_PARM,
832		CC_NO_EXIST, CC_NOMEM, CC_ERR_CRED_VERSION
833
834		<P><!-- -----------------------------------------------------------------------------------><!-- cc_close --><!-- -----------------------------------------------------------------------------------><BR>
835
836		<A NAME="cc_close"></A>
837
838		<H4>cc_close</H4>
839
840		<PRE>cc_int32 cc_close(apiCB* cc_ctx, ccache_p** ccache_pointer)</PRE>
841
842		<P>Close the NC. The <B>ccache_pointer</B> related memory is
843		deallocated, and ccache_pointer is set to NULL before being returned
844		to caller.
845
846		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
847
848		<P><!-- -----------------------------------------------------------------------------------><!-- cc_destroy --><!-- -----------------------------------------------------------------------------------><BR>
849
850		<A NAME="cc_destroy"></A>
851
852		<H4>cc_destroy</H4>
853
854		<PRE>cc_int32 cc_destroy(apiCB* cc_ctx, ccache_p** ccache_pointer)</PRE>
855
856		<P>Destroy the NC pointed to by <B>ccache_pointer</B>. The
857		<B>ccache_pointer</B> related memory is deallocated, and
858		ccache_pointer is set to NULL before being returned to caller. The
859		caller does not need to call cc_close() on the <B>cache_pointer</B>
860		afterwards.
861
862		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
863
864		<P><!-- -----------------------------------------------------------------------------------><!-- cc_seq_fetch_NCs --><!-- -----------------------------------------------------------------------------------><BR>
865
866
867
868		<P><A NAME="cc_seq_fetch_NCs_begin"></A>
869
870		<H4>cc_seq_fetch_NCs_begin</H4>
871
872		<PRE>cc_int32 cc_seq_fetch_NCs_begin(apiCB* cc_ctx, ccache_cit** itNCs)</PRE>
873
874		<P>Used to allocate memory and initialize the iterator *itNCs. Use
875		cc_seq_fetch_NCs_end() to deallocate the memory used by *itNCs.
876
877		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM,
878		CC_NOMEM
879
880		<H4><A NAME="cc_seq_fetch_NCs_next"></A></H4>
881
882		<H4>cc_seq_fetch_NCs_next</H4>
883
884		<PRE>cc_int32 cc_seq_fetch_NCs_next(apiCB* cc_ctx, ccache_p** ccache_pointer, ccache_cit* itNCs)</PRE>
885
886		<P>Used to sequentially open every NC in the cache.
887
888		<P>Ccache_pointer must be a pointer to a ccache_p*. The
889		ccache_pointer returned may be used to get information about the NC
890		by calling cc_get_name(), cc_get_cred_version(), and
891		cc_get_principal(). Ccache_pointer's returned must be freed via
892		cc_close() between calls to cc_seq_fetch_NCs_next().
893
894		<P>itNCs must be a pointer to a ccache_cit* variable provided by the
895		calling application and which is used by cc_seq_fetch_NCs_next() to
896		determine the next NC to return. It must have been initialized by
897		cc_seq_fetch_NCs_begin().
898
899		<P>If changes are made to the credentials cache while it iterator is
900		being used, it must return at least the intersection, and at most the
901		union, of the set of NC's that were in the cache when the iteration
902		began and the set of NC's that are in the cache when it ends.
903
904		<P>When the last NC in the sequence is returned, the return code from
905		cc_seq_fetch_NCs_next() will be CC_END.
906
907		<P>Possible error codes: CC_NOERROR, CC_END, CC_NO_EXIST.
908		CC_BAD_PARM, CC_NOMEM
909
910		<H4> </H4>
911
912		<H4><A NAME="cc_seq_fetch_NCs_end"></A></H4>
913
914		<H4>cc_seq_fetch_NCs_end</H4>
915
916		<PRE>cc_int32 cc_seq_fetch_NCs_end(apiCB* cc_ctx, ccache_cit** itNCs)</PRE>
917
918		<P>Deallocates the memory used by itNCs, and sets itNCs to NULL.
919
920		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
921
922		<P>
923
924		<P><A NAME="NCFunctions"></A>
925
926		<H3>NC Functions</H3>
927
928		<P><!-- -----------------------------------------------------------------------------------><!-- cc_get_name --><!-- -----------------------------------------------------------------------------------><A NAME="cc_get_name"></A>
929
930
931		<H4>cc_get_name</H4>
932
933		<PRE>cc_int32 cc_get_name(apiCB* cc_ctx, const ccache_p* ccache_pointer, char** name)</PRE>
934
935		<P>cc_get_name() returns the name of the NC indicated by
936		ccache_pointer. The name can be used in cc_open() or cc_create(). The
937		combination of the name and the credentials version uniqeuly identify
938		an NC. The returned name should be freed via cc_free_name().
939
940		<P>Possible error codes: CC_NOERROR, CC_NOMEM, CC_NO_EXIST,
941		CC_BAD_PARM
942
943		<P><!-- -----------------------------------------------------------------------------------><!-- cc_get_cred_version --><!-- -----------------------------------------------------------------------------------><BR>
944
945		<A NAME="cc_get_cred_version"></A>
946
947		<H4>cc_get_cred_version</H4>
948
949		<PRE>cc_int32 cc_get_cred_version(apiCB* cc_ctx, const ccache_p* ccache_pointer, cc_int32* cred_vers)</PRE>
950
951		<P>cc_get_cred_version() returns one of the enumerated type
952		cc_cred_vers in cred_vers. The expected values are CC_CRED_V4, or
953		CC_CRED_V5. The combination of the name and the credentials version
954		uniquely identify an NC.
955
956		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
957
958		<P><!-- -----------------------------------------------------------------------------------><!-- cc_set_principal --><!-- -----------------------------------------------------------------------------------><BR>
959
960		<A NAME="cc_set_principal"></A>
961
962		<H4>cc_set_principal</H4>
963
964		<PRE>cc_int32 cc_set_principal(apiCB* cc_ctx, const ccache_p* ccache_pointer, const cc_int32 cred_vers,
965		const char* principal)</PRE>
966
967		<P>Set the primary principal for the NC indicated by ccache_pointer.
968		This is the complement to cc_get_principal().
969
970		<P>cred_vers is used as a double check.
971
972		<P>principal points to a null terminated string that will be copied
973		into the NC. This new principal will be returned if you call
974		cc_get_principal() for this NC.
975
976		<P>Possible error codes: CC_NOERROR, CC_NOMEM, CC_NO_EXIST,
977		CC_ERR_CRED_VERSION, CC_BAD_PARM<BR>
978
979
980
981		<P><!-- -----------------------------------------------------------------------------------><!-- cc_get_principal --><!-- -----------------------------------------------------------------------------------><BR>
982
983		<A NAME="cc_get_principal"></A>
984
985		<H4>cc_get_principal</H4>
986
987		<PRE>cc_int32 cc_get_principal(apiCB* cc_ctx, const ccache_p* ccache_pointer, char** principal)</PRE>
988
989		<P>Return the primary principal for the NC that was set via
990		cc_create() or cc_set_principal(). The returned principal should be
991		freed via cc_free_principal() .
992
993		<P>Possible error codes: CC_NOERROR, CC_NOMEM, CC_NO_EXIST,
994		CC_BAD_PARM<BR>
995
996
997
998		<P><!-- -----------------------------------------------------------------------------------><!-- cc_store --><!-- -----------------------------------------------------------------------------------><BR>
999
1000		<A NAME="cc_store"></A>
1001
1002		<H4>cc_store</H4>
1003
1004		<PRE>cc_int32 cc_store(apiCB* cc_ctx, ccache_p* ccache_pointer, const <A HREF="#unionCred_union">cred_union</A> cred)</PRE>
1005
1006		<P>Store (make a copy of) <B>cred</B> in the NC indicated by
1007		<B>ccache_pointer</B>.
1008
1009		<P>A cred_union contains a cred_type indicator and a cred_ptr_union.
1010		A cred_ptr_union can contain either a V4Cred_type pointer or a
1011		cc_creds (V5 creds) pointer. Cred_type indicates which type of
1012		pointer is in the cred_ptr_union. This also allows the <I>API</I> to
1013		enforce the credentials version declared in cc_create() or cc_open().
1014
1015
1016		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_ERR_CACHE_FULL,
1017		CC_ERR_CRED_VERSION, CC_BAD_PARM
1018
1019		<P><!-- -----------------------------------------------------------------------------------><!-- cc_remove_cred --><!-- -----------------------------------------------------------------------------------><BR>
1020
1021		<A NAME="cc_remove_cred"></A>
1022
1023		<H4>cc_remove_cred</H4>
1024
1025		<PRE>cc_int32 cc_remove_cred(apiCB* cc_ctx, ccache_p* ccache_pointer, const <A HREF="#unionCred_union">cred_union</A> cred)</PRE>
1026
1027		<P>Removes the credential <B>cred</B> from <B>ccache_pointer</B>. The
1028		credentials in the NC indicated by ccache_pointer are searched to
1029		find a matching credential. If found, that credential is removed from
1030		the NC. The cred parameter is not modified and should be freed via
1031		cc_free_creds(). It is legitimate to call this function during a
1032		sequential fetch, and the deletion of a credential already returned
1033		by cc_seq_fetch_creds() should not disturb sequence of credentials
1034		returned by cc_seq_fetch_creds().
1035
1036		<P>Use of cred_union is the same as is explained in cc_store().
1037
1038		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_NOTFOUND,
1039		CC_ERR_CRED_VERSION, CC_BAD_PARM
1040
1041		<P><!-- -----------------------------------------------------------------------------------><!-- cc_seq_fetch_creds --><!-- -----------------------------------------------------------------------------------><BR>
1042
1043		<A NAME="cc_seq_fetch_creds_begin"></A>
1044
1045		<H4>cc_seq_fetch_creds_begin</H4>
1046
1047		<PRE>cc_int32 cc_seq_fetch_creds_begin(apiCB* cc_ctx, const ccache_p* ccache_pointer, ccache_cit** itCreds)</PRE>
1048
1049		<P>Allocates memory for and initializes *itCreds. This memory must be
1050		deallocated using cc_seq_fetch_creds_end().
1051
1052		<P>Ccache_pointer must be a valid pointer to the NC containing the
1053		creds to be returned by the iterator.
1054
1055		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM,
1056		CC_NOMEM
1057
1058		<P>
1059
1060		<P><A NAME="cc_seq_fetch_creds_next"></A>
1061
1062		<H4>cc_seq_fetch_creds_next</H4>
1063
1064		<PRE>cc_int32 cc_seq_fetch_creds_next(apiCB* cc_ctx, cred_union** cred, ccache_cit* itCreds)</PRE>
1065
1066		<P>cc_seq_fetch_creds_next() is used to sequentially read every set
1067		of credentials in an NC. The NC has been indicated in the call to
1068		cc_seq_fetch_creds_begin().
1069
1070		<P>itCreds must be a pointer to a ccache_cit* variable provided by
1071		the calling application and which is used by
1072		cc_seq_fetch_creds_next() to determine the next cached credential to
1073		return. The ccache_cit* variable must be initialized by calling
1074		cc_seq_fetch_creds_begin().
1075
1076		<P>The credentials are filled into the cred_union pointed to by
1077		creds. Note that the cred_union contains elements which are
1078		dynamically allocated, so must be freed using cc_free_creds() between
1079		calls to cc_seq_fetch_creds_next().
1080
1081		<P>If changes are made to the NC while it iterator is being used, it
1082		must return at least the intersection, and at most the union, of the
1083		set of credentials that were in the NC when the iteration began and
1084		the set of credentials that are in the NC when it ends.
1085
1086		<P>When the last credential in the sequence is returned, the return
1087		code from cc_seq_fetch_creds_next() will be CC_END.
1088
1089		<P>Possible error codes: CC_NOERROR, CC_END, CC_NO_EXIST,
1090		CC_BAD_PARM, CC_NOMEM
1091
1092		<P>
1093
1094		<P><A NAME="cc_seq_fetch_creds_end"></A>
1095
1096		<H4>cc_seq_fetch_creds_end</H4>
1097
1098		<PRE>cc_int32 cc_seq_fetch_creds_end(apiCB* cc_ctx, ccache_cit** itCreds)</PRE>
1099
1100		<P>Deallocates memory used by itCreds and sets itCreds to NULL.
1101
1102		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
1103
1104		<P><!-- -----------------------------------------------------------------------------------><!-- cc_lock_request --><!-- -----------------------------------------------------------------------------------><BR>
1105
1106		<A NAME="cc_lock_request"></A>
1107
1108		<H4>cc_lock_request</H4>
1109
1110		<PRE>cc_int32 cc_lock_request(apiCB* cc_ctx, const ccache_p* ccache_pointer, cc_int32 lock_type)</PRE>
1111
1112		<DL>
1113		<DD>99/02/11 - smcguire
1114
1115		<DD><B>As of this date there is no locking in the Win NT/95
1116		or Machintosh implementations. The description below may not be
1117		completely accurate as to how this function should be
1118		implemented.</B>
1119		</DL>
1120
1121		<P>This function is currently NOT IMPLEMENTED. All functions attach
1122		to the cache, take action, and detach from the cache before returning
1123		to the caller.
1124
1125		<P>This function will lock or unlock the NC based on the argument
1126		value of lock_type:
1127
1128		<PRE>        CC_LOCK_UNLOCK  1       Unlock the NC
1129		CC_LOCK_READER  2       Lock the NC for reading
1130		CC_LOCK_WRITER  3       Lock the NC for writing
1131
1132		CC_LOCK_NOBLOCK 16      Don't block, but return an error code if
1133		the request cannot be satisfied.
1134		</PRE>
1135
1136		<P>Locking is done on a per-thread basis. At most one thread may have
1137		the credentials locked for writing; if so, there must not be any
1138		threads that have the credentials locked for reading.
1139
1140		<P>Multiple threads may have the cache locked for reading, as long as
1141		there is not a writer lock asserted on the cache.
1142
1143		<P>If a thread has a cache locked for reading, that lock may be
1144		upgraded to a writer lock by calling cc_lock_request() with a
1145		lock_type of CC_LOCK_WRITER. If a thread has the cache locked for
1146		reading or writing, a request to cc_lock_request() for a reader or
1147		writer lock, respectively, is a no-op. If a thread does not have the
1148		cache locked, and calls cc_lock_request() with a lock_type of
1149		CC_LOCK_UNLOCK, this is also a no-op.
1150
1151		<P>A request for CC_LOCK_READER and CC_LOCK_WRITER may be made
1152		non-blocking by logical or'ing the value CC_LOCK_NOBLOCK. In that
1153		case, if it is not possible to satisfy the lock request, the error
1154		CC_LOCKED will be returned.
1155
1156		<P>
1157
1158		<P><A NAME="LiberationFunctions"></A>
1159
1160		<H3>Liberation Functions</H3>
1161
1162		<P><!-- -----------------------------------------------------------------------------------><!-- cc_free_principal --><!-- -----------------------------------------------------------------------------------><A NAME="cc_free_principal"></A>
1163
1164
1165		<H4>cc_free_principal</H4>
1166
1167		<PRE>cc_int32 cc_free_principal(apiCB* cc_ctx, char** principal)</PRE>
1168
1169		<P>This function frees the <B>principal</B> returned by
1170		cc_get_principal() and sets *principal to NULL.
1171
1172		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
1173
1174		<P><!-- -----------------------------------------------------------------------------------><!-- cc_free_name --><!-- -----------------------------------------------------------------------------------><BR>
1175
1176		<A NAME="cc_free_name"></A>
1177
1178		<H4>cc_free_name</H4>
1179
1180		<PRE>cc_int32 cc_free_name(apiCB* cc_ctx, char** name)</PRE>
1181
1182		<P>This function frees the <B>name</B> returned by cc_get_name() and
1183		sets *name to NULL.
1184
1185		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
1186
1187		<P><!-- -----------------------------------------------------------------------------------><!-- cc_free_creds --><!-- -----------------------------------------------------------------------------------><BR>
1188
1189		<A NAME="cc_free_creds"></A>
1190
1191		<H4>cc_free_creds</H4>
1192
1193		<PRE>cc_int32 cc_free_creds(apiCB* cc_ctx, cred_union** creds)</PRE>
1194
1195		<P>This function frees all storage associated with creds returned by
1196		cc_seq_fetch_creds() and sets the creds pointer to NULL.
1197
1198		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
1199
1200		<P><!-- -----------------------------------------------------------------------------------><!-- cc_free_NC_info --><!-- -----------------------------------------------------------------------------------><BR>
1201
1202		<A NAME="cc_free_NC_info"></A>
1203
1204		<H4>cc_free_NC_info</H4>
1205
1206		<PRE>cc_int32 cc_free_NC_info(apiCB* cc_ctx, infoNC*** ppNCi)</PRE>
1207
1208		<P>This routine frees all storage aquired by cc_get_NC_info() and
1209		sets ppNCi to NULL.
1210
1211		<P>Possible error codes: CC_NOERROR, CC_NO_EXIST, CC_BAD_PARM
1212
1213		<!-- Begin MIT-use only web reporting counter -->
1214		<IMG SRC="http://counter.mit.edu/tally" WIDTH=1 HEIGHT=1 ALT="">
1215		<!-- End MIT-use only web reporting counter -->
1216		</BODY></HTML>

+0

-310

~~doc/ccapi/html/doxygen.css~~ less more

0		BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV {
1		font-family: Geneva, Arial, Helvetica, sans-serif;
2		}
3		BODY,TD {
4		font-size: 90%;
5		}
6		H1 {
7		text-align: center;
8		font-size: 160%;
9		}
10		H2 {
11		font-size: 120%;
12		}
13		H3 {
14		font-size: 100%;
15		}
16		CAPTION { font-weight: bold }
17		DIV.qindex {
18		width: 100%;
19		background-color: #e8eef2;
20		border: 1px solid #84b0c7;
21		text-align: center;
22		margin: 2px;
23		padding: 2px;
24		line-height: 140%;
25		}
26		DIV.nav {
27		width: 100%;
28		background-color: #e8eef2;
29		border: 1px solid #84b0c7;
30		text-align: center;
31		margin: 2px;
32		padding: 2px;
33		line-height: 140%;
34		}
35		DIV.navtab {
36		background-color: #e8eef2;
37		border: 1px solid #84b0c7;
38		text-align: center;
39		margin: 2px;
40		margin-right: 15px;
41		padding: 2px;
42		}
43		TD.navtab {
44		font-size: 70%;
45		}
46		A.qindex {
47		text-decoration: none;
48		font-weight: bold;
49		color: #1A419D;
50		}
51		A.qindex:visited {
52		text-decoration: none;
53		font-weight: bold;
54		color: #1A419D
55		}
56		A.qindex:hover {
57		text-decoration: none;
58		background-color: #ddddff;
59		}
60		A.qindexHL {
61		text-decoration: none;
62		font-weight: bold;
63		background-color: #6666cc;
64		color: #ffffff;
65		border: 1px double #9295C2;
66		}
67		A.qindexHL:hover {
68		text-decoration: none;
69		background-color: #6666cc;
70		color: #ffffff;
71		}
72		A.qindexHL:visited { text-decoration: none; background-color: #6666cc; color: #ffffff }
73		A.el { text-decoration: none; font-weight: bold }
74		A.elRef { font-weight: bold }
75		A.code:link { text-decoration: none; font-weight: normal; color: #0000FF}
76		A.code:visited { text-decoration: none; font-weight: normal; color: #0000FF}
77		A.codeRef:link { font-weight: normal; color: #0000FF}
78		A.codeRef:visited { font-weight: normal; color: #0000FF}
79		A:hover { text-decoration: none; background-color: #f2f2ff }
80		DL.el { margin-left: -1cm }
81		.fragment {
82		font-family: Fixed, monospace;
83		font-size: 95%;
84		}
85		PRE.fragment {
86		border: 1px solid #CCCCCC;
87		background-color: #f5f5f5;
88		margin-top: 4px;
89		margin-bottom: 4px;
90		margin-left: 2px;
91		margin-right: 8px;
92		padding-left: 6px;
93		padding-right: 6px;
94		padding-top: 4px;
95		padding-bottom: 4px;
96		}
97		DIV.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px }
98		TD.md { background-color: #F4F4FB; font-weight: bold; }
99		TD.mdPrefix {
100		background-color: #F4F4FB;
101		color: #606060;
102		font-size: 80%;
103		}
104		TD.mdname1 { background-color: #F4F4FB; font-weight: bold; color: #602020; }
105		TD.mdname { background-color: #F4F4FB; font-weight: bold; color: #602020; width: 600px; }
106		DIV.groupHeader {
107		margin-left: 16px;
108		margin-top: 12px;
109		margin-bottom: 6px;
110		font-weight: bold;
111		}
112		DIV.groupText { margin-left: 16px; font-style: italic; font-size: 90% }
113		BODY {
114		background: white;
115		color: black;
116		margin-right: 20px;
117		margin-left: 20px;
118		}
119		TD.indexkey {
120		background-color: #e8eef2;
121		font-weight: bold;
122		padding-right : 10px;
123		padding-top : 2px;
124		padding-left : 10px;
125		padding-bottom : 2px;
126		margin-left : 0px;
127		margin-right : 0px;
128		margin-top : 2px;
129		margin-bottom : 2px;
130		border: 1px solid #CCCCCC;
131		}
132		TD.indexvalue {
133		background-color: #e8eef2;
134		font-style: italic;
135		padding-right : 10px;
136		padding-top : 2px;
137		padding-left : 10px;
138		padding-bottom : 2px;
139		margin-left : 0px;
140		margin-right : 0px;
141		margin-top : 2px;
142		margin-bottom : 2px;
143		border: 1px solid #CCCCCC;
144		}
145		TR.memlist {
146		background-color: #f0f0f0;
147		}
148		P.formulaDsp { text-align: center; }
149		IMG.formulaDsp { }
150		IMG.formulaInl { vertical-align: middle; }
151		SPAN.keyword { color: #008000 }
152		SPAN.keywordtype { color: #604020 }
153		SPAN.keywordflow { color: #e08000 }
154		SPAN.comment { color: #800000 }
155		SPAN.preprocessor { color: #806020 }
156		SPAN.stringliteral { color: #002080 }
157		SPAN.charliteral { color: #008080 }
158		.mdTable {
159		border: 1px solid #868686;
160		background-color: #F4F4FB;
161		}
162		.mdRow {
163		padding: 8px 10px;
164		}
165		.mdescLeft {
166		padding: 0px 8px 4px 8px;
167		font-size: 80%;
168		font-style: italic;
169		background-color: #FAFAFA;
170		border-top: 1px none #E0E0E0;
171		border-right: 1px none #E0E0E0;
172		border-bottom: 1px none #E0E0E0;
173		border-left: 1px none #E0E0E0;
174		margin: 0px;
175		}
176		.mdescRight {
177		padding: 0px 8px 4px 8px;
178		font-size: 80%;
179		font-style: italic;
180		background-color: #FAFAFA;
181		border-top: 1px none #E0E0E0;
182		border-right: 1px none #E0E0E0;
183		border-bottom: 1px none #E0E0E0;
184		border-left: 1px none #E0E0E0;
185		margin: 0px;
186		}
187		.memItemLeft {
188		padding: 1px 0px 0px 8px;
189		margin: 4px;
190		border-top-width: 1px;
191		border-right-width: 1px;
192		border-bottom-width: 1px;
193		border-left-width: 1px;
194		border-top-color: #E0E0E0;
195		border-right-color: #E0E0E0;
196		border-bottom-color: #E0E0E0;
197		border-left-color: #E0E0E0;
198		border-top-style: solid;
199		border-right-style: none;
200		border-bottom-style: none;
201		border-left-style: none;
202		background-color: #FAFAFA;
203		font-size: 80%;
204		}
205		.memItemRight {
206		padding: 1px 8px 0px 8px;
207		margin: 4px;
208		border-top-width: 1px;
209		border-right-width: 1px;
210		border-bottom-width: 1px;
211		border-left-width: 1px;
212		border-top-color: #E0E0E0;
213		border-right-color: #E0E0E0;
214		border-bottom-color: #E0E0E0;
215		border-left-color: #E0E0E0;
216		border-top-style: solid;
217		border-right-style: none;
218		border-bottom-style: none;
219		border-left-style: none;
220		background-color: #FAFAFA;
221		font-size: 80%;
222		}
223		.memTemplItemLeft {
224		padding: 1px 0px 0px 8px;
225		margin: 4px;
226		border-top-width: 1px;
227		border-right-width: 1px;
228		border-bottom-width: 1px;
229		border-left-width: 1px;
230		border-top-color: #E0E0E0;
231		border-right-color: #E0E0E0;
232		border-bottom-color: #E0E0E0;
233		border-left-color: #E0E0E0;
234		border-top-style: none;
235		border-right-style: none;
236		border-bottom-style: none;
237		border-left-style: none;
238		background-color: #FAFAFA;
239		font-size: 80%;
240		}
241		.memTemplItemRight {
242		padding: 1px 8px 0px 8px;
243		margin: 4px;
244		border-top-width: 1px;
245		border-right-width: 1px;
246		border-bottom-width: 1px;
247		border-left-width: 1px;
248		border-top-color: #E0E0E0;
249		border-right-color: #E0E0E0;
250		border-bottom-color: #E0E0E0;
251		border-left-color: #E0E0E0;
252		border-top-style: none;
253		border-right-style: none;
254		border-bottom-style: none;
255		border-left-style: none;
256		background-color: #FAFAFA;
257		font-size: 80%;
258		}
259		.memTemplParams {
260		padding: 1px 0px 0px 8px;
261		margin: 4px;
262		border-top-width: 1px;
263		border-right-width: 1px;
264		border-bottom-width: 1px;
265		border-left-width: 1px;
266		border-top-color: #E0E0E0;
267		border-right-color: #E0E0E0;
268		border-bottom-color: #E0E0E0;
269		border-left-color: #E0E0E0;
270		border-top-style: solid;
271		border-right-style: none;
272		border-bottom-style: none;
273		border-left-style: none;
274		color: #606060;
275		background-color: #FAFAFA;
276		font-size: 80%;
277		}
278		.search { color: #003399;
279		font-weight: bold;
280		}
281		FORM.search {
282		margin-bottom: 0px;
283		margin-top: 0px;
284		}
285		INPUT.search { font-size: 75%;
286		color: #000080;
287		font-weight: normal;
288		background-color: #e8eef2;
289		}
290		TD.tiny { font-size: 75%;
291		}
292		a {
293		color: #1A41A8;
294		}
295		a:visited {
296		color: #2A3798;
297		}
298		.dirtab { padding: 4px;
299		border-collapse: collapse;
300		border: 1px solid #84b0c7;
301		}
302		TH.dirtab { background: #e8eef2;
303		font-weight: bold;
304		}
305		HR { height: 1px;
306		border: none;
307		border-top: 1px solid black;
308		}
309

~~doc/ccapi/html/doxygen.png~~ less more

Binary diff not shown

+0

-96

~~doc/ccapi/html/group__cc__ccache__iterator__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_iterator_t Overview</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_iterator_t Overview</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_ccache_iterator_t type represents an iterator that iterates over a set of ccaches and returns them in all in some order. A new instance of this type can be obtained by calling <a class="el" href="group__helper__macros.html#g6957bc9570e4769a5b1213d2a1d90cd7">cc_context_new_ccache_iterator()</a>.<p>
9		For API function documentation see <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a>.
10		<p>
11		<h2>Data Structures</h2>
12		<ul>
13		<li>struct <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a>
14		</ul>
15		<h2>Typedefs</h2>
16		<ul>
17		<li>typedef <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> <a class="el" href="group__cc__ccache__iterator__reference.html#g55a6d891b6840466cc956bdd327dc314">cc_ccache_iterator_f</a>
18		<li>typedef <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a> <a class="el" href="group__cc__ccache__iterator__reference.html#g0ab4121cf78b7e0f92a90e9d4c15f0cf">cc_ccache_iterator_d</a>
19		<li>typedef <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a> * <a class="el" href="group__cc__ccache__iterator__reference.html#gce800a50d1fe0dcb05b6be0884232318">cc_ccache_iterator_t</a>
20		</ul>
21		<hr><h2>Typedef Documentation</h2>
22		<a class="anchor" name="g55a6d891b6840466cc956bdd327dc314"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_f" ref="g55a6d891b6840466cc956bdd327dc314" args="" --><p>
23		<table class="mdTable" cellpadding="2" cellspacing="0">
24		<tr>
25		<td class="mdRow">
26		<table cellpadding="0" cellspacing="0" border="0">
27		<tr>
28		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> </td>
29		</tr>
30		</table>
31		</td>
32		</tr>
33		</table>
34		<table cellspacing="5" cellpadding="0" border="0">
35		<tr>
36		<td>
37
38		</td>
39		<td>
40
41		<p>
42		</td>
43		</tr>
44		</table>
45		<a class="anchor" name="g0ab4121cf78b7e0f92a90e9d4c15f0cf"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_d" ref="g0ab4121cf78b7e0f92a90e9d4c15f0cf" args="" --><p>
46		<table class="mdTable" cellpadding="2" cellspacing="0">
47		<tr>
48		<td class="mdRow">
49		<table cellpadding="0" cellspacing="0" border="0">
50		<tr>
51		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a> <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a> </td>
52		</tr>
53		</table>
54		</td>
55		</tr>
56		</table>
57		<table cellspacing="5" cellpadding="0" border="0">
58		<tr>
59		<td>
60
61		</td>
62		<td>
63
64		<p>
65		</td>
66		</tr>
67		</table>
68		<a class="anchor" name="gce800a50d1fe0dcb05b6be0884232318"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_t" ref="gce800a50d1fe0dcb05b6be0884232318" args="" --><p>
69		<table class="mdTable" cellpadding="2" cellspacing="0">
70		<tr>
71		<td class="mdRow">
72		<table cellpadding="0" cellspacing="0" border="0">
73		<tr>
74		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_d</a>* <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> </td>
75		</tr>
76		</table>
77		</td>
78		</tr>
79		</table>
80		<table cellspacing="5" cellpadding="0" border="0">
81		<tr>
82		<td>
83
84		</td>
85		<td>
86
87		<p>
88		</td>
89		</tr>
90		</table>
91		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
92		<a href="http://www.doxygen.org/index.html">
93		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
94		</body>
95		</html>

+0

-96

~~doc/ccapi/html/group__cc__ccache__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_t Overview</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_t Overview</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_ccache_t type represents a reference to a ccache. Callers can access a ccache and the credentials stored in it via a cc_ccache_t. A cc_ccache_t can be acquired via <a class="el" href="group__helper__macros.html#g256a5ba17fe0e4502e0722d9b081bbef">cc_context_open_ccache()</a>, <a class="el" href="group__helper__macros.html#g45a7ce29eb409baabadcae1bc95d5c57">cc_context_open_default_ccache()</a>, or <a class="el" href="group__helper__macros.html#gcff0b3e247a2adc95442324fec6c5651">cc_ccache_iterator_next()</a>.<p>
9		For API function documentation see <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a>.
10		<p>
11		<h2>Data Structures</h2>
12		<ul>
13		<li>struct <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a>
14		</ul>
15		<h2>Typedefs</h2>
16		<ul>
17		<li>typedef <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> <a class="el" href="group__cc__ccache__reference.html#ga88aed938d3678e263f6507fcd6e5e38">cc_ccache_f</a>
18		<li>typedef <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a> <a class="el" href="group__cc__ccache__reference.html#g8eaae84d4f6a48e1e21eb4fe8a0b367a">cc_ccache_d</a>
19		<li>typedef <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a> * <a class="el" href="group__cc__ccache__reference.html#gf59e3c32bf0b7d9cc409438cebb2f048">cc_ccache_t</a>
20		</ul>
21		<hr><h2>Typedef Documentation</h2>
22		<a class="anchor" name="ga88aed938d3678e263f6507fcd6e5e38"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_f" ref="ga88aed938d3678e263f6507fcd6e5e38" args="" --><p>
23		<table class="mdTable" cellpadding="2" cellspacing="0">
24		<tr>
25		<td class="mdRow">
26		<table cellpadding="0" cellspacing="0" border="0">
27		<tr>
28		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> </td>
29		</tr>
30		</table>
31		</td>
32		</tr>
33		</table>
34		<table cellspacing="5" cellpadding="0" border="0">
35		<tr>
36		<td>
37
38		</td>
39		<td>
40
41		<p>
42		</td>
43		</tr>
44		</table>
45		<a class="anchor" name="g8eaae84d4f6a48e1e21eb4fe8a0b367a"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_d" ref="g8eaae84d4f6a48e1e21eb4fe8a0b367a" args="" --><p>
46		<table class="mdTable" cellpadding="2" cellspacing="0">
47		<tr>
48		<td class="mdRow">
49		<table cellpadding="0" cellspacing="0" border="0">
50		<tr>
51		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a> <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a> </td>
52		</tr>
53		</table>
54		</td>
55		</tr>
56		</table>
57		<table cellspacing="5" cellpadding="0" border="0">
58		<tr>
59		<td>
60
61		</td>
62		<td>
63
64		<p>
65		</td>
66		</tr>
67		</table>
68		<a class="anchor" name="gf59e3c32bf0b7d9cc409438cebb2f048"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_t" ref="gf59e3c32bf0b7d9cc409438cebb2f048" args="" --><p>
69		<table class="mdTable" cellpadding="2" cellspacing="0">
70		<tr>
71		<td class="mdRow">
72		<table cellpadding="0" cellspacing="0" border="0">
73		<tr>
74		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__ccache__d.html">cc_ccache_d</a>* <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> </td>
75		</tr>
76		</table>
77		</td>
78		</tr>
79		</table>
80		<table cellspacing="5" cellpadding="0" border="0">
81		<tr>
82		<td>
83
84		</td>
85		<td>
86
87		<p>
88		</td>
89		</tr>
90		</table>
91		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
92		<a href="http://www.doxygen.org/index.html">
93		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
94		</body>
95		</html>

+0

-161

~~doc/ccapi/html/group__cc__context__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_context_t Overview</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_context_t Overview</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_context_t type gives the caller access to a ccache collection. Before being able to call any functions in the CCache API, the caller needs to acquire an instance of cc_context_t by calling <a class="el" href="group__cc__context__reference.html#ge4174587d8bb261e32194bbb9585fb82">cc_initialize()</a>.<p>
9		For API function documentation see <a class="el" href="structcc__context__f.html">cc_context_f</a>.
10		<p>
11		<h2>Data Structures</h2>
12		<ul>
13		<li>struct <a class="el" href="structcc__context__d.html">cc_context_d</a>
14		</ul>
15		<h2>Typedefs</h2>
16		<ul>
17		<li>typedef <a class="el" href="structcc__context__f.html">cc_context_f</a> <a class="el" href="group__cc__context__reference.html#gf285100b13ebff78db5ce1efb30e689d">cc_context_f</a>
18		<li>typedef <a class="el" href="structcc__context__d.html">cc_context_d</a> <a class="el" href="group__cc__context__reference.html#g989a601250a2a05fd23b46c546084add">cc_context_d</a>
19		<li>typedef <a class="el" href="structcc__context__d.html">cc_context_d</a> * <a class="el" href="group__cc__context__reference.html#gea6f60fd799984a7178bcb4d4c7290c0">cc_context_t</a>
20		</ul>
21		<h2>Functions</h2>
22		<ul>
23		<li>CCACHE_API <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="group__cc__context__reference.html#ge4174587d8bb261e32194bbb9585fb82">cc_initialize</a> (<a class="el" href="structcc__context__d.html">cc_context_t</a> out_context, <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> in_version, <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> out_supported_version, char const **out_vendor)
24		<dl class="el"><dd class="mdescRight">Initialize a new cc_context. <a href="#ge4174587d8bb261e32194bbb9585fb82"></a><br></dl></ul>
25		<hr><h2>Typedef Documentation</h2>
26		<a class="anchor" name="gf285100b13ebff78db5ce1efb30e689d"></a><!-- doxytag: member="CredentialsCache.h::cc_context_f" ref="gf285100b13ebff78db5ce1efb30e689d" args="" --><p>
27		<table class="mdTable" cellpadding="2" cellspacing="0">
28		<tr>
29		<td class="mdRow">
30		<table cellpadding="0" cellspacing="0" border="0">
31		<tr>
32		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__context__f.html">cc_context_f</a> <a class="el" href="structcc__context__f.html">cc_context_f</a> </td>
33		</tr>
34		</table>
35		</td>
36		</tr>
37		</table>
38		<table cellspacing="5" cellpadding="0" border="0">
39		<tr>
40		<td>
41
42		</td>
43		<td>
44
45		<p>
46		</td>
47		</tr>
48		</table>
49		<a class="anchor" name="g989a601250a2a05fd23b46c546084add"></a><!-- doxytag: member="CredentialsCache.h::cc_context_d" ref="g989a601250a2a05fd23b46c546084add" args="" --><p>
50		<table class="mdTable" cellpadding="2" cellspacing="0">
51		<tr>
52		<td class="mdRow">
53		<table cellpadding="0" cellspacing="0" border="0">
54		<tr>
55		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__context__d.html">cc_context_d</a> <a class="el" href="structcc__context__d.html">cc_context_d</a> </td>
56		</tr>
57		</table>
58		</td>
59		</tr>
60		</table>
61		<table cellspacing="5" cellpadding="0" border="0">
62		<tr>
63		<td>
64
65		</td>
66		<td>
67
68		<p>
69		</td>
70		</tr>
71		</table>
72		<a class="anchor" name="gea6f60fd799984a7178bcb4d4c7290c0"></a><!-- doxytag: member="CredentialsCache.h::cc_context_t" ref="gea6f60fd799984a7178bcb4d4c7290c0" args="" --><p>
73		<table class="mdTable" cellpadding="2" cellspacing="0">
74		<tr>
75		<td class="mdRow">
76		<table cellpadding="0" cellspacing="0" border="0">
77		<tr>
78		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__context__d.html">cc_context_d</a>* <a class="el" href="structcc__context__d.html">cc_context_t</a> </td>
79		</tr>
80		</table>
81		</td>
82		</tr>
83		</table>
84		<table cellspacing="5" cellpadding="0" border="0">
85		<tr>
86		<td>
87
88		</td>
89		<td>
90
91		<p>
92		</td>
93		</tr>
94		</table>
95		<hr><h2>Function Documentation</h2>
96		<a class="anchor" name="ge4174587d8bb261e32194bbb9585fb82"></a><!-- doxytag: member="CredentialsCache.h::cc_initialize" ref="ge4174587d8bb261e32194bbb9585fb82" args="(cc_context_t out_context, cc_int32 in_version, cc_int32 out_supported_version, char const **out_vendor)" --><p>
97		<table class="mdTable" cellpadding="2" cellspacing="0">
98		<tr>
99		<td class="mdRow">
100		<table cellpadding="0" cellspacing="0" border="0">
101		<tr>
102		<td class="md" nowrap valign="top">CCACHE_API <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> cc_initialize </td>
103		<td class="md" valign="top">( </td>
104		<td class="md" nowrap valign="top"><a class="el" href="structcc__context__d.html">cc_context_t</a> * </td>
105		<td class="mdname" nowrap> <em>out_context</em>, </td>
106		</tr>
107		<tr>
108		<td class="md" nowrap align="right"></td>
109		<td class="md"></td>
110		<td class="md" nowrap><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> </td>
111		<td class="mdname" nowrap> <em>in_version</em>, </td>
112		</tr>
113		<tr>
114		<td class="md" nowrap align="right"></td>
115		<td class="md"></td>
116		<td class="md" nowrap><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> * </td>
117		<td class="mdname" nowrap> <em>out_supported_version</em>, </td>
118		</tr>
119		<tr>
120		<td class="md" nowrap align="right"></td>
121		<td class="md"></td>
122		<td class="md" nowrap>char const ** </td>
123		<td class="mdname" nowrap> <em>out_vendor</em></td>
124		</tr>
125		<tr>
126		<td class="md"></td>
127		<td class="md">) </td>
128		<td class="md" colspan="2"></td>
129		</tr>
130		</table>
131		</td>
132		</tr>
133		</table>
134		<table cellspacing="5" cellpadding="0" border="0">
135		<tr>
136		<td>
137
138		</td>
139		<td>
140
141		<p>
142		Initialize a new cc_context.
143		<p>
144		<dl compact><dt><b>Parameters:</b></dt><dd>
145		<table border="0" cellspacing="2" cellpadding="0">
146		<tr><td valign="top"></td><td valign="top"><em>out_context</em> </td><td>on exit, a new context object. Must be free with <a class="el" href="group__helper__macros.html#g8ff82ce108889d4ed29f46ffe6efc40e">cc_context_release()</a>. </td></tr>
147		<tr><td valign="top"></td><td valign="top"><em>in_version</em> </td><td>the requested API version. This should be the maximum version the application supports. </td></tr>
148		<tr><td valign="top"></td><td valign="top"><em>out_supported_version</em> </td><td>if non-NULL, on exit contains the maximum API version supported by the implementation. </td></tr>
149		<tr><td valign="top"></td><td valign="top"><em>out_vendor</em> </td><td>if non-NULL, on exit contains a pointer to a read-only C string which contains a string describing the vendor which implemented the credentials cache API. </td></tr>
150		</table>
151		</dl>
152		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. May return CCAPI v2 error CC_BAD_API_VERSION if <a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55bafee271af4e43ec6c9bb2e3e849cc1f9">ccapi_version_2</a> is passed in. </dd></dl>
153		</td>
154		</tr>
155		</table>
156		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
157		<a href="http://www.doxygen.org/index.html">
158		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
159		</body>
160		</html>

+0

-133

~~doc/ccapi/html/group__cc__credentials__iterator__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_iterator_t</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_iterator_t</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_credentials_iterator_t type represents an iterator that iterates over a set of credentials. A new instance of this type can be obtained by calling <a class="el" href="group__helper__macros.html#g893b31c419e71c2f528781d3036fa3ff">cc_ccache_new_credentials_iterator()</a>.<p>
9		For API function documentation see <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a>.
10		<p>
11		<h2>Data Structures</h2>
12		<ul>
13		<li>struct <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a>
14		</ul>
15		<h2>Typedefs</h2>
16		<ul>
17		<li>typedef <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> <a class="el" href="group__cc__credentials__iterator__reference.html#g220581901999fe870ab65046e56cd1d6">cc_credentials_iterator_f</a>
18		<li>typedef <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a> <a class="el" href="group__cc__credentials__iterator__reference.html#ga1ad98d009f803bb13c04331bb47aee8">cc_credentials_iterator_d</a>
19		<li>typedef <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a> * <a class="el" href="group__cc__credentials__iterator__reference.html#g0d07a146ead685954032d0d7a6af7d4a">cc_credentials_iterator_t</a>
20		</ul>
21		<h2>Variables</h2>
22		<ul>
23		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="group__cc__credentials__iterator__reference.html#g7d765e583b5994785e214df663e8959c">cc_credentials_iterator_f::clone</a> )(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> in_credentials_iterator, <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> *out_credentials_iterator)
24		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g59a9f96a6c00b64c0ab971f7e9b5aae2">cc_credentials_iterator_clone()</a></b>: Make a copy of a credentials iterator. <a href="#g7d765e583b5994785e214df663e8959c"></a><br></dl></ul>
25		<hr><h2>Typedef Documentation</h2>
26		<a class="anchor" name="g220581901999fe870ab65046e56cd1d6"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_f" ref="g220581901999fe870ab65046e56cd1d6" args="" --><p>
27		<table class="mdTable" cellpadding="2" cellspacing="0">
28		<tr>
29		<td class="mdRow">
30		<table cellpadding="0" cellspacing="0" border="0">
31		<tr>
32		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> </td>
33		</tr>
34		</table>
35		</td>
36		</tr>
37		</table>
38		<table cellspacing="5" cellpadding="0" border="0">
39		<tr>
40		<td>
41
42		</td>
43		<td>
44
45		<p>
46		</td>
47		</tr>
48		</table>
49		<a class="anchor" name="ga1ad98d009f803bb13c04331bb47aee8"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_d" ref="ga1ad98d009f803bb13c04331bb47aee8" args="" --><p>
50		<table class="mdTable" cellpadding="2" cellspacing="0">
51		<tr>
52		<td class="mdRow">
53		<table cellpadding="0" cellspacing="0" border="0">
54		<tr>
55		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a> <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a> </td>
56		</tr>
57		</table>
58		</td>
59		</tr>
60		</table>
61		<table cellspacing="5" cellpadding="0" border="0">
62		<tr>
63		<td>
64
65		</td>
66		<td>
67
68		<p>
69		</td>
70		</tr>
71		</table>
72		<a class="anchor" name="g0d07a146ead685954032d0d7a6af7d4a"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_t" ref="g0d07a146ead685954032d0d7a6af7d4a" args="" --><p>
73		<table class="mdTable" cellpadding="2" cellspacing="0">
74		<tr>
75		<td class="mdRow">
76		<table cellpadding="0" cellspacing="0" border="0">
77		<tr>
78		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_d</a>* <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> </td>
79		</tr>
80		</table>
81		</td>
82		</tr>
83		</table>
84		<table cellspacing="5" cellpadding="0" border="0">
85		<tr>
86		<td>
87
88		</td>
89		<td>
90
91		<p>
92		</td>
93		</tr>
94		</table>
95		<hr><h2>Variable Documentation</h2>
96		<a class="anchor" name="g7d765e583b5994785e214df663e8959c"></a><!-- doxytag: member="cc_credentials_iterator_f::clone" ref="g7d765e583b5994785e214df663e8959c" args=")(cc_credentials_iterator_t in_credentials_iterator, cc_credentials_iterator_t *out_credentials_iterator)" --><p>
97		<table class="mdTable" cellpadding="2" cellspacing="0">
98		<tr>
99		<td class="mdRow">
100		<table cellpadding="0" cellspacing="0" border="0">
101		<tr>
102		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* clone)(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> in_credentials_iterator, <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> *out_credentials_iterator)<code> [inherited]</code> </td>
103		</tr>
104		</table>
105		</td>
106		</tr>
107		</table>
108		<table cellspacing="5" cellpadding="0" border="0">
109		<tr>
110		<td>
111
112		</td>
113		<td>
114
115		<p>
116		<b><a class="el" href="group__helper__macros.html#g59a9f96a6c00b64c0ab971f7e9b5aae2">cc_credentials_iterator_clone()</a></b>: Make a copy of a credentials iterator.
117		<p>
118		<dl compact><dt><b>Parameters:</b></dt><dd>
119		<table border="0" cellspacing="2" cellpadding="0">
120		<tr><td valign="top"></td><td valign="top"><em>in_credentials_iterator</em> </td><td>a credentials iterator object. </td></tr>
121		<tr><td valign="top"></td><td valign="top"><em>out_credentials_iterator</em> </td><td>on exit, a copy of <em>in_credentials_iterator</em>. </td></tr>
122		</table>
123		</dl>
124		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
125		</td>
126		</tr>
127		</table>
128		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
129		<a href="http://www.doxygen.org/index.html">
130		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
131		</body>
132		</html>

+0

-197

~~doc/ccapi/html/group__cc__credentials__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_t Overview</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_t Overview</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_credentials_t type is used to store a single set of credentials for either Kerberos v4 or Kerberos v5. In addition to its only function, release(), it contains a pointer to a <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> structure. A <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> structure contains an integer of the enumerator type cc_credentials_version, which is either <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa">cc_credentials_v4</a> or <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668">cc_credentials_v5</a>, and a pointer union, which contains either a <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a> pointer or a <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a> pointer, depending on the value in version.<p>
9		Variables of the type cc_credentials_t are allocated by the CCAPI implementation, and should be released with their release() function. API functions which receive credentials structures from the caller always accept <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a>, which is allocated by the caller, and accordingly disposed by the caller.<p>
10		For API functions see <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a>.
11		<p>
12		<h2>Data Structures</h2>
13		<ul>
14		<li>struct <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a>
15		<li>struct <a class="el" href="structcc__data.html">cc_data</a>
16		<li>struct <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a>
17		<li>struct <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a>
18		<li>struct <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a>
19		</ul>
20		<h2>Typedefs</h2>
21		<ul>
22		<li>typedef <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a> <a class="el" href="group__cc__credentials__reference.html#g15918c5c162aa2edf2bd1890f8a78c70">cc_credentials_v4_t</a>
23		<li>typedef <a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="group__cc__credentials__reference.html#g5004a9b025c5cef3364c4a614b700f50">cc_data</a>
24		<li>typedef <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a> <a class="el" href="group__cc__credentials__reference.html#g5e882157ba93358ac4a78760a2ccdbd6">cc_credentials_v5_t</a>
25		<li>typedef <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> <a class="el" href="group__cc__credentials__reference.html#ge277840865f515373fcab3c6299901a3">cc_credentials_union</a>
26		<li>typedef <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> <a class="el" href="group__cc__credentials__reference.html#g85b7bf154216b8f780ddaae4b8b0a96c">cc_credentials_f</a>
27		<li>typedef <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a> <a class="el" href="group__cc__credentials__reference.html#g04cec8816d2e51bb3ee5b1b3c1f5429d">cc_credentials_d</a>
28		<li>typedef <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a> * <a class="el" href="group__cc__credentials__reference.html#gf7b0ec03495a6818dd9cd0c1d395ece2">cc_credentials_t</a>
29		</ul>
30		<hr><h2>Typedef Documentation</h2>
31		<a class="anchor" name="g15918c5c162aa2edf2bd1890f8a78c70"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_v4_t" ref="g15918c5c162aa2edf2bd1890f8a78c70" args="" --><p>
32		<table class="mdTable" cellpadding="2" cellspacing="0">
33		<tr>
34		<td class="mdRow">
35		<table cellpadding="0" cellspacing="0" border="0">
36		<tr>
37		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a> <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a> </td>
38		</tr>
39		</table>
40		</td>
41		</tr>
42		</table>
43		<table cellspacing="5" cellpadding="0" border="0">
44		<tr>
45		<td>
46
47		</td>
48		<td>
49
50		<p>
51		</td>
52		</tr>
53		</table>
54		<a class="anchor" name="g5004a9b025c5cef3364c4a614b700f50"></a><!-- doxytag: member="CredentialsCache.h::cc_data" ref="g5004a9b025c5cef3364c4a614b700f50" args="" --><p>
55		<table class="mdTable" cellpadding="2" cellspacing="0">
56		<tr>
57		<td class="mdRow">
58		<table cellpadding="0" cellspacing="0" border="0">
59		<tr>
60		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__data.html">cc_data</a> </td>
61		</tr>
62		</table>
63		</td>
64		</tr>
65		</table>
66		<table cellspacing="5" cellpadding="0" border="0">
67		<tr>
68		<td>
69
70		</td>
71		<td>
72
73		<p>
74		</td>
75		</tr>
76		</table>
77		<a class="anchor" name="g5e882157ba93358ac4a78760a2ccdbd6"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_v5_t" ref="g5e882157ba93358ac4a78760a2ccdbd6" args="" --><p>
78		<table class="mdTable" cellpadding="2" cellspacing="0">
79		<tr>
80		<td class="mdRow">
81		<table cellpadding="0" cellspacing="0" border="0">
82		<tr>
83		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a> <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a> </td>
84		</tr>
85		</table>
86		</td>
87		</tr>
88		</table>
89		<table cellspacing="5" cellpadding="0" border="0">
90		<tr>
91		<td>
92
93		</td>
94		<td>
95
96		<p>
97		</td>
98		</tr>
99		</table>
100		<a class="anchor" name="ge277840865f515373fcab3c6299901a3"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_union" ref="ge277840865f515373fcab3c6299901a3" args="" --><p>
101		<table class="mdTable" cellpadding="2" cellspacing="0">
102		<tr>
103		<td class="mdRow">
104		<table cellpadding="0" cellspacing="0" border="0">
105		<tr>
106		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> </td>
107		</tr>
108		</table>
109		</td>
110		</tr>
111		</table>
112		<table cellspacing="5" cellpadding="0" border="0">
113		<tr>
114		<td>
115
116		</td>
117		<td>
118
119		<p>
120		</td>
121		</tr>
122		</table>
123		<a class="anchor" name="g85b7bf154216b8f780ddaae4b8b0a96c"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_f" ref="g85b7bf154216b8f780ddaae4b8b0a96c" args="" --><p>
124		<table class="mdTable" cellpadding="2" cellspacing="0">
125		<tr>
126		<td class="mdRow">
127		<table cellpadding="0" cellspacing="0" border="0">
128		<tr>
129		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> </td>
130		</tr>
131		</table>
132		</td>
133		</tr>
134		</table>
135		<table cellspacing="5" cellpadding="0" border="0">
136		<tr>
137		<td>
138
139		</td>
140		<td>
141
142		<p>
143		</td>
144		</tr>
145		</table>
146		<a class="anchor" name="g04cec8816d2e51bb3ee5b1b3c1f5429d"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_d" ref="g04cec8816d2e51bb3ee5b1b3c1f5429d" args="" --><p>
147		<table class="mdTable" cellpadding="2" cellspacing="0">
148		<tr>
149		<td class="mdRow">
150		<table cellpadding="0" cellspacing="0" border="0">
151		<tr>
152		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a> <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a> </td>
153		</tr>
154		</table>
155		</td>
156		</tr>
157		</table>
158		<table cellspacing="5" cellpadding="0" border="0">
159		<tr>
160		<td>
161
162		</td>
163		<td>
164
165		<p>
166		</td>
167		</tr>
168		</table>
169		<a class="anchor" name="gf7b0ec03495a6818dd9cd0c1d395ece2"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_t" ref="gf7b0ec03495a6818dd9cd0c1d395ece2" args="" --><p>
170		<table class="mdTable" cellpadding="2" cellspacing="0">
171		<tr>
172		<td class="mdRow">
173		<table cellpadding="0" cellspacing="0" border="0">
174		<tr>
175		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__credentials__d.html">cc_credentials_d</a>* <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> </td>
176		</tr>
177		</table>
178		</td>
179		</tr>
180		</table>
181		<table cellspacing="5" cellpadding="0" border="0">
182		<tr>
183		<td>
184
185		</td>
186		<td>
187
188		<p>
189		</td>
190		</tr>
191		</table>
192		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
193		<a href="http://www.doxygen.org/index.html">
194		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
195		</body>
196		</html>

+0

-96

~~doc/ccapi/html/group__cc__string__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_string_t Overview</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_string_t Overview</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
8		The cc_string_t represents a C string returned by the API. It has a pointer to the string data and a release() function. This type is used for both principal names and ccache names returned by the API. Principal names may contain UTF-8 encoded strings for internationalization purposes.<p>
9		For API function documentation see <a class="el" href="structcc__string__f.html">cc_string_f</a>.
10		<p>
11		<h2>Data Structures</h2>
12		<ul>
13		<li>struct <a class="el" href="structcc__string__d.html">cc_string_d</a>
14		</ul>
15		<h2>Typedefs</h2>
16		<ul>
17		<li>typedef <a class="el" href="structcc__string__f.html">cc_string_f</a> <a class="el" href="group__cc__string__reference.html#g3d01e5c05378e9e78f126156137d51ce">cc_string_f</a>
18		<li>typedef <a class="el" href="structcc__string__d.html">cc_string_d</a> <a class="el" href="group__cc__string__reference.html#g80f57852683632a4c587af5b0f545dea">cc_string_d</a>
19		<li>typedef <a class="el" href="structcc__string__d.html">cc_string_d</a> * <a class="el" href="group__cc__string__reference.html#ge6bb6a8c574096b66b5def65eb87a40e">cc_string_t</a>
20		</ul>
21		<hr><h2>Typedef Documentation</h2>
22		<a class="anchor" name="g3d01e5c05378e9e78f126156137d51ce"></a><!-- doxytag: member="CredentialsCache.h::cc_string_f" ref="g3d01e5c05378e9e78f126156137d51ce" args="" --><p>
23		<table class="mdTable" cellpadding="2" cellspacing="0">
24		<tr>
25		<td class="mdRow">
26		<table cellpadding="0" cellspacing="0" border="0">
27		<tr>
28		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__string__f.html">cc_string_f</a> <a class="el" href="structcc__string__f.html">cc_string_f</a> </td>
29		</tr>
30		</table>
31		</td>
32		</tr>
33		</table>
34		<table cellspacing="5" cellpadding="0" border="0">
35		<tr>
36		<td>
37
38		</td>
39		<td>
40
41		<p>
42		</td>
43		</tr>
44		</table>
45		<a class="anchor" name="g80f57852683632a4c587af5b0f545dea"></a><!-- doxytag: member="CredentialsCache.h::cc_string_d" ref="g80f57852683632a4c587af5b0f545dea" args="" --><p>
46		<table class="mdTable" cellpadding="2" cellspacing="0">
47		<tr>
48		<td class="mdRow">
49		<table cellpadding="0" cellspacing="0" border="0">
50		<tr>
51		<td class="md" nowrap valign="top">typedef struct <a class="el" href="structcc__string__d.html">cc_string_d</a> <a class="el" href="structcc__string__d.html">cc_string_d</a> </td>
52		</tr>
53		</table>
54		</td>
55		</tr>
56		</table>
57		<table cellspacing="5" cellpadding="0" border="0">
58		<tr>
59		<td>
60
61		</td>
62		<td>
63
64		<p>
65		</td>
66		</tr>
67		</table>
68		<a class="anchor" name="ge6bb6a8c574096b66b5def65eb87a40e"></a><!-- doxytag: member="CredentialsCache.h::cc_string_t" ref="ge6bb6a8c574096b66b5def65eb87a40e" args="" --><p>
69		<table class="mdTable" cellpadding="2" cellspacing="0">
70		<tr>
71		<td class="mdRow">
72		<table cellpadding="0" cellspacing="0" border="0">
73		<tr>
74		<td class="md" nowrap valign="top">typedef <a class="el" href="structcc__string__d.html">cc_string_d</a>* <a class="el" href="structcc__string__d.html">cc_string_t</a> </td>
75		</tr>
76		</table>
77		</td>
78		</tr>
79		</table>
80		<table cellspacing="5" cellpadding="0" border="0">
81		<tr>
82		<td>
83
84		</td>
85		<td>
86
87		<p>
88		</td>
89		</tr>
90		</table>
91		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
92		<a href="http://www.doxygen.org/index.html">
93		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
94		</body>
95		</html>

+0

-407

~~doc/ccapi/html/group__ccapi__constants__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : Constants</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>Constants</h1>
8		<p>
9		<h2>Enumerations</h2>
10		<ul>
11		<li>enum { <br>
12		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55bafee271af4e43ec6c9bb2e3e849cc1f9">ccapi_version_2</a> = 2,
13		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55b26f201de4113dda3b4ec78dcda95d5a1">ccapi_version_3</a> = 3,
14		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55b833d16677b6eb5531fb1285b216c8f3b">ccapi_version_4</a> = 4,
15		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55bc3ad534e2499e8e48c86f852c39c8415">ccapi_version_5</a> = 5,
16		<br>
17		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55bc462c2766a9fe8fa84d8fccea65b8ab3">ccapi_version_6</a> = 6,
18		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55b9c325640a04bb548b92d49df89381bc8">ccapi_version_7</a> = 7,
19		<a class="el" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55bc33d8c3e3c172be1515cc0d2df8e3d71">ccapi_version_max</a> = ccapi_version_7
20		<br>
21		}
22		<li>enum { <br>
23		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a> = 0,
24		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b748d5a55ed773e002ccc271beb4512c0a">ccIteratorEnd</a> = 201,
25		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b775735bfd0c621b1c5c2a0067f60cfa9d">ccErrBadParam</a>,
26		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b74f31ee78c32ed1bea75d364ccbf1e690">ccErrNoMem</a>,
27		<br>
28		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7d9bf97d9c57a6a14ac5b6a7a06e008f7">ccErrInvalidContext</a>,
29		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b708791e8ed735ecc02c1e6b222f913c71">ccErrInvalidCCache</a>,
30		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b742b40a71ad0c84171c8d982f6cfdeec9">ccErrInvalidString</a>,
31		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b78705dd3f7b52ce8e23e9a25f552b4a84">ccErrInvalidCredentials</a>,
32		<br>
33		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7fbc118bc7860198fc6a0b8e4a161363a">ccErrInvalidCCacheIterator</a>,
34		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b751c0c94d8b4dfb834b27fa7090f7b4f2">ccErrInvalidCredentialsIterator</a>,
35		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b73e2425cf044691597d10bbc14b3c90ba">ccErrInvalidLock</a>,
36		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7b508b53d9628aa7e0fca3253d619e78e">ccErrBadName</a>,
37		<br>
38		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7d2f35f60002115819c8c443e67191ea4">ccErrBadCredentialsVersion</a>,
39		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b759ae48c63ae4aaaa3cd7bc5504847660">ccErrBadAPIVersion</a>,
40		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b78df04862b2e05986499f0d93268fa7b8">ccErrContextLocked</a>,
41		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b71606d0e0540ead205a400306e5933c04">ccErrContextUnlocked</a>,
42		<br>
43		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7a453f3f6d7e578f47efbb1734cb46002">ccErrCCacheLocked</a>,
44		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7d3ebfa156acf72a3a86f14760d315e24">ccErrCCacheUnlocked</a>,
45		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7b0fa85b2c59d51c3ec205e40191e7619">ccErrBadLockType</a>,
46		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7604f23ab0c8c3e1d97f8b32c4501a895">ccErrNeverDefault</a>,
47		<br>
48		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b74c8c5082e236270c5dc55e998dfb9288">ccErrCredentialsNotFound</a>,
49		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b73098feac66058e6ebd02c5e44fa20a9c">ccErrCCacheNotFound</a>,
50		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b793bd0c54010e2a36d2e2af1e8aaef06f">ccErrContextNotFound</a>,
51		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7267b21d05e1f4005392c52e439de03a4">ccErrServerUnavailable</a>,
52		<br>
53		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7a18e1555d7af1a60ce1978069e95fe6f">ccErrServerInsecure</a>,
54		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7fd9fdcb22b761cb3e53e1d6d6b545884">ccErrServerCantBecomeUID</a>,
55		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7d6825aa88394eb52df80bef870d986db">ccErrTimeOffsetNotSet</a>,
56		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b75f8cef73e4ac4c8894c4318ef921350e">ccErrBadInternalMessage</a>,
57		<br>
58		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7a35748a788a849ff09dd453ac66f8314">ccErrNotImplemented</a>,
59		<a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b79cab6af44e2358aa12f176a60e245d67">ccErrClientNotFound</a>
60		<br>
61		}
62		<li>enum <a class="el" href="group__ccapi__constants__reference.html#gae76da96fff95c157c3b28c4455dc35c">cc_credential_versions</a> { <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa">cc_credentials_v4</a> = 1,
63		<a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668">cc_credentials_v5</a> = 2,
64		<a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35ca49ae6c35599f5860241601dcb0c9e0d">cc_credentials_v4_v5</a> = 3
65		}
66		<li>enum <a class="el" href="group__ccapi__constants__reference.html#g2081cbacd4ec3d5a64c8729fd78fc611">cc_lock_types</a> { <a class="el" href="group__ccapi__constants__reference.html#gg2081cbacd4ec3d5a64c8729fd78fc6110a9a6083623e4c7c8340c0146f032154">cc_lock_read</a> = 0,
67		<a class="el" href="group__ccapi__constants__reference.html#gg2081cbacd4ec3d5a64c8729fd78fc611bc97eae3b375c4cee90087597b7f375d">cc_lock_write</a> = 1,
68		<a class="el" href="group__ccapi__constants__reference.html#gg2081cbacd4ec3d5a64c8729fd78fc61184bf8feb65a88dc09aa52c6d955111a3">cc_lock_upgrade</a> = 2,
69		<a class="el" href="group__ccapi__constants__reference.html#gg2081cbacd4ec3d5a64c8729fd78fc611426c331fb09e249b6944d8ba28893eba">cc_lock_downgrade</a> = 3
70		}
71		<li>enum <a class="el" href="group__ccapi__constants__reference.html#g0eff5be22e263d0bd9e4bb6fb0a8e948">cc_lock_modes</a> { <a class="el" href="group__ccapi__constants__reference.html#gg0eff5be22e263d0bd9e4bb6fb0a8e9485fe1eddb0bba9df16dbcc63aeeb79aa3">cc_lock_noblock</a> = 0,
72		<a class="el" href="group__ccapi__constants__reference.html#gg0eff5be22e263d0bd9e4bb6fb0a8e94827e385feb864d167880744d0874834d8">cc_lock_block</a> = 1
73		}
74		<li>enum { <br>
75		<a class="el" href="group__ccapi__constants__reference.html#gg99fb83031ce9923c84392b4e92f956b5ae3147869a486588adf6bc588ee8cc30">cc_v4_name_size</a> = 40,
76		<a class="el" href="group__ccapi__constants__reference.html#gg99fb83031ce9923c84392b4e92f956b55abe44162300eabb9a9f65b324cad493">cc_v4_instance_size</a> = 40,
77		<a class="el" href="group__ccapi__constants__reference.html#gg99fb83031ce9923c84392b4e92f956b5714d28ea3d6c6807817d7b377afc22f8">cc_v4_realm_size</a> = 40,
78		<a class="el" href="group__ccapi__constants__reference.html#gg99fb83031ce9923c84392b4e92f956b5b52bd33d187632efd597f282540b081a">cc_v4_ticket_size</a> = 1254,
79		<br>
80		<a class="el" href="group__ccapi__constants__reference.html#gg99fb83031ce9923c84392b4e92f956b57532f28276c3a759e487560ee4666a29">cc_v4_key_size</a> = 8
81		<br>
82		}
83		<li>enum <a class="el" href="group__ccapi__constants__reference.html#ge78c8fbb79f8ff963ec7c88c431721c3">cc_string_to_key_type</a> { <br>
84		<a class="el" href="group__ccapi__constants__reference.html#gge78c8fbb79f8ff963ec7c88c431721c3c0beda03d5c9e36ce9a199c98573d39a">cc_v4_stk_afs</a> = 0,
85		<a class="el" href="group__ccapi__constants__reference.html#gge78c8fbb79f8ff963ec7c88c431721c31b71e069604cd1cebc2b694ef04aedd1">cc_v4_stk_des</a> = 1,
86		<a class="el" href="group__ccapi__constants__reference.html#gge78c8fbb79f8ff963ec7c88c431721c3db66296923c38aa2d7c7420da28d7014">cc_v4_stk_columbia_special</a> = 2,
87		<a class="el" href="group__ccapi__constants__reference.html#gge78c8fbb79f8ff963ec7c88c431721c3816b6bb45f51557bc3de5e13d38dc310">cc_v4_stk_krb5</a> = 3,
88		<br>
89		<a class="el" href="group__ccapi__constants__reference.html#gge78c8fbb79f8ff963ec7c88c431721c3e19e1a52a4289172671e91d87ab027bb">cc_v4_stk_unknown</a> = 4
90		<br>
91		}
92		</ul>
93		<hr><h2>Enumeration Type Documentation</h2>
94		<a class="anchor" name="g06fc87d81c62e9abb8790b6e5713c55b"></a><!-- doxytag: member="CredentialsCache.h::@0" ref="g06fc87d81c62e9abb8790b6e5713c55b" args="" --><p>
95		<table class="mdTable" cellpadding="2" cellspacing="0">
96		<tr>
97		<td class="mdRow">
98		<table cellpadding="0" cellspacing="0" border="0">
99		<tr>
100		<td class="md" nowrap valign="top">anonymous enum </td>
101		</tr>
102		</table>
103		</td>
104		</tr>
105		</table>
106		<table cellspacing="5" cellpadding="0" border="0">
107		<tr>
108		<td>
109
110		</td>
111		<td>
112
113		<p>
114		API version numbers<p>
115		These constants are passed into <a class="el" href="group__cc__context__reference.html#ge4174587d8bb261e32194bbb9585fb82">cc_initialize()</a> to indicate the version of the API the caller wants to use.<p>
116		CCAPI v1 and v2 are deprecated and should not be used. <dl compact><dt><b>Enumerator: </b></dt><dd>
117		<table border="0" cellspacing="2" cellpadding="0">
118		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55bafee271af4e43ec6c9bb2e3e849cc1f9"></a><!-- doxytag: member="ccapi_version_2" ref="gg06fc87d81c62e9abb8790b6e5713c55bafee271af4e43ec6c9bb2e3e849cc1f9" args="" -->ccapi_version_2</em> </td><td>
119		</td></tr>
120		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55b26f201de4113dda3b4ec78dcda95d5a1"></a><!-- doxytag: member="ccapi_version_3" ref="gg06fc87d81c62e9abb8790b6e5713c55b26f201de4113dda3b4ec78dcda95d5a1" args="" -->ccapi_version_3</em> </td><td>
121		</td></tr>
122		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55b833d16677b6eb5531fb1285b216c8f3b"></a><!-- doxytag: member="ccapi_version_4" ref="gg06fc87d81c62e9abb8790b6e5713c55b833d16677b6eb5531fb1285b216c8f3b" args="" -->ccapi_version_4</em> </td><td>
123		</td></tr>
124		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55bc3ad534e2499e8e48c86f852c39c8415"></a><!-- doxytag: member="ccapi_version_5" ref="gg06fc87d81c62e9abb8790b6e5713c55bc3ad534e2499e8e48c86f852c39c8415" args="" -->ccapi_version_5</em> </td><td>
125		</td></tr>
126		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55bc462c2766a9fe8fa84d8fccea65b8ab3"></a><!-- doxytag: member="ccapi_version_6" ref="gg06fc87d81c62e9abb8790b6e5713c55bc462c2766a9fe8fa84d8fccea65b8ab3" args="" -->ccapi_version_6</em> </td><td>
127		</td></tr>
128		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55b9c325640a04bb548b92d49df89381bc8"></a><!-- doxytag: member="ccapi_version_7" ref="gg06fc87d81c62e9abb8790b6e5713c55b9c325640a04bb548b92d49df89381bc8" args="" -->ccapi_version_7</em> </td><td>
129		</td></tr>
130		<tr><td valign="top"><em><a class="anchor" name="gg06fc87d81c62e9abb8790b6e5713c55bc33d8c3e3c172be1515cc0d2df8e3d71"></a><!-- doxytag: member="ccapi_version_max" ref="gg06fc87d81c62e9abb8790b6e5713c55bc33d8c3e3c172be1515cc0d2df8e3d71" args="" -->ccapi_version_max</em> </td><td>
131		</td></tr>
132		</table>
133		</dl>
134		</td>
135		</tr>
136		</table>
137		<a class="anchor" name="gdf764cbdea00d65edcd07bb9953ad2b7"></a><!-- doxytag: member="CredentialsCache.h::@1" ref="gdf764cbdea00d65edcd07bb9953ad2b7" args="" --><p>
138		<table class="mdTable" cellpadding="2" cellspacing="0">
139		<tr>
140		<td class="mdRow">
141		<table cellpadding="0" cellspacing="0" border="0">
142		<tr>
143		<td class="md" nowrap valign="top">anonymous enum </td>
144		</tr>
145		</table>
146		</td>
147		</tr>
148		</table>
149		<table cellspacing="5" cellpadding="0" border="0">
150		<tr>
151		<td>
152
153		</td>
154		<td>
155
156		<p>
157		Error codes <dl compact><dt><b>Enumerator: </b></dt><dd>
158		<table border="0" cellspacing="2" cellpadding="0">
159		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26"></a><!-- doxytag: member="ccNoError" ref="ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26" args="" -->ccNoError</em> </td><td>
160		Success. </td></tr>
161		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b748d5a55ed773e002ccc271beb4512c0a"></a><!-- doxytag: member="ccIteratorEnd" ref="ggdf764cbdea00d65edcd07bb9953ad2b748d5a55ed773e002ccc271beb4512c0a" args="" -->ccIteratorEnd</em> </td><td>
162		Iterator is done iterating. </td></tr>
163		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b775735bfd0c621b1c5c2a0067f60cfa9d"></a><!-- doxytag: member="ccErrBadParam" ref="ggdf764cbdea00d65edcd07bb9953ad2b775735bfd0c621b1c5c2a0067f60cfa9d" args="" -->ccErrBadParam</em> </td><td>
164		Bad parameter (NULL or invalid pointer where valid pointer expected). </td></tr>
165		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b74f31ee78c32ed1bea75d364ccbf1e690"></a><!-- doxytag: member="ccErrNoMem" ref="ggdf764cbdea00d65edcd07bb9953ad2b74f31ee78c32ed1bea75d364ccbf1e690" args="" -->ccErrNoMem</em> </td><td>
166		Not enough memory to complete the operation. </td></tr>
167		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7d9bf97d9c57a6a14ac5b6a7a06e008f7"></a><!-- doxytag: member="ccErrInvalidContext" ref="ggdf764cbdea00d65edcd07bb9953ad2b7d9bf97d9c57a6a14ac5b6a7a06e008f7" args="" -->ccErrInvalidContext</em> </td><td>
168		Context is invalid (e.g., it was released). </td></tr>
169		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b708791e8ed735ecc02c1e6b222f913c71"></a><!-- doxytag: member="ccErrInvalidCCache" ref="ggdf764cbdea00d65edcd07bb9953ad2b708791e8ed735ecc02c1e6b222f913c71" args="" -->ccErrInvalidCCache</em> </td><td>
170		CCache is invalid (e.g., it was released or destroyed). </td></tr>
171		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b742b40a71ad0c84171c8d982f6cfdeec9"></a><!-- doxytag: member="ccErrInvalidString" ref="ggdf764cbdea00d65edcd07bb9953ad2b742b40a71ad0c84171c8d982f6cfdeec9" args="" -->ccErrInvalidString</em> </td><td>
172		String is invalid (e.g., it was released). </td></tr>
173		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b78705dd3f7b52ce8e23e9a25f552b4a84"></a><!-- doxytag: member="ccErrInvalidCredentials" ref="ggdf764cbdea00d65edcd07bb9953ad2b78705dd3f7b52ce8e23e9a25f552b4a84" args="" -->ccErrInvalidCredentials</em> </td><td>
174		Credentials are invalid (e.g., they were released), or they have a bad version. </td></tr>
175		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7fbc118bc7860198fc6a0b8e4a161363a"></a><!-- doxytag: member="ccErrInvalidCCacheIterator" ref="ggdf764cbdea00d65edcd07bb9953ad2b7fbc118bc7860198fc6a0b8e4a161363a" args="" -->ccErrInvalidCCacheIterator</em> </td><td>
176		CCache iterator is invalid (e.g., it was released). </td></tr>
177		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b751c0c94d8b4dfb834b27fa7090f7b4f2"></a><!-- doxytag: member="ccErrInvalidCredentialsIterator" ref="ggdf764cbdea00d65edcd07bb9953ad2b751c0c94d8b4dfb834b27fa7090f7b4f2" args="" -->ccErrInvalidCredentialsIterator</em> </td><td>
178		Credentials iterator is invalid (e.g., it was released). </td></tr>
179		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b73e2425cf044691597d10bbc14b3c90ba"></a><!-- doxytag: member="ccErrInvalidLock" ref="ggdf764cbdea00d65edcd07bb9953ad2b73e2425cf044691597d10bbc14b3c90ba" args="" -->ccErrInvalidLock</em> </td><td>
180		Lock is invalid (e.g., it was released). </td></tr>
181		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7b508b53d9628aa7e0fca3253d619e78e"></a><!-- doxytag: member="ccErrBadName" ref="ggdf764cbdea00d65edcd07bb9953ad2b7b508b53d9628aa7e0fca3253d619e78e" args="" -->ccErrBadName</em> </td><td>
182		Bad credential cache name format. </td></tr>
183		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7d2f35f60002115819c8c443e67191ea4"></a><!-- doxytag: member="ccErrBadCredentialsVersion" ref="ggdf764cbdea00d65edcd07bb9953ad2b7d2f35f60002115819c8c443e67191ea4" args="" -->ccErrBadCredentialsVersion</em> </td><td>
184		Credentials version is invalid. </td></tr>
185		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b759ae48c63ae4aaaa3cd7bc5504847660"></a><!-- doxytag: member="ccErrBadAPIVersion" ref="ggdf764cbdea00d65edcd07bb9953ad2b759ae48c63ae4aaaa3cd7bc5504847660" args="" -->ccErrBadAPIVersion</em> </td><td>
186		Unsupported API version. </td></tr>
187		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b78df04862b2e05986499f0d93268fa7b8"></a><!-- doxytag: member="ccErrContextLocked" ref="ggdf764cbdea00d65edcd07bb9953ad2b78df04862b2e05986499f0d93268fa7b8" args="" -->ccErrContextLocked</em> </td><td>
188		Context is already locked. </td></tr>
189		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b71606d0e0540ead205a400306e5933c04"></a><!-- doxytag: member="ccErrContextUnlocked" ref="ggdf764cbdea00d65edcd07bb9953ad2b71606d0e0540ead205a400306e5933c04" args="" -->ccErrContextUnlocked</em> </td><td>
190		Context is not locked by the caller. </td></tr>
191		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7a453f3f6d7e578f47efbb1734cb46002"></a><!-- doxytag: member="ccErrCCacheLocked" ref="ggdf764cbdea00d65edcd07bb9953ad2b7a453f3f6d7e578f47efbb1734cb46002" args="" -->ccErrCCacheLocked</em> </td><td>
192		CCache is already locked. </td></tr>
193		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7d3ebfa156acf72a3a86f14760d315e24"></a><!-- doxytag: member="ccErrCCacheUnlocked" ref="ggdf764cbdea00d65edcd07bb9953ad2b7d3ebfa156acf72a3a86f14760d315e24" args="" -->ccErrCCacheUnlocked</em> </td><td>
194		CCache is not locked by the caller. </td></tr>
195		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7b0fa85b2c59d51c3ec205e40191e7619"></a><!-- doxytag: member="ccErrBadLockType" ref="ggdf764cbdea00d65edcd07bb9953ad2b7b0fa85b2c59d51c3ec205e40191e7619" args="" -->ccErrBadLockType</em> </td><td>
196		Bad lock type. </td></tr>
197		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7604f23ab0c8c3e1d97f8b32c4501a895"></a><!-- doxytag: member="ccErrNeverDefault" ref="ggdf764cbdea00d65edcd07bb9953ad2b7604f23ab0c8c3e1d97f8b32c4501a895" args="" -->ccErrNeverDefault</em> </td><td>
198		CCache was never default. </td></tr>
199		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b74c8c5082e236270c5dc55e998dfb9288"></a><!-- doxytag: member="ccErrCredentialsNotFound" ref="ggdf764cbdea00d65edcd07bb9953ad2b74c8c5082e236270c5dc55e998dfb9288" args="" -->ccErrCredentialsNotFound</em> </td><td>
200		Matching credentials not found in the ccache. </td></tr>
201		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b73098feac66058e6ebd02c5e44fa20a9c"></a><!-- doxytag: member="ccErrCCacheNotFound" ref="ggdf764cbdea00d65edcd07bb9953ad2b73098feac66058e6ebd02c5e44fa20a9c" args="" -->ccErrCCacheNotFound</em> </td><td>
202		Matching ccache not found in the collection. </td></tr>
203		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b793bd0c54010e2a36d2e2af1e8aaef06f"></a><!-- doxytag: member="ccErrContextNotFound" ref="ggdf764cbdea00d65edcd07bb9953ad2b793bd0c54010e2a36d2e2af1e8aaef06f" args="" -->ccErrContextNotFound</em> </td><td>
204		Matching cache collection not found. </td></tr>
205		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7267b21d05e1f4005392c52e439de03a4"></a><!-- doxytag: member="ccErrServerUnavailable" ref="ggdf764cbdea00d65edcd07bb9953ad2b7267b21d05e1f4005392c52e439de03a4" args="" -->ccErrServerUnavailable</em> </td><td>
206		CCacheServer is unavailable. </td></tr>
207		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7a18e1555d7af1a60ce1978069e95fe6f"></a><!-- doxytag: member="ccErrServerInsecure" ref="ggdf764cbdea00d65edcd07bb9953ad2b7a18e1555d7af1a60ce1978069e95fe6f" args="" -->ccErrServerInsecure</em> </td><td>
208		CCacheServer has detected that it is running as the wrong user. </td></tr>
209		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7fd9fdcb22b761cb3e53e1d6d6b545884"></a><!-- doxytag: member="ccErrServerCantBecomeUID" ref="ggdf764cbdea00d65edcd07bb9953ad2b7fd9fdcb22b761cb3e53e1d6d6b545884" args="" -->ccErrServerCantBecomeUID</em> </td><td>
210		CCacheServer failed to start running as the user. </td></tr>
211		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7d6825aa88394eb52df80bef870d986db"></a><!-- doxytag: member="ccErrTimeOffsetNotSet" ref="ggdf764cbdea00d65edcd07bb9953ad2b7d6825aa88394eb52df80bef870d986db" args="" -->ccErrTimeOffsetNotSet</em> </td><td>
212		KDC time offset not set for this ccache. </td></tr>
213		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b75f8cef73e4ac4c8894c4318ef921350e"></a><!-- doxytag: member="ccErrBadInternalMessage" ref="ggdf764cbdea00d65edcd07bb9953ad2b75f8cef73e4ac4c8894c4318ef921350e" args="" -->ccErrBadInternalMessage</em> </td><td>
214		The client and CCacheServer can't communicate (e.g., a version mismatch). </td></tr>
215		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b7a35748a788a849ff09dd453ac66f8314"></a><!-- doxytag: member="ccErrNotImplemented" ref="ggdf764cbdea00d65edcd07bb9953ad2b7a35748a788a849ff09dd453ac66f8314" args="" -->ccErrNotImplemented</em> </td><td>
216		API function not supported by this implementation. </td></tr>
217		<tr><td valign="top"><em><a class="anchor" name="ggdf764cbdea00d65edcd07bb9953ad2b79cab6af44e2358aa12f176a60e245d67"></a><!-- doxytag: member="ccErrClientNotFound" ref="ggdf764cbdea00d65edcd07bb9953ad2b79cab6af44e2358aa12f176a60e245d67" args="" -->ccErrClientNotFound</em> </td><td>
218		CCacheServer has no record of the caller's process (e.g., the server crashed). </td></tr>
219		</table>
220		</dl>
221		</td>
222		</tr>
223		</table>
224		<a class="anchor" name="gae76da96fff95c157c3b28c4455dc35c"></a><!-- doxytag: member="CredentialsCache.h::cc_credential_versions" ref="gae76da96fff95c157c3b28c4455dc35c" args="" --><p>
225		<table class="mdTable" cellpadding="2" cellspacing="0">
226		<tr>
227		<td class="mdRow">
228		<table cellpadding="0" cellspacing="0" border="0">
229		<tr>
230		<td class="md" nowrap valign="top">enum <a class="el" href="group__ccapi__constants__reference.html#gae76da96fff95c157c3b28c4455dc35c">cc_credential_versions</a> </td>
231		</tr>
232		</table>
233		</td>
234		</tr>
235		</table>
236		<table cellspacing="5" cellpadding="0" border="0">
237		<tr>
238		<td>
239
240		</td>
241		<td>
242
243		<p>
244		Credentials versions<p>
245		These constants are used in several places in the API to discern between Kerberos v4 and Kerberos v5. Not all values are valid inputs and outputs for all functions; function specifications below detail the allowed values.<p>
246		Kerberos version constants will always be a bit-field, and can be tested as such; for example the following test will tell you if a ccacheVersion includes v5 credentials:<p>
247		if ((ccacheVersion & cc_credentials_v5) != 0) <dl compact><dt><b>Enumerator: </b></dt><dd>
248		<table border="0" cellspacing="2" cellpadding="0">
249		<tr><td valign="top"><em><a class="anchor" name="ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa"></a><!-- doxytag: member="cc_credentials_v4" ref="ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa" args="" -->cc_credentials_v4</em> </td><td>
250		</td></tr>
251		<tr><td valign="top"><em><a class="anchor" name="ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668"></a><!-- doxytag: member="cc_credentials_v5" ref="ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668" args="" -->cc_credentials_v5</em> </td><td>
252		</td></tr>
253		<tr><td valign="top"><em><a class="anchor" name="ggae76da96fff95c157c3b28c4455dc35ca49ae6c35599f5860241601dcb0c9e0d"></a><!-- doxytag: member="cc_credentials_v4_v5" ref="ggae76da96fff95c157c3b28c4455dc35ca49ae6c35599f5860241601dcb0c9e0d" args="" -->cc_credentials_v4_v5</em> </td><td>
254		</td></tr>
255		</table>
256		</dl>
257		</td>
258		</tr>
259		</table>
260		<a class="anchor" name="g2081cbacd4ec3d5a64c8729fd78fc611"></a><!-- doxytag: member="CredentialsCache.h::cc_lock_types" ref="g2081cbacd4ec3d5a64c8729fd78fc611" args="" --><p>
261		<table class="mdTable" cellpadding="2" cellspacing="0">
262		<tr>
263		<td class="mdRow">
264		<table cellpadding="0" cellspacing="0" border="0">
265		<tr>
266		<td class="md" nowrap valign="top">enum <a class="el" href="group__ccapi__constants__reference.html#g2081cbacd4ec3d5a64c8729fd78fc611">cc_lock_types</a> </td>
267		</tr>
268		</table>
269		</td>
270		</tr>
271		</table>
272		<table cellspacing="5" cellpadding="0" border="0">
273		<tr>
274		<td>
275
276		</td>
277		<td>
278
279		<p>
280		Lock types<p>
281		These constants are used in the locking functions to describe the type of lock requested. Note that all CCAPI locks are advisory so only callers using the lock calls will be blocked by each other. This is because locking functions were introduced after the CCAPI came into common use and we did not want to break existing callers. <dl compact><dt><b>Enumerator: </b></dt><dd>
282		<table border="0" cellspacing="2" cellpadding="0">
283		<tr><td valign="top"><em><a class="anchor" name="gg2081cbacd4ec3d5a64c8729fd78fc6110a9a6083623e4c7c8340c0146f032154"></a><!-- doxytag: member="cc_lock_read" ref="gg2081cbacd4ec3d5a64c8729fd78fc6110a9a6083623e4c7c8340c0146f032154" args="" -->cc_lock_read</em> </td><td>
284		</td></tr>
285		<tr><td valign="top"><em><a class="anchor" name="gg2081cbacd4ec3d5a64c8729fd78fc611bc97eae3b375c4cee90087597b7f375d"></a><!-- doxytag: member="cc_lock_write" ref="gg2081cbacd4ec3d5a64c8729fd78fc611bc97eae3b375c4cee90087597b7f375d" args="" -->cc_lock_write</em> </td><td>
286		</td></tr>
287		<tr><td valign="top"><em><a class="anchor" name="gg2081cbacd4ec3d5a64c8729fd78fc61184bf8feb65a88dc09aa52c6d955111a3"></a><!-- doxytag: member="cc_lock_upgrade" ref="gg2081cbacd4ec3d5a64c8729fd78fc61184bf8feb65a88dc09aa52c6d955111a3" args="" -->cc_lock_upgrade</em> </td><td>
288		</td></tr>
289		<tr><td valign="top"><em><a class="anchor" name="gg2081cbacd4ec3d5a64c8729fd78fc611426c331fb09e249b6944d8ba28893eba"></a><!-- doxytag: member="cc_lock_downgrade" ref="gg2081cbacd4ec3d5a64c8729fd78fc611426c331fb09e249b6944d8ba28893eba" args="" -->cc_lock_downgrade</em> </td><td>
290		</td></tr>
291		</table>
292		</dl>
293		</td>
294		</tr>
295		</table>
296		<a class="anchor" name="g0eff5be22e263d0bd9e4bb6fb0a8e948"></a><!-- doxytag: member="CredentialsCache.h::cc_lock_modes" ref="g0eff5be22e263d0bd9e4bb6fb0a8e948" args="" --><p>
297		<table class="mdTable" cellpadding="2" cellspacing="0">
298		<tr>
299		<td class="mdRow">
300		<table cellpadding="0" cellspacing="0" border="0">
301		<tr>
302		<td class="md" nowrap valign="top">enum <a class="el" href="group__ccapi__constants__reference.html#g0eff5be22e263d0bd9e4bb6fb0a8e948">cc_lock_modes</a> </td>
303		</tr>
304		</table>
305		</td>
306		</tr>
307		</table>
308		<table cellspacing="5" cellpadding="0" border="0">
309		<tr>
310		<td>
311
312		</td>
313		<td>
314
315		<p>
316		Locking Modes<p>
317		These constants are used in the advisory locking functions to describe whether or not the lock function should block waiting for a lock or return an error immediately. For example, attempting to acquire a lock with a non-blocking call will result in an error if the lock cannot be acquired; otherwise, the call will block until the lock can be acquired. <dl compact><dt><b>Enumerator: </b></dt><dd>
318		<table border="0" cellspacing="2" cellpadding="0">
319		<tr><td valign="top"><em><a class="anchor" name="gg0eff5be22e263d0bd9e4bb6fb0a8e9485fe1eddb0bba9df16dbcc63aeeb79aa3"></a><!-- doxytag: member="cc_lock_noblock" ref="gg0eff5be22e263d0bd9e4bb6fb0a8e9485fe1eddb0bba9df16dbcc63aeeb79aa3" args="" -->cc_lock_noblock</em> </td><td>
320		</td></tr>
321		<tr><td valign="top"><em><a class="anchor" name="gg0eff5be22e263d0bd9e4bb6fb0a8e94827e385feb864d167880744d0874834d8"></a><!-- doxytag: member="cc_lock_block" ref="gg0eff5be22e263d0bd9e4bb6fb0a8e94827e385feb864d167880744d0874834d8" args="" -->cc_lock_block</em> </td><td>
322		</td></tr>
323		</table>
324		</dl>
325		</td>
326		</tr>
327		</table>
328		<a class="anchor" name="g99fb83031ce9923c84392b4e92f956b5"></a><!-- doxytag: member="CredentialsCache.h::@2" ref="g99fb83031ce9923c84392b4e92f956b5" args="" --><p>
329		<table class="mdTable" cellpadding="2" cellspacing="0">
330		<tr>
331		<td class="mdRow">
332		<table cellpadding="0" cellspacing="0" border="0">
333		<tr>
334		<td class="md" nowrap valign="top">anonymous enum </td>
335		</tr>
336		</table>
337		</td>
338		</tr>
339		</table>
340		<table cellspacing="5" cellpadding="0" border="0">
341		<tr>
342		<td>
343
344		</td>
345		<td>
346
347		<p>
348		Sizes of fields in <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a>. <dl compact><dt><b>Enumerator: </b></dt><dd>
349		<table border="0" cellspacing="2" cellpadding="0">
350		<tr><td valign="top"><em><a class="anchor" name="gg99fb83031ce9923c84392b4e92f956b5ae3147869a486588adf6bc588ee8cc30"></a><!-- doxytag: member="cc_v4_name_size" ref="gg99fb83031ce9923c84392b4e92f956b5ae3147869a486588adf6bc588ee8cc30" args="" -->cc_v4_name_size</em> </td><td>
351		</td></tr>
352		<tr><td valign="top"><em><a class="anchor" name="gg99fb83031ce9923c84392b4e92f956b55abe44162300eabb9a9f65b324cad493"></a><!-- doxytag: member="cc_v4_instance_size" ref="gg99fb83031ce9923c84392b4e92f956b55abe44162300eabb9a9f65b324cad493" args="" -->cc_v4_instance_size</em> </td><td>
353		</td></tr>
354		<tr><td valign="top"><em><a class="anchor" name="gg99fb83031ce9923c84392b4e92f956b5714d28ea3d6c6807817d7b377afc22f8"></a><!-- doxytag: member="cc_v4_realm_size" ref="gg99fb83031ce9923c84392b4e92f956b5714d28ea3d6c6807817d7b377afc22f8" args="" -->cc_v4_realm_size</em> </td><td>
355		</td></tr>
356		<tr><td valign="top"><em><a class="anchor" name="gg99fb83031ce9923c84392b4e92f956b5b52bd33d187632efd597f282540b081a"></a><!-- doxytag: member="cc_v4_ticket_size" ref="gg99fb83031ce9923c84392b4e92f956b5b52bd33d187632efd597f282540b081a" args="" -->cc_v4_ticket_size</em> </td><td>
357		</td></tr>
358		<tr><td valign="top"><em><a class="anchor" name="gg99fb83031ce9923c84392b4e92f956b57532f28276c3a759e487560ee4666a29"></a><!-- doxytag: member="cc_v4_key_size" ref="gg99fb83031ce9923c84392b4e92f956b57532f28276c3a759e487560ee4666a29" args="" -->cc_v4_key_size</em> </td><td>
359		</td></tr>
360		</table>
361		</dl>
362		</td>
363		</tr>
364		</table>
365		<a class="anchor" name="ge78c8fbb79f8ff963ec7c88c431721c3"></a><!-- doxytag: member="CredentialsCache.h::cc_string_to_key_type" ref="ge78c8fbb79f8ff963ec7c88c431721c3" args="" --><p>
366		<table class="mdTable" cellpadding="2" cellspacing="0">
367		<tr>
368		<td class="mdRow">
369		<table cellpadding="0" cellspacing="0" border="0">
370		<tr>
371		<td class="md" nowrap valign="top">enum <a class="el" href="group__ccapi__constants__reference.html#ge78c8fbb79f8ff963ec7c88c431721c3">cc_string_to_key_type</a> </td>
372		</tr>
373		</table>
374		</td>
375		</tr>
376		</table>
377		<table cellspacing="5" cellpadding="0" border="0">
378		<tr>
379		<td>
380
381		</td>
382		<td>
383
384		<p>
385		String to key type (Kerberos v4 only) <dl compact><dt><b>Enumerator: </b></dt><dd>
386		<table border="0" cellspacing="2" cellpadding="0">
387		<tr><td valign="top"><em><a class="anchor" name="gge78c8fbb79f8ff963ec7c88c431721c3c0beda03d5c9e36ce9a199c98573d39a"></a><!-- doxytag: member="cc_v4_stk_afs" ref="gge78c8fbb79f8ff963ec7c88c431721c3c0beda03d5c9e36ce9a199c98573d39a" args="" -->cc_v4_stk_afs</em> </td><td>
388		</td></tr>
389		<tr><td valign="top"><em><a class="anchor" name="gge78c8fbb79f8ff963ec7c88c431721c31b71e069604cd1cebc2b694ef04aedd1"></a><!-- doxytag: member="cc_v4_stk_des" ref="gge78c8fbb79f8ff963ec7c88c431721c31b71e069604cd1cebc2b694ef04aedd1" args="" -->cc_v4_stk_des</em> </td><td>
390		</td></tr>
391		<tr><td valign="top"><em><a class="anchor" name="gge78c8fbb79f8ff963ec7c88c431721c3db66296923c38aa2d7c7420da28d7014"></a><!-- doxytag: member="cc_v4_stk_columbia_special" ref="gge78c8fbb79f8ff963ec7c88c431721c3db66296923c38aa2d7c7420da28d7014" args="" -->cc_v4_stk_columbia_special</em> </td><td>
392		</td></tr>
393		<tr><td valign="top"><em><a class="anchor" name="gge78c8fbb79f8ff963ec7c88c431721c3816b6bb45f51557bc3de5e13d38dc310"></a><!-- doxytag: member="cc_v4_stk_krb5" ref="gge78c8fbb79f8ff963ec7c88c431721c3816b6bb45f51557bc3de5e13d38dc310" args="" -->cc_v4_stk_krb5</em> </td><td>
394		</td></tr>
395		<tr><td valign="top"><em><a class="anchor" name="gge78c8fbb79f8ff963ec7c88c431721c3e19e1a52a4289172671e91d87ab027bb"></a><!-- doxytag: member="cc_v4_stk_unknown" ref="gge78c8fbb79f8ff963ec7c88c431721c3e19e1a52a4289172671e91d87ab027bb" args="" -->cc_v4_stk_unknown</em> </td><td>
396		</td></tr>
397		</table>
398		</dl>
399		</td>
400		</tr>
401		</table>
402		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
403		<a href="http://www.doxygen.org/index.html">
404		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
405		</body>
406		</html>

+0

-138

~~doc/ccapi/html/group__ccapi__types__reference.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : Basic Types</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>Basic Types</h1>
8		<p>
9		<h2>Typedefs</h2>
10		<ul>
11		<li>typedef uint32_t <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a>
12		<li>typedef int32_t <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>
13		<li>typedef int64_t <a class="el" href="group__ccapi__types__reference.html#gb6fb75be8c6af177e86f1b3bc562f031">cc_int64</a>
14		<li>typedef uint64_t <a class="el" href="group__ccapi__types__reference.html#g44f60a4b4db805be9d55b476dd949a66">cc_uint64</a>
15		<li>typedef <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a>
16		</ul>
17		<hr><h2>Typedef Documentation</h2>
18		<a class="anchor" name="ga00783c3f4aa70580d0900b1a79aab9d"></a><!-- doxytag: member="CredentialsCache.h::cc_uint32" ref="ga00783c3f4aa70580d0900b1a79aab9d" args="" --><p>
19		<table class="mdTable" cellpadding="2" cellspacing="0">
20		<tr>
21		<td class="mdRow">
22		<table cellpadding="0" cellspacing="0" border="0">
23		<tr>
24		<td class="md" nowrap valign="top">typedef uint32_t <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> </td>
25		</tr>
26		</table>
27		</td>
28		</tr>
29		</table>
30		<table cellspacing="5" cellpadding="0" border="0">
31		<tr>
32		<td>
33
34		</td>
35		<td>
36
37		<p>
38		Unsigned 32-bit integer type </td>
39		</tr>
40		</table>
41		<a class="anchor" name="g0ce639c8d65dc6367fb361d5bbcea874"></a><!-- doxytag: member="CredentialsCache.h::cc_int32" ref="g0ce639c8d65dc6367fb361d5bbcea874" args="" --><p>
42		<table class="mdTable" cellpadding="2" cellspacing="0">
43		<tr>
44		<td class="mdRow">
45		<table cellpadding="0" cellspacing="0" border="0">
46		<tr>
47		<td class="md" nowrap valign="top">typedef int32_t <a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> </td>
48		</tr>
49		</table>
50		</td>
51		</tr>
52		</table>
53		<table cellspacing="5" cellpadding="0" border="0">
54		<tr>
55		<td>
56
57		</td>
58		<td>
59
60		<p>
61		Signed 32-bit integer type </td>
62		</tr>
63		</table>
64		<a class="anchor" name="gb6fb75be8c6af177e86f1b3bc562f031"></a><!-- doxytag: member="CredentialsCache.h::cc_int64" ref="gb6fb75be8c6af177e86f1b3bc562f031" args="" --><p>
65		<table class="mdTable" cellpadding="2" cellspacing="0">
66		<tr>
67		<td class="mdRow">
68		<table cellpadding="0" cellspacing="0" border="0">
69		<tr>
70		<td class="md" nowrap valign="top">typedef int64_t <a class="el" href="group__ccapi__types__reference.html#gb6fb75be8c6af177e86f1b3bc562f031">cc_int64</a> </td>
71		</tr>
72		</table>
73		</td>
74		</tr>
75		</table>
76		<table cellspacing="5" cellpadding="0" border="0">
77		<tr>
78		<td>
79
80		</td>
81		<td>
82
83		<p>
84		Unsigned 64-bit integer type </td>
85		</tr>
86		</table>
87		<a class="anchor" name="g44f60a4b4db805be9d55b476dd949a66"></a><!-- doxytag: member="CredentialsCache.h::cc_uint64" ref="g44f60a4b4db805be9d55b476dd949a66" args="" --><p>
88		<table class="mdTable" cellpadding="2" cellspacing="0">
89		<tr>
90		<td class="mdRow">
91		<table cellpadding="0" cellspacing="0" border="0">
92		<tr>
93		<td class="md" nowrap valign="top">typedef uint64_t <a class="el" href="group__ccapi__types__reference.html#g44f60a4b4db805be9d55b476dd949a66">cc_uint64</a> </td>
94		</tr>
95		</table>
96		</td>
97		</tr>
98		</table>
99		<table cellspacing="5" cellpadding="0" border="0">
100		<tr>
101		<td>
102
103		</td>
104		<td>
105
106		<p>
107		Signed 64-bit integer type </td>
108		</tr>
109		</table>
110		<a class="anchor" name="ge7a754cfe5664beadddaa100646c9742"></a><!-- doxytag: member="CredentialsCache.h::cc_time_t" ref="ge7a754cfe5664beadddaa100646c9742" args="" --><p>
111		<table class="mdTable" cellpadding="2" cellspacing="0">
112		<tr>
113		<td class="mdRow">
114		<table cellpadding="0" cellspacing="0" border="0">
115		<tr>
116		<td class="md" nowrap valign="top">typedef <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> </td>
117		</tr>
118		</table>
119		</td>
120		</tr>
121		</table>
122		<table cellspacing="5" cellpadding="0" border="0">
123		<tr>
124		<td>
125
126		</td>
127		<td>
128
129		<p>
130		The cc_time_t type is used to represent a time in seconds. The time must be stored as the number of seconds since midnight GMT on January 1, 1970. </td>
131		</tr>
132		</table>
133		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
134		<a href="http://www.doxygen.org/index.html">
135		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
136		</body>
137		</html>

+0

-1377

~~doc/ccapi/html/group__helper__macros.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : CCAPI Function Helper Macros</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>CCAPI Function Helper Macros</h1>
8		<p>
9		<h2>Defines</h2>
10		<ul>
11		<li>#define <a class="el" href="group__helper__macros.html#g8ff82ce108889d4ed29f46ffe6efc40e">cc_context_release</a>(context)   ((context) -> functions -> release (context))
12		<li>#define <a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time</a>(context, change_time)   ((context) -> functions -> get_change_time (context, change_time))
13		<li>#define <a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name</a>(context, name)   ((context) -> functions -> get_default_ccache_name (context, name))
14		<li>#define <a class="el" href="group__helper__macros.html#g256a5ba17fe0e4502e0722d9b081bbef">cc_context_open_ccache</a>(context, name, ccache)   ((context) -> functions -> open_ccache (context, name, ccache))
15		<li>#define <a class="el" href="group__helper__macros.html#g45a7ce29eb409baabadcae1bc95d5c57">cc_context_open_default_ccache</a>(context, ccache)   ((context) -> functions -> open_default_ccache (context, ccache))
16		<li>#define <a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache</a>(context, name, version, principal, ccache)   ((context) -> functions -> create_ccache (context, name, version, principal, ccache))
17		<li>#define <a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache</a>(context, version, principal, ccache)   ((context) -> functions -> create_default_ccache (context, version, principal, ccache))
18		<li>#define <a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache</a>(context, version, principal, ccache)   ((context) -> functions -> create_new_ccache (context, version, principal, ccache))
19		<li>#define <a class="el" href="group__helper__macros.html#g6957bc9570e4769a5b1213d2a1d90cd7">cc_context_new_ccache_iterator</a>(context, iterator)   ((context) -> functions -> new_ccache_iterator (context, iterator))
20		<li>#define <a class="el" href="group__helper__macros.html#gcf4595340ddc8dafa539a86ac317625d">cc_context_lock</a>(context, type, block)   ((context) -> functions -> lock (context, type, block))
21		<li>#define <a class="el" href="group__helper__macros.html#g544261b88c9ac0f2379a35648cae3f27">cc_context_unlock</a>(context)   ((context) -> functions -> unlock (context))
22		<li>#define <a class="el" href="group__helper__macros.html#g9258ef05d06f3d4dc798ec654f78b967">cc_context_compare</a>(context, compare_to, equal)   ((context) -> functions -> compare (context, compare_to, equal))
23		<li>#define <a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change</a>(context)   ((context) -> functions -> wait_for_change (context))
24		<li>#define <a class="el" href="group__helper__macros.html#ge517135d87d8775d77b426d57a491ef0">cc_ccache_release</a>(ccache)   ((ccache) -> functions -> release (ccache))
25		<li>#define <a class="el" href="group__helper__macros.html#ge05b68d91bece2f99b531e96cde8d457">cc_ccache_destroy</a>(ccache)   ((ccache) -> functions -> destroy (ccache))
26		<li>#define <a class="el" href="group__helper__macros.html#g535b92993b85d92b67fa622447afbe13">cc_ccache_set_default</a>(ccache)   ((ccache) -> functions -> set_default (ccache))
27		<li>#define <a class="el" href="group__helper__macros.html#g934f93499765bdd179bb2342ae0f0fa6">cc_ccache_get_credentials_version</a>(ccache, version)   ((ccache) -> functions -> get_credentials_version (ccache, version))
28		<li>#define <a class="el" href="group__helper__macros.html#g042bea6044879ec03996b190792e3ae9">cc_ccache_get_name</a>(ccache, name)   ((ccache) -> functions -> get_name (ccache, name))
29		<li>#define <a class="el" href="group__helper__macros.html#g464aa49a2e8054c9c3c2a3410eaf5c54">cc_ccache_get_principal</a>(ccache, version, principal)   ((ccache) -> functions -> get_principal (ccache, version, principal))
30		<li>#define <a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal</a>(ccache, version, principal)   ((ccache) -> functions -> set_principal (ccache, version, principal))
31		<li>#define <a class="el" href="group__helper__macros.html#g35c1548dbacb8907da7b8c3124eabf39">cc_ccache_store_credentials</a>(ccache, credentials)   ((ccache) -> functions -> store_credentials (ccache, credentials))
32		<li>#define <a class="el" href="group__helper__macros.html#ga1bbc05414ad4c17cea9cd5e5c50c7cc">cc_ccache_remove_credentials</a>(ccache, credentials)   ((ccache) -> functions -> remove_credentials (ccache, credentials))
33		<li>#define <a class="el" href="group__helper__macros.html#g893b31c419e71c2f528781d3036fa3ff">cc_ccache_new_credentials_iterator</a>(ccache, iterator)   ((ccache) -> functions -> new_credentials_iterator (ccache, iterator))
34		<li>#define <a class="el" href="group__helper__macros.html#gb8c2624719ee1c4be5f1b1bc4844f0cc">cc_ccache_lock</a>(ccache, type, block)   ((ccache) -> functions -> lock (ccache, type, block))
35		<li>#define <a class="el" href="group__helper__macros.html#ge9b13c950cb6ee636c4a73d6c569a811">cc_ccache_unlock</a>(ccache)   ((ccache) -> functions -> unlock (ccache))
36		<li>#define <a class="el" href="group__helper__macros.html#g884b0c60718fa1057574a3cd844e96ee">cc_ccache_get_last_default_time</a>(ccache, last_default_time)   ((ccache) -> functions -> get_last_default_time (ccache, last_default_time))
37		<li>#define <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time</a>(ccache, change_time)   ((ccache) -> functions -> get_change_time (ccache, change_time))
38		<li>#define <a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move</a>(source, destination)   ((source) -> functions -> move (source, destination))
39		<li>#define <a class="el" href="group__helper__macros.html#g197ff60fac986634fbef8ca102ec54a5">cc_ccache_compare</a>(ccache, compare_to, equal)   ((ccache) -> functions -> compare (ccache, compare_to, equal))
40		<li>#define <a class="el" href="group__helper__macros.html#g1fa36a89752da4a491d2ecdad17f8b0e">cc_ccache_get_kdc_time_offset</a>(ccache, version, time_offset)   ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset))
41		<li>#define <a class="el" href="group__helper__macros.html#g519bf0ab152e5a3d2beee8a76a27d16e">cc_ccache_set_kdc_time_offset</a>(ccache, version, time_offset)   ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset))
42		<li>#define <a class="el" href="group__helper__macros.html#g803c35f92992dc0b73e8809d13ebabab">cc_ccache_clear_kdc_time_offset</a>(ccache, version)   ((ccache) -> functions -> clear_kdc_time_offset (ccache, version))
43		<li>#define <a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change</a>(ccache)   ((ccache) -> functions -> wait_for_change (ccache))
44		<li>#define <a class="el" href="group__helper__macros.html#ge9bebfed2d574e69f29dd341bc8a63d9">cc_string_release</a>(string)   ((string) -> functions -> release (string))
45		<li>#define <a class="el" href="group__helper__macros.html#gab5cad8ca82847950956b0f493132c14">cc_credentials_release</a>(credentials)   ((credentials) -> functions -> release (credentials))
46		<li>#define <a class="el" href="group__helper__macros.html#g39ae30e49dba65b87c6b9794f20fb784">cc_credentials_compare</a>(credentials, compare_to, equal)   ((credentials) -> functions -> compare (credentials, compare_to, equal))
47		<li>#define <a class="el" href="group__helper__macros.html#g34f37496fb8bc414aafb0b265afecb1b">cc_ccache_iterator_release</a>(iterator)   ((iterator) -> functions -> release (iterator))
48		<li>#define <a class="el" href="group__helper__macros.html#gcff0b3e247a2adc95442324fec6c5651">cc_ccache_iterator_next</a>(iterator, ccache)   ((iterator) -> functions -> next (iterator, ccache))
49		<li>#define <a class="el" href="group__helper__macros.html#g904d7757fd7ac40f4ee9b448a389f2dd">cc_ccache_iterator_clone</a>(iterator, new_iterator)   ((iterator) -> functions -> clone (iterator, new_iterator))
50		<li>#define <a class="el" href="group__helper__macros.html#g79f914583e8076ac24c0d5dde4ddb712">cc_credentials_iterator_release</a>(iterator)   ((iterator) -> functions -> release (iterator))
51		<li>#define <a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next</a>(iterator, credentials)   ((iterator) -> functions -> next (iterator, credentials))
52		<li>#define <a class="el" href="group__helper__macros.html#g59a9f96a6c00b64c0ab971f7e9b5aae2">cc_credentials_iterator_clone</a>(iterator, new_iterator)   ((iterator) -> functions -> clone (iterator, new_iterator))
53		</ul>
54		<hr><h2>Define Documentation</h2>
55		<a class="anchor" name="g8ff82ce108889d4ed29f46ffe6efc40e"></a><!-- doxytag: member="CredentialsCache.h::cc_context_release" ref="g8ff82ce108889d4ed29f46ffe6efc40e" args="(context)" --><p>
56		<table class="mdTable" cellpadding="2" cellspacing="0">
57		<tr>
58		<td class="mdRow">
59		<table cellpadding="0" cellspacing="0" border="0">
60		<tr>
61		<td class="md" nowrap valign="top">#define cc_context_release </td>
62		<td class="md" valign="top">( </td>
63		<td class="md" nowrap valign="top">context </td>
64		<td class="mdname1" valign="top" nowrap> </td>
65		<td class="md" valign="top"> ) </td>
66		<td class="md" nowrap>   ((context) -> functions -> release (context))</td>
67		</tr>
68		</table>
69		</td>
70		</tr>
71		</table>
72		<table cellspacing="5" cellpadding="0" border="0">
73		<tr>
74		<td>
75
76		</td>
77		<td>
78
79		<p>
80		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> release() </td>
81		</tr>
82		</table>
83		<a class="anchor" name="g82f551af17455b78fa3a2e3f83c96907"></a><!-- doxytag: member="CredentialsCache.h::cc_context_get_change_time" ref="g82f551af17455b78fa3a2e3f83c96907" args="(context, change_time)" --><p>
84		<table class="mdTable" cellpadding="2" cellspacing="0">
85		<tr>
86		<td class="mdRow">
87		<table cellpadding="0" cellspacing="0" border="0">
88		<tr>
89		<td class="md" nowrap valign="top">#define cc_context_get_change_time </td>
90		<td class="md" valign="top">( </td>
91		<td class="md" nowrap valign="top">context, <tr>
92		<td class="md" nowrap align="right"></td>
93		<td class="md"></td>
94		<td class="md" nowrap>change_time </td>
95		<td class="mdname1" valign="top" nowrap> </td>
96		<td class="md" valign="top"> ) </td>
97		<td class="md" nowrap>   ((context) -> functions -> get_change_time (context, change_time))</td>
98		</tr>
99		</table>
100		</td>
101		</tr>
102		</table>
103		<table cellspacing="5" cellpadding="0" border="0">
104		<tr>
105		<td>
106
107		</td>
108		<td>
109
110		<p>
111		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> get_change_time() </td>
112		</tr>
113		</table>
114		<a class="anchor" name="gcb4eb9f1db6f8ebf261339ad87cb6c51"></a><!-- doxytag: member="CredentialsCache.h::cc_context_get_default_ccache_name" ref="gcb4eb9f1db6f8ebf261339ad87cb6c51" args="(context, name)" --><p>
115		<table class="mdTable" cellpadding="2" cellspacing="0">
116		<tr>
117		<td class="mdRow">
118		<table cellpadding="0" cellspacing="0" border="0">
119		<tr>
120		<td class="md" nowrap valign="top">#define cc_context_get_default_ccache_name </td>
121		<td class="md" valign="top">( </td>
122		<td class="md" nowrap valign="top">context, <tr>
123		<td class="md" nowrap align="right"></td>
124		<td class="md"></td>
125		<td class="md" nowrap>name </td>
126		<td class="mdname1" valign="top" nowrap> </td>
127		<td class="md" valign="top"> ) </td>
128		<td class="md" nowrap>   ((context) -> functions -> get_default_ccache_name (context, name))</td>
129		</tr>
130		</table>
131		</td>
132		</tr>
133		</table>
134		<table cellspacing="5" cellpadding="0" border="0">
135		<tr>
136		<td>
137
138		</td>
139		<td>
140
141		<p>
142		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> get_default_ccache_name() </td>
143		</tr>
144		</table>
145		<a class="anchor" name="g256a5ba17fe0e4502e0722d9b081bbef"></a><!-- doxytag: member="CredentialsCache.h::cc_context_open_ccache" ref="g256a5ba17fe0e4502e0722d9b081bbef" args="(context, name, ccache)" --><p>
146		<table class="mdTable" cellpadding="2" cellspacing="0">
147		<tr>
148		<td class="mdRow">
149		<table cellpadding="0" cellspacing="0" border="0">
150		<tr>
151		<td class="md" nowrap valign="top">#define cc_context_open_ccache </td>
152		<td class="md" valign="top">( </td>
153		<td class="md" nowrap valign="top">context, <tr>
154		<td class="md" nowrap align="right"></td>
155		<td class="md"></td>
156		<td class="md" nowrap>name, <tr>
157		<td class="md" nowrap align="right"></td>
158		<td class="md"></td>
159		<td class="md" nowrap>ccache </td>
160		<td class="mdname1" valign="top" nowrap> </td>
161		<td class="md" valign="top"> ) </td>
162		<td class="md" nowrap>   ((context) -> functions -> open_ccache (context, name, ccache))</td>
163		</tr>
164		</table>
165		</td>
166		</tr>
167		</table>
168		<table cellspacing="5" cellpadding="0" border="0">
169		<tr>
170		<td>
171
172		</td>
173		<td>
174
175		<p>
176		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> open_ccache() </td>
177		</tr>
178		</table>
179		<a class="anchor" name="g45a7ce29eb409baabadcae1bc95d5c57"></a><!-- doxytag: member="CredentialsCache.h::cc_context_open_default_ccache" ref="g45a7ce29eb409baabadcae1bc95d5c57" args="(context, ccache)" --><p>
180		<table class="mdTable" cellpadding="2" cellspacing="0">
181		<tr>
182		<td class="mdRow">
183		<table cellpadding="0" cellspacing="0" border="0">
184		<tr>
185		<td class="md" nowrap valign="top">#define cc_context_open_default_ccache </td>
186		<td class="md" valign="top">( </td>
187		<td class="md" nowrap valign="top">context, <tr>
188		<td class="md" nowrap align="right"></td>
189		<td class="md"></td>
190		<td class="md" nowrap>ccache </td>
191		<td class="mdname1" valign="top" nowrap> </td>
192		<td class="md" valign="top"> ) </td>
193		<td class="md" nowrap>   ((context) -> functions -> open_default_ccache (context, ccache))</td>
194		</tr>
195		</table>
196		</td>
197		</tr>
198		</table>
199		<table cellspacing="5" cellpadding="0" border="0">
200		<tr>
201		<td>
202
203		</td>
204		<td>
205
206		<p>
207		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> open_default_ccache() </td>
208		</tr>
209		</table>
210		<a class="anchor" name="g9fbcbd0f1b107cdaa2a0179e227f82cf"></a><!-- doxytag: member="CredentialsCache.h::cc_context_create_ccache" ref="g9fbcbd0f1b107cdaa2a0179e227f82cf" args="(context, name, version, principal, ccache)" --><p>
211		<table class="mdTable" cellpadding="2" cellspacing="0">
212		<tr>
213		<td class="mdRow">
214		<table cellpadding="0" cellspacing="0" border="0">
215		<tr>
216		<td class="md" nowrap valign="top">#define cc_context_create_ccache </td>
217		<td class="md" valign="top">( </td>
218		<td class="md" nowrap valign="top">context, <tr>
219		<td class="md" nowrap align="right"></td>
220		<td class="md"></td>
221		<td class="md" nowrap>name, <tr>
222		<td class="md" nowrap align="right"></td>
223		<td class="md"></td>
224		<td class="md" nowrap>version, <tr>
225		<td class="md" nowrap align="right"></td>
226		<td class="md"></td>
227		<td class="md" nowrap>principal, <tr>
228		<td class="md" nowrap align="right"></td>
229		<td class="md"></td>
230		<td class="md" nowrap>ccache </td>
231		<td class="mdname1" valign="top" nowrap> </td>
232		<td class="md" valign="top"> ) </td>
233		<td class="md" nowrap>   ((context) -> functions -> create_ccache (context, name, version, principal, ccache))</td>
234		</tr>
235		</table>
236		</td>
237		</tr>
238		</table>
239		<table cellspacing="5" cellpadding="0" border="0">
240		<tr>
241		<td>
242
243		</td>
244		<td>
245
246		<p>
247		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> create_ccache() </td>
248		</tr>
249		</table>
250		<a class="anchor" name="g10a184dd699cae4df6f3480290804a72"></a><!-- doxytag: member="CredentialsCache.h::cc_context_create_default_ccache" ref="g10a184dd699cae4df6f3480290804a72" args="(context, version, principal, ccache)" --><p>
251		<table class="mdTable" cellpadding="2" cellspacing="0">
252		<tr>
253		<td class="mdRow">
254		<table cellpadding="0" cellspacing="0" border="0">
255		<tr>
256		<td class="md" nowrap valign="top">#define cc_context_create_default_ccache </td>
257		<td class="md" valign="top">( </td>
258		<td class="md" nowrap valign="top">context, <tr>
259		<td class="md" nowrap align="right"></td>
260		<td class="md"></td>
261		<td class="md" nowrap>version, <tr>
262		<td class="md" nowrap align="right"></td>
263		<td class="md"></td>
264		<td class="md" nowrap>principal, <tr>
265		<td class="md" nowrap align="right"></td>
266		<td class="md"></td>
267		<td class="md" nowrap>ccache </td>
268		<td class="mdname1" valign="top" nowrap> </td>
269		<td class="md" valign="top"> ) </td>
270		<td class="md" nowrap>   ((context) -> functions -> create_default_ccache (context, version, principal, ccache))</td>
271		</tr>
272		</table>
273		</td>
274		</tr>
275		</table>
276		<table cellspacing="5" cellpadding="0" border="0">
277		<tr>
278		<td>
279
280		</td>
281		<td>
282
283		<p>
284		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> create_default_ccache() </td>
285		</tr>
286		</table>
287		<a class="anchor" name="g1a6dffb1db25590351646fdcf9824f09"></a><!-- doxytag: member="CredentialsCache.h::cc_context_create_new_ccache" ref="g1a6dffb1db25590351646fdcf9824f09" args="(context, version, principal, ccache)" --><p>
288		<table class="mdTable" cellpadding="2" cellspacing="0">
289		<tr>
290		<td class="mdRow">
291		<table cellpadding="0" cellspacing="0" border="0">
292		<tr>
293		<td class="md" nowrap valign="top">#define cc_context_create_new_ccache </td>
294		<td class="md" valign="top">( </td>
295		<td class="md" nowrap valign="top">context, <tr>
296		<td class="md" nowrap align="right"></td>
297		<td class="md"></td>
298		<td class="md" nowrap>version, <tr>
299		<td class="md" nowrap align="right"></td>
300		<td class="md"></td>
301		<td class="md" nowrap>principal, <tr>
302		<td class="md" nowrap align="right"></td>
303		<td class="md"></td>
304		<td class="md" nowrap>ccache </td>
305		<td class="mdname1" valign="top" nowrap> </td>
306		<td class="md" valign="top"> ) </td>
307		<td class="md" nowrap>   ((context) -> functions -> create_new_ccache (context, version, principal, ccache))</td>
308		</tr>
309		</table>
310		</td>
311		</tr>
312		</table>
313		<table cellspacing="5" cellpadding="0" border="0">
314		<tr>
315		<td>
316
317		</td>
318		<td>
319
320		<p>
321		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> create_new_ccache() </td>
322		</tr>
323		</table>
324		<a class="anchor" name="g6957bc9570e4769a5b1213d2a1d90cd7"></a><!-- doxytag: member="CredentialsCache.h::cc_context_new_ccache_iterator" ref="g6957bc9570e4769a5b1213d2a1d90cd7" args="(context, iterator)" --><p>
325		<table class="mdTable" cellpadding="2" cellspacing="0">
326		<tr>
327		<td class="mdRow">
328		<table cellpadding="0" cellspacing="0" border="0">
329		<tr>
330		<td class="md" nowrap valign="top">#define cc_context_new_ccache_iterator </td>
331		<td class="md" valign="top">( </td>
332		<td class="md" nowrap valign="top">context, <tr>
333		<td class="md" nowrap align="right"></td>
334		<td class="md"></td>
335		<td class="md" nowrap>iterator </td>
336		<td class="mdname1" valign="top" nowrap> </td>
337		<td class="md" valign="top"> ) </td>
338		<td class="md" nowrap>   ((context) -> functions -> new_ccache_iterator (context, iterator))</td>
339		</tr>
340		</table>
341		</td>
342		</tr>
343		</table>
344		<table cellspacing="5" cellpadding="0" border="0">
345		<tr>
346		<td>
347
348		</td>
349		<td>
350
351		<p>
352		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> new_ccache_iterator() </td>
353		</tr>
354		</table>
355		<a class="anchor" name="gcf4595340ddc8dafa539a86ac317625d"></a><!-- doxytag: member="CredentialsCache.h::cc_context_lock" ref="gcf4595340ddc8dafa539a86ac317625d" args="(context, type, block)" --><p>
356		<table class="mdTable" cellpadding="2" cellspacing="0">
357		<tr>
358		<td class="mdRow">
359		<table cellpadding="0" cellspacing="0" border="0">
360		<tr>
361		<td class="md" nowrap valign="top">#define cc_context_lock </td>
362		<td class="md" valign="top">( </td>
363		<td class="md" nowrap valign="top">context, <tr>
364		<td class="md" nowrap align="right"></td>
365		<td class="md"></td>
366		<td class="md" nowrap>type, <tr>
367		<td class="md" nowrap align="right"></td>
368		<td class="md"></td>
369		<td class="md" nowrap>block </td>
370		<td class="mdname1" valign="top" nowrap> </td>
371		<td class="md" valign="top"> ) </td>
372		<td class="md" nowrap>   ((context) -> functions -> lock (context, type, block))</td>
373		</tr>
374		</table>
375		</td>
376		</tr>
377		</table>
378		<table cellspacing="5" cellpadding="0" border="0">
379		<tr>
380		<td>
381
382		</td>
383		<td>
384
385		<p>
386		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> lock() </td>
387		</tr>
388		</table>
389		<a class="anchor" name="g544261b88c9ac0f2379a35648cae3f27"></a><!-- doxytag: member="CredentialsCache.h::cc_context_unlock" ref="g544261b88c9ac0f2379a35648cae3f27" args="(context)" --><p>
390		<table class="mdTable" cellpadding="2" cellspacing="0">
391		<tr>
392		<td class="mdRow">
393		<table cellpadding="0" cellspacing="0" border="0">
394		<tr>
395		<td class="md" nowrap valign="top">#define cc_context_unlock </td>
396		<td class="md" valign="top">( </td>
397		<td class="md" nowrap valign="top">context </td>
398		<td class="mdname1" valign="top" nowrap> </td>
399		<td class="md" valign="top"> ) </td>
400		<td class="md" nowrap>   ((context) -> functions -> unlock (context))</td>
401		</tr>
402		</table>
403		</td>
404		</tr>
405		</table>
406		<table cellspacing="5" cellpadding="0" border="0">
407		<tr>
408		<td>
409
410		</td>
411		<td>
412
413		<p>
414		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> unlock() </td>
415		</tr>
416		</table>
417		<a class="anchor" name="g9258ef05d06f3d4dc798ec654f78b967"></a><!-- doxytag: member="CredentialsCache.h::cc_context_compare" ref="g9258ef05d06f3d4dc798ec654f78b967" args="(context, compare_to, equal)" --><p>
418		<table class="mdTable" cellpadding="2" cellspacing="0">
419		<tr>
420		<td class="mdRow">
421		<table cellpadding="0" cellspacing="0" border="0">
422		<tr>
423		<td class="md" nowrap valign="top">#define cc_context_compare </td>
424		<td class="md" valign="top">( </td>
425		<td class="md" nowrap valign="top">context, <tr>
426		<td class="md" nowrap align="right"></td>
427		<td class="md"></td>
428		<td class="md" nowrap>compare_to, <tr>
429		<td class="md" nowrap align="right"></td>
430		<td class="md"></td>
431		<td class="md" nowrap>equal </td>
432		<td class="mdname1" valign="top" nowrap> </td>
433		<td class="md" valign="top"> ) </td>
434		<td class="md" nowrap>   ((context) -> functions -> compare (context, compare_to, equal))</td>
435		</tr>
436		</table>
437		</td>
438		</tr>
439		</table>
440		<table cellspacing="5" cellpadding="0" border="0">
441		<tr>
442		<td>
443
444		</td>
445		<td>
446
447		<p>
448		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> compare() </td>
449		</tr>
450		</table>
451		<a class="anchor" name="g9eb3508958528c00844a101275497e5a"></a><!-- doxytag: member="CredentialsCache.h::cc_context_wait_for_change" ref="g9eb3508958528c00844a101275497e5a" args="(context)" --><p>
452		<table class="mdTable" cellpadding="2" cellspacing="0">
453		<tr>
454		<td class="mdRow">
455		<table cellpadding="0" cellspacing="0" border="0">
456		<tr>
457		<td class="md" nowrap valign="top">#define cc_context_wait_for_change </td>
458		<td class="md" valign="top">( </td>
459		<td class="md" nowrap valign="top">context </td>
460		<td class="mdname1" valign="top" nowrap> </td>
461		<td class="md" valign="top"> ) </td>
462		<td class="md" nowrap>   ((context) -> functions -> wait_for_change (context))</td>
463		</tr>
464		</table>
465		</td>
466		</tr>
467		</table>
468		<table cellspacing="5" cellpadding="0" border="0">
469		<tr>
470		<td>
471
472		</td>
473		<td>
474
475		<p>
476		Helper macro for <a class="el" href="structcc__context__f.html">cc_context_f</a> wait_for_change() </td>
477		</tr>
478		</table>
479		<a class="anchor" name="ge517135d87d8775d77b426d57a491ef0"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_release" ref="ge517135d87d8775d77b426d57a491ef0" args="(ccache)" --><p>
480		<table class="mdTable" cellpadding="2" cellspacing="0">
481		<tr>
482		<td class="mdRow">
483		<table cellpadding="0" cellspacing="0" border="0">
484		<tr>
485		<td class="md" nowrap valign="top">#define cc_ccache_release </td>
486		<td class="md" valign="top">( </td>
487		<td class="md" nowrap valign="top">ccache </td>
488		<td class="mdname1" valign="top" nowrap> </td>
489		<td class="md" valign="top"> ) </td>
490		<td class="md" nowrap>   ((ccache) -> functions -> release (ccache))</td>
491		</tr>
492		</table>
493		</td>
494		</tr>
495		</table>
496		<table cellspacing="5" cellpadding="0" border="0">
497		<tr>
498		<td>
499
500		</td>
501		<td>
502
503		<p>
504		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> release() </td>
505		</tr>
506		</table>
507		<a class="anchor" name="ge05b68d91bece2f99b531e96cde8d457"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_destroy" ref="ge05b68d91bece2f99b531e96cde8d457" args="(ccache)" --><p>
508		<table class="mdTable" cellpadding="2" cellspacing="0">
509		<tr>
510		<td class="mdRow">
511		<table cellpadding="0" cellspacing="0" border="0">
512		<tr>
513		<td class="md" nowrap valign="top">#define cc_ccache_destroy </td>
514		<td class="md" valign="top">( </td>
515		<td class="md" nowrap valign="top">ccache </td>
516		<td class="mdname1" valign="top" nowrap> </td>
517		<td class="md" valign="top"> ) </td>
518		<td class="md" nowrap>   ((ccache) -> functions -> destroy (ccache))</td>
519		</tr>
520		</table>
521		</td>
522		</tr>
523		</table>
524		<table cellspacing="5" cellpadding="0" border="0">
525		<tr>
526		<td>
527
528		</td>
529		<td>
530
531		<p>
532		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> destroy() </td>
533		</tr>
534		</table>
535		<a class="anchor" name="g535b92993b85d92b67fa622447afbe13"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_set_default" ref="g535b92993b85d92b67fa622447afbe13" args="(ccache)" --><p>
536		<table class="mdTable" cellpadding="2" cellspacing="0">
537		<tr>
538		<td class="mdRow">
539		<table cellpadding="0" cellspacing="0" border="0">
540		<tr>
541		<td class="md" nowrap valign="top">#define cc_ccache_set_default </td>
542		<td class="md" valign="top">( </td>
543		<td class="md" nowrap valign="top">ccache </td>
544		<td class="mdname1" valign="top" nowrap> </td>
545		<td class="md" valign="top"> ) </td>
546		<td class="md" nowrap>   ((ccache) -> functions -> set_default (ccache))</td>
547		</tr>
548		</table>
549		</td>
550		</tr>
551		</table>
552		<table cellspacing="5" cellpadding="0" border="0">
553		<tr>
554		<td>
555
556		</td>
557		<td>
558
559		<p>
560		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> set_default() </td>
561		</tr>
562		</table>
563		<a class="anchor" name="g934f93499765bdd179bb2342ae0f0fa6"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_credentials_version" ref="g934f93499765bdd179bb2342ae0f0fa6" args="(ccache, version)" --><p>
564		<table class="mdTable" cellpadding="2" cellspacing="0">
565		<tr>
566		<td class="mdRow">
567		<table cellpadding="0" cellspacing="0" border="0">
568		<tr>
569		<td class="md" nowrap valign="top">#define cc_ccache_get_credentials_version </td>
570		<td class="md" valign="top">( </td>
571		<td class="md" nowrap valign="top">ccache, <tr>
572		<td class="md" nowrap align="right"></td>
573		<td class="md"></td>
574		<td class="md" nowrap>version </td>
575		<td class="mdname1" valign="top" nowrap> </td>
576		<td class="md" valign="top"> ) </td>
577		<td class="md" nowrap>   ((ccache) -> functions -> get_credentials_version (ccache, version))</td>
578		</tr>
579		</table>
580		</td>
581		</tr>
582		</table>
583		<table cellspacing="5" cellpadding="0" border="0">
584		<tr>
585		<td>
586
587		</td>
588		<td>
589
590		<p>
591		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_credentials_version() </td>
592		</tr>
593		</table>
594		<a class="anchor" name="g042bea6044879ec03996b190792e3ae9"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_name" ref="g042bea6044879ec03996b190792e3ae9" args="(ccache, name)" --><p>
595		<table class="mdTable" cellpadding="2" cellspacing="0">
596		<tr>
597		<td class="mdRow">
598		<table cellpadding="0" cellspacing="0" border="0">
599		<tr>
600		<td class="md" nowrap valign="top">#define cc_ccache_get_name </td>
601		<td class="md" valign="top">( </td>
602		<td class="md" nowrap valign="top">ccache, <tr>
603		<td class="md" nowrap align="right"></td>
604		<td class="md"></td>
605		<td class="md" nowrap>name </td>
606		<td class="mdname1" valign="top" nowrap> </td>
607		<td class="md" valign="top"> ) </td>
608		<td class="md" nowrap>   ((ccache) -> functions -> get_name (ccache, name))</td>
609		</tr>
610		</table>
611		</td>
612		</tr>
613		</table>
614		<table cellspacing="5" cellpadding="0" border="0">
615		<tr>
616		<td>
617
618		</td>
619		<td>
620
621		<p>
622		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_name() </td>
623		</tr>
624		</table>
625		<a class="anchor" name="g464aa49a2e8054c9c3c2a3410eaf5c54"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_principal" ref="g464aa49a2e8054c9c3c2a3410eaf5c54" args="(ccache, version, principal)" --><p>
626		<table class="mdTable" cellpadding="2" cellspacing="0">
627		<tr>
628		<td class="mdRow">
629		<table cellpadding="0" cellspacing="0" border="0">
630		<tr>
631		<td class="md" nowrap valign="top">#define cc_ccache_get_principal </td>
632		<td class="md" valign="top">( </td>
633		<td class="md" nowrap valign="top">ccache, <tr>
634		<td class="md" nowrap align="right"></td>
635		<td class="md"></td>
636		<td class="md" nowrap>version, <tr>
637		<td class="md" nowrap align="right"></td>
638		<td class="md"></td>
639		<td class="md" nowrap>principal </td>
640		<td class="mdname1" valign="top" nowrap> </td>
641		<td class="md" valign="top"> ) </td>
642		<td class="md" nowrap>   ((ccache) -> functions -> get_principal (ccache, version, principal))</td>
643		</tr>
644		</table>
645		</td>
646		</tr>
647		</table>
648		<table cellspacing="5" cellpadding="0" border="0">
649		<tr>
650		<td>
651
652		</td>
653		<td>
654
655		<p>
656		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_principal() </td>
657		</tr>
658		</table>
659		<a class="anchor" name="gfaa81492b5d7b3ba00208a9577ce0ba2"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_set_principal" ref="gfaa81492b5d7b3ba00208a9577ce0ba2" args="(ccache, version, principal)" --><p>
660		<table class="mdTable" cellpadding="2" cellspacing="0">
661		<tr>
662		<td class="mdRow">
663		<table cellpadding="0" cellspacing="0" border="0">
664		<tr>
665		<td class="md" nowrap valign="top">#define cc_ccache_set_principal </td>
666		<td class="md" valign="top">( </td>
667		<td class="md" nowrap valign="top">ccache, <tr>
668		<td class="md" nowrap align="right"></td>
669		<td class="md"></td>
670		<td class="md" nowrap>version, <tr>
671		<td class="md" nowrap align="right"></td>
672		<td class="md"></td>
673		<td class="md" nowrap>principal </td>
674		<td class="mdname1" valign="top" nowrap> </td>
675		<td class="md" valign="top"> ) </td>
676		<td class="md" nowrap>   ((ccache) -> functions -> set_principal (ccache, version, principal))</td>
677		</tr>
678		</table>
679		</td>
680		</tr>
681		</table>
682		<table cellspacing="5" cellpadding="0" border="0">
683		<tr>
684		<td>
685
686		</td>
687		<td>
688
689		<p>
690		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> set_principal() </td>
691		</tr>
692		</table>
693		<a class="anchor" name="g35c1548dbacb8907da7b8c3124eabf39"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_store_credentials" ref="g35c1548dbacb8907da7b8c3124eabf39" args="(ccache, credentials)" --><p>
694		<table class="mdTable" cellpadding="2" cellspacing="0">
695		<tr>
696		<td class="mdRow">
697		<table cellpadding="0" cellspacing="0" border="0">
698		<tr>
699		<td class="md" nowrap valign="top">#define cc_ccache_store_credentials </td>
700		<td class="md" valign="top">( </td>
701		<td class="md" nowrap valign="top">ccache, <tr>
702		<td class="md" nowrap align="right"></td>
703		<td class="md"></td>
704		<td class="md" nowrap>credentials </td>
705		<td class="mdname1" valign="top" nowrap> </td>
706		<td class="md" valign="top"> ) </td>
707		<td class="md" nowrap>   ((ccache) -> functions -> store_credentials (ccache, credentials))</td>
708		</tr>
709		</table>
710		</td>
711		</tr>
712		</table>
713		<table cellspacing="5" cellpadding="0" border="0">
714		<tr>
715		<td>
716
717		</td>
718		<td>
719
720		<p>
721		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> store_credentials() </td>
722		</tr>
723		</table>
724		<a class="anchor" name="ga1bbc05414ad4c17cea9cd5e5c50c7cc"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_remove_credentials" ref="ga1bbc05414ad4c17cea9cd5e5c50c7cc" args="(ccache, credentials)" --><p>
725		<table class="mdTable" cellpadding="2" cellspacing="0">
726		<tr>
727		<td class="mdRow">
728		<table cellpadding="0" cellspacing="0" border="0">
729		<tr>
730		<td class="md" nowrap valign="top">#define cc_ccache_remove_credentials </td>
731		<td class="md" valign="top">( </td>
732		<td class="md" nowrap valign="top">ccache, <tr>
733		<td class="md" nowrap align="right"></td>
734		<td class="md"></td>
735		<td class="md" nowrap>credentials </td>
736		<td class="mdname1" valign="top" nowrap> </td>
737		<td class="md" valign="top"> ) </td>
738		<td class="md" nowrap>   ((ccache) -> functions -> remove_credentials (ccache, credentials))</td>
739		</tr>
740		</table>
741		</td>
742		</tr>
743		</table>
744		<table cellspacing="5" cellpadding="0" border="0">
745		<tr>
746		<td>
747
748		</td>
749		<td>
750
751		<p>
752		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> remove_credentials() </td>
753		</tr>
754		</table>
755		<a class="anchor" name="g893b31c419e71c2f528781d3036fa3ff"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_new_credentials_iterator" ref="g893b31c419e71c2f528781d3036fa3ff" args="(ccache, iterator)" --><p>
756		<table class="mdTable" cellpadding="2" cellspacing="0">
757		<tr>
758		<td class="mdRow">
759		<table cellpadding="0" cellspacing="0" border="0">
760		<tr>
761		<td class="md" nowrap valign="top">#define cc_ccache_new_credentials_iterator </td>
762		<td class="md" valign="top">( </td>
763		<td class="md" nowrap valign="top">ccache, <tr>
764		<td class="md" nowrap align="right"></td>
765		<td class="md"></td>
766		<td class="md" nowrap>iterator </td>
767		<td class="mdname1" valign="top" nowrap> </td>
768		<td class="md" valign="top"> ) </td>
769		<td class="md" nowrap>   ((ccache) -> functions -> new_credentials_iterator (ccache, iterator))</td>
770		</tr>
771		</table>
772		</td>
773		</tr>
774		</table>
775		<table cellspacing="5" cellpadding="0" border="0">
776		<tr>
777		<td>
778
779		</td>
780		<td>
781
782		<p>
783		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> new_credentials_iterator() </td>
784		</tr>
785		</table>
786		<a class="anchor" name="gb8c2624719ee1c4be5f1b1bc4844f0cc"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_lock" ref="gb8c2624719ee1c4be5f1b1bc4844f0cc" args="(ccache, type, block)" --><p>
787		<table class="mdTable" cellpadding="2" cellspacing="0">
788		<tr>
789		<td class="mdRow">
790		<table cellpadding="0" cellspacing="0" border="0">
791		<tr>
792		<td class="md" nowrap valign="top">#define cc_ccache_lock </td>
793		<td class="md" valign="top">( </td>
794		<td class="md" nowrap valign="top">ccache, <tr>
795		<td class="md" nowrap align="right"></td>
796		<td class="md"></td>
797		<td class="md" nowrap>type, <tr>
798		<td class="md" nowrap align="right"></td>
799		<td class="md"></td>
800		<td class="md" nowrap>block </td>
801		<td class="mdname1" valign="top" nowrap> </td>
802		<td class="md" valign="top"> ) </td>
803		<td class="md" nowrap>   ((ccache) -> functions -> lock (ccache, type, block))</td>
804		</tr>
805		</table>
806		</td>
807		</tr>
808		</table>
809		<table cellspacing="5" cellpadding="0" border="0">
810		<tr>
811		<td>
812
813		</td>
814		<td>
815
816		<p>
817		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> lock() </td>
818		</tr>
819		</table>
820		<a class="anchor" name="ge9b13c950cb6ee636c4a73d6c569a811"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_unlock" ref="ge9b13c950cb6ee636c4a73d6c569a811" args="(ccache)" --><p>
821		<table class="mdTable" cellpadding="2" cellspacing="0">
822		<tr>
823		<td class="mdRow">
824		<table cellpadding="0" cellspacing="0" border="0">
825		<tr>
826		<td class="md" nowrap valign="top">#define cc_ccache_unlock </td>
827		<td class="md" valign="top">( </td>
828		<td class="md" nowrap valign="top">ccache </td>
829		<td class="mdname1" valign="top" nowrap> </td>
830		<td class="md" valign="top"> ) </td>
831		<td class="md" nowrap>   ((ccache) -> functions -> unlock (ccache))</td>
832		</tr>
833		</table>
834		</td>
835		</tr>
836		</table>
837		<table cellspacing="5" cellpadding="0" border="0">
838		<tr>
839		<td>
840
841		</td>
842		<td>
843
844		<p>
845		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> unlock() </td>
846		</tr>
847		</table>
848		<a class="anchor" name="g884b0c60718fa1057574a3cd844e96ee"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_last_default_time" ref="g884b0c60718fa1057574a3cd844e96ee" args="(ccache, last_default_time)" --><p>
849		<table class="mdTable" cellpadding="2" cellspacing="0">
850		<tr>
851		<td class="mdRow">
852		<table cellpadding="0" cellspacing="0" border="0">
853		<tr>
854		<td class="md" nowrap valign="top">#define cc_ccache_get_last_default_time </td>
855		<td class="md" valign="top">( </td>
856		<td class="md" nowrap valign="top">ccache, <tr>
857		<td class="md" nowrap align="right"></td>
858		<td class="md"></td>
859		<td class="md" nowrap>last_default_time </td>
860		<td class="mdname1" valign="top" nowrap> </td>
861		<td class="md" valign="top"> ) </td>
862		<td class="md" nowrap>   ((ccache) -> functions -> get_last_default_time (ccache, last_default_time))</td>
863		</tr>
864		</table>
865		</td>
866		</tr>
867		</table>
868		<table cellspacing="5" cellpadding="0" border="0">
869		<tr>
870		<td>
871
872		</td>
873		<td>
874
875		<p>
876		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_last_default_time() </td>
877		</tr>
878		</table>
879		<a class="anchor" name="gb19ef7d2b1bcfb474e18e157fb3bc9c6"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_change_time" ref="gb19ef7d2b1bcfb474e18e157fb3bc9c6" args="(ccache, change_time)" --><p>
880		<table class="mdTable" cellpadding="2" cellspacing="0">
881		<tr>
882		<td class="mdRow">
883		<table cellpadding="0" cellspacing="0" border="0">
884		<tr>
885		<td class="md" nowrap valign="top">#define cc_ccache_get_change_time </td>
886		<td class="md" valign="top">( </td>
887		<td class="md" nowrap valign="top">ccache, <tr>
888		<td class="md" nowrap align="right"></td>
889		<td class="md"></td>
890		<td class="md" nowrap>change_time </td>
891		<td class="mdname1" valign="top" nowrap> </td>
892		<td class="md" valign="top"> ) </td>
893		<td class="md" nowrap>   ((ccache) -> functions -> get_change_time (ccache, change_time))</td>
894		</tr>
895		</table>
896		</td>
897		</tr>
898		</table>
899		<table cellspacing="5" cellpadding="0" border="0">
900		<tr>
901		<td>
902
903		</td>
904		<td>
905
906		<p>
907		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_change_time() </td>
908		</tr>
909		</table>
910		<a class="anchor" name="ge1238f80c37ae89486f2ba29bcbcae38"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_move" ref="ge1238f80c37ae89486f2ba29bcbcae38" args="(source, destination)" --><p>
911		<table class="mdTable" cellpadding="2" cellspacing="0">
912		<tr>
913		<td class="mdRow">
914		<table cellpadding="0" cellspacing="0" border="0">
915		<tr>
916		<td class="md" nowrap valign="top">#define cc_ccache_move </td>
917		<td class="md" valign="top">( </td>
918		<td class="md" nowrap valign="top">source, <tr>
919		<td class="md" nowrap align="right"></td>
920		<td class="md"></td>
921		<td class="md" nowrap>destination </td>
922		<td class="mdname1" valign="top" nowrap> </td>
923		<td class="md" valign="top"> ) </td>
924		<td class="md" nowrap>   ((source) -> functions -> move (source, destination))</td>
925		</tr>
926		</table>
927		</td>
928		</tr>
929		</table>
930		<table cellspacing="5" cellpadding="0" border="0">
931		<tr>
932		<td>
933
934		</td>
935		<td>
936
937		<p>
938		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> move() </td>
939		</tr>
940		</table>
941		<a class="anchor" name="g197ff60fac986634fbef8ca102ec54a5"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_compare" ref="g197ff60fac986634fbef8ca102ec54a5" args="(ccache, compare_to, equal)" --><p>
942		<table class="mdTable" cellpadding="2" cellspacing="0">
943		<tr>
944		<td class="mdRow">
945		<table cellpadding="0" cellspacing="0" border="0">
946		<tr>
947		<td class="md" nowrap valign="top">#define cc_ccache_compare </td>
948		<td class="md" valign="top">( </td>
949		<td class="md" nowrap valign="top">ccache, <tr>
950		<td class="md" nowrap align="right"></td>
951		<td class="md"></td>
952		<td class="md" nowrap>compare_to, <tr>
953		<td class="md" nowrap align="right"></td>
954		<td class="md"></td>
955		<td class="md" nowrap>equal </td>
956		<td class="mdname1" valign="top" nowrap> </td>
957		<td class="md" valign="top"> ) </td>
958		<td class="md" nowrap>   ((ccache) -> functions -> compare (ccache, compare_to, equal))</td>
959		</tr>
960		</table>
961		</td>
962		</tr>
963		</table>
964		<table cellspacing="5" cellpadding="0" border="0">
965		<tr>
966		<td>
967
968		</td>
969		<td>
970
971		<p>
972		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> compare() </td>
973		</tr>
974		</table>
975		<a class="anchor" name="g1fa36a89752da4a491d2ecdad17f8b0e"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_get_kdc_time_offset" ref="g1fa36a89752da4a491d2ecdad17f8b0e" args="(ccache, version, time_offset)" --><p>
976		<table class="mdTable" cellpadding="2" cellspacing="0">
977		<tr>
978		<td class="mdRow">
979		<table cellpadding="0" cellspacing="0" border="0">
980		<tr>
981		<td class="md" nowrap valign="top">#define cc_ccache_get_kdc_time_offset </td>
982		<td class="md" valign="top">( </td>
983		<td class="md" nowrap valign="top">ccache, <tr>
984		<td class="md" nowrap align="right"></td>
985		<td class="md"></td>
986		<td class="md" nowrap>version, <tr>
987		<td class="md" nowrap align="right"></td>
988		<td class="md"></td>
989		<td class="md" nowrap>time_offset </td>
990		<td class="mdname1" valign="top" nowrap> </td>
991		<td class="md" valign="top"> ) </td>
992		<td class="md" nowrap>   ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset))</td>
993		</tr>
994		</table>
995		</td>
996		</tr>
997		</table>
998		<table cellspacing="5" cellpadding="0" border="0">
999		<tr>
1000		<td>
1001
1002		</td>
1003		<td>
1004
1005		<p>
1006		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> get_kdc_time_offset() </td>
1007		</tr>
1008		</table>
1009		<a class="anchor" name="g519bf0ab152e5a3d2beee8a76a27d16e"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_set_kdc_time_offset" ref="g519bf0ab152e5a3d2beee8a76a27d16e" args="(ccache, version, time_offset)" --><p>
1010		<table class="mdTable" cellpadding="2" cellspacing="0">
1011		<tr>
1012		<td class="mdRow">
1013		<table cellpadding="0" cellspacing="0" border="0">
1014		<tr>
1015		<td class="md" nowrap valign="top">#define cc_ccache_set_kdc_time_offset </td>
1016		<td class="md" valign="top">( </td>
1017		<td class="md" nowrap valign="top">ccache, <tr>
1018		<td class="md" nowrap align="right"></td>
1019		<td class="md"></td>
1020		<td class="md" nowrap>version, <tr>
1021		<td class="md" nowrap align="right"></td>
1022		<td class="md"></td>
1023		<td class="md" nowrap>time_offset </td>
1024		<td class="mdname1" valign="top" nowrap> </td>
1025		<td class="md" valign="top"> ) </td>
1026		<td class="md" nowrap>   ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset))</td>
1027		</tr>
1028		</table>
1029		</td>
1030		</tr>
1031		</table>
1032		<table cellspacing="5" cellpadding="0" border="0">
1033		<tr>
1034		<td>
1035
1036		</td>
1037		<td>
1038
1039		<p>
1040		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> set_kdc_time_offset() </td>
1041		</tr>
1042		</table>
1043		<a class="anchor" name="g803c35f92992dc0b73e8809d13ebabab"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_clear_kdc_time_offset" ref="g803c35f92992dc0b73e8809d13ebabab" args="(ccache, version)" --><p>
1044		<table class="mdTable" cellpadding="2" cellspacing="0">
1045		<tr>
1046		<td class="mdRow">
1047		<table cellpadding="0" cellspacing="0" border="0">
1048		<tr>
1049		<td class="md" nowrap valign="top">#define cc_ccache_clear_kdc_time_offset </td>
1050		<td class="md" valign="top">( </td>
1051		<td class="md" nowrap valign="top">ccache, <tr>
1052		<td class="md" nowrap align="right"></td>
1053		<td class="md"></td>
1054		<td class="md" nowrap>version </td>
1055		<td class="mdname1" valign="top" nowrap> </td>
1056		<td class="md" valign="top"> ) </td>
1057		<td class="md" nowrap>   ((ccache) -> functions -> clear_kdc_time_offset (ccache, version))</td>
1058		</tr>
1059		</table>
1060		</td>
1061		</tr>
1062		</table>
1063		<table cellspacing="5" cellpadding="0" border="0">
1064		<tr>
1065		<td>
1066
1067		</td>
1068		<td>
1069
1070		<p>
1071		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> clear_kdc_time_offset() </td>
1072		</tr>
1073		</table>
1074		<a class="anchor" name="gc508ad0c010c88ad8ff0739b43a2b199"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_wait_for_change" ref="gc508ad0c010c88ad8ff0739b43a2b199" args="(ccache)" --><p>
1075		<table class="mdTable" cellpadding="2" cellspacing="0">
1076		<tr>
1077		<td class="mdRow">
1078		<table cellpadding="0" cellspacing="0" border="0">
1079		<tr>
1080		<td class="md" nowrap valign="top">#define cc_ccache_wait_for_change </td>
1081		<td class="md" valign="top">( </td>
1082		<td class="md" nowrap valign="top">ccache </td>
1083		<td class="mdname1" valign="top" nowrap> </td>
1084		<td class="md" valign="top"> ) </td>
1085		<td class="md" nowrap>   ((ccache) -> functions -> wait_for_change (ccache))</td>
1086		</tr>
1087		</table>
1088		</td>
1089		</tr>
1090		</table>
1091		<table cellspacing="5" cellpadding="0" border="0">
1092		<tr>
1093		<td>
1094
1095		</td>
1096		<td>
1097
1098		<p>
1099		Helper macro for <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> wait_for_change() </td>
1100		</tr>
1101		</table>
1102		<a class="anchor" name="ge9bebfed2d574e69f29dd341bc8a63d9"></a><!-- doxytag: member="CredentialsCache.h::cc_string_release" ref="ge9bebfed2d574e69f29dd341bc8a63d9" args="(string)" --><p>
1103		<table class="mdTable" cellpadding="2" cellspacing="0">
1104		<tr>
1105		<td class="mdRow">
1106		<table cellpadding="0" cellspacing="0" border="0">
1107		<tr>
1108		<td class="md" nowrap valign="top">#define cc_string_release </td>
1109		<td class="md" valign="top">( </td>
1110		<td class="md" nowrap valign="top">string </td>
1111		<td class="mdname1" valign="top" nowrap> </td>
1112		<td class="md" valign="top"> ) </td>
1113		<td class="md" nowrap>   ((string) -> functions -> release (string))</td>
1114		</tr>
1115		</table>
1116		</td>
1117		</tr>
1118		</table>
1119		<table cellspacing="5" cellpadding="0" border="0">
1120		<tr>
1121		<td>
1122
1123		</td>
1124		<td>
1125
1126		<p>
1127		Helper macro for <a class="el" href="structcc__string__f.html">cc_string_f</a> release() </td>
1128		</tr>
1129		</table>
1130		<a class="anchor" name="gab5cad8ca82847950956b0f493132c14"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_release" ref="gab5cad8ca82847950956b0f493132c14" args="(credentials)" --><p>
1131		<table class="mdTable" cellpadding="2" cellspacing="0">
1132		<tr>
1133		<td class="mdRow">
1134		<table cellpadding="0" cellspacing="0" border="0">
1135		<tr>
1136		<td class="md" nowrap valign="top">#define cc_credentials_release </td>
1137		<td class="md" valign="top">( </td>
1138		<td class="md" nowrap valign="top">credentials </td>
1139		<td class="mdname1" valign="top" nowrap> </td>
1140		<td class="md" valign="top"> ) </td>
1141		<td class="md" nowrap>   ((credentials) -> functions -> release (credentials))</td>
1142		</tr>
1143		</table>
1144		</td>
1145		</tr>
1146		</table>
1147		<table cellspacing="5" cellpadding="0" border="0">
1148		<tr>
1149		<td>
1150
1151		</td>
1152		<td>
1153
1154		<p>
1155		Helper macro for <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> release() </td>
1156		</tr>
1157		</table>
1158		<a class="anchor" name="g39ae30e49dba65b87c6b9794f20fb784"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_compare" ref="g39ae30e49dba65b87c6b9794f20fb784" args="(credentials, compare_to, equal)" --><p>
1159		<table class="mdTable" cellpadding="2" cellspacing="0">
1160		<tr>
1161		<td class="mdRow">
1162		<table cellpadding="0" cellspacing="0" border="0">
1163		<tr>
1164		<td class="md" nowrap valign="top">#define cc_credentials_compare </td>
1165		<td class="md" valign="top">( </td>
1166		<td class="md" nowrap valign="top">credentials, <tr>
1167		<td class="md" nowrap align="right"></td>
1168		<td class="md"></td>
1169		<td class="md" nowrap>compare_to, <tr>
1170		<td class="md" nowrap align="right"></td>
1171		<td class="md"></td>
1172		<td class="md" nowrap>equal </td>
1173		<td class="mdname1" valign="top" nowrap> </td>
1174		<td class="md" valign="top"> ) </td>
1175		<td class="md" nowrap>   ((credentials) -> functions -> compare (credentials, compare_to, equal))</td>
1176		</tr>
1177		</table>
1178		</td>
1179		</tr>
1180		</table>
1181		<table cellspacing="5" cellpadding="0" border="0">
1182		<tr>
1183		<td>
1184
1185		</td>
1186		<td>
1187
1188		<p>
1189		Helper macro for <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> compare() </td>
1190		</tr>
1191		</table>
1192		<a class="anchor" name="g34f37496fb8bc414aafb0b265afecb1b"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_release" ref="g34f37496fb8bc414aafb0b265afecb1b" args="(iterator)" --><p>
1193		<table class="mdTable" cellpadding="2" cellspacing="0">
1194		<tr>
1195		<td class="mdRow">
1196		<table cellpadding="0" cellspacing="0" border="0">
1197		<tr>
1198		<td class="md" nowrap valign="top">#define cc_ccache_iterator_release </td>
1199		<td class="md" valign="top">( </td>
1200		<td class="md" nowrap valign="top">iterator </td>
1201		<td class="mdname1" valign="top" nowrap> </td>
1202		<td class="md" valign="top"> ) </td>
1203		<td class="md" nowrap>   ((iterator) -> functions -> release (iterator))</td>
1204		</tr>
1205		</table>
1206		</td>
1207		</tr>
1208		</table>
1209		<table cellspacing="5" cellpadding="0" border="0">
1210		<tr>
1211		<td>
1212
1213		</td>
1214		<td>
1215
1216		<p>
1217		Helper macro for <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> release() </td>
1218		</tr>
1219		</table>
1220		<a class="anchor" name="gcff0b3e247a2adc95442324fec6c5651"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_next" ref="gcff0b3e247a2adc95442324fec6c5651" args="(iterator, ccache)" --><p>
1221		<table class="mdTable" cellpadding="2" cellspacing="0">
1222		<tr>
1223		<td class="mdRow">
1224		<table cellpadding="0" cellspacing="0" border="0">
1225		<tr>
1226		<td class="md" nowrap valign="top">#define cc_ccache_iterator_next </td>
1227		<td class="md" valign="top">( </td>
1228		<td class="md" nowrap valign="top">iterator, <tr>
1229		<td class="md" nowrap align="right"></td>
1230		<td class="md"></td>
1231		<td class="md" nowrap>ccache </td>
1232		<td class="mdname1" valign="top" nowrap> </td>
1233		<td class="md" valign="top"> ) </td>
1234		<td class="md" nowrap>   ((iterator) -> functions -> next (iterator, ccache))</td>
1235		</tr>
1236		</table>
1237		</td>
1238		</tr>
1239		</table>
1240		<table cellspacing="5" cellpadding="0" border="0">
1241		<tr>
1242		<td>
1243
1244		</td>
1245		<td>
1246
1247		<p>
1248		Helper macro for <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> next() </td>
1249		</tr>
1250		</table>
1251		<a class="anchor" name="g904d7757fd7ac40f4ee9b448a389f2dd"></a><!-- doxytag: member="CredentialsCache.h::cc_ccache_iterator_clone" ref="g904d7757fd7ac40f4ee9b448a389f2dd" args="(iterator, new_iterator)" --><p>
1252		<table class="mdTable" cellpadding="2" cellspacing="0">
1253		<tr>
1254		<td class="mdRow">
1255		<table cellpadding="0" cellspacing="0" border="0">
1256		<tr>
1257		<td class="md" nowrap valign="top">#define cc_ccache_iterator_clone </td>
1258		<td class="md" valign="top">( </td>
1259		<td class="md" nowrap valign="top">iterator, <tr>
1260		<td class="md" nowrap align="right"></td>
1261		<td class="md"></td>
1262		<td class="md" nowrap>new_iterator </td>
1263		<td class="mdname1" valign="top" nowrap> </td>
1264		<td class="md" valign="top"> ) </td>
1265		<td class="md" nowrap>   ((iterator) -> functions -> clone (iterator, new_iterator))</td>
1266		</tr>
1267		</table>
1268		</td>
1269		</tr>
1270		</table>
1271		<table cellspacing="5" cellpadding="0" border="0">
1272		<tr>
1273		<td>
1274
1275		</td>
1276		<td>
1277
1278		<p>
1279		Helper macro for <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> clone() </td>
1280		</tr>
1281		</table>
1282		<a class="anchor" name="g79f914583e8076ac24c0d5dde4ddb712"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_release" ref="g79f914583e8076ac24c0d5dde4ddb712" args="(iterator)" --><p>
1283		<table class="mdTable" cellpadding="2" cellspacing="0">
1284		<tr>
1285		<td class="mdRow">
1286		<table cellpadding="0" cellspacing="0" border="0">
1287		<tr>
1288		<td class="md" nowrap valign="top">#define cc_credentials_iterator_release </td>
1289		<td class="md" valign="top">( </td>
1290		<td class="md" nowrap valign="top">iterator </td>
1291		<td class="mdname1" valign="top" nowrap> </td>
1292		<td class="md" valign="top"> ) </td>
1293		<td class="md" nowrap>   ((iterator) -> functions -> release (iterator))</td>
1294		</tr>
1295		</table>
1296		</td>
1297		</tr>
1298		</table>
1299		<table cellspacing="5" cellpadding="0" border="0">
1300		<tr>
1301		<td>
1302
1303		</td>
1304		<td>
1305
1306		<p>
1307		Helper macro for <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> release() </td>
1308		</tr>
1309		</table>
1310		<a class="anchor" name="g0c2f41d90f478b2415b699085f8fcaa4"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_next" ref="g0c2f41d90f478b2415b699085f8fcaa4" args="(iterator, credentials)" --><p>
1311		<table class="mdTable" cellpadding="2" cellspacing="0">
1312		<tr>
1313		<td class="mdRow">
1314		<table cellpadding="0" cellspacing="0" border="0">
1315		<tr>
1316		<td class="md" nowrap valign="top">#define cc_credentials_iterator_next </td>
1317		<td class="md" valign="top">( </td>
1318		<td class="md" nowrap valign="top">iterator, <tr>
1319		<td class="md" nowrap align="right"></td>
1320		<td class="md"></td>
1321		<td class="md" nowrap>credentials </td>
1322		<td class="mdname1" valign="top" nowrap> </td>
1323		<td class="md" valign="top"> ) </td>
1324		<td class="md" nowrap>   ((iterator) -> functions -> next (iterator, credentials))</td>
1325		</tr>
1326		</table>
1327		</td>
1328		</tr>
1329		</table>
1330		<table cellspacing="5" cellpadding="0" border="0">
1331		<tr>
1332		<td>
1333
1334		</td>
1335		<td>
1336
1337		<p>
1338		Helper macro for <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> next() </td>
1339		</tr>
1340		</table>
1341		<a class="anchor" name="g59a9f96a6c00b64c0ab971f7e9b5aae2"></a><!-- doxytag: member="CredentialsCache.h::cc_credentials_iterator_clone" ref="g59a9f96a6c00b64c0ab971f7e9b5aae2" args="(iterator, new_iterator)" --><p>
1342		<table class="mdTable" cellpadding="2" cellspacing="0">
1343		<tr>
1344		<td class="mdRow">
1345		<table cellpadding="0" cellspacing="0" border="0">
1346		<tr>
1347		<td class="md" nowrap valign="top">#define cc_credentials_iterator_clone </td>
1348		<td class="md" valign="top">( </td>
1349		<td class="md" nowrap valign="top">iterator, <tr>
1350		<td class="md" nowrap align="right"></td>
1351		<td class="md"></td>
1352		<td class="md" nowrap>new_iterator </td>
1353		<td class="mdname1" valign="top" nowrap> </td>
1354		<td class="md" valign="top"> ) </td>
1355		<td class="md" nowrap>   ((iterator) -> functions -> clone (iterator, new_iterator))</td>
1356		</tr>
1357		</table>
1358		</td>
1359		</tr>
1360		</table>
1361		<table cellspacing="5" cellpadding="0" border="0">
1362		<tr>
1363		<td>
1364
1365		</td>
1366		<td>
1367
1368		<p>
1369		Helper macro for <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> clone() </td>
1370		</tr>
1371		</table>
1372		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
1373		<a href="http://www.doxygen.org/index.html">
1374		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
1375		</body>
1376		</html>

+0

-85

~~doc/ccapi/html/index.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : Credentials Cache API (CCAPI) Documentation</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>Credentials Cache API (CCAPI) Documentation</h1>
8		<p>
9		<h2><a class="anchor" name="toc">
10		Table of Contents</a></h2>
11		<ul>
12		<li><a class="el" href="index.html#introduction">Introduction</a> </li>
13		<li><a class="el" href="index.html#error_handling">Error Handling</a> </li>
14		<li><a class="el" href="index.html#synchronization_atomicity">Synchronization and Atomicity</a> </li>
15		<li><a class="el" href="index.html#memory_management">Object Memory Management</a> </li>
16		<li><a class="el" href="index.html#opaque_types">Opaque Types</a></li>
17		</ul>
18		<ul>
19		<li><a class="el" href="group__ccapi__constants__reference.html">Constants</a> </li>
20		<li><a class="el" href="group__ccapi__types__reference.html">Basic Types</a></li>
21		</ul>
22		<ul>
23		<li><a class="el" href="group__cc__context__reference.html">cc_context_t Overview</a> </li>
24		<li><a class="el" href="structcc__context__f.html">cc_context_t Functions</a></li>
25		</ul>
26		<ul>
27		<li><a class="el" href="group__cc__ccache__reference.html">cc_ccache_t Overview</a> </li>
28		<li><a class="el" href="structcc__ccache__f.html">cc_ccache_t Functions</a></li>
29		</ul>
30		<ul>
31		<li><a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a> </li>
32		<li><a class="el" href="structcc__credentials__f.html">cc_credentials_t Functions</a></li>
33		</ul>
34		<ul>
35		<li><a class="el" href="group__cc__ccache__iterator__reference.html">cc_ccache_iterator_t Overview</a> </li>
36		<li><a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_t Functions</a></li>
37		</ul>
38		<ul>
39		<li><a class="el" href="group__cc__credentials__iterator__reference.html">cc_credentials_iterator_t</a> </li>
40		<li><a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_t Functions</a></li>
41		</ul>
42		<ul>
43		<li><a class="el" href="group__cc__string__reference.html">cc_string_t Overview</a> </li>
44		<li><a class="el" href="structcc__string__f.html">cc_string_t Functions</a></li>
45		</ul>
46		<h2><a class="anchor" name="introduction">
47		Introduction</a></h2>
48		This is the specification for an API which provides Credentials Cache services for both Kerberos v5 and v4. The idea behind this API is that multiple Kerberos implementations can share a single collection of credentials caches, mediated by this API specification. On the Mac OS and Microsoft Windows platforms this will allow single-login, even when more than one Kerberos shared library is in use on a particular system.<p>
49		Abstractly, a credentials cache collection contains one or more credentials caches, or ccaches. A ccache is uniquely identified by its name, which is a string internal to the API and not intended to be presented to users. The user presentable identifier of a ccache is its principal.<p>
50		Unlike the previous versions of the API, version 3 of the API stores both Kerberos v4 and v5 credentials in the same ccache.<p>
51		At any given time, one ccache is the "default" ccache. The exact meaning of a default ccache is OS-specific; refer to implementation requirements for details.<h2><a class="anchor" name="error_handling">
52		Error Handling</a></h2>
53		All functions of the API return some of the error constants listed FIXME; the exact list of error constants returned by any API function is provided in the function descriptions below.<p>
54		When returning an error constant other than ccNoError or ccIteratorEnd, API functions never modify any of the values passed in by reference.<h2><a class="anchor" name="synchronization_atomicity">
55		Synchronization and Atomicity</a></h2>
56		Every function in the API is atomic. In order to make a series of calls atomic, callers should lock the ccache or cache collection they are working with to advise other callers not to modify that container. Note that advisory locks are per container so even if you have a read lock on the cache collection other callers can obtain write locks on ccaches in that cache collection.<p>
57		Note that iterators do not iterate over ccaches and credentials atomically because locking ccaches and the cache collection over every iteration would degrade performance considerably under high load. However, iterators do guarantee a consistent view of items they are iterating over. Iterators will never return duplicate entries or skip entries when items are removed or added to the container they are iterating over.<p>
58		An application can always lock a ccache or the cache collection to guarantee that other callers participating in the advisory locking system do not modify the ccache or cache collection.<p>
59		Implementations should not use copy-on-write techniques to implement locks because those techniques imply that same parts of the ccache collection remain visible to some callers even though they are not present in the collection, which is a potential security risk. For example, a copy-on-write technique might make a copy of the entire collection when a read lock is acquired, so as to allow the owner of the lock to access the collection in an apparently unmodified state, while also allowing others to make modifications to the collection. However, this would also enable the owner of the lock to indefinitely (until the expiration time) use credentials that have actually been deleted from the collection.<h2><a class="anchor" name="memory_management">
60		Object Memory Management</a></h2>
61		The lifetime of an object returned by the API is until release() is called for it. Releasing one object has no effect on existence of any other object. For example, a ccache obtained within a context continue to exist when the context is released.<p>
62		Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t, cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the caller of the API, and it is the responsibility of the caller to call release() for every object to prevent memory leaks.<h2><a class="anchor" name="opaque_types">
63		Opaque Types</a></h2>
64		All of the opaque high-level types in CCache API are implemented as structures of function pointers and private data. To perform some operation on a type, the caller of the API has to first obtain an instance of that type, and then call the appropriate function pointer from that instance. For example, to call get_change_time() on a cc_context_t, one would call <a class="el" href="group__cc__context__reference.html#ge4174587d8bb261e32194bbb9585fb82">cc_initialize()</a> which creates a new cc_context_t and then call its get_change_time(), like this:<p>
65		<div class="fragment"><pre class="fragment"> <a class="code" href="structcc__context__d.html">cc_context_t</a> context;
66		<a class="code" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> err = <a class="code" href="group__cc__context__reference.html#ge4174587d8bb261e32194bbb9585fb82">cc_initialize</a> (&context, <a class="code" href="group__ccapi__constants__reference.html#gg06fc87d81c62e9abb8790b6e5713c55b26f201de4113dda3b4ec78dcda95d5a1">ccapi_version_3</a>, nil, nil);
67		<span class="keywordflow">if</span> (err == <a class="code" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>)
68		time = context-><a class="code" href="structcc__context__d.html#ac5b195bc75b92f5c1924e6a3a6aa611">functions</a>-><a class="code" href="structcc__context__f.html#51bd5a48dcd263bfb3128cc5838b4cd7">get_change_time</a> (context)
69		</pre></div><p>
70		All API functions also have convenience preprocessor macros, which make the API seem completely function-based. For example, cc_context_get_change_time (context, time) is equivalent to context->functions->get_change_time (context, time). The convenience macros follow the following naming convention:<p>
71		The API function some_function() <div class="fragment"><pre class="fragment"> cc_type_t an_object;
72		result = an_object->functions->some_function (opaque_pointer, args)
73		</pre></div><p>
74		has an equivalent convenience macro of the form cc_type_some_function(): <div class="fragment"><pre class="fragment"> cc_type_t an_object;
75		result = cc_type_some_function (an_object, args)
76		</pre></div><p>
77		The specifications below include the names for both the functions and the convenience macros, in that order. For clarity, it is recommended that clients using the API use the convenience macros, but that is merely a stylistic choice.<p>
78		Implementing the API in this manner allows us to extend and change the interface in the future, while preserving compatibility with older clients.<p>
79		For example, consider the case when the signature or the semantics of a cc_ccache_t function is changed. The API version number is incremented. The library implementation contains both a function with the old signature and semantics and a function with the new signature and semantics. When a context is created, the API version number used in that context is stored in the context, and therefore it can be used whenever a ccache is created in that context. When a ccache is created in a context with the old API version number, the function pointer structure for the ccache is filled with pointers to functions implementing the old semantics; when a ccache is created in a context with the new API version number, the function pointer structure for the ccache is filled with poitners to functions implementing the new semantics.<p>
80		Similarly, if a function is added to the API, the version number in the context can be used to decide whether to include the implementation of the new function in the appropriate function pointer structure or not. <hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
81		<a href="http://www.doxygen.org/index.html">
82		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
83		</body>
84		</html>

+0

-43

~~doc/ccapi/html/structcc__ccache__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__ccache__reference.html">cc_ccache_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_ccache_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a> * <a class="el" href="structcc__ccache__d.html#55d1ef4ddfa9a0e84a35791bb5da4bb3">functions</a>
13		</ul>
14		<hr><h2>Field Documentation</h2>
15		<a class="anchor" name="55d1ef4ddfa9a0e84a35791bb5da4bb3"></a><!-- doxytag: member="cc_ccache_d::functions" ref="55d1ef4ddfa9a0e84a35791bb5da4bb3" args="" --><p>
16		<table class="mdTable" cellpadding="2" cellspacing="0">
17		<tr>
18		<td class="mdRow">
19		<table cellpadding="0" cellspacing="0" border="0">
20		<tr>
21		<td class="md" nowrap valign="top">const <a class="el" href="structcc__ccache__f.html">cc_ccache_f</a>* <a class="el" href="structcc__ccache__d.html#55d1ef4ddfa9a0e84a35791bb5da4bb3">functions</a> </td>
22		</tr>
23		</table>
24		</td>
25		</tr>
26		</table>
27		<table cellspacing="5" cellpadding="0" border="0">
28		<tr>
29		<td>
30
31		</td>
32		<td>
33
34		<p>
35		</td>
36		</tr>
37		</table>
38		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
39		<a href="http://www.doxygen.org/index.html">
40		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
41		</body>
42		</html>

+0

-722

~~doc/ccapi/html/structcc__ccache__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_f Struct Reference</h1><!-- doxytag: class="cc_ccache_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_ccache_t. For more information see <a class="el" href="group__cc__ccache__reference.html">cc_ccache_t Overview</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#ef46c1c04ceb1a0a479db84ddba7160c">release</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ge517135d87d8775d77b426d57a491ef0">cc_ccache_release()</a></b>: Release memory associated with a cc_ccache_t object. <a href="#ef46c1c04ceb1a0a479db84ddba7160c"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#86872ea5155e7ff57f4674a8f8c1d6c5">destroy</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache)
14		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ge05b68d91bece2f99b531e96cde8d457">cc_ccache_destroy()</a></b>: Destroy a ccache. <a href="#86872ea5155e7ff57f4674a8f8c1d6c5"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#93c7e154d7472227b02d240a13dd53da">set_default</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache)
15		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g535b92993b85d92b67fa622447afbe13">cc_ccache_set_default()</a></b>: Make a ccache the default ccache. <a href="#93c7e154d7472227b02d240a13dd53da"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#934cc9927404ee42460008b49e572158">get_credentials_version</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_credentials_version)
16		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g934f93499765bdd179bb2342ae0f0fa6">cc_ccache_get_credentials_version()</a></b>: Get the credentials version of a ccache. <a href="#934cc9927404ee42460008b49e572158"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#e60fec8fe34019df7108e8deed0f52ac">get_name</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_name)
17		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g042bea6044879ec03996b190792e3ae9">cc_ccache_get_name()</a></b>: Get the name of a ccache. <a href="#e60fec8fe34019df7108e8deed0f52ac"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#ef23df23bb71b1f01138b791bc8b6255">get_principal</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_principal)
18		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g464aa49a2e8054c9c3c2a3410eaf5c54">cc_ccache_get_principal()</a></b>: Get the principal of a ccache. <a href="#ef23df23bb71b1f01138b791bc8b6255"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#0d72ae907e8357633fe4ff2248818f42">set_principal</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, const char *in_principal)
19		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a></b>: Set the principal of a ccache. <a href="#0d72ae907e8357633fe4ff2248818f42"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#c4ac7d0cb5e15309978d8c4990f769a3">store_credentials</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, const <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> *in_credentials_union)
20		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g35c1548dbacb8907da7b8c3124eabf39">cc_ccache_store_credentials()</a></b>: Store credentials in a ccache. <a href="#c4ac7d0cb5e15309978d8c4990f769a3"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#6cc6d19ff6044fafc3cd9f42c338341c">remove_credentials</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_credentials)
21		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ga1bbc05414ad4c17cea9cd5e5c50c7cc">cc_ccache_remove_credentials()</a></b>: Remove credentials from a ccache. <a href="#6cc6d19ff6044fafc3cd9f42c338341c"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#4efc19a7cd2ac6695da44cb7f7e9be14">new_credentials_iterator</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> *out_credentials_iterator)
22		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g893b31c419e71c2f528781d3036fa3ff">cc_ccache_new_credentials_iterator()</a></b>: Iterate over credentials in a ccache. <a href="#4efc19a7cd2ac6695da44cb7f7e9be14"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#d4e0dc020d293643405a07396b6f5942">move</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_source_ccache, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_destination_ccache)
23		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move()</a></b>: Move the contents of one ccache into another, destroying the source. <a href="#d4e0dc020d293643405a07396b6f5942"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#731d262d2aa179451f824d320c460f58">lock</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_lock_type, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_block)
24		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gb8c2624719ee1c4be5f1b1bc4844f0cc">cc_ccache_lock()</a></b>: Lock a ccache. <a href="#731d262d2aa179451f824d320c460f58"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#bffbfe60a3e8da64224623df5235159a">unlock</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache)
25		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ge9b13c950cb6ee636c4a73d6c569a811">cc_ccache_unlock()</a></b>: Unlock a ccache. <a href="#bffbfe60a3e8da64224623df5235159a"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#c65301a0ef050524286130185c3ec06d">get_last_default_time</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_last_default_time)
26		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a></b>: Get the last time a ccache was the default ccache. <a href="#c65301a0ef050524286130185c3ec06d"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#a73ffc6e33ca8155cd644aa5d702c36f">get_change_time</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_change_time)
27		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a></b>: Get the last time a ccache changed. <a href="#a73ffc6e33ca8155cd644aa5d702c36f"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#30719ac8b49a62bf73cb2841e397a81d">compare</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_compare_to_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal)
28		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g197ff60fac986634fbef8ca102ec54a5">cc_ccache_compare()</a></b>: Compare two ccache objects. <a href="#30719ac8b49a62bf73cb2841e397a81d"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#106ee10feffc1681c7583d6aac4d33b4">get_kdc_time_offset</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_time_offset)
29		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g1fa36a89752da4a491d2ecdad17f8b0e">cc_ccache_get_kdc_time_offset()</a></b>: Get the KDC time offset for credentials in a ccache. <a href="#106ee10feffc1681c7583d6aac4d33b4"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#d537ad02da9b4eae3f5e51df0c58ee2e">set_kdc_time_offset</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> in_time_offset)
30		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g519bf0ab152e5a3d2beee8a76a27d16e">cc_ccache_set_kdc_time_offset()</a></b>: Set the KDC time offset for credentials in a ccache. <a href="#d537ad02da9b4eae3f5e51df0c58ee2e"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#bc092bd23b9081d12e695faa55913257">clear_kdc_time_offset</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version)
31		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g803c35f92992dc0b73e8809d13ebabab">cc_ccache_clear_kdc_time_offset()</a></b>: Clear the KDC time offset for credentials in a ccache. <a href="#bc092bd23b9081d12e695faa55913257"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#4c815231f7e071a1dedd9aef3cedb0ef">wait_for_change</a> )(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache)
32		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a></b>: Wait for the next change to a ccache. <a href="#4c815231f7e071a1dedd9aef3cedb0ef"></a><br></dl></ul>
33		<hr><h2>Field Documentation</h2>
34		<a class="anchor" name="ef46c1c04ceb1a0a479db84ddba7160c"></a><!-- doxytag: member="cc_ccache_f::release" ref="ef46c1c04ceb1a0a479db84ddba7160c" args=")(cc_ccache_t io_ccache)" --><p>
35		<table class="mdTable" cellpadding="2" cellspacing="0">
36		<tr>
37		<td class="mdRow">
38		<table cellpadding="0" cellspacing="0" border="0">
39		<tr>
40		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#ef46c1c04ceb1a0a479db84ddba7160c">release</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache) </td>
41		</tr>
42		</table>
43		</td>
44		</tr>
45		</table>
46		<table cellspacing="5" cellpadding="0" border="0">
47		<tr>
48		<td>
49
50		</td>
51		<td>
52
53		<p>
54		<b><a class="el" href="group__helper__macros.html#ge517135d87d8775d77b426d57a491ef0">cc_ccache_release()</a></b>: Release memory associated with a cc_ccache_t object.
55		<p>
56		<dl compact><dt><b>Parameters:</b></dt><dd>
57		<table border="0" cellspacing="2" cellpadding="0">
58		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>the ccache object to release. </td></tr>
59		</table>
60		</dl>
61		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
62		<dl compact><dt><b>Note:</b></dt><dd>Does not modify the ccache. If you wish to remove the ccache see <a class="el" href="group__helper__macros.html#ge05b68d91bece2f99b531e96cde8d457">cc_ccache_destroy()</a>. </dd></dl>
63		</td>
64		</tr>
65		</table>
66		<a class="anchor" name="86872ea5155e7ff57f4674a8f8c1d6c5"></a><!-- doxytag: member="cc_ccache_f::destroy" ref="86872ea5155e7ff57f4674a8f8c1d6c5" args=")(cc_ccache_t io_ccache)" --><p>
67		<table class="mdTable" cellpadding="2" cellspacing="0">
68		<tr>
69		<td class="mdRow">
70		<table cellpadding="0" cellspacing="0" border="0">
71		<tr>
72		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#86872ea5155e7ff57f4674a8f8c1d6c5">destroy</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache) </td>
73		</tr>
74		</table>
75		</td>
76		</tr>
77		</table>
78		<table cellspacing="5" cellpadding="0" border="0">
79		<tr>
80		<td>
81
82		</td>
83		<td>
84
85		<p>
86		<b><a class="el" href="group__helper__macros.html#ge05b68d91bece2f99b531e96cde8d457">cc_ccache_destroy()</a></b>: Destroy a ccache.
87		<p>
88		<dl compact><dt><b>Parameters:</b></dt><dd>
89		<table border="0" cellspacing="2" cellpadding="0">
90		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>the ccache object to destroy and release. </td></tr>
91		</table>
92		</dl>
93		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
94		Destroy the ccache referred to by <em>io_ccache</em> and releases memory associated with the <em>io_ccache</em> object. After this call <em>io_ccache</em> becomes invalid. If <em>io_ccache</em> was the default ccache, the next ccache in the cache collection (if any) becomes the new default. </td>
95		</tr>
96		</table>
97		<a class="anchor" name="93c7e154d7472227b02d240a13dd53da"></a><!-- doxytag: member="cc_ccache_f::set_default" ref="93c7e154d7472227b02d240a13dd53da" args=")(cc_ccache_t io_ccache)" --><p>
98		<table class="mdTable" cellpadding="2" cellspacing="0">
99		<tr>
100		<td class="mdRow">
101		<table cellpadding="0" cellspacing="0" border="0">
102		<tr>
103		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#93c7e154d7472227b02d240a13dd53da">set_default</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache) </td>
104		</tr>
105		</table>
106		</td>
107		</tr>
108		</table>
109		<table cellspacing="5" cellpadding="0" border="0">
110		<tr>
111		<td>
112
113		</td>
114		<td>
115
116		<p>
117		<b><a class="el" href="group__helper__macros.html#g535b92993b85d92b67fa622447afbe13">cc_ccache_set_default()</a></b>: Make a ccache the default ccache.
118		<p>
119		<dl compact><dt><b>Parameters:</b></dt><dd>
120		<table border="0" cellspacing="2" cellpadding="0">
121		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>a ccache object to make the new default ccache. </td></tr>
122		</table>
123		</dl>
124		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
125		</td>
126		</tr>
127		</table>
128		<a class="anchor" name="934cc9927404ee42460008b49e572158"></a><!-- doxytag: member="cc_ccache_f::get_credentials_version" ref="934cc9927404ee42460008b49e572158" args=")(cc_ccache_t in_ccache, cc_uint32 *out_credentials_version)" --><p>
129		<table class="mdTable" cellpadding="2" cellspacing="0">
130		<tr>
131		<td class="mdRow">
132		<table cellpadding="0" cellspacing="0" border="0">
133		<tr>
134		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#934cc9927404ee42460008b49e572158">get_credentials_version</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_credentials_version) </td>
135		</tr>
136		</table>
137		</td>
138		</tr>
139		</table>
140		<table cellspacing="5" cellpadding="0" border="0">
141		<tr>
142		<td>
143
144		</td>
145		<td>
146
147		<p>
148		<b><a class="el" href="group__helper__macros.html#g934f93499765bdd179bb2342ae0f0fa6">cc_ccache_get_credentials_version()</a></b>: Get the credentials version of a ccache.
149		<p>
150		<dl compact><dt><b>Parameters:</b></dt><dd>
151		<table border="0" cellspacing="2" cellpadding="0">
152		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
153		<tr><td valign="top"></td><td valign="top"><em>out_credentials_version</em> </td><td>on exit, the credentials version of <em>in_ccache</em>. </td></tr>
154		</table>
155		</dl>
156		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
157		<a class="el" href="group__helper__macros.html#g934f93499765bdd179bb2342ae0f0fa6">cc_ccache_get_credentials_version()</a> returns one value of the enumerated type cc_credentials_vers. The possible return values are <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa">cc_credentials_v4</a> (if ccache's v4 principal has been set), <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668">cc_credentials_v5</a> (if ccache's v5 principal has been set), or <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35ca49ae6c35599f5860241601dcb0c9e0d">cc_credentials_v4_v5</a> (if both ccache's v4 and v5 principals have been set). A ccache's principal is set with one of <a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a>, <a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a>, <a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a>, or <a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a>. </td>
158		</tr>
159		</table>
160		<a class="anchor" name="e60fec8fe34019df7108e8deed0f52ac"></a><!-- doxytag: member="cc_ccache_f::get_name" ref="e60fec8fe34019df7108e8deed0f52ac" args=")(cc_ccache_t in_ccache, cc_string_t *out_name)" --><p>
161		<table class="mdTable" cellpadding="2" cellspacing="0">
162		<tr>
163		<td class="mdRow">
164		<table cellpadding="0" cellspacing="0" border="0">
165		<tr>
166		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#e60fec8fe34019df7108e8deed0f52ac">get_name</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_name) </td>
167		</tr>
168		</table>
169		</td>
170		</tr>
171		</table>
172		<table cellspacing="5" cellpadding="0" border="0">
173		<tr>
174		<td>
175
176		</td>
177		<td>
178
179		<p>
180		<b><a class="el" href="group__helper__macros.html#g042bea6044879ec03996b190792e3ae9">cc_ccache_get_name()</a></b>: Get the name of a ccache.
181		<p>
182		<dl compact><dt><b>Parameters:</b></dt><dd>
183		<table border="0" cellspacing="2" cellpadding="0">
184		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
185		<tr><td valign="top"></td><td valign="top"><em>out_name</em> </td><td>on exit, a cc_string_t representing the name of <em>in_ccache</em>. <em>out_name</em> must be released with <a class="el" href="group__helper__macros.html#ge9bebfed2d574e69f29dd341bc8a63d9">cc_string_release()</a>. </td></tr>
186		</table>
187		</dl>
188		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
189		</td>
190		</tr>
191		</table>
192		<a class="anchor" name="ef23df23bb71b1f01138b791bc8b6255"></a><!-- doxytag: member="cc_ccache_f::get_principal" ref="ef23df23bb71b1f01138b791bc8b6255" args=")(cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_string_t *out_principal)" --><p>
193		<table class="mdTable" cellpadding="2" cellspacing="0">
194		<tr>
195		<td class="mdRow">
196		<table cellpadding="0" cellspacing="0" border="0">
197		<tr>
198		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#ef23df23bb71b1f01138b791bc8b6255">get_principal</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_principal) </td>
199		</tr>
200		</table>
201		</td>
202		</tr>
203		</table>
204		<table cellspacing="5" cellpadding="0" border="0">
205		<tr>
206		<td>
207
208		</td>
209		<td>
210
211		<p>
212		<b><a class="el" href="group__helper__macros.html#g464aa49a2e8054c9c3c2a3410eaf5c54">cc_ccache_get_principal()</a></b>: Get the principal of a ccache.
213		<p>
214		<dl compact><dt><b>Parameters:</b></dt><dd>
215		<table border="0" cellspacing="2" cellpadding="0">
216		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
217		<tr><td valign="top"></td><td valign="top"><em>in_credentials_version</em> </td><td>the credentials version to get the principal for. </td></tr>
218		<tr><td valign="top"></td><td valign="top"><em>out_principal</em> </td><td>on exit, a cc_string_t representing the principal of <em>in_ccache</em>. <em>out_principal</em> must be released with <a class="el" href="group__helper__macros.html#ge9bebfed2d574e69f29dd341bc8a63d9">cc_string_release()</a>. </td></tr>
219		</table>
220		</dl>
221		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
222		Return the principal for the ccache that was set via <a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a>, <a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a>, <a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a>, or <a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a>. Principals for v4 and v5 are separate, but should be kept synchronized for each ccache; they can be retrieved by passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing cc_credentials_v4_v5 will result in the error ccErrBadCredentialsVersion. </td>
223		</tr>
224		</table>
225		<a class="anchor" name="0d72ae907e8357633fe4ff2248818f42"></a><!-- doxytag: member="cc_ccache_f::set_principal" ref="0d72ae907e8357633fe4ff2248818f42" args=")(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal)" --><p>
226		<table class="mdTable" cellpadding="2" cellspacing="0">
227		<tr>
228		<td class="mdRow">
229		<table cellpadding="0" cellspacing="0" border="0">
230		<tr>
231		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#0d72ae907e8357633fe4ff2248818f42">set_principal</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, const char *in_principal) </td>
232		</tr>
233		</table>
234		</td>
235		</tr>
236		</table>
237		<table cellspacing="5" cellpadding="0" border="0">
238		<tr>
239		<td>
240
241		</td>
242		<td>
243
244		<p>
245		<b><a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a></b>: Set the principal of a ccache.
246		<p>
247		<dl compact><dt><b>Parameters:</b></dt><dd>
248		<table border="0" cellspacing="2" cellpadding="0">
249		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
250		<tr><td valign="top"></td><td valign="top"><em>in_credentials_version</em> </td><td>the credentials version to set the principal for. </td></tr>
251		<tr><td valign="top"></td><td valign="top"><em>in_principal</em> </td><td>a C string representing the new principal of <em>in_ccache</em>. </td></tr>
252		</table>
253		</dl>
254		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
255		Set the a principal for ccache. The v4 and v5 principals can be set independently, but they should always be kept equal, up to differences in string representation between v4 and v5. Passing cc_credentials_v4_v5 in cred_vers will result in the error ccErrBadCredentialsVersion. </td>
256		</tr>
257		</table>
258		<a class="anchor" name="c4ac7d0cb5e15309978d8c4990f769a3"></a><!-- doxytag: member="cc_ccache_f::store_credentials" ref="c4ac7d0cb5e15309978d8c4990f769a3" args=")(cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union)" --><p>
259		<table class="mdTable" cellpadding="2" cellspacing="0">
260		<tr>
261		<td class="mdRow">
262		<table cellpadding="0" cellspacing="0" border="0">
263		<tr>
264		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#c4ac7d0cb5e15309978d8c4990f769a3">store_credentials</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, const <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> *in_credentials_union) </td>
265		</tr>
266		</table>
267		</td>
268		</tr>
269		</table>
270		<table cellspacing="5" cellpadding="0" border="0">
271		<tr>
272		<td>
273
274		</td>
275		<td>
276
277		<p>
278		<b><a class="el" href="group__helper__macros.html#g35c1548dbacb8907da7b8c3124eabf39">cc_ccache_store_credentials()</a></b>: Store credentials in a ccache.
279		<p>
280		<dl compact><dt><b>Parameters:</b></dt><dd>
281		<table border="0" cellspacing="2" cellpadding="0">
282		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>a ccache object. </td></tr>
283		<tr><td valign="top"></td><td valign="top"><em>in_credentials_union</em> </td><td>the credentials to store in <em>io_ccache</em>. </td></tr>
284		</table>
285		</dl>
286		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
287		Store a copy of credentials in the ccache.<p>
288		See the description of the credentials types for the meaning of <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> fields.<p>
289		Before credentials of a specific credential type can be stored in a ccache, the corresponding principal version has to be set. For example, before you can store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set either by <a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a>, <a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a>, <a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a>, or <a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a>; likewise for Kerberos v5. Otherwise, ccErrBadCredentialsVersion is returned. </td>
290		</tr>
291		</table>
292		<a class="anchor" name="6cc6d19ff6044fafc3cd9f42c338341c"></a><!-- doxytag: member="cc_ccache_f::remove_credentials" ref="6cc6d19ff6044fafc3cd9f42c338341c" args=")(cc_ccache_t io_ccache, cc_credentials_t in_credentials)" --><p>
293		<table class="mdTable" cellpadding="2" cellspacing="0">
294		<tr>
295		<td class="mdRow">
296		<table cellpadding="0" cellspacing="0" border="0">
297		<tr>
298		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#6cc6d19ff6044fafc3cd9f42c338341c">remove_credentials</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_credentials) </td>
299		</tr>
300		</table>
301		</td>
302		</tr>
303		</table>
304		<table cellspacing="5" cellpadding="0" border="0">
305		<tr>
306		<td>
307
308		</td>
309		<td>
310
311		<p>
312		<b><a class="el" href="group__helper__macros.html#ga1bbc05414ad4c17cea9cd5e5c50c7cc">cc_ccache_remove_credentials()</a></b>: Remove credentials from a ccache.
313		<p>
314		<dl compact><dt><b>Parameters:</b></dt><dd>
315		<table border="0" cellspacing="2" cellpadding="0">
316		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>a ccache object. </td></tr>
317		<tr><td valign="top"></td><td valign="top"><em>in_credentials</em> </td><td>the credentials to remove from <em>io_ccache</em>. </td></tr>
318		</table>
319		</dl>
320		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
321		Removes credentials from a ccache. Note that credentials must be previously acquired from the CCache API; only exactly matching credentials will be removed. (This places the burden of determining exactly which credentials to remove on the caller, but ensures there is no ambigity about which credentials will be removed.) cc_credentials_t objects can be obtained by iterating over the ccache's credentials with <a class="el" href="group__helper__macros.html#g893b31c419e71c2f528781d3036fa3ff">cc_ccache_new_credentials_iterator()</a>.<p>
322		If found, the credentials are removed from the ccache. The credentials parameter is not modified and should be freed by the caller. It is legitimate to call this function while an iterator is traversing the ccache, and the deletion of a credential already returned by <a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next()</a> will not disturb sequence of credentials returned by <a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next()</a>. </td>
323		</tr>
324		</table>
325		<a class="anchor" name="4efc19a7cd2ac6695da44cb7f7e9be14"></a><!-- doxytag: member="cc_ccache_f::new_credentials_iterator" ref="4efc19a7cd2ac6695da44cb7f7e9be14" args=")(cc_ccache_t in_ccache, cc_credentials_iterator_t *out_credentials_iterator)" --><p>
326		<table class="mdTable" cellpadding="2" cellspacing="0">
327		<tr>
328		<td class="mdRow">
329		<table cellpadding="0" cellspacing="0" border="0">
330		<tr>
331		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#4efc19a7cd2ac6695da44cb7f7e9be14">new_credentials_iterator</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> *out_credentials_iterator) </td>
332		</tr>
333		</table>
334		</td>
335		</tr>
336		</table>
337		<table cellspacing="5" cellpadding="0" border="0">
338		<tr>
339		<td>
340
341		</td>
342		<td>
343
344		<p>
345		<b><a class="el" href="group__helper__macros.html#g893b31c419e71c2f528781d3036fa3ff">cc_ccache_new_credentials_iterator()</a></b>: Iterate over credentials in a ccache.
346		<p>
347		<dl compact><dt><b>Parameters:</b></dt><dd>
348		<table border="0" cellspacing="2" cellpadding="0">
349		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
350		<tr><td valign="top"></td><td valign="top"><em>out_credentials_iterator</em> </td><td>a credentials iterator for <em>io_ccache</em>. </td></tr>
351		</table>
352		</dl>
353		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
354		Allocates memory for iterator and initializes it. Successive calls to <a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next()</a> will return credentials from the ccache.<p>
355		If changes are made to the ccache while an iterator is being used on it, the iterator must return at least the intersection, and at most the union, of the set of credentials that were in the ccache when the iteration began and the set of credentials that are in the ccache when it ends. </td>
356		</tr>
357		</table>
358		<a class="anchor" name="d4e0dc020d293643405a07396b6f5942"></a><!-- doxytag: member="cc_ccache_f::move" ref="d4e0dc020d293643405a07396b6f5942" args=")(cc_ccache_t io_source_ccache, cc_ccache_t io_destination_ccache)" --><p>
359		<table class="mdTable" cellpadding="2" cellspacing="0">
360		<tr>
361		<td class="mdRow">
362		<table cellpadding="0" cellspacing="0" border="0">
363		<tr>
364		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#d4e0dc020d293643405a07396b6f5942">move</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_source_ccache, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_destination_ccache) </td>
365		</tr>
366		</table>
367		</td>
368		</tr>
369		</table>
370		<table cellspacing="5" cellpadding="0" border="0">
371		<tr>
372		<td>
373
374		</td>
375		<td>
376
377		<p>
378		<b><a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move()</a></b>: Move the contents of one ccache into another, destroying the source.
379		<p>
380		<dl compact><dt><b>Parameters:</b></dt><dd>
381		<table border="0" cellspacing="2" cellpadding="0">
382		<tr><td valign="top"></td><td valign="top"><em>io_source_ccache</em> </td><td>a ccache object to move. </td></tr>
383		<tr><td valign="top"></td><td valign="top"><em>io_destination_ccache</em> </td><td>a ccache object replace with the contents of <em>io_source_ccache</em>. </td></tr>
384		</table>
385		</dl>
386		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
387		<a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move()</a> atomically copies the credentials, credential versions and principals from one ccache to another. On successful completion <em>io_source_ccache</em> will be released and the ccache it points to will be destroyed. Any credentials previously in <em>io_destination_ccache</em> will be replaced with credentials from <em>io_source_ccache</em>. The only part of <em>io_destination_ccache</em> which remains constant is the name. Any other callers referring to <em>io_destination_ccache</em> will suddenly see new data in it.<p>
388		Typically <a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move()</a> is used when the caller wishes to safely overwrite the contents of a ccache with new data which requires several steps to generate. <a class="el" href="group__helper__macros.html#ge1238f80c37ae89486f2ba29bcbcae38">cc_ccache_move()</a> allows the caller to create a temporary ccache (which can be destroyed if any intermediate step fails) and the atomically copy the temporary cache into the destination. </td>
389		</tr>
390		</table>
391		<a class="anchor" name="731d262d2aa179451f824d320c460f58"></a><!-- doxytag: member="cc_ccache_f::lock" ref="731d262d2aa179451f824d320c460f58" args=")(cc_ccache_t io_ccache, cc_uint32 in_lock_type, cc_uint32 in_block)" --><p>
392		<table class="mdTable" cellpadding="2" cellspacing="0">
393		<tr>
394		<td class="mdRow">
395		<table cellpadding="0" cellspacing="0" border="0">
396		<tr>
397		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#731d262d2aa179451f824d320c460f58">lock</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_lock_type, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_block) </td>
398		</tr>
399		</table>
400		</td>
401		</tr>
402		</table>
403		<table cellspacing="5" cellpadding="0" border="0">
404		<tr>
405		<td>
406
407		</td>
408		<td>
409
410		<p>
411		<b><a class="el" href="group__helper__macros.html#gb8c2624719ee1c4be5f1b1bc4844f0cc">cc_ccache_lock()</a></b>: Lock a ccache.
412		<p>
413		<dl compact><dt><b>Parameters:</b></dt><dd>
414		<table border="0" cellspacing="2" cellpadding="0">
415		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>the ccache object for the ccache you wish to lock. </td></tr>
416		<tr><td valign="top"></td><td valign="top"><em>in_lock_type</em> </td><td>the type of lock to obtain. </td></tr>
417		<tr><td valign="top"></td><td valign="top"><em>in_block</em> </td><td>whether or not the function should block if the lock cannot be obtained immediately. </td></tr>
418		</table>
419		</dl>
420		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
421		Attempts to acquire an advisory lock for a ccache. Allowed values for lock_type are:<p>
422		<ul>
423		<li>cc_lock_read: a read lock. </li>
424		<li>cc_lock_write: a write lock </li>
425		<li>cc_lock_upgrade: upgrade an already-obtained read lock to a write lock </li>
426		<li>cc_lock_downgrade: downgrade an already-obtained write lock to a read lock</li>
427		</ul>
428		If block is cc_lock_block, <a class="el" href="structcc__ccache__f.html#731d262d2aa179451f824d320c460f58">lock()</a> will not return until the lock is acquired. If block is cc_lock_noblock, <a class="el" href="structcc__ccache__f.html#731d262d2aa179451f824d320c460f58">lock()</a> will return immediately, either acquiring the lock and returning ccNoError, or failing to acquire the lock and returning an error explaining why.<p>
429		To avoid having to deal with differences between thread semantics on different platforms, locks are granted per ccache, rather than per thread or per process. That means that different threads of execution have to acquire separate contexts in order to be able to synchronize with each other.<p>
430		The lock should be unlocked by using <a class="el" href="group__helper__macros.html#ge9b13c950cb6ee636c4a73d6c569a811">cc_ccache_unlock()</a>.<p>
431		<dl compact><dt><b>Note:</b></dt><dd>All locks are advisory. For example, callers which do not call <a class="el" href="group__helper__macros.html#gb8c2624719ee1c4be5f1b1bc4844f0cc">cc_ccache_lock()</a> and <a class="el" href="group__helper__macros.html#ge9b13c950cb6ee636c4a73d6c569a811">cc_ccache_unlock()</a> will not be prevented from writing to the ccache when you have a read lock. This is because the CCAPI locking was added after the first release and thus adding mandatory locks would have changed the user experience and performance of existing applications. </dd></dl>
432		</td>
433		</tr>
434		</table>
435		<a class="anchor" name="bffbfe60a3e8da64224623df5235159a"></a><!-- doxytag: member="cc_ccache_f::unlock" ref="bffbfe60a3e8da64224623df5235159a" args=")(cc_ccache_t io_ccache)" --><p>
436		<table class="mdTable" cellpadding="2" cellspacing="0">
437		<tr>
438		<td class="mdRow">
439		<table cellpadding="0" cellspacing="0" border="0">
440		<tr>
441		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#bffbfe60a3e8da64224623df5235159a">unlock</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache) </td>
442		</tr>
443		</table>
444		</td>
445		</tr>
446		</table>
447		<table cellspacing="5" cellpadding="0" border="0">
448		<tr>
449		<td>
450
451		</td>
452		<td>
453
454		<p>
455		<b><a class="el" href="group__helper__macros.html#ge9b13c950cb6ee636c4a73d6c569a811">cc_ccache_unlock()</a></b>: Unlock a ccache.
456		<p>
457		<dl compact><dt><b>Parameters:</b></dt><dd>
458		<table border="0" cellspacing="2" cellpadding="0">
459		<tr><td valign="top"></td><td valign="top"><em>io_ccache</em> </td><td>a ccache object. </td></tr>
460		</table>
461		</dl>
462		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
463		</td>
464		</tr>
465		</table>
466		<a class="anchor" name="c65301a0ef050524286130185c3ec06d"></a><!-- doxytag: member="cc_ccache_f::get_last_default_time" ref="c65301a0ef050524286130185c3ec06d" args=")(cc_ccache_t in_ccache, cc_time_t *out_last_default_time)" --><p>
467		<table class="mdTable" cellpadding="2" cellspacing="0">
468		<tr>
469		<td class="mdRow">
470		<table cellpadding="0" cellspacing="0" border="0">
471		<tr>
472		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#c65301a0ef050524286130185c3ec06d">get_last_default_time</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_last_default_time) </td>
473		</tr>
474		</table>
475		</td>
476		</tr>
477		</table>
478		<table cellspacing="5" cellpadding="0" border="0">
479		<tr>
480		<td>
481
482		</td>
483		<td>
484
485		<p>
486		<b><a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a></b>: Get the last time a ccache was the default ccache.
487		<p>
488		<dl compact><dt><b>Parameters:</b></dt><dd>
489		<table border="0" cellspacing="2" cellpadding="0">
490		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a cache object. </td></tr>
491		<tr><td valign="top"></td><td valign="top"><em>out_last_default_time</em> </td><td>on exit, the last time the ccache was default. </td></tr>
492		</table>
493		</dl>
494		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
495		This function returns the last time when the ccache was made the default ccache. This allows clients to sort the ccaches by how recently they were default, which is useful for user listing of ccaches. If the ccache was never default, ccErrNeverDefault is returned. </td>
496		</tr>
497		</table>
498		<a class="anchor" name="a73ffc6e33ca8155cd644aa5d702c36f"></a><!-- doxytag: member="cc_ccache_f::get_change_time" ref="a73ffc6e33ca8155cd644aa5d702c36f" args=")(cc_ccache_t in_ccache, cc_time_t *out_change_time)" --><p>
499		<table class="mdTable" cellpadding="2" cellspacing="0">
500		<tr>
501		<td class="mdRow">
502		<table cellpadding="0" cellspacing="0" border="0">
503		<tr>
504		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#a73ffc6e33ca8155cd644aa5d702c36f">get_change_time</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_change_time) </td>
505		</tr>
506		</table>
507		</td>
508		</tr>
509		</table>
510		<table cellspacing="5" cellpadding="0" border="0">
511		<tr>
512		<td>
513
514		</td>
515		<td>
516
517		<p>
518		<b><a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a></b>: Get the last time a ccache changed.
519		<p>
520		<dl compact><dt><b>Parameters:</b></dt><dd>
521		<table border="0" cellspacing="2" cellpadding="0">
522		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a cache object. </td></tr>
523		<tr><td valign="top"></td><td valign="top"><em>out_change_time</em> </td><td>on exit, the last time the ccache changed. </td></tr>
524		</table>
525		</dl>
526		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. If the ccache was never the default ccache, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7604f23ab0c8c3e1d97f8b32c4501a895">ccErrNeverDefault</a>. Otherwise, an error code representing the failure.</dd></dl>
527		This function returns the time of the most recent change made to a ccache. By maintaining a local copy the caller can deduce whether or not the ccache has been modified since the previous call to <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a>.<p>
528		The time returned by <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a> increases whenever:<p>
529		<ul>
530		<li>a credential is stored </li>
531		<li>a credential is removed </li>
532		<li>a ccache principal is changed </li>
533		<li>the ccache becomes the default ccache </li>
534		<li>the ccache is no longer the default ccache</li>
535		</ul>
536		<dl compact><dt><b>Note:</b></dt><dd>In order to be able to compare two values returned by <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a>, the caller must use the same ccache object to acquire them. Callers should maintain a single ccache object in memory for <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a> calls rather than creating a new ccache object for every call.</dd></dl>
537		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__ccache__f.html#4c815231f7e071a1dedd9aef3cedb0ef">wait_for_change</a> </dd></dl>
538		</td>
539		</tr>
540		</table>
541		<a class="anchor" name="30719ac8b49a62bf73cb2841e397a81d"></a><!-- doxytag: member="cc_ccache_f::compare" ref="30719ac8b49a62bf73cb2841e397a81d" args=")(cc_ccache_t in_ccache, cc_ccache_t in_compare_to_ccache, cc_uint32 *out_equal)" --><p>
542		<table class="mdTable" cellpadding="2" cellspacing="0">
543		<tr>
544		<td class="mdRow">
545		<table cellpadding="0" cellspacing="0" border="0">
546		<tr>
547		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#30719ac8b49a62bf73cb2841e397a81d">compare</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_compare_to_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal) </td>
548		</tr>
549		</table>
550		</td>
551		</tr>
552		</table>
553		<table cellspacing="5" cellpadding="0" border="0">
554		<tr>
555		<td>
556
557		</td>
558		<td>
559
560		<p>
561		<b><a class="el" href="group__helper__macros.html#g197ff60fac986634fbef8ca102ec54a5">cc_ccache_compare()</a></b>: Compare two ccache objects.
562		<p>
563		<dl compact><dt><b>Parameters:</b></dt><dd>
564		<table border="0" cellspacing="2" cellpadding="0">
565		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
566		<tr><td valign="top"></td><td valign="top"><em>in_compare_to_ccache</em> </td><td>a ccache object to compare with <em>in_ccache</em>. </td></tr>
567		<tr><td valign="top"></td><td valign="top"><em>out_equal</em> </td><td>on exit, whether or not the two ccaches refer to the same ccache. </td></tr>
568		</table>
569		</dl>
570		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
571		</td>
572		</tr>
573		</table>
574		<a class="anchor" name="106ee10feffc1681c7583d6aac4d33b4"></a><!-- doxytag: member="cc_ccache_f::get_kdc_time_offset" ref="106ee10feffc1681c7583d6aac4d33b4" args=")(cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_time_t *out_time_offset)" --><p>
575		<table class="mdTable" cellpadding="2" cellspacing="0">
576		<tr>
577		<td class="mdRow">
578		<table cellpadding="0" cellspacing="0" border="0">
579		<tr>
580		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#106ee10feffc1681c7583d6aac4d33b4">get_kdc_time_offset</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_time_offset) </td>
581		</tr>
582		</table>
583		</td>
584		</tr>
585		</table>
586		<table cellspacing="5" cellpadding="0" border="0">
587		<tr>
588		<td>
589
590		</td>
591		<td>
592
593		<p>
594		<b><a class="el" href="group__helper__macros.html#g1fa36a89752da4a491d2ecdad17f8b0e">cc_ccache_get_kdc_time_offset()</a></b>: Get the KDC time offset for credentials in a ccache.
595		<p>
596		<dl compact><dt><b>Parameters:</b></dt><dd>
597		<table border="0" cellspacing="2" cellpadding="0">
598		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
599		<tr><td valign="top"></td><td valign="top"><em>in_credentials_version</em> </td><td>the credentials version to get the time offset for. </td></tr>
600		<tr><td valign="top"></td><td valign="top"><em>out_time_offset</em> </td><td>on exit, the KDC time offset for <em>in_ccache</em> for credentials version <em>in_credentials_version</em>. </td></tr>
601		</table>
602		</dl>
603		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a> if a time offset was obtained or <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7d6825aa88394eb52df80bef870d986db">ccErrTimeOffsetNotSet</a> if a time offset has not been set. On failure, an error code representing the failure. </dd></dl>
604		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__ccache__f.html#d537ad02da9b4eae3f5e51df0c58ee2e">set_kdc_time_offset</a>, <a class="el" href="structcc__ccache__f.html#bc092bd23b9081d12e695faa55913257">clear_kdc_time_offset</a></dd></dl>
605		Sometimes the KDC and client's clocks get out of sync. <a class="el" href="group__helper__macros.html#g1fa36a89752da4a491d2ecdad17f8b0e">cc_ccache_get_kdc_time_offset()</a> returns the difference between the KDC and client's clocks at the time credentials were acquired. This offset allows callers to figure out how much time is left on a given credential even though the end_time is based on the KDC's clock not the client's clock. </td>
606		</tr>
607		</table>
608		<a class="anchor" name="d537ad02da9b4eae3f5e51df0c58ee2e"></a><!-- doxytag: member="cc_ccache_f::set_kdc_time_offset" ref="d537ad02da9b4eae3f5e51df0c58ee2e" args=")(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, cc_time_t in_time_offset)" --><p>
609		<table class="mdTable" cellpadding="2" cellspacing="0">
610		<tr>
611		<td class="mdRow">
612		<table cellpadding="0" cellspacing="0" border="0">
613		<tr>
614		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#d537ad02da9b4eae3f5e51df0c58ee2e">set_kdc_time_offset</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> in_time_offset) </td>
615		</tr>
616		</table>
617		</td>
618		</tr>
619		</table>
620		<table cellspacing="5" cellpadding="0" border="0">
621		<tr>
622		<td>
623
624		</td>
625		<td>
626
627		<p>
628		<b><a class="el" href="group__helper__macros.html#g519bf0ab152e5a3d2beee8a76a27d16e">cc_ccache_set_kdc_time_offset()</a></b>: Set the KDC time offset for credentials in a ccache.
629		<p>
630		<dl compact><dt><b>Parameters:</b></dt><dd>
631		<table border="0" cellspacing="2" cellpadding="0">
632		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
633		<tr><td valign="top"></td><td valign="top"><em>in_credentials_version</em> </td><td>the credentials version to get the time offset for. </td></tr>
634		<tr><td valign="top"></td><td valign="top"><em>in_time_offset</em> </td><td>the new KDC time offset for <em>in_ccache</em> for credentials version <em>in_credentials_version</em>. </td></tr>
635		</table>
636		</dl>
637		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
638		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__ccache__f.html#106ee10feffc1681c7583d6aac4d33b4">get_kdc_time_offset</a>, <a class="el" href="structcc__ccache__f.html#bc092bd23b9081d12e695faa55913257">clear_kdc_time_offset</a></dd></dl>
639		Sometimes the KDC and client's clocks get out of sync. <a class="el" href="group__helper__macros.html#g519bf0ab152e5a3d2beee8a76a27d16e">cc_ccache_set_kdc_time_offset()</a> sets the difference between the KDC and client's clocks at the time credentials were acquired. This offset allows callers to figure out how much time is left on a given credential even though the end_time is based on the KDC's clock not the client's clock. </td>
640		</tr>
641		</table>
642		<a class="anchor" name="bc092bd23b9081d12e695faa55913257"></a><!-- doxytag: member="cc_ccache_f::clear_kdc_time_offset" ref="bc092bd23b9081d12e695faa55913257" args=")(cc_ccache_t io_ccache, cc_uint32 in_credentials_version)" --><p>
643		<table class="mdTable" cellpadding="2" cellspacing="0">
644		<tr>
645		<td class="mdRow">
646		<table cellpadding="0" cellspacing="0" border="0">
647		<tr>
648		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#bc092bd23b9081d12e695faa55913257">clear_kdc_time_offset</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> io_ccache, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_credentials_version) </td>
649		</tr>
650		</table>
651		</td>
652		</tr>
653		</table>
654		<table cellspacing="5" cellpadding="0" border="0">
655		<tr>
656		<td>
657
658		</td>
659		<td>
660
661		<p>
662		<b><a class="el" href="group__helper__macros.html#g803c35f92992dc0b73e8809d13ebabab">cc_ccache_clear_kdc_time_offset()</a></b>: Clear the KDC time offset for credentials in a ccache.
663		<p>
664		<dl compact><dt><b>Parameters:</b></dt><dd>
665		<table border="0" cellspacing="2" cellpadding="0">
666		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
667		<tr><td valign="top"></td><td valign="top"><em>in_credentials_version</em> </td><td>the credentials version to get the time offset for. </td></tr>
668		</table>
669		</dl>
670		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
671		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__ccache__f.html#106ee10feffc1681c7583d6aac4d33b4">get_kdc_time_offset</a>, <a class="el" href="structcc__ccache__f.html#d537ad02da9b4eae3f5e51df0c58ee2e">set_kdc_time_offset</a></dd></dl>
672		Sometimes the KDC and client's clocks get out of sync. <a class="el" href="group__helper__macros.html#g803c35f92992dc0b73e8809d13ebabab">cc_ccache_clear_kdc_time_offset()</a> clears the difference between the KDC and client's clocks at the time credentials were acquired. This offset allows callers to figure out how much time is left on a given credential even though the end_time is based on the KDC's clock not the client's clock. </td>
673		</tr>
674		</table>
675		<a class="anchor" name="4c815231f7e071a1dedd9aef3cedb0ef"></a><!-- doxytag: member="cc_ccache_f::wait_for_change" ref="4c815231f7e071a1dedd9aef3cedb0ef" args=")(cc_ccache_t in_ccache)" --><p>
676		<table class="mdTable" cellpadding="2" cellspacing="0">
677		<tr>
678		<td class="mdRow">
679		<table cellpadding="0" cellspacing="0" border="0">
680		<tr>
681		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__f.html#4c815231f7e071a1dedd9aef3cedb0ef">wait_for_change</a>)(<a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> in_ccache) </td>
682		</tr>
683		</table>
684		</td>
685		</tr>
686		</table>
687		<table cellspacing="5" cellpadding="0" border="0">
688		<tr>
689		<td>
690
691		</td>
692		<td>
693
694		<p>
695		<b><a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a></b>: Wait for the next change to a ccache.
696		<p>
697		<dl compact><dt><b>Parameters:</b></dt><dd>
698		<table border="0" cellspacing="2" cellpadding="0">
699		<tr><td valign="top"></td><td valign="top"><em>in_ccache</em> </td><td>a ccache object. </td></tr>
700		</table>
701		</dl>
702		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
703		This function blocks until the next change is made to the ccache referenced by <em>in_ccache</em>. By repeatedly calling <a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a> from a worker thread the caller can effectively receive callbacks whenever the ccache changes. This is considerably more efficient than polling with <a class="el" href="group__helper__macros.html#gb19ef7d2b1bcfb474e18e157fb3bc9c6">cc_ccache_get_change_time()</a>.<p>
704		<a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a> will return whenever:<p>
705		<ul>
706		<li>a credential is stored </li>
707		<li>a credential is removed </li>
708		<li>the ccache principal is changed </li>
709		<li>the ccache becomes the default ccache </li>
710		<li>the ccache is no longer the default ccache</li>
711		</ul>
712		<dl compact><dt><b>Note:</b></dt><dd>In order to make sure that the caller doesn't miss any changes, <a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a> always returns immediately after the first time it is called on a new ccache object. Callers must use the same ccache object for successive calls to <a class="el" href="group__helper__macros.html#gc508ad0c010c88ad8ff0739b43a2b199">cc_ccache_wait_for_change()</a> rather than creating a new ccache object for every call.</dd></dl>
713		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__ccache__f.html#a73ffc6e33ca8155cd644aa5d702c36f">get_change_time</a> </dd></dl>
714		</td>
715		</tr>
716		</table>
717		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
718		<a href="http://www.doxygen.org/index.html">
719		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
720		</body>
721		</html>

+0

-43

~~doc/ccapi/html/structcc__ccache__iterator__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_iterator_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_iterator_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__ccache__iterator__reference.html">cc_ccache_iterator_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_ccache_iterator_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a> * <a class="el" href="structcc__ccache__iterator__d.html#7cd2785c0dd1902e651805f478acae3e">functions</a>
13		</ul>
14		<hr><h2>Field Documentation</h2>
15		<a class="anchor" name="7cd2785c0dd1902e651805f478acae3e"></a><!-- doxytag: member="cc_ccache_iterator_d::functions" ref="7cd2785c0dd1902e651805f478acae3e" args="" --><p>
16		<table class="mdTable" cellpadding="2" cellspacing="0">
17		<tr>
18		<td class="mdRow">
19		<table cellpadding="0" cellspacing="0" border="0">
20		<tr>
21		<td class="md" nowrap valign="top">const <a class="el" href="structcc__ccache__iterator__f.html">cc_ccache_iterator_f</a>* <a class="el" href="structcc__ccache__iterator__d.html#7cd2785c0dd1902e651805f478acae3e">functions</a> </td>
22		</tr>
23		</table>
24		</td>
25		</tr>
26		</table>
27		<table cellspacing="5" cellpadding="0" border="0">
28		<tr>
29		<td>
30
31		</td>
32		<td>
33
34		<p>
35		</td>
36		</tr>
37		</table>
38		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
39		<a href="http://www.doxygen.org/index.html">
40		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
41		</body>
42		</html>

+0

-117

~~doc/ccapi/html/structcc__ccache__iterator__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_ccache_iterator_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_ccache_iterator_f Struct Reference</h1><!-- doxytag: class="cc_ccache_iterator_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_ccache_iterator_t. For more information see <a class="el" href="group__cc__ccache__iterator__reference.html">cc_ccache_iterator_t Overview</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#4df0298826e5004ca873b005d6d3b9d0">release</a> )(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> io_ccache_iterator)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g34f37496fb8bc414aafb0b265afecb1b">cc_ccache_iterator_release()</a></b>: Release memory associated with a cc_ccache_iterator_t object. <a href="#4df0298826e5004ca873b005d6d3b9d0"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#6f1c5bf2a8c3ca2fb1761a039fbf30cb">next</a> )(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> in_ccache_iterator, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache)
14		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gcff0b3e247a2adc95442324fec6c5651">cc_ccache_iterator_next()</a></b>: Get the next ccache in the cache collection. <a href="#6f1c5bf2a8c3ca2fb1761a039fbf30cb"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#3a2fc1000215e7e8a2ef5b29eb4af890">clone</a> )(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> in_ccache_iterator, <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> *out_ccache_iterator)
15		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g904d7757fd7ac40f4ee9b448a389f2dd">cc_ccache_iterator_clone()</a></b>: Make a copy of a ccache iterator. <a href="#3a2fc1000215e7e8a2ef5b29eb4af890"></a><br></dl></ul>
16		<hr><h2>Field Documentation</h2>
17		<a class="anchor" name="4df0298826e5004ca873b005d6d3b9d0"></a><!-- doxytag: member="cc_ccache_iterator_f::release" ref="4df0298826e5004ca873b005d6d3b9d0" args=")(cc_ccache_iterator_t io_ccache_iterator)" --><p>
18		<table class="mdTable" cellpadding="2" cellspacing="0">
19		<tr>
20		<td class="mdRow">
21		<table cellpadding="0" cellspacing="0" border="0">
22		<tr>
23		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#4df0298826e5004ca873b005d6d3b9d0">release</a>)(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> io_ccache_iterator) </td>
24		</tr>
25		</table>
26		</td>
27		</tr>
28		</table>
29		<table cellspacing="5" cellpadding="0" border="0">
30		<tr>
31		<td>
32
33		</td>
34		<td>
35
36		<p>
37		<b><a class="el" href="group__helper__macros.html#g34f37496fb8bc414aafb0b265afecb1b">cc_ccache_iterator_release()</a></b>: Release memory associated with a cc_ccache_iterator_t object.
38		<p>
39		<dl compact><dt><b>Parameters:</b></dt><dd>
40		<table border="0" cellspacing="2" cellpadding="0">
41		<tr><td valign="top"></td><td valign="top"><em>io_ccache_iterator</em> </td><td>the ccache iterator object to release. </td></tr>
42		</table>
43		</dl>
44		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
45		</td>
46		</tr>
47		</table>
48		<a class="anchor" name="6f1c5bf2a8c3ca2fb1761a039fbf30cb"></a><!-- doxytag: member="cc_ccache_iterator_f::next" ref="6f1c5bf2a8c3ca2fb1761a039fbf30cb" args=")(cc_ccache_iterator_t in_ccache_iterator, cc_ccache_t *out_ccache)" --><p>
49		<table class="mdTable" cellpadding="2" cellspacing="0">
50		<tr>
51		<td class="mdRow">
52		<table cellpadding="0" cellspacing="0" border="0">
53		<tr>
54		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#6f1c5bf2a8c3ca2fb1761a039fbf30cb">next</a>)(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> in_ccache_iterator, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache) </td>
55		</tr>
56		</table>
57		</td>
58		</tr>
59		</table>
60		<table cellspacing="5" cellpadding="0" border="0">
61		<tr>
62		<td>
63
64		</td>
65		<td>
66
67		<p>
68		<b><a class="el" href="group__helper__macros.html#gcff0b3e247a2adc95442324fec6c5651">cc_ccache_iterator_next()</a></b>: Get the next ccache in the cache collection.
69		<p>
70		<dl compact><dt><b>Parameters:</b></dt><dd>
71		<table border="0" cellspacing="2" cellpadding="0">
72		<tr><td valign="top"></td><td valign="top"><em>in_ccache_iterator</em> </td><td>a ccache iterator object. </td></tr>
73		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, the next ccache in the cache collection. </td></tr>
74		</table>
75		</dl>
76		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a> if the next ccache in the cache collection was obtained or <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b748d5a55ed773e002ccc271beb4512c0a">ccIteratorEnd</a> if there are no more ccaches. On failure, an error code representing the failure. </dd></dl>
77		</td>
78		</tr>
79		</table>
80		<a class="anchor" name="3a2fc1000215e7e8a2ef5b29eb4af890"></a><!-- doxytag: member="cc_ccache_iterator_f::clone" ref="3a2fc1000215e7e8a2ef5b29eb4af890" args=")(cc_ccache_iterator_t in_ccache_iterator, cc_ccache_iterator_t *out_ccache_iterator)" --><p>
81		<table class="mdTable" cellpadding="2" cellspacing="0">
82		<tr>
83		<td class="mdRow">
84		<table cellpadding="0" cellspacing="0" border="0">
85		<tr>
86		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__ccache__iterator__f.html#3a2fc1000215e7e8a2ef5b29eb4af890">clone</a>)(<a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> in_ccache_iterator, <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> *out_ccache_iterator) </td>
87		</tr>
88		</table>
89		</td>
90		</tr>
91		</table>
92		<table cellspacing="5" cellpadding="0" border="0">
93		<tr>
94		<td>
95
96		</td>
97		<td>
98
99		<p>
100		<b><a class="el" href="group__helper__macros.html#g904d7757fd7ac40f4ee9b448a389f2dd">cc_ccache_iterator_clone()</a></b>: Make a copy of a ccache iterator.
101		<p>
102		<dl compact><dt><b>Parameters:</b></dt><dd>
103		<table border="0" cellspacing="2" cellpadding="0">
104		<tr><td valign="top"></td><td valign="top"><em>in_ccache_iterator</em> </td><td>a ccache iterator object. </td></tr>
105		<tr><td valign="top"></td><td valign="top"><em>out_ccache_iterator</em> </td><td>on exit, a copy of <em>in_ccache_iterator</em>. </td></tr>
106		</table>
107		</dl>
108		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
109		</td>
110		</tr>
111		</table>
112		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
113		<a href="http://www.doxygen.org/index.html">
114		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
115		</body>
116		</html>

+0

-43

~~doc/ccapi/html/structcc__context__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_context_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_context_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__context__reference.html">cc_context_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_context_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const <a class="el" href="structcc__context__f.html">cc_context_f</a> * <a class="el" href="structcc__context__d.html#ac5b195bc75b92f5c1924e6a3a6aa611">functions</a>
13		</ul>
14		<hr><h2>Field Documentation</h2>
15		<a class="anchor" name="ac5b195bc75b92f5c1924e6a3a6aa611"></a><!-- doxytag: member="cc_context_d::functions" ref="ac5b195bc75b92f5c1924e6a3a6aa611" args="" --><p>
16		<table class="mdTable" cellpadding="2" cellspacing="0">
17		<tr>
18		<td class="mdRow">
19		<table cellpadding="0" cellspacing="0" border="0">
20		<tr>
21		<td class="md" nowrap valign="top">const <a class="el" href="structcc__context__f.html">cc_context_f</a>* <a class="el" href="structcc__context__d.html#ac5b195bc75b92f5c1924e6a3a6aa611">functions</a> </td>
22		</tr>
23		</table>
24		</td>
25		</tr>
26		</table>
27		<table cellspacing="5" cellpadding="0" border="0">
28		<tr>
29		<td>
30
31		</td>
32		<td>
33
34		<p>
35		</td>
36		</tr>
37		</table>
38		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
39		<a href="http://www.doxygen.org/index.html">
40		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
41		</body>
42		</html>

+0

-513

~~doc/ccapi/html/structcc__context__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_context_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_context_f Struct Reference</h1><!-- doxytag: class="cc_context_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_context_t. For more information see <a class="el" href="group__cc__context__reference.html">cc_context_t Overview</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#239ea938e3c076e6e245a9236bb05b24">release</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> io_context)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g8ff82ce108889d4ed29f46ffe6efc40e">cc_context_release()</a></b>: Release memory associated with a cc_context_t. <a href="#239ea938e3c076e6e245a9236bb05b24"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#51bd5a48dcd263bfb3128cc5838b4cd7">get_change_time</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_time)
14		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a></b>: Get the last time the cache collection changed. <a href="#51bd5a48dcd263bfb3128cc5838b4cd7"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#4e9432f5a1a10319037b0f04e8219c1b">get_default_ccache_name</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_name)
15		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name()</a></b>: Get the name of the default ccache. <a href="#4e9432f5a1a10319037b0f04e8219c1b"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#bf8e7415758b890ca8f01ce5a00985ab">open_ccache</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, const char in_name, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache)
16		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g256a5ba17fe0e4502e0722d9b081bbef">cc_context_open_ccache()</a></b>: Open a ccache. <a href="#bf8e7415758b890ca8f01ce5a00985ab"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#7f101feaa1c88c8997b678507c029c39">open_default_ccache</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache)
17		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g45a7ce29eb409baabadcae1bc95d5c57">cc_context_open_default_ccache()</a></b>: Open the default ccache. <a href="#7f101feaa1c88c8997b678507c029c39"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#82d3579723a0f909cb46c2016ed4ae22">create_ccache</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, const char in_name, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache)
18		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a></b>: Create a new ccache. <a href="#82d3579723a0f909cb46c2016ed4ae22"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#b52a31c1fb59ac752baa16503d8e0e3f">create_default_ccache</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache)
19		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a></b>: Create a new default ccache. <a href="#b52a31c1fb59ac752baa16503d8e0e3f"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#939a8ed76079bf71000347c40aeb5b2f">create_new_ccache</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache)
20		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a></b>: Create a new uniquely named ccache. <a href="#939a8ed76079bf71000347c40aeb5b2f"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#0f945985d42255226915403df147667f">new_ccache_iterator</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> *out_iterator)
21		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g6957bc9570e4769a5b1213d2a1d90cd7">cc_context_new_ccache_iterator()</a></b>: Get an iterator for the cache collection. <a href="#0f945985d42255226915403df147667f"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#1be78f795193b04c4f45cb7d3c46480c">lock</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_lock_type, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_block)
22		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gcf4595340ddc8dafa539a86ac317625d">cc_context_lock()</a></b>: Lock the cache collection. <a href="#1be78f795193b04c4f45cb7d3c46480c"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#55e38bd72efee8445b3abbc3fa5e7e27">unlock</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context)
23		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g544261b88c9ac0f2379a35648cae3f27">cc_context_unlock()</a></b>: Unlock the cache collection. <a href="#55e38bd72efee8445b3abbc3fa5e7e27"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#bb728ccd97eb387991feed0500475112">compare</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context, <a class="el" href="structcc__context__d.html">cc_context_t</a> in_compare_to_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal)
24		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g9258ef05d06f3d4dc798ec654f78b967">cc_context_compare()</a></b>: Compare two context objects. <a href="#bb728ccd97eb387991feed0500475112"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#39a27ecd6d29fb7288f983c42d5686d0">wait_for_change</a> )(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context)
25		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a></b>: Wait for the next change in the cache collection. <a href="#39a27ecd6d29fb7288f983c42d5686d0"></a><br></dl></ul>
26		<hr><h2>Field Documentation</h2>
27		<a class="anchor" name="239ea938e3c076e6e245a9236bb05b24"></a><!-- doxytag: member="cc_context_f::release" ref="239ea938e3c076e6e245a9236bb05b24" args=")(cc_context_t io_context)" --><p>
28		<table class="mdTable" cellpadding="2" cellspacing="0">
29		<tr>
30		<td class="mdRow">
31		<table cellpadding="0" cellspacing="0" border="0">
32		<tr>
33		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#239ea938e3c076e6e245a9236bb05b24">release</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> io_context) </td>
34		</tr>
35		</table>
36		</td>
37		</tr>
38		</table>
39		<table cellspacing="5" cellpadding="0" border="0">
40		<tr>
41		<td>
42
43		</td>
44		<td>
45
46		<p>
47		<b><a class="el" href="group__helper__macros.html#g8ff82ce108889d4ed29f46ffe6efc40e">cc_context_release()</a></b>: Release memory associated with a cc_context_t.
48		<p>
49		<dl compact><dt><b>Parameters:</b></dt><dd>
50		<table border="0" cellspacing="2" cellpadding="0">
51		<tr><td valign="top"></td><td valign="top"><em>io_context</em> </td><td>the context object to free. </td></tr>
52		</table>
53		</dl>
54		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
55		</td>
56		</tr>
57		</table>
58		<a class="anchor" name="51bd5a48dcd263bfb3128cc5838b4cd7"></a><!-- doxytag: member="cc_context_f::get_change_time" ref="51bd5a48dcd263bfb3128cc5838b4cd7" args=")(cc_context_t in_context, cc_time_t *out_time)" --><p>
59		<table class="mdTable" cellpadding="2" cellspacing="0">
60		<tr>
61		<td class="mdRow">
62		<table cellpadding="0" cellspacing="0" border="0">
63		<tr>
64		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#51bd5a48dcd263bfb3128cc5838b4cd7">get_change_time</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> *out_time) </td>
65		</tr>
66		</table>
67		</td>
68		</tr>
69		</table>
70		<table cellspacing="5" cellpadding="0" border="0">
71		<tr>
72		<td>
73
74		</td>
75		<td>
76
77		<p>
78		<b><a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a></b>: Get the last time the cache collection changed.
79		<p>
80		<dl compact><dt><b>Parameters:</b></dt><dd>
81		<table border="0" cellspacing="2" cellpadding="0">
82		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection to examine. </td></tr>
83		<tr><td valign="top"></td><td valign="top"><em>out_time</em> </td><td>on exit, the time of the most recent change for the entire ccache collection. </td></tr>
84		</table>
85		</dl>
86		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
87		This function returns the time of the most recent change for the entire ccache collection. By maintaining a local copy the caller can deduce whether or not the ccache collection has been modified since the previous call to <a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a>.<p>
88		The time returned by cc_context_get_changed_time() increases whenever:<p>
89		<ul>
90		<li>a ccache is created </li>
91		<li>a ccache is destroyed </li>
92		<li>a credential is stored </li>
93		<li>a credential is removed </li>
94		<li>a ccache principal is changed </li>
95		<li>the default ccache is changed</li>
96		</ul>
97		<dl compact><dt><b>Note:</b></dt><dd>In order to be able to compare two values returned by <a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a>, the caller must use the same context to acquire them. Callers should maintain a single context in memory for <a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a> calls rather than creating a new context for every call.</dd></dl>
98		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__context__f.html#39a27ecd6d29fb7288f983c42d5686d0">wait_for_change</a> </dd></dl>
99		</td>
100		</tr>
101		</table>
102		<a class="anchor" name="4e9432f5a1a10319037b0f04e8219c1b"></a><!-- doxytag: member="cc_context_f::get_default_ccache_name" ref="4e9432f5a1a10319037b0f04e8219c1b" args=")(cc_context_t in_context, cc_string_t *out_name)" --><p>
103		<table class="mdTable" cellpadding="2" cellspacing="0">
104		<tr>
105		<td class="mdRow">
106		<table cellpadding="0" cellspacing="0" border="0">
107		<tr>
108		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#4e9432f5a1a10319037b0f04e8219c1b">get_default_ccache_name</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__string__d.html">cc_string_t</a> *out_name) </td>
109		</tr>
110		</table>
111		</td>
112		</tr>
113		</table>
114		<table cellspacing="5" cellpadding="0" border="0">
115		<tr>
116		<td>
117
118		</td>
119		<td>
120
121		<p>
122		<b><a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name()</a></b>: Get the name of the default ccache.
123		<p>
124		<dl compact><dt><b>Parameters:</b></dt><dd>
125		<table border="0" cellspacing="2" cellpadding="0">
126		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
127		<tr><td valign="top"></td><td valign="top"><em>out_name</em> </td><td>on exit, the name of the default ccache. </td></tr>
128		</table>
129		</dl>
130		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
131		This function returns the name of the default ccache. When the default ccache exists, its name is returned. If there are no ccaches in the collection, and thus there is no default ccache, the name that the default ccache should have is returned. The ccache with that name will be used as the default ccache by all processes which initialized Kerberos libraries before the ccache was created.<p>
132		If there is no default ccache, and the client is creating a new ccache, it should be created with the default name. If there already is a default ccache, and the client wants to create a new ccache (as opposed to reusing an existing ccache), it should be created with any unique name; <a class="el" href="structcc__context__f.html#939a8ed76079bf71000347c40aeb5b2f">create_new_ccache()</a> can be used to accomplish that more easily.<p>
133		If the first ccache is created with a name other than the default name, then the processes already running will not notice the credentials stored in the new ccache, which is normally undesirable. </td>
134		</tr>
135		</table>
136		<a class="anchor" name="bf8e7415758b890ca8f01ce5a00985ab"></a><!-- doxytag: member="cc_context_f::open_ccache" ref="bf8e7415758b890ca8f01ce5a00985ab" args=")(cc_context_t in_context, const char in_name, cc_ccache_t out_ccache)" --><p>
137		<table class="mdTable" cellpadding="2" cellspacing="0">
138		<tr>
139		<td class="mdRow">
140		<table cellpadding="0" cellspacing="0" border="0">
141		<tr>
142		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#bf8e7415758b890ca8f01ce5a00985ab">open_ccache</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, const char in_name, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache) </td>
143		</tr>
144		</table>
145		</td>
146		</tr>
147		</table>
148		<table cellspacing="5" cellpadding="0" border="0">
149		<tr>
150		<td>
151
152		</td>
153		<td>
154
155		<p>
156		<b><a class="el" href="group__helper__macros.html#g256a5ba17fe0e4502e0722d9b081bbef">cc_context_open_ccache()</a></b>: Open a ccache.
157		<p>
158		<dl compact><dt><b>Parameters:</b></dt><dd>
159		<table border="0" cellspacing="2" cellpadding="0">
160		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
161		<tr><td valign="top"></td><td valign="top"><em>in_name</em> </td><td>the name of the ccache to open. </td></tr>
162		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, a ccache object for the ccache </td></tr>
163		</table>
164		</dl>
165		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. If no ccache named <em>in_name</em> exists, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b73098feac66058e6ebd02c5e44fa20a9c">ccErrCCacheNotFound</a>. On failure, an error code representing the failure.</dd></dl>
166		Opens an already existing ccache identified by its name. It returns a reference to the ccache in <em>out_ccache</em>.<p>
167		The list of all ccache names, principals, and credentials versions may be retrieved by calling cc_context_new_cache_iterator(), <a class="el" href="group__helper__macros.html#g042bea6044879ec03996b190792e3ae9">cc_ccache_get_name()</a>, <a class="el" href="group__helper__macros.html#g464aa49a2e8054c9c3c2a3410eaf5c54">cc_ccache_get_principal()</a>, and cc_ccache_get_cred_version(). </td>
168		</tr>
169		</table>
170		<a class="anchor" name="7f101feaa1c88c8997b678507c029c39"></a><!-- doxytag: member="cc_context_f::open_default_ccache" ref="7f101feaa1c88c8997b678507c029c39" args=")(cc_context_t in_context, cc_ccache_t *out_ccache)" --><p>
171		<table class="mdTable" cellpadding="2" cellspacing="0">
172		<tr>
173		<td class="mdRow">
174		<table cellpadding="0" cellspacing="0" border="0">
175		<tr>
176		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#7f101feaa1c88c8997b678507c029c39">open_default_ccache</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache) </td>
177		</tr>
178		</table>
179		</td>
180		</tr>
181		</table>
182		<table cellspacing="5" cellpadding="0" border="0">
183		<tr>
184		<td>
185
186		</td>
187		<td>
188
189		<p>
190		<b><a class="el" href="group__helper__macros.html#g45a7ce29eb409baabadcae1bc95d5c57">cc_context_open_default_ccache()</a></b>: Open the default ccache.
191		<p>
192		<dl compact><dt><b>Parameters:</b></dt><dd>
193		<table border="0" cellspacing="2" cellpadding="0">
194		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
195		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, a ccache object for the default ccache </td></tr>
196		</table>
197		</dl>
198		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. If no default ccache exists, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b73098feac66058e6ebd02c5e44fa20a9c">ccErrCCacheNotFound</a>. On failure, an error code representing the failure.</dd></dl>
199		Opens the default ccache. It returns a reference to the ccache in *ccache.<p>
200		This function performs the same function as calling cc_context_get_default_ccache_name followed by cc_context_open_ccache, but it performs it atomically. </td>
201		</tr>
202		</table>
203		<a class="anchor" name="82d3579723a0f909cb46c2016ed4ae22"></a><!-- doxytag: member="cc_context_f::create_ccache" ref="82d3579723a0f909cb46c2016ed4ae22" args=")(cc_context_t in_context, const char in_name, cc_uint32 in_cred_vers, const char in_principal, cc_ccache_t *out_ccache)" --><p>
204		<table class="mdTable" cellpadding="2" cellspacing="0">
205		<tr>
206		<td class="mdRow">
207		<table cellpadding="0" cellspacing="0" border="0">
208		<tr>
209		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#82d3579723a0f909cb46c2016ed4ae22">create_ccache</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, const char in_name, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> *out_ccache) </td>
210		</tr>
211		</table>
212		</td>
213		</tr>
214		</table>
215		<table cellspacing="5" cellpadding="0" border="0">
216		<tr>
217		<td>
218
219		</td>
220		<td>
221
222		<p>
223		<b><a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a></b>: Create a new ccache.
224		<p>
225		<dl compact><dt><b>Parameters:</b></dt><dd>
226		<table border="0" cellspacing="2" cellpadding="0">
227		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
228		<tr><td valign="top"></td><td valign="top"><em>in_name</em> </td><td>the name of the new ccache to create </td></tr>
229		<tr><td valign="top"></td><td valign="top"><em>in_cred_vers</em> </td><td>the version of the credentials the new ccache will hold </td></tr>
230		<tr><td valign="top"></td><td valign="top"><em>in_principal</em> </td><td>the client principal of the credentials the new ccache will hold </td></tr>
231		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, a ccache object for the newly created ccache </td></tr>
232		</table>
233		</dl>
234		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
235		Create a new credentials cache. The ccache is uniquely identified by its name. The principal given is also associated with the ccache and the credentials version specified. A NULL name is not allowed (and ccErrBadName is returned if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid input values for cred_vers. If you want to create a new ccache that will hold both versions of credentials, call <a class="el" href="group__helper__macros.html#g9fbcbd0f1b107cdaa2a0179e227f82cf">cc_context_create_ccache()</a> with one version, and then <a class="el" href="group__helper__macros.html#gfaa81492b5d7b3ba00208a9577ce0ba2">cc_ccache_set_principal()</a> with the other version.<p>
236		If you want to create a new ccache (with a unique name), you should use <a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a> instead. If you want to create or reinitialize the default cache, you should use <a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a>.<p>
237		If name is non-NULL and there is already a ccache named name:<p>
238		<ul>
239		<li>the credentials in the ccache whose version is cred_vers are removed </li>
240		<li>the principal (of the existing ccache) associated with cred_vers is set to principal </li>
241		<li>a handle for the existing ccache is returned and all existing handles for the ccache remain valid</li>
242		</ul>
243		If no ccache named name already exists:<p>
244		<ul>
245		<li>a new empty ccache is created </li>
246		<li>the principal of the new ccache associated with cred_vers is set to principal </li>
247		<li>a handle for the new ccache is returned</li>
248		</ul>
249		For a new ccache, the name should be any unique string. The name is not intended to be presented to users.<p>
250		If the created ccache is the first ccache in the collection, it is made the default ccache. Note that normally it is undesirable to create the first ccache with a name different from the default ccache name (as returned by <a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name()</a>); see the description of <a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name()</a> for details.<p>
251		The principal should be a C string containing an unparsed Kerberos principal in the format of the appropriate Kerberos version, i.e.<div class="fragment"><pre class="fragment">foo.bar/@BAZ
252		* </pre></div> for Kerberos v4 and<div class="fragment"><pre class="fragment">foo/bar/@BAZ </pre></div> for Kerberos v5. </td>
253		</tr>
254		</table>
255		<a class="anchor" name="b52a31c1fb59ac752baa16503d8e0e3f"></a><!-- doxytag: member="cc_context_f::create_default_ccache" ref="b52a31c1fb59ac752baa16503d8e0e3f" args=")(cc_context_t in_context, cc_uint32 in_cred_vers, const char in_principal, cc_ccache_t out_ccache)" --><p>
256		<table class="mdTable" cellpadding="2" cellspacing="0">
257		<tr>
258		<td class="mdRow">
259		<table cellpadding="0" cellspacing="0" border="0">
260		<tr>
261		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#b52a31c1fb59ac752baa16503d8e0e3f">create_default_ccache</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache) </td>
262		</tr>
263		</table>
264		</td>
265		</tr>
266		</table>
267		<table cellspacing="5" cellpadding="0" border="0">
268		<tr>
269		<td>
270
271		</td>
272		<td>
273
274		<p>
275		<b><a class="el" href="group__helper__macros.html#g10a184dd699cae4df6f3480290804a72">cc_context_create_default_ccache()</a></b>: Create a new default ccache.
276		<p>
277		<dl compact><dt><b>Parameters:</b></dt><dd>
278		<table border="0" cellspacing="2" cellpadding="0">
279		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
280		<tr><td valign="top"></td><td valign="top"><em>in_cred_vers</em> </td><td>the version of the credentials the new default ccache will hold </td></tr>
281		<tr><td valign="top"></td><td valign="top"><em>in_principal</em> </td><td>the client principal of the credentials the new default ccache will hold </td></tr>
282		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, a ccache object for the newly created default ccache </td></tr>
283		</table>
284		</dl>
285		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
286		Create the default credentials cache. The behavior of this function is similar to that of cc_create_ccache(). If there is a default ccache (which is always the case except when there are no ccaches at all in the collection), it is initialized with the specified credentials version and principal, as per cc_create_ccache(); otherwise, a new ccache is created, and its name is the name returned by <a class="el" href="group__helper__macros.html#gcb4eb9f1db6f8ebf261339ad87cb6c51">cc_context_get_default_ccache_name()</a>. </td>
287		</tr>
288		</table>
289		<a class="anchor" name="939a8ed76079bf71000347c40aeb5b2f"></a><!-- doxytag: member="cc_context_f::create_new_ccache" ref="939a8ed76079bf71000347c40aeb5b2f" args=")(cc_context_t in_context, cc_uint32 in_cred_vers, const char in_principal, cc_ccache_t out_ccache)" --><p>
290		<table class="mdTable" cellpadding="2" cellspacing="0">
291		<tr>
292		<td class="mdRow">
293		<table cellpadding="0" cellspacing="0" border="0">
294		<tr>
295		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#939a8ed76079bf71000347c40aeb5b2f">create_new_ccache</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_cred_vers, const char in_principal, <a class="el" href="structcc__ccache__d.html">cc_ccache_t</a> out_ccache) </td>
296		</tr>
297		</table>
298		</td>
299		</tr>
300		</table>
301		<table cellspacing="5" cellpadding="0" border="0">
302		<tr>
303		<td>
304
305		</td>
306		<td>
307
308		<p>
309		<b><a class="el" href="group__helper__macros.html#g1a6dffb1db25590351646fdcf9824f09">cc_context_create_new_ccache()</a></b>: Create a new uniquely named ccache.
310		<p>
311		<dl compact><dt><b>Parameters:</b></dt><dd>
312		<table border="0" cellspacing="2" cellpadding="0">
313		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
314		<tr><td valign="top"></td><td valign="top"><em>in_cred_vers</em> </td><td>the version of the credentials the new ccache will hold </td></tr>
315		<tr><td valign="top"></td><td valign="top"><em>in_principal</em> </td><td>the client principal of the credentials the new ccache will hold </td></tr>
316		<tr><td valign="top"></td><td valign="top"><em>out_ccache</em> </td><td>on exit, a ccache object for the newly created ccache </td></tr>
317		</table>
318		</dl>
319		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
320		Create a new unique credentials cache. The behavior of this function is similar to that of cc_create_ccache(). If there are no ccaches, and therefore no default ccache, the new ccache is created with the default ccache name as would be returned by <a class="el" href="structcc__context__f.html#4e9432f5a1a10319037b0f04e8219c1b">get_default_ccache_name()</a>. If there are some ccaches, and therefore there is a default ccache, the new ccache is created with a new unique name. Clearly, this function never reinitializes a ccache, since it always uses a unique name. </td>
321		</tr>
322		</table>
323		<a class="anchor" name="0f945985d42255226915403df147667f"></a><!-- doxytag: member="cc_context_f::new_ccache_iterator" ref="0f945985d42255226915403df147667f" args=")(cc_context_t in_context, cc_ccache_iterator_t *out_iterator)" --><p>
324		<table class="mdTable" cellpadding="2" cellspacing="0">
325		<tr>
326		<td class="mdRow">
327		<table cellpadding="0" cellspacing="0" border="0">
328		<tr>
329		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#0f945985d42255226915403df147667f">new_ccache_iterator</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="structcc__ccache__iterator__d.html">cc_ccache_iterator_t</a> *out_iterator) </td>
330		</tr>
331		</table>
332		</td>
333		</tr>
334		</table>
335		<table cellspacing="5" cellpadding="0" border="0">
336		<tr>
337		<td>
338
339		</td>
340		<td>
341
342		<p>
343		<b><a class="el" href="group__helper__macros.html#g6957bc9570e4769a5b1213d2a1d90cd7">cc_context_new_ccache_iterator()</a></b>: Get an iterator for the cache collection.
344		<p>
345		<dl compact><dt><b>Parameters:</b></dt><dd>
346		<table border="0" cellspacing="2" cellpadding="0">
347		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
348		<tr><td valign="top"></td><td valign="top"><em>out_iterator</em> </td><td>on exit, a ccache iterator object for the ccache collection. </td></tr>
349		</table>
350		</dl>
351		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
352		Used to allocate memory and initialize iterator. Successive calls to iterator's next() function will return ccaches in the collection.<p>
353		If changes are made to the collection while an iterator is being used on it, the iterator must return at least the intersection, and at most the union, of the set of ccaches that were present when the iteration began and the set of ccaches that are present when it ends. </td>
354		</tr>
355		</table>
356		<a class="anchor" name="1be78f795193b04c4f45cb7d3c46480c"></a><!-- doxytag: member="cc_context_f::lock" ref="1be78f795193b04c4f45cb7d3c46480c" args=")(cc_context_t in_context, cc_uint32 in_lock_type, cc_uint32 in_block)" --><p>
357		<table class="mdTable" cellpadding="2" cellspacing="0">
358		<tr>
359		<td class="mdRow">
360		<table cellpadding="0" cellspacing="0" border="0">
361		<tr>
362		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#1be78f795193b04c4f45cb7d3c46480c">lock</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_lock_type, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> in_block) </td>
363		</tr>
364		</table>
365		</td>
366		</tr>
367		</table>
368		<table cellspacing="5" cellpadding="0" border="0">
369		<tr>
370		<td>
371
372		</td>
373		<td>
374
375		<p>
376		<b><a class="el" href="group__helper__macros.html#gcf4595340ddc8dafa539a86ac317625d">cc_context_lock()</a></b>: Lock the cache collection.
377		<p>
378		<dl compact><dt><b>Parameters:</b></dt><dd>
379		<table border="0" cellspacing="2" cellpadding="0">
380		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
381		<tr><td valign="top"></td><td valign="top"><em>in_lock_type</em> </td><td>the type of lock to obtain. </td></tr>
382		<tr><td valign="top"></td><td valign="top"><em>in_block</em> </td><td>whether or not the function should block if the lock cannot be obtained immediately. </td></tr>
383		</table>
384		</dl>
385		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
386		Attempts to acquire an advisory lock for the ccache collection. Allowed values for lock_type are:<p>
387		<ul>
388		<li>cc_lock_read: a read lock. </li>
389		<li>cc_lock_write: a write lock </li>
390		<li>cc_lock_upgrade: upgrade an already-obtained read lock to a write lock </li>
391		<li>cc_lock_downgrade: downgrade an already-obtained write lock to a read lock</li>
392		</ul>
393		If block is cc_lock_block, <a class="el" href="structcc__context__f.html#1be78f795193b04c4f45cb7d3c46480c">lock()</a> will not return until the lock is acquired. If block is cc_lock_noblock, <a class="el" href="structcc__context__f.html#1be78f795193b04c4f45cb7d3c46480c">lock()</a> will return immediately, either acquiring the lock and returning ccNoError, or failing to acquire the lock and returning an error explaining why.<p>
394		Locks apply only to the list of ccaches, not the contents of those ccaches. To prevent callers participating in the advisory locking from changing the credentials in a cache you must also lock that ccache with <a class="el" href="group__helper__macros.html#gb8c2624719ee1c4be5f1b1bc4844f0cc">cc_ccache_lock()</a>. This is so that you can get the list of ccaches without preventing applications from simultaneously obtaining service tickets.<p>
395		To avoid having to deal with differences between thread semantics on different platforms, locks are granted per context, rather than per thread or per process. That means that different threads of execution have to acquire separate contexts in order to be able to synchronize with each other.<p>
396		The lock should be unlocked by using <a class="el" href="group__helper__macros.html#g544261b88c9ac0f2379a35648cae3f27">cc_context_unlock()</a>.<p>
397		<dl compact><dt><b>Note:</b></dt><dd>All locks are advisory. For example, callers which do not call <a class="el" href="group__helper__macros.html#gcf4595340ddc8dafa539a86ac317625d">cc_context_lock()</a> and <a class="el" href="group__helper__macros.html#g544261b88c9ac0f2379a35648cae3f27">cc_context_unlock()</a> will not be prevented from writing to the cache collection when you have a read lock. This is because the CCAPI locking was added after the first release and thus adding mandatory locks would have changed the user experience and performance of existing applications. </dd></dl>
398		</td>
399		</tr>
400		</table>
401		<a class="anchor" name="55e38bd72efee8445b3abbc3fa5e7e27"></a><!-- doxytag: member="cc_context_f::unlock" ref="55e38bd72efee8445b3abbc3fa5e7e27" args=")(cc_context_t in_cc_context)" --><p>
402		<table class="mdTable" cellpadding="2" cellspacing="0">
403		<tr>
404		<td class="mdRow">
405		<table cellpadding="0" cellspacing="0" border="0">
406		<tr>
407		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#55e38bd72efee8445b3abbc3fa5e7e27">unlock</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context) </td>
408		</tr>
409		</table>
410		</td>
411		</tr>
412		</table>
413		<table cellspacing="5" cellpadding="0" border="0">
414		<tr>
415		<td>
416
417		</td>
418		<td>
419
420		<p>
421		<b><a class="el" href="group__helper__macros.html#g544261b88c9ac0f2379a35648cae3f27">cc_context_unlock()</a></b>: Unlock the cache collection.
422		<p>
423		<dl compact><dt><b>Parameters:</b></dt><dd>
424		<table border="0" cellspacing="2" cellpadding="0">
425		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>the context object for the cache collection. </td></tr>
426		</table>
427		</dl>
428		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
429		</td>
430		</tr>
431		</table>
432		<a class="anchor" name="bb728ccd97eb387991feed0500475112"></a><!-- doxytag: member="cc_context_f::compare" ref="bb728ccd97eb387991feed0500475112" args=")(cc_context_t in_cc_context, cc_context_t in_compare_to_context, cc_uint32 *out_equal)" --><p>
433		<table class="mdTable" cellpadding="2" cellspacing="0">
434		<tr>
435		<td class="mdRow">
436		<table cellpadding="0" cellspacing="0" border="0">
437		<tr>
438		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#bb728ccd97eb387991feed0500475112">compare</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context, <a class="el" href="structcc__context__d.html">cc_context_t</a> in_compare_to_context, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal) </td>
439		</tr>
440		</table>
441		</td>
442		</tr>
443		</table>
444		<table cellspacing="5" cellpadding="0" border="0">
445		<tr>
446		<td>
447
448		</td>
449		<td>
450
451		<p>
452		<b><a class="el" href="group__helper__macros.html#g9258ef05d06f3d4dc798ec654f78b967">cc_context_compare()</a></b>: Compare two context objects.
453		<p>
454		<dl compact><dt><b>Parameters:</b></dt><dd>
455		<table border="0" cellspacing="2" cellpadding="0">
456		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>a context object. </td></tr>
457		<tr><td valign="top"></td><td valign="top"><em>in_compare_to_context</em> </td><td>a context object to compare with <em>in_context</em>. </td></tr>
458		<tr><td valign="top"></td><td valign="top"><em>out_equal</em> </td><td>on exit, whether or not the two contexts refer to the same cache collection. </td></tr>
459		</table>
460		</dl>
461		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
462		</td>
463		</tr>
464		</table>
465		<a class="anchor" name="39a27ecd6d29fb7288f983c42d5686d0"></a><!-- doxytag: member="cc_context_f::wait_for_change" ref="39a27ecd6d29fb7288f983c42d5686d0" args=")(cc_context_t in_cc_context)" --><p>
466		<table class="mdTable" cellpadding="2" cellspacing="0">
467		<tr>
468		<td class="mdRow">
469		<table cellpadding="0" cellspacing="0" border="0">
470		<tr>
471		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__context__f.html#39a27ecd6d29fb7288f983c42d5686d0">wait_for_change</a>)(<a class="el" href="structcc__context__d.html">cc_context_t</a> in_cc_context) </td>
472		</tr>
473		</table>
474		</td>
475		</tr>
476		</table>
477		<table cellspacing="5" cellpadding="0" border="0">
478		<tr>
479		<td>
480
481		</td>
482		<td>
483
484		<p>
485		<b><a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a></b>: Wait for the next change in the cache collection.
486		<p>
487		<dl compact><dt><b>Parameters:</b></dt><dd>
488		<table border="0" cellspacing="2" cellpadding="0">
489		<tr><td valign="top"></td><td valign="top"><em>in_context</em> </td><td>a context object. </td></tr>
490		</table>
491		</dl>
492		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure.</dd></dl>
493		This function blocks until the next change is made to the cache collection ccache collection. By repeatedly calling <a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a> from a worker thread the caller can effectively receive callbacks whenever the cache collection changes. This is considerably more efficient than polling with <a class="el" href="group__helper__macros.html#g82f551af17455b78fa3a2e3f83c96907">cc_context_get_change_time()</a>.<p>
494		<a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a> will return whenever:<p>
495		<ul>
496		<li>a ccache is created </li>
497		<li>a ccache is destroyed </li>
498		<li>a credential is stored </li>
499		<li>a credential is removed </li>
500		<li>a ccache principal is changed </li>
501		<li>the default ccache is changed</li>
502		</ul>
503		<dl compact><dt><b>Note:</b></dt><dd>In order to make sure that the caller doesn't miss any changes, <a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a> always returns immediately after the first time it is called on a new context object. Callers must use the same context object for successive calls to <a class="el" href="group__helper__macros.html#g9eb3508958528c00844a101275497e5a">cc_context_wait_for_change()</a> rather than creating a new context for every call.</dd></dl>
504		<dl compact><dt><b>See also:</b></dt><dd><a class="el" href="structcc__context__f.html#51bd5a48dcd263bfb3128cc5838b4cd7">get_change_time</a> </dd></dl>
505		</td>
506		</tr>
507		</table>
508		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:05 2007 for Credentials Cache API by
509		<a href="http://www.doxygen.org/index.html">
510		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
511		</body>
512		</html>

+0

-67

~~doc/ccapi/html/structcc__credentials__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_credentials_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a> * <a class="el" href="structcc__credentials__d.html#35a5997194639f90a5178c5526ea1bf3">data</a>
13		<li>const <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a> * <a class="el" href="structcc__credentials__d.html#f94340ad2254e9ae5bc24e184f2ea923">functions</a>
14		</ul>
15		<hr><h2>Field Documentation</h2>
16		<a class="anchor" name="35a5997194639f90a5178c5526ea1bf3"></a><!-- doxytag: member="cc_credentials_d::data" ref="35a5997194639f90a5178c5526ea1bf3" args="" --><p>
17		<table class="mdTable" cellpadding="2" cellspacing="0">
18		<tr>
19		<td class="mdRow">
20		<table cellpadding="0" cellspacing="0" border="0">
21		<tr>
22		<td class="md" nowrap valign="top">const <a class="el" href="structcc__credentials__union.html">cc_credentials_union</a>* <a class="el" href="structcc__credentials__d.html#35a5997194639f90a5178c5526ea1bf3">data</a> </td>
23		</tr>
24		</table>
25		</td>
26		</tr>
27		</table>
28		<table cellspacing="5" cellpadding="0" border="0">
29		<tr>
30		<td>
31
32		</td>
33		<td>
34
35		<p>
36		</td>
37		</tr>
38		</table>
39		<a class="anchor" name="f94340ad2254e9ae5bc24e184f2ea923"></a><!-- doxytag: member="cc_credentials_d::functions" ref="f94340ad2254e9ae5bc24e184f2ea923" args="" --><p>
40		<table class="mdTable" cellpadding="2" cellspacing="0">
41		<tr>
42		<td class="mdRow">
43		<table cellpadding="0" cellspacing="0" border="0">
44		<tr>
45		<td class="md" nowrap valign="top">const <a class="el" href="structcc__credentials__f.html">cc_credentials_f</a>* <a class="el" href="structcc__credentials__d.html#f94340ad2254e9ae5bc24e184f2ea923">functions</a> </td>
46		</tr>
47		</table>
48		</td>
49		</tr>
50		</table>
51		<table cellspacing="5" cellpadding="0" border="0">
52		<tr>
53		<td>
54
55		</td>
56		<td>
57
58		<p>
59		</td>
60		</tr>
61		</table>
62		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
63		<a href="http://www.doxygen.org/index.html">
64		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
65		</body>
66		</html>

+0

-85

~~doc/ccapi/html/structcc__credentials__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_f Struct Reference</h1><!-- doxytag: class="cc_credentials_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_credentials_t. For more information see <a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__f.html#6cc7338e31fd5f2436fb15b23506f57d">release</a> )(<a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> io_credentials)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#gab5cad8ca82847950956b0f493132c14">cc_credentials_release()</a></b>: Release memory associated with a cc_credentials_t object. <a href="#6cc7338e31fd5f2436fb15b23506f57d"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__f.html#8511e9a8220b2003a1c66b314ca6bc9f">compare</a> )(<a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_credentials, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_compare_to_credentials, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal)
14		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g39ae30e49dba65b87c6b9794f20fb784">cc_credentials_compare()</a></b>: Compare two credentials objects. <a href="#8511e9a8220b2003a1c66b314ca6bc9f"></a><br></dl></ul>
15		<hr><h2>Field Documentation</h2>
16		<a class="anchor" name="6cc7338e31fd5f2436fb15b23506f57d"></a><!-- doxytag: member="cc_credentials_f::release" ref="6cc7338e31fd5f2436fb15b23506f57d" args=")(cc_credentials_t io_credentials)" --><p>
17		<table class="mdTable" cellpadding="2" cellspacing="0">
18		<tr>
19		<td class="mdRow">
20		<table cellpadding="0" cellspacing="0" border="0">
21		<tr>
22		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__f.html#6cc7338e31fd5f2436fb15b23506f57d">release</a>)(<a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> io_credentials) </td>
23		</tr>
24		</table>
25		</td>
26		</tr>
27		</table>
28		<table cellspacing="5" cellpadding="0" border="0">
29		<tr>
30		<td>
31
32		</td>
33		<td>
34
35		<p>
36		<b><a class="el" href="group__helper__macros.html#gab5cad8ca82847950956b0f493132c14">cc_credentials_release()</a></b>: Release memory associated with a cc_credentials_t object.
37		<p>
38		<dl compact><dt><b>Parameters:</b></dt><dd>
39		<table border="0" cellspacing="2" cellpadding="0">
40		<tr><td valign="top"></td><td valign="top"><em>io_credentials</em> </td><td>the credentials object to release. </td></tr>
41		</table>
42		</dl>
43		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
44		</td>
45		</tr>
46		</table>
47		<a class="anchor" name="8511e9a8220b2003a1c66b314ca6bc9f"></a><!-- doxytag: member="cc_credentials_f::compare" ref="8511e9a8220b2003a1c66b314ca6bc9f" args=")(cc_credentials_t in_credentials, cc_credentials_t in_compare_to_credentials, cc_uint32 *out_equal)" --><p>
48		<table class="mdTable" cellpadding="2" cellspacing="0">
49		<tr>
50		<td class="mdRow">
51		<table cellpadding="0" cellspacing="0" border="0">
52		<tr>
53		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__f.html#8511e9a8220b2003a1c66b314ca6bc9f">compare</a>)(<a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_credentials, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> in_compare_to_credentials, <a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> *out_equal) </td>
54		</tr>
55		</table>
56		</td>
57		</tr>
58		</table>
59		<table cellspacing="5" cellpadding="0" border="0">
60		<tr>
61		<td>
62
63		</td>
64		<td>
65
66		<p>
67		<b><a class="el" href="group__helper__macros.html#g39ae30e49dba65b87c6b9794f20fb784">cc_credentials_compare()</a></b>: Compare two credentials objects.
68		<p>
69		<dl compact><dt><b>Parameters:</b></dt><dd>
70		<table border="0" cellspacing="2" cellpadding="0">
71		<tr><td valign="top"></td><td valign="top"><em>in_credentials</em> </td><td>a credentials object. </td></tr>
72		<tr><td valign="top"></td><td valign="top"><em>in_compare_to_credentials</em> </td><td>a credentials object to compare with <em>in_credentials</em>. </td></tr>
73		<tr><td valign="top"></td><td valign="top"><em>out_equal</em> </td><td>on exit, whether or not the two credentials objects refer to the same credentials in the cache collection. </td></tr>
74		</table>
75		</dl>
76		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
77		</td>
78		</tr>
79		</table>
80		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
81		<a href="http://www.doxygen.org/index.html">
82		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
83		</body>
84		</html>

+0

-43

~~doc/ccapi/html/structcc__credentials__iterator__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_iterator_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_iterator_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__iterator__reference.html">cc_credentials_iterator_t</a>]</small>
10		</h1><!-- doxytag: class="cc_credentials_iterator_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a> * <a class="el" href="structcc__credentials__iterator__d.html#4533a2f8b94b150439d777f749cedc12">functions</a>
13		</ul>
14		<hr><h2>Field Documentation</h2>
15		<a class="anchor" name="4533a2f8b94b150439d777f749cedc12"></a><!-- doxytag: member="cc_credentials_iterator_d::functions" ref="4533a2f8b94b150439d777f749cedc12" args="" --><p>
16		<table class="mdTable" cellpadding="2" cellspacing="0">
17		<tr>
18		<td class="mdRow">
19		<table cellpadding="0" cellspacing="0" border="0">
20		<tr>
21		<td class="md" nowrap valign="top">const <a class="el" href="structcc__credentials__iterator__f.html">cc_credentials_iterator_f</a>* <a class="el" href="structcc__credentials__iterator__d.html#4533a2f8b94b150439d777f749cedc12">functions</a> </td>
22		</tr>
23		</table>
24		</td>
25		</tr>
26		</table>
27		<table cellspacing="5" cellpadding="0" border="0">
28		<tr>
29		<td>
30
31		</td>
32		<td>
33
34		<p>
35		</td>
36		</tr>
37		</table>
38		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
39		<a href="http://www.doxygen.org/index.html">
40		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
41		</body>
42		</html>

+0

-85

~~doc/ccapi/html/structcc__credentials__iterator__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_iterator_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_iterator_f Struct Reference</h1><!-- doxytag: class="cc_credentials_iterator_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_credentials_iterator_t. For more information see <a class="el" href="group__cc__credentials__iterator__reference.html">cc_credentials_iterator_t</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__iterator__f.html#16c385de50a458e4223af5680488c95c">release</a> )(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> io_credentials_iterator)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g79f914583e8076ac24c0d5dde4ddb712">cc_credentials_iterator_release()</a></b>: Release memory associated with a cc_credentials_iterator_t object. <a href="#16c385de50a458e4223af5680488c95c"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__iterator__f.html#8ba419513434ba0b03a1be0c17da1478">next</a> )(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> in_credentials_iterator, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> *out_credentials)
14		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next()</a></b>: Get the next credentials in the ccache. <a href="#8ba419513434ba0b03a1be0c17da1478"></a><br></dl><li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="group__cc__credentials__iterator__reference.html#g7d765e583b5994785e214df663e8959c">clone</a> )(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> in_credentials_iterator, <a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> *out_credentials_iterator)
15		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#g59a9f96a6c00b64c0ab971f7e9b5aae2">cc_credentials_iterator_clone()</a></b>: Make a copy of a credentials iterator. <a href="group__cc__credentials__iterator__reference.html#g7d765e583b5994785e214df663e8959c"></a><br></dl></ul>
16		<hr><h2>Field Documentation</h2>
17		<a class="anchor" name="16c385de50a458e4223af5680488c95c"></a><!-- doxytag: member="cc_credentials_iterator_f::release" ref="16c385de50a458e4223af5680488c95c" args=")(cc_credentials_iterator_t io_credentials_iterator)" --><p>
18		<table class="mdTable" cellpadding="2" cellspacing="0">
19		<tr>
20		<td class="mdRow">
21		<table cellpadding="0" cellspacing="0" border="0">
22		<tr>
23		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__iterator__f.html#16c385de50a458e4223af5680488c95c">release</a>)(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> io_credentials_iterator) </td>
24		</tr>
25		</table>
26		</td>
27		</tr>
28		</table>
29		<table cellspacing="5" cellpadding="0" border="0">
30		<tr>
31		<td>
32
33		</td>
34		<td>
35
36		<p>
37		<b><a class="el" href="group__helper__macros.html#g79f914583e8076ac24c0d5dde4ddb712">cc_credentials_iterator_release()</a></b>: Release memory associated with a cc_credentials_iterator_t object.
38		<p>
39		<dl compact><dt><b>Parameters:</b></dt><dd>
40		<table border="0" cellspacing="2" cellpadding="0">
41		<tr><td valign="top"></td><td valign="top"><em>io_credentials_iterator</em> </td><td>the credentials iterator object to release. </td></tr>
42		</table>
43		</dl>
44		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
45		</td>
46		</tr>
47		</table>
48		<a class="anchor" name="8ba419513434ba0b03a1be0c17da1478"></a><!-- doxytag: member="cc_credentials_iterator_f::next" ref="8ba419513434ba0b03a1be0c17da1478" args=")(cc_credentials_iterator_t in_credentials_iterator, cc_credentials_t *out_credentials)" --><p>
49		<table class="mdTable" cellpadding="2" cellspacing="0">
50		<tr>
51		<td class="mdRow">
52		<table cellpadding="0" cellspacing="0" border="0">
53		<tr>
54		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__credentials__iterator__f.html#8ba419513434ba0b03a1be0c17da1478">next</a>)(<a class="el" href="structcc__credentials__iterator__d.html">cc_credentials_iterator_t</a> in_credentials_iterator, <a class="el" href="structcc__credentials__d.html">cc_credentials_t</a> *out_credentials) </td>
55		</tr>
56		</table>
57		</td>
58		</tr>
59		</table>
60		<table cellspacing="5" cellpadding="0" border="0">
61		<tr>
62		<td>
63
64		</td>
65		<td>
66
67		<p>
68		<b><a class="el" href="group__helper__macros.html#g0c2f41d90f478b2415b699085f8fcaa4">cc_credentials_iterator_next()</a></b>: Get the next credentials in the ccache.
69		<p>
70		<dl compact><dt><b>Parameters:</b></dt><dd>
71		<table border="0" cellspacing="2" cellpadding="0">
72		<tr><td valign="top"></td><td valign="top"><em>in_credentials_iterator</em> </td><td>a credentials iterator object. </td></tr>
73		<tr><td valign="top"></td><td valign="top"><em>out_credentials</em> </td><td>on exit, the next credentials in the ccache. </td></tr>
74		</table>
75		</dl>
76		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a> if the next credential in the ccache was obtained or <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b748d5a55ed773e002ccc271beb4512c0a">ccIteratorEnd</a> if there are no more credentials. On failure, an error code representing the failure. </dd></dl>
77		</td>
78		</tr>
79		</table>
80		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
81		<a href="http://www.doxygen.org/index.html">
82		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
83		</body>
84		</html>

+0

-118

~~doc/ccapi/html/structcc__credentials__union.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_union Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_union Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_credentials_union" --><h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__union.html#2d41fe5eaeafcfae38d60dae26985ac2">version</a>
13		<li>union {
14		<ul>
15		<li>   <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a> *    <a class="el" href="structcc__credentials__union.html#5cd1c69704fe9706f69fdde1d954bba5">credentials_v4</a>
16		<li>   <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a> *    <a class="el" href="structcc__credentials__union.html#9d28c534b1b7c41da162f26620e92ded">credentials_v5</a>
17		</ul>
18		<li>} <a class="el" href="structcc__credentials__union.html#9e7108eff62e2df10a768cec653fe9c3">credentials</a>
19		</ul>
20		<hr><h2>Field Documentation</h2>
21		<a class="anchor" name="2d41fe5eaeafcfae38d60dae26985ac2"></a><!-- doxytag: member="cc_credentials_union::version" ref="2d41fe5eaeafcfae38d60dae26985ac2" args="" --><p>
22		<table class="mdTable" cellpadding="2" cellspacing="0">
23		<tr>
24		<td class="mdRow">
25		<table cellpadding="0" cellspacing="0" border="0">
26		<tr>
27		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__union.html#2d41fe5eaeafcfae38d60dae26985ac2">version</a> </td>
28		</tr>
29		</table>
30		</td>
31		</tr>
32		</table>
33		<table cellspacing="5" cellpadding="0" border="0">
34		<tr>
35		<td>
36
37		</td>
38		<td>
39
40		<p>
41		The credentials version of this credentials object. </td>
42		</tr>
43		</table>
44		<a class="anchor" name="5cd1c69704fe9706f69fdde1d954bba5"></a><!-- doxytag: member="cc_credentials_union::credentials_v4" ref="5cd1c69704fe9706f69fdde1d954bba5" args="" --><p>
45		<table class="mdTable" cellpadding="2" cellspacing="0">
46		<tr>
47		<td class="mdRow">
48		<table cellpadding="0" cellspacing="0" border="0">
49		<tr>
50		<td class="md" nowrap valign="top"><a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a>* <a class="el" href="structcc__credentials__union.html#5cd1c69704fe9706f69fdde1d954bba5">credentials_v4</a> </td>
51		</tr>
52		</table>
53		</td>
54		</tr>
55		</table>
56		<table cellspacing="5" cellpadding="0" border="0">
57		<tr>
58		<td>
59
60		</td>
61		<td>
62
63		<p>
64		If <em>version</em> is <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c017c26531bad42f92f7f3e1f697b58fa">cc_credentials_v4</a>, a pointer to a <a class="el" href="structcc__credentials__v4__t.html">cc_credentials_v4_t</a>. </td>
65		</tr>
66		</table>
67		<a class="anchor" name="9d28c534b1b7c41da162f26620e92ded"></a><!-- doxytag: member="cc_credentials_union::credentials_v5" ref="9d28c534b1b7c41da162f26620e92ded" args="" --><p>
68		<table class="mdTable" cellpadding="2" cellspacing="0">
69		<tr>
70		<td class="mdRow">
71		<table cellpadding="0" cellspacing="0" border="0">
72		<tr>
73		<td class="md" nowrap valign="top"><a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a>* <a class="el" href="structcc__credentials__union.html#9d28c534b1b7c41da162f26620e92ded">credentials_v5</a> </td>
74		</tr>
75		</table>
76		</td>
77		</tr>
78		</table>
79		<table cellspacing="5" cellpadding="0" border="0">
80		<tr>
81		<td>
82
83		</td>
84		<td>
85
86		<p>
87		If <em>version</em> is <a class="el" href="group__ccapi__constants__reference.html#ggae76da96fff95c157c3b28c4455dc35c98335a31ad81a10632568375dcc10668">cc_credentials_v5</a>, a pointer to a <a class="el" href="structcc__credentials__v5__t.html">cc_credentials_v5_t</a>. </td>
88		</tr>
89		</table>
90		<a class="anchor" name="9e7108eff62e2df10a768cec653fe9c3"></a><!-- doxytag: member="cc_credentials_union::credentials" ref="9e7108eff62e2df10a768cec653fe9c3" args="" --><p>
91		<table class="mdTable" cellpadding="2" cellspacing="0">
92		<tr>
93		<td class="mdRow">
94		<table cellpadding="0" cellspacing="0" border="0">
95		<tr>
96		<td class="md" nowrap valign="top">union { ... } <a class="el" href="structcc__credentials__union.html#9e7108eff62e2df10a768cec653fe9c3">credentials</a> </td>
97		</tr>
98		</table>
99		</td>
100		</tr>
101		</table>
102		<table cellspacing="5" cellpadding="0" border="0">
103		<tr>
104		<td>
105
106		</td>
107		<td>
108
109		<p>
110		The credentials. </td>
111		</tr>
112		</table>
113		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
114		<a href="http://www.doxygen.org/index.html">
115		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
116		</body>
117		</html>

+0

-358

~~doc/ccapi/html/structcc__credentials__v4__t.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_v4_t Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_v4_t Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_credentials_v4_t" --><hr><a name="_details"></a><h2>Detailed Description</h2>
11		If a cc_credentials_t variable is used to store Kerberos v4 credentials, then credentials.credentials_v4 points to a v4 credentials structure. This structure is similar to a krb4 API CREDENTIALS structure.
12		<p>
13		<h2>Data Fields</h2>
14		<ul>
15		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v4__t.html#2d41fe5eaeafcfae38d60dae26985ac2">version</a>
16		<li>char <a class="el" href="structcc__credentials__v4__t.html#9f819063dece13be2211723c071cc05a">principal</a> [cc_v4_name_size]
17		<li>char <a class="el" href="structcc__credentials__v4__t.html#76949f2eaa30043f779dd32a617b36b2">principal_instance</a> [cc_v4_instance_size]
18		<li>char <a class="el" href="structcc__credentials__v4__t.html#2034c72f7997740d1bd0526fde941f36">service</a> [cc_v4_name_size]
19		<li>char <a class="el" href="structcc__credentials__v4__t.html#188bf95cfe0ec75c60e5df82a65ce4f1">service_instance</a> [cc_v4_instance_size]
20		<li>char <a class="el" href="structcc__credentials__v4__t.html#1965bd82f992c9448d2600d241c11143">realm</a> [cc_v4_realm_size]
21		<li>unsigned char <a class="el" href="structcc__credentials__v4__t.html#5833b04b0672722de1dc40148eac67ca">session_key</a> [cc_v4_key_size]
22		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#cee6149add6477c273b3318d6497ca0b">kvno</a>
23		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#dbfece338488ae1e84f642e1675a2248">string_to_key_type</a>
24		<li><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v4__t.html#02d649915754b7903b7a60ef9fb9f036">issue_date</a>
25		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#a546cc61e206f01e8657cc4d22e9e4cd">lifetime</a>
26		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v4__t.html#99252d53c89be046c8ce4d12e8bb2fe4">address</a>
27		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#fbf8c355fc354f976f66db1e51034d9e">ticket_size</a>
28		<li>unsigned char <a class="el" href="structcc__credentials__v4__t.html#c4f3ef871699e35563771cfe9889c8e5">ticket</a> [cc_v4_ticket_size]
29		</ul>
30		<hr><h2>Field Documentation</h2>
31		<a class="anchor" name="2d41fe5eaeafcfae38d60dae26985ac2"></a><!-- doxytag: member="cc_credentials_v4_t::version" ref="2d41fe5eaeafcfae38d60dae26985ac2" args="" --><p>
32		<table class="mdTable" cellpadding="2" cellspacing="0">
33		<tr>
34		<td class="mdRow">
35		<table cellpadding="0" cellspacing="0" border="0">
36		<tr>
37		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v4__t.html#2d41fe5eaeafcfae38d60dae26985ac2">version</a> </td>
38		</tr>
39		</table>
40		</td>
41		</tr>
42		</table>
43		<table cellspacing="5" cellpadding="0" border="0">
44		<tr>
45		<td>
46
47		</td>
48		<td>
49
50		<p>
51		</td>
52		</tr>
53		</table>
54		<a class="anchor" name="9f819063dece13be2211723c071cc05a"></a><!-- doxytag: member="cc_credentials_v4_t::principal" ref="9f819063dece13be2211723c071cc05a" args="[cc_v4_name_size]" --><p>
55		<table class="mdTable" cellpadding="2" cellspacing="0">
56		<tr>
57		<td class="mdRow">
58		<table cellpadding="0" cellspacing="0" border="0">
59		<tr>
60		<td class="md" nowrap valign="top">char <a class="el" href="structcc__credentials__v4__t.html#9f819063dece13be2211723c071cc05a">principal</a>[cc_v4_name_size] </td>
61		</tr>
62		</table>
63		</td>
64		</tr>
65		</table>
66		<table cellspacing="5" cellpadding="0" border="0">
67		<tr>
68		<td>
69
70		</td>
71		<td>
72
73		<p>
74		A properly quoted string representation of the first component of the client principal </td>
75		</tr>
76		</table>
77		<a class="anchor" name="76949f2eaa30043f779dd32a617b36b2"></a><!-- doxytag: member="cc_credentials_v4_t::principal_instance" ref="76949f2eaa30043f779dd32a617b36b2" args="[cc_v4_instance_size]" --><p>
78		<table class="mdTable" cellpadding="2" cellspacing="0">
79		<tr>
80		<td class="mdRow">
81		<table cellpadding="0" cellspacing="0" border="0">
82		<tr>
83		<td class="md" nowrap valign="top">char <a class="el" href="structcc__credentials__v4__t.html#76949f2eaa30043f779dd32a617b36b2">principal_instance</a>[cc_v4_instance_size] </td>
84		</tr>
85		</table>
86		</td>
87		</tr>
88		</table>
89		<table cellspacing="5" cellpadding="0" border="0">
90		<tr>
91		<td>
92
93		</td>
94		<td>
95
96		<p>
97		A properly quoted string representation of the second component of the client principal </td>
98		</tr>
99		</table>
100		<a class="anchor" name="2034c72f7997740d1bd0526fde941f36"></a><!-- doxytag: member="cc_credentials_v4_t::service" ref="2034c72f7997740d1bd0526fde941f36" args="[cc_v4_name_size]" --><p>
101		<table class="mdTable" cellpadding="2" cellspacing="0">
102		<tr>
103		<td class="mdRow">
104		<table cellpadding="0" cellspacing="0" border="0">
105		<tr>
106		<td class="md" nowrap valign="top">char <a class="el" href="structcc__credentials__v4__t.html#2034c72f7997740d1bd0526fde941f36">service</a>[cc_v4_name_size] </td>
107		</tr>
108		</table>
109		</td>
110		</tr>
111		</table>
112		<table cellspacing="5" cellpadding="0" border="0">
113		<tr>
114		<td>
115
116		</td>
117		<td>
118
119		<p>
120		A properly quoted string representation of the first component of the service principal </td>
121		</tr>
122		</table>
123		<a class="anchor" name="188bf95cfe0ec75c60e5df82a65ce4f1"></a><!-- doxytag: member="cc_credentials_v4_t::service_instance" ref="188bf95cfe0ec75c60e5df82a65ce4f1" args="[cc_v4_instance_size]" --><p>
124		<table class="mdTable" cellpadding="2" cellspacing="0">
125		<tr>
126		<td class="mdRow">
127		<table cellpadding="0" cellspacing="0" border="0">
128		<tr>
129		<td class="md" nowrap valign="top">char <a class="el" href="structcc__credentials__v4__t.html#188bf95cfe0ec75c60e5df82a65ce4f1">service_instance</a>[cc_v4_instance_size] </td>
130		</tr>
131		</table>
132		</td>
133		</tr>
134		</table>
135		<table cellspacing="5" cellpadding="0" border="0">
136		<tr>
137		<td>
138
139		</td>
140		<td>
141
142		<p>
143		A properly quoted string representation of the second component of the service principal </td>
144		</tr>
145		</table>
146		<a class="anchor" name="1965bd82f992c9448d2600d241c11143"></a><!-- doxytag: member="cc_credentials_v4_t::realm" ref="1965bd82f992c9448d2600d241c11143" args="[cc_v4_realm_size]" --><p>
147		<table class="mdTable" cellpadding="2" cellspacing="0">
148		<tr>
149		<td class="mdRow">
150		<table cellpadding="0" cellspacing="0" border="0">
151		<tr>
152		<td class="md" nowrap valign="top">char <a class="el" href="structcc__credentials__v4__t.html#1965bd82f992c9448d2600d241c11143">realm</a>[cc_v4_realm_size] </td>
153		</tr>
154		</table>
155		</td>
156		</tr>
157		</table>
158		<table cellspacing="5" cellpadding="0" border="0">
159		<tr>
160		<td>
161
162		</td>
163		<td>
164
165		<p>
166		A properly quoted string representation of the realm </td>
167		</tr>
168		</table>
169		<a class="anchor" name="5833b04b0672722de1dc40148eac67ca"></a><!-- doxytag: member="cc_credentials_v4_t::session_key" ref="5833b04b0672722de1dc40148eac67ca" args="[cc_v4_key_size]" --><p>
170		<table class="mdTable" cellpadding="2" cellspacing="0">
171		<tr>
172		<td class="mdRow">
173		<table cellpadding="0" cellspacing="0" border="0">
174		<tr>
175		<td class="md" nowrap valign="top">unsigned char <a class="el" href="structcc__credentials__v4__t.html#5833b04b0672722de1dc40148eac67ca">session_key</a>[cc_v4_key_size] </td>
176		</tr>
177		</table>
178		</td>
179		</tr>
180		</table>
181		<table cellspacing="5" cellpadding="0" border="0">
182		<tr>
183		<td>
184
185		</td>
186		<td>
187
188		<p>
189		Ticket session key </td>
190		</tr>
191		</table>
192		<a class="anchor" name="cee6149add6477c273b3318d6497ca0b"></a><!-- doxytag: member="cc_credentials_v4_t::kvno" ref="cee6149add6477c273b3318d6497ca0b" args="" --><p>
193		<table class="mdTable" cellpadding="2" cellspacing="0">
194		<tr>
195		<td class="mdRow">
196		<table cellpadding="0" cellspacing="0" border="0">
197		<tr>
198		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#cee6149add6477c273b3318d6497ca0b">kvno</a> </td>
199		</tr>
200		</table>
201		</td>
202		</tr>
203		</table>
204		<table cellspacing="5" cellpadding="0" border="0">
205		<tr>
206		<td>
207
208		</td>
209		<td>
210
211		<p>
212		Key version number </td>
213		</tr>
214		</table>
215		<a class="anchor" name="dbfece338488ae1e84f642e1675a2248"></a><!-- doxytag: member="cc_credentials_v4_t::string_to_key_type" ref="dbfece338488ae1e84f642e1675a2248" args="" --><p>
216		<table class="mdTable" cellpadding="2" cellspacing="0">
217		<tr>
218		<td class="mdRow">
219		<table cellpadding="0" cellspacing="0" border="0">
220		<tr>
221		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#dbfece338488ae1e84f642e1675a2248">string_to_key_type</a> </td>
222		</tr>
223		</table>
224		</td>
225		</tr>
226		</table>
227		<table cellspacing="5" cellpadding="0" border="0">
228		<tr>
229		<td>
230
231		</td>
232		<td>
233
234		<p>
235		String to key type used. See cc_string_to_key_type for valid values </td>
236		</tr>
237		</table>
238		<a class="anchor" name="02d649915754b7903b7a60ef9fb9f036"></a><!-- doxytag: member="cc_credentials_v4_t::issue_date" ref="02d649915754b7903b7a60ef9fb9f036" args="" --><p>
239		<table class="mdTable" cellpadding="2" cellspacing="0">
240		<tr>
241		<td class="mdRow">
242		<table cellpadding="0" cellspacing="0" border="0">
243		<tr>
244		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v4__t.html#02d649915754b7903b7a60ef9fb9f036">issue_date</a> </td>
245		</tr>
246		</table>
247		</td>
248		</tr>
249		</table>
250		<table cellspacing="5" cellpadding="0" border="0">
251		<tr>
252		<td>
253
254		</td>
255		<td>
256
257		<p>
258		Time when the ticket was issued </td>
259		</tr>
260		</table>
261		<a class="anchor" name="a546cc61e206f01e8657cc4d22e9e4cd"></a><!-- doxytag: member="cc_credentials_v4_t::lifetime" ref="a546cc61e206f01e8657cc4d22e9e4cd" args="" --><p>
262		<table class="mdTable" cellpadding="2" cellspacing="0">
263		<tr>
264		<td class="mdRow">
265		<table cellpadding="0" cellspacing="0" border="0">
266		<tr>
267		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#a546cc61e206f01e8657cc4d22e9e4cd">lifetime</a> </td>
268		</tr>
269		</table>
270		</td>
271		</tr>
272		</table>
273		<table cellspacing="5" cellpadding="0" border="0">
274		<tr>
275		<td>
276
277		</td>
278		<td>
279
280		<p>
281		Ticket lifetime in 5 minute units </td>
282		</tr>
283		</table>
284		<a class="anchor" name="99252d53c89be046c8ce4d12e8bb2fe4"></a><!-- doxytag: member="cc_credentials_v4_t::address" ref="99252d53c89be046c8ce4d12e8bb2fe4" args="" --><p>
285		<table class="mdTable" cellpadding="2" cellspacing="0">
286		<tr>
287		<td class="mdRow">
288		<table cellpadding="0" cellspacing="0" border="0">
289		<tr>
290		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v4__t.html#99252d53c89be046c8ce4d12e8bb2fe4">address</a> </td>
291		</tr>
292		</table>
293		</td>
294		</tr>
295		</table>
296		<table cellspacing="5" cellpadding="0" border="0">
297		<tr>
298		<td>
299
300		</td>
301		<td>
302
303		<p>
304		IPv4 address of the client the ticket was issued for </td>
305		</tr>
306		</table>
307		<a class="anchor" name="fbf8c355fc354f976f66db1e51034d9e"></a><!-- doxytag: member="cc_credentials_v4_t::ticket_size" ref="fbf8c355fc354f976f66db1e51034d9e" args="" --><p>
308		<table class="mdTable" cellpadding="2" cellspacing="0">
309		<tr>
310		<td class="mdRow">
311		<table cellpadding="0" cellspacing="0" border="0">
312		<tr>
313		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a> <a class="el" href="structcc__credentials__v4__t.html#fbf8c355fc354f976f66db1e51034d9e">ticket_size</a> </td>
314		</tr>
315		</table>
316		</td>
317		</tr>
318		</table>
319		<table cellspacing="5" cellpadding="0" border="0">
320		<tr>
321		<td>
322
323		</td>
324		<td>
325
326		<p>
327		Ticket size (no greater than cc_v4_ticket_size) </td>
328		</tr>
329		</table>
330		<a class="anchor" name="c4f3ef871699e35563771cfe9889c8e5"></a><!-- doxytag: member="cc_credentials_v4_t::ticket" ref="c4f3ef871699e35563771cfe9889c8e5" args="[cc_v4_ticket_size]" --><p>
331		<table class="mdTable" cellpadding="2" cellspacing="0">
332		<tr>
333		<td class="mdRow">
334		<table cellpadding="0" cellspacing="0" border="0">
335		<tr>
336		<td class="md" nowrap valign="top">unsigned char <a class="el" href="structcc__credentials__v4__t.html#c4f3ef871699e35563771cfe9889c8e5">ticket</a>[cc_v4_ticket_size] </td>
337		</tr>
338		</table>
339		</td>
340		</tr>
341		</table>
342		<table cellspacing="5" cellpadding="0" border="0">
343		<tr>
344		<td>
345
346		</td>
347		<td>
348
349		<p>
350		Ticket data </td>
351		</tr>
352		</table>
353		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
354		<a href="http://www.doxygen.org/index.html">
355		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
356		</body>
357		</html>

+0

-334

~~doc/ccapi/html/structcc__credentials__v5__t.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_credentials_v5_t Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_credentials_v5_t Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_credentials_v5_t" --><hr><a name="_details"></a><h2>Detailed Description</h2>
11		If a cc_credentials_t variable is used to store Kerberos v5 c redentials, and then credentials.credentials_v5 points to a v5 credentials structure. This structure is similar to a krb5_creds structure.
12		<p>
13		<h2>Data Fields</h2>
14		<ul>
15		<li>char * <a class="el" href="structcc__credentials__v5__t.html#9a07d92f0eb56a4db24f14d21be5923b">client</a>
16		<li>char * <a class="el" href="structcc__credentials__v5__t.html#ffeefede74d4b54c220f6a43dd2beabd">server</a>
17		<li><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#c02ecbe79ca87f90c4f6771c330b9057">keyblock</a>
18		<li><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#43f17e3cff872e49a0d2b88deccb5c97">authtime</a>
19		<li><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#709d64dcb56e208a02f9dbd59ef703d7">starttime</a>
20		<li><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#0ebf7b3d5d28b0e9000c435af3ee9d59">endtime</a>
21		<li><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#1c710d76f8e94dc2c51e68bab258f15a">renew_till</a>
22		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v5__t.html#7fb325cd1ddca84f9033cd2f5122e1d3">is_skey</a>
23		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v5__t.html#c8380b3eee0768bc6c1fe8c719b72f04">ticket_flags</a>
24		<li><a class="el" href="structcc__data.html">cc_data</a> ** <a class="el" href="structcc__credentials__v5__t.html#80f824d334544ae2bd33c69eda1c9a09">addresses</a>
25		<li><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#6cf74018168214de0ea09704d9436c03">ticket</a>
26		<li><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#bb02ec4ece756277bceaa85626f2bc34">second_ticket</a>
27		<li><a class="el" href="structcc__data.html">cc_data</a> ** <a class="el" href="structcc__credentials__v5__t.html#0a8d97c740085a737b6aaec587f7fa9e">authdata</a>
28		</ul>
29		<hr><h2>Field Documentation</h2>
30		<a class="anchor" name="9a07d92f0eb56a4db24f14d21be5923b"></a><!-- doxytag: member="cc_credentials_v5_t::client" ref="9a07d92f0eb56a4db24f14d21be5923b" args="" --><p>
31		<table class="mdTable" cellpadding="2" cellspacing="0">
32		<tr>
33		<td class="mdRow">
34		<table cellpadding="0" cellspacing="0" border="0">
35		<tr>
36		<td class="md" nowrap valign="top">char* <a class="el" href="structcc__credentials__v5__t.html#9a07d92f0eb56a4db24f14d21be5923b">client</a> </td>
37		</tr>
38		</table>
39		</td>
40		</tr>
41		</table>
42		<table cellspacing="5" cellpadding="0" border="0">
43		<tr>
44		<td>
45
46		</td>
47		<td>
48
49		<p>
50		A properly quoted string representation of the client principal. </td>
51		</tr>
52		</table>
53		<a class="anchor" name="ffeefede74d4b54c220f6a43dd2beabd"></a><!-- doxytag: member="cc_credentials_v5_t::server" ref="ffeefede74d4b54c220f6a43dd2beabd" args="" --><p>
54		<table class="mdTable" cellpadding="2" cellspacing="0">
55		<tr>
56		<td class="mdRow">
57		<table cellpadding="0" cellspacing="0" border="0">
58		<tr>
59		<td class="md" nowrap valign="top">char* <a class="el" href="structcc__credentials__v5__t.html#ffeefede74d4b54c220f6a43dd2beabd">server</a> </td>
60		</tr>
61		</table>
62		</td>
63		</tr>
64		</table>
65		<table cellspacing="5" cellpadding="0" border="0">
66		<tr>
67		<td>
68
69		</td>
70		<td>
71
72		<p>
73		A properly quoted string representation of the service principal. </td>
74		</tr>
75		</table>
76		<a class="anchor" name="c02ecbe79ca87f90c4f6771c330b9057"></a><!-- doxytag: member="cc_credentials_v5_t::keyblock" ref="c02ecbe79ca87f90c4f6771c330b9057" args="" --><p>
77		<table class="mdTable" cellpadding="2" cellspacing="0">
78		<tr>
79		<td class="mdRow">
80		<table cellpadding="0" cellspacing="0" border="0">
81		<tr>
82		<td class="md" nowrap valign="top"><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#c02ecbe79ca87f90c4f6771c330b9057">keyblock</a> </td>
83		</tr>
84		</table>
85		</td>
86		</tr>
87		</table>
88		<table cellspacing="5" cellpadding="0" border="0">
89		<tr>
90		<td>
91
92		</td>
93		<td>
94
95		<p>
96		Session encryption key info. </td>
97		</tr>
98		</table>
99		<a class="anchor" name="43f17e3cff872e49a0d2b88deccb5c97"></a><!-- doxytag: member="cc_credentials_v5_t::authtime" ref="43f17e3cff872e49a0d2b88deccb5c97" args="" --><p>
100		<table class="mdTable" cellpadding="2" cellspacing="0">
101		<tr>
102		<td class="mdRow">
103		<table cellpadding="0" cellspacing="0" border="0">
104		<tr>
105		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#43f17e3cff872e49a0d2b88deccb5c97">authtime</a> </td>
106		</tr>
107		</table>
108		</td>
109		</tr>
110		</table>
111		<table cellspacing="5" cellpadding="0" border="0">
112		<tr>
113		<td>
114
115		</td>
116		<td>
117
118		<p>
119		The time when the ticket was issued. </td>
120		</tr>
121		</table>
122		<a class="anchor" name="709d64dcb56e208a02f9dbd59ef703d7"></a><!-- doxytag: member="cc_credentials_v5_t::starttime" ref="709d64dcb56e208a02f9dbd59ef703d7" args="" --><p>
123		<table class="mdTable" cellpadding="2" cellspacing="0">
124		<tr>
125		<td class="mdRow">
126		<table cellpadding="0" cellspacing="0" border="0">
127		<tr>
128		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#709d64dcb56e208a02f9dbd59ef703d7">starttime</a> </td>
129		</tr>
130		</table>
131		</td>
132		</tr>
133		</table>
134		<table cellspacing="5" cellpadding="0" border="0">
135		<tr>
136		<td>
137
138		</td>
139		<td>
140
141		<p>
142		The time when the ticket becomes valid. </td>
143		</tr>
144		</table>
145		<a class="anchor" name="0ebf7b3d5d28b0e9000c435af3ee9d59"></a><!-- doxytag: member="cc_credentials_v5_t::endtime" ref="0ebf7b3d5d28b0e9000c435af3ee9d59" args="" --><p>
146		<table class="mdTable" cellpadding="2" cellspacing="0">
147		<tr>
148		<td class="mdRow">
149		<table cellpadding="0" cellspacing="0" border="0">
150		<tr>
151		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#0ebf7b3d5d28b0e9000c435af3ee9d59">endtime</a> </td>
152		</tr>
153		</table>
154		</td>
155		</tr>
156		</table>
157		<table cellspacing="5" cellpadding="0" border="0">
158		<tr>
159		<td>
160
161		</td>
162		<td>
163
164		<p>
165		The time when the ticket expires. </td>
166		</tr>
167		</table>
168		<a class="anchor" name="1c710d76f8e94dc2c51e68bab258f15a"></a><!-- doxytag: member="cc_credentials_v5_t::renew_till" ref="1c710d76f8e94dc2c51e68bab258f15a" args="" --><p>
169		<table class="mdTable" cellpadding="2" cellspacing="0">
170		<tr>
171		<td class="mdRow">
172		<table cellpadding="0" cellspacing="0" border="0">
173		<tr>
174		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ge7a754cfe5664beadddaa100646c9742">cc_time_t</a> <a class="el" href="structcc__credentials__v5__t.html#1c710d76f8e94dc2c51e68bab258f15a">renew_till</a> </td>
175		</tr>
176		</table>
177		</td>
178		</tr>
179		</table>
180		<table cellspacing="5" cellpadding="0" border="0">
181		<tr>
182		<td>
183
184		</td>
185		<td>
186
187		<p>
188		The time when the ticket becomes no longer renewable (if renewable). </td>
189		</tr>
190		</table>
191		<a class="anchor" name="7fb325cd1ddca84f9033cd2f5122e1d3"></a><!-- doxytag: member="cc_credentials_v5_t::is_skey" ref="7fb325cd1ddca84f9033cd2f5122e1d3" args="" --><p>
192		<table class="mdTable" cellpadding="2" cellspacing="0">
193		<tr>
194		<td class="mdRow">
195		<table cellpadding="0" cellspacing="0" border="0">
196		<tr>
197		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v5__t.html#7fb325cd1ddca84f9033cd2f5122e1d3">is_skey</a> </td>
198		</tr>
199		</table>
200		</td>
201		</tr>
202		</table>
203		<table cellspacing="5" cellpadding="0" border="0">
204		<tr>
205		<td>
206
207		</td>
208		<td>
209
210		<p>
211		1 if the ticket is encrypted in another ticket's key, or 0 otherwise. </td>
212		</tr>
213		</table>
214		<a class="anchor" name="c8380b3eee0768bc6c1fe8c719b72f04"></a><!-- doxytag: member="cc_credentials_v5_t::ticket_flags" ref="c8380b3eee0768bc6c1fe8c719b72f04" args="" --><p>
215		<table class="mdTable" cellpadding="2" cellspacing="0">
216		<tr>
217		<td class="mdRow">
218		<table cellpadding="0" cellspacing="0" border="0">
219		<tr>
220		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__credentials__v5__t.html#c8380b3eee0768bc6c1fe8c719b72f04">ticket_flags</a> </td>
221		</tr>
222		</table>
223		</td>
224		</tr>
225		</table>
226		<table cellspacing="5" cellpadding="0" border="0">
227		<tr>
228		<td>
229
230		</td>
231		<td>
232
233		<p>
234		Ticket flags, as defined by the Kerberos 5 API. </td>
235		</tr>
236		</table>
237		<a class="anchor" name="80f824d334544ae2bd33c69eda1c9a09"></a><!-- doxytag: member="cc_credentials_v5_t::addresses" ref="80f824d334544ae2bd33c69eda1c9a09" args="" --><p>
238		<table class="mdTable" cellpadding="2" cellspacing="0">
239		<tr>
240		<td class="mdRow">
241		<table cellpadding="0" cellspacing="0" border="0">
242		<tr>
243		<td class="md" nowrap valign="top"><a class="el" href="structcc__data.html">cc_data</a>** <a class="el" href="structcc__credentials__v5__t.html#80f824d334544ae2bd33c69eda1c9a09">addresses</a> </td>
244		</tr>
245		</table>
246		</td>
247		</tr>
248		</table>
249		<table cellspacing="5" cellpadding="0" border="0">
250		<tr>
251		<td>
252
253		</td>
254		<td>
255
256		<p>
257		The the list of network addresses of hosts that are allowed to authenticate using this ticket. </td>
258		</tr>
259		</table>
260		<a class="anchor" name="6cf74018168214de0ea09704d9436c03"></a><!-- doxytag: member="cc_credentials_v5_t::ticket" ref="6cf74018168214de0ea09704d9436c03" args="" --><p>
261		<table class="mdTable" cellpadding="2" cellspacing="0">
262		<tr>
263		<td class="mdRow">
264		<table cellpadding="0" cellspacing="0" border="0">
265		<tr>
266		<td class="md" nowrap valign="top"><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#6cf74018168214de0ea09704d9436c03">ticket</a> </td>
267		</tr>
268		</table>
269		</td>
270		</tr>
271		</table>
272		<table cellspacing="5" cellpadding="0" border="0">
273		<tr>
274		<td>
275
276		</td>
277		<td>
278
279		<p>
280		Ticket data. </td>
281		</tr>
282		</table>
283		<a class="anchor" name="bb02ec4ece756277bceaa85626f2bc34"></a><!-- doxytag: member="cc_credentials_v5_t::second_ticket" ref="bb02ec4ece756277bceaa85626f2bc34" args="" --><p>
284		<table class="mdTable" cellpadding="2" cellspacing="0">
285		<tr>
286		<td class="mdRow">
287		<table cellpadding="0" cellspacing="0" border="0">
288		<tr>
289		<td class="md" nowrap valign="top"><a class="el" href="structcc__data.html">cc_data</a> <a class="el" href="structcc__credentials__v5__t.html#bb02ec4ece756277bceaa85626f2bc34">second_ticket</a> </td>
290		</tr>
291		</table>
292		</td>
293		</tr>
294		</table>
295		<table cellspacing="5" cellpadding="0" border="0">
296		<tr>
297		<td>
298
299		</td>
300		<td>
301
302		<p>
303		Second ticket data. </td>
304		</tr>
305		</table>
306		<a class="anchor" name="0a8d97c740085a737b6aaec587f7fa9e"></a><!-- doxytag: member="cc_credentials_v5_t::authdata" ref="0a8d97c740085a737b6aaec587f7fa9e" args="" --><p>
307		<table class="mdTable" cellpadding="2" cellspacing="0">
308		<tr>
309		<td class="mdRow">
310		<table cellpadding="0" cellspacing="0" border="0">
311		<tr>
312		<td class="md" nowrap valign="top"><a class="el" href="structcc__data.html">cc_data</a>** <a class="el" href="structcc__credentials__v5__t.html#0a8d97c740085a737b6aaec587f7fa9e">authdata</a> </td>
313		</tr>
314		</table>
315		</td>
316		</tr>
317		</table>
318		<table cellspacing="5" cellpadding="0" border="0">
319		<tr>
320		<td>
321
322		</td>
323		<td>
324
325		<p>
326		Authorization data. </td>
327		</tr>
328		</table>
329		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
330		<a href="http://www.doxygen.org/index.html">
331		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
332		</body>
333		</html>

+0

-94

~~doc/ccapi/html/structcc__data.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_data Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_data Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__credentials__reference.html">cc_credentials_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_data" --><hr><a name="_details"></a><h2>Detailed Description</h2>
11		The CCAPI data structure. This structure is similar to a krb5_data structure. In a v5 credentials structure, <a class="el" href="structcc__data.html">cc_data</a> structures are used to store tagged variable-length binary data. Specifically, for cc_credentials_v5.ticket and cc_credentials_v5.second_ticket, the <a class="el" href="structcc__data.html#1cfc8b2545d7999b7a760b47bfbbf6e7">cc_data.type</a> field must be zero. For the cc_credentials_v5.addresses, cc_credentials_v5.authdata, and cc_credentials_v5.keyblock, the <a class="el" href="structcc__data.html#1cfc8b2545d7999b7a760b47bfbbf6e7">cc_data.type</a> field should be the address type, authorization data type, and encryption type, as defined by the Kerberos v5 protocol definition.
12		<p>
13		<h2>Data Fields</h2>
14		<ul>
15		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__data.html#1cfc8b2545d7999b7a760b47bfbbf6e7">type</a>
16		<li><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__data.html#61dffab9209fdc97d53c4cb31f746aa5">length</a>
17		<li>void * <a class="el" href="structcc__data.html#735984d41155bc1032e09bece8f8d66d">data</a>
18		</ul>
19		<hr><h2>Field Documentation</h2>
20		<a class="anchor" name="1cfc8b2545d7999b7a760b47bfbbf6e7"></a><!-- doxytag: member="cc_data::type" ref="1cfc8b2545d7999b7a760b47bfbbf6e7" args="" --><p>
21		<table class="mdTable" cellpadding="2" cellspacing="0">
22		<tr>
23		<td class="mdRow">
24		<table cellpadding="0" cellspacing="0" border="0">
25		<tr>
26		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__data.html#1cfc8b2545d7999b7a760b47bfbbf6e7">type</a> </td>
27		</tr>
28		</table>
29		</td>
30		</tr>
31		</table>
32		<table cellspacing="5" cellpadding="0" border="0">
33		<tr>
34		<td>
35
36		</td>
37		<td>
38
39		<p>
40		The type of the data as defined by the krb5_data structure. </td>
41		</tr>
42		</table>
43		<a class="anchor" name="61dffab9209fdc97d53c4cb31f746aa5"></a><!-- doxytag: member="cc_data::length" ref="61dffab9209fdc97d53c4cb31f746aa5" args="" --><p>
44		<table class="mdTable" cellpadding="2" cellspacing="0">
45		<tr>
46		<td class="mdRow">
47		<table cellpadding="0" cellspacing="0" border="0">
48		<tr>
49		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#ga00783c3f4aa70580d0900b1a79aab9d">cc_uint32</a> <a class="el" href="structcc__data.html#61dffab9209fdc97d53c4cb31f746aa5">length</a> </td>
50		</tr>
51		</table>
52		</td>
53		</tr>
54		</table>
55		<table cellspacing="5" cellpadding="0" border="0">
56		<tr>
57		<td>
58
59		</td>
60		<td>
61
62		<p>
63		The length of <em>data</em>. </td>
64		</tr>
65		</table>
66		<a class="anchor" name="735984d41155bc1032e09bece8f8d66d"></a><!-- doxytag: member="cc_data::data" ref="735984d41155bc1032e09bece8f8d66d" args="" --><p>
67		<table class="mdTable" cellpadding="2" cellspacing="0">
68		<tr>
69		<td class="mdRow">
70		<table cellpadding="0" cellspacing="0" border="0">
71		<tr>
72		<td class="md" nowrap valign="top">void* <a class="el" href="structcc__data.html#735984d41155bc1032e09bece8f8d66d">data</a> </td>
73		</tr>
74		</table>
75		</td>
76		</tr>
77		</table>
78		<table cellspacing="5" cellpadding="0" border="0">
79		<tr>
80		<td>
81
82		</td>
83		<td>
84
85		<p>
86		The data buffer. </td>
87		</tr>
88		</table>
89		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
90		<a href="http://www.doxygen.org/index.html">
91		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
92		</body>
93		</html>

+0

-67

~~doc/ccapi/html/structcc__string__d.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_string_d Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_string_d Struct Reference<br>
8		<small>
9		[<a class="el" href="group__cc__string__reference.html">cc_string_t Overview</a>]</small>
10		</h1><!-- doxytag: class="cc_string_d" --><h2>Data Fields</h2>
11		<ul>
12		<li>const char * <a class="el" href="structcc__string__d.html#8f64897c7ccc5c13f276d1d07c4e7095">data</a>
13		<li>const <a class="el" href="structcc__string__f.html">cc_string_f</a> * <a class="el" href="structcc__string__d.html#002f78b173b7dd8a6925385cd11f4b0f">functions</a>
14		</ul>
15		<hr><h2>Field Documentation</h2>
16		<a class="anchor" name="8f64897c7ccc5c13f276d1d07c4e7095"></a><!-- doxytag: member="cc_string_d::data" ref="8f64897c7ccc5c13f276d1d07c4e7095" args="" --><p>
17		<table class="mdTable" cellpadding="2" cellspacing="0">
18		<tr>
19		<td class="mdRow">
20		<table cellpadding="0" cellspacing="0" border="0">
21		<tr>
22		<td class="md" nowrap valign="top">const char* <a class="el" href="structcc__string__d.html#8f64897c7ccc5c13f276d1d07c4e7095">data</a> </td>
23		</tr>
24		</table>
25		</td>
26		</tr>
27		</table>
28		<table cellspacing="5" cellpadding="0" border="0">
29		<tr>
30		<td>
31
32		</td>
33		<td>
34
35		<p>
36		</td>
37		</tr>
38		</table>
39		<a class="anchor" name="002f78b173b7dd8a6925385cd11f4b0f"></a><!-- doxytag: member="cc_string_d::functions" ref="002f78b173b7dd8a6925385cd11f4b0f" args="" --><p>
40		<table class="mdTable" cellpadding="2" cellspacing="0">
41		<tr>
42		<td class="mdRow">
43		<table cellpadding="0" cellspacing="0" border="0">
44		<tr>
45		<td class="md" nowrap valign="top">const <a class="el" href="structcc__string__f.html">cc_string_f</a>* <a class="el" href="structcc__string__d.html#002f78b173b7dd8a6925385cd11f4b0f">functions</a> </td>
46		</tr>
47		</table>
48		</td>
49		</tr>
50		</table>
51		<table cellspacing="5" cellpadding="0" border="0">
52		<tr>
53		<td>
54
55		</td>
56		<td>
57
58		<p>
59		</td>
60		</tr>
61		</table>
62		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
63		<a href="http://www.doxygen.org/index.html">
64		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
65		</body>
66		</html>

+0

-51

~~doc/ccapi/html/structcc__string__f.html~~ less more

0		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1		<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
2		<title>Credentials Cache API : cc_string_f Struct Reference</title>
3		<link href="doxygen.css" rel="stylesheet" type="text/css">
4		<link href="tabs.css" rel="stylesheet" type="text/css">
5		</head><body>
6		<!-- Generated by Doxygen 1.4.6 -->
7		<h1>cc_string_f Struct Reference</h1><!-- doxytag: class="cc_string_f" --><hr><a name="_details"></a><h2>Detailed Description</h2>
8		Function pointer table for cc_string_t. For more information see <a class="el" href="group__cc__string__reference.html">cc_string_t Overview</a>.
9		<p>
10		<h2>Data Fields</h2>
11		<ul>
12		<li><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__string__f.html#ba3623018f7ad67de1f29f4cf1a9c66f">release</a> )(<a class="el" href="structcc__string__d.html">cc_string_t</a> io_string)
13		<dl class="el"><dd class="mdescRight"><b><a class="el" href="group__helper__macros.html#ge9bebfed2d574e69f29dd341bc8a63d9">cc_string_release()</a></b>: Release memory associated with a cc_string_t object. <a href="#ba3623018f7ad67de1f29f4cf1a9c66f"></a><br></dl></ul>
14		<hr><h2>Field Documentation</h2>
15		<a class="anchor" name="ba3623018f7ad67de1f29f4cf1a9c66f"></a><!-- doxytag: member="cc_string_f::release" ref="ba3623018f7ad67de1f29f4cf1a9c66f" args=")(cc_string_t io_string)" --><p>
16		<table class="mdTable" cellpadding="2" cellspacing="0">
17		<tr>
18		<td class="mdRow">
19		<table cellpadding="0" cellspacing="0" border="0">
20		<tr>
21		<td class="md" nowrap valign="top"><a class="el" href="group__ccapi__types__reference.html#g0ce639c8d65dc6367fb361d5bbcea874">cc_int32</a>(* <a class="el" href="structcc__string__f.html#ba3623018f7ad67de1f29f4cf1a9c66f">release</a>)(<a class="el" href="structcc__string__d.html">cc_string_t</a> io_string) </td>
22		</tr>
23		</table>
24		</td>
25		</tr>
26		</table>
27		<table cellspacing="5" cellpadding="0" border="0">
28		<tr>
29		<td>
30
31		</td>
32		<td>
33
34		<p>
35		<b><a class="el" href="group__helper__macros.html#ge9bebfed2d574e69f29dd341bc8a63d9">cc_string_release()</a></b>: Release memory associated with a cc_string_t object.
36		<p>
37		<dl compact><dt><b>Parameters:</b></dt><dd>
38		<table border="0" cellspacing="2" cellpadding="0">
39		<tr><td valign="top"></td><td valign="top"><em>io_string</em> </td><td>the string object to release. </td></tr>
40		</table>
41		</dl>
42		<dl compact><dt><b>Returns:</b></dt><dd>On success, <a class="el" href="group__ccapi__constants__reference.html#ggdf764cbdea00d65edcd07bb9953ad2b7386efd60970fd1740c97093a79558c26">ccNoError</a>. On failure, an error code representing the failure. </dd></dl>
43		</td>
44		</tr>
45		</table>
46		<hr size="1"><address style="align: right;"><small>Generated on Tue Oct 2 17:16:06 2007 for Credentials Cache API by
47		<a href="http://www.doxygen.org/index.html">
48		<img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.4.6 </small></address>
49		</body>
50		</html>

+1

-1

doc/coding-style less more

0	0	Please see
1	1
2		http://k5wiki.kerberos.org/wiki/Coding_style
	2	https://k5wiki.kerberos.org/wiki/Coding_style
3	3
4	4	for the current coding style.

+3

-3

doc/conf.py less more

44	44
45	45	# General information about the project.
46	46	project = u'MIT Kerberos'
47		copyright = u'1985-2019, MIT'
	47	copyright = u'1985-2020, MIT'
48	48
49	49	# The version info for the project you're documenting, acts as replacement for
50	50	# \|version\| and \|release\|, also used in various other places throughout the

270	270	rst_epilog += '.. \|ckeytab\| replace:: %s\n' % ckeytab
271	271	rst_epilog += '''
272	272	.. \|krb5conf\| replace:: ``/etc/krb5.conf``
273		.. \|defkeysalts\| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal``
274		.. \|defetypes\| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4``
	273	.. \|defkeysalts\| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal``
	274	.. \|defetypes\| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac``
275	275	.. \|defmkey\| replace:: ``aes256-cts-hmac-sha1-96``
276	276	.. \|copy\| unicode:: U+000A9
277	277	'''

+1

-1

doc/copyright.rst less more

0	0	Copyright
1	1	=========
2	2
3		Copyright \|copy\| 1985-2019 by the Massachusetts Institute of
	3	Copyright \|copy\| 1985-2020 by the Massachusetts Institute of
4	4	Technology and its contributors. All rights reserved.
5	5
6	6	See :ref:`mitK5license` for additional copyright and license

+1

-0

doc/formats/index.rst less more

5	5
6	6	ccache_file_format
7	7	keytab_file_format
	8	rcache_file_format
8	9	cookie
9	10	freshness_token

+50

-0

doc/formats/rcache_file_format.rst less more

	0	Replay cache file format
	1	========================
	2
	3	This section documents the second version of the replay cache file
	4	format, used by the "file2" replay cache type (new in release 1.18).
	5	The first version of the file replay cache format is not documented.
	6
	7	All accesses to the replay cache file take place under an exclusive
	8	POSIX or Windows file lock, obtained when the file is opened and
	9	released when it is closed. Replay cache files are automatically
	10	created when first accessed.
	11
	12	For each store operation, a tag is derived from the checksum part of
	13	the :RFC:`3961` ciphertext of the authenticator. The checksum is
	14	coerced to a fixed length of 12 bytes, either through truncation or
	15	right-padding with zero bytes. A four-byte timestamp is appended to
	16	the tag to produce a total record length of 16 bytes.
	17
	18	Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4
	19	algorithm (siphash_); this field is populated with random bytes when
	20	the file is first created. All remaining bytes are divided into a
	21	series of expanding hash tables:
	22
	23	* Bytes 16-16383: hash table 1 (1023 slots)
	24	* Bytes 16384-49151: hash table 2 (2048 slots)
	25	* Bytes 49152-114687: hash table 3 (4096 slots)
	26	* ...
	27
	28	Only some hash tables will be present in the file at any specific
	29	time, and the final table may be only partially filled. Replay cache
	30	files may be sparse if the filesystem supports it.
	31
	32	For each table present in the file, the tag is hashed with SipHash-2-4
	33	using the seed recorded in the file. The first byte of the seed is
	34	incremented by one (modulo 256) for each table after the first. The
	35	resulting hash value is taken modulo one less than the table size
	36	(1022 for the first hash table, 2047 for the second) to produce the
	37	index. The record may be found at the slot given by the index or at
	38	the next slot.
	39
	40	All candidate locations for the record must be searched until a slot
	41	is found with a timestamp of zero (indicating a slot which has never
	42	been written to) or an offset is reached at or beyond the end of the
	43	file. Any candidate location with a timestamp value of zero, with a
	44	timestamp value less than the current time minus clockskew, or at or
	45	beyond the end of the file is available for writing. When all
	46	candidate locations have been searched without finding a match, the
	47	new entry is written to the earliest candidate available for writing.
	48
	49	.. _siphash: https://131002.net/siphash/siphash.pdf

+1

-1

doc/html/.buildinfo less more

0	0	# Sphinx build info version 1
1	1	# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
2		config: a0a568b360acd5b11793991864b39b41
	2	config: d62bca31a1e243554fddb1656738c34a
3	3	tags: 645f666f9bcd5a90fca523b33c5a78b7

+5

-5

doc/html/_sources/admin/admin_commands/kadmin_local.rst.txt less more

418	418	Example::
419	419
420	420	kadmin: addprinc jennifer
421		WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU";
	421	No policy specified for "jennifer@ATHENA.MIT.EDU";
422	422	defaulting to no policy.
423	423	Enter password for principal jennifer@ATHENA.MIT.EDU:
424	424	Re-enter password for principal jennifer@ATHENA.MIT.EDU:

568	568	Principal: tlyu/admin@BLEEP.COM
569	569	Expiration date: [never]
570	570	Last password change: Mon Aug 12 14:16:47 EDT 1996
571		Password expiration date: [none]
	571	Password expiration date: [never]
572	572	Maximum ticket life: 0 days 10:00:00
573	573	Maximum renewable life: 7 days 00:00:00
574	574	Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
575	575	Last successful authentication: [never]
576	576	Last failed authentication: [never]
577	577	Failed password attempts: 0
578		Number of keys: 2
579		Key: vno 1, des-cbc-crc
580		Key: vno 1, des-cbc-crc:v4
	578	Number of keys: 1
	579	Key: vno 1, aes256-cts-hmac-sha384-192
	580	MKey: vno 1
581	581	Attributes:
582	582	Policy: [none]
583	583

+1

-2

doc/html/_sources/admin/admin_commands/kadmind.rst.txt less more

73	73
74	74	-nofork
75	75	causes the server to remain in the foreground and remain
76		associated to the terminal. In normal operation, you should allow
77		the server to place itself in the background.
	76	associated to the terminal.
78	77
79	78	-proponly
80	79	causes the server to only listen and respond to Kerberos replica

+48

-68

doc/html/_sources/admin/admin_commands/kdb5_ldap_util.rst.txt less more

28	28
29	29	.. _kdb5_ldap_util_options:
30	30
	31	-r realm
	32	Specifies the realm to be operated on.
	33
31	34	-D user_dn
32	35	Specifies the Distinguished Name (DN) of the user who has
33	36	sufficient rights to perform the operation on the LDAP server.

37	40	recommended.
38	41
39	42	-H ldapuri
40		Specifies the URI of the LDAP server. It is recommended to use
41		``ldapi://`` or ``ldaps://`` to connect to the LDAP server.
	43	Specifies the URI of the LDAP server.
	44
	45	By default, kdb5_ldap_util operates on the default realm (as specified
	46	in :ref:`krb5.conf(5)`) and connects and authenticates to the LDAP
	47	server in the same manner as :ref:kadmind(8)` would given the
	48	parameters in :ref:`dbdefaults` in :ref:`kdc.conf(5)`.
42	49
43	50	.. _kdb5_ldap_util_options_end:
44	51

57	64	[-containerref container_reference_dn]
58	65	[-k mkeytype]
59	66	[-kv mkeyVNO]
	67	[-M mkeyname]
60	68	[-m\|-P password\\|\ -sf stashfilename]
61	69	[-s]
62		[-r realm]
63	70	[-maxtktlife max_ticket_life]
64	71	[-maxrenewlife max_renewable_ticket_life]
65	72	[ticket_flags]

91	98	Specifies the version number of the master key in the database;
92	99	the default is 1. Note that 0 is not allowed.
93	100
	101	-M mkeyname
	102	Specifies the principal name for the master key in the database.
	103	If not specified, the name is determined by the
	104	master_key_name variable in :ref:`kdc.conf(5)`.
	105
94	106	-m
95	107	Specifies that the master database password should be read from
96	108	the TTY rather than fetched from a file on the disk.

98	110	-P password
99	111	Specifies the master database password. This option is not
100	112	recommended.
101
102		-r realm
103		Specifies the Kerberos realm of the database.
104	113
105	114	-sf stashfilename
106	115	Specifies the stash file of the master database password.

124	133	Example::
125	134
126	135	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
127		create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU
	136	-r ATHENA.MIT.EDU create -subtrees o=org -sscope SUB
128	137	Password for "cn=admin,o=org":
129	138	Initializing database for realm 'ATHENA.MIT.EDU'
130	139	You will be prompted for the database Master Password.

143	152	[-subtrees subtree_dn_list]
144	153	[-sscope search_scope]
145	154	[-containerref container_reference_dn]
146		[-r realm]
147	155	[-maxtktlife max_ticket_life]
148	156	[-maxrenewlife max_renewable_ticket_life]
149	157	[ticket_flags]

164	172	container object in which the principals of a realm will be
165	173	created.
166	174
167		-r realm
168		Specifies the Kerberos realm of the database.
169
170	175	-maxtktlife max_ticket_life
171	176	(:ref:`getdate` string) Specifies maximum ticket life for
172	177	principals in this realm.

182	187
183	188	Example::
184	189
185		shell% kdb5_ldap_util -D cn=admin,o=org -H
186		ldaps://ldap-server1.mit.edu modify +requires_preauth -r
187		ATHENA.MIT.EDU
	190	shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	191	ldaps://ldap-server1.mit.edu modify +requires_preauth
188	192	Password for "cn=admin,o=org":
189	193	shell%
190	194

195	199
196	200	.. _kdb5_ldap_util_view:
197	201
198		view [-r realm]
199
200		Displays the attributes of a realm. Options:
201
202		-r realm
203		Specifies the Kerberos realm of the database.
204
205		Example::
206
207		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
208		view -r ATHENA.MIT.EDU
	202	view
	203
	204	Displays the attributes of a realm.
	205
	206	Example::
	207
	208	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	209	-r ATHENA.MIT.EDU view
209	210	Password for "cn=admin,o=org":
210	211	Realm Name: ATHENA.MIT.EDU
211	212	Subtree: ou=users,o=org

222	223
223	224	.. _kdb5_ldap_util_destroy:
224	225
225		destroy [-f] [-r realm]
	226	destroy [-f]
226	227
227	228	Destroys an existing realm. Options:
228	229
229	230	-f
230	231	If specified, will not prompt the user for confirmation.
231	232
232		-r realm
233		Specifies the Kerberos realm of the database.
234
235		Example::
236
237		shell% kdb5_ldap_util -D cn=admin,o=org -H
238		ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
	233	Example::
	234
	235	shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	236	ldaps://ldap-server1.mit.edu destroy
239	237	Password for "cn=admin,o=org":
240	238	Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
241	239	(type 'yes' to confirm)? yes

251	249
252	250	list
253	251
254		Lists the name of realms.
	252	Lists the names of realms under the container.
255	253
256	254	Example::
257	255

307	305	.. _kdb5_ldap_util_create_policy:
308	306
309	307	create_policy
310		[-r realm]
311	308	[-maxtktlife max_ticket_life]
312	309	[-maxrenewlife max_renewable_ticket_life]
313	310	[ticket_flags]
314	311	policy_name
315	312
316	313	Creates a ticket policy in the directory. Options:
317
318		-r realm
319		Specifies the Kerberos realm of the database.
320	314
321	315	-maxtktlife max_ticket_life
322	316	(:ref:`getdate` string) Specifies maximum ticket life for

338	332	Example::
339	333
340	334	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
341		create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day"
	335	-r ATHENA.MIT.EDU create_policy -maxtktlife "1 day"
342	336	-maxrenewlife "1 week" -allow_postdated +needchange
343	337	-allow_forwardable tktpolicy
344	338	Password for "cn=admin,o=org":

351	345	.. _kdb5_ldap_util_modify_policy:
352	346
353	347	modify_policy
354		[-r realm]
355	348	[-maxtktlife max_ticket_life]
356	349	[-maxrenewlife max_renewable_ticket_life]
357	350	[ticket_flags]

363	356	Example::
364	357
365	358	kdb5_ldap_util -D cn=admin,o=org -H
366		ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU
	359	ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify_policy
367	360	-maxtktlife "60 minutes" -maxrenewlife "10 hours"
368	361	+allow_postdated -requires_preauth tktpolicy
369	362	Password for "cn=admin,o=org":

376	369	.. _kdb5_ldap_util_view_policy:
377	370
378	371	view_policy
379		[-r realm]
380	372	policy_name
381	373
382		Displays the attributes of a ticket policy. Options:
383
384		policy_name
385		Specifies the name of the ticket policy.
386
387		Example::
388
389		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
390		view_policy -r ATHENA.MIT.EDU tktpolicy
	374	Displays the attributes of the named ticket policy.
	375
	376	Example::
	377
	378	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	379	-r ATHENA.MIT.EDU view_policy tktpolicy
391	380	Password for "cn=admin,o=org":
392	381	Ticket policy: tktpolicy
393	382	Maximum ticket life: 0 days 01:00:00

402	391	.. _kdb5_ldap_util_destroy_policy:
403	392
404	393	destroy_policy
405		[-r realm]
406	394	[-force]
407	395	policy_name
408	396
409	397	Destroys an existing ticket policy. Options:
410
411		-r realm
412		Specifies the Kerberos realm of the database.
413	398
414	399	-force
415	400	Forces the deletion of the policy object. If not specified, the

421	406	Example::
422	407
423	408	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
424		destroy_policy -r ATHENA.MIT.EDU tktpolicy
	409	-r ATHENA.MIT.EDU destroy_policy tktpolicy
425	410	Password for "cn=admin,o=org":
426	411	This will delete the policy object 'tktpolicy', are you sure?
427	412	(type 'yes' to confirm)? yes

435	420	.. _kdb5_ldap_util_list_policy:
436	421
437	422	list_policy
438		[-r realm]
439
440		Lists the ticket policies in realm if specified or in the default
441		realm. Options:
442
443		-r realm
444		Specifies the Kerberos realm of the database.
445
446		Example::
447
448		kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
449		list_policy -r ATHENA.MIT.EDU
	423
	424	Lists ticket policies.
	425
	426	Example::
	427
	428	kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
	429	-r ATHENA.MIT.EDU list_policy
450	430	Password for "cn=admin,o=org":
451	431	tktpolicy
452	432	tmppolicy

+7

-14

doc/html/_sources/admin/admin_commands/kdb5_util.rst.txt less more

135	135
136	136	.. _kdb5_util_dump:
137	137
138		dump [-b7\\|\ -ov\\|\ -r13\\|\ -r18]
	138	dump [-b7\\|\ -r13\\|\ -r18]
139	139	[-verbose] [-mkey_convert] [-new_mkey_file
140	140	mkey_file] [-rev] [-recurse] [filename
141	141	[principals...]]

149	149	causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util
150	150	load_dump version 4"). This was the dump format produced on
151	151	releases prior to 1.2.2.
152
153		-ov
154		causes the dump to be in "ovsec_adm_export" format.
155	152
156	153	-r13
157	154	causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util

203	200
204	201	.. _kdb5_util_load:
205	202
206		load [-b7\\|\ -ov\\|\ -r13\\|\ -r18] [-hash]
	203	load [-b7\\|\ -r13\\|\ -r18] [-hash]
207	204	[-verbose] [-update] filename
208	205
209	206	Loads a database dump from the named file into the named database. If

220	217	requires the database to be in the Kerberos 5 Beta 7 format
221	218	("kdb5_util load_dump version 4"). This was the dump format
222	219	produced on releases prior to 1.2.2.
223
224		-ov
225		requires the database to be in "ovsec_adm_import" format. Must be
226		used with the -update option.
227	220
228	221	-r13
229	222	requires the database to be in Kerberos 5 1.3 format ("kdb5_util

482	475	$ kdb5_util tabdump -o keyinfo.txt keyinfo
483	476	$ cat keyinfo.txt
484	477	name keyindex kvno enctype salttype salt
	478	K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
485	479	foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
486	480	bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
487		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
488	481	$ sqlite3
489	482	sqlite> .mode tabs
490	483	sqlite> .import keyinfo.txt keyinfo
491		sqlite> select * from keyinfo where enctype like 'des-cbc-%';
492		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	484	sqlite> select * from keyinfo where enctype like 'aes256-%';
	485	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
493	486	sqlite> .quit
494		$ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
495		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	487	$ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
	488	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
496	489
497	490
498	491	ENVIRONMENT

+5

-5

doc/html/_sources/admin/admin_commands/krb5kdc.rst.txt less more

30	30	-------
31	31
32	32	The -r realm option specifies the realm for which the server
33		should provide service.
	33	should provide service. This option may be specified multiple times
	34	to serve multiple realms. If no -r option is given, the default
	35	realm (as specified in :ref:`krb5.conf(5)`) will be served.
34	36
35	37	The -d dbname option specifies the name under which the
36	38	principal database can be found. This option does not apply to the

38	40
39	41	The -k keytype option specifies the key type of the master key
40	42	to be entered manually as a password when -m is given; the default
41		is ``des-cbc-crc``.
	43	is \|defmkey\|.
42	44
43	45	The -M mkeyname option specifies the principal name for the
44	46	master key in the database (usually ``K/M`` in the KDC's realm).

47	49	be fetched from the keyboard rather than from a stash file.
48	50
49	51	The -n option specifies that the KDC does not put itself in the
50		background and does not disassociate itself from the terminal. In
51		normal operation, you should always allow the KDC to place itself in
52		the background.
	52	background and does not disassociate itself from the terminal.
53	53
54	54	The -P pid_file option tells the KDC to write its PID into
55	55	pid_file after it starts up. This can be used to identify whether

+2

-20

doc/html/_sources/admin/admin_commands/ktutil.rst.txt less more

12	12	-----------
13	13
14	14	The ktutil command invokes a command interface from which an
15		administrator can read, write, or edit entries in a keytab or Kerberos
16		V4 srvtab file.
	15	administrator can read, write, or edit entries in a keytab. (Kerberos
	16	V4 srvtab files are no longer supported.)
17	17
18	18
19	19	COMMANDS

37	37
38	38	Alias: rkt
39	39
40		read_st
41		~~~~~~~
42
43		read_st srvtab
44
45		Read the Kerberos V4 srvtab file srvtab into the current keylist.
46
47		Alias: rst
48
49	40	write_kt
50	41	~~~~~~~~
51	42

54	45	Write the current keylist into the Kerberos V5 keytab file keytab.
55	46
56	47	Alias: wkt
57
58		write_st
59		~~~~~~~~
60
61		write_st srvtab
62
63		Write the current keylist into the Kerberos V4 srvtab file srvtab.
64
65		Alias: wst
66	48
67	49	clear_list
68	50	~~~~~~~~~~

+0

-1

doc/html/_sources/admin/advanced/index.rst.txt less more

4	4	.. toctree::
5	5	:maxdepth: 1
6	6
7		ldapbackend.rst
8	7	retiring-des.rst

+0

-143

~~doc/html/_sources/admin/advanced/ldapbackend.rst.txt~~ less more

0		.. _ldap_be_ubuntu:
1
2		LDAP backend on Ubuntu 10.4 (lucid)
3		===================================
4
5		Setting up Kerberos v1.9 with LDAP backend on Ubuntu 10.4 (Lucid Lynx)
6
7
8		Prerequisites
9		-------------
10
11		Install the following packages: slapd, ldap-utils and libldap2-dev
12
13		You can install the necessary packages with these commands::
14
15		sudo apt-get install slapd
16		sudo apt-get install ldap-utils
17		sudo apt-get install libldap2-dev
18
19		Extend the user schema using schemas from standart OpenLDAP
20		distribution: cosine, mics, nis, inetcomperson ::
21
22		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
23		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/mics.ldif
24		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
25		ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetcomperson.ldif
26
27
28		Building Kerberos from source
29		-----------------------------
30
31		::
32
33		./configure --with-ldap
34		make
35		sudo make install
36
37
38		Setting up Kerberos
39		-------------------
40
41		Configuration
42		~~~~~~~~~~~~~
43
44		Update kdc.conf with the LDAP back-end information::
45
46		[realms]
47		EXAMPLE.COM = {
48		database_module = LDAP
49		}
50
51		[dbmodules]
52		LDAP = {
53		db_library = kldap
54		ldap_kerberos_container_dn = cn=krbContainer,dc=example,dc=com
55		ldap_kdc_dn = cn=admin,dc=example,dc=com
56		ldap_kadmind_dn = cn=admin,dc=example,dc=com
57		ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
58		ldap_servers = ldapi:///
59		}
60
61
62		Schema
63		~~~~~~
64
65		From the source tree copy
66		``src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema`` into
67		``/etc/ldap/schema``
68
69		Warning: this step should be done after slapd is installed to avoid
70		problems with slapd installation.
71
72		To convert kerberos.schema to run-time configuration (``cn=config``)
73		do the following:
74
75		#. Create a temporary file ``/tmp/schema_convert.conf`` with the
76		following content::
77
78		include /etc/ldap/schema/kerberos.schema
79
80		#. Create a temporary directory ``/tmp/krb5_ldif``.
81
82		#. Run::
83
84		slaptest -f /tmp/schema_convert.conf -F /tmp/krb5_ldif
85
86		This should in a new file named
87		``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif``.
88
89		#. Edit ``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif`` by
90		replacing the lines::
91
92		dn: cn={0}kerberos
93		cn: {0}kerberos
94
95		with
96
97		dn: cn=kerberos,cn=schema,cn=config
98		cn: kerberos
99
100		Also, remove following attribute-value pairs::
101
102		structuralObjectClass: olcSchemaConfig
103		entryUUID: ...
104		creatorsName: cn=config
105		createTimestamp: ...
106		entryCSN: ...
107		modifiersName: cn=config
108		modifyTimestamp: ...
109
110		#. Load the new schema with ldapadd (with the proper authentication)::
111
112		ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif
113
114		which should result the message ``adding new entry
115		"cn=kerberos,cn=schema,cn=config"``.
116
117
118		Create Kerberos database
119		------------------------
120
121		Using LDAP administrator credentials, create Kerberos database and
122		master key stash::
123
124		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
125
126		Stash the LDAP administrative passwords::
127
128		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// stashsrvpw cn=admin,dc=example,dc=com
129
130		Start :ref:`krb5kdc(8)`::
131
132		krb5kdc
133
134		To destroy database run::
135
136		kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// destroy -f
137
138
139		Useful references
140		-----------------
141
142		* `Kerberos and LDAP <https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html>`_

+5

-0

doc/html/_sources/admin/advanced/retiring-des.rst.txt less more

20	20	However, deployments of krb5 using Kerberos databases created with older
21	21	versions of krb5 will not necessarily start using strong crypto for
22	22	ordinary operation without administrator intervention.
	23
	24	MIT krb5 began flagging deprecated encryption types with release 1.17,
	25	and removed DES (single-DES) support in release 1.18. As a
	26	consequence, a release prior to 1.18 is required to perform these
	27	migrations.
23	28
24	29	Types of keys
25	30	-------------

+37

-0

doc/html/_sources/admin/appl_servers.rst.txt less more

57	57	.. include:: admin_commands/kadmin_local.rst
58	58	:start-after: _ktremove:
59	59	:end-before: _ktremove_end:
	60
	61
	62	Using a keytab to acquire client credentials
	63	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	64
	65	While keytabs are ordinarily used to accept credentials from clients,
	66	they can also be used to acquire initial credentials, allowing one
	67	service to authenticate to another.
	68
	69	To manually obtain credentials using a keytab, use the :ref:`kinit(1)`
	70	-k option, together with the -t option if the keytab is not in
	71	the default location.
	72
	73	Beginning with release 1.11, GSSAPI applications can be configured to
	74	automatically obtain initial credentials from a keytab as needed. The
	75	recommended configuration is as follows:
	76
	77	#. Create a keytab containing a single entry for the desired client
	78	identity.
	79
	80	#. Place the keytab in a location readable by the service, and set the
	81	KRB5_CLIENT_KTNAME environment variable to its filename.
	82	Alternatively, use the default_client_keytab_name profile
	83	variable in :ref:`libdefaults`, or use the default location of
	84	\|ckeytab\|.
	85
	86	#. Set KRB5CCNAME to a filename writable by the service, which
	87	will not be used for any other purpose. Do not manually obtain
	88	credentials at this location. (Another credential cache type
	89	besides FILE can be used if desired, as long the cache will not
	90	conflict with another use. A MEMORY cache can be used if the
	91	service runs as a long-lived process. See :ref:`ccache_definition`
	92	for details.)
	93
	94	#. Start the service. When it authenticates using GSSAPI, it will
	95	automatically obtain credentials from the client keytab into the
	96	specified credential cache, and refresh them before they expire.
60	97
61	98
62	99	Clock Skew

+9

-22

doc/html/_sources/admin/conf_files/kdc_conf.rst.txt less more

380	380	listed in host_based_services. ``no_host_referral = *`` will
381	381	disable referral processing altogether.
382	382
383		des_crc_session_supported
384		(Boolean value). If set to true, the KDC will assume that service
385		principals support des-cbc-crc for session key enctype negotiation
386		purposes. If allow_weak_crypto in :ref:`libdefaults` is
387		false, or if des-cbc-crc is not a permitted enctype, then this
388		variable has no effect. Defaults to true. New in release 1.11.
389
390	383	reject_bad_transit
391	384	(Boolean value.) If set to true, the KDC will check the list of
392	385	transited realms for cross-realm tickets against the transit path

452	445	* ldap_kadmind_sasl_mech
453	446	* ldap_kadmind_sasl_realm
454	447	* ldap_service_password_file
455		* ldap_servers
456	448	* ldap_conns_per_server
457	449
458	450

648	640	facility is specified, the default is AUTH.
649	641
650	642	In the following example, the logging messages from the KDC will go to
651		the console and to the system log under the facility LOG_DAEMON with
652		default severity of LOG_INFO; and the logging messages from the
653		administrative server will be appended to the file
654		``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. ::
	643	the console and to the system log under the facility LOG_DAEMON, and
	644	the logging messages from the administrative server will be appended
	645	to the file ``/var/adm/kadmin.log`` and sent to the device
	646	``/dev/tty04``. ::
655	647
656	648	[logging]
657	649	kdc = CONSOLE
658	650	kdc = SYSLOG:INFO:DAEMON
659	651	admin_server = FILE:/var/adm/kadmin.log
660	652	admin_server = DEVICE=/dev/tty04
	653
	654	If no logging specification is given, the default is to use syslog.
	655	To disable logging entirely, specify ``default = DEVICE=/dev/null``.
661	656
662	657
663	658	.. _otp:

847	842	not recommended for use.
848	843
849	844	==================================================== =========================================================
850		des-cbc-crc DES cbc mode with CRC-32 (weak)
851		des-cbc-md4 DES cbc mode with RSA-MD4 (weak)
852		des-cbc-md5 DES cbc mode with RSA-MD5 (weak)
853		des-cbc-raw DES cbc mode raw (weak)
854	845	des3-cbc-raw Triple DES cbc mode raw (weak)
855	846	des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1
856		des-hmac-sha1 DES with HMAC/sha1 (weak)
857	847	aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC
858	848	aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC
859	849	aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC

862	852	arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak)
863	853	camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC
864	854	camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC
865		des The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
866	855	des3 The triple DES family: des3-cbc-sha1
867	856	aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128
868	857	rc4 The RC4 family: arcfour-hmac

874	863	from the current list by prefixing them with a minus sign ("-").
875	864	Types or families can be prefixed with a plus sign ("+") for symmetry;
876	865	it has the same meaning as just listing the type or family. For
877		example, "``DEFAULT -des``" would be the default set of encryption
878		types with DES types removed, and "``des3 DEFAULT``" would be the
	866	example, "``DEFAULT -rc4``" would be the default set of encryption
	867	types with RC4 types removed, and "``des3 DEFAULT``" would be the
879	868	default set of encryption types with triple DES types moved to the
880	869	front.
881	870

916	905
917	906	================= ============================================
918	907	normal default for Kerberos Version 5
919		v4 the only type used by Kerberos Version 4 (no salt)
920	908	norealm same as the default, without using realm information
921	909	onlyrealm uses only realm information as the salt
922		afs3 AFS version 3, only used for compatibility with Kerberos 4 in AFS
923	910	special generate a random salt
924	911	================= ============================================
925	912

+46

-65

doc/html/_sources/admin/conf_files/krb5_conf.rst.txt less more

34	34	baz = quux
35	35	}
36	36
37		Placing a '\' at the end of a line indicates that this is the final*
38		value for the tag. This means that neither the remainder of this
39		configuration file nor any other configuration file will be checked
40		for any other values for this tag.
41
42		For example, if you have the following lines::
43
44		foo = bar*
45		foo = baz
46
47		then the second value of ``foo`` (``baz``) would never be read.
	37	Placing a '\*' after the closing bracket of a section name indicates
	38	that the section is final, meaning that if the same section appears
	39	within a later file specified in KRB5_CONFIG, it will be ignored.
	40	A subsection can be marked as final by placing a '\*' after either the
	41	tag name or the closing brace.
48	42
49	43	The krb5.conf file can include other files using either of the
50	44	following directives at the beginning of a line::

105	99	in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered
106	100	out of the lists default_tgs_enctypes,
107	101	default_tkt_enctypes, and permitted_enctypes. The default
108		value for this tag is false, which may cause authentication
109		failures in existing Kerberos infrastructures that do not support
110		strong crypto. Users in affected environments should set this tag
111		to true until their infrastructure adopts stronger ciphers.
112
113		ap_req_checksum_type
114		An integer which specifies the type of AP-REQ checksum to use in
115		authenticators. This variable should be unset so the appropriate
116		checksum for the encryption key in use will be used. This can be
117		set if backward compatibility requires a specific checksum type.
118		See the kdc_req_checksum_type configuration option for the
119		possible values and their meanings.
	102	value for this tag is false.
120	103
121	104	canonicalize
122	105	If this flag is set to true, initial ticket requests to the KDC

158	141	application servers such as sshd. The default is \|keytab\|. This
159	142	relation is subject to parameter expansion (see below).
160	143
	144	default_rcache_name
	145	This relation specifies the name of the default replay cache.
	146	The default is ``dfl:``. This relation is subject to parameter
	147	expansion (see below). New in release 1.18.
	148
161	149	default_realm
162	150	Identifies the default Kerberos realm for the client. Set its
163	151	value to your Kerberos realm. If this value is not set, then a

170	158	preference from highest to lowest. The list may be delimited with
171	159	commas or whitespace. See :ref:`Encryption_types` in
172	160	:ref:`kdc.conf(5)` for a list of the accepted values for this tag.
173		The default value is \|defetypes\|, but single-DES encryption types
174		will be implicitly removed from this list if the value of
175		allow_weak_crypto is false.
	161	Starting in release 1.18, the default value is the value of
	162	permitted_enctypes. For previous releases or if
	163	permitted_enctypes is not set, the default value is
	164	\|defetypes\|.
176	165
177	166	Do not set this unless required for specific backward
178	167	compatibility purposes; stale values of this setting can prevent

183	172	Identifies the supported list of session key encryption types that
184	173	the client should request when making an AS-REQ, in order of
185	174	preference from highest to lowest. The format is the same as for
186		default_tgs_enctypes. The default value for this tag is
187		\|defetypes\|, but single-DES encryption types will be implicitly
188		removed from this list if the value of allow_weak_crypto is
189		false.
	175	default_tgs_enctypes. Starting in release 1.18, the default
	176	value is the value of permitted_enctypes. For previous
	177	releases or if permitted_enctypes is not set, the default
	178	value is \|defetypes\|.
190	179
191	180	Do not set this unless required for specific backward
192	181	compatibility purposes; stale values of this setting can prevent

199	188	to false can improve security by reducing reliance on DNS, but
200	189	means that short hostnames will not be canonicalized to
201	190	fully-qualified hostnames. The default value is true.
	191
	192	If this option is set to ``fallback`` (new in release 1.18), DNS
	193	canonicalization will only be performed the server hostname is not
	194	found with the original name when requesting credentials.
202	195
203	196	dns_lookup_kdc
204	197	Indicate whether DNS SRV records should be used to locate the KDCs

222	215	krb5.conf information for the realm. SRV records are used as a
223	216	fallback if no URI records were found. The default value is true.
224	217	New in release 1.15.
	218
	219	enforce_ok_as_delegate
	220	If this flag to true, GSSAPI credential delegation will be
	221	disabled when the ``ok-as-delegate`` flag is not set in the
	222	service ticket. If this flag is false, the ``ok-as-delegate``
	223	ticket flag is only enforced when an application specifically
	224	requests enforcement. The default value is false.
225	225
226	226	err_fmt
227	227	This relation allows for custom error message formatting. If a

292	292	corrective factor is only used by the Kerberos library; it is not
293	293	used to change the system clock. The default value is 1.
294	294
295		kdc_req_checksum_type
296		An integer which specifies the type of checksum to use for the KDC
297		requests, for compatibility with very old KDC implementations.
298		This value is only used for DES keys; other keys use the preferred
299		checksum type for those keys.
300
301		The possible values and their meanings are as follows.
302
303		======== ===============================
304		1 CRC32
305		2 RSA MD4
306		3 RSA MD4 DES
307		4 DES CBC
308		7 RSA MD5
309		8 RSA MD5 DES
310		9 NIST SHA
311		12 HMAC SHA1 DES3
312		-138 Microsoft MD5 HMAC checksum type
313		======== ===============================
314
315	295	noaddresses
316	296	If this flag is true, requests for initial tickets will not be
317	297	made with address restrictions set, allowing the tickets to be
318	298	used across NATs. The default value is true.
319	299
320	300	permitted_enctypes
321		Identifies all encryption types that are permitted for use in
322		session key encryption. The default value for this tag is
323		\|defetypes\|, but single-DES encryption types will be implicitly
324		removed from this list if the value of allow_weak_crypto is
325		false.
	301	Identifies the encryption types that servers will permit for
	302	session keys and for ticket and authenticator encryption, ordered
	303	by preference from highest to lowest. Starting in release 1.18,
	304	this tag also acts as the default value for
	305	default_tgs_enctypes and default_tkt_enctypes. The
	306	default value for this tag is \|defetypes\|.
326	307
327	308	plugin_base_dir
328	309	If set, determines the base directory where krb5 plugins are

339	320	proxiable
340	321	If this flag is true, initial tickets will be proxiable by
341	322	default, if allowed by the KDC. The default value is false.
	323
	324	qualify_shortname
	325	If this string is set, it determines the domain suffix for
	326	single-component hostnames when DNS canonicalization is not used
	327	(either because dns_canonicalize_hostname is false or because
	328	forward canonicalization failed). The default value is the first
	329	search domain of the system's DNS configuration. To disable
	330	qualification of shortnames, set this relation to the empty string
	331	with ``qualify_shortname = ""``. (New in release 1.18.)
342	332
343	333	rdns
344	334	If this flag is true, reverse name lookup will be used in addition

359	349	renew_lifetime
360	350	(:ref:`duration` string.) Sets the default renewable lifetime
361	351	for initial ticket requests. The default value is 0.
362
363		safe_checksum_type
364		An integer which specifies the type of checksum to use for the
365		KRB-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
366		compatibility with applications linked against DCE version 1.1 or
367		earlier Kerberos libraries, use a value of 3 to use the RSA MD4
368		DES instead. This field is ignored when its value is incompatible
369		with the session key type. See the kdc_req_checksum_type
370		configuration option for the possible values and their meanings.
371	352
372	353	spake_preauth_groups
373	354	A whitespace or comma-separated list of words which specifies the

1141	1122	specifies X509_user_identity on the command line.
1142	1123
1143	1124	pkinit_kdc_hostname
1144		The presense of this option indicates that the client is willing
	1125	The presence of this option indicates that the client is willing
1145	1126	to accept a KDC certificate with a dNSName SAN (Subject
1146	1127	Alternative Name) rather than requiring the id-pkinit-san as
1147	1128	defined in :rfc:`4556`. This option may be specified multiple

+55

-85

doc/html/_sources/admin/conf_ldap.rst.txt less more

3	3	===========================================
4	4
5	5
6		1. Set up SSL on the OpenLDAP server and client to ensure secure
7		communication when the KDC service and LDAP server are on different
8		machines. ``ldapi://`` can be used if the LDAP server and KDC
9		service are running on the same machine.
	6	1. Make sure the LDAP server is using local authentication
	7	(``ldapi://``) or TLS (``ldaps``). See
	8	https://www.openldap.org/doc/admin24/tls.html for instructions on
	9	configuring TLS support in OpenLDAP.
10	10
11		A. Setting up SSL on the OpenLDAP server:
	11	2. Add the Kerberos schema file to the LDAP Server using the OpenLDAP
	12	LDIF file from the krb5 source directory
	13	(``src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif``).
	14	The following example uses local authentication::
12	15
13		i) Get a CA certificate using OpenSSL tools
14		ii) Configure OpenLDAP server for using SSL/TLS
15
16		For the latter, you need to specify the location of CA
17		certificate location in slapd.conf file.
18
19		Refer to the following link for more information:
20		https://www.openldap.org/doc/admin23/tls.html
21
22		B. Setting up SSL on OpenLDAP client:
23
24		i) For the KDC and Admin Server, you need to do the client-side
25		configuration in ldap.conf. For example::
26
27		TLS_CACERT /etc/openldap/certs/cacert.pem
28
29		2. Include the Kerberos schema file (kerberos.schema) in the
30		configuration file (slapd.conf) on the LDAP Server, by providing
31		the location where it is stored::
32
33		include /etc/openldap/schema/kerberos.schema
	16	ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/kerberos.openldap.ldif
34	17
35	18	3. Choose DNs for the :ref:`krb5kdc(8)` and :ref:`kadmind(8)` servers
36		to bind to the LDAP server, and create them if necessary. These DNs
37		will be specified with the ldap_kdc_dn and ldap_kadmind_dn
38		directives in :ref:`kdc.conf(5)`; their passwords can be stashed
39		with "``kdb5_ldap_util stashsrvpw``" and the resulting file
40		specified with the ldap_service_password_file directive.
	19	to bind to the LDAP server, and create them if necessary. Specify
	20	these DNs with the ldap_kdc_dn and ldap_kadmind_dn
	21	directives in :ref:`kdc.conf(5)`. The kadmind DN will also be
	22	used for administrative commands such as :ref:`kdb5_util(8)`.
41	23
42		4. Choose a DN for the global Kerberos container entry (but do not
43		create the entry at this time). This DN will be specified with the
	24	Alternatively, you may configure krb5kdc and kadmind to use SASL
	25	authentication to access the LDAP server; see the :ref:`dbmodules`
	26	relations ldap_kdc_sasl_mech and similar.
	27
	28	4. Specify a location for the LDAP service password file by setting
	29	ldap_service_password_file. Use ``kdb5_ldap_util stashsrvpw``
	30	to stash passwords for the KDC and kadmind DNs chosen above. For
	31	example::
	32
	33	kdb5_ldap_util stashsrvpw -f /path/to/service.keyfile cn=krbadmin,dc=example,dc=com
	34
	35	Skip this step if you are using SASL authentication and the
	36	mechanism does not require a password.
	37
	38	5. Choose a DN for the global Kerberos container entry (but do not
	39	create the entry at this time). Specify this DN with the
44	40	ldap_kerberos_container_dn directive in :ref:`kdc.conf(5)`.
45	41	Realm container entries will be created underneath this DN.
46	42	Principal entries may exist either underneath the realm container
47	43	(the default) or in separate trees referenced from the realm
48	44	container.
49	45
50		5. Configure the LDAP server ACLs to enable the KDC and kadmin server
	46	6. Configure the LDAP server ACLs to enable the KDC and kadmin server
51	47	DNs to read and write the Kerberos data. If
52	48	disable_last_success and disable_lockout are both set to
53	49	true in the :ref:`dbmodules` subsection for the realm, then the

61	57	access to dn.base="cn=Subschema"
62	58	by * read
63	59
64		access to attrs=userPassword,userPKCS12
65		by self write
66		by * auth
67
68		access to attrs=shadowLastChange
69		by self write
70		by * read
71
72		# Providing access to realm container
	60	# Provide access to the realm container.
73	61	access to dn.subtree= "cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com"
74	62	by dn.exact="cn=kdc-service,dc=example,dc=com" write
75	63	by dn.exact="cn=adm-service,dc=example,dc=com" write
76	64	by * none
77	65
78		# Providing access to principals, if not underneath realm container
	66	# Provide access to principals, if not underneath the realm container.
79	67	access to dn.subtree= "ou=users,dc=example,dc=com"
80	68	by dn.exact="cn=kdc-service,dc=example,dc=com" write
81	69	by dn.exact="cn=adm-service,dc=example,dc=com" write

84	72	access to *
85	73	by * read
86	74
87		If the locations of the container and principals or the DNs of
88		the service objects for a realm are changed then this
89		information should be updated.
	75	If the locations of the container and principals or the DNs of the
	76	service objects for a realm are changed then this information
	77	should be updated.
90	78
91		6. Start the LDAP server as follows::
	79	7. In :ref:`kdc.conf(5)`, make sure the following relations are set
	80	in the :ref:`dbmodules` subsection for the realm::
92	81
93		slapd -h "ldapi:/// ldaps:///"
94
95		7. Modify the :ref:`kdc.conf(5)` file to include LDAP specific items
96		listed below::
97
98		realms
99		database_module
100
101		dbmodules
102		db_library
103		db_module_dir
104		ldap_kdc_dn
105		ldap_kadmind_dn
106		ldap_service_password_file
107		ldap_servers
108		ldap_conns_per_server
	82	db_library (set to ``kldap``)
	83	ldap_kerberos_container_dn
	84	ldap_kdc_dn
	85	ldap_kadmind_dn
	86	ldap_service_password_file
	87	ldap_servers
109	88
110	89	8. Create the realm using :ref:`kdb5_ldap_util(8)` (see
111	90	:ref:`ldap_create_realm`)::
112	91
113		kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees ou=users,dc=example,dc=com -r EXAMPLE.COM -s
	92	kdb5_ldap_util create -subtrees ou=users,dc=example,dc=com -s
114	93
115	94	Use the -subtrees option if the principals are to exist in a
116	95	separate subtree from the realm container. Before executing the

122	101	For more information, refer to the section :ref:`ops_on_ldap`.
123	102
124	103	The realm object is created under the
125		ldap_kerberos_container_dn specified in the configuration file.
126		This operation will also create the Kerberos container, if not
127		present already. This will be used to store information related to
128		all realms.
	104	ldap_kerberos_container_dn specified in the configuration
	105	file. This operation will also create the Kerberos container, if
	106	not present already. This container can be used to store
	107	information related to multiple realms.
129	108
130		9. Stash the password of the service object used by the KDC and
131		Administration service to bind to the LDAP server using the
132		:ref:`kdb5_ldap_util(8)` stashsrvpw command (see
133		:ref:`stash_ldap`). The object DN should be the same as
134		ldap_kdc_dn and ldap_kadmind_dn values specified in the
135		:ref:`kdc.conf(5)` file::
136
137		kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f /etc/kerberos/service.keyfile cn=krbadmin,dc=example,dc=com
138
139		10. Add ``krbPrincipalName`` to the indexes in slapd.conf to speed up
140		the access.
	109	9. Add an ``eq`` index for ``krbPrincipalName`` to speed up principal
	110	lookup operations. See
	111	https://www.openldap.org/doc/admin24/tuning.html#Indexes for
	112	details.
141	113
142	114	With the LDAP back end it is possible to provide aliases for principal
143		entries. Currently we provide no mechanism provided for creating
144		aliases, so it must be done by direct manipulation of the LDAP
145		entries.
	115	entries. Currently we provide no administrative utilities for
	116	creating aliases, so it must be done by direct manipulation of the
	117	LDAP entries.
146	118
147	119	An entry with aliases contains multiple values of the
148	120	krbPrincipalName attribute. Since LDAP attribute values are not

158	130	service principals; for client principals, an explicit flag is often
159	131	required (e.g., ``kinit -C``) and canonicalization is only performed
160	132	for initial ticket requests.
161
162		.. seealso:: :ref:`ldap_be_ubuntu`

+5

-25

doc/html/_sources/admin/database.rst.txt less more

102	102	all you need to do is::
103	103
104	104	kadmin: addprinc -x dn=cn=jennifer,dc=example,dc=com jennifer
105		WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU";
	105	No policy specified for "jennifer@ATHENA.MIT.EDU";
106	106	defaulting to no policy.
107	107	Enter password for principal jennifer@ATHENA.MIT.EDU: <= Type the password.
108	108	Re-enter password for principal jennifer@ATHENA.MIT.EDU: <=Type it again.

113	113	link to an existing LDAP object, all you need to do is::
114	114
115	115	kadmin: addprinc -x containerdn=dc=example,dc=com -x linkdn=cn=david,dc=example,dc=com david
116		WARNING: no policy specified for "david@ATHENA.MIT.EDU";
	116	No policy specified for "david@ATHENA.MIT.EDU";
117	117	defaulting to no policy.
118	118	Enter password for principal david@ATHENA.MIT.EDU: <= Type the password.
119	119	Re-enter password for principal david@ATHENA.MIT.EDU: <=Type it again.

391	391
392	392	If the database file exists, and the -update flag was not
393	393	given, kdb5_util will overwrite the existing database.
394
395		Using kdb5_util to upgrade a master KDC from krb5 1.1.x:
396
397		::
398
399		shell% kdb5_util dump old-kdb-dump
400		shell% kdb5_util dump -ov old-kdb-dump.ov
401		[Create a new KDC installation, using the old stash file/master password]
402		shell% kdb5_util load old-kdb-dump
403		shell% kdb5_util load -update old-kdb-dump.ov
404
405		The use of old-kdb-dump.ov for an extra dump and load is necessary
406		to preserve per-principal policy information, which is not included in
407		the default dump format of krb5 1.1.x.
408	394
409	395	.. note::
410	396

496	482
497	483	$ kdb5_util list_mkeys
498	484	Master keys for Principal: K/M@KRBTEST.COM
499		KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
	485	KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
500	486
501	487	#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
502	488	master key activation list is present in the database. This step

774	760	types supported by the krbtgt service (see
775	761	:ref:`session_key_selection`). Because non-MIT Kerberos clients
776	762	sometimes send a limited set of encryption types when making AS
777		requests, it can be important to for the krbtgt service to support
	763	requests, it can be important for the krbtgt service to support
778	764	multiple encryption types. This can be accomplished by giving the
779	765	krbtgt principal multiple keys, which is usually as simple as not
780	766	specifying any -e option when changing the krbtgt key, or by

806	792	size. A process on each replica KDC connects to a service on the
807	793	master KDC (currently implemented in the :ref:`kadmind(8)` server) and
808	794	periodically requests the changes that have been made since the last
809		check. By default, this check is done every two minutes. If the
810		database has just been modified in the previous several seconds
811		(currently the threshold is hard-coded at 10 seconds), the replica
812		will not retrieve updates, but instead will pause and try again soon
813		after. This reduces the likelihood that incremental update queries
814		will cause delays for an administrator trying to make a bunch of
815		changes to the database at the same time.
	795	check. By default, this check is done every two minutes.
816	796
817	797	Incremental propagation uses the following entries in the per-realm
818	798	data in the KDC config file (See :ref:`kdc.conf(5)`):

+23

-23

doc/html/_sources/admin/enctypes.rst.txt less more

47	47	The KDC chooses the session key enctype by taking the intersection of
48	48	its permitted_enctypes list, the list of long-term keys for the
49	49	most recent kvno of the service, and the client's requested list of
50		enctypes. If allow_weak_crypto is true, all services are assumed
51		to support des-cbc-crc.
	50	enctypes.
52	51
53		Starting in krb5-1.11, des_crc_session_supported in
54		:ref:`kdc.conf(5)` allows additional control over whether the KDC
55		issues des-cbc-crc session keys.
56
57		Also starting in krb5-1.11, it is possible to set a string attribute
58		on a service principal to control what session key enctypes the KDC
59		may issue for service tickets for that principal. See
60		:ref:`set_string` in :ref:`kadmin(1)` for details.
	52	Starting in krb5-1.11, it is possible to set a string attribute on a
	53	service principal to control what session key enctypes the KDC may
	54	issue for service tickets for that principal. See :ref:`set_string`
	55	in :ref:`kadmin(1)` for details.
61	56
62	57
63	58	Choosing enctypes for a service

85	80
86	81	allow_weak_crypto
87	82	defaults to false starting with krb5-1.8. When false, removes
88		single-DES enctypes (and other weak enctypes) from
89		permitted_enctypes, default_tkt_enctypes, and
90		default_tgs_enctypes. Do not set this to true unless the
91		use of weak enctypes is an acceptable risk for your environment
92		and the weak enctypes are required for backward compatibility.
	83	weak enctypes from permitted_enctypes,
	84	default_tkt_enctypes, and default_tgs_enctypes. Do not
	85	set this to true unless the use of weak enctypes is an
	86	acceptable risk for your environment and the weak enctypes are
	87	required for backward compatibility.
93	88
94	89	permitted_enctypes
95		controls the set of enctypes that a service will accept as session
96		keys.
	90	controls the set of enctypes that a service will permit for
	91	session keys and for ticket and authenticator encryption. The KDC
	92	and other programs that access the Kerberos database will ignore
	93	keys of non-permitted enctypes. Starting in release 1.18, this
	94	setting also acts as the default for default_tkt_enctypes and
	95	defaut_tgs_enctypes.
97	96
98	97	default_tkt_enctypes
99	98	controls the default set of enctypes that the Kerberos client

126	125	========================== ===== ======== =======
127	126	enctype weak? krb5 Windows
128	127	========================== ===== ======== =======
129		des-cbc-crc weak all >=2000
130		des-cbc-md4 weak all ?
131		des-cbc-md5 weak all >=2000
	128	des-cbc-crc weak <1.18 >=2000
	129	des-cbc-md4 weak <1.18 ?
	130	des-cbc-md5 weak <1.18 >=2000
132	131	des3-cbc-sha1 >=1.1 none
133	132	arcfour-hmac >=1.3 >=2000
134	133	arcfour-hmac-exp weak >=1.3 >=2000

140	139	camellia256-cts-cmac >=1.9 none
141	140	========================== ===== ======== =======
142	141
143		krb5 releases 1.8 and later disable the single-DES enctypes by
144		default. Microsoft Windows releases Windows 7 and later disable
145		single-DES enctypes by default.
	142	krb5 releases 1.18 and later do not support single-DES. krb5 releases
	143	1.8 and later disable the single-DES enctypes by default. Microsoft
	144	Windows releases Windows 7 and later disable single-DES enctypes by
	145	default.

+19

-15

doc/html/_sources/admin/host_config.rst.txt less more

91	91	# only principals in OTHER.REALM are matched.
92	92	#
93	93	# s/@OTHER\.REALM$// removes the realm name, leaving behind the
94		# principal name as the acount name.
	94	# principal name as the account name.
95	95	auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$//
96	96
97	97	# Also allow principals from the default realm. Omit this line

198	198	~~~~~~~~~~~~~~~~~~~~~~~~
199	199
200	200	GSSAPI mechanism modules are registered using the file
201		``/etc/gss/mech`` or configuration files in the ``/etc/gss/mech.d/``
202		directory. Only files with a ``.conf`` suffix will be read from the
203		``/etc/gss/mech.d/`` directory. Each line in these files has the
204		form::
205
206		oid pathname [options] <type>
207
208		Only the oid and pathname are required. oid is the object
209		identifier of the GSSAPI mechanism to be registered. pathname is a
210		path to the module shared object or DLL. options (if present) are
211		options provided to the plugin module, surrounded in square brackets.
212		type (if present) can be used to indicate a special type of module.
213		Currently the only special module type is "interposer", for a module
214		designed to intercept calls to other mechanisms.
	201	\|sysconfdir\|\ ``/gss/mech`` or configuration files in the
	202	\|sysconfdir\|\ ``/gss/mech.d`` directory with a ``.conf``
	203	suffix. Each line in these files has the form::
	204
	205	name oid pathname [options] <type>
	206
	207	Only the name, oid, and pathname are required. name is the
	208	mechanism name, which may be used for debugging or logging purposes.
	209	oid is the object identifier of the GSSAPI mechanism to be
	210	registered. pathname is a path to the module shared object or DLL.
	211	options (if present) are options provided to the plugin module,
	212	surrounded in square brackets. type (if present) can be used to
	213	indicate a special type of module. Currently the only special module
	214	type is "interposer", for a module designed to intercept calls to
	215	other mechanisms.
	216
	217	If the environment variable GSS_MECH_CONFIG is set, its value is
	218	used as the sole mechanism configuration filename.
215	219
216	220
217	221	.. _profile_plugin_config:

+1

-1

doc/html/_sources/admin/install.rst.txt less more

17	17	#. Debian: `Setting up MIT Kerberos 5
18	18	<http://techpubs.spinlocksolutions.com/dklar/kerberos.html>`_
19	19	#. Solaris: `Configuring the Kerberos Service
20		<http://download.oracle.com/docs/cd/E19253-01/816-4557/6maosrjv2/index.html>`_
	20	<https://docs.oracle.com/cd/E19253-01/816-4557/6maosrjv2/index.html>`_

+7

-12

doc/html/_sources/admin/install_appl_srv.rst.txt less more

43	43	``trillium.mit.edu``)::
44	44
45	45	trillium% kadmin
46		kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
47		pop/trillium.mit.edu
48		kadmin: Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with
49		kvno 3, encryption type DES-CBC-CRC added to keytab
50		FILE:/etc/krb5.keytab.
51		kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with
52		kvno 3, encryption type DES-CBC-CRC added to keytab
53		FILE:/etc/krb5.keytab.
54		kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with
55		kvno 3, encryption type DES-CBC-CRC added to keytab
56		FILE:/etc/krb5.keytab.
57		kadmin5: quit
	46	Authenticating as principal root/admin@ATHENA.MIT.EDU with password.
	47	Password for root/admin@ATHENA.MIT.EDU:
	48	kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
	49	Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	50	kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	51	kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
	52	kadmin: quit
58	53	trillium%
59	54
60	55	If you generate the keytab file on another host, you need to get a

+4

-4

doc/html/_sources/admin/install_kdc.rst.txt less more

238	238
239	239	kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU
240	240
241		WARNING: no policy specified for "admin/admin@ATHENA.MIT.EDU";
	241	No policy specified for "admin/admin@ATHENA.MIT.EDU";
242	242	assigning "default".
243	243	Enter password for principal admin/admin@ATHENA.MIT.EDU: <= Enter a password.
244	244	Re-enter password for principal admin/admin@ATHENA.MIT.EDU: <= Type it again.

315	315
316	316	shell% kadmin
317	317	kadmin: addprinc -randkey host/kerberos.mit.edu
318		NOTICE: no policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default"
	318	No policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default"
319	319	Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created.
320	320
321	321	kadmin: addprinc -randkey host/kerberos-1.mit.edu
322		NOTICE: no policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default"
	322	No policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default"
323	323	Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created.
324	324
325	325	It is not strictly necessary to have the master KDC server in the

339	339	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
340	340	type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
341	341	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
342		type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
	342	type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
343	343	Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
344	344	type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
345	345

+2

-2

doc/html/_sources/admin/pkinit.rst.txt less more

45	45	The result of these commands will be two files, cakey.pem and
46	46	cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which
47	47	must be carefully protected. cacert.pem will contain the CA
48		certificate, which must be placed in the filesytems of the KDC and
	48	certificate, which must be placed in the filesystems of the KDC and
49	49	each client host. cakey.pem will be required to create KDC and client
50	50	certificates.
51	51

71	71	principal_name=EXP:1,SEQUENCE:kdc_principal_seq
72	72
73	73	[kdc_principal_seq]
74		name_type=EXP:0,INTEGER:1
	74	name_type=EXP:0,INTEGER:2
75	75	name_string=EXP:1,SEQUENCE:kdc_principals
76	76
77	77	[kdc_principals]

+1

-1

doc/html/_sources/admin/spake.rst.txt less more

26	26	Set the +requires_preauth and -allow_svr flags on client
27	27	principal entries, as you would for any preauthentication mechanism::
28	28
29		kadmin: modprinc +requires_preauth -allow_srv PRINCNAME
	29	kadmin: modprinc +requires_preauth -allow_svr PRINCNAME
30	30
31	31	Clients which do not implement SPAKE preauthentication will fall back
32	32	to encrypted timestamp.

+6

-12

doc/html/_sources/admin/various_envs.rst.txt less more

3	3	Whitepapers
4	4	-----------
5	5
6		#. http://kerberos.org/software/whitepapers.html
	6	#. https://kerberos.org/software/whitepapers.html
7	7
8	8
9	9	Tutorials
10	10	---------
11	11
12		#. Fulvio Ricciardi <http://www.kerberos.org/software/tutorial.html>_
	12	#. Fulvio Ricciardi <https://www.kerberos.org/software/tutorial.html>_
13	13
14	14
15	15	Troubleshooting
16	16	---------------
17	17
18		#. http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/troubleshooting.html
	18	#. https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting
19	19
20		#. http://nfsv4.bullopensource.org/doc/kerberosnfs/krbnfs_howto_v3.pdf
	20	#. https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html
21	21
22		#. http://sysdoc.doors.ch/HP/T1417-90005.pdf
	22	#. https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html
23	23
24		#. http://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html
25
26		#. http://download.oracle.com/docs/cd/E19253-01/816-4557/trouble-1/index.html
27
28		#. http://technet.microsoft.com/en-us/library/bb463167.aspx#EBAA
	24	#. https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10)#EBAA
29	25
30	26	#. https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528
31
32		#. http://h71000.www7.hp.com/doc/83final/ba548_90007/ch06s05.html

+16

-25

doc/html/_sources/appdev/gssapi.rst.txt less more

257	257
258	258	To perform a constrained delegation operation, the intermediate
259	259	service must submit to the KDC an "evidence ticket" from the client to
260		the intermediate service with the forwardable bit set. An evidence
261		ticket can be acquired when the client authenticates to the
262		intermediate service with Kerberos, or with an S4U2Self request if the
263		KDC allows it. The MIT krb5 GSSAPI library represents an evidence
264		ticket using a "proxy credential", which is a special kind of
265		gss_cred_id_t object whose underlying credential cache contains the
266		evidence ticket and a krbtgt ticket for the intermediate service.
	260	the intermediate service. An evidence ticket can be acquired when the
	261	client authenticates to the intermediate service with Kerberos, or
	262	with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI
	263	library represents an evidence ticket using a "proxy credential",
	264	which is a special kind of gss_cred_id_t object whose underlying
	265	credential cache contains the evidence ticket and a krbtgt ticket for
	266	the intermediate service.
267	267
268	268	To acquire a proxy credential during client authentication, the
269	269	service should first create an acceptor credential using the

272	272	and also pass a delegated_cred_handle output parameter to receive a
273	273	proxy credential containing the evidence ticket. The output value of
274	274	delegated_cred_handle may be a delegated ticket-granting ticket if
275		the client sent one, or a proxy credential if the client authenticated
276		with a forwardable service ticket, or GSS_C_NO_CREDENTIAL if
277		neither is the case.
	275	the client sent one, or a proxy credential if not. If the library can
	276	determine that the client's ticket is not a valid evidence ticket, it
	277	will place GSS_C_NO_CREDENTIAL in delegated_cred_handle.
278	278
279	279	To acquire a proxy credential using an S4U2Self request, the service
280	280	can use the following GSSAPI extension::

295	295	intermediate service. Both icred and desired_name are required
296	296	for this function; passing GSS_C_NO_CREDENTIAL or
297	297	GSS_C_NO_NAME will cause the call to fail. icred must contain a
298		krbtgt ticket for the intermediate service. If the KDC returns a
299		forwardable ticket, the result of this operation is a proxy
300		credential; if it is not forwardable, the result is a regular
301		credential for desired_name.
302
303		A recent KDC will usually allow any service to acquire a ticket from a
304		client to itself with an S4U2Self request, but the ticket will only be
305		forwardable if the service has a specific privilege. In the MIT krb5
306		KDC, this privilege is determined by the ok_to_auth_as_delegate
307		bit on the intermediate service's principal entry, which can be
308		configured with :ref:`kadmin(1)`.
	298	krbtgt ticket for the intermediate service. The result of this
	299	operation is a proxy credential. (Prior to release 1.18, the result
	300	of this operation may be a regular credential for desired_name, if
	301	the KDC issues a non-forwardable ticket.)
309	302
310	303	Once the intermediate service has a proxy credential, it can simply
311	304	pass it to gss_init_sec_context_ as the initiator_cred_handle

618	611	iov[1].buffer.value = "message";
619	612	iov[1].buffer.length = 7;
620	613
621		major = gss_wrap_iov_length(&minor, ctx, 1, GSS_C_QOP_DEFAULT,
622		NULL, iov, 2);
	614	major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
623	615	if (GSS_ERROR(major))
624	616	handle_error(major, minor);
625	617	if (iov[0].buffer.length > sizeof(data))
626	618	handle_out_of_space_error();
627	619	iov[0].buffer.value = data;
628	620
629		major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL,
630		iov, 2);
	621	major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
631	622	if (GSS_ERROR(major))
632	623	handle_error(major, minor);
633	624

+1

-4

doc/html/_sources/appdev/h5l_mit_apidiff.rst.txt less more

18	18	:c:func:`krb5_auth_con_setsendsubkey()` H5l: Not implemented as of version 1.3.3
19	19	:c:func:`krb5_cc_set_config()` MIT: Before version 1.10 it was assumed that
20	20	the last argument data is ALWAYS non-zero.
21		:c:func:`krb5_cccol_last_change_time()` H5l takes 3 arguments: krb5_context context,
22		const char \type, krb5_timestamp \change_time
23		MIT takes two arguments: krb5_context context,
24		krb5_timestamp \*change_time
	21	:c:func:`krb5_cccol_last_change_time()` MIT: not implemented
25	22	:c:func:`krb5_set_default_realm()` H5l: Caches the computed default realm context
26	23	field. If the second argument is NULL,
27	24	it tries to retrieve it from libdefaults or DNS.

+1

-6

doc/html/_sources/appdev/refs/api/index.rst.txt less more

156	156	krb5_cc_get_config.rst
157	157	krb5_cc_get_flags.rst
158	158	krb5_cc_get_full_name.rst
159		krb5_cc_last_change_time.rst
160		krb5_cc_lock.rst
161	159	krb5_cc_move.rst
162	160	krb5_cc_next_cred.rst
163	161	krb5_cc_remove_cred.rst

170	168	krb5_cc_store_cred.rst
171	169	krb5_cc_support_switch.rst
172	170	krb5_cc_switch.rst
173		krb5_cc_unlock.rst
174	171	krb5_cccol_cursor_free.rst
175	172	krb5_cccol_cursor_new.rst
176	173	krb5_cccol_cursor_next.rst
177	174	krb5_cccol_have_content.rst
178		krb5_cccol_last_change_time.rst
179		krb5_cccol_lock.rst
180		krb5_cccol_unlock.rst
181	175	krb5_clear_error_message.rst
182	176	krb5_check_clockskew.rst
183	177	krb5_copy_addresses.rst

258	252	krb5_pac_sign_ext.rst
259	253	krb5_pac_verify.rst
260	254	krb5_pac_verify_ext.rst
	255	krb5_pac_get_client_info.rst
261	256	krb5_prepend_error_message.rst
262	257	krb5_principal2salt.rst
263	258	krb5_rd_cred.rst

+2

-2

doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.rst.txt less more

0		krb5_allow_weak_crypto - Allow the appplication to override the profile's allow_weak_crypto setting.
1		======================================================================================================
	0	krb5_allow_weak_crypto - Allow the application to override the profile's allow_weak_crypto setting.
	1	=====================================================================================================
2	2
3	3	..
4	4

+1

-1

doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.rst.txt less more

31	31
32	32
33	33
34		This function sets the replay cache in auth_context to rcache . rcache will be closed when auth_context is freed, so the caller should relinguish that responsibility.
	34	This function sets the replay cache in auth_context to rcache . rcache will be closed when auth_context is freed, so the caller should relinquish that responsibility.
35	35
36	36
37	37

+0

-44

~~doc/html/_sources/appdev/refs/api/krb5_cc_last_change_time.rst.txt~~ less more

0		krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.
1		===============================================================================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache, krb5_timestamp * change_time)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14		[in] ccache - Credential cache handle
15
16		[out] change_time - The last change time of ccache
17
18
19		..
20
21
22
23		..
24
25
26
27
28
29
30
31		If an error occurs, change_time is set to 0.
32
33
34
35
36
37
38		..
39
40
41
42
43

+0

-49

~~doc/html/_sources/appdev/refs/api/krb5_cc_lock.rst.txt~~ less more

0		krb5_cc_lock - Lock a credential cache.
1		=========================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cc_lock(krb5_context context, krb5_ccache ccache)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14		[in] ccache - Credential cache handle
15
16
17		..
18
19
20		:retval:
21		- 0 Success; otherwise - Kerberos error codes
22
23
24		..
25
26
27
28
29
30
31
32		Use :c:func:`krb5_cc_unlock()` to unlock the lock.
33
34
35
36
37
38
39
40
41
42
43		..
44
45
46
47
48

+1

-1

doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.rst.txt less more

51	51
52	52	.. note::
53	53
54		If cache is modified between the time of the call to this function and the time of the final :c:func:`krb5_cc_end_seq_get()` , the results are undefined.
	54	If the cache represented by cache is modified between the time of the call to this function and the time of the final :c:func:`krb5_cc_end_seq_get()` , these changes may not be reflected in the results of :c:func:`krb5_cc_next_cred()` calls.
55	55
56	56
57	57

+0

-49

~~doc/html/_sources/appdev/refs/api/krb5_cc_unlock.rst.txt~~ less more

0		krb5_cc_unlock - Unlock a credential cache.
1		=============================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cc_unlock(krb5_context context, krb5_ccache ccache)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14		[in] ccache - Credential cache handle
15
16
17		..
18
19
20		:retval:
21		- 0 Success; otherwise - Kerberos error codes
22
23
24		..
25
26
27
28
29
30
31
32		This function unlocks the ccache locked by :c:func:`krb5_cc_lock()` .
33
34
35
36
37
38
39
40
41
42
43		..
44
45
46
47
48

+0

-53

~~doc/html/_sources/appdev/refs/api/krb5_cccol_last_change_time.rst.txt~~ less more

0		krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.
1		==========================================================================================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cccol_last_change_time(krb5_context context, krb5_timestamp * change_time)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14		[out] change_time - Last modification timestamp
15
16
17		..
18
19
20		:retval:
21		- 0 Success; otherwise - Kerberos error codes
22
23
24		..
25
26
27
28
29
30
31
32		This function returns the most recent modification time of any known credential cache, ignoring any caches which cannot supply a last modification time.
33
34
35
36		If there are no known credential caches, change_time is set to 0.
37
38
39
40
41
42
43
44
45
46
47		..
48
49
50
51
52

+0

-51

~~doc/html/_sources/appdev/refs/api/krb5_cccol_lock.rst.txt~~ less more

0		krb5_cccol_lock - Acquire a global lock for credential caches.
1		================================================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cccol_lock(krb5_context context)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14
15		..
16
17
18		:retval:
19		- 0 Success; otherwise - Kerberos error codes
20
21
22		..
23
24
25
26
27
28
29
30		This function locks the global credential cache collection, ensuring that no ccaches are added to or removed from it until the collection lock is released.
31
32
33
34		Use :c:func:`krb5_cccol_unlock()` to unlock the lock.
35
36
37
38
39
40
41
42
43
44
45		..
46
47
48
49
50

+0

-47

~~doc/html/_sources/appdev/refs/api/krb5_cccol_unlock.rst.txt~~ less more

0		krb5_cccol_unlock - Release a global lock for credential caches.
1		==================================================================
2
3		..
4
5		.. c:function:: krb5_error_code krb5_cccol_unlock(krb5_context context)
6
7		..
8
9
10		:param:
11
12		[in] context - Library context
13
14
15		..
16
17
18		:retval:
19		- 0 Success; otherwise - Kerberos error codes
20
21
22		..
23
24
25
26
27
28
29
30		This function unlocks the lock from :c:func:`krb5_cccol_lock()` .
31
32
33
34
35
36
37
38
39
40
41		..
42
43
44
45
46

+2

-2

doc/html/_sources/appdev/refs/api/krb5_free_default_realm.rst.txt less more

0		krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .
1		=============================================================================================
	0	krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .
	1	==============================================================================================
2	2
3	3	..
4	4

+6

-2

doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.rst.txt less more

11	11
12	12	[in] context - Library context
13	13
14		[in] piece - Unique identifier for replay cache
	14	[in] piece - Unused (replay cache identifier)
15	15
16	16	[out] rcptr - Handle to an open rcache
17	17

31	31
32	32
33	33
34		This function generates a replay cache name based on piece and opens a handle to it. Typically piece is the first component of the service principal name. Use krb5_rc_close() to close rcptr when it is no longer needed.
	34	This function creates a handle to the default replay cache. Use krb5_rc_close() to close rcptr when it is no longer needed.
35	35
36	36
37	37

47	47
48	48
49	49
	50	.. note::
50	51
	52	Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of piece .
	53
	54

+4

-4

doc/html/_sources/appdev/refs/api/krb5_mk_1cred.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, krb5_creds * pcreds, krb5_data ** ppdata, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, krb5_creds * creds, krb5_data ** der_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

13	13
14	14	[in] auth_context - Authentication context
15	15
16		[in] pcreds - Pointer to credentials
	16	[in] creds - Pointer to credentials
17	17
18		[out] ppdata - Encoded credentials
	18	[out] der_out - Encoded credentials
19	19
20		[out] outdata - Replay cache data (NULL if not needed)
	20	[out] rdata_out - Replay cache data (NULL if not needed)
21	21
22	22
23	23	..

+23

-7

doc/html/_sources/appdev/refs/api/krb5_mk_ncred.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds ppcreds, krb5_data ppdata, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds creds, krb5_data der_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

13	13
14	14	[in] auth_context - Authentication context
15	15
16		[in] ppcreds - Null-terminated array of credentials
	16	[in] creds - Null-terminated array of credentials
17	17
18		[out] ppdata - Encoded credentials
	18	[out] der_out - Encoded credentials
19	19
20		[out] outdata - Replay cache information (NULL if not needed)
	20	[out] rdata_out - Replay cache information (NULL if not needed)
21	21
22	22
23	23	..

40	40
41	41
42	42
43		This function takes an array of credentials ppcreds and formats a KRB-CRED message ppdata to pass to :c:func:`krb5_rd_cred()` .
	43	This function takes an array of credentials creds and formats a KRB-CRED message der_out to pass to :c:func:`krb5_rd_cred()` .
44	44
45	45
46	46
47		The message will be encrypted using the send subkey of auth_context if it is present, or the session key otherwise.
	47	The local and remote addresses in auth_context are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.
	48
	49
	50
	51	If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, no replay cache is used. If :data:`KRB5_AUTH_CONTEXT_RET_TIME` is set in auth_context , the timestamp used for the KRB-CRED message is stored in rdata_out .
	52
	53
	54
	55	If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the auth_context local sequence number is included in the KRB-CRED message and then incremented. If :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the sequence number used is stored in rdata_out .
	56
	57
	58
	59	Use :c:func:`krb5_free_data_contents()` to free der_out when it is no longer needed.
	60
	61
	62
	63	The message will be encrypted using the send subkey of auth_context if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.
48	64
49	65
50	66

64	80
65	81	.. note::
66	82
67		If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context , outdata is required.
	83	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .
68	84
69	85
70	86

+18

-19

doc/html/_sources/appdev/refs/api/krb5_mk_priv.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * outbuf, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * der_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

15	15
16	16	[in] userdata - User data for KRB-PRIV message
17	17
18		[out] outbuf - Formatted KRB-PRIV message
	18	[out] der_out - Formatted KRB-PRIV message
19	19
20		[out] outdata - Replay cache handle (NULL if not needed)
	20	[out] rdata_out - Replay data (NULL if not needed)
21	21
22	22
23	23	..

39	39
40	40
41	41
42		The local address in auth_context must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.
	42	The local address in auth_context must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.
43	43
44	44
45	45
46
47
48		- :data:`KRB5_AUTH_CONTEXT_DO_TIME` - Use timestamps in outdata
49
50
51		- :data:`KRB5_AUTH_CONTEXT_RET_TIME` - Copy timestamp to outdata .
52
53
54		- :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` - Use local sequence numbers from auth_context in replay cache.
55
56
57		- :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` - Use local sequence numbers from auth_context as a sequence number in the encrypted message outbuf .
58
59
	46	If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, no replay cache is used. If :data:`KRB5_AUTH_CONTEXT_RET_TIME` is set in auth_context , a timestamp is included in the KRB-PRIV message and is stored in rdata_out .
	47
	48
	49
	50	If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the auth_context local sequence number is included in the KRB-PRIV message and then incremented. If :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the sequence number used is stored in rdata_out .
	51
	52
	53
	54	Use :c:func:`krb5_free_data_contents()` to free der_out when it is no longer needed.
	55
	56
	57
	58
60	59
61	60
62	61

72	71
73	72	.. note::
74	73
75		If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context , the outdata is required.
	74	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .
76	75
77	76
78	77

+1

-1

doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.rst.txt less more

42	42	- :data:`AP_OPTS_USE_SESSION_KEY` - Use the session key when creating the request used for user to user authentication.
43	43
44	44
45		- :data:`AP_OPTS_MUTUAL_REQUIRED` - Request a mutual authentication packet from the reciever.
	45	- :data:`AP_OPTS_MUTUAL_REQUIRED` - Request a mutual authentication packet from the receiver.
46	46
47	47
48	48	- :data:`AP_OPTS_USE_SUBKEY` - Generate a subsession key from the current session key obtained from the credentials.

+7

-7

doc/html/_sources/appdev/refs/api/krb5_mk_safe.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * outbuf, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * der_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

15	15
16	16	[in] userdata - User data in the message
17	17
18		[out] outbuf - Formatted KRB-SAFE buffer
	18	[out] der_out - Formatted KRB-SAFE buffer
19	19
20		[out] outdata - Replay data. Specify NULL if not needed
	20	[out] rdata_out - Replay data. Specify NULL if not needed
21	21
22	22
23	23	..

47	47
48	48
49	49
50		If :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in the auth_context , an entry describing the message is entered in the replay cache auth_context->rcache which enables the caller to detect if this message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, the replay cache is not used.
	50	If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , a timestamp is included in the KRB-SAFE message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, no replay cache is used. If :data:`KRB5_AUTH_CONTEXT_RET_TIME` is set in auth_context , a timestamp is included in the KRB-SAFE message and is stored in rdata_out .
51	51
52	52
53	53
54		If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the auth_context local sequence number will be placed in outdata as its sequence number.
	54	If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the auth_context local sequence number is included in the KRB-SAFE message and then incremented. If :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the sequence number used is stored in rdata_out .
55	55
56	56
57	57
58		Use :c:func:`krb5_free_data_contents()` to free outbuf when it is no longer needed.
	58	Use :c:func:`krb5_free_data_contents()` to free der_out when it is no longer needed.
59	59
60	60
61	61

75	75
76	76	.. note::
77	77
78		The outdata argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the auth_context .
	78	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .
79	79
80	80
81	81

+43

-0

doc/html/_sources/appdev/refs/api/krb5_pac_get_client_info.rst.txt less more

	0	krb5_pac_get_client_info
	1	========================
	2
	3	..
	4
	5	.. c:function:: krb5_error_code krb5_pac_get_client_info(krb5_context context, const krb5_pac pac, krb5_timestamp * authtime_out, char ** princname_out)
	6
	7	..
	8
	9
	10	:param:
	11
	12	context
	13
	14	pac
	15
	16	authtime_out
	17
	18	princname_out
	19
	20
	21	..
	22
	23
	24
	25	..
	26
	27
	28
	29
	30
	31
	32
	33
	34
	35
	36
	37	..
	38
	39
	40
	41
	42

+7

-7

doc/html/_sources/appdev/refs/api/krb5_rd_cred.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data * pcreddata, krb5_creds *** pppcreds, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data * creddata, krb5_creds *** creds_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

13	13
14	14	[in] auth_context - Authentication context
15	15
16		[in] pcreddata - KRB-CRED message
	16	[in] creddata - KRB-CRED message
17	17
18		[out] pppcreds - Null-terminated array of forwarded credentials
	18	[out] creds_out - Null-terminated array of forwarded credentials
19	19
20		[out] outdata - Replay data (NULL if not needed)
	20	[out] rdata_out - Replay data (NULL if not needed)
21	21
22	22
23	23	..

35	35
36	36
37	37
38		pcreddata will be decrypted using the receiving subkey if it is present in auth_context , or the session key if the receiving subkey is not present or fails to decrypt the message.
	38	creddata will be decrypted using the receiving subkey if it is present in auth_context , or the session key if the receiving subkey is not present or fails to decrypt the message.
39	39
40	40
41	41
42		Use :c:func:`krb5_free_tgt_creds()` to free pppcreds when it is no longer needed.
	42	Use :c:func:`krb5_free_tgt_creds()` to free creds_out when it is no longer needed.
43	43
44	44
45	45

59	59
60	60	.. note::
61	61
62		The outdata argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the auth_context .`
	62	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .`
63	63
64	64
65	65

+19

-14

doc/html/_sources/appdev/refs/api/krb5_rd_priv.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * userdata_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

15	15
16	16	[in] inbuf - KRB-PRIV message to be parsed
17	17
18		[out] outbuf - Data parsed from KRB-PRIV message
	18	[out] userdata_out - Data parsed from KRB-PRIV message
19	19
20		[out] outdata - Replay data. Specify NULL if not needed
	20	[out] rdata_out - Replay data. Specify NULL if not needed
21	21
22	22
23	23	..

35	35
36	36
37	37
38		This function parses a KRB-PRIV message, verifies its integrity, and stores its unencrypted data into outbuf .
	38	This function parses a KRB-PRIV message, verifies its integrity, and stores its unencrypted data into userdata_out .
39	39
40	40
41	41
42		If the :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag is set in auth_context , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.
	42	If auth_context has a remote address set, the address will be used to verify the sender address in the KRB-PRIV message. If auth_context has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one.
43	43
44	44
45	45
46		If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , then two additional checks are performed:
47
48		- The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
49
50
51		- The message must not be a replayed message field in auth_context .
52
53
	46	If the :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag is set in auth_context , the sequence number of the KRB-PRIV message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.
	47
	48
	49
	50	If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.
	51
	52
	53
	54	Use :c:func:`krb5_free_data_contents()` to free userdata_out when it is no longer needed.
	55
	56
	57
	58
54	59
55	60
56	61

66	71
67	72	.. note::
68	73
69		If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context , outdata is required.
	74	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .
70	75
71	76
72	77

+14

-13

doc/html/_sources/appdev/refs/api/krb5_rd_safe.rst.txt less more

2	2
3	3	..
4	4
5		.. c:function:: krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata)
	5	.. c:function:: krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * userdata_out, krb5_replay_data * rdata_out)
6	6
7	7	..
8	8

15	15
16	16	[in] inbuf - KRB-SAFE message to be parsed
17	17
18		[out] outbuf - Data parsed from KRB-SAFE message
	18	[out] userdata_out - Data parsed from KRB-SAFE message
19	19
20		[out] outdata - Replay data. Specify NULL if not needed
	20	[out] rdata_out - Replay data. Specify NULL if not needed
21	21
22	22
23	23	..

35	35
36	36
37	37
38		This function parses a KRB-SAFE message, verifies its integrity, and stores its data into outbuf .
	38	This function parses a KRB-SAFE message, verifies its integrity, and stores its data into userdata_out .
	39
	40
	41
	42	If auth_context has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If auth_context has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one.
39	43
40	44
41	45

43	47
44	48
45	49
46		If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , then two additional checks are performed:
47
48		- The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
49
50
51		- The message must not be a replayed message field in auth_context .
52
53		Use :c:func:`krb5_free_data_contents()` to free outbuf when it is no longer needed.
	50	If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in auth_context , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.
	51
	52
	53
	54	Use :c:func:`krb5_free_data_contents()` to free userdata_out when it is no longer needed.
54	55
55	56
56	57

70	71
71	72	.. note::
72	73
73		The outdata argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the auth_context .
	74	The rdata_out argument is required if the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in auth_context .
74	75
75	76
76	77

+0

-1

doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt less more

8	8	.. data:: ENCTYPE_DES_CBC_CRC
9	9	..
10	10
11		DES cbc mode with CRC-32.
12	11
13	12
14	13

+0

-1

doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt less more

8	8	.. data:: ENCTYPE_DES_CBC_MD4
9	9	..
10	10
11		DES cbc mode with RSA-MD4.
12	11
13	12
14	13

+0

-1

doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt less more

8	8	.. data:: ENCTYPE_DES_CBC_MD5
9	9	..
10	10
11		DES cbc mode with RSA-MD5.
12	11
13	12
14	13

+18

-0

doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst.txt less more

	0	.. highlightlang:: c
	1
	2	.. _KRB5-PADATA-PAC-OPTIONS-data:
	3
	4	KRB5_PADATA_PAC_OPTIONS
	5	=======================
	6
	7	..
	8	.. data:: KRB5_PADATA_PAC_OPTIONS
	9	..
	10
	11	MS-KILE and MS-SFU.
	12
	13
	14
	15	============================== ======================
	16	``KRB5_PADATA_PAC_OPTIONS`` ``167``
	17	============================== ======================

+2

-0

doc/html/_sources/appdev/refs/macros/index.rst.txt less more

53	53	ENCTYPE_DES3_CBC_ENV.rst
54	54	ENCTYPE_DES3_CBC_RAW.rst
55	55	ENCTYPE_DES3_CBC_SHA.rst
	56	ENCTYPE_DES3_CBC_SHA1.rst
56	57	ENCTYPE_DES3_CBC_SHA1.rst
57	58	ENCTYPE_DES_CBC_CRC.rst
58	59	ENCTYPE_DES_CBC_MD4.rst

259	260	KRB5_PADATA_OTP_CHALLENGE.rst
260	261	KRB5_PADATA_OTP_PIN_CHANGE.rst
261	262	KRB5_PADATA_OTP_REQUEST.rst
	263	KRB5_PADATA_PAC_OPTIONS.rst
262	264	KRB5_PADATA_PAC_REQUEST.rst
263	265	KRB5_PADATA_PKINIT_KX.rst
264	266	KRB5_PADATA_PK_AS_REP.rst

+7

-0

doc/html/_sources/basic/ccache_def.rst.txt less more

50	50	requirement is for parent directory to exist and the current
51	51	process must have permissions to create the directory if it does
52	52	not exist. See :ref:`col_ccache` for details. New in release 1.10.
	53	The following residual forms are supported:
	54
	55	* DIR:dirname
	56	* DIR::dirpath/filename - a single cache within the directory
	57
	58	Switching to a ccache of the latter type causes it to become the
	59	primary for the directory.
53	60
54	61	#. FILE caches are the simplest and most portable. A simple flat
55	62	file format is used to store one credential after another. This is

+2

-4

doc/html/_sources/basic/keytab_def.rst.txt less more

11	11
12	12	Keytabs are named using the format type\ ``:``\ value. Usually
13	13	type is ``FILE`` and value is the absolute pathname of the file.
14		Other possible values for type are ``SRVTAB``, which indicates a
15		file in the deprecated Kerberos 4 srvtab format, and ``MEMORY``, which
16		indicates a temporary keytab stored in the memory of the current
17		process.
	14	The other possible value for type is ``MEMORY``, which indicates a
	15	temporary keytab stored in the memory of the current process.
18	16
19	17	A keytab contains one or more entries, where each entry consists of a
20	18	timestamp (indicating when the entry was written to the keytab), a

+48

-34

doc/html/_sources/basic/rcache_def.rst.txt less more

8	8	the application program.
9	9
10	10	The replay cache interface, like the credential cache and
11		:ref:`keytab_definition` interfaces, uses `type:value` strings to
	11	:ref:`keytab_definition` interfaces, uses `type:residual` strings to
12	12	indicate the type of replay cache and any associated cache naming
13	13	data to use.
14	14

56	56	authenticator triggers some interesting action in the service being
57	57	attacked.
58	58
59		Default rcache type
60		-------------------
61
62		There is currently only one implemented kind of replay cache, called
63		dfl. It stores replay data in one file, occasionally rewriting it
64		to purge old, expired entries.
65
66		The default type can be overridden by the KRB5RCACHETYPE
67		environment variable.
68
69		The placement of the replay cache file is determined by the following:
70
71		#. The KRB5RCACHEDIR environment variable;
72
73		#. If KRB5RCACHEDIR is unspecified, on UNIX, the library
74		will fall back to the environment variable TMPDIR, and then to
75		a temporary directory determined at configuration time such as
76		/tmp or /var/tmp; on Windows, it will check the environment
77		variables TEMP and TMP, and fall back to the directory C:\\.
78
79		Performance issues
	59	Replay cache types
80	60	------------------
81	61
82		Several known minor performance issues that may occur when replay
83		cache is enabled on the Kerberos system include: delays due to writing
84		the authenticator data to disk slowing down response time for very
85		heavily loaded servers, and delays during the rewrite that may be
86		unacceptable to high-performance services.
	62	Unlike the credential cache and keytab interfaces, replay cache types
	63	are in lowercase. The following types are defined:
87	64
88		For use cases where replays are adequately defended against for all
89		protocols using a given service principal name, or where performance
90		or other considerations outweigh the risk of replays, the special
91		replay cache type "none" can be specified::
	65	#. none disables the replay cache. The residual value is ignored.
92	66
93		KRB5RCACHETYPE=none
	67	#. file2 (new in release 1.18) uses a hash-based format to store
	68	replay records. The file may grow to accommodate hash collisions.
	69	The residual value is the filename.
94	70
95		It doesn't record any information about authenticators, and reports
96		that any authenticator seen is not a replay.
	71	#. dfl is the default type if no environment variable or
	72	configuration specifies a different type. It stores replay data in
	73	a file2 replay cache with a filename based on the effective uid.
	74	The residual value is ignored.
	75
	76	For the dfl type, the location of the replay cache file is determined
	77	as follows:
	78
	79	#. The directory is taken from the KRB5RCACHEDIR environment
	80	variable, or the TMPDIR environment variable, or a temporary
	81	directory determined at configuration time such as ``/var/tmp``, in
	82	descending order of preference.
	83
	84	#. The filename is ``krb5_EUID.rcache2`` where EUID is the effective
	85	uid of the process.
	86
	87	#. The file is opened without following symbolic links, and ownership
	88	of the file is verified to match the effective uid.
	89
	90	On Windows, the directory for the dfl type is the local appdata
	91	directory, unless overridden by the KRB5RCACHEDIR environment
	92	variable. The filename on Windows is ``krb5.rcache2``, and the file
	93	is opened normally.
	94
	95	Default replay cache name
	96	-------------------------
	97
	98	The default replay cache name is determined by the following, in
	99	descending order of priority:
	100
	101	#. The KRB5RCACHENAME environment variable (new in release 1.18).
	102
	103	#. The KRB5RCACHETYPE environment variable. If this variable is
	104	set, the residual value is empty.
	105
	106	#. The default_rcache_name profile variable in :ref:`libdefaults`
	107	(new in release 1.18).
	108
	109	#. If none of the above are set, the default replay cache name is
	110	``dfl:``.

+4

-0

doc/html/_sources/build/options2configure.rst.txt less more

386	386	``--without-krb5-config`` to disable the use of krb5-config and
387	387	use the usual built-in defaults.
388	388
	389	-\ -without-keyutils
	390	Build without libkeyutils support. This disables the KEYRING
	391	credential cache type.
	392
389	393
390	394	Examples
391	395	--------

+1

-1

doc/html/_sources/build_this.rst.txt less more

2	2
3	3	Pre-requisites for a simple build, or to update man pages:
4	4
5		* Sphinx 1.0.4 or higher (See http://www.sphinx-doc.org) with the
	5	* Sphinx 1.0.4 or higher (See https://www.sphinx-doc.org) with the
6	6	autodoc extension installed.
7	7
8	8	Additional prerequisites to include the API reference based on Doxygen

+1

-1

doc/html/_sources/copyright.rst.txt less more

0	0	Copyright
1	1	=========
2	2
3		Copyright \|copy\| 1985-2019 by the Massachusetts Institute of
	3	Copyright \|copy\| 1985-2020 by the Massachusetts Institute of
4	4	Technology and its contributors. All rights reserved.
5	5
6	6	See :ref:`mitK5license` for additional copyright and license

+1

-0

doc/html/_sources/formats/index.rst.txt less more

5	5
6	6	ccache_file_format
7	7	keytab_file_format
	8	rcache_file_format
8	9	cookie
9	10	freshness_token

+50

-0

doc/html/_sources/formats/rcache_file_format.rst.txt less more

	0	Replay cache file format
	1	========================
	2
	3	This section documents the second version of the replay cache file
	4	format, used by the "file2" replay cache type (new in release 1.18).
	5	The first version of the file replay cache format is not documented.
	6
	7	All accesses to the replay cache file take place under an exclusive
	8	POSIX or Windows file lock, obtained when the file is opened and
	9	released when it is closed. Replay cache files are automatically
	10	created when first accessed.
	11
	12	For each store operation, a tag is derived from the checksum part of
	13	the :RFC:`3961` ciphertext of the authenticator. The checksum is
	14	coerced to a fixed length of 12 bytes, either through truncation or
	15	right-padding with zero bytes. A four-byte timestamp is appended to
	16	the tag to produce a total record length of 16 bytes.
	17
	18	Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4
	19	algorithm (siphash_); this field is populated with random bytes when
	20	the file is first created. All remaining bytes are divided into a
	21	series of expanding hash tables:
	22
	23	* Bytes 16-16383: hash table 1 (1023 slots)
	24	* Bytes 16384-49151: hash table 2 (2048 slots)
	25	* Bytes 49152-114687: hash table 3 (4096 slots)
	26	* ...
	27
	28	Only some hash tables will be present in the file at any specific
	29	time, and the final table may be only partially filled. Replay cache
	30	files may be sparse if the filesystem supports it.
	31
	32	For each table present in the file, the tag is hashed with SipHash-2-4
	33	using the seed recorded in the file. The first byte of the seed is
	34	incremented by one (modulo 256) for each table after the first. The
	35	resulting hash value is taken modulo one less than the table size
	36	(1022 for the first hash table, 2047 for the second) to produce the
	37	index. The record may be found at the slot given by the index or at
	38	the next slot.
	39
	40	All candidate locations for the record must be searched until a slot
	41	is found with a timestamp of zero (indicating a slot which has never
	42	been written to) or an offset is reached at or beyond the end of the
	43	file. Any candidate location with a timestamp value of zero, with a
	44	timestamp value less than the current time minus clockskew, or at or
	45	beyond the end of the file is available for writing. When all
	46	candidate locations have been searched without finding a match, the
	47	new entry is written to the earliest candidate available for writing.
	48
	49	.. _siphash: https://131002.net/siphash/siphash.pdf

+1

-0

doc/html/_sources/mitK5defaults.rst.txt less more

13	13	Kerberos config file :ref:`krb5.conf(5)` \|krb5conf\|\ ``:``\ KRB5_CONFIG
14	14	\|sysconfdir\|\ ``/krb5.conf``
15	15	KDC config file :ref:`kdc.conf(5)` \|kdcdir\|\ ``/kdc.conf`` KRB5_KDC_PROFILE
	16	GSS mechanism config file \|sysconfdir\|\ ``/gss/mech`` GSS_MECH_CONFIG
16	17	KDC database path (DB2) \|kdcdir\|\ ``/principal``
17	18	Master key :ref:`stash_definition` \|kdcdir\|\ ``/.k5.``\ realm
18	19	Admin server ACL file :ref:`kadm5.acl(5)` \|kdcdir\|\ ``/kadm5.acl``

+74

-5

doc/html/_sources/mitK5features.rst.txt less more

18	18	License - :ref:`mitK5license`
19	19
20	20	Releases:
21		- Latest stable: https://web.mit.edu/kerberos/krb5-1.17/
22		- Supported: https://web.mit.edu/kerberos/krb5-1.16/
23		- Release cycle: 9 -- 12 months
	21	- Latest stable: https://web.mit.edu/kerberos/krb5-1.18/
	22	- Supported: https://web.mit.edu/kerberos/krb5-1.17/
	23	- Release cycle: approximately 12 months
24	24
25	25	Supported platforms \/ OS distributions:
26	26	- Windows (KfW 4.0): Windows 7, Vista, XP

36	36
37	37	krb4 support: Kerberos 5 release < 1.8
38	38
39		DES support: configurable (See :ref:`retiring-des`)
	39	DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`)
40	40
41	41	Interoperability
42	42	----------------

111	111	- Plugin to test password quality :ref:`pwqual_plugin`
112	112	- Plugin to synchronize password changes :ref:`kadm5_hook_plugin`
113	113	- Parallel KDC
114		- GSS-API extentions for SASL GS2 bridge :rfc:`5801` :rfc:`5587`
	114	- GSS-API extensions for SASL GS2 bridge :rfc:`5801` :rfc:`5587`
115	115	- Purging old keys
116	116	- Naming extensions for delegation chain
117	117	- Password expiration API

470	470	unused Windows-specific code has been removed. Visual Studio 2013
471	471	or later is now required.
472	472
	473	Release 1.18
	474
	475	* Administrator experience:
	476
	477	- Remove support for single-DES encryption types.
	478
	479	- Change the replay cache format to be more efficient and robust.
	480	Replay cache filenames using the new format end with ``.rcache2``
	481	by default.
	482
	483	- setuid programs will automatically ignore environment variables
	484	that normally affect krb5 API functions, even if the caller does
	485	not use krb5_init_secure_context().
	486
	487	- Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable
	488	credential forwarding during GSSAPI authentication unless the KDC
	489	sets the ok-as-delegate bit in the service ticket.
	490
	491	- Use the ``permitted_enctypes`` krb5.conf setting as the default
	492	value for ``default_tkt_enctypes`` and ``default_tgs_enctypes``.
	493
	494	* Developer experience:
	495
	496	- Implement krb5_cc_remove_cred() for all credential cache types.
	497
	498	- Add the krb5_pac_get_client_info() API to get the client account
	499	name from a PAC.
	500
	501	* Protocol evolution:
	502
	503	- Add KDC support for S4U2Self requests where the user is identified
	504	by X.509 certificate. (Requires support for certificate lookup
	505	from a third-party KDB module.)
	506
	507	- Remove support for an old ("draft 9") variant of PKINIT.
	508
	509	- Add support for Microsoft NegoEx. (Requires one or more
	510	third-party GSS modules implementing NegoEx mechanisms.)
	511
	512	- Honor the transited-policy-checked ticket flag on application
	513	servers, eliminating the requirement to configure capaths on
	514	servers in some scenarios.
	515
	516	* User experience:
	517
	518	- Add support for ``dns_canonicalize_hostname=fallback``, causing
	519	host-based principal names to be tried first without DNS
	520	canonicalization, and again with DNS canonicalization if the
	521	un-canonicalized server is not found.
	522
	523	- Expand single-component hostnames in host-based principal names
	524	when DNS canonicalization is not used, adding the system's first
	525	DNS search path as a suffix. Add a ``qualify_shortname``
	526	krb5.conf relation to override this suffix or disable expansion.
	527
	528	* Code quality:
	529
	530	- The libkrb5 serialization code (used to export and import krb5 GSS
	531	security contexts) has been simplified and made type-safe.
	532
	533	- The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
	534	messages has been revised to conform to current coding practices.
	535
	536	- The test suite has been modified to work with macOS System
	537	Integrity Protection enabled.
	538
	539	- The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
	540	support can always be tested.
	541
473	542	`Pre-authentication mechanisms`
474	543
475	544	- PW-SALT :rfc:`4120#section-5.2.7.3`

+30

-6

doc/html/_sources/plugindev/gssapi.rst.txt less more

8	8
9	9	A mechanism module is a Unix shared object or Windows DLL, built
10	10	separately from the krb5 tree. Modules are loaded according to the
11		``/etc/gss/mech`` or ``/etc/gss/mech.d/*.conf`` config files, as
12		described in :ref:`gssapi_plugin_config`.
	11	GSS mechanism config files described in :ref:`gssapi_plugin_config`.
13	12
14	13	For the most part, a GSSAPI mechanism module exports the same
15	14	functions as would a GSSAPI implementation itself, with the same

31	30	back again when gss_display_status is called.
32	31
33	32
	33	NegoEx modules
	34	--------------
	35
	36	Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft
	37	extension to SPNEGO called NegoEx. Beginning with release 1.18,
	38	mechanism modules can support NegoEx as follows:
	39
	40	* Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(),
	41	and gssspi_query_mechanism_info() SPIs declared in
	42	``<gssapi/gssapi_ext.h>``.
	43
	44	* Implement gss_inquire_sec_context_by_oid() and answer the
	45	GSS_C_INQ_NEGOEX_KEY and GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs
	46	to provide the checksum keys for outgoing and incoming checksums,
	47	respectively. The answer must be in two buffers: the first buffer
	48	contains the key contents, and the second buffer contains the key
	49	encryption type as a four-byte little-endian integer.
	50
	51	By default, NegoEx mechanisms will not be directly negotiated via
	52	SPNEGO. If direct SPNEGO negotiation is required for
	53	interoperability, implement gss_inquire_attrs_for_mech() and assert
	54	the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable
	55	RFC 5587 attributes).
	56
	57
34	58	Interposer modules
35	59	------------------
36	60

44	68	gss_OID_set gss_mech_interposer(gss_OID mech_type);
45	69
46	70	This function is invoked with the OID of the interposer mechanism as
47		specified in ``/etc/gss/mech`` or in a ``/etc/gss/mech.d/*.conf``
48		file, and returns a set of mechanism OIDs to be interposed. The
49		returned OID set must have been created using the mechglue's
50		gss_create_empty_oid_set and gss_add_oid_set_member functions.
	71	specified in the mechanism config file, and returns a set of mechanism
	72	OIDs to be interposed. The returned OID set must have been created
	73	using the mechglue's gss_create_empty_oid_set and
	74	gss_add_oid_set_member functions.
51	75
52	76	An interposer module must use the prefix ``gssi_`` for the GSSAPI
53	77	functions it exports, instead of the prefix ``gss_``.

+1

-2

doc/html/_sources/user/user_commands/kinit.rst.txt less more

91	91	requested.
92	92
93	93	-E
94		treats the principal name as an enterprise name (implies the
95		-C option).
	94	treats the principal name as an enterprise name.
96	95
97	96	-v
98	97	requests that the ticket-granting ticket in the cache (with the

+13

-2

doc/html/_sources/user/user_commands/ksu.rst.txt less more

11	11	[ -c source_cache_name ]
12	12	[ -k ]
13	13	[ -r time ]
14		[ -pf ]
	14	[ -p \| -P]
	15	[ -f \| -F]
15	16	[ -l lifetime ]
16	17	[ -z \| Z ]
17	18	[ -q ]

246	247
247	248	Ticket granting ticket options:
248	249
249		-l lifetime -r time -pf
	250	-l lifetime -r time -p -P -f -F
250	251	The ticket granting ticket options only apply to the case where
251	252	there are no appropriate tickets in the cache to authenticate the
252	253	source user. In this case if ksu is configured to prompt users

268	269	specifies that the proxiable option should be requested for
269	270	the ticket.
270	271
	272	-P
	273	specifies that the proxiable option should not be requested
	274	for the ticket, even if the default configuration is to ask for
	275	proxiable tickets.
	276
271	277	-f
272	278	option specifies that the forwardable option should be
273	279	requested for the ticket.
	280
	281	-F
	282	option specifies that the forwardable option should not be
	283	requested for the ticket, even if the default configuration is to
	284	ask for forwardable tickets.
274	285
275	286	-e command [args ...]
276	287	ksu proceeds exactly the same as if it was invoked without the

+11

-1

doc/html/_sources/user/user_commands/kvno.rst.txt less more

12	12	[-h]
13	13	[-P]
14	14	[-S sname]
	15	[-I for_user]
15	16	[-U for_user]
	17	[-F cert_file]
16	18	[--u2u ccache]
17	19	service1 service2 ...
18	20

57	59	The service hostnames will be canonicalized according to the usual
58	60	rules for constructing service principals.
59	61
60		-U for_user
	62	-I for_user
61	63	Specifies that protocol transition (S4U2Self) is to be used to
62	64	acquire a ticket on behalf of for_user. If constrained
63	65	delegation is not requested, the service name must match the
64	66	credentials cache client principal.
	67
	68	-U for_user
	69	Same as -I, but treats for_user as an enterprise name.
	70
	71	-F cert_file
	72	Specifies that protocol transition is to be used, identifying the
	73	client principal with the X.509 certificate in cert_file. The
	74	certificate file must be in PEM format.
65	75
66	76	--u2u ccache
67	77	Requests a user-to-user ticket. ccache must contain a local

+19

-4

doc/html/_sources/user/user_config/kerberos.rst.txt less more

107	107	Distribution Center daemon and associated programs. The default
108	108	is \|kdcdir\|\ ``/kdc.conf``.
109	109
	110	KRB5RCACHENAME
	111	(New in release 1.18) Specifies the location of the default replay
	112	cache, in the form type:residual. The ``file2`` type with a
	113	pathname residual specifies a replay cache file in the version-2
	114	format in the specified location. The ``none`` type (residual is
	115	ignored) disables the replay cache. The ``dfl`` type (residual is
	116	ignored) indicates the default, which uses a file2 replay cache in
	117	a temporary directory. The default is ``dfl:``.
	118
110	119	KRB5RCACHETYPE
111		Specifies the default type of replay cache to use for servers.
112		Valid types include ``dfl`` for the normal file type and ``none``
113		for no replay cache. The default is ``dfl``.
	120	Specifies the type of the default replay cache, if
	121	KRB5RCACHENAME is unspecified. No residual can be specified,
	122	so ``none`` and ``dfl`` are the only useful types.
114	123
115	124	KRB5RCACHEDIR
116		Specifies the default directory for replay caches used by servers.
	125	Specifies the directory used by the ``dfl`` replay cache type.
117	126	The default is the value of the TMPDIR environment variable,
118	127	or ``/var/tmp`` if TMPDIR is not set.
119	128

131	140
132	141	KPROP_PORT
133	142	:ref:`kprop(8)` port to use. Defaults to 754.
	143
	144	GSS_MECH_CONFIG
	145	Specifies a filename containing GSSAPI mechanism module
	146	configuration. The default is to read \|sysconfdir\|\ ``/gss/mech``
	147	and files with a ``.conf`` suffix within the directory
	148	\|sysconfdir\|\ ``/gss/mech.d``.
134	149
135	150	Most environment variables are disabled for certain programs, such as
136	151	login system programs and setuid programs, which are designed to be

+3

-3

doc/html/about.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/admin/admin_commands/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/admin/admin_commands/k5srvutil.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

206	206
207	207	<div class="footer-wrapper">
208	208	<div class="footer" >
209		<div class="right" ><i>Release: 1.17</i><br />
210		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	209	<div class="right" ><i>Release: 1.18.2</i><br />
	210	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
211	211	</div>
212	212	<div class="left">
213	213

+8

-8

doc/html/admin/admin_commands/kadmin_local.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

406	406	</dl>
407	407	<p>Example:</p>
408	408	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="n">jennifer</span>
409		<span class="n">WARNING</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
	409	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
410	410	<span class="n">defaulting</span> <span class="n">to</span> <span class="n">no</span> <span class="n">policy</span><span class="o">.</span>
411	411	<span class="n">Enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>
412	412	<span class="n">Re</span><span class="o">-</span><span class="n">enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>

512	512	<span class="n">Principal</span><span class="p">:</span> <span class="n">tlyu</span><span class="o">/</span><span class="n">admin</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span>
513	513	<span class="n">Expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
514	514	<span class="n">Last</span> <span class="n">password</span> <span class="n">change</span><span class="p">:</span> <span class="n">Mon</span> <span class="n">Aug</span> <span class="mi">12</span> <span class="mi">14</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">47</span> <span class="n">EDT</span> <span class="mi">1996</span>
515		<span class="n">Password</span> <span class="n">expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">none</span><span class="p">]</span>
	515	<span class="n">Password</span> <span class="n">expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
516	516	<span class="n">Maximum</span> <span class="n">ticket</span> <span class="n">life</span><span class="p">:</span> <span class="mi">0</span> <span class="n">days</span> <span class="mi">10</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
517	517	<span class="n">Maximum</span> <span class="n">renewable</span> <span class="n">life</span><span class="p">:</span> <span class="mi">7</span> <span class="n">days</span> <span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
518	518	<span class="n">Last</span> <span class="n">modified</span><span class="p">:</span> <span class="n">Mon</span> <span class="n">Aug</span> <span class="mi">12</span> <span class="mi">14</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">47</span> <span class="n">EDT</span> <span class="mi">1996</span> <span class="p">(</span><span class="n">bjaspan</span><span class="o">/</span><span class="n">admin</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span><span class="p">)</span>
519	519	<span class="n">Last</span> <span class="n">successful</span> <span class="n">authentication</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
520	520	<span class="n">Last</span> <span class="n">failed</span> <span class="n">authentication</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
521	521	<span class="n">Failed</span> <span class="n">password</span> <span class="n">attempts</span><span class="p">:</span> <span class="mi">0</span>
522		<span class="n">Number</span> <span class="n">of</span> <span class="n">keys</span><span class="p">:</span> <span class="mi">2</span>
523		<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">des</span><span class="o">-</span><span class="n">cbc</span><span class="o">-</span><span class="n">crc</span>
524		<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">des</span><span class="o">-</span><span class="n">cbc</span><span class="o">-</span><span class="n">crc</span><span class="p">:</span><span class="n">v4</span>
	522	<span class="n">Number</span> <span class="n">of</span> <span class="n">keys</span><span class="p">:</span> <span class="mi">1</span>
	523	<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span>
	524	<span class="n">MKey</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span>
525	525	<span class="n">Attributes</span><span class="p">:</span>
526	526	<span class="n">Policy</span><span class="p">:</span> <span class="p">[</span><span class="n">none</span><span class="p">]</span>
527	527

973	973
974	974	<div class="footer-wrapper">
975	975	<div class="footer" >
976		<div class="right" ><i>Release: 1.17</i><br />
977		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	976	<div class="right" ><i>Release: 1.18.2</i><br />
	977	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
978	978	</div>
979	979	<div class="left">
980	980

+4

-5

doc/html/admin/admin_commands/kadmind.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

125	125	disk.</dd>
126	126	<dt><strong>-nofork</strong></dt>
127	127	<dd>causes the server to remain in the foreground and remain
128		associated to the terminal. In normal operation, you should allow
129		the server to place itself in the background.</dd>
	128	associated to the terminal.</dd>
130	129	<dt><strong>-proponly</strong></dt>
131	130	<dd>causes the server to only listen and respond to Kerberos replica
132	131	incremental propagation polling requests. This option can be used

259	258
260	259	<div class="footer-wrapper">
261	260	<div class="footer" >
262		<div class="right" ><i>Release: 1.17</i><br />
263		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	261	<div class="right" ><i>Release: 1.18.2</i><br />
	262	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
264	263	</div>
265	264	<div class="left">
266	265

+36

-57

doc/html/admin/admin_commands/kdb5_ldap_util.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

78	78	<div class="section" id="command-line-options">
79	79	<h2>COMMAND-LINE OPTIONS<a class="headerlink" href="#command-line-options" title="Permalink to this headline">¶</a></h2>
80	80	<dl class="docutils" id="kdb5-ldap-util-options">
	81	<dt><strong>-r</strong> <em>realm</em></dt>
	82	<dd>Specifies the realm to be operated on.</dd>
81	83	<dt><strong>-D</strong> <em>user_dn</em></dt>
82	84	<dd>Specifies the Distinguished Name (DN) of the user who has
83	85	sufficient rights to perform the operation on the LDAP server.</dd>

85	87	<dd>Specifies the password of <em>user_dn</em>. This option is not
86	88	recommended.</dd>
87	89	<dt><strong>-H</strong> <em>ldapuri</em></dt>
88		<dd>Specifies the URI of the LDAP server. It is recommended to use
89		<code class="docutils literal"><span class="pre">ldapi://</span></code> or <code class="docutils literal"><span class="pre">ldaps://</span></code> to connect to the LDAP server.</dd>
90		</dl>
	90	<dd>Specifies the URI of the LDAP server.</dd>
	91	</dl>
	92	<p>By default, kdb5_ldap_util operates on the default realm (as specified
	93	in <a class="reference internal" href="../conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>) and connects and authenticates to the LDAP
	94	server in the same manner as :ref:kadmind(8)` would given the
	95	parameters in <a class="reference internal" href="../conf_files/kdc_conf.html#dbdefaults"><span class="std std-ref">[dbdefaults]</span></a> in <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.</p>
91	96	</div>
92	97	<div class="section" id="commands">
93	98	<span id="kdb5-ldap-util-options-end"></span><h2>COMMANDS<a class="headerlink" href="#commands" title="Permalink to this headline">¶</a></h2>

100	105	[<strong>-containerref</strong> <em>container_reference_dn</em>]
101	106	[<strong>-k</strong> <em>mkeytype</em>]
102	107	[<strong>-kv</strong> <em>mkeyVNO</em>]
	108	[<strong>-M</strong> <em>mkeyname</em>]
103	109	[<strong>-m\|-P</strong> <em>password</em>\|<strong>-sf</strong> <em>stashfilename</em>]
104	110	[<strong>-s</strong>]
105		[<strong>-r</strong> <em>realm</em>]
106	111	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
107	112	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
108	113	[<em>ticket_flags</em>]</div></blockquote>

128	133	<dt><strong>-kv</strong> <em>mkeyVNO</em></dt>
129	134	<dd>Specifies the version number of the master key in the database;
130	135	the default is 1. Note that 0 is not allowed.</dd>
	136	<dt><strong>-M</strong> <em>mkeyname</em></dt>
	137	<dd>Specifies the principal name for the master key in the database.
	138	If not specified, the name is determined by the
	139	<strong>master_key_name</strong> variable in <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.</dd>
131	140	<dt><strong>-m</strong></dt>
132	141	<dd>Specifies that the master database password should be read from
133	142	the TTY rather than fetched from a file on the disk.</dd>
134	143	<dt><strong>-P</strong> <em>password</em></dt>
135	144	<dd>Specifies the master database password. This option is not
136	145	recommended.</dd>
137		<dt><strong>-r</strong> <em>realm</em></dt>
138		<dd>Specifies the Kerberos realm of the database.</dd>
139	146	<dt><strong>-sf</strong> <em>stashfilename</em></dt>
140	147	<dd>Specifies the stash file of the master database password.</dd>
141	148	<dt><strong>-s</strong></dt>

153	160	</dl>
154	161	<p>Example:</p>
155	162	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
156		<span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">sscope</span> <span class="n">SUB</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	163	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">sscope</span> <span class="n">SUB</span>
157	164	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
158	165	<span class="n">Initializing</span> <span class="n">database</span> <span class="k">for</span> <span class="n">realm</span> <span class="s1">'ATHENA.MIT.EDU'</span>
159	166	<span class="n">You</span> <span class="n">will</span> <span class="n">be</span> <span class="n">prompted</span> <span class="k">for</span> <span class="n">the</span> <span class="n">database</span> <span class="n">Master</span> <span class="n">Password</span><span class="o">.</span>

170	177	[<strong>-subtrees</strong> <em>subtree_dn_list</em>]
171	178	[<strong>-sscope</strong> <em>search_scope</em>]
172	179	[<strong>-containerref</strong> <em>container_reference_dn</em>]
173		[<strong>-r</strong> <em>realm</em>]
174	180	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
175	181	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
176	182	[<em>ticket_flags</em>]</div></blockquote>

187	193	<dt><strong>-containerref</strong> <em>container_reference_dn</em> Specifies the DN of the</dt>
188	194	<dd>container object in which the principals of a realm will be
189	195	created.</dd>
190		<dt><strong>-r</strong> <em>realm</em></dt>
191		<dd>Specifies the Kerberos realm of the database.</dd>
192	196	<dt><strong>-maxtktlife</strong> <em>max_ticket_life</em></dt>
193	197	<dd>(<a class="reference internal" href="../../basic/date_format.html#getdate"><span class="std std-ref">getdate time</span></a> string) Specifies maximum ticket life for
194	198	principals in this realm.</dd>

201	205	<a class="reference internal" href="kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>.</dd>
202	206	</dl>
203	207	<p>Example:</p>
204		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
205		<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">r</span>
206		<span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	208	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
	209	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify</span> <span class="o">+</span><span class="n">requires_preauth</span>
207	210	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
208	211	<span class="n">shell</span><span class="o">%</span>
209	212	</pre></div>

212	215	<div class="section" id="view">
213	216	<span id="kdb5-ldap-util-modify-end"></span><h3>view<a class="headerlink" href="#view" title="Permalink to this headline">¶</a></h3>
214	217	<blockquote id="kdb5-ldap-util-view">
215		<div><strong>view</strong> [<strong>-r</strong> <em>realm</em>]</div></blockquote>
216		<p>Displays the attributes of a realm. Options:</p>
217		<dl class="docutils">
218		<dt><strong>-r</strong> <em>realm</em></dt>
219		<dd>Specifies the Kerberos realm of the database.</dd>
220		</dl>
	218	<div><strong>view</strong></div></blockquote>
	219	<p>Displays the attributes of a realm.</p>
221	220	<p>Example:</p>
222	221	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
223		<span class="n">view</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	222	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">view</span>
224	223	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
225	224	<span class="n">Realm</span> <span class="n">Name</span><span class="p">:</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
226	225	<span class="n">Subtree</span><span class="p">:</span> <span class="n">ou</span><span class="o">=</span><span class="n">users</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span>

235	234	<div class="section" id="destroy">
236	235	<span id="kdb5-ldap-util-view-end"></span><h3>destroy<a class="headerlink" href="#destroy" title="Permalink to this headline">¶</a></h3>
237	236	<blockquote id="kdb5-ldap-util-destroy">
238		<div><strong>destroy</strong> [<strong>-f</strong>] [<strong>-r</strong> <em>realm</em>]</div></blockquote>
	237	<div><strong>destroy</strong> [<strong>-f</strong>]</div></blockquote>
239	238	<p>Destroys an existing realm. Options:</p>
240	239	<dl class="docutils">
241	240	<dt><strong>-f</strong></dt>
242	241	<dd>If specified, will not prompt the user for confirmation.</dd>
243		<dt><strong>-r</strong> <em>realm</em></dt>
244		<dd>Specifies the Kerberos realm of the database.</dd>
245		</dl>
246		<p>Example:</p>
247		<div class="highlight-default"><div class="highlight"><pre><span></span>shell% kdb5_ldap_util -D cn=admin,o=org -H
248		ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
	242	</dl>
	243	<p>Example:</p>
	244	<div class="highlight-default"><div class="highlight"><pre><span></span>shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	245	ldaps://ldap-server1.mit.edu destroy
249	246	Password for "cn=admin,o=org":
250	247	Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
251	248	(type 'yes' to confirm)? yes

258	255	<span id="kdb5-ldap-util-destroy-end"></span><h3>list<a class="headerlink" href="#list" title="Permalink to this headline">¶</a></h3>
259	256	<blockquote id="kdb5-ldap-util-list">
260	257	<div><strong>list</strong></div></blockquote>
261		<p>Lists the name of realms.</p>
	258	<p>Lists the names of realms under the container.</p>
262	259	<p>Example:</p>
263	260	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
264	261	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="nb">list</span>

305	302	<span id="kdb5-ldap-util-stashsrvpw-end"></span><h3>create_policy<a class="headerlink" href="#create-policy" title="Permalink to this headline">¶</a></h3>
306	303	<blockquote id="kdb5-ldap-util-create-policy">
307	304	<div><strong>create_policy</strong>
308		[<strong>-r</strong> <em>realm</em>]
309	305	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
310	306	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
311	307	[<em>ticket_flags</em>]
312	308	<em>policy_name</em></div></blockquote>
313	309	<p>Creates a ticket policy in the directory. Options:</p>
314	310	<dl class="docutils">
315		<dt><strong>-r</strong> <em>realm</em></dt>
316		<dd>Specifies the Kerberos realm of the database.</dd>
317	311	<dt><strong>-maxtktlife</strong> <em>max_ticket_life</em></dt>
318	312	<dd>(<a class="reference internal" href="../../basic/date_format.html#getdate"><span class="std std-ref">getdate time</span></a> string) Specifies maximum ticket life for
319	313	principals.</dd>

330	324	</dl>
331	325	<p>Example:</p>
332	326	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
333		<span class="n">create_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"1 day"</span>
	327	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">create_policy</span> <span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"1 day"</span>
334	328	<span class="o">-</span><span class="n">maxrenewlife</span> <span class="s2">"1 week"</span> <span class="o">-</span><span class="n">allow_postdated</span> <span class="o">+</span><span class="n">needchange</span>
335	329	<span class="o">-</span><span class="n">allow_forwardable</span> <span class="n">tktpolicy</span>
336	330	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>

341	335	<span id="kdb5-ldap-util-create-policy-end"></span><h3>modify_policy<a class="headerlink" href="#modify-policy" title="Permalink to this headline">¶</a></h3>
342	336	<blockquote id="kdb5-ldap-util-modify-policy">
343	337	<div><strong>modify_policy</strong>
344		[<strong>-r</strong> <em>realm</em>]
345	338	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
346	339	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
347	340	[<em>ticket_flags</em>]

350	343	<strong>create_policy</strong>.</p>
351	344	<p>Example:</p>
352	345	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
353		<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	346	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">modify_policy</span>
354	347	<span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"60 minutes"</span> <span class="o">-</span><span class="n">maxrenewlife</span> <span class="s2">"10 hours"</span>
355	348	<span class="o">+</span><span class="n">allow_postdated</span> <span class="o">-</span><span class="n">requires_preauth</span> <span class="n">tktpolicy</span>
356	349	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>

361	354	<span id="kdb5-ldap-util-modify-policy-end"></span><h3>view_policy<a class="headerlink" href="#view-policy" title="Permalink to this headline">¶</a></h3>
362	355	<blockquote id="kdb5-ldap-util-view-policy">
363	356	<div><strong>view_policy</strong>
364		[<strong>-r</strong> <em>realm</em>]
365	357	<em>policy_name</em></div></blockquote>
366		<p>Displays the attributes of a ticket policy. Options:</p>
367		<dl class="docutils">
368		<dt><em>policy_name</em></dt>
369		<dd>Specifies the name of the ticket policy.</dd>
370		</dl>
	358	<p>Displays the attributes of the named ticket policy.</p>
371	359	<p>Example:</p>
372	360	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
373		<span class="n">view_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">tktpolicy</span>
	361	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">view_policy</span> <span class="n">tktpolicy</span>
374	362	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
375	363	<span class="n">Ticket</span> <span class="n">policy</span><span class="p">:</span> <span class="n">tktpolicy</span>
376	364	<span class="n">Maximum</span> <span class="n">ticket</span> <span class="n">life</span><span class="p">:</span> <span class="mi">0</span> <span class="n">days</span> <span class="mi">01</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>

383	371	<span id="kdb5-ldap-util-view-policy-end"></span><h3>destroy_policy<a class="headerlink" href="#destroy-policy" title="Permalink to this headline">¶</a></h3>
384	372	<blockquote id="kdb5-ldap-util-destroy-policy">
385	373	<div><strong>destroy_policy</strong>
386		[<strong>-r</strong> <em>realm</em>]
387	374	[<strong>-force</strong>]
388	375	<em>policy_name</em></div></blockquote>
389	376	<p>Destroys an existing ticket policy. Options:</p>
390	377	<dl class="docutils">
391		<dt><strong>-r</strong> <em>realm</em></dt>
392		<dd>Specifies the Kerberos realm of the database.</dd>
393	378	<dt><strong>-force</strong></dt>
394	379	<dd>Forces the deletion of the policy object. If not specified, the
395	380	user will be prompted for confirmation before deleting the policy.</dd>

398	383	</dl>
399	384	<p>Example:</p>
400	385	<div class="highlight-default"><div class="highlight"><pre><span></span>kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
401		destroy_policy -r ATHENA.MIT.EDU tktpolicy
	386	-r ATHENA.MIT.EDU destroy_policy tktpolicy
402	387	Password for "cn=admin,o=org":
403	388	This will delete the policy object 'tktpolicy', are you sure?
404	389	(type 'yes' to confirm)? yes

409	394	<div class="section" id="list-policy">
410	395	<span id="kdb5-ldap-util-destroy-policy-end"></span><h3>list_policy<a class="headerlink" href="#list-policy" title="Permalink to this headline">¶</a></h3>
411	396	<blockquote id="kdb5-ldap-util-list-policy">
412		<div><strong>list_policy</strong>
413		[<strong>-r</strong> <em>realm</em>]</div></blockquote>
414		<p>Lists the ticket policies in realm if specified or in the default
415		realm. Options:</p>
416		<dl class="docutils">
417		<dt><strong>-r</strong> <em>realm</em></dt>
418		<dd>Specifies the Kerberos realm of the database.</dd>
419		</dl>
	397	<div><strong>list_policy</strong></div></blockquote>
	398	<p>Lists ticket policies.</p>
420	399	<p>Example:</p>
421	400	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
422		<span class="n">list_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	401	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">list_policy</span>
423	402	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
424	403	<span class="n">tktpolicy</span>
425	404	<span class="n">tmppolicy</span>

542	521
543	522	<div class="footer-wrapper">
544	523	<div class="footer" >
545		<div class="right" ><i>Release: 1.17</i><br />
546		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	524	<div class="right" ><i>Release: 1.18.2</i><br />
	525	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
547	526	</div>
548	527	<div class="left">
549	528

+10

-15

doc/html/admin/admin_commands/kdb5_util.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156	<div class="section" id="dump">
157	157	<span id="kdb5-util-stash-end"></span><h3>dump<a class="headerlink" href="#dump" title="Permalink to this headline">¶</a></h3>
158	158	<blockquote id="kdb5-util-dump">
159		<div><strong>dump</strong> [<strong>-b7</strong>\|<strong>-ov</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>]
	159	<div><strong>dump</strong> [<strong>-b7</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>]
160	160	[<strong>-verbose</strong>] [<strong>-mkey_convert</strong>] [<strong>-new_mkey_file</strong>
161	161	<em>mkey_file</em>] [<strong>-rev</strong>] [<strong>-recurse</strong>] [<em>filename</em>
162	162	[<em>principals</em>…]]</div></blockquote>

169	169	<dd>causes the dump to be in the Kerberos 5 Beta 7 format (“kdb5_util
170	170	load_dump version 4”). This was the dump format produced on
171	171	releases prior to 1.2.2.</dd>
172		<dt><strong>-ov</strong></dt>
173		<dd>causes the dump to be in “ovsec_adm_export” format.</dd>
174	172	<dt><strong>-r13</strong></dt>
175	173	<dd>causes the dump to be in the Kerberos 5 1.3 format (“kdb5_util
176	174	load_dump version 5”). This was the dump format produced on

213	211	<div class="section" id="load">
214	212	<span id="kdb5-util-dump-end"></span><h3>load<a class="headerlink" href="#load" title="Permalink to this headline">¶</a></h3>
215	213	<blockquote id="kdb5-util-load">
216		<div><strong>load</strong> [<strong>-b7</strong>\|<strong>-ov</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>] [<strong>-hash</strong>]
	214	<div><strong>load</strong> [<strong>-b7</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>] [<strong>-hash</strong>]
217	215	[<strong>-verbose</strong>] [<strong>-update</strong>] <em>filename</em></div></blockquote>
218	216	<p>Loads a database dump from the named file into the named database. If
219	217	no option is given to determine the format of the dump file, the

228	226	<dd>requires the database to be in the Kerberos 5 Beta 7 format
229	227	(“kdb5_util load_dump version 4”). This was the dump format
230	228	produced on releases prior to 1.2.2.</dd>
231		<dt><strong>-ov</strong></dt>
232		<dd>requires the database to be in “ovsec_adm_import” format. Must be
233		used with the <strong>-update</strong> option.</dd>
234	229	<dt><strong>-r13</strong></dt>
235	230	<dd>requires the database to be in Kerberos 5 1.3 format (“kdb5_util
236	231	load_dump version 5”). This was the dump format produced on

472	467	<div class="highlight-default"><div class="highlight"><pre><span></span>$ kdb5_util tabdump -o keyinfo.txt keyinfo
473	468	$ cat keyinfo.txt
474	469	name keyindex kvno enctype salttype salt
	470	K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
475	471	foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
476	472	bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
477		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
478	473	$ sqlite3
479	474	sqlite> .mode tabs
480	475	sqlite> .import keyinfo.txt keyinfo
481		sqlite> select * from keyinfo where enctype like 'des-cbc-%';
482		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	476	sqlite> select * from keyinfo where enctype like 'aes256-%';
	477	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
483	478	sqlite> .quit
484		$ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
485		bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
	479	$ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
	480	K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
486	481	</pre></div>
487	482	</div>
488	483	</div>

602	597
603	598	<div class="footer-wrapper">
604	599	<div class="footer" >
605		<div class="right" ><i>Release: 1.17</i><br />
606		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	600	<div class="right" ><i>Release: 1.18.2</i><br />
	601	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
607	602	</div>
608	603	<div class="left">
609	604

+3

-3

doc/html/admin/admin_commands/kprop.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

198	198
199	199	<div class="footer-wrapper">
200	200	<div class="footer" >
201		<div class="right" ><i>Release: 1.17</i><br />
202		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	201	<div class="right" ><i>Release: 1.18.2</i><br />
	202	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
203	203	</div>
204	204	<div class="left">
205	205

+3

-3

doc/html/admin/admin_commands/kpropd.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

274	274
275	275	<div class="footer-wrapper">
276	276	<div class="footer" >
277		<div class="right" ><i>Release: 1.17</i><br />
278		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	277	<div class="right" ><i>Release: 1.18.2</i><br />
	278	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
279	279	</div>
280	280	<div class="left">
281	281

+3

-3

doc/html/admin/admin_commands/kproplog.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

223	223
224	224	<div class="footer-wrapper">
225	225	<div class="footer" >
226		<div class="right" ><i>Release: 1.17</i><br />
227		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	226	<div class="right" ><i>Release: 1.18.2</i><br />
	227	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
228	228	</div>
229	229	<div class="left">
230	230

+8

-8

doc/html/admin/admin_commands/krb5kdc.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

85	85	<div class="section" id="options">
86	86	<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
87	87	<p>The <strong>-r</strong> <em>realm</em> option specifies the realm for which the server
88		should provide service.</p>
	88	should provide service. This option may be specified multiple times
	89	to serve multiple realms. If no <strong>-r</strong> option is given, the default
	90	realm (as specified in <a class="reference internal" href="../conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>) will be served.</p>
89	91	<p>The <strong>-d</strong> <em>dbname</em> option specifies the name under which the
90	92	principal database can be found. This option does not apply to the
91	93	LDAP database.</p>
92	94	<p>The <strong>-k</strong> <em>keytype</em> option specifies the key type of the master key
93	95	to be entered manually as a password when <strong>-m</strong> is given; the default
94		is <code class="docutils literal"><span class="pre">des-cbc-crc</span></code>.</p>
	96	is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span></code>.</p>
95	97	<p>The <strong>-M</strong> <em>mkeyname</em> option specifies the principal name for the
96	98	master key in the database (usually <code class="docutils literal"><span class="pre">K/M</span></code> in the KDC’s realm).</p>
97	99	<p>The <strong>-m</strong> option specifies that the master database password should
98	100	be fetched from the keyboard rather than from a stash file.</p>
99	101	<p>The <strong>-n</strong> option specifies that the KDC does not put itself in the
100		background and does not disassociate itself from the terminal. In
101		normal operation, you should always allow the KDC to place itself in
102		the background.</p>
	102	background and does not disassociate itself from the terminal.</p>
103	103	<p>The <strong>-P</strong> <em>pid_file</em> option tells the KDC to write its PID into
104	104	<em>pid_file</em> after it starts up. This can be used to identify whether
105	105	the KDC is still running and to allow init scripts to stop the correct

243	243
244	244	<div class="footer-wrapper">
245	245	<div class="footer" >
246		<div class="right" ><i>Release: 1.17</i><br />
247		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	246	<div class="right" ><i>Release: 1.18.2</i><br />
	247	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
248	248	</div>
249	249	<div class="left">
250	250

+5

-21

doc/html/admin/admin_commands/ktutil.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

69	69	<div class="section" id="description">
70	70	<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>
71	71	<p>The ktutil command invokes a command interface from which an
72		administrator can read, write, or edit entries in a keytab or Kerberos
73		V4 srvtab file.</p>
	72	administrator can read, write, or edit entries in a keytab. (Kerberos
	73	V4 srvtab files are no longer supported.)</p>
74	74	</div>
75	75	<div class="section" id="commands">
76	76	<h2>COMMANDS<a class="headerlink" href="#commands" title="Permalink to this headline">¶</a></h2>

88	88	<p>Read the Kerberos V5 keytab file <em>keytab</em> into the current keylist.</p>
89	89	<p>Alias: <strong>rkt</strong></p>
90	90	</div>
91		<div class="section" id="read-st">
92		<h3>read_st<a class="headerlink" href="#read-st" title="Permalink to this headline">¶</a></h3>
93		<blockquote>
94		<div><strong>read_st</strong> <em>srvtab</em></div></blockquote>
95		<p>Read the Kerberos V4 srvtab file <em>srvtab</em> into the current keylist.</p>
96		<p>Alias: <strong>rst</strong></p>
97		</div>
98	91	<div class="section" id="write-kt">
99	92	<h3>write_kt<a class="headerlink" href="#write-kt" title="Permalink to this headline">¶</a></h3>
100	93	<blockquote>
101	94	<div><strong>write_kt</strong> <em>keytab</em></div></blockquote>
102	95	<p>Write the current keylist into the Kerberos V5 keytab file <em>keytab</em>.</p>
103	96	<p>Alias: <strong>wkt</strong></p>
104		</div>
105		<div class="section" id="write-st">
106		<h3>write_st<a class="headerlink" href="#write-st" title="Permalink to this headline">¶</a></h3>
107		<blockquote>
108		<div><strong>write_st</strong> <em>srvtab</em></div></blockquote>
109		<p>Write the current keylist into the Kerberos V4 srvtab file <em>srvtab</em>.</p>
110		<p>Alias: <strong>wst</strong></p>
111	97	</div>
112	98	<div class="section" id="clear-list">
113	99	<h3>clear_list<a class="headerlink" href="#clear-list" title="Permalink to this headline">¶</a></h3>

191	177	<li><a class="reference internal" href="#commands">COMMANDS</a><ul>
192	178	<li><a class="reference internal" href="#list">list</a></li>
193	179	<li><a class="reference internal" href="#read-kt">read_kt</a></li>
194		<li><a class="reference internal" href="#read-st">read_st</a></li>
195	180	<li><a class="reference internal" href="#write-kt">write_kt</a></li>
196		<li><a class="reference internal" href="#write-st">write_st</a></li>
197	181	<li><a class="reference internal" href="#clear-list">clear_list</a></li>
198	182	<li><a class="reference internal" href="#delete-entry">delete_entry</a></li>
199	183	<li><a class="reference internal" href="#add-entry">add_entry</a></li>

279	263
280	264	<div class="footer-wrapper">
281	265	<div class="footer" >
282		<div class="right" ><i>Release: 1.17</i><br />
283		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	266	<div class="right" ><i>Release: 1.18.2</i><br />
	267	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
284	268	</div>
285	269	<div class="left">
286	270

+3

-3

doc/html/admin/admin_commands/sserver.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

252	252
253	253	<div class="footer-wrapper">
254	254	<div class="footer" >
255		<div class="right" ><i>Release: 1.17</i><br />
256		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	255	<div class="right" ><i>Release: 1.18.2</i><br />
	256	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
257	257	</div>
258	258	<div class="left">
259	259

+6

-8

doc/html/admin/advanced/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../copyright.html" />
28		<link rel="next" title="LDAP backend on Ubuntu 10.4 (lucid)" href="ldapbackend.html" />
	28	<link rel="next" title="Retiring DES" href="retiring-des.html" />
29	29	<link rel="prev" title="Troubleshooting" href="../troubleshoot.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="../troubleshoot.html" title="Troubleshooting"
43	43	accesskey="P">previous</a> \|
44		<a href="ldapbackend.html" title="LDAP backend on Ubuntu 10.4 (lucid)"
	44	<a href="retiring-des.html" title="Retiring DES"
45	45	accesskey="N">next</a> \|
46	46	<a href="../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

64	64	<h1>Advanced topics<a class="headerlink" href="#advanced-topics" title="Permalink to this headline">¶</a></h1>
65	65	<div class="toctree-wrapper compound">
66	66	<ul>
67		<li class="toctree-l1"><a class="reference internal" href="ldapbackend.html">LDAP backend on Ubuntu 10.4 (lucid)</a></li>
68	67	<li class="toctree-l1"><a class="reference internal" href="retiring-des.html">Retiring DES</a></li>
69	68	</ul>
70	69	</div>

109	108	<li class="toctree-l2"><a class="reference internal" href="../env_variables.html">Environment variables</a></li>
110	109	<li class="toctree-l2"><a class="reference internal" href="../troubleshoot.html">Troubleshooting</a></li>
111	110	<li class="toctree-l2 current"><a class="current reference internal" href="#">Advanced topics</a><ul>
112		<li class="toctree-l3"><a class="reference internal" href="ldapbackend.html">LDAP backend on Ubuntu 10.4 (lucid)</a></li>
113	111	<li class="toctree-l3"><a class="reference internal" href="retiring-des.html">Retiring DES</a></li>
114	112	</ul>
115	113	</li>

143	141
144	142	<div class="footer-wrapper">
145	143	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
148	146	</div>
149	147	<div class="left">
150	148

152	150	>Contents</a> \|
153	151	<a href="../troubleshoot.html" title="Troubleshooting"
154	152	>previous</a> \|
155		<a href="ldapbackend.html" title="LDAP backend on Ubuntu 10.4 (lucid)"
	153	<a href="retiring-des.html" title="Retiring DES"
156	154	>next</a> \|
157	155	<a href="../../genindex.html" title="General Index"
158	156	>index</a> \|

+0

-305

~~doc/html/admin/advanced/ldapbackend.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>LDAP backend on Ubuntu 10.4 (lucid) — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../about.html" />
25		<link rel="index" title="Index" href="../../genindex.html" />
26		<link rel="search" title="Search" href="../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../copyright.html" />
28		<link rel="next" title="Retiring DES" href="retiring-des.html" />
29		<link rel="prev" title="Advanced topics" href="index.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="index.html" title="Advanced topics"
43		accesskey="P">previous</a> \|
44		<a href="retiring-des.html" title="Retiring DES"
45		accesskey="N">next</a> \|
46		<a href="../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__LDAP backend on Ubuntu 10.4 (lucid)">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="ldap-backend-on-ubuntu-10-4-lucid">
64		<span id="ldap-be-ubuntu"></span><h1>LDAP backend on Ubuntu 10.4 (lucid)<a class="headerlink" href="#ldap-backend-on-ubuntu-10-4-lucid" title="Permalink to this headline">¶</a></h1>
65		<p>Setting up Kerberos v1.9 with LDAP backend on Ubuntu 10.4 (Lucid Lynx)</p>
66		<div class="section" id="prerequisites">
67		<h2>Prerequisites<a class="headerlink" href="#prerequisites" title="Permalink to this headline">¶</a></h2>
68		<p>Install the following packages: <em>slapd, ldap-utils</em> and <em>libldap2-dev</em></p>
69		<p>You can install the necessary packages with these commands:</p>
70		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">apt</span><span class="o">-</span><span class="n">get</span> <span class="n">install</span> <span class="n">slapd</span>
71		<span class="n">sudo</span> <span class="n">apt</span><span class="o">-</span><span class="n">get</span> <span class="n">install</span> <span class="n">ldap</span><span class="o">-</span><span class="n">utils</span>
72		<span class="n">sudo</span> <span class="n">apt</span><span class="o">-</span><span class="n">get</span> <span class="n">install</span> <span class="n">libldap2</span><span class="o">-</span><span class="n">dev</span>
73		</pre></div>
74		</div>
75		<p>Extend the user schema using schemas from standart OpenLDAP
76		distribution: <em>cosine, mics, nis, inetcomperson</em></p>
77		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">cosine</span><span class="o">.</span><span class="n">ldif</span>
78		<span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">mics</span><span class="o">.</span><span class="n">ldif</span>
79		<span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">nis</span><span class="o">.</span><span class="n">ldif</span>
80		<span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">inetcomperson</span><span class="o">.</span><span class="n">ldif</span>
81		</pre></div>
82		</div>
83		</div>
84		<div class="section" id="building-kerberos-from-source">
85		<h2>Building Kerberos from source<a class="headerlink" href="#building-kerberos-from-source" title="Permalink to this headline">¶</a></h2>
86		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="o">./</span><span class="n">configure</span> <span class="o">--</span><span class="k">with</span><span class="o">-</span><span class="n">ldap</span>
87		<span class="n">make</span>
88		<span class="n">sudo</span> <span class="n">make</span> <span class="n">install</span>
89		</pre></div>
90		</div>
91		</div>
92		<div class="section" id="setting-up-kerberos">
93		<h2>Setting up Kerberos<a class="headerlink" href="#setting-up-kerberos" title="Permalink to this headline">¶</a></h2>
94		<div class="section" id="configuration">
95		<h3>Configuration<a class="headerlink" href="#configuration" title="Permalink to this headline">¶</a></h3>
96		<p>Update kdc.conf with the LDAP back-end information:</p>
97		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">realms</span><span class="p">]</span>
98		<span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span> <span class="o">=</span> <span class="p">{</span>
99		<span class="n">database_module</span> <span class="o">=</span> <span class="n">LDAP</span>
100		<span class="p">}</span>
101
102		<span class="p">[</span><span class="n">dbmodules</span><span class="p">]</span>
103		<span class="n">LDAP</span> <span class="o">=</span> <span class="p">{</span>
104		<span class="n">db_library</span> <span class="o">=</span> <span class="n">kldap</span>
105		<span class="n">ldap_kerberos_container_dn</span> <span class="o">=</span> <span class="n">cn</span><span class="o">=</span><span class="n">krbContainer</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
106		<span class="n">ldap_kdc_dn</span> <span class="o">=</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
107		<span class="n">ldap_kadmind_dn</span> <span class="o">=</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
108		<span class="n">ldap_service_password_file</span> <span class="o">=</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">krb5kdc</span><span class="o">/</span><span class="n">admin</span><span class="o">.</span><span class="n">stash</span>
109		<span class="n">ldap_servers</span> <span class="o">=</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span>
110		<span class="p">}</span>
111		</pre></div>
112		</div>
113		</div>
114		<div class="section" id="schema">
115		<h3>Schema<a class="headerlink" href="#schema" title="Permalink to this headline">¶</a></h3>
116		<p>From the source tree copy
117		<code class="docutils literal"><span class="pre">src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema</span></code> into
118		<code class="docutils literal"><span class="pre">/etc/ldap/schema</span></code></p>
119		<p>Warning: this step should be done after slapd is installed to avoid
120		problems with slapd installation.</p>
121		<p>To convert kerberos.schema to run-time configuration (<code class="docutils literal"><span class="pre">cn=config</span></code>)
122		do the following:</p>
123		<ol class="arabic">
124		<li><p class="first">Create a temporary file <code class="docutils literal"><span class="pre">/tmp/schema_convert.conf</span></code> with the
125		following content:</p>
126		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">include</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">kerberos</span><span class="o">.</span><span class="n">schema</span>
127		</pre></div>
128		</div>
129		</li>
130		<li><p class="first">Create a temporary directory <code class="docutils literal"><span class="pre">/tmp/krb5_ldif</span></code>.</p>
131		</li>
132		<li><p class="first">Run:</p>
133		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">slaptest</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">schema_convert</span><span class="o">.</span><span class="n">conf</span> <span class="o">-</span><span class="n">F</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5_ldif</span>
134		</pre></div>
135		</div>
136		<p>This should in a new file named
137		<code class="docutils literal"><span class="pre">/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif</span></code>.</p>
138		</li>
139		<li><p class="first">Edit <code class="docutils literal"><span class="pre">/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif</span></code> by
140		replacing the lines:</p>
141		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">dn</span><span class="p">:</span> <span class="n">cn</span><span class="o">=</span><span class="p">{</span><span class="mi">0</span><span class="p">}</span><span class="n">kerberos</span>
142		<span class="n">cn</span><span class="p">:</span> <span class="p">{</span><span class="mi">0</span><span class="p">}</span><span class="n">kerberos</span>
143		</pre></div>
144		</div>
145		<p>with</p>
146		<blockquote>
147		<div><p>dn: cn=kerberos,cn=schema,cn=config
148		cn: kerberos</p>
149		</div></blockquote>
150		<p>Also, remove following attribute-value pairs:</p>
151		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">structuralObjectClass</span><span class="p">:</span> <span class="n">olcSchemaConfig</span>
152		<span class="n">entryUUID</span><span class="p">:</span> <span class="o">...</span>
153		<span class="n">creatorsName</span><span class="p">:</span> <span class="n">cn</span><span class="o">=</span><span class="n">config</span>
154		<span class="n">createTimestamp</span><span class="p">:</span> <span class="o">...</span>
155		<span class="n">entryCSN</span><span class="p">:</span> <span class="o">...</span>
156		<span class="n">modifiersName</span><span class="p">:</span> <span class="n">cn</span><span class="o">=</span><span class="n">config</span>
157		<span class="n">modifyTimestamp</span><span class="p">:</span> <span class="o">...</span>
158		</pre></div>
159		</div>
160		</li>
161		<li><p class="first">Load the new schema with ldapadd (with the proper authentication):</p>
162		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5_ldif</span><span class="o">/</span><span class="n">cn</span><span class="o">=</span><span class="n">config</span><span class="o">/</span><span class="n">cn</span><span class="o">=</span><span class="n">schema</span><span class="o">/</span><span class="n">cn</span><span class="o">=</span><span class="p">{</span><span class="mi">0</span><span class="p">}</span><span class="n">kerberos</span><span class="o">.</span><span class="n">ldif</span>
163		</pre></div>
164		</div>
165		<p>which should result the message <code class="docutils literal"><span class="pre">adding</span> <span class="pre">new</span> <span class="pre">entry</span>
166		<span class="pre">"cn=kerberos,cn=schema,cn=config"</span></code>.</p>
167		</li>
168		</ol>
169		</div>
170		</div>
171		<div class="section" id="create-kerberos-database">
172		<h2>Create Kerberos database<a class="headerlink" href="#create-kerberos-database" title="Permalink to this headline">¶</a></h2>
173		<p>Using LDAP administrator credentials, create Kerberos database and
174		master key stash:</p>
175		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="n">create</span> <span class="o">-</span><span class="n">s</span>
176		</pre></div>
177		</div>
178		<p>Stash the LDAP administrative passwords:</p>
179		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="n">stashsrvpw</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
180		</pre></div>
181		</div>
182		<p>Start <a class="reference internal" href="../admin_commands/krb5kdc.html#krb5kdc-8"><span class="std std-ref">krb5kdc</span></a>:</p>
183		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">krb5kdc</span>
184		</pre></div>
185		</div>
186		<p>To destroy database run:</p>
187		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="n">destroy</span> <span class="o">-</span><span class="n">f</span>
188		</pre></div>
189		</div>
190		</div>
191		<div class="section" id="useful-references">
192		<h2>Useful references<a class="headerlink" href="#useful-references" title="Permalink to this headline">¶</a></h2>
193		<ul class="simple">
194		<li><a class="reference external" href="https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html">Kerberos and LDAP</a></li>
195		</ul>
196		</div>
197		</div>
198
199
200		</div>
201		</div>
202		</div>
203		</div>
204		<div class="sidebar">
205		<h2>On this page</h2>
206		<ul>
207		<li><a class="reference internal" href="#">LDAP backend on Ubuntu 10.4 (lucid)</a><ul>
208		<li><a class="reference internal" href="#prerequisites">Prerequisites</a></li>
209		<li><a class="reference internal" href="#building-kerberos-from-source">Building Kerberos from source</a></li>
210		<li><a class="reference internal" href="#setting-up-kerberos">Setting up Kerberos</a><ul>
211		<li><a class="reference internal" href="#configuration">Configuration</a></li>
212		<li><a class="reference internal" href="#schema">Schema</a></li>
213		</ul>
214		</li>
215		<li><a class="reference internal" href="#create-kerberos-database">Create Kerberos database</a></li>
216		<li><a class="reference internal" href="#useful-references">Useful references</a></li>
217		</ul>
218		</li>
219		</ul>
220
221		<br/>
222		<h2>Table of contents</h2>
223		<ul class="current">
224		<li class="toctree-l1"><a class="reference internal" href="../../user/index.html">For users</a></li>
225		<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For administrators</a><ul class="current">
226		<li class="toctree-l2"><a class="reference internal" href="../install.html">Installation guide</a></li>
227		<li class="toctree-l2"><a class="reference internal" href="../conf_files/index.html">Configuration Files</a></li>
228		<li class="toctree-l2"><a class="reference internal" href="../realm_config.html">Realm configuration decisions</a></li>
229		<li class="toctree-l2"><a class="reference internal" href="../database.html">Database administration</a></li>
230		<li class="toctree-l2"><a class="reference internal" href="../dbtypes.html">Database types</a></li>
231		<li class="toctree-l2"><a class="reference internal" href="../lockout.html">Account lockout</a></li>
232		<li class="toctree-l2"><a class="reference internal" href="../conf_ldap.html">Configuring Kerberos with OpenLDAP back-end</a></li>
233		<li class="toctree-l2"><a class="reference internal" href="../appl_servers.html">Application servers</a></li>
234		<li class="toctree-l2"><a class="reference internal" href="../host_config.html">Host configuration</a></li>
235		<li class="toctree-l2"><a class="reference internal" href="../backup_host.html">Backups of secure hosts</a></li>
236		<li class="toctree-l2"><a class="reference internal" href="../pkinit.html">PKINIT configuration</a></li>
237		<li class="toctree-l2"><a class="reference internal" href="../otp.html">OTP Preauthentication</a></li>
238		<li class="toctree-l2"><a class="reference internal" href="../spake.html">SPAKE Preauthentication</a></li>
239		<li class="toctree-l2"><a class="reference internal" href="../dictionary.html">Addressing dictionary attack risks</a></li>
240		<li class="toctree-l2"><a class="reference internal" href="../princ_dns.html">Principal names and DNS</a></li>
241		<li class="toctree-l2"><a class="reference internal" href="../enctypes.html">Encryption types</a></li>
242		<li class="toctree-l2"><a class="reference internal" href="../https.html">HTTPS proxy configuration</a></li>
243		<li class="toctree-l2"><a class="reference internal" href="../auth_indicator.html">Authentication indicators</a></li>
244		<li class="toctree-l2"><a class="reference internal" href="../admin_commands/index.html">Administration programs</a></li>
245		<li class="toctree-l2"><a class="reference internal" href="../../mitK5defaults.html">MIT Kerberos defaults</a></li>
246		<li class="toctree-l2"><a class="reference internal" href="../env_variables.html">Environment variables</a></li>
247		<li class="toctree-l2"><a class="reference internal" href="../troubleshoot.html">Troubleshooting</a></li>
248		<li class="toctree-l2 current"><a class="reference internal" href="index.html">Advanced topics</a><ul class="current">
249		<li class="toctree-l3 current"><a class="current reference internal" href="#">LDAP backend on Ubuntu 10.4 (lucid)</a></li>
250		<li class="toctree-l3"><a class="reference internal" href="retiring-des.html">Retiring DES</a></li>
251		</ul>
252		</li>
253		<li class="toctree-l2"><a class="reference internal" href="../various_envs.html">Various links</a></li>
254		</ul>
255		</li>
256		<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li>
257		<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li>
258		<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li>
259		<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li>
260		<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li>
261		<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li>
262		<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li>
263		<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
264		<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li>
265		</ul>
266
267		<br/>
268		<h4><a href="../../index.html">Full Table of Contents</a></h4>
269		<h4>Search</h4>
270		<form class="search" action="../../search.html" method="get">
271		<input type="text" name="q" size="18" />
272		<input type="submit" value="Go" />
273		<input type="hidden" name="check_keywords" value="yes" />
274		<input type="hidden" name="area" value="default" />
275		</form>
276		</div>
277		<div class="clearer"></div>
278		</div>
279		</div>
280
281		<div class="footer-wrapper">
282		<div class="footer" >
283		<div class="right" ><i>Release: 1.17</i><br />
284		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
285		</div>
286		<div class="left">
287
288		<a href="../../index.html" title="Full Table of Contents"
289		>Contents</a> \|
290		<a href="index.html" title="Advanced topics"
291		>previous</a> \|
292		<a href="retiring-des.html" title="Retiring DES"
293		>next</a> \|
294		<a href="../../genindex.html" title="General Index"
295		>index</a> \|
296		<a href="../../search.html" title="Enter search criteria"
297		>Search</a> \|
298		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__LDAP backend on Ubuntu 10.4 (lucid)">feedback</a>
299		</div>
300		</div>
301		</div>
302
303		</body>
304		</html>⏎

+10

-7

doc/html/admin/advanced/retiring-des.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../copyright.html" />
28	28	<link rel="next" title="Various links" href="../various_envs.html" />
29		<link rel="prev" title="LDAP backend on Ubuntu 10.4 (lucid)" href="ldapbackend.html" />
	29	<link rel="prev" title="Advanced topics" href="index.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="ldapbackend.html" title="LDAP backend on Ubuntu 10.4 (lucid)"
	42	<a href="index.html" title="Advanced topics"
43	43	accesskey="P">previous</a> \|
44	44	<a href="../various_envs.html" title="Various links"
45	45	accesskey="N">next</a> \|

78	78	However, deployments of krb5 using Kerberos databases created with older
79	79	versions of krb5 will not necessarily start using strong crypto for
80	80	ordinary operation without administrator intervention.</p>
	81	<p>MIT krb5 began flagging deprecated encryption types with release 1.17,
	82	and removed DES (single-DES) support in release 1.18. As a
	83	consequence, a release prior to 1.18 is required to perform these
	84	migrations.</p>
81	85	</div>
82	86	<div class="section" id="types-of-keys">
83	87	<h2>Types of keys<a class="headerlink" href="#types-of-keys" title="Permalink to this headline">¶</a></h2>

492	496	<li class="toctree-l2"><a class="reference internal" href="../env_variables.html">Environment variables</a></li>
493	497	<li class="toctree-l2"><a class="reference internal" href="../troubleshoot.html">Troubleshooting</a></li>
494	498	<li class="toctree-l2 current"><a class="reference internal" href="index.html">Advanced topics</a><ul class="current">
495		<li class="toctree-l3"><a class="reference internal" href="ldapbackend.html">LDAP backend on Ubuntu 10.4 (lucid)</a></li>
496	499	<li class="toctree-l3 current"><a class="current reference internal" href="#">Retiring DES</a></li>
497	500	</ul>
498	501	</li>

526	529
527	530	<div class="footer-wrapper">
528	531	<div class="footer" >
529		<div class="right" ><i>Release: 1.17</i><br />
530		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	532	<div class="right" ><i>Release: 1.18.2</i><br />
	533	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
531	534	</div>
532	535	<div class="left">
533	536
534	537	<a href="../../index.html" title="Full Table of Contents"
535	538	>Contents</a> \|
536		<a href="ldapbackend.html" title="LDAP backend on Ubuntu 10.4 (lucid)"
	539	<a href="index.html" title="Advanced topics"
537	540	>previous</a> \|
538	541	<a href="../various_envs.html" title="Various links"
539	542	>next</a> \|

+35

-3

doc/html/admin/appl_servers.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

170	170	</pre></div>
171	171	</div>
172	172	</div>
	173	<div class="section" id="using-a-keytab-to-acquire-client-credentials">
	174	<h3>Using a keytab to acquire client credentials<a class="headerlink" href="#using-a-keytab-to-acquire-client-credentials" title="Permalink to this headline">¶</a></h3>
	175	<p>While keytabs are ordinarily used to accept credentials from clients,
	176	they can also be used to acquire initial credentials, allowing one
	177	service to authenticate to another.</p>
	178	<p>To manually obtain credentials using a keytab, use the <a class="reference internal" href="../user/user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>
	179	<strong>-k</strong> option, together with the <strong>-t</strong> option if the keytab is not in
	180	the default location.</p>
	181	<p>Beginning with release 1.11, GSSAPI applications can be configured to
	182	automatically obtain initial credentials from a keytab as needed. The
	183	recommended configuration is as follows:</p>
	184	<ol class="arabic simple">
	185	<li>Create a keytab containing a single entry for the desired client
	186	identity.</li>
	187	<li>Place the keytab in a location readable by the service, and set the
	188	<strong>KRB5_CLIENT_KTNAME</strong> environment variable to its filename.
	189	Alternatively, use the <strong>default_client_keytab_name</strong> profile
	190	variable in <a class="reference internal" href="conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>, or use the default location of
	191	<a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFCKTNAME</span></a>.</li>
	192	<li>Set <strong>KRB5CCNAME</strong> to a filename writable by the service, which
	193	will not be used for any other purpose. Do not manually obtain
	194	credentials at this location. (Another credential cache type
	195	besides <strong>FILE</strong> can be used if desired, as long the cache will not
	196	conflict with another use. A <strong>MEMORY</strong> cache can be used if the
	197	service runs as a long-lived process. See <a class="reference internal" href="../basic/ccache_def.html#ccache-definition"><span class="std std-ref">Credential cache</span></a>
	198	for details.)</li>
	199	<li>Start the service. When it authenticates using GSSAPI, it will
	200	automatically obtain credentials from the client keytab into the
	201	specified credential cache, and refresh them before they expire.</li>
	202	</ol>
	203	</div>
173	204	</div>
174	205	<div class="section" id="clock-skew">
175	206	<h2>Clock Skew<a class="headerlink" href="#clock-skew" title="Permalink to this headline">¶</a></h2>

263	294	</li>
264	295	<li><a class="reference internal" href="#removing-principals-from-keytabs">Removing principals from keytabs</a></li>
265	296	<li><a class="reference internal" href="#ktremove">ktremove</a></li>
	297	<li><a class="reference internal" href="#using-a-keytab-to-acquire-client-credentials">Using a keytab to acquire client credentials</a></li>
266	298	</ul>
267	299	</li>
268	300	<li><a class="reference internal" href="#clock-skew">Clock Skew</a></li>

330	362
331	363	<div class="footer-wrapper">
332	364	<div class="footer" >
333		<div class="right" ><i>Release: 1.17</i><br />
334		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	365	<div class="right" ><i>Release: 1.18.2</i><br />
	366	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
335	367	</div>
336	368	<div class="left">
337	369

+3

-3

doc/html/admin/auth_indicator.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

182	182
183	183	<div class="footer-wrapper">
184	184	<div class="footer" >
185		<div class="right" ><i>Release: 1.17</i><br />
186		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	185	<div class="right" ><i>Release: 1.18.2</i><br />
	186	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
187	187	</div>
188	188	<div class="left">
189	189

+3

-3

doc/html/admin/backup_host.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

165	165
166	166	<div class="footer-wrapper">
167	167	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	168	<div class="right" ><i>Release: 1.18.2</i><br />
	169	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
170	170	</div>
171	171	<div class="left">
172	172

+3

-3

doc/html/admin/conf_files/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/admin/conf_files/kadm5_acl.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

322	322
323	323	<div class="footer-wrapper">
324	324	<div class="footer" >
325		<div class="right" ><i>Release: 1.17</i><br />
326		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	325	<div class="right" ><i>Release: 1.18.2</i><br />
	326	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
327	327	</div>
328	328	<div class="left">
329	329

+24

-53

doc/html/admin/conf_files/kdc_conf.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

395	395	marks the server principal as host-based or the service is also
396	396	listed in <strong>host_based_services</strong>. <code class="docutils literal"><span class="pre">no_host_referral</span> <span class="pre">=</span> <span class="pre">*</span></code> will
397	397	disable referral processing altogether.</dd>
398		<dt><strong>des_crc_session_supported</strong></dt>
399		<dd>(Boolean value). If set to true, the KDC will assume that service
400		principals support des-cbc-crc for session key enctype negotiation
401		purposes. If <strong>allow_weak_crypto</strong> in <a class="reference internal" href="krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a> is
402		false, or if des-cbc-crc is not a permitted enctype, then this
403		variable has no effect. Defaults to true. New in release 1.11.</dd>
404	398	<dt><strong>reject_bad_transit</strong></dt>
405	399	<dd><p class="first">(Boolean value.) If set to true, the KDC will check the list of
406	400	transited realms for cross-realm tickets against the transit path

435	429	<dd>(List of <em>key</em>:<em>salt</em> strings.) Specifies the default key/salt
436	430	combinations of principals for this realm. Any principals created
437	431	through <a class="reference internal" href="../admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> will have keys of these types. The
438		default value for this tag is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96:normal</span> <span class="pre">aes128-cts-hmac-sha1-96:normal</span> <span class="pre">des3-cbc-sha1:normal</span> <span class="pre">arcfour-hmac-md5:normal</span></code>. For lists of
	432	default value for this tag is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96:normal</span> <span class="pre">aes128-cts-hmac-sha1-96:normal</span></code>. For lists of
439	433	possible values, see <a class="reference internal" href="#keysalt-lists"><span class="std std-ref">Keysalt lists</span></a>.</dd>
440	434	</dl>
441	435	</div>

458	452	<li><strong>ldap_kadmind_sasl_mech</strong></li>
459	453	<li><strong>ldap_kadmind_sasl_realm</strong></li>
460	454	<li><strong>ldap_service_password_file</strong></li>
461		<li><strong>ldap_servers</strong></li>
462	455	<li><strong>ldap_conns_per_server</strong></li>
463	456	</ul>
464	457	</div>

625	618	</dd>
626	619	</dl>
627	620	<p>In the following example, the logging messages from the KDC will go to
628		the console and to the system log under the facility LOG_DAEMON with
629		default severity of LOG_INFO; and the logging messages from the
630		administrative server will be appended to the file
631		<code class="docutils literal"><span class="pre">/var/adm/kadmin.log</span></code> and sent to the device <code class="docutils literal"><span class="pre">/dev/tty04</span></code>.</p>
	621	the console and to the system log under the facility LOG_DAEMON, and
	622	the logging messages from the administrative server will be appended
	623	to the file <code class="docutils literal"><span class="pre">/var/adm/kadmin.log</span></code> and sent to the device
	624	<code class="docutils literal"><span class="pre">/dev/tty04</span></code>.</p>
632	625	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">logging</span><span class="p">]</span>
633	626	<span class="n">kdc</span> <span class="o">=</span> <span class="n">CONSOLE</span>
634	627	<span class="n">kdc</span> <span class="o">=</span> <span class="n">SYSLOG</span><span class="p">:</span><span class="n">INFO</span><span class="p">:</span><span class="n">DAEMON</span>

636	629	<span class="n">admin_server</span> <span class="o">=</span> <span class="n">DEVICE</span><span class="o">=/</span><span class="n">dev</span><span class="o">/</span><span class="n">tty04</span>
637	630	</pre></div>
638	631	</div>
	632	<p>If no logging specification is given, the default is to use syslog.
	633	To disable logging entirely, specify <code class="docutils literal"><span class="pre">default</span> <span class="pre">=</span> <span class="pre">DEVICE=/dev/null</span></code>.</p>
639	634	</div>
640	635	<div class="section" id="otp">
641	636	<span id="id5"></span><h3>[otp]<a class="headerlink" href="#otp" title="Permalink to this headline">¶</a></h3>

812	807	<col width="70%" />
813	808	</colgroup>
814	809	<tbody valign="top">
815		<tr class="row-odd"><td>des-cbc-crc</td>
816		<td>DES cbc mode with CRC-32 (weak)</td>
817		</tr>
818		<tr class="row-even"><td>des-cbc-md4</td>
819		<td>DES cbc mode with RSA-MD4 (weak)</td>
820		</tr>
821		<tr class="row-odd"><td>des-cbc-md5</td>
822		<td>DES cbc mode with RSA-MD5 (weak)</td>
823		</tr>
824		<tr class="row-even"><td>des-cbc-raw</td>
825		<td>DES cbc mode raw (weak)</td>
826		</tr>
827	810	<tr class="row-odd"><td>des3-cbc-raw</td>
828	811	<td>Triple DES cbc mode raw (weak)</td>
829	812	</tr>
830	813	<tr class="row-even"><td>des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd</td>
831	814	<td>Triple DES cbc mode with HMAC/sha1</td>
832	815	</tr>
833		<tr class="row-odd"><td>des-hmac-sha1</td>
834		<td>DES with HMAC/sha1 (weak)</td>
835		</tr>
836		<tr class="row-even"><td>aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1</td>
	816	<tr class="row-odd"><td>aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1</td>
837	817	<td>AES-256 CTS mode with 96-bit SHA-1 HMAC</td>
838	818	</tr>
839		<tr class="row-odd"><td>aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1</td>
	819	<tr class="row-even"><td>aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1</td>
840	820	<td>AES-128 CTS mode with 96-bit SHA-1 HMAC</td>
841	821	</tr>
842		<tr class="row-even"><td>aes256-cts-hmac-sha384-192 aes256-sha2</td>
	822	<tr class="row-odd"><td>aes256-cts-hmac-sha384-192 aes256-sha2</td>
843	823	<td>AES-256 CTS mode with 192-bit SHA-384 HMAC</td>
844	824	</tr>
845		<tr class="row-odd"><td>aes128-cts-hmac-sha256-128 aes128-sha2</td>
	825	<tr class="row-even"><td>aes128-cts-hmac-sha256-128 aes128-sha2</td>
846	826	<td>AES-128 CTS mode with 128-bit SHA-256 HMAC</td>
847	827	</tr>
848		<tr class="row-even"><td>arcfour-hmac rc4-hmac arcfour-hmac-md5</td>
	828	<tr class="row-odd"><td>arcfour-hmac rc4-hmac arcfour-hmac-md5</td>
849	829	<td>RC4 with HMAC/MD5</td>
850	830	</tr>
851		<tr class="row-odd"><td>arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp</td>
	831	<tr class="row-even"><td>arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp</td>
852	832	<td>Exportable RC4 with HMAC/MD5 (weak)</td>
853	833	</tr>
854		<tr class="row-even"><td>camellia256-cts-cmac camellia256-cts</td>
	834	<tr class="row-odd"><td>camellia256-cts-cmac camellia256-cts</td>
855	835	<td>Camellia-256 CTS mode with CMAC</td>
856	836	</tr>
857		<tr class="row-odd"><td>camellia128-cts-cmac camellia128-cts</td>
	837	<tr class="row-even"><td>camellia128-cts-cmac camellia128-cts</td>
858	838	<td>Camellia-128 CTS mode with CMAC</td>
859		</tr>
860		<tr class="row-even"><td>des</td>
861		<td>The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)</td>
862	839	</tr>
863	840	<tr class="row-odd"><td>des3</td>
864	841	<td>The triple DES family: des3-cbc-sha1</td>

879	856	from the current list by prefixing them with a minus sign (“-“).
880	857	Types or families can be prefixed with a plus sign (“+”) for symmetry;
881	858	it has the same meaning as just listing the type or family. For
882		example, “<code class="docutils literal"><span class="pre">DEFAULT</span> <span class="pre">-des</span></code>” would be the default set of encryption
883		types with DES types removed, and “<code class="docutils literal"><span class="pre">des3</span> <span class="pre">DEFAULT</span></code>” would be the
	859	example, “<code class="docutils literal"><span class="pre">DEFAULT</span> <span class="pre">-rc4</span></code>” would be the default set of encryption
	860	types with RC4 types removed, and “<code class="docutils literal"><span class="pre">des3</span> <span class="pre">DEFAULT</span></code>” would be the
884	861	default set of encryption types with triple DES types moved to the
885	862	front.</p>
886	863	<p>While <strong>aes128-cts</strong> and <strong>aes256-cts</strong> are supported for all Kerberos

913	890	follows:</p>
914	891	<table border="1" class="docutils">
915	892	<colgroup>
916		<col width="21%" />
917		<col width="79%" />
	893	<col width="25%" />
	894	<col width="75%" />
918	895	</colgroup>
919	896	<tbody valign="top">
920	897	<tr class="row-odd"><td>normal</td>
921	898	<td>default for Kerberos Version 5</td>
922	899	</tr>
923		<tr class="row-even"><td>v4</td>
924		<td>the only type used by Kerberos Version 4 (no salt)</td>
925		</tr>
926		<tr class="row-odd"><td>norealm</td>
	900	<tr class="row-even"><td>norealm</td>
927	901	<td>same as the default, without using realm information</td>
928	902	</tr>
929		<tr class="row-even"><td>onlyrealm</td>
	903	<tr class="row-odd"><td>onlyrealm</td>
930	904	<td>uses only realm information as the salt</td>
931		</tr>
932		<tr class="row-odd"><td>afs3</td>
933		<td>AFS version 3, only used for compatibility with Kerberos 4 in AFS</td>
934	905	</tr>
935	906	<tr class="row-even"><td>special</td>
936	907	<td>generate a random salt</td>

1080	1051
1081	1052	<div class="footer-wrapper">
1082	1053	<div class="footer" >
1083		<div class="right" ><i>Release: 1.17</i><br />
1084		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	1054	<div class="right" ><i>Release: 1.18.2</i><br />
	1055	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
1085	1056	</div>
1086	1057	<div class="left">
1087	1058

+48

-89

doc/html/admin/conf_files/krb5_conf.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

91	91	<span class="p">}</span>
92	92	</pre></div>
93	93	</div>
94		<p>Placing a ‘*’ at the end of a line indicates that this is the <em>final</em>
95		value for the tag. This means that neither the remainder of this
96		configuration file nor any other configuration file will be checked
97		for any other values for this tag.</p>
98		<p>For example, if you have the following lines:</p>
99		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">foo</span> <span class="o">=</span> <span class="n">bar</span><span class="o">*</span>
100		<span class="n">foo</span> <span class="o">=</span> <span class="n">baz</span>
101		</pre></div>
102		</div>
103		<p>then the second value of <code class="docutils literal"><span class="pre">foo</span></code> (<code class="docutils literal"><span class="pre">baz</span></code>) would never be read.</p>
	94	<p>Placing a ‘*’ after the closing bracket of a section name indicates
	95	that the section is <em>final</em>, meaning that if the same section appears
	96	within a later file specified in <strong>KRB5_CONFIG</strong>, it will be ignored.
	97	A subsection can be marked as final by placing a ‘*’ after either the
	98	tag name or the closing brace.</p>
104	99	<p>The krb5.conf file can include other files using either of the
105	100	following directives at the beginning of a line:</p>
106	101	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">include</span> <span class="n">FILENAME</span>

169	164	in <a class="reference internal" href="kdc_conf.html#encryption-types"><span class="std std-ref">Encryption types</span></a> in <a class="reference internal" href="kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>) will be filtered
170	165	out of the lists <strong>default_tgs_enctypes</strong>,
171	166	<strong>default_tkt_enctypes</strong>, and <strong>permitted_enctypes</strong>. The default
172		value for this tag is false, which may cause authentication
173		failures in existing Kerberos infrastructures that do not support
174		strong crypto. Users in affected environments should set this tag
175		to true until their infrastructure adopts stronger ciphers.</dd>
176		<dt><strong>ap_req_checksum_type</strong></dt>
177		<dd>An integer which specifies the type of AP-REQ checksum to use in
178		authenticators. This variable should be unset so the appropriate
179		checksum for the encryption key in use will be used. This can be
180		set if backward compatibility requires a specific checksum type.
181		See the <strong>kdc_req_checksum_type</strong> configuration option for the
182		possible values and their meanings.</dd>
	167	value for this tag is false.</dd>
183	168	<dt><strong>canonicalize</strong></dt>
184	169	<dd>If this flag is set to true, initial ticket requests to the KDC
185	170	will request canonicalization of the client principal name, and

214	199	<dd>This relation specifies the default keytab name to be used by
215	200	application servers such as sshd. The default is <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a>. This
216	201	relation is subject to parameter expansion (see below).</dd>
	202	<dt><strong>default_rcache_name</strong></dt>
	203	<dd>This relation specifies the name of the default replay cache.
	204	The default is <code class="docutils literal"><span class="pre">dfl:</span></code>. This relation is subject to parameter
	205	expansion (see below). New in release 1.18.</dd>
217	206	<dt><strong>default_realm</strong></dt>
218	207	<dd>Identifies the default Kerberos realm for the client. Set its
219	208	value to your Kerberos realm. If this value is not set, then a

225	214	preference from highest to lowest. The list may be delimited with
226	215	commas or whitespace. See <a class="reference internal" href="kdc_conf.html#encryption-types"><span class="std std-ref">Encryption types</span></a> in
227	216	<a class="reference internal" href="kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a> for a list of the accepted values for this tag.
228		The default value is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span> <span class="pre">des-cbc-crc</span> <span class="pre">des-cbc-md5</span> <span class="pre">des-cbc-md4</span></code>, but single-DES encryption types
229		will be implicitly removed from this list if the value of
230		<strong>allow_weak_crypto</strong> is false.</p>
	217	Starting in release 1.18, the default value is the value of
	218	<strong>permitted_enctypes</strong>. For previous releases or if
	219	<strong>permitted_enctypes</strong> is not set, the default value is
	220	<code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span></code>.</p>
231	221	<p class="last">Do not set this unless required for specific backward
232	222	compatibility purposes; stale values of this setting can prevent
233	223	clients from taking advantage of new stronger enctypes when the

237	227	<dd><p class="first">Identifies the supported list of session key encryption types that
238	228	the client should request when making an AS-REQ, in order of
239	229	preference from highest to lowest. The format is the same as for
240		default_tgs_enctypes. The default value for this tag is
241		<code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span> <span class="pre">des-cbc-crc</span> <span class="pre">des-cbc-md5</span> <span class="pre">des-cbc-md4</span></code>, but single-DES encryption types will be implicitly
242		removed from this list if the value of <strong>allow_weak_crypto</strong> is
243		false.</p>
	230	default_tgs_enctypes. Starting in release 1.18, the default
	231	value is the value of <strong>permitted_enctypes</strong>. For previous
	232	releases or if <strong>permitted_enctypes</strong> is not set, the default
	233	value is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span></code>.</p>
244	234	<p class="last">Do not set this unless required for specific backward
245	235	compatibility purposes; stale values of this setting can prevent
246	236	clients from taking advantage of new stronger enctypes when the
247	237	libraries are upgraded.</p>
248	238	</dd>
249	239	<dt><strong>dns_canonicalize_hostname</strong></dt>
250		<dd>Indicate whether name lookups will be used to canonicalize
	240	<dd><p class="first">Indicate whether name lookups will be used to canonicalize
251	241	hostnames for use in service principal names. Setting this flag
252	242	to false can improve security by reducing reliance on DNS, but
253	243	means that short hostnames will not be canonicalized to
254		fully-qualified hostnames. The default value is true.</dd>
	244	fully-qualified hostnames. The default value is true.</p>
	245	<p class="last">If this option is set to <code class="docutils literal"><span class="pre">fallback</span></code> (new in release 1.18), DNS
	246	canonicalization will only be performed the server hostname is not
	247	found with the original name when requesting credentials.</p>
	248	</dd>
255	249	<dt><strong>dns_lookup_kdc</strong></dt>
256	250	<dd><p class="first">Indicate whether DNS SRV records should be used to locate the KDCs
257	251	and other servers for a realm, if they are not listed in the

273	267	krb5.conf information for the realm. SRV records are used as a
274	268	fallback if no URI records were found. The default value is true.
275	269	New in release 1.15.</dd>
	270	<dt><strong>enforce_ok_as_delegate</strong></dt>
	271	<dd>If this flag to true, GSSAPI credential delegation will be
	272	disabled when the <code class="docutils literal"><span class="pre">ok-as-delegate</span></code> flag is not set in the
	273	service ticket. If this flag is false, the <code class="docutils literal"><span class="pre">ok-as-delegate</span></code>
	274	ticket flag is only enforced when an application specifically
	275	requests enforcement. The default value is false.</dd>
276	276	<dt><strong>err_fmt</strong></dt>
277	277	<dd>This relation allows for custom error message formatting. If a
278	278	value is set, error messages will be formatted by substituting a

332	332	requesting service tickets or authenticating to services. This
333	333	corrective factor is only used by the Kerberos library; it is not
334	334	used to change the system clock. The default value is 1.</dd>
335		<dt><strong>kdc_req_checksum_type</strong></dt>
336		<dd><p class="first">An integer which specifies the type of checksum to use for the KDC
337		requests, for compatibility with very old KDC implementations.
338		This value is only used for DES keys; other keys use the preferred
339		checksum type for those keys.</p>
340		<p>The possible values and their meanings are as follows.</p>
341		<table border="1" class="last docutils">
342		<colgroup>
343		<col width="20%" />
344		<col width="80%" />
345		</colgroup>
346		<tbody valign="top">
347		<tr class="row-odd"><td>1</td>
348		<td>CRC32</td>
349		</tr>
350		<tr class="row-even"><td>2</td>
351		<td>RSA MD4</td>
352		</tr>
353		<tr class="row-odd"><td>3</td>
354		<td>RSA MD4 DES</td>
355		</tr>
356		<tr class="row-even"><td>4</td>
357		<td>DES CBC</td>
358		</tr>
359		<tr class="row-odd"><td>7</td>
360		<td>RSA MD5</td>
361		</tr>
362		<tr class="row-even"><td>8</td>
363		<td>RSA MD5 DES</td>
364		</tr>
365		<tr class="row-odd"><td>9</td>
366		<td>NIST SHA</td>
367		</tr>
368		<tr class="row-even"><td>12</td>
369		<td>HMAC SHA1 DES3</td>
370		</tr>
371		<tr class="row-odd"><td>-138</td>
372		<td>Microsoft MD5 HMAC checksum type</td>
373		</tr>
374		</tbody>
375		</table>
376		</dd>
377	335	<dt><strong>noaddresses</strong></dt>
378	336	<dd>If this flag is true, requests for initial tickets will not be
379	337	made with address restrictions set, allowing the tickets to be
380	338	used across NATs. The default value is true.</dd>
381	339	<dt><strong>permitted_enctypes</strong></dt>
382		<dd>Identifies all encryption types that are permitted for use in
383		session key encryption. The default value for this tag is
384		<code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span> <span class="pre">des-cbc-crc</span> <span class="pre">des-cbc-md5</span> <span class="pre">des-cbc-md4</span></code>, but single-DES encryption types will be implicitly
385		removed from this list if the value of <strong>allow_weak_crypto</strong> is
386		false.</dd>
	340	<dd>Identifies the encryption types that servers will permit for
	341	session keys and for ticket and authenticator encryption, ordered
	342	by preference from highest to lowest. Starting in release 1.18,
	343	this tag also acts as the default value for
	344	<strong>default_tgs_enctypes</strong> and <strong>default_tkt_enctypes</strong>. The
	345	default value for this tag is <code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span></code>.</dd>
387	346	<dt><strong>plugin_base_dir</strong></dt>
388	347	<dd>If set, determines the base directory where krb5 plugins are
389	348	located. The default value is the <code class="docutils literal"><span class="pre">krb5/plugins</span></code> subdirectory

397	356	<dt><strong>proxiable</strong></dt>
398	357	<dd>If this flag is true, initial tickets will be proxiable by
399	358	default, if allowed by the KDC. The default value is false.</dd>
	359	<dt><strong>qualify_shortname</strong></dt>
	360	<dd>If this string is set, it determines the domain suffix for
	361	single-component hostnames when DNS canonicalization is not used
	362	(either because <strong>dns_canonicalize_hostname</strong> is false or because
	363	forward canonicalization failed). The default value is the first
	364	search domain of the system’s DNS configuration. To disable
	365	qualification of shortnames, set this relation to the empty string
	366	with <code class="docutils literal"><span class="pre">qualify_shortname</span> <span class="pre">=</span> <span class="pre">""</span></code>. (New in release 1.18.)</dd>
400	367	<dt><strong>rdns</strong></dt>
401	368	<dd>If this flag is true, reverse name lookup will be used in addition
402	369	to forward name lookup to canonicalizing hostnames for use in

414	381	<dt><strong>renew_lifetime</strong></dt>
415	382	<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Sets the default renewable lifetime
416	383	for initial ticket requests. The default value is 0.</dd>
417		<dt><strong>safe_checksum_type</strong></dt>
418		<dd>An integer which specifies the type of checksum to use for the
419		KRB-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
420		compatibility with applications linked against DCE version 1.1 or
421		earlier Kerberos libraries, use a value of 3 to use the RSA MD4
422		DES instead. This field is ignored when its value is incompatible
423		with the session key type. See the <strong>kdc_req_checksum_type</strong>
424		configuration option for the possible values and their meanings.</dd>
425	384	<dt><strong>spake_preauth_groups</strong></dt>
426	385	<dd><p class="first">A whitespace or comma-separated list of words which specifies the
427	386	groups allowed for SPAKE preauthentication. The possible values

1115	1074	default value. Note that these values are not used if the user
1116	1075	specifies <strong>X509_user_identity</strong> on the command line.</dd>
1117	1076	<dt><strong>pkinit_kdc_hostname</strong></dt>
1118		<dd>The presense of this option indicates that the client is willing
	1077	<dd>The presence of this option indicates that the client is willing
1119	1078	to accept a KDC certificate with a dNSName SAN (Subject
1120	1079	Alternative Name) rather than requiring the id-pkinit-san as
1121	1080	defined in <span class="target" id="index-6"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc4556.html"><strong>RFC 4556</strong></a>. This option may be specified multiple

1362	1321
1363	1322	<div class="footer-wrapper">
1364	1323	<div class="footer" >
1365		<div class="right" ><i>Release: 1.17</i><br />
1366		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	1324	<div class="right" ><i>Release: 1.18.2</i><br />
	1325	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
1367	1326	</div>
1368	1327	<div class="left">
1369	1328

+58

-102

doc/html/admin/conf_ldap.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<span id="conf-ldap"></span><h1>Configuring Kerberos with OpenLDAP back-end<a class="headerlink" href="#configuring-kerberos-with-openldap-back-end" title="Permalink to this headline">¶</a></h1>
65	65	<blockquote>
66	66	<div><ol class="arabic">
67		<li><p class="first">Set up SSL on the OpenLDAP server and client to ensure secure
68		communication when the KDC service and LDAP server are on different
69		machines. <code class="docutils literal"><span class="pre">ldapi://</span></code> can be used if the LDAP server and KDC
70		service are running on the same machine.</p>
71		<ol class="upperalpha simple">
72		<li>Setting up SSL on the OpenLDAP server:</li>
73		</ol>
74		<blockquote>
75		<div><ol class="lowerroman">
76		<li><p class="first">Get a CA certificate using OpenSSL tools</p>
77		</li>
78		<li><p class="first">Configure OpenLDAP server for using SSL/TLS</p>
79		<p>For the latter, you need to specify the location of CA
80		certificate location in <em>slapd.conf</em> file.</p>
81		<p>Refer to the following link for more information:
82		<a class="reference external" href="https://www.openldap.org/doc/admin23/tls.html">https://www.openldap.org/doc/admin23/tls.html</a></p>
83		</li>
84		</ol>
85		</div></blockquote>
86		<ol class="upperalpha" start="2">
87		<li><p class="first">Setting up SSL on OpenLDAP client:</p>
88		<ol class="lowerroman">
89		<li><p class="first">For the KDC and Admin Server, you need to do the client-side
90		configuration in ldap.conf. For example:</p>
91		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">TLS_CACERT</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">openldap</span><span class="o">/</span><span class="n">certs</span><span class="o">/</span><span class="n">cacert</span><span class="o">.</span><span class="n">pem</span>
92		</pre></div>
93		</div>
94		</li>
95		</ol>
96		</li>
97		</ol>
98		</li>
99		<li><p class="first">Include the Kerberos schema file (kerberos.schema) in the
100		configuration file (slapd.conf) on the LDAP Server, by providing
101		the location where it is stored:</p>
102		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">include</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">openldap</span><span class="o">/</span><span class="n">schema</span><span class="o">/</span><span class="n">kerberos</span><span class="o">.</span><span class="n">schema</span>
	67	<li><p class="first">Make sure the LDAP server is using local authentication
	68	(<code class="docutils literal"><span class="pre">ldapi://</span></code>) or TLS (<code class="docutils literal"><span class="pre">ldaps</span></code>). See
	69	<a class="reference external" href="https://www.openldap.org/doc/admin24/tls.html">https://www.openldap.org/doc/admin24/tls.html</a> for instructions on
	70	configuring TLS support in OpenLDAP.</p>
	71	</li>
	72	<li><p class="first">Add the Kerberos schema file to the LDAP Server using the OpenLDAP
	73	LDIF file from the krb5 source directory
	74	(<code class="docutils literal"><span class="pre">src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif</span></code>).
	75	The following example uses local authentication:</p>
	76	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">ldapadd</span> <span class="o">-</span><span class="n">Y</span> <span class="n">EXTERNAL</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldapi</span><span class="p">:</span><span class="o">///</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">kerberos</span><span class="o">.</span><span class="n">openldap</span><span class="o">.</span><span class="n">ldif</span>
103	77	</pre></div>
104	78	</div>
105	79	</li>
106	80	<li><p class="first">Choose DNs for the <a class="reference internal" href="admin_commands/krb5kdc.html#krb5kdc-8"><span class="std std-ref">krb5kdc</span></a> and <a class="reference internal" href="admin_commands/kadmind.html#kadmind-8"><span class="std std-ref">kadmind</span></a> servers
107		to bind to the LDAP server, and create them if necessary. These DNs
108		will be specified with the <strong>ldap_kdc_dn</strong> and <strong>ldap_kadmind_dn</strong>
109		directives in <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>; their passwords can be stashed
110		with “<code class="docutils literal"><span class="pre">kdb5_ldap_util</span> <span class="pre">stashsrvpw</span></code>” and the resulting file
111		specified with the <strong>ldap_service_password_file</strong> directive.</p>
	81	to bind to the LDAP server, and create them if necessary. Specify
	82	these DNs with the <strong>ldap_kdc_dn</strong> and <strong>ldap_kadmind_dn</strong>
	83	directives in <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>. The kadmind DN will also be
	84	used for administrative commands such as <a class="reference internal" href="admin_commands/kdb5_util.html#kdb5-util-8"><span class="std std-ref">kdb5_util</span></a>.</p>
	85	<p>Alternatively, you may configure krb5kdc and kadmind to use SASL
	86	authentication to access the LDAP server; see the <a class="reference internal" href="conf_files/kdc_conf.html#dbmodules"><span class="std std-ref">[dbmodules]</span></a>
	87	relations <strong>ldap_kdc_sasl_mech</strong> and similar.</p>
	88	</li>
	89	<li><p class="first">Specify a location for the LDAP service password file by setting
	90	<strong>ldap_service_password_file</strong>. Use <code class="docutils literal"><span class="pre">kdb5_ldap_util</span> <span class="pre">stashsrvpw</span></code>
	91	to stash passwords for the KDC and kadmind DNs chosen above. For
	92	example:</p>
	93	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="n">stashsrvpw</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">service</span><span class="o">.</span><span class="n">keyfile</span> <span class="n">cn</span><span class="o">=</span><span class="n">krbadmin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
	94	</pre></div>
	95	</div>
	96	<p>Skip this step if you are using SASL authentication and the
	97	mechanism does not require a password.</p>
112	98	</li>
113	99	<li><p class="first">Choose a DN for the global Kerberos container entry (but do not
114		create the entry at this time). This DN will be specified with the
	100	create the entry at this time). Specify this DN with the
115	101	<strong>ldap_kerberos_container_dn</strong> directive in <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.
116	102	Realm container entries will be created underneath this DN.
117	103	Principal entries may exist either underneath the realm container

130	116	<span class="n">access</span> <span class="n">to</span> <span class="n">dn</span><span class="o">.</span><span class="n">base</span><span class="o">=</span><span class="s2">"cn=Subschema"</span>
131	117	<span class="n">by</span> <span class="o">*</span> <span class="n">read</span>
132	118
133		<span class="n">access</span> <span class="n">to</span> <span class="n">attrs</span><span class="o">=</span><span class="n">userPassword</span><span class="p">,</span><span class="n">userPKCS12</span>
134		<span class="n">by</span> <span class="bp">self</span> <span class="n">write</span>
135		<span class="n">by</span> <span class="o">*</span> <span class="n">auth</span>
136
137		<span class="n">access</span> <span class="n">to</span> <span class="n">attrs</span><span class="o">=</span><span class="n">shadowLastChange</span>
138		<span class="n">by</span> <span class="bp">self</span> <span class="n">write</span>
139		<span class="n">by</span> <span class="o">*</span> <span class="n">read</span>
140
141		<span class="c1"># Providing access to realm container</span>
	119	<span class="c1"># Provide access to the realm container.</span>
142	120	<span class="n">access</span> <span class="n">to</span> <span class="n">dn</span><span class="o">.</span><span class="n">subtree</span><span class="o">=</span> <span class="s2">"cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com"</span>
143	121	<span class="n">by</span> <span class="n">dn</span><span class="o">.</span><span class="n">exact</span><span class="o">=</span><span class="s2">"cn=kdc-service,dc=example,dc=com"</span> <span class="n">write</span>
144	122	<span class="n">by</span> <span class="n">dn</span><span class="o">.</span><span class="n">exact</span><span class="o">=</span><span class="s2">"cn=adm-service,dc=example,dc=com"</span> <span class="n">write</span>
145	123	<span class="n">by</span> <span class="o">*</span> <span class="n">none</span>
146	124
147		<span class="c1"># Providing access to principals, if not underneath realm container</span>
	125	<span class="c1"># Provide access to principals, if not underneath the realm container.</span>
148	126	<span class="n">access</span> <span class="n">to</span> <span class="n">dn</span><span class="o">.</span><span class="n">subtree</span><span class="o">=</span> <span class="s2">"ou=users,dc=example,dc=com"</span>
149	127	<span class="n">by</span> <span class="n">dn</span><span class="o">.</span><span class="n">exact</span><span class="o">=</span><span class="s2">"cn=kdc-service,dc=example,dc=com"</span> <span class="n">write</span>
150	128	<span class="n">by</span> <span class="n">dn</span><span class="o">.</span><span class="n">exact</span><span class="o">=</span><span class="s2">"cn=adm-service,dc=example,dc=com"</span> <span class="n">write</span>

154	132	<span class="n">by</span> <span class="o">*</span> <span class="n">read</span>
155	133	</pre></div>
156	134	</div>
157		<p>If the locations of the container and principals or the DNs of
158		the service objects for a realm are changed then this
159		information should be updated.</p>
160		</li>
161		<li><p class="first">Start the LDAP server as follows:</p>
162		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">slapd</span> <span class="o">-</span><span class="n">h</span> <span class="s2">"ldapi:/// ldaps:///"</span>
163		</pre></div>
164		</div>
165		</li>
166		<li><p class="first">Modify the <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a> file to include LDAP specific items
167		listed below:</p>
168		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">realms</span>
169		<span class="n">database_module</span>
170
171		<span class="n">dbmodules</span>
172		<span class="n">db_library</span>
173		<span class="n">db_module_dir</span>
174		<span class="n">ldap_kdc_dn</span>
175		<span class="n">ldap_kadmind_dn</span>
176		<span class="n">ldap_service_password_file</span>
177		<span class="n">ldap_servers</span>
178		<span class="n">ldap_conns_per_server</span>
	135	<p>If the locations of the container and principals or the DNs of the
	136	service objects for a realm are changed then this information
	137	should be updated.</p>
	138	</li>
	139	<li><p class="first">In <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>, make sure the following relations are set
	140	in the <a class="reference internal" href="conf_files/kdc_conf.html#dbmodules"><span class="std std-ref">[dbmodules]</span></a> subsection for the realm:</p>
	141	<div class="highlight-default"><div class="highlight"><pre><span></span>db_library (set to ``kldap``)
	142	ldap_kerberos_container_dn
	143	ldap_kdc_dn
	144	ldap_kadmind_dn
	145	ldap_service_password_file
	146	ldap_servers
179	147	</pre></div>
180	148	</div>
181	149	</li>
182	150	<li><p class="first">Create the realm using <a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> (see
183	151	<a class="reference internal" href="database.html#ldap-create-realm"><span class="std std-ref">Creating a Kerberos realm</span></a>):</p>
184		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">ou</span><span class="o">=</span><span class="n">users</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">r</span> <span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span> <span class="o">-</span><span class="n">s</span>
	152	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">ou</span><span class="o">=</span><span class="n">users</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">s</span>
185	153	</pre></div>
186	154	</div>
187	155	<p>Use the <strong>-subtrees</strong> option if the principals are to exist in a

192	160	and do not worry about creating the principal subtree.</p>
193	161	<p>For more information, refer to the section <a class="reference internal" href="database.html#ops-on-ldap"><span class="std std-ref">Operations on the LDAP database</span></a>.</p>
194	162	<p>The realm object is created under the
195		<strong>ldap_kerberos_container_dn</strong> specified in the configuration file.
196		This operation will also create the Kerberos container, if not
197		present already. This will be used to store information related to
198		all realms.</p>
199		</li>
200		<li><p class="first">Stash the password of the service object used by the KDC and
201		Administration service to bind to the LDAP server using the
202		<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>stashsrvpw</strong> command (see
203		<a class="reference internal" href="database.html#stash-ldap"><span class="std std-ref">Stashing service object’s password</span></a>). The object DN should be the same as
204		<strong>ldap_kdc_dn</strong> and <strong>ldap_kadmind_dn</strong> values specified in the
205		<a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a> file:</p>
206		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="n">stashsrvpw</span> <span class="o">-</span><span class="n">f</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">kerberos</span><span class="o">/</span><span class="n">service</span><span class="o">.</span><span class="n">keyfile</span> <span class="n">cn</span><span class="o">=</span><span class="n">krbadmin</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span>
207		</pre></div>
208		</div>
209		</li>
210		<li><p class="first">Add <code class="docutils literal"><span class="pre">krbPrincipalName</span></code> to the indexes in slapd.conf to speed up
211		the access.</p>
	163	<strong>ldap_kerberos_container_dn</strong> specified in the configuration
	164	file. This operation will also create the Kerberos container, if
	165	not present already. This container can be used to store
	166	information related to multiple realms.</p>
	167	</li>
	168	<li><p class="first">Add an <code class="docutils literal"><span class="pre">eq</span></code> index for <code class="docutils literal"><span class="pre">krbPrincipalName</span></code> to speed up principal
	169	lookup operations. See
	170	<a class="reference external" href="https://www.openldap.org/doc/admin24/tuning.html#Indexes">https://www.openldap.org/doc/admin24/tuning.html#Indexes</a> for
	171	details.</p>
212	172	</li>
213	173	</ol>
214	174	</div></blockquote>
215	175	<p>With the LDAP back end it is possible to provide aliases for principal
216		entries. Currently we provide no mechanism provided for creating
217		aliases, so it must be done by direct manipulation of the LDAP
218		entries.</p>
	176	entries. Currently we provide no administrative utilities for
	177	creating aliases, so it must be done by direct manipulation of the
	178	LDAP entries.</p>
219	179	<p>An entry with aliases contains multiple values of the
220	180	<em>krbPrincipalName</em> attribute. Since LDAP attribute values are not
221	181	ordered, it is necessary to specify which principal name is canonical,

229	189	service principals; for client principals, an explicit flag is often
230	190	required (e.g., <code class="docutils literal"><span class="pre">kinit</span> <span class="pre">-C</span></code>) and canonicalization is only performed
231	191	for initial ticket requests.</p>
232		<div class="admonition seealso">
233		<p class="first admonition-title">See also</p>
234		<p class="last"><a class="reference internal" href="advanced/ldapbackend.html#ldap-be-ubuntu"><span class="std std-ref">LDAP backend on Ubuntu 10.4 (lucid)</span></a></p>
235		</div>
236	192	</div>
237	193
238	194

304	260
305	261	<div class="footer-wrapper">
306	262	<div class="footer" >
307		<div class="right" ><i>Release: 1.17</i><br />
308		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	263	<div class="right" ><i>Release: 1.18.2</i><br />
	264	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
309	265	</div>
310	266	<div class="left">
311	267

+45

-88

doc/html/admin/database.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

352	352	</dl>
353	353	<p>Example:</p>
354	354	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="n">jennifer</span>
355		<span class="n">WARNING</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
	355	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
356	356	<span class="n">defaulting</span> <span class="n">to</span> <span class="n">no</span> <span class="n">policy</span><span class="o">.</span>
357	357	<span class="n">Enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>
358	358	<span class="n">Re</span><span class="o">-</span><span class="n">enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>

392	392	<p>If you want to create a principal which is contained by a LDAP object,
393	393	all you need to do is:</p>
394	394	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="o">-</span><span class="n">x</span> <span class="n">dn</span><span class="o">=</span><span class="n">cn</span><span class="o">=</span><span class="n">jennifer</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="n">jennifer</span>
395		<span class="n">WARNING</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
	395	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"jennifer@ATHENA.MIT.EDU"</span><span class="p">;</span>
396	396	<span class="n">defaulting</span> <span class="n">to</span> <span class="n">no</span> <span class="n">policy</span><span class="o">.</span>
397	397	<span class="n">Enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">password</span><span class="o">.</span>
398	398	<span class="n">Re</span><span class="o">-</span><span class="n">enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span><span class="n">Type</span> <span class="n">it</span> <span class="n">again</span><span class="o">.</span>

403	403	<p>If you want to create a principal under a specific LDAP container and
404	404	link to an existing LDAP object, all you need to do is:</p>
405	405	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="o">-</span><span class="n">x</span> <span class="n">containerdn</span><span class="o">=</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="o">-</span><span class="n">x</span> <span class="n">linkdn</span><span class="o">=</span><span class="n">cn</span><span class="o">=</span><span class="n">david</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">example</span><span class="p">,</span><span class="n">dc</span><span class="o">=</span><span class="n">com</span> <span class="n">david</span>
406		<span class="n">WARNING</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"david@ATHENA.MIT.EDU"</span><span class="p">;</span>
	406	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"david@ATHENA.MIT.EDU"</span><span class="p">;</span>
407	407	<span class="n">defaulting</span> <span class="n">to</span> <span class="n">no</span> <span class="n">policy</span><span class="o">.</span>
408	408	<span class="n">Enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">david</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">password</span><span class="o">.</span>
409	409	<span class="n">Re</span><span class="o">-</span><span class="n">enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">david</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span><span class="n">Type</span> <span class="n">it</span> <span class="n">again</span><span class="o">.</span>

463	463	<span class="n">Principal</span><span class="p">:</span> <span class="n">tlyu</span><span class="o">/</span><span class="n">admin</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span>
464	464	<span class="n">Expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
465	465	<span class="n">Last</span> <span class="n">password</span> <span class="n">change</span><span class="p">:</span> <span class="n">Mon</span> <span class="n">Aug</span> <span class="mi">12</span> <span class="mi">14</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">47</span> <span class="n">EDT</span> <span class="mi">1996</span>
466		<span class="n">Password</span> <span class="n">expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">none</span><span class="p">]</span>
	466	<span class="n">Password</span> <span class="n">expiration</span> <span class="n">date</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
467	467	<span class="n">Maximum</span> <span class="n">ticket</span> <span class="n">life</span><span class="p">:</span> <span class="mi">0</span> <span class="n">days</span> <span class="mi">10</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
468	468	<span class="n">Maximum</span> <span class="n">renewable</span> <span class="n">life</span><span class="p">:</span> <span class="mi">7</span> <span class="n">days</span> <span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
469	469	<span class="n">Last</span> <span class="n">modified</span><span class="p">:</span> <span class="n">Mon</span> <span class="n">Aug</span> <span class="mi">12</span> <span class="mi">14</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">47</span> <span class="n">EDT</span> <span class="mi">1996</span> <span class="p">(</span><span class="n">bjaspan</span><span class="o">/</span><span class="n">admin</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span><span class="p">)</span>
470	470	<span class="n">Last</span> <span class="n">successful</span> <span class="n">authentication</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
471	471	<span class="n">Last</span> <span class="n">failed</span> <span class="n">authentication</span><span class="p">:</span> <span class="p">[</span><span class="n">never</span><span class="p">]</span>
472	472	<span class="n">Failed</span> <span class="n">password</span> <span class="n">attempts</span><span class="p">:</span> <span class="mi">0</span>
473		<span class="n">Number</span> <span class="n">of</span> <span class="n">keys</span><span class="p">:</span> <span class="mi">2</span>
474		<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">des</span><span class="o">-</span><span class="n">cbc</span><span class="o">-</span><span class="n">crc</span>
475		<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">des</span><span class="o">-</span><span class="n">cbc</span><span class="o">-</span><span class="n">crc</span><span class="p">:</span><span class="n">v4</span>
	473	<span class="n">Number</span> <span class="n">of</span> <span class="n">keys</span><span class="p">:</span> <span class="mi">1</span>
	474	<span class="n">Key</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span><span class="p">,</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span>
	475	<span class="n">MKey</span><span class="p">:</span> <span class="n">vno</span> <span class="mi">1</span>
476	476	<span class="n">Attributes</span><span class="p">:</span>
477	477	<span class="n">Policy</span><span class="p">:</span> <span class="p">[</span><span class="n">none</span><span class="p">]</span>
478	478

820	820	<p>To dump a Kerberos database into a file, use the <a class="reference internal" href="admin_commands/kdb5_util.html#kdb5-util-8"><span class="std std-ref">kdb5_util</span></a>
821	821	<strong>dump</strong> command on one of the KDCs.</p>
822	822	<blockquote>
823		<div><strong>dump</strong> [<strong>-b7</strong>\|<strong>-ov</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>]
	823	<div><strong>dump</strong> [<strong>-b7</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>]
824	824	[<strong>-verbose</strong>] [<strong>-mkey_convert</strong>] [<strong>-new_mkey_file</strong>
825	825	<em>mkey_file</em>] [<strong>-rev</strong>] [<strong>-recurse</strong>] [<em>filename</em>
826	826	[<em>principals</em>…]]</div></blockquote>

833	833	<dd>causes the dump to be in the Kerberos 5 Beta 7 format (“kdb5_util
834	834	load_dump version 4”). This was the dump format produced on
835	835	releases prior to 1.2.2.</dd>
836		<dt><strong>-ov</strong></dt>
837		<dd>causes the dump to be in “ovsec_adm_export” format.</dd>
838	836	<dt><strong>-r13</strong></dt>
839	837	<dd>causes the dump to be in the Kerberos 5 1.3 format (“kdb5_util
840	838	load_dump version 5”). This was the dump format produced on

910	908	<p>To restore a Kerberos database dump from a file, use the
911	909	<a class="reference internal" href="admin_commands/kdb5_util.html#kdb5-util-8"><span class="std std-ref">kdb5_util</span></a> <strong>load</strong> command on one of the KDCs.</p>
912	910	<blockquote>
913		<div><strong>load</strong> [<strong>-b7</strong>\|<strong>-ov</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>] [<strong>-hash</strong>]
	911	<div><strong>load</strong> [<strong>-b7</strong>\|<strong>-r13</strong>\|<strong>-r18</strong>] [<strong>-hash</strong>]
914	912	[<strong>-verbose</strong>] [<strong>-update</strong>] <em>filename</em></div></blockquote>
915	913	<p>Loads a database dump from the named file into the named database. If
916	914	no option is given to determine the format of the dump file, the

925	923	<dd>requires the database to be in the Kerberos 5 Beta 7 format
926	924	(“kdb5_util load_dump version 4”). This was the dump format
927	925	produced on releases prior to 1.2.2.</dd>
928		<dt><strong>-ov</strong></dt>
929		<dd>requires the database to be in “ovsec_adm_import” format. Must be
930		used with the <strong>-update</strong> option.</dd>
931	926	<dt><strong>-r13</strong></dt>
932	927	<dd>requires the database to be in Kerberos 5 1.3 format (“kdb5_util
933	928	load_dump version 5”). This was the dump format produced on

966	961	<p class="last">If the database file exists, and the <em>-update</em> flag was not
967	962	given, <em>kdb5_util</em> will overwrite the existing database.</p>
968	963	</div>
969		<p>Using kdb5_util to upgrade a master KDC from krb5 1.1.x:</p>
970		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_util</span> <span class="n">dump</span> <span class="n">old</span><span class="o">-</span><span class="n">kdb</span><span class="o">-</span><span class="n">dump</span>
971		<span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_util</span> <span class="n">dump</span> <span class="o">-</span><span class="n">ov</span> <span class="n">old</span><span class="o">-</span><span class="n">kdb</span><span class="o">-</span><span class="n">dump</span><span class="o">.</span><span class="n">ov</span>
972		<span class="p">[</span><span class="n">Create</span> <span class="n">a</span> <span class="n">new</span> <span class="n">KDC</span> <span class="n">installation</span><span class="p">,</span> <span class="n">using</span> <span class="n">the</span> <span class="n">old</span> <span class="n">stash</span> <span class="n">file</span><span class="o">/</span><span class="n">master</span> <span class="n">password</span><span class="p">]</span>
973		<span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_util</span> <span class="n">load</span> <span class="n">old</span><span class="o">-</span><span class="n">kdb</span><span class="o">-</span><span class="n">dump</span>
974		<span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_util</span> <span class="n">load</span> <span class="o">-</span><span class="n">update</span> <span class="n">old</span><span class="o">-</span><span class="n">kdb</span><span class="o">-</span><span class="n">dump</span><span class="o">.</span><span class="n">ov</span>
975		</pre></div>
976		</div>
977		<p>The use of old-kdb-dump.ov for an extra dump and load is necessary
978		to preserve per-principal policy information, which is not included in
979		the default dump format of krb5 1.1.x.</p>
980	964	<div class="admonition note">
981	965	<p class="first admonition-title">Note</p>
982	966	<p class="last">Using kdb5_util to dump and reload the principal database is

1058	1042	the master key before, this will likely be version 1:</p>
1059	1043	<div class="highlight-default"><div class="highlight"><pre><span></span>$ kdb5_util list_mkeys
1060	1044	Master keys for Principal: K/M@KRBTEST.COM
1061		KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
	1045	KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
1062	1046	</pre></div>
1063	1047	</div>
1064	1048	</li>

1120	1104	[<em>command_options</em>]</p>
1121	1105	<p><strong>OPTIONS</strong></p>
1122	1106	<dl class="docutils">
	1107	<dt><strong>-r</strong> <em>realm</em></dt>
	1108	<dd>Specifies the realm to be operated on.</dd>
1123	1109	<dt><strong>-D</strong> <em>user_dn</em></dt>
1124	1110	<dd>Specifies the Distinguished Name (DN) of the user who has
1125	1111	sufficient rights to perform the operation on the LDAP server.</dd>

1127	1113	<dd>Specifies the password of <em>user_dn</em>. This option is not
1128	1114	recommended.</dd>
1129	1115	<dt><strong>-H</strong> <em>ldapuri</em></dt>
1130		<dd>Specifies the URI of the LDAP server. It is recommended to use
1131		<code class="docutils literal"><span class="pre">ldapi://</span></code> or <code class="docutils literal"><span class="pre">ldaps://</span></code> to connect to the LDAP server.</dd>
	1116	<dd>Specifies the URI of the LDAP server.</dd>
1132	1117	</dl>
	1118	<p>By default, kdb5_ldap_util operates on the default realm (as specified
	1119	in <a class="reference internal" href="conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>) and connects and authenticates to the LDAP
	1120	server in the same manner as :ref:kadmind(8)` would given the
	1121	parameters in <a class="reference internal" href="conf_files/kdc_conf.html#dbdefaults"><span class="std std-ref">[dbdefaults]</span></a> in <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.</p>
1133	1122	<div class="section" id="creating-a-kerberos-realm">
1134	1123	<span id="ldap-create-realm"></span><h3>Creating a Kerberos realm<a class="headerlink" href="#creating-a-kerberos-realm" title="Permalink to this headline">¶</a></h3>
1135	1124	<p>If you need to create a new realm, use the <a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a>

1141	1130	[<strong>-containerref</strong> <em>container_reference_dn</em>]
1142	1131	[<strong>-k</strong> <em>mkeytype</em>]
1143	1132	[<strong>-kv</strong> <em>mkeyVNO</em>]
	1133	[<strong>-M</strong> <em>mkeyname</em>]
1144	1134	[<strong>-m\|-P</strong> <em>password</em>\|<strong>-sf</strong> <em>stashfilename</em>]
1145	1135	[<strong>-s</strong>]
1146		[<strong>-r</strong> <em>realm</em>]
1147	1136	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
1148	1137	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
1149	1138	[<em>ticket_flags</em>]</div></blockquote>

1169	1158	<dt><strong>-kv</strong> <em>mkeyVNO</em></dt>
1170	1159	<dd>Specifies the version number of the master key in the database;
1171	1160	the default is 1. Note that 0 is not allowed.</dd>
	1161	<dt><strong>-M</strong> <em>mkeyname</em></dt>
	1162	<dd>Specifies the principal name for the master key in the database.
	1163	If not specified, the name is determined by the
	1164	<strong>master_key_name</strong> variable in <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.</dd>
1172	1165	<dt><strong>-m</strong></dt>
1173	1166	<dd>Specifies that the master database password should be read from
1174	1167	the TTY rather than fetched from a file on the disk.</dd>
1175	1168	<dt><strong>-P</strong> <em>password</em></dt>
1176	1169	<dd>Specifies the master database password. This option is not
1177	1170	recommended.</dd>
1178		<dt><strong>-r</strong> <em>realm</em></dt>
1179		<dd>Specifies the Kerberos realm of the database.</dd>
1180	1171	<dt><strong>-sf</strong> <em>stashfilename</em></dt>
1181	1172	<dd>Specifies the stash file of the master database password.</dd>
1182	1173	<dt><strong>-s</strong></dt>

1194	1185	</dl>
1195	1186	<p>Example:</p>
1196	1187	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
1197		<span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">sscope</span> <span class="n">SUB</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	1188	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">create</span> <span class="o">-</span><span class="n">subtrees</span> <span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">sscope</span> <span class="n">SUB</span>
1198	1189	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
1199	1190	<span class="n">Initializing</span> <span class="n">database</span> <span class="k">for</span> <span class="n">realm</span> <span class="s1">'ATHENA.MIT.EDU'</span>
1200	1191	<span class="n">You</span> <span class="n">will</span> <span class="n">be</span> <span class="n">prompted</span> <span class="k">for</span> <span class="n">the</span> <span class="n">database</span> <span class="n">Master</span> <span class="n">Password</span><span class="o">.</span>

1213	1204	[<strong>-subtrees</strong> <em>subtree_dn_list</em>]
1214	1205	[<strong>-sscope</strong> <em>search_scope</em>]
1215	1206	[<strong>-containerref</strong> <em>container_reference_dn</em>]
1216		[<strong>-r</strong> <em>realm</em>]
1217	1207	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
1218	1208	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
1219	1209	[<em>ticket_flags</em>]</div></blockquote>

1230	1220	<dt><strong>-containerref</strong> <em>container_reference_dn</em> Specifies the DN of the</dt>
1231	1221	<dd>container object in which the principals of a realm will be
1232	1222	created.</dd>
1233		<dt><strong>-r</strong> <em>realm</em></dt>
1234		<dd>Specifies the Kerberos realm of the database.</dd>
1235	1223	<dt><strong>-maxtktlife</strong> <em>max_ticket_life</em></dt>
1236	1224	<dd>(<a class="reference internal" href="../basic/date_format.html#getdate"><span class="std std-ref">getdate time</span></a> string) Specifies maximum ticket life for
1237	1225	principals in this realm.</dd>

1244	1232	<a class="reference internal" href="admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>.</dd>
1245	1233	</dl>
1246	1234	<p>Example:</p>
1247		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
1248		<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">r</span>
1249		<span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	1235	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
	1236	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify</span> <span class="o">+</span><span class="n">requires_preauth</span>
1250	1237	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
1251	1238	<span class="n">shell</span><span class="o">%</span>
1252	1239	</pre></div>

1257	1244	<p>If you need to destroy a Kerberos realm, use the
1258	1245	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>destroy</strong> command as follows.</p>
1259	1246	<blockquote>
1260		<div><strong>destroy</strong> [<strong>-f</strong>] [<strong>-r</strong> <em>realm</em>]</div></blockquote>
	1247	<div><strong>destroy</strong> [<strong>-f</strong>]</div></blockquote>
1261	1248	<p>Destroys an existing realm. Options:</p>
1262	1249	<dl class="docutils">
1263	1250	<dt><strong>-f</strong></dt>
1264	1251	<dd>If specified, will not prompt the user for confirmation.</dd>
1265		<dt><strong>-r</strong> <em>realm</em></dt>
1266		<dd>Specifies the Kerberos realm of the database.</dd>
1267	1252	</dl>
1268	1253	<p>Example:</p>
1269		<div class="highlight-default"><div class="highlight"><pre><span></span>shell% kdb5_ldap_util -D cn=admin,o=org -H
1270		ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
	1254	<div class="highlight-default"><div class="highlight"><pre><span></span>shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
	1255	ldaps://ldap-server1.mit.edu destroy
1271	1256	Password for "cn=admin,o=org":
1272	1257	Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
1273	1258	(type 'yes' to confirm)? yes

1281	1266	<p>If you need to display the attributes of a realm, use the
1282	1267	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>view</strong> command as follows.</p>
1283	1268	<blockquote>
1284		<div><strong>view</strong> [<strong>-r</strong> <em>realm</em>]</div></blockquote>
1285		<p>Displays the attributes of a realm. Options:</p>
1286		<dl class="docutils">
1287		<dt><strong>-r</strong> <em>realm</em></dt>
1288		<dd>Specifies the Kerberos realm of the database.</dd>
1289		</dl>
	1269	<div><strong>view</strong></div></blockquote>
	1270	<p>Displays the attributes of a realm.</p>
1290	1271	<p>Example:</p>
1291	1272	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
1292		<span class="n">view</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	1273	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">view</span>
1293	1274	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
1294	1275	<span class="n">Realm</span> <span class="n">Name</span><span class="p">:</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
1295	1276	<span class="n">Subtree</span><span class="p">:</span> <span class="n">ou</span><span class="o">=</span><span class="n">users</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span>

1307	1288	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>list</strong> command as follows.</p>
1308	1289	<blockquote>
1309	1290	<div><strong>list</strong></div></blockquote>
1310		<p>Lists the name of realms.</p>
	1291	<p>Lists the names of realms under the container.</p>
1311	1292	<p>Example:</p>
1312	1293	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
1313	1294	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="nb">list</span>

1363	1344	objects are created under the realm container.</p>
1364	1345	<blockquote>
1365	1346	<div><strong>create_policy</strong>
1366		[<strong>-r</strong> <em>realm</em>]
1367	1347	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
1368	1348	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
1369	1349	[<em>ticket_flags</em>]
1370	1350	<em>policy_name</em></div></blockquote>
1371	1351	<p>Creates a ticket policy in the directory. Options:</p>
1372	1352	<dl class="docutils">
1373		<dt><strong>-r</strong> <em>realm</em></dt>
1374		<dd>Specifies the Kerberos realm of the database.</dd>
1375	1353	<dt><strong>-maxtktlife</strong> <em>max_ticket_life</em></dt>
1376	1354	<dd>(<a class="reference internal" href="../basic/date_format.html#getdate"><span class="std std-ref">getdate time</span></a> string) Specifies maximum ticket life for
1377	1355	principals.</dd>

1388	1366	</dl>
1389	1367	<p>Example:</p>
1390	1368	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
1391		<span class="n">create_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"1 day"</span>
	1369	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">create_policy</span> <span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"1 day"</span>
1392	1370	<span class="o">-</span><span class="n">maxrenewlife</span> <span class="s2">"1 week"</span> <span class="o">-</span><span class="n">allow_postdated</span> <span class="o">+</span><span class="n">needchange</span>
1393	1371	<span class="o">-</span><span class="n">allow_forwardable</span> <span class="n">tktpolicy</span>
1394	1372	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>

1401	1379	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>modify_policy</strong> command.</p>
1402	1380	<blockquote>
1403	1381	<div><strong>modify_policy</strong>
1404		[<strong>-r</strong> <em>realm</em>]
1405	1382	[<strong>-maxtktlife</strong> <em>max_ticket_life</em>]
1406	1383	[<strong>-maxrenewlife</strong> <em>max_renewable_ticket_life</em>]
1407	1384	[<em>ticket_flags</em>]

1410	1387	<strong>create_policy</strong>.</p>
1411	1388	<p>Example:</p>
1412	1389	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span>
1413		<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">modify_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	1390	<span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">modify_policy</span>
1414	1391	<span class="o">-</span><span class="n">maxtktlife</span> <span class="s2">"60 minutes"</span> <span class="o">-</span><span class="n">maxrenewlife</span> <span class="s2">"10 hours"</span>
1415	1392	<span class="o">+</span><span class="n">allow_postdated</span> <span class="o">-</span><span class="n">requires_preauth</span> <span class="n">tktpolicy</span>
1416	1393	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>

1423	1400	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>view_policy</strong> command.</p>
1424	1401	<blockquote>
1425	1402	<div><strong>view_policy</strong>
1426		[<strong>-r</strong> <em>realm</em>]
1427	1403	<em>policy_name</em></div></blockquote>
1428		<p>Displays the attributes of a ticket policy. Options:</p>
1429		<dl class="docutils">
1430		<dt><em>policy_name</em></dt>
1431		<dd>Specifies the name of the ticket policy.</dd>
1432		</dl>
	1404	<p>Displays the attributes of the named ticket policy.</p>
1433	1405	<p>Example:</p>
1434	1406	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
1435		<span class="n">view_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">tktpolicy</span>
	1407	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">view_policy</span> <span class="n">tktpolicy</span>
1436	1408	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
1437	1409	<span class="n">Ticket</span> <span class="n">policy</span><span class="p">:</span> <span class="n">tktpolicy</span>
1438	1410	<span class="n">Maximum</span> <span class="n">ticket</span> <span class="n">life</span><span class="p">:</span> <span class="mi">0</span> <span class="n">days</span> <span class="mi">01</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>

1447	1419	<strong>destroy_policy</strong> command.</p>
1448	1420	<blockquote>
1449	1421	<div><strong>destroy_policy</strong>
1450		[<strong>-r</strong> <em>realm</em>]
1451	1422	[<strong>-force</strong>]
1452	1423	<em>policy_name</em></div></blockquote>
1453	1424	<p>Destroys an existing ticket policy. Options:</p>
1454	1425	<dl class="docutils">
1455		<dt><strong>-r</strong> <em>realm</em></dt>
1456		<dd>Specifies the Kerberos realm of the database.</dd>
1457	1426	<dt><strong>-force</strong></dt>
1458	1427	<dd>Forces the deletion of the policy object. If not specified, the
1459	1428	user will be prompted for confirmation before deleting the policy.</dd>

1462	1431	</dl>
1463	1432	<p>Example:</p>
1464	1433	<div class="highlight-default"><div class="highlight"><pre><span></span>kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
1465		destroy_policy -r ATHENA.MIT.EDU tktpolicy
	1434	-r ATHENA.MIT.EDU destroy_policy tktpolicy
1466	1435	Password for "cn=admin,o=org":
1467	1436	This will delete the policy object 'tktpolicy', are you sure?
1468	1437	(type 'yes' to confirm)? yes

1475	1444	<p>To list the name of ticket policies in a realm, use the
1476	1445	<a class="reference internal" href="admin_commands/kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a> <strong>list_policy</strong> command.</p>
1477	1446	<blockquote>
1478		<div><strong>list_policy</strong>
1479		[<strong>-r</strong> <em>realm</em>]</div></blockquote>
1480		<p>Lists the ticket policies in realm if specified or in the default
1481		realm. Options:</p>
1482		<dl class="docutils">
1483		<dt><strong>-r</strong> <em>realm</em></dt>
1484		<dd>Specifies the Kerberos realm of the database.</dd>
1485		</dl>
	1447	<div><strong>list_policy</strong></div></blockquote>
	1448	<p>Lists ticket policies.</p>
1486	1449	<p>Example:</p>
1487	1450	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kdb5_ldap_util</span> <span class="o">-</span><span class="n">D</span> <span class="n">cn</span><span class="o">=</span><span class="n">admin</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">org</span> <span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">ldap</span><span class="o">-</span><span class="n">server1</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
1488		<span class="n">list_policy</span> <span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
	1451	<span class="o">-</span><span class="n">r</span> <span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="n">list_policy</span>
1489	1452	<span class="n">Password</span> <span class="k">for</span> <span class="s2">"cn=admin,o=org"</span><span class="p">:</span>
1490	1453	<span class="n">tktpolicy</span>
1491	1454	<span class="n">tmppolicy</span>

1566	1529	types supported by the krbtgt service (see
1567	1530	<a class="reference internal" href="enctypes.html#session-key-selection"><span class="std std-ref">Session key selection</span></a>). Because non-MIT Kerberos clients
1568	1531	sometimes send a limited set of encryption types when making AS
1569		requests, it can be important to for the krbtgt service to support
	1532	requests, it can be important for the krbtgt service to support
1570	1533	multiple encryption types. This can be accomplished by giving the
1571	1534	krbtgt principal multiple keys, which is usually as simple as not
1572	1535	specifying any <strong>-e</strong> option when changing the krbtgt key, or by

1591	1554	size. A process on each replica KDC connects to a service on the
1592	1555	master KDC (currently implemented in the <a class="reference internal" href="admin_commands/kadmind.html#kadmind-8"><span class="std std-ref">kadmind</span></a> server) and
1593	1556	periodically requests the changes that have been made since the last
1594		check. By default, this check is done every two minutes. If the
1595		database has just been modified in the previous several seconds
1596		(currently the threshold is hard-coded at 10 seconds), the replica
1597		will not retrieve updates, but instead will pause and try again soon
1598		after. This reduces the likelihood that incremental update queries
1599		will cause delays for an administrator trying to make a bunch of
1600		changes to the database at the same time.</p>
	1557	check. By default, this check is done every two minutes.</p>
1601	1558	<p>Incremental propagation uses the following entries in the per-realm
1602	1559	data in the KDC config file (See <a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>):</p>
1603	1560	<table border="1" class="docutils">

1845	1802
1846	1803	<div class="footer-wrapper">
1847	1804	<div class="footer" >
1848		<div class="right" ><i>Release: 1.17</i><br />
1849		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	1805	<div class="right" ><i>Release: 1.18.2</i><br />
	1806	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
1850	1807	</div>
1851	1808	<div class="left">
1852	1809

+3

-3

doc/html/admin/dbtypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

269	269
270	270	<div class="footer-wrapper">
271	271	<div class="footer" >
272		<div class="right" ><i>Release: 1.17</i><br />
273		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	272	<div class="right" ><i>Release: 1.18.2</i><br />
	273	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
274	274	</div>
275	275	<div class="left">
276	276

+3

-3

doc/html/admin/dictionary.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

207	207
208	208	<div class="footer-wrapper">
209	209	<div class="footer" >
210		<div class="right" ><i>Release: 1.17</i><br />
211		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	210	<div class="right" ><i>Release: 1.18.2</i><br />
	211	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
212	212	</div>
213	213	<div class="left">
214	214

+26

-25

doc/html/admin/enctypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

96	96	<p>The KDC chooses the session key enctype by taking the intersection of
97	97	its <strong>permitted_enctypes</strong> list, the list of long-term keys for the
98	98	most recent kvno of the service, and the client’s requested list of
99		enctypes. If <strong>allow_weak_crypto</strong> is true, all services are assumed
100		to support des-cbc-crc.</p>
101		<p>Starting in krb5-1.11, <strong>des_crc_session_supported</strong> in
102		<a class="reference internal" href="conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a> allows additional control over whether the KDC
103		issues des-cbc-crc session keys.</p>
104		<p>Also starting in krb5-1.11, it is possible to set a string attribute
105		on a service principal to control what session key enctypes the KDC
106		may issue for service tickets for that principal. See
107		<a class="reference internal" href="admin_commands/kadmin_local.html#set-string"><span class="std std-ref">set_string</span></a> in <a class="reference internal" href="admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> for details.</p>
	99	enctypes.</p>
	100	<p>Starting in krb5-1.11, it is possible to set a string attribute on a
	101	service principal to control what session key enctypes the KDC may
	102	issue for service tickets for that principal. See <a class="reference internal" href="admin_commands/kadmin_local.html#set-string"><span class="std std-ref">set_string</span></a>
	103	in <a class="reference internal" href="admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> for details.</p>
108	104	</div>
109	105	<div class="section" id="choosing-enctypes-for-a-service">
110	106	<h2>Choosing enctypes for a service<a class="headerlink" href="#choosing-enctypes-for-a-service" title="Permalink to this headline">¶</a></h2>

127	123	<dl class="docutils">
128	124	<dt><strong>allow_weak_crypto</strong></dt>
129	125	<dd>defaults to <em>false</em> starting with krb5-1.8. When <em>false</em>, removes
130		single-DES enctypes (and other weak enctypes) from
131		<strong>permitted_enctypes</strong>, <strong>default_tkt_enctypes</strong>, and
132		<strong>default_tgs_enctypes</strong>. Do not set this to <em>true</em> unless the
133		use of weak enctypes is an acceptable risk for your environment
134		and the weak enctypes are required for backward compatibility.</dd>
	126	weak enctypes from <strong>permitted_enctypes</strong>,
	127	<strong>default_tkt_enctypes</strong>, and <strong>default_tgs_enctypes</strong>. Do not
	128	set this to <em>true</em> unless the use of weak enctypes is an
	129	acceptable risk for your environment and the weak enctypes are
	130	required for backward compatibility.</dd>
135	131	<dt><strong>permitted_enctypes</strong></dt>
136		<dd>controls the set of enctypes that a service will accept as session
137		keys.</dd>
	132	<dd>controls the set of enctypes that a service will permit for
	133	session keys and for ticket and authenticator encryption. The KDC
	134	and other programs that access the Kerberos database will ignore
	135	keys of non-permitted enctypes. Starting in release 1.18, this
	136	setting also acts as the default for <strong>default_tkt_enctypes</strong> and
	137	<strong>defaut_tgs_enctypes</strong>.</dd>
138	138	<dt><strong>default_tkt_enctypes</strong></dt>
139	139	<dd>controls the default set of enctypes that the Kerberos client
140	140	library requests when making an AS-REQ. Do not set this unless

177	177	<tbody valign="top">
178	178	<tr class="row-even"><td>des-cbc-crc</td>
179	179	<td>weak</td>
180		<td>all</td>
	180	<td><1.18</td>
181	181	<td>>=2000</td>
182	182	</tr>
183	183	<tr class="row-odd"><td>des-cbc-md4</td>
184	184	<td>weak</td>
185		<td>all</td>
	185	<td><1.18</td>
186	186	<td>?</td>
187	187	</tr>
188	188	<tr class="row-even"><td>des-cbc-md5</td>
189	189	<td>weak</td>
190		<td>all</td>
	190	<td><1.18</td>
191	191	<td>>=2000</td>
192	192	</tr>
193	193	<tr class="row-odd"><td>des3-cbc-sha1</td>

237	237	</tr>
238	238	</tbody>
239	239	</table>
240		<p>krb5 releases 1.8 and later disable the single-DES enctypes by
241		default. Microsoft Windows releases Windows 7 and later disable
242		single-DES enctypes by default.</p>
	240	<p>krb5 releases 1.18 and later do not support single-DES. krb5 releases
	241	1.8 and later disable the single-DES enctypes by default. Microsoft
	242	Windows releases Windows 7 and later disable single-DES enctypes by
	243	default.</p>
243	244	</div>
244	245	</div>
245	246

319	320
320	321	<div class="footer-wrapper">
321	322	<div class="footer" >
322		<div class="right" ><i>Release: 1.17</i><br />
323		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	323	<div class="right" ><i>Release: 1.18.2</i><br />
	324	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
324	325	</div>
325	326	<div class="left">
326	327

+3

-3

doc/html/admin/env_variables.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+21

-18

doc/html/admin/host_config.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137	# only principals in OTHER.REALM are matched.
138	138	#
139	139	# s/@OTHER\.REALM$// removes the realm name, leaving behind the
140		# principal name as the acount name.
	140	# principal name as the account name.
141	141	auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$//
142	142
143	143	# Also allow principals from the default realm. Omit this line

231	231	<div class="section" id="gssapi-mechanism-modules">
232	232	<span id="gssapi-plugin-config"></span><h3>GSSAPI mechanism modules<a class="headerlink" href="#gssapi-mechanism-modules" title="Permalink to this headline">¶</a></h3>
233	233	<p>GSSAPI mechanism modules are registered using the file
234		<code class="docutils literal"><span class="pre">/etc/gss/mech</span></code> or configuration files in the <code class="docutils literal"><span class="pre">/etc/gss/mech.d/</span></code>
235		directory. Only files with a <code class="docutils literal"><span class="pre">.conf</span></code> suffix will be read from the
236		<code class="docutils literal"><span class="pre">/etc/gss/mech.d/</span></code> directory. Each line in these files has the
237		form:</p>
238		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">oid</span> <span class="n">pathname</span> <span class="p">[</span><span class="n">options</span><span class="p">]</span> <span class="o"><</span><span class="nb">type</span><span class="o">></span>
239		</pre></div>
240		</div>
241		<p>Only the oid and pathname are required. <em>oid</em> is the object
242		identifier of the GSSAPI mechanism to be registered. <em>pathname</em> is a
243		path to the module shared object or DLL. <em>options</em> (if present) are
244		options provided to the plugin module, surrounded in square brackets.
245		<em>type</em> (if present) can be used to indicate a special type of module.
246		Currently the only special module type is “interposer”, for a module
247		designed to intercept calls to other mechanisms.</p>
	234	<a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech</span></code> or configuration files in the
	235	<a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech.d</span></code> directory with a <code class="docutils literal"><span class="pre">.conf</span></code>
	236	suffix. Each line in these files has the form:</p>
	237	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">name</span> <span class="n">oid</span> <span class="n">pathname</span> <span class="p">[</span><span class="n">options</span><span class="p">]</span> <span class="o"><</span><span class="nb">type</span><span class="o">></span>
	238	</pre></div>
	239	</div>
	240	<p>Only the name, oid, and pathname are required. <em>name</em> is the
	241	mechanism name, which may be used for debugging or logging purposes.
	242	<em>oid</em> is the object identifier of the GSSAPI mechanism to be
	243	registered. <em>pathname</em> is a path to the module shared object or DLL.
	244	<em>options</em> (if present) are options provided to the plugin module,
	245	surrounded in square brackets. <em>type</em> (if present) can be used to
	246	indicate a special type of module. Currently the only special module
	247	type is “interposer”, for a module designed to intercept calls to
	248	other mechanisms.</p>
	249	<p>If the environment variable <strong>GSS_MECH_CONFIG</strong> is set, its value is
	250	used as the sole mechanism configuration filename.</p>
248	251	</div>
249	252	<div class="section" id="configuration-profile-modules">
250	253	<span id="profile-plugin-config"></span><h3>Configuration profile modules<a class="headerlink" href="#configuration-profile-modules" title="Permalink to this headline">¶</a></h3>

340	343
341	344	<div class="footer-wrapper">
342	345	<div class="footer" >
343		<div class="right" ><i>Release: 1.17</i><br />
344		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	346	<div class="right" ><i>Release: 1.18.2</i><br />
	347	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
345	348	</div>
346	349	<div class="left">
347	350

+3

-3

doc/html/admin/https.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

174	174
175	175	<div class="footer-wrapper">
176	176	<div class="footer" >
177		<div class="right" ><i>Release: 1.17</i><br />
178		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	177	<div class="right" ><i>Release: 1.18.2</i><br />
	178	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
179	179	</div>
180	180	<div class="left">
181	181

+3

-3

doc/html/admin/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

167	167
168	168	<div class="footer-wrapper">
169	169	<div class="footer" >
170		<div class="right" ><i>Release: 1.17</i><br />
171		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	170	<div class="right" ><i>Release: 1.18.2</i><br />
	171	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
172	172	</div>
173	173	<div class="left">
174	174

+4

-4

doc/html/admin/install.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

95	95	<h2>Additional references<a class="headerlink" href="#additional-references" title="Permalink to this headline">¶</a></h2>
96	96	<ol class="arabic simple">
97	97	<li>Debian: <a class="reference external" href="http://techpubs.spinlocksolutions.com/dklar/kerberos.html">Setting up MIT Kerberos 5</a></li>
98		<li>Solaris: <a class="reference external" href="http://download.oracle.com/docs/cd/E19253-01/816-4557/6maosrjv2/index.html">Configuring the Kerberos Service</a></li>
	98	<li>Solaris: <a class="reference external" href="https://docs.oracle.com/cd/E19253-01/816-4557/6maosrjv2/index.html">Configuring the Kerberos Service</a></li>
99	99	</ol>
100	100	</div>
101	101	</div>

178	178
179	179	<div class="footer-wrapper">
180	180	<div class="footer" >
181		<div class="right" ><i>Release: 1.17</i><br />
182		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	181	<div class="right" ><i>Release: 1.18.2</i><br />
	182	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
183	183	</div>
184	184	<div class="left">
185	185

+10

-15

doc/html/admin/install_appl_srv.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

96	96	pop, the administrator <code class="docutils literal"><span class="pre">joeadmin</span></code> would issue the command (on
97	97	<code class="docutils literal"><span class="pre">trillium.mit.edu</span></code>):</p>
98	98	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">trillium</span><span class="o">%</span> <span class="n">kadmin</span>
99		<span class="n">kadmin5</span><span class="p">:</span> <span class="n">ktadd</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">ftp</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
100		<span class="n">pop</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
101		<span class="n">kadmin</span><span class="p">:</span> <span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span>
102		<span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">DES</span><span class="o">-</span><span class="n">CBC</span><span class="o">-</span><span class="n">CRC</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span>
103		<span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
104		<span class="n">kadmin</span><span class="p">:</span> <span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">ftp</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span>
105		<span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">DES</span><span class="o">-</span><span class="n">CBC</span><span class="o">-</span><span class="n">CRC</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span>
106		<span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
107		<span class="n">kadmin</span><span class="p">:</span> <span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">pop</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span>
108		<span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">DES</span><span class="o">-</span><span class="n">CBC</span><span class="o">-</span><span class="n">CRC</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span>
109		<span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
110		<span class="n">kadmin5</span><span class="p">:</span> <span class="n">quit</span>
	99	<span class="n">Authenticating</span> <span class="k">as</span> <span class="n">principal</span> <span class="n">root</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span> <span class="n">password</span><span class="o">.</span>
	100	<span class="n">Password</span> <span class="k">for</span> <span class="n">root</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>
	101	<span class="n">kadmin</span><span class="p">:</span> <span class="n">ktadd</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">ftp</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">pop</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
	102	<span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
	103	<span class="n">kadmin</span><span class="p">:</span> <span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">ftp</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
	104	<span class="n">kadmin</span><span class="p">:</span> <span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">pop</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">3</span><span class="p">,</span> <span class="n">encryption</span> <span class="nb">type</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
	105	<span class="n">kadmin</span><span class="p">:</span> <span class="n">quit</span>
111	106	<span class="n">trillium</span><span class="o">%</span>
112	107	</pre></div>
113	108	</div>

211	206
212	207	<div class="footer-wrapper">
213	208	<div class="footer" >
214		<div class="right" ><i>Release: 1.17</i><br />
215		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	209	<div class="right" ><i>Release: 1.18.2</i><br />
	210	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
216	211	</div>
217	212	<div class="left">
218	213

+3

-3

doc/html/admin/install_clients.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

188	188
189	189	<div class="footer-wrapper">
190	190	<div class="footer" >
191		<div class="right" ><i>Release: 1.17</i><br />
192		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	191	<div class="right" ><i>Release: 1.18.2</i><br />
	192	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
193	193	</div>
194	194	<div class="left">
195	195

+7

-7

doc/html/admin/install_kdc.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

272	272
273	273	<span class="n">kadmin</span><span class="o">.</span><span class="n">local</span><span class="p">:</span> <span class="n">addprinc</span> <span class="n">admin</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span>
274	274
275		<span class="n">WARNING</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"admin/admin@ATHENA.MIT.EDU"</span><span class="p">;</span>
	275	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"admin/admin@ATHENA.MIT.EDU"</span><span class="p">;</span>
276	276	<span class="n">assigning</span> <span class="s2">"default"</span><span class="o">.</span>
277	277	<span class="n">Enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">admin</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span> <span class="n">Enter</span> <span class="n">a</span> <span class="n">password</span><span class="o">.</span>
278	278	<span class="n">Re</span><span class="o">-</span><span class="n">enter</span> <span class="n">password</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">admin</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><=</span> <span class="n">Type</span> <span class="n">it</span> <span class="n">again</span><span class="o">.</span>

338	338	following:</p>
339	339	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kadmin</span>
340	340	<span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="o">-</span><span class="n">randkey</span> <span class="n">host</span><span class="o">/</span><span class="n">kerberos</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
341		<span class="n">NOTICE</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"host/kerberos.mit.edu@ATHENA.MIT.EDU"</span><span class="p">;</span> <span class="n">assigning</span> <span class="s2">"default"</span>
	341	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"host/kerberos.mit.edu@ATHENA.MIT.EDU"</span><span class="p">;</span> <span class="n">assigning</span> <span class="s2">"default"</span>
342	342	<span class="n">Principal</span> <span class="s2">"host/kerberos.mit.edu@ATHENA.MIT.EDU"</span> <span class="n">created</span><span class="o">.</span>
343	343
344	344	<span class="n">kadmin</span><span class="p">:</span> <span class="n">addprinc</span> <span class="o">-</span><span class="n">randkey</span> <span class="n">host</span><span class="o">/</span><span class="n">kerberos</span><span class="o">-</span><span class="mf">1.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>
345		<span class="n">NOTICE</span><span class="p">:</span> <span class="n">no</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"host/kerberos-1.mit.edu@ATHENA.MIT.EDU"</span><span class="p">;</span> <span class="n">assigning</span> <span class="s2">"default"</span>
	345	<span class="n">No</span> <span class="n">policy</span> <span class="n">specified</span> <span class="k">for</span> <span class="s2">"host/kerberos-1.mit.edu@ATHENA.MIT.EDU"</span><span class="p">;</span> <span class="n">assigning</span> <span class="s2">"default"</span>
346	346	<span class="n">Principal</span> <span class="s2">"host/kerberos-1.mit.edu@ATHENA.MIT.EDU"</span> <span class="n">created</span><span class="o">.</span>
347	347	</pre></div>
348	348	</div>

361	361	<span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">host</span><span class="o">/</span><span class="n">kerberos</span><span class="o">-</span><span class="mf">1.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">2</span><span class="p">,</span> <span class="n">encryption</span>
362	362	<span class="nb">type</span> <span class="n">aes128</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha1</span><span class="o">-</span><span class="mi">96</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
363	363	<span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">host</span><span class="o">/</span><span class="n">kerberos</span><span class="o">-</span><span class="mf">1.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">2</span><span class="p">,</span> <span class="n">encryption</span>
364		<span class="nb">type</span> <span class="n">des3</span><span class="o">-</span><span class="n">cbc</span><span class="o">-</span><span class="n">sha1</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
	364	<span class="nb">type</span> <span class="n">aes256</span><span class="o">-</span><span class="n">cts</span><span class="o">-</span><span class="n">hmac</span><span class="o">-</span><span class="n">sha384</span><span class="o">-</span><span class="mi">192</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
365	365	<span class="n">Entry</span> <span class="k">for</span> <span class="n">principal</span> <span class="n">host</span><span class="o">/</span><span class="n">kerberos</span><span class="o">-</span><span class="mf">1.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="k">with</span> <span class="n">kvno</span> <span class="mi">2</span><span class="p">,</span> <span class="n">encryption</span>
366	366	<span class="nb">type</span> <span class="n">arcfour</span><span class="o">-</span><span class="n">hmac</span> <span class="n">added</span> <span class="n">to</span> <span class="n">keytab</span> <span class="n">FILE</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">krb5</span><span class="o">.</span><span class="n">keytab</span><span class="o">.</span>
367	367	</pre></div>

632	632
633	633	<div class="footer-wrapper">
634	634	<div class="footer" >
635		<div class="right" ><i>Release: 1.17</i><br />
636		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	635	<div class="right" ><i>Release: 1.18.2</i><br />
	636	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
637	637	</div>
638	638	<div class="left">
639	639

+3

-3

doc/html/admin/lockout.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

274	274
275	275	<div class="footer-wrapper">
276	276	<div class="footer" >
277		<div class="right" ><i>Release: 1.17</i><br />
278		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	277	<div class="right" ><i>Release: 1.18.2</i><br />
	278	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
279	279	</div>
280	280	<div class="left">
281	281

+3

-3

doc/html/admin/otp.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

222	222
223	223	<div class="footer-wrapper">
224	224	<div class="footer" >
225		<div class="right" ><i>Release: 1.17</i><br />
226		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	225	<div class="right" ><i>Release: 1.18.2</i><br />
	226	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
227	227	</div>
228	228	<div class="left">
229	229

+5

-5

doc/html/admin/pkinit.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

97	97	<p>The result of these commands will be two files, cakey.pem and
98	98	cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which
99	99	must be carefully protected. cacert.pem will contain the CA
100		certificate, which must be placed in the filesytems of the KDC and
	100	certificate, which must be placed in the filesystems of the KDC and
101	101	each client host. cakey.pem will be required to create KDC and client
102	102	certificates.</p>
103	103	</div>

120	120	principal_name=EXP:1,SEQUENCE:kdc_principal_seq
121	121
122	122	[kdc_principal_seq]
123		name_type=EXP:0,INTEGER:1
	123	name_type=EXP:0,INTEGER:2
124	124	name_string=EXP:1,SEQUENCE:kdc_principals
125	125
126	126	[kdc_principals]

463	463
464	464	<div class="footer-wrapper">
465	465	<div class="footer" >
466		<div class="right" ><i>Release: 1.17</i><br />
467		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	466	<div class="right" ><i>Release: 1.18.2</i><br />
	467	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
468	468	</div>
469	469	<div class="left">
470	470

+3

-3

doc/html/admin/princ_dns.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

236	236
237	237	<div class="footer-wrapper">
238	238	<div class="footer" >
239		<div class="right" ><i>Release: 1.17</i><br />
240		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	239	<div class="right" ><i>Release: 1.18.2</i><br />
	240	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
241	241	</div>
242	242	<div class="left">
243	243

+3

-3

doc/html/admin/realm_config.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

373	373
374	374	<div class="footer-wrapper">
375	375	<div class="footer" >
376		<div class="right" ><i>Release: 1.17</i><br />
377		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	376	<div class="right" ><i>Release: 1.18.2</i><br />
	377	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
378	378	</div>
379	379	<div class="left">
380	380

+4

-4

doc/html/admin/spake.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

83	83	</div>
84	84	<p>Set the <strong>+requires_preauth</strong> and <strong>-allow_svr</strong> flags on client
85	85	principal entries, as you would for any preauthentication mechanism:</p>
86		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">modprinc</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">allow_srv</span> <span class="n">PRINCNAME</span>
	86	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">modprinc</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">allow_svr</span> <span class="n">PRINCNAME</span>
87	87	</pre></div>
88	88	</div>
89	89	<p>Clients which do not implement SPAKE preauthentication will fall back

180	180
181	181	<div class="footer-wrapper">
182	182	<div class="footer" >
183		<div class="right" ><i>Release: 1.17</i><br />
184		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	183	<div class="right" ><i>Release: 1.18.2</i><br />
	184	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
185	185	</div>
186	186	<div class="left">
187	187

+3

-3

doc/html/admin/troubleshoot.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

247	247
248	248	<div class="footer-wrapper">
249	249	<div class="footer" >
250		<div class="right" ><i>Release: 1.17</i><br />
251		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	250	<div class="right" ><i>Release: 1.18.2</i><br />
	251	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
252	252	</div>
253	253	<div class="left">
254	254

+9

-12

doc/html/admin/various_envs.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

65	65	<div class="section" id="whitepapers">
66	66	<h2>Whitepapers<a class="headerlink" href="#whitepapers" title="Permalink to this headline">¶</a></h2>
67	67	<ol class="arabic simple">
68		<li><a class="reference external" href="http://kerberos.org/software/whitepapers.html">http://kerberos.org/software/whitepapers.html</a></li>
	68	<li><a class="reference external" href="https://kerberos.org/software/whitepapers.html">https://kerberos.org/software/whitepapers.html</a></li>
69	69	</ol>
70	70	</div>
71	71	<div class="section" id="tutorials">
72	72	<h2>Tutorials<a class="headerlink" href="#tutorials" title="Permalink to this headline">¶</a></h2>
73	73	<ol class="arabic simple">
74		<li>Fulvio Ricciardi <<a class="reference external" href="http://www.kerberos.org/software/tutorial.html">http://www.kerberos.org/software/tutorial.html</a>>_</li>
	74	<li>Fulvio Ricciardi <<a class="reference external" href="https://www.kerberos.org/software/tutorial.html">https://www.kerberos.org/software/tutorial.html</a>>_</li>
75	75	</ol>
76	76	</div>
77	77	<div class="section" id="troubleshooting">
78	78	<h2>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permalink to this headline">¶</a></h2>
79	79	<ol class="arabic simple">
80		<li><a class="reference external" href="http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/troubleshooting.html">http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/troubleshooting.html</a></li>
81		<li><a class="reference external" href="http://nfsv4.bullopensource.org/doc/kerberosnfs/krbnfs_howto_v3.pdf">http://nfsv4.bullopensource.org/doc/kerberosnfs/krbnfs_howto_v3.pdf</a></li>
82		<li><a class="reference external" href="http://sysdoc.doors.ch/HP/T1417-90005.pdf">http://sysdoc.doors.ch/HP/T1417-90005.pdf</a></li>
83		<li><a class="reference external" href="http://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html">http://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html</a></li>
84		<li><a class="reference external" href="http://download.oracle.com/docs/cd/E19253-01/816-4557/trouble-1/index.html">http://download.oracle.com/docs/cd/E19253-01/816-4557/trouble-1/index.html</a></li>
85		<li><a class="reference external" href="http://technet.microsoft.com/en-us/library/bb463167.aspx#EBAA">http://technet.microsoft.com/en-us/library/bb463167.aspx#EBAA</a></li>
	80	<li><a class="reference external" href="https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting">https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting</a></li>
	81	<li><a class="reference external" href="https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html">https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html</a></li>
	82	<li><a class="reference external" href="https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html">https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html</a></li>
	83	<li><a class="reference external" href="https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10">https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10</a>)#EBAA</li>
86	84	<li><a class="reference external" href="https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528">https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528</a></li>
87		<li><a class="reference external" href="http://h71000.www7.hp.com/doc/83final/ba548_90007/ch06s05.html">http://h71000.www7.hp.com/doc/83final/ba548_90007/ch06s05.html</a></li>
88	85	</ol>
89	86	</div>
90	87	</div>

163	160
164	161	<div class="footer-wrapper">
165	162	<div class="footer" >
166		<div class="right" ><i>Release: 1.17</i><br />
167		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
168	165	</div>
169	166	<div class="left">
170	167

+19

-27

doc/html/appdev/gssapi.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

281	281	ticket-granting ticket, if the KDC is configured to allow it.</p>
282	282	<p>To perform a constrained delegation operation, the intermediate
283	283	service must submit to the KDC an “evidence ticket” from the client to
284		the intermediate service with the forwardable bit set. An evidence
285		ticket can be acquired when the client authenticates to the
286		intermediate service with Kerberos, or with an S4U2Self request if the
287		KDC allows it. The MIT krb5 GSSAPI library represents an evidence
288		ticket using a “proxy credential”, which is a special kind of
289		gss_cred_id_t object whose underlying credential cache contains the
290		evidence ticket and a krbtgt ticket for the intermediate service.</p>
	284	the intermediate service. An evidence ticket can be acquired when the
	285	client authenticates to the intermediate service with Kerberos, or
	286	with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI
	287	library represents an evidence ticket using a “proxy credential”,
	288	which is a special kind of gss_cred_id_t object whose underlying
	289	credential cache contains the evidence ticket and a krbtgt ticket for
	290	the intermediate service.</p>
291	291	<p>To acquire a proxy credential during client authentication, the
292	292	service should first create an acceptor credential using the
293	293	<strong>GSS_C_BOTH</strong> usage. The application should then pass this

295	295	and also pass a <em>delegated_cred_handle</em> output parameter to receive a
296	296	proxy credential containing the evidence ticket. The output value of
297	297	<em>delegated_cred_handle</em> may be a delegated ticket-granting ticket if
298		the client sent one, or a proxy credential if the client authenticated
299		with a forwardable service ticket, or <strong>GSS_C_NO_CREDENTIAL</strong> if
300		neither is the case.</p>
	298	the client sent one, or a proxy credential if not. If the library can
	299	determine that the client’s ticket is not a valid evidence ticket, it
	300	will place <strong>GSS_C_NO_CREDENTIAL</strong> in <em>delegated_cred_handle</em>.</p>
301	301	<p>To acquire a proxy credential using an S4U2Self request, the service
302	302	can use the following GSSAPI extension:</p>
303	303	<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">OM_uint32</span> <span class="n">gss_acquire_cred_impersonate_name</span><span class="p">(</span><span class="n">OM_uint32</span> <span class="o">*</span><span class="n">minor_status</span><span class="p">,</span>

317	317	intermediate service. Both <em>icred</em> and <em>desired_name</em> are required
318	318	for this function; passing <strong>GSS_C_NO_CREDENTIAL</strong> or
319	319	<strong>GSS_C_NO_NAME</strong> will cause the call to fail. <em>icred</em> must contain a
320		krbtgt ticket for the intermediate service. If the KDC returns a
321		forwardable ticket, the result of this operation is a proxy
322		credential; if it is not forwardable, the result is a regular
323		credential for <em>desired_name</em>.</p>
324		<p>A recent KDC will usually allow any service to acquire a ticket from a
325		client to itself with an S4U2Self request, but the ticket will only be
326		forwardable if the service has a specific privilege. In the MIT krb5
327		KDC, this privilege is determined by the <strong>ok_to_auth_as_delegate</strong>
328		bit on the intermediate service’s principal entry, which can be
329		configured with <a class="reference internal" href="../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>.</p>
	320	krbtgt ticket for the intermediate service. The result of this
	321	operation is a proxy credential. (Prior to release 1.18, the result
	322	of this operation may be a regular credential for <em>desired_name</em>, if
	323	the KDC issues a non-forwardable ticket.)</p>
330	324	<p>Once the intermediate service has a proxy credential, it can simply
331	325	pass it to <a class="reference external" href="https://tools.ietf.org/html/rfc2744.html#section-5.19">gss_init_sec_context</a> as the <em>initiator_cred_handle</em>
332	326	parameter, and the desired service as the <em>target_name</em> parameter.

621	615	<span class="n">iov</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span><span class="o">.</span><span class="n">buffer</span><span class="o">.</span><span class="n">value</span> <span class="o">=</span> <span class="s2">"message"</span><span class="p">;</span>
622	616	<span class="n">iov</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span><span class="o">.</span><span class="n">buffer</span><span class="o">.</span><span class="n">length</span> <span class="o">=</span> <span class="mi">7</span><span class="p">;</span>
623	617
624		<span class="n">major</span> <span class="o">=</span> <span class="n">gss_wrap_iov_length</span><span class="p">(</span><span class="o">&</span><span class="n">minor</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="n">GSS_C_QOP_DEFAULT</span><span class="p">,</span>
625		<span class="n">NULL</span><span class="p">,</span> <span class="n">iov</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span>
	618	<span class="n">major</span> <span class="o">=</span> <span class="n">gss_get_mic_iov_length</span><span class="p">(</span><span class="o">&</span><span class="n">minor</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">GSS_C_QOP_DEFAULT</span><span class="p">,</span> <span class="n">iov</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span>
626	619	<span class="k">if</span> <span class="p">(</span><span class="n">GSS_ERROR</span><span class="p">(</span><span class="n">major</span><span class="p">))</span>
627	620	<span class="n">handle_error</span><span class="p">(</span><span class="n">major</span><span class="p">,</span> <span class="n">minor</span><span class="p">);</span>
628	621	<span class="k">if</span> <span class="p">(</span><span class="n">iov</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">buffer</span><span class="o">.</span><span class="n">length</span> <span class="o">></span> <span class="n">sizeof</span><span class="p">(</span><span class="n">data</span><span class="p">))</span>
629	622	<span class="n">handle_out_of_space_error</span><span class="p">();</span>
630	623	<span class="n">iov</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">buffer</span><span class="o">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">data</span><span class="p">;</span>
631	624
632		<span class="n">major</span> <span class="o">=</span> <span class="n">gss_wrap_iov</span><span class="p">(</span><span class="o">&</span><span class="n">minor</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="n">GSS_C_QOP_DEFAULT</span><span class="p">,</span> <span class="n">NULL</span><span class="p">,</span>
633		<span class="n">iov</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span>
	625	<span class="n">major</span> <span class="o">=</span> <span class="n">gss_get_mic_iov</span><span class="p">(</span><span class="o">&</span><span class="n">minor</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">GSS_C_QOP_DEFAULT</span><span class="p">,</span> <span class="n">iov</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span>
634	626	<span class="k">if</span> <span class="p">(</span><span class="n">GSS_ERROR</span><span class="p">(</span><span class="n">major</span><span class="p">))</span>
635	627	<span class="n">handle_error</span><span class="p">(</span><span class="n">major</span><span class="p">,</span> <span class="n">minor</span><span class="p">);</span>
636	628	</pre></div>

700	692
701	693	<div class="footer-wrapper">
702	694	<div class="footer" >
703		<div class="right" ><i>Release: 1.17</i><br />
704		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	695	<div class="right" ><i>Release: 1.18.2</i><br />
	696	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
705	697	</div>
706	698	<div class="left">
707	699

+5

-8

doc/html/appdev/h5l_mit_apidiff.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

93	93	<td>MIT: Before version 1.10 it was assumed that
94	94	the last argument <em>data</em> is ALWAYS non-zero.</td>
95	95	</tr>
96		<tr class="row-odd"><td><a class="reference internal" href="refs/api/krb5_cccol_last_change_time.html#c.krb5_cccol_last_change_time" title="krb5_cccol_last_change_time"><code class="xref c c-func docutils literal"><span class="pre">krb5_cccol_last_change_time()</span></code></a></td>
97		<td>H5l takes 3 arguments: krb5_context context,
98		const char type, krb5_timestamp change_time
99		MIT takes two arguments: krb5_context context,
100		krb5_timestamp *change_time</td>
	96	<tr class="row-odd"><td><code class="xref c c-func docutils literal"><span class="pre">krb5_cccol_last_change_time()</span></code></td>
	97	<td>MIT: not implemented</td>
101	98	</tr>
102	99	<tr class="row-even"><td><a class="reference internal" href="refs/api/krb5_set_default_realm.html#c.krb5_set_default_realm" title="krb5_set_default_realm"><code class="xref c c-func docutils literal"><span class="pre">krb5_set_default_realm()</span></code></a></td>
103	100	<td>H5l: Caches the computed default realm context

161	158
162	159	<div class="footer-wrapper">
163	160	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
166	163	</div>
167	164	<div class="left">
168	165

+3

-3

doc/html/appdev/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

131	131
132	132	<div class="footer-wrapper">
133	133	<div class="footer" >
134		<div class="right" ><i>Release: 1.17</i><br />
135		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	134	<div class="right" ><i>Release: 1.18.2</i><br />
	135	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
136	136	</div>
137	137	<div class="left">
138	138

+3

-3

doc/html/appdev/init_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

414	414
415	415	<div class="footer-wrapper">
416	416	<div class="footer" >
417		<div class="right" ><i>Release: 1.17</i><br />
418		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	417	<div class="right" ><i>Release: 1.18.2</i><br />
	418	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
419	419	</div>
420	420	<div class="left">
421	421

+3

-3

doc/html/appdev/princ_handle.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+6

-11

doc/html/appdev/refs/api/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

176	176	<li class="toctree-l1"><a class="reference internal" href="krb5_address_compare.html">krb5_address_compare - Compare two Kerberos addresses.</a></li>
177	177	<li class="toctree-l1"><a class="reference internal" href="krb5_address_order.html">krb5_address_order - Return an ordering of the specified addresses.</a></li>
178	178	<li class="toctree-l1"><a class="reference internal" href="krb5_address_search.html">krb5_address_search - Search a list of addresses for a specified address.</a></li>
179		<li class="toctree-l1"><a class="reference internal" href="krb5_allow_weak_crypto.html">krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.</a></li>
	179	<li class="toctree-l1"><a class="reference internal" href="krb5_allow_weak_crypto.html">krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.</a></li>
180	180	<li class="toctree-l1"><a class="reference internal" href="krb5_aname_to_localname.html">krb5_aname_to_localname - Convert a principal name to a local name.</a></li>
181	181	<li class="toctree-l1"><a class="reference internal" href="krb5_anonymous_principal.html">krb5_anonymous_principal - Build an anonymous principal.</a></li>
182	182	<li class="toctree-l1"><a class="reference internal" href="krb5_anonymous_realm.html">krb5_anonymous_realm - Return an anonymous realm data.</a></li>

215	215	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_get_config.html">krb5_cc_get_config - Get a configuration value from a credential cache.</a></li>
216	216	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_get_flags.html">krb5_cc_get_flags - Retrieve flags from a credential cache structure.</a></li>
217	217	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_get_full_name.html">krb5_cc_get_full_name - Retrieve the full name of a credential cache.</a></li>
218		<li class="toctree-l1"><a class="reference internal" href="krb5_cc_last_change_time.html">krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.</a></li>
219		<li class="toctree-l1"><a class="reference internal" href="krb5_cc_lock.html">krb5_cc_lock - Lock a credential cache.</a></li>
220	218	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_move.html">krb5_cc_move - Move a credential cache.</a></li>
221	219	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_next_cred.html">krb5_cc_next_cred - Retrieve the next entry from the credential cache.</a></li>
222	220	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_remove_cred.html">krb5_cc_remove_cred - Remove credentials from a credential cache.</a></li>

229	227	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_store_cred.html">krb5_cc_store_cred - Store credentials in a credential cache.</a></li>
230	228	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_support_switch.html">krb5_cc_support_switch - Determine whether a credential cache type supports switching.</a></li>
231	229	<li class="toctree-l1"><a class="reference internal" href="krb5_cc_switch.html">krb5_cc_switch - Make a credential cache the primary cache for its collection.</a></li>
232		<li class="toctree-l1"><a class="reference internal" href="krb5_cc_unlock.html">krb5_cc_unlock - Unlock a credential cache.</a></li>
233	230	<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_cursor_free.html">krb5_cccol_cursor_free - Free a credential cache collection cursor.</a></li>
234	231	<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_cursor_new.html">krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.</a></li>
235	232	<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_cursor_next.html">krb5_cccol_cursor_next - Get the next credential cache in the collection.</a></li>
236	233	<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_have_content.html">krb5_cccol_have_content - Check if the credential cache collection contains any credentials.</a></li>
237		<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_last_change_time.html">krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.</a></li>
238		<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_lock.html">krb5_cccol_lock - Acquire a global lock for credential caches.</a></li>
239		<li class="toctree-l1"><a class="reference internal" href="krb5_cccol_unlock.html">krb5_cccol_unlock - Release a global lock for credential caches.</a></li>
240	234	<li class="toctree-l1"><a class="reference internal" href="krb5_clear_error_message.html">krb5_clear_error_message - Clear the extended error message in a context.</a></li>
241	235	<li class="toctree-l1"><a class="reference internal" href="krb5_check_clockskew.html">krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.</a></li>
242	236	<li class="toctree-l1"><a class="reference internal" href="krb5_copy_addresses.html">krb5_copy_addresses - Copy an array of addresses.</a></li>

260	254	<li class="toctree-l1"><a class="reference internal" href="krb5_free_creds.html">krb5_free_creds - Free a krb5_creds structure.</a></li>
261	255	<li class="toctree-l1"><a class="reference internal" href="krb5_free_data.html">krb5_free_data - Free a krb5_data structure.</a></li>
262	256	<li class="toctree-l1"><a class="reference internal" href="krb5_free_data_contents.html">krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.</a></li>
263		<li class="toctree-l1"><a class="reference internal" href="krb5_free_default_realm.html">krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .</a></li>
	257	<li class="toctree-l1"><a class="reference internal" href="krb5_free_default_realm.html">krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .</a></li>
264	258	<li class="toctree-l1"><a class="reference internal" href="krb5_free_enctypes.html">krb5_free_enctypes - Free an array of encryption types.</a></li>
265	259	<li class="toctree-l1"><a class="reference internal" href="krb5_free_error.html">krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() .</a></li>
266	260	<li class="toctree-l1"><a class="reference internal" href="krb5_free_host_realm.html">krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() .</a></li>

317	311	<li class="toctree-l1"><a class="reference internal" href="krb5_pac_sign_ext.html">krb5_pac_sign_ext - Sign a PAC, possibly with a specified realm.</a></li>
318	312	<li class="toctree-l1"><a class="reference internal" href="krb5_pac_verify.html">krb5_pac_verify - Verify a PAC.</a></li>
319	313	<li class="toctree-l1"><a class="reference internal" href="krb5_pac_verify_ext.html">krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.</a></li>
	314	<li class="toctree-l1"><a class="reference internal" href="krb5_pac_get_client_info.html">krb5_pac_get_client_info</a></li>
320	315	<li class="toctree-l1"><a class="reference internal" href="krb5_prepend_error_message.html">krb5_prepend_error_message - Add a prefix to the message for an error code.</a></li>
321	316	<li class="toctree-l1"><a class="reference internal" href="krb5_principal2salt.html">krb5_principal2salt - Convert a principal name into the default salt for that principal.</a></li>
322	317	<li class="toctree-l1"><a class="reference internal" href="krb5_rd_cred.html">krb5_rd_cred - Read and validate a KRB-CRED message.</a></li>

535	530
536	531	<div class="footer-wrapper">
537	532	<div class="footer" >
538		<div class="right" ><i>Release: 1.17</i><br />
539		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	533	<div class="right" ><i>Release: 1.18.2</i><br />
	534	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
540	535	</div>
541	536	<div class="left">
542	537

+3

-3

doc/html/appdev/refs/api/krb5_425_conv_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_524_conv_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_524_convert_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_address_compare.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_address_order.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+6

-6

doc/html/appdev/refs/api/krb5_address_search.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting." href="krb5_allow_weak_crypto.html" />
	28	<link rel="next" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting." href="krb5_allow_weak_crypto.html" />
29	29	<link rel="prev" title="krb5_address_order - Return an ordering of the specified addresses." href="krb5_address_order.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_address_order.html" title="krb5_address_order - Return an ordering of the specified addresses."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting."
	44	<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting."
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

160	160	>Contents</a> \|
161	161	<a href="krb5_address_order.html" title="krb5_address_order - Return an ordering of the specified addresses."
162	162	>previous</a> \|
163		<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting."
	163	<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting."
164	164	>next</a> \|
165	165	<a href="../../../genindex.html" title="General Index"
166	166	>index</a> \|

+9

-9

doc/html/appdev/refs/api/krb5_allow_weak_crypto.html less more

4	4	<html xmlns="http://www.w3.org/1999/xhtml">
5	5	<head>
6	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting. — MIT Kerberos Documentation</title>
	7	<title>krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting. — MIT Kerberos Documentation</title>
8	8	<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9	9	<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10	10	<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

47	47	accesskey="I">index</a> \|
48	48	<a href="../../../search.html" title="Enter search criteria"
49	49	accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.">feedback</a>
	50	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.">feedback</a>
51	51	</div>
52	52	</div>
53	53	</div>

60	60	<div class="bodywrapper">
61	61	<div class="body" role="main">
62	62
63		<div class="section" id="krb5-allow-weak-crypto-allow-the-appplication-to-override-the-profile-s-allow-weak-crypto-setting">
64		<h1>krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.<a class="headerlink" href="#krb5-allow-weak-crypto-allow-the-appplication-to-override-the-profile-s-allow-weak-crypto-setting" title="Permalink to this headline">¶</a></h1>
	63	<div class="section" id="krb5-allow-weak-crypto-allow-the-application-to-override-the-profile-s-allow-weak-crypto-setting">
	64	<h1>krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.<a class="headerlink" href="#krb5-allow-weak-crypto-allow-the-application-to-override-the-profile-s-allow-weak-crypto-setting" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_allow_weak_crypto">
67	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_allow_weak_crypto</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_boolean.html#c.krb5_boolean" title="krb5_boolean">krb5_boolean</a><em> enable</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_allow_weak_crypto" title="Permalink to this definition">¶</a></dt>

99	99	<div class="sidebar">
100	100	<h2>On this page</h2>
101	101	<ul>
102		<li><a class="reference internal" href="#">krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.</a></li>
	102	<li><a class="reference internal" href="#">krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.</a></li>
103	103	</ul>
104	104
105	105	<br/>

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

162	162	>index</a> \|
163	163	<a href="../../../search.html" title="Enter search criteria"
164	164	>Search</a> \|
165		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting.">feedback</a>
	165	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.">feedback</a>
166	166	</div>
167	167	</div>
168	168	</div>

+6

-6

doc/html/appdev/refs/api/krb5_aname_to_localname.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_anonymous_principal - Build an anonymous principal." href="krb5_anonymous_principal.html" />
29		<link rel="prev" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting." href="krb5_allow_weak_crypto.html" />
	29	<link rel="prev" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting." href="krb5_allow_weak_crypto.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting."
	42	<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting."
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_anonymous_principal.html" title="krb5_anonymous_principal - Build an anonymous principal."
45	45	accesskey="N">next</a> \|

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163
164	164	<a href="../../../index.html" title="Full Table of Contents"
165	165	>Contents</a> \|
166		<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the appplication to override the profile’s allow_weak_crypto setting."
	166	<a href="krb5_allow_weak_crypto.html" title="krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting."
167	167	>previous</a> \|
168	168	<a href="krb5_anonymous_principal.html" title="krb5_anonymous_principal - Build an anonymous principal."
169	169	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_anonymous_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_anonymous_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_appdefault_boolean.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_appdefault_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getaddrs.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getauthenticator.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getflags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getkey_k.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getlocalseqnumber.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getlocalsubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getrcache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getremoteseqnumber.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getremotesubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey_k.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_initivector.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_set_checksum_func.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_set_req_cksumtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setaddrs.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setflags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setports.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+4

-4

doc/html/appdev/refs/api/krb5_auth_con_setrcache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

89	89	</tr>
90	90	</tbody>
91	91	</table>
92		<p>This function sets the replay cache in <em>auth_context</em> to <em>rcache</em> . <em>rcache</em> will be closed when <em>auth_context</em> is freed, so the caller should relinguish that responsibility.</p>
	92	<p>This function sets the replay cache in <em>auth_context</em> to <em>rcache</em> . <em>rcache</em> will be closed when <em>auth_context</em> is freed, so the caller should relinquish that responsibility.</p>
93	93	</div>
94	94
95	95

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey_k.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_auth_con_setuseruserkey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_build_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

158	158
159	159	<div class="footer-wrapper">
160	160	<div class="footer" >
161		<div class="right" ><i>Release: 1.17</i><br />
162		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
163	163	</div>
164	164	<div class="left">
165	165

+3

-3

doc/html/appdev/refs/api/krb5_build_principal_alloc_va.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_build_principal_ext.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_build_principal_va.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_c_block_size.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_c_checksum_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_c_crypto_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_crypto_length_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_decrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_c_decrypt_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_c_derive_prfplus.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_c_encrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_c_encrypt_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_c_encrypt_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_enctype_compare.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_free_state.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_c_fx_cf2_simple.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_c_init_state.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_is_coll_proof_cksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_c_is_keyed_cksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_c_keyed_checksum_types.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_keylengths.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_make_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_c_make_checksum_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_c_make_random_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_padding_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_prf.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_c_prf_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_c_prfplus.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_c_random_add_entropy.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_random_make_octets.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_c_random_os_entropy.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_c_random_seed.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_c_random_to_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_c_string_to_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_c_string_to_key_with_params.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_c_valid_cksumtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_c_valid_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_c_verify_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_c_verify_checksum_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/api/krb5_calculate_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_cc_cache_match.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_cc_close.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_cc_copy_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_cc_default.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_cc_default_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_cc_destroy.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_cc_dup.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_cc_end_seq_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_cc_gen_new.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_cc_get_config.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_cc_get_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+6

-6

doc/html/appdev/refs/api/krb5_cc_get_full_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache." href="krb5_cc_last_change_time.html" />
	28	<link rel="next" title="krb5_cc_move - Move a credential cache." href="krb5_cc_move.html" />
29	29	<link rel="prev" title="krb5_cc_get_flags - Retrieve flags from a credential cache structure." href="krb5_cc_get_flags.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_cc_get_flags.html" title="krb5_cc_get_flags - Retrieve flags from a credential cache structure."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_cc_last_change_time.html" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache."
	44	<a href="krb5_cc_move.html" title="krb5_cc_move - Move a credential cache."
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

150	150	>Contents</a> \|
151	151	<a href="krb5_cc_get_flags.html" title="krb5_cc_get_flags - Retrieve flags from a credential cache structure."
152	152	>previous</a> \|
153		<a href="krb5_cc_last_change_time.html" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache."
	153	<a href="krb5_cc_move.html" title="krb5_cc_move - Move a credential cache."
154	154	>next</a> \|
155	155	<a href="../../../genindex.html" title="General Index"
156	156	>index</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_cc_get_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_cc_get_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_cc_get_type.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_cc_initialize.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+0

-162

~~doc/html/appdev/refs/api/krb5_cc_last_change_time.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cc_lock - Lock a credential cache." href="krb5_cc_lock.html" />
29		<link rel="prev" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache." href="krb5_cc_get_full_name.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cc_get_full_name.html" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache."
43		accesskey="P">previous</a> \|
44		<a href="krb5_cc_lock.html" title="krb5_cc_lock - Lock a credential cache."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cc-last-change-time-return-a-timestamp-of-the-last-modification-to-a-credential-cache">
64		<h1>krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.<a class="headerlink" href="#krb5-cc-last-change-time-return-a-timestamp-of-the-last-modification-to-a-credential-cache" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cc_last_change_time">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cc_last_change_time</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_ccache.html#c.krb5_ccache" title="krb5_ccache">krb5_ccache</a><em> ccache</em>, <a class="reference internal" href="../types/krb5_timestamp.html#c.krb5_timestamp" title="krb5_timestamp">krb5_timestamp</a> *<em> change_time</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cc_last_change_time" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75		<p><strong>[in]</strong> <strong>ccache</strong> - Credential cache handle</p>
76		<p class="last"><strong>[out]</strong> <strong>change_time</strong> - The last change time of <em>ccache</em></p>
77		</td>
78		</tr>
79		</tbody>
80		</table>
81		<p>If an error occurs, <em>change_time</em> is set to 0.</p>
82		</div>
83
84
85		</div>
86		</div>
87		</div>
88		</div>
89		<div class="sidebar">
90		<h2>On this page</h2>
91		<ul>
92		<li><a class="reference internal" href="#">krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.</a></li>
93		</ul>
94
95		<br/>
96		<h2>Table of contents</h2>
97		<ul class="current">
98		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
99		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
100		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
101		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
102		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
103		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
104		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
105		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
106		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
107		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
108		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
109		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
110		</ul>
111		</li>
112		</ul>
113		</li>
114		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
115		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
116		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
117		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
118		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
119		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
120		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
121		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
122		</ul>
123
124		<br/>
125		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
126		<h4>Search</h4>
127		<form class="search" action="../../../search.html" method="get">
128		<input type="text" name="q" size="18" />
129		<input type="submit" value="Go" />
130		<input type="hidden" name="check_keywords" value="yes" />
131		<input type="hidden" name="area" value="default" />
132		</form>
133		</div>
134		<div class="clearer"></div>
135		</div>
136		</div>
137
138		<div class="footer-wrapper">
139		<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
142		</div>
143		<div class="left">
144
145		<a href="../../../index.html" title="Full Table of Contents"
146		>Contents</a> \|
147		<a href="krb5_cc_get_full_name.html" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache."
148		>previous</a> \|
149		<a href="krb5_cc_lock.html" title="krb5_cc_lock - Lock a credential cache."
150		>next</a> \|
151		<a href="../../../genindex.html" title="General Index"
152		>index</a> \|
153		<a href="../../../search.html" title="Enter search criteria"
154		>Search</a> \|
155		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.">feedback</a>
156		</div>
157		</div>
158		</div>
159
160		</body>
161		</html>⏎

+0

-172

~~doc/html/appdev/refs/api/krb5_cc_lock.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cc_lock - Lock a credential cache. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cc_move - Move a credential cache." href="krb5_cc_move.html" />
29		<link rel="prev" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache." href="krb5_cc_last_change_time.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cc_last_change_time.html" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache."
43		accesskey="P">previous</a> \|
44		<a href="krb5_cc_move.html" title="krb5_cc_move - Move a credential cache."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_lock - Lock a credential cache.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cc-lock-lock-a-credential-cache">
64		<h1>krb5_cc_lock - Lock a credential cache.<a class="headerlink" href="#krb5-cc-lock-lock-a-credential-cache" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cc_lock">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cc_lock</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_ccache.html#c.krb5_ccache" title="krb5_ccache">krb5_ccache</a><em> ccache</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cc_lock" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75		<p class="last"><strong>[in]</strong> <strong>ccache</strong> - Credential cache handle</p>
76		</td>
77		</tr>
78		</tbody>
79		</table>
80		<table class="docutils field-list" frame="void" rules="none">
81		<col class="field-name" />
82		<col class="field-body" />
83		<tbody valign="top">
84		<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
85		<li>0 Success; otherwise - Kerberos error codes</li>
86		</ul>
87		</td>
88		</tr>
89		</tbody>
90		</table>
91		<p>Use <a class="reference internal" href="krb5_cc_unlock.html#c.krb5_cc_unlock" title="krb5_cc_unlock"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_unlock()</span></code></a> to unlock the lock.</p>
92		</div>
93
94
95		</div>
96		</div>
97		</div>
98		</div>
99		<div class="sidebar">
100		<h2>On this page</h2>
101		<ul>
102		<li><a class="reference internal" href="#">krb5_cc_lock - Lock a credential cache.</a></li>
103		</ul>
104
105		<br/>
106		<h2>Table of contents</h2>
107		<ul class="current">
108		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
109		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
110		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
111		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
112		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
113		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
114		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
115		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
116		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
117		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
118		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
119		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
120		</ul>
121		</li>
122		</ul>
123		</li>
124		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
125		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
126		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
127		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
128		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
129		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
130		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
131		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
132		</ul>
133
134		<br/>
135		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
136		<h4>Search</h4>
137		<form class="search" action="../../../search.html" method="get">
138		<input type="text" name="q" size="18" />
139		<input type="submit" value="Go" />
140		<input type="hidden" name="check_keywords" value="yes" />
141		<input type="hidden" name="area" value="default" />
142		</form>
143		</div>
144		<div class="clearer"></div>
145		</div>
146		</div>
147
148		<div class="footer-wrapper">
149		<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
152		</div>
153		<div class="left">
154
155		<a href="../../../index.html" title="Full Table of Contents"
156		>Contents</a> \|
157		<a href="krb5_cc_last_change_time.html" title="krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache."
158		>previous</a> \|
159		<a href="krb5_cc_move.html" title="krb5_cc_move - Move a credential cache."
160		>next</a> \|
161		<a href="../../../genindex.html" title="General Index"
162		>index</a> \|
163		<a href="../../../search.html" title="Enter search criteria"
164		>Search</a> \|
165		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_lock - Lock a credential cache.">feedback</a>
166		</div>
167		</div>
168		</div>
169
170		</body>
171		</html>⏎

+6

-6

doc/html/appdev/refs/api/krb5_cc_move.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_cc_next_cred - Retrieve the next entry from the credential cache." href="krb5_cc_next_cred.html" />
29		<link rel="prev" title="krb5_cc_lock - Lock a credential cache." href="krb5_cc_lock.html" />
	29	<link rel="prev" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache." href="krb5_cc_get_full_name.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_cc_lock.html" title="krb5_cc_lock - Lock a credential cache."
	42	<a href="krb5_cc_get_full_name.html" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache."
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_cc_next_cred.html" title="krb5_cc_next_cred - Retrieve the next entry from the credential cache."
45	45	accesskey="N">next</a> \|

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160
161	161	<a href="../../../index.html" title="Full Table of Contents"
162	162	>Contents</a> \|
163		<a href="krb5_cc_lock.html" title="krb5_cc_lock - Lock a credential cache."
	163	<a href="krb5_cc_get_full_name.html" title="krb5_cc_get_full_name - Retrieve the full name of a credential cache."
164	164	>previous</a> \|
165	165	<a href="krb5_cc_next_cred.html" title="krb5_cc_next_cred - Retrieve the next entry from the credential cache."
166	166	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_cc_new_unique.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_cc_next_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_cc_remove_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

158	158
159	159	<div class="footer-wrapper">
160	160	<div class="footer" >
161		<div class="right" ><i>Release: 1.17</i><br />
162		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
163	163	</div>
164	164	<div class="left">
165	165

+3

-3

doc/html/appdev/refs/api/krb5_cc_resolve.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_cc_retrieve_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

168	168
169	169	<div class="footer-wrapper">
170	170	<div class="footer" >
171		<div class="right" ><i>Release: 1.17</i><br />
172		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	171	<div class="right" ><i>Release: 1.18.2</i><br />
	172	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
173	173	</div>
174	174	<div class="left">
175	175

+3

-3

doc/html/appdev/refs/api/krb5_cc_select.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_cc_set_config.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/api/krb5_cc_set_default_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_cc_set_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+4

-4

doc/html/appdev/refs/api/krb5_cc_start_seq_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

93	93	<div><a class="reference internal" href="krb5_cc_end_seq_get.html#c.krb5_cc_end_seq_get" title="krb5_cc_end_seq_get"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_end_seq_get()</span></code></a> must be called to complete the retrieve operation.</div></blockquote>
94	94	<div class="admonition note">
95	95	<p class="first admonition-title">Note</p>
96		<p class="last">If <em>cache</em> is modified between the time of the call to this function and the time of the final <a class="reference internal" href="krb5_cc_end_seq_get.html#c.krb5_cc_end_seq_get" title="krb5_cc_end_seq_get"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_end_seq_get()</span></code></a> , the results are undefined.</p>
	96	<p class="last">If the cache represented by <em>cache</em> is modified between the time of the call to this function and the time of the final <a class="reference internal" href="krb5_cc_end_seq_get.html#c.krb5_cc_end_seq_get" title="krb5_cc_end_seq_get"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_end_seq_get()</span></code></a> , these changes may not be reflected in the results of <a class="reference internal" href="krb5_cc_next_cred.html#c.krb5_cc_next_cred" title="krb5_cc_next_cred"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_next_cred()</span></code></a> calls.</p>
97	97	</div>
98	98	</div>
99	99

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_cc_store_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_cc_support_switch.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+6

-6

doc/html/appdev/refs/api/krb5_cc_switch.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cc_unlock - Unlock a credential cache." href="krb5_cc_unlock.html" />
	28	<link rel="next" title="krb5_cccol_cursor_free - Free a credential cache collection cursor." href="krb5_cccol_cursor_free.html" />
29	29	<link rel="prev" title="krb5_cc_support_switch - Determine whether a credential cache type supports switching." href="krb5_cc_support_switch.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_cc_support_switch.html" title="krb5_cc_support_switch - Determine whether a credential cache type supports switching."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_cc_unlock.html" title="krb5_cc_unlock - Unlock a credential cache."
	44	<a href="krb5_cccol_cursor_free.html" title="krb5_cccol_cursor_free - Free a credential cache collection cursor."
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

161	161	>Contents</a> \|
162	162	<a href="krb5_cc_support_switch.html" title="krb5_cc_support_switch - Determine whether a credential cache type supports switching."
163	163	>previous</a> \|
164		<a href="krb5_cc_unlock.html" title="krb5_cc_unlock - Unlock a credential cache."
	164	<a href="krb5_cccol_cursor_free.html" title="krb5_cccol_cursor_free - Free a credential cache collection cursor."
165	165	>next</a> \|
166	166	<a href="../../../genindex.html" title="General Index"
167	167	>index</a> \|

+0

-172

~~doc/html/appdev/refs/api/krb5_cc_unlock.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cc_unlock - Unlock a credential cache. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cccol_cursor_free - Free a credential cache collection cursor." href="krb5_cccol_cursor_free.html" />
29		<link rel="prev" title="krb5_cc_switch - Make a credential cache the primary cache for its collection." href="krb5_cc_switch.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cc_switch.html" title="krb5_cc_switch - Make a credential cache the primary cache for its collection."
43		accesskey="P">previous</a> \|
44		<a href="krb5_cccol_cursor_free.html" title="krb5_cccol_cursor_free - Free a credential cache collection cursor."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_unlock - Unlock a credential cache.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cc-unlock-unlock-a-credential-cache">
64		<h1>krb5_cc_unlock - Unlock a credential cache.<a class="headerlink" href="#krb5-cc-unlock-unlock-a-credential-cache" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cc_unlock">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cc_unlock</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_ccache.html#c.krb5_ccache" title="krb5_ccache">krb5_ccache</a><em> ccache</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cc_unlock" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75		<p class="last"><strong>[in]</strong> <strong>ccache</strong> - Credential cache handle</p>
76		</td>
77		</tr>
78		</tbody>
79		</table>
80		<table class="docutils field-list" frame="void" rules="none">
81		<col class="field-name" />
82		<col class="field-body" />
83		<tbody valign="top">
84		<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
85		<li>0 Success; otherwise - Kerberos error codes</li>
86		</ul>
87		</td>
88		</tr>
89		</tbody>
90		</table>
91		<p>This function unlocks the <em>ccache</em> locked by <a class="reference internal" href="krb5_cc_lock.html#c.krb5_cc_lock" title="krb5_cc_lock"><code class="xref c c-func docutils literal"><span class="pre">krb5_cc_lock()</span></code></a> .</p>
92		</div>
93
94
95		</div>
96		</div>
97		</div>
98		</div>
99		<div class="sidebar">
100		<h2>On this page</h2>
101		<ul>
102		<li><a class="reference internal" href="#">krb5_cc_unlock - Unlock a credential cache.</a></li>
103		</ul>
104
105		<br/>
106		<h2>Table of contents</h2>
107		<ul class="current">
108		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
109		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
110		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
111		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
112		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
113		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
114		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
115		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
116		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
117		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
118		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
119		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
120		</ul>
121		</li>
122		</ul>
123		</li>
124		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
125		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
126		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
127		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
128		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
129		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
130		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
131		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
132		</ul>
133
134		<br/>
135		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
136		<h4>Search</h4>
137		<form class="search" action="../../../search.html" method="get">
138		<input type="text" name="q" size="18" />
139		<input type="submit" value="Go" />
140		<input type="hidden" name="check_keywords" value="yes" />
141		<input type="hidden" name="area" value="default" />
142		</form>
143		</div>
144		<div class="clearer"></div>
145		</div>
146		</div>
147
148		<div class="footer-wrapper">
149		<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
152		</div>
153		<div class="left">
154
155		<a href="../../../index.html" title="Full Table of Contents"
156		>Contents</a> \|
157		<a href="krb5_cc_switch.html" title="krb5_cc_switch - Make a credential cache the primary cache for its collection."
158		>previous</a> \|
159		<a href="krb5_cccol_cursor_free.html" title="krb5_cccol_cursor_free - Free a credential cache collection cursor."
160		>next</a> \|
161		<a href="../../../genindex.html" title="General Index"
162		>index</a> \|
163		<a href="../../../search.html" title="Enter search criteria"
164		>Search</a> \|
165		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cc_unlock - Unlock a credential cache.">feedback</a>
166		</div>
167		</div>
168		</div>
169
170		</body>
171		</html>⏎

+6

-6

doc/html/appdev/refs/api/krb5_cccol_cursor_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches." href="krb5_cccol_cursor_new.html" />
29		<link rel="prev" title="krb5_cc_unlock - Unlock a credential cache." href="krb5_cc_unlock.html" />
	29	<link rel="prev" title="krb5_cc_switch - Make a credential cache the primary cache for its collection." href="krb5_cc_switch.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_cc_unlock.html" title="krb5_cc_unlock - Unlock a credential cache."
	42	<a href="krb5_cc_switch.html" title="krb5_cc_switch - Make a credential cache the primary cache for its collection."
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_cccol_cursor_new.html" title="krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches."
45	45	accesskey="N">next</a> \|

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157
158	158	<a href="../../../index.html" title="Full Table of Contents"
159	159	>Contents</a> \|
160		<a href="krb5_cc_unlock.html" title="krb5_cc_unlock - Unlock a credential cache."
	160	<a href="krb5_cc_switch.html" title="krb5_cc_switch - Make a credential cache the primary cache for its collection."
161	161	>previous</a> \|
162	162	<a href="krb5_cccol_cursor_new.html" title="krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches."
163	163	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_cccol_cursor_new.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_cccol_cursor_next.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+6

-6

doc/html/appdev/refs/api/krb5_cccol_have_content.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache." href="krb5_cccol_last_change_time.html" />
	28	<link rel="next" title="krb5_clear_error_message - Clear the extended error message in a context." href="krb5_clear_error_message.html" />
29	29	<link rel="prev" title="krb5_cccol_cursor_next - Get the next credential cache in the collection." href="krb5_cccol_cursor_next.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_cccol_cursor_next.html" title="krb5_cccol_cursor_next - Get the next credential cache in the collection."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_cccol_last_change_time.html" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache."
	44	<a href="krb5_clear_error_message.html" title="krb5_clear_error_message - Clear the extended error message in a context."
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

158	158	>Contents</a> \|
159	159	<a href="krb5_cccol_cursor_next.html" title="krb5_cccol_cursor_next - Get the next credential cache in the collection."
160	160	>previous</a> \|
161		<a href="krb5_cccol_last_change_time.html" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache."
	161	<a href="krb5_clear_error_message.html" title="krb5_clear_error_message - Clear the extended error message in a context."
162	162	>next</a> \|
163	163	<a href="../../../genindex.html" title="General Index"
164	164	>index</a> \|

+0

-173

~~doc/html/appdev/refs/api/krb5_cccol_last_change_time.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cccol_lock - Acquire a global lock for credential caches." href="krb5_cccol_lock.html" />
29		<link rel="prev" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials." href="krb5_cccol_have_content.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cccol_have_content.html" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials."
43		accesskey="P">previous</a> \|
44		<a href="krb5_cccol_lock.html" title="krb5_cccol_lock - Acquire a global lock for credential caches."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cccol-last-change-time-return-a-timestamp-of-the-last-modification-of-any-known-credential-cache">
64		<h1>krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.<a class="headerlink" href="#krb5-cccol-last-change-time-return-a-timestamp-of-the-last-modification-of-any-known-credential-cache" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cccol_last_change_time">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cccol_last_change_time</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_timestamp.html#c.krb5_timestamp" title="krb5_timestamp">krb5_timestamp</a> *<em> change_time</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cccol_last_change_time" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75		<p class="last"><strong>[out]</strong> <strong>change_time</strong> - Last modification timestamp</p>
76		</td>
77		</tr>
78		</tbody>
79		</table>
80		<table class="docutils field-list" frame="void" rules="none">
81		<col class="field-name" />
82		<col class="field-body" />
83		<tbody valign="top">
84		<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
85		<li>0 Success; otherwise - Kerberos error codes</li>
86		</ul>
87		</td>
88		</tr>
89		</tbody>
90		</table>
91		<p>This function returns the most recent modification time of any known credential cache, ignoring any caches which cannot supply a last modification time.</p>
92		<p>If there are no known credential caches, <em>change_time</em> is set to 0.</p>
93		</div>
94
95
96		</div>
97		</div>
98		</div>
99		</div>
100		<div class="sidebar">
101		<h2>On this page</h2>
102		<ul>
103		<li><a class="reference internal" href="#">krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.</a></li>
104		</ul>
105
106		<br/>
107		<h2>Table of contents</h2>
108		<ul class="current">
109		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
110		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
111		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
112		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
113		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
114		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
115		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
116		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
117		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
118		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
119		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
120		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
121		</ul>
122		</li>
123		</ul>
124		</li>
125		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
126		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
127		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
128		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
129		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
130		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
131		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
132		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
133		</ul>
134
135		<br/>
136		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
137		<h4>Search</h4>
138		<form class="search" action="../../../search.html" method="get">
139		<input type="text" name="q" size="18" />
140		<input type="submit" value="Go" />
141		<input type="hidden" name="check_keywords" value="yes" />
142		<input type="hidden" name="area" value="default" />
143		</form>
144		</div>
145		<div class="clearer"></div>
146		</div>
147		</div>
148
149		<div class="footer-wrapper">
150		<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
153		</div>
154		<div class="left">
155
156		<a href="../../../index.html" title="Full Table of Contents"
157		>Contents</a> \|
158		<a href="krb5_cccol_have_content.html" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials."
159		>previous</a> \|
160		<a href="krb5_cccol_lock.html" title="krb5_cccol_lock - Acquire a global lock for credential caches."
161		>next</a> \|
162		<a href="../../../genindex.html" title="General Index"
163		>index</a> \|
164		<a href="../../../search.html" title="Enter search criteria"
165		>Search</a> \|
166		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.">feedback</a>
167		</div>
168		</div>
169		</div>
170
171		</body>
172		</html>⏎

+0

-171

~~doc/html/appdev/refs/api/krb5_cccol_lock.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cccol_lock - Acquire a global lock for credential caches. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_cccol_unlock - Release a global lock for credential caches." href="krb5_cccol_unlock.html" />
29		<link rel="prev" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache." href="krb5_cccol_last_change_time.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cccol_last_change_time.html" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache."
43		accesskey="P">previous</a> \|
44		<a href="krb5_cccol_unlock.html" title="krb5_cccol_unlock - Release a global lock for credential caches."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_lock - Acquire a global lock for credential caches.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cccol-lock-acquire-a-global-lock-for-credential-caches">
64		<h1>krb5_cccol_lock - Acquire a global lock for credential caches.<a class="headerlink" href="#krb5-cccol-lock-acquire-a-global-lock-for-credential-caches" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cccol_lock">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cccol_lock</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cccol_lock" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><strong>[in]</strong> <strong>context</strong> - Library context</td>
75		</tr>
76		</tbody>
77		</table>
78		<table class="docutils field-list" frame="void" rules="none">
79		<col class="field-name" />
80		<col class="field-body" />
81		<tbody valign="top">
82		<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
83		<li>0 Success; otherwise - Kerberos error codes</li>
84		</ul>
85		</td>
86		</tr>
87		</tbody>
88		</table>
89		<p>This function locks the global credential cache collection, ensuring that no ccaches are added to or removed from it until the collection lock is released.</p>
90		<p>Use <a class="reference internal" href="krb5_cccol_unlock.html#c.krb5_cccol_unlock" title="krb5_cccol_unlock"><code class="xref c c-func docutils literal"><span class="pre">krb5_cccol_unlock()</span></code></a> to unlock the lock.</p>
91		</div>
92
93
94		</div>
95		</div>
96		</div>
97		</div>
98		<div class="sidebar">
99		<h2>On this page</h2>
100		<ul>
101		<li><a class="reference internal" href="#">krb5_cccol_lock - Acquire a global lock for credential caches.</a></li>
102		</ul>
103
104		<br/>
105		<h2>Table of contents</h2>
106		<ul class="current">
107		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
108		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
109		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
110		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
111		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
112		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
113		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
114		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
115		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
116		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
117		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
118		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
119		</ul>
120		</li>
121		</ul>
122		</li>
123		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
124		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
125		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
126		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
127		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
128		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
129		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
130		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
131		</ul>
132
133		<br/>
134		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
135		<h4>Search</h4>
136		<form class="search" action="../../../search.html" method="get">
137		<input type="text" name="q" size="18" />
138		<input type="submit" value="Go" />
139		<input type="hidden" name="check_keywords" value="yes" />
140		<input type="hidden" name="area" value="default" />
141		</form>
142		</div>
143		<div class="clearer"></div>
144		</div>
145		</div>
146
147		<div class="footer-wrapper">
148		<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
151		</div>
152		<div class="left">
153
154		<a href="../../../index.html" title="Full Table of Contents"
155		>Contents</a> \|
156		<a href="krb5_cccol_last_change_time.html" title="krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache."
157		>previous</a> \|
158		<a href="krb5_cccol_unlock.html" title="krb5_cccol_unlock - Release a global lock for credential caches."
159		>next</a> \|
160		<a href="../../../genindex.html" title="General Index"
161		>index</a> \|
162		<a href="../../../search.html" title="Enter search criteria"
163		>Search</a> \|
164		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_lock - Acquire a global lock for credential caches.">feedback</a>
165		</div>
166		</div>
167		</div>
168
169		</body>
170		</html>⏎

+0

-170

~~doc/html/appdev/refs/api/krb5_cccol_unlock.html~~ less more

0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2		"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4		<html xmlns="http://www.w3.org/1999/xhtml">
5		<head>
6		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_cccol_unlock - Release a global lock for credential caches. — MIT Kerberos Documentation</title>
8		<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9		<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10		<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11		<script type="text/javascript">
12		var DOCUMENTATION_OPTIONS = {
13		URL_ROOT: '../../../',
14		VERSION: '1.17',
15		COLLAPSE_INDEX: false,
16		FILE_SUFFIX: '.html',
17		HAS_SOURCE: true,
18		SOURCELINK_SUFFIX: '.txt'
19		};
20		</script>
21		<script type="text/javascript" src="../../../_static/jquery.js"></script>
22		<script type="text/javascript" src="../../../_static/underscore.js"></script>
23		<script type="text/javascript" src="../../../_static/doctools.js"></script>
24		<link rel="author" title="About these documents" href="../../../about.html" />
25		<link rel="index" title="Index" href="../../../genindex.html" />
26		<link rel="search" title="Search" href="../../../search.html" />
27		<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_clear_error_message - Clear the extended error message in a context." href="krb5_clear_error_message.html" />
29		<link rel="prev" title="krb5_cccol_lock - Acquire a global lock for credential caches." href="krb5_cccol_lock.html" />
30		</head>
31		<body>
32		<div class="header-wrapper">
33		<div class="header">
34
35
36		<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
37
38		<div class="rel">
39
40		<a href="../../../index.html" title="Full Table of Contents"
41		accesskey="C">Contents</a> \|
42		<a href="krb5_cccol_lock.html" title="krb5_cccol_lock - Acquire a global lock for credential caches."
43		accesskey="P">previous</a> \|
44		<a href="krb5_clear_error_message.html" title="krb5_clear_error_message - Clear the extended error message in a context."
45		accesskey="N">next</a> \|
46		<a href="../../../genindex.html" title="General Index"
47		accesskey="I">index</a> \|
48		<a href="../../../search.html" title="Enter search criteria"
49		accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_unlock - Release a global lock for credential caches.">feedback</a>
51		</div>
52		</div>
53		</div>
54
55		<div class="content-wrapper">
56		<div class="content">
57		<div class="document">
58
59		<div class="documentwrapper">
60		<div class="bodywrapper">
61		<div class="body" role="main">
62
63		<div class="section" id="krb5-cccol-unlock-release-a-global-lock-for-credential-caches">
64		<h1>krb5_cccol_unlock - Release a global lock for credential caches.<a class="headerlink" href="#krb5-cccol-unlock-release-a-global-lock-for-credential-caches" title="Permalink to this headline">¶</a></h1>
65		<dl class="function">
66		<dt id="c.krb5_cccol_unlock">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_cccol_unlock</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_cccol_unlock" title="Permalink to this definition">¶</a></dt>
68		<dd></dd></dl>
69
70		<table class="docutils field-list" frame="void" rules="none">
71		<col class="field-name" />
72		<col class="field-body" />
73		<tbody valign="top">
74		<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><strong>[in]</strong> <strong>context</strong> - Library context</td>
75		</tr>
76		</tbody>
77		</table>
78		<table class="docutils field-list" frame="void" rules="none">
79		<col class="field-name" />
80		<col class="field-body" />
81		<tbody valign="top">
82		<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
83		<li>0 Success; otherwise - Kerberos error codes</li>
84		</ul>
85		</td>
86		</tr>
87		</tbody>
88		</table>
89		<p>This function unlocks the lock from <a class="reference internal" href="krb5_cccol_lock.html#c.krb5_cccol_lock" title="krb5_cccol_lock"><code class="xref c c-func docutils literal"><span class="pre">krb5_cccol_lock()</span></code></a> .</p>
90		</div>
91
92
93		</div>
94		</div>
95		</div>
96		</div>
97		<div class="sidebar">
98		<h2>On this page</h2>
99		<ul>
100		<li><a class="reference internal" href="#">krb5_cccol_unlock - Release a global lock for credential caches.</a></li>
101		</ul>
102
103		<br/>
104		<h2>Table of contents</h2>
105		<ul class="current">
106		<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
107		<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
108		<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
109		<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
110		<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
111		<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
112		<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
113		<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
114		<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
115		<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
116		<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
117		<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
118		</ul>
119		</li>
120		</ul>
121		</li>
122		<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
123		<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
124		<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
125		<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
126		<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
127		<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
128		<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
129		<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
130		</ul>
131
132		<br/>
133		<h4><a href="../../../index.html">Full Table of Contents</a></h4>
134		<h4>Search</h4>
135		<form class="search" action="../../../search.html" method="get">
136		<input type="text" name="q" size="18" />
137		<input type="submit" value="Go" />
138		<input type="hidden" name="check_keywords" value="yes" />
139		<input type="hidden" name="area" value="default" />
140		</form>
141		</div>
142		<div class="clearer"></div>
143		</div>
144		</div>
145
146		<div class="footer-wrapper">
147		<div class="footer" >
148		<div class="right" ><i>Release: 1.17</i><br />
149		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
150		</div>
151		<div class="left">
152
153		<a href="../../../index.html" title="Full Table of Contents"
154		>Contents</a> \|
155		<a href="krb5_cccol_lock.html" title="krb5_cccol_lock - Acquire a global lock for credential caches."
156		>previous</a> \|
157		<a href="krb5_clear_error_message.html" title="krb5_clear_error_message - Clear the extended error message in a context."
158		>next</a> \|
159		<a href="../../../genindex.html" title="General Index"
160		>index</a> \|
161		<a href="../../../search.html" title="Enter search criteria"
162		>Search</a> \|
163		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_cccol_unlock - Release a global lock for credential caches.">feedback</a>
164		</div>
165		</div>
166		</div>
167
168		</body>
169		</html>⏎

+3

-3

doc/html/appdev/refs/api/krb5_change_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/api/krb5_check_clockskew.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_checksum_size.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_chpw_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

158	158
159	159	<div class="footer-wrapper">
160	160	<div class="footer" >
161		<div class="right" ><i>Release: 1.17</i><br />
162		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
163	163	</div>
164	164	<div class="left">
165	165

+3

-3

doc/html/appdev/refs/api/krb5_cksumtype_to_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+6

-6

doc/html/appdev/refs/api/krb5_clear_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time." href="krb5_check_clockskew.html" />
29		<link rel="prev" title="krb5_cccol_unlock - Release a global lock for credential caches." href="krb5_cccol_unlock.html" />
	29	<link rel="prev" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials." href="krb5_cccol_have_content.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_cccol_unlock.html" title="krb5_cccol_unlock - Release a global lock for credential caches."
	42	<a href="krb5_cccol_have_content.html" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials."
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_check_clockskew.html" title="krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time."
45	45	accesskey="N">next</a> \|

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141
142	142	<a href="../../../index.html" title="Full Table of Contents"
143	143	>Contents</a> \|
144		<a href="krb5_cccol_unlock.html" title="krb5_cccol_unlock - Release a global lock for credential caches."
	144	<a href="krb5_cccol_have_content.html" title="krb5_cccol_have_content - Check if the credential cache collection contains any credentials."
145	145	>previous</a> \|
146	146	<a href="krb5_check_clockskew.html" title="krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time."
147	147	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_copy_addresses.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_authdata.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_copy_authenticator.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_copy_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_copy_keyblock.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_keyblock_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_copy_ticket.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_decode_authdata_container.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_decode_ticket.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_decrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_deltat_to_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_eblock_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_encode_authdata_container.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_encrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_encrypt_size.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_enctype_to_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_enctype_to_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_expand_hostname.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_find_authdata.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/api/krb5_finish_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_finish_random_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_free_addresses.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_free_ap_rep_enc_part.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_authdata.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_free_authenticator.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_checksum_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_cksumtypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_free_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/api/krb5_free_cred_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+6

-6

doc/html/appdev/refs/api/krb5_free_data_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ." href="krb5_free_default_realm.html" />
	28	<link rel="next" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ." href="krb5_free_default_realm.html" />
29	29	<link rel="prev" title="krb5_free_data - Free a krb5_data structure." href="krb5_free_data.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_free_data.html" title="krb5_free_data - Free a krb5_data structure."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ."
	44	<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ."
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

145	145	>Contents</a> \|
146	146	<a href="krb5_free_data.html" title="krb5_free_data - Free a krb5_data structure."
147	147	>previous</a> \|
148		<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ."
	148	<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ."
149	149	>next</a> \|
150	150	<a href="../../../genindex.html" title="General Index"
151	151	>index</a> \|

+9

-9

doc/html/appdev/refs/api/krb5_free_default_realm.html less more

4	4	<html xmlns="http://www.w3.org/1999/xhtml">
5	5	<head>
6	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() . — MIT Kerberos Documentation</title>
	7	<title>krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() . — MIT Kerberos Documentation</title>
8	8	<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
9	9	<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
10	10	<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

47	47	accesskey="I">index</a> \|
48	48	<a href="../../../search.html" title="Enter search criteria"
49	49	accesskey="S">Search</a> \|
50		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .">feedback</a>
	50	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .">feedback</a>
51	51	</div>
52	52	</div>
53	53	</div>

60	60	<div class="bodywrapper">
61	61	<div class="body" role="main">
62	62
63		<div class="section" id="krb5-free-default-realm-free-a-defaultrealm-string-returned-by-krb5-get-default-realm">
64		<h1>krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .<a class="headerlink" href="#krb5-free-default-realm-free-a-defaultrealm-string-returned-by-krb5-get-default-realm" title="Permalink to this headline">¶</a></h1>
	63	<div class="section" id="krb5-free-default-realm-free-a-default-realm-string-returned-by-krb5-get-default-realm">
	64	<h1>krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .<a class="headerlink" href="#krb5-free-default-realm-free-a-default-realm-string-returned-by-krb5-get-default-realm" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_free_default_realm">
67	67	void <code class="descname">krb5_free_default_realm</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, char *<em> lrealm</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_free_default_realm" title="Permalink to this definition">¶</a></dt>

87	87	<div class="sidebar">
88	88	<h2>On this page</h2>
89	89	<ul>
90		<li><a class="reference internal" href="#">krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .</a></li>
	90	<li><a class="reference internal" href="#">krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .</a></li>
91	91	</ul>
92	92
93	93	<br/>

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

150	150	>index</a> \|
151	151	<a href="../../../search.html" title="Enter search criteria"
152	152	>Search</a> \|
153		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .">feedback</a>
	153	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .">feedback</a>
154	154	</div>
155	155	</div>
156	156	</div>

+6

-6

doc/html/appdev/refs/api/krb5_free_enctypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() ." href="krb5_free_error.html" />
29		<link rel="prev" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ." href="krb5_free_default_realm.html" />
	29	<link rel="prev" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ." href="krb5_free_default_realm.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ."
	42	<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ."
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_free_error.html" title="krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() ."
45	45	accesskey="N">next</a> \|

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146
147	147	<a href="../../../index.html" title="Full Table of Contents"
148	148	>Contents</a> \|
149		<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() ."
	149	<a href="krb5_free_default_realm.html" title="krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() ."
150	150	>previous</a> \|
151	151	<a href="krb5_free_error.html" title="krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() ."
152	152	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_free_error.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_free_host_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_free_keyblock.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_keyblock_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_keytab_entry_contents.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_free_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_free_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_free_tgt_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_free_ticket.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_free_unparsed_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_fwd_tgt_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/api/krb5_get_credentials.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

168	168
169	169	<div class="footer-wrapper">
170	170	<div class="footer" >
171		<div class="right" ><i>Release: 1.17</i><br />
172		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	171	<div class="right" ><i>Release: 1.18.2</i><br />
	172	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
173	173	</div>
174	174	<div class="left">
175	175

+3

-3

doc/html/appdev/refs/api/krb5_get_credentials_renew.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_get_credentials_validate.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_get_default_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_get_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_get_etype_info.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

163	163
164	164	<div class="footer-wrapper">
165	165	<div class="footer" >
166		<div class="right" ><i>Release: 1.17</i><br />
167		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	166	<div class="right" ><i>Release: 1.18.2</i><br />
	167	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
168	168	</div>
169	169	<div class="left">
170	170

+3

-3

doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_get_host_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_get_in_tkt_with_keytab.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/api/krb5_get_in_tkt_with_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/api/krb5_get_in_tkt_with_skey.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_keytab.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_alloc.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pa.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_responder.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_salt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_get_init_creds_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

168	168
169	169	<div class="footer-wrapper">
170	170	<div class="footer" >
171		<div class="right" ><i>Release: 1.17</i><br />
172		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	171	<div class="right" ><i>Release: 1.18.2</i><br />
	172	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
173	173	</div>
174	174	<div class="left">
175	175

+3

-3

doc/html/appdev/refs/api/krb5_get_permitted_enctypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_get_profile.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_get_prompt_types.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_get_renewed_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+9

-5

doc/html/appdev/refs/api/krb5_get_server_rcache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

72	72	<col class="field-body" />
73	73	<tbody valign="top">
74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75		<p><strong>[in]</strong> <strong>piece</strong> - Unique identifier for replay cache</p>
	75	<p><strong>[in]</strong> <strong>piece</strong> - Unused (replay cache identifier)</p>
76	76	<p class="last"><strong>[out]</strong> <strong>rcptr</strong> - Handle to an open rcache</p>
77	77	</td>
78	78	</tr>

89	89	</tr>
90	90	</tbody>
91	91	</table>
92		<p>This function generates a replay cache name based on <em>piece</em> and opens a handle to it. Typically <em>piece</em> is the first component of the service principal name. Use krb5_rc_close() to close <em>rcptr</em> when it is no longer needed.</p>
	92	<p>This function creates a handle to the default replay cache. Use krb5_rc_close() to close <em>rcptr</em> when it is no longer needed.</p>
	93	<div class="admonition note">
	94	<p class="first admonition-title">Note</p>
	95	<p class="last">Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of <em>piece</em> .</p>
	96	</div>
93	97	</div>
94	98
95	99

148	152
149	153	<div class="footer-wrapper">
150	154	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	157	</div>
154	158	<div class="left">
155	159

+3

-3

doc/html/appdev/refs/api/krb5_get_time_offsets.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_get_validated_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/api/krb5_init_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_init_context_profile.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_get_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_get_error.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_get_times.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_set_keytab.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_set_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_set_service.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_init_creds_step.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_init_keyblock.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_init_random_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_init_secure_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_is_config_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_is_referral_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_is_thread_safe.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

144	144
145	145	<div class="footer-wrapper">
146	146	<div class="footer" >
147		<div class="right" ><i>Release: 1.17</i><br />
148		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	147	<div class="right" ><i>Release: 1.18.2</i><br />
	148	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
149	149	</div>
150	150	<div class="left">
151	151

+3

-3

doc/html/appdev/refs/api/krb5_k_create_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_k_decrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_k_decrypt_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_k_encrypt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_k_encrypt_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_k_free_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_k_key_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_k_key_keyblock.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_k_make_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_k_make_checksum_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_k_prf.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_k_reference_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/api/krb5_k_verify_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_k_verify_checksum_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/api/krb5_kt_add_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_kt_client_default.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_kt_close.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_kt_default.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_kt_default_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_kt_dup.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_kt_end_seq_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_kt_free_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_kt_get_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_kt_get_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_kt_get_type.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_kt_have_content.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_kt_next_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_kt_read_service_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

158	158
159	159	<div class="footer-wrapper">
160	160	<div class="footer" >
161		<div class="right" ><i>Release: 1.17</i><br />
162		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
163	163	</div>
164	164	<div class="left">
165	165

+3

-3

doc/html/appdev/refs/api/krb5_kt_remove_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_kt_resolve.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_kt_start_seq_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_kuserok.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_make_authdata_kdc_issued.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_merge_authdata.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+7

-7

doc/html/appdev/refs/api/krb5_mk_1cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.<a class="headerlink" href="#krb5-mk-1cred-format-a-krb-cred-message-for-a-single-set-of-credentials" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_mk_1cred">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_1cred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> <em> pcreds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> ppdata</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> <em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_1cred" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_1cred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> <em> creds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> <em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_1cred" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

73	73	<tbody valign="top">
74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76		<p><strong>[in]</strong> <strong>pcreds</strong> - Pointer to credentials</p>
77		<p><strong>[out]</strong> <strong>ppdata</strong> - Encoded credentials</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay cache data (NULL if not needed)</p>
	76	<p><strong>[in]</strong> <strong>creds</strong> - Pointer to credentials</p>
	77	<p><strong>[out]</strong> <strong>der_out</strong> - Encoded credentials</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay cache data (NULL if not needed)</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_mk_error.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+14

-10

doc/html/appdev/refs/api/krb5_mk_ncred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.<a class="headerlink" href="#krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_mk_ncred">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_ncred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> <em> ppcreds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> ppdata</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_ncred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> <em> creds</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_ncred" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

73	73	<tbody valign="top">
74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76		<p><strong>[in]</strong> <strong>ppcreds</strong> - Null-terminated array of credentials</p>
77		<p><strong>[out]</strong> <strong>ppdata</strong> - Encoded credentials</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay cache information (NULL if not needed)</p>
	76	<p><strong>[in]</strong> <strong>creds</strong> - Null-terminated array of credentials</p>
	77	<p><strong>[out]</strong> <strong>der_out</strong> - Encoded credentials</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay cache information (NULL if not needed)</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

98	98	</tr>
99	99	</tbody>
100	100	</table>
101		<p>This function takes an array of credentials <em>ppcreds</em> and formats a <strong>KRB-CRED</strong> message <em>ppdata</em> to pass to <a class="reference internal" href="krb5_rd_cred.html#c.krb5_rd_cred" title="krb5_rd_cred"><code class="xref c c-func docutils literal"><span class="pre">krb5_rd_cred()</span></code></a> .</p>
102		<p>The message will be encrypted using the send subkey of <em>auth_context</em> if it is present, or the session key otherwise.</p>
	101	<p>This function takes an array of credentials <em>creds</em> and formats a <strong>KRB-CRED</strong> message <em>der_out</em> to pass to <a class="reference internal" href="krb5_rd_cred.html#c.krb5_rd_cred" title="krb5_rd_cred"><code class="xref c c-func docutils literal"><span class="pre">krb5_rd_cred()</span></code></a> .</p>
	102	<p>The local and remote addresses in <em>auth_context</em> are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.</p>
	103	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , the timestamp used for the KRB-CRED message is stored in <em>rdata_out</em> .</p>
	104	<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-CRED message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p>
	105	<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p>
	106	<p>The message will be encrypted using the send subkey of <em>auth_context</em> if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.</p>
103	107	<div class="admonition note">
104	108	<p class="first admonition-title">Note</p>
105		<p class="last">If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , <em>outdata</em> is required.</p>
	109	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
106	110	</div>
107	111	</div>
108	112

162	166
163	167	<div class="footer-wrapper">
164	168	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	169	<div class="right" ><i>Release: 1.18.2</i><br />
	170	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	171	</div>
168	172	<div class="left">
169	173

+11

-16

doc/html/appdev/refs/api/krb5_mk_priv.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_mk_priv - Format a KRB-PRIV message.<a class="headerlink" href="#krb5-mk-priv-format-a-krb-priv-message" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_mk_priv">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_priv" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_priv" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76	76	<p><strong>[in]</strong> <strong>userdata</strong> - User data for <strong>KRB-PRIV</strong> message</p>
77		<p><strong>[out]</strong> <strong>outbuf</strong> - Formatted <strong>KRB-PRIV</strong> message</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay cache handle (NULL if not needed)</p>
	77	<p><strong>[out]</strong> <strong>der_out</strong> - Formatted <strong>KRB-PRIV</strong> message</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data (NULL if not needed)</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

92	92	</tbody>
93	93	</table>
94	94	<p>This function is similar to <a class="reference internal" href="krb5_mk_safe.html#c.krb5_mk_safe" title="krb5_mk_safe"><code class="xref c c-func docutils literal"><span class="pre">krb5_mk_safe()</span></code></a> , but the message is encrypted and integrity-protected, not just integrity-protected.</p>
95		<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p>
96		<blockquote>
97		<div><ul class="simple">
98		<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> - Use timestamps in <em>outdata</em></li>
99		<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> - Copy timestamp to <em>outdata</em> .</li>
100		<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> - Use local sequence numbers from <em>auth_context</em> in replay cache.</li>
101		<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> - Use local sequence numbers from <em>auth_context</em> as a sequence number in the encrypted message <em>outbuf</em> .</li>
102		</ul>
103		</div></blockquote>
	95	<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p>
	96	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message and is stored in <em>rdata_out</em> .</p>
	97	<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-PRIV message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p>
	98	<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p>
104	99	<div class="admonition note">
105	100	<p class="first admonition-title">Note</p>
106		<p class="last">If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , the <em>outdata</em> is required.</p>
	101	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
107	102	</div>
108	103	</div>
109	104

163	158
164	159	<div class="footer-wrapper">
165	160	<div class="footer" >
166		<div class="right" ><i>Release: 1.17</i><br />
167		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
168	163	</div>
169	164	<div class="left">
170	165

+3

-3

doc/html/appdev/refs/api/krb5_mk_rep.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_mk_rep_dce.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_mk_req.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+4

-4

doc/html/appdev/refs/api/krb5_mk_req_extended.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

97	97	<div><blockquote>
98	98	<div><ul class="simple">
99	99	<li><a class="reference internal" href="../macros/AP_OPTS_USE_SESSION_KEY.html#AP_OPTS_USE_SESSION_KEY" title="AP_OPTS_USE_SESSION_KEY"><code class="xref py py-data docutils literal"><span class="pre">AP_OPTS_USE_SESSION_KEY</span></code></a> - Use the session key when creating the request used for user to user authentication.</li>
100		<li><a class="reference internal" href="../macros/AP_OPTS_MUTUAL_REQUIRED.html#AP_OPTS_MUTUAL_REQUIRED" title="AP_OPTS_MUTUAL_REQUIRED"><code class="xref py py-data docutils literal"><span class="pre">AP_OPTS_MUTUAL_REQUIRED</span></code></a> - Request a mutual authentication packet from the reciever.</li>
	100	<li><a class="reference internal" href="../macros/AP_OPTS_MUTUAL_REQUIRED.html#AP_OPTS_MUTUAL_REQUIRED" title="AP_OPTS_MUTUAL_REQUIRED"><code class="xref py py-data docutils literal"><span class="pre">AP_OPTS_MUTUAL_REQUIRED</span></code></a> - Request a mutual authentication packet from the receiver.</li>
101	101	<li><a class="reference internal" href="../macros/AP_OPTS_USE_SUBKEY.html#AP_OPTS_USE_SUBKEY" title="AP_OPTS_USE_SUBKEY"><code class="xref py py-data docutils literal"><span class="pre">AP_OPTS_USE_SUBKEY</span></code></a> - Generate a subsession key from the current session key obtained from the credentials.</li>
102	102	</ul>
103	103	</div></blockquote>

166	166
167	167	<div class="footer-wrapper">
168	168	<div class="footer" >
169		<div class="right" ><i>Release: 1.17</i><br />
170		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	169	<div class="right" ><i>Release: 1.18.2</i><br />
	170	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
171	171	</div>
172	172	<div class="left">
173	173

+10

-10

doc/html/appdev/refs/api/krb5_mk_safe.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_mk_safe - Format a KRB-SAFE message.<a class="headerlink" href="#krb5-mk-safe-format-a-krb-safe-message" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_mk_safe">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_safe</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_safe" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_safe</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_safe" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76	76	<p><strong>[in]</strong> <strong>userdata</strong> - User data in the message</p>
77		<p><strong>[out]</strong> <strong>outbuf</strong> - Formatted <strong>KRB-SAFE</strong> buffer</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
	77	<p><strong>[out]</strong> <strong>der_out</strong> - Formatted <strong>KRB-SAFE</strong> buffer</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data. Specify NULL if not needed</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

94	94	<p>This function creates an integrity protected <strong>KRB-SAFE</strong> message using data supplied by the application.</p>
95	95	<p>Fields in <em>auth_context</em> specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and <code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT</span></code> flags.</p>
96	96	<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p>
97		<p>If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in the <em>auth_context</em> , an entry describing the message is entered in the replay cache <em>auth_context->rcache</em> which enables the caller to detect if this message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, the replay cache is not used.</p>
98		<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number will be placed in <em>outdata</em> as its sequence number.</p>
99		<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>outbuf</em> when it is no longer needed.</p>
	97	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , a timestamp is included in the KRB-SAFE message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , a timestamp is included in the KRB-SAFE message and is stored in <em>rdata_out</em> .</p>
	98	<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-SAFE message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p>
	99	<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p>
100	100	<div class="admonition note">
101	101	<p class="first admonition-title">Note</p>
102		<p class="last">The <em>outdata</em> argument is required if <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in the <em>auth_context</em> .</p>
	102	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
103	103	</div>
104	104	</div>
105	105

159	159
160	160	<div class="footer-wrapper">
161	161	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	162	<div class="right" ><i>Release: 1.18.2</i><br />
	163	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
164	164	</div>
165	165	<div class="left">
166	166

+3

-3

doc/html/appdev/refs/api/krb5_os_localaddr.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_pac_add_buffer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/api/krb5_pac_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_pac_get_buffer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+162

-0

doc/html/appdev/refs/api/krb5_pac_get_client_info.html less more

	0
	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	2	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	3
	4	<html xmlns="http://www.w3.org/1999/xhtml">
	5	<head>
	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	7	<title>krb5_pac_get_client_info — MIT Kerberos Documentation</title>
	8	<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
	9	<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
	10	<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
	11	<script type="text/javascript">
	12	var DOCUMENTATION_OPTIONS = {
	13	URL_ROOT: '../../../',
	14	VERSION: '1.18.2',
	15	COLLAPSE_INDEX: false,
	16	FILE_SUFFIX: '.html',
	17	HAS_SOURCE: true,
	18	SOURCELINK_SUFFIX: '.txt'
	19	};
	20	</script>
	21	<script type="text/javascript" src="../../../_static/jquery.js"></script>
	22	<script type="text/javascript" src="../../../_static/underscore.js"></script>
	23	<script type="text/javascript" src="../../../_static/doctools.js"></script>
	24	<link rel="author" title="About these documents" href="../../../about.html" />
	25	<link rel="index" title="Index" href="../../../genindex.html" />
	26	<link rel="search" title="Search" href="../../../search.html" />
	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
	28	<link rel="next" title="krb5_prepend_error_message - Add a prefix to the message for an error code." href="krb5_prepend_error_message.html" />
	29	<link rel="prev" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm." href="krb5_pac_verify_ext.html" />
	30	</head>
	31	<body>
	32	<div class="header-wrapper">
	33	<div class="header">
	34
	35
	36	<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
	37
	38	<div class="rel">
	39
	40	<a href="../../../index.html" title="Full Table of Contents"
	41	accesskey="C">Contents</a> \|
	42	<a href="krb5_pac_verify_ext.html" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm."
	43	accesskey="P">previous</a> \|
	44	<a href="krb5_prepend_error_message.html" title="krb5_prepend_error_message - Add a prefix to the message for an error code."
	45	accesskey="N">next</a> \|
	46	<a href="../../../genindex.html" title="General Index"
	47	accesskey="I">index</a> \|
	48	<a href="../../../search.html" title="Enter search criteria"
	49	accesskey="S">Search</a> \|
	50	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_pac_get_client_info">feedback</a>
	51	</div>
	52	</div>
	53	</div>
	54
	55	<div class="content-wrapper">
	56	<div class="content">
	57	<div class="document">
	58
	59	<div class="documentwrapper">
	60	<div class="bodywrapper">
	61	<div class="body" role="main">
	62
	63	<div class="section" id="krb5-pac-get-client-info">
	64	<h1>krb5_pac_get_client_info<a class="headerlink" href="#krb5-pac-get-client-info" title="Permalink to this headline">¶</a></h1>
	65	<dl class="function">
	66	<dt id="c.krb5_pac_get_client_info">
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_pac_get_client_info</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, const <a class="reference internal" href="../types/krb5_pac.html#c.krb5_pac" title="krb5_pac">krb5_pac</a><em> pac</em>, <a class="reference internal" href="../types/krb5_timestamp.html#c.krb5_timestamp" title="krb5_timestamp">krb5_timestamp</a> <em> authtime_out</em>, char *<em> princname_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_pac_get_client_info" title="Permalink to this definition">¶</a></dt>
	68	<dd></dd></dl>
	69
	70	<table class="docutils field-list" frame="void" rules="none">
	71	<col class="field-name" />
	72	<col class="field-body" />
	73	<tbody valign="top">
	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>context</strong></p>
	75	<p><strong>pac</strong></p>
	76	<p><strong>authtime_out</strong></p>
	77	<p class="last"><strong>princname_out</strong></p>
	78	</td>
	79	</tr>
	80	</tbody>
	81	</table>
	82	</div>
	83
	84
	85	</div>
	86	</div>
	87	</div>
	88	</div>
	89	<div class="sidebar">
	90	<h2>On this page</h2>
	91	<ul>
	92	<li><a class="reference internal" href="#">krb5_pac_get_client_info</a></li>
	93	</ul>
	94
	95	<br/>
	96	<h2>Table of contents</h2>
	97	<ul class="current">
	98	<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
	99	<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
	100	<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
	101	<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
	102	<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
	103	<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
	104	<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
	105	<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
	106	<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
	107	<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
	108	<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
	109	<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
	110	</ul>
	111	</li>
	112	</ul>
	113	</li>
	114	<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
	115	<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
	116	<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
	117	<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
	118	<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
	119	<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
	120	<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
	121	<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
	122	</ul>
	123
	124	<br/>
	125	<h4><a href="../../../index.html">Full Table of Contents</a></h4>
	126	<h4>Search</h4>
	127	<form class="search" action="../../../search.html" method="get">
	128	<input type="text" name="q" size="18" />
	129	<input type="submit" value="Go" />
	130	<input type="hidden" name="check_keywords" value="yes" />
	131	<input type="hidden" name="area" value="default" />
	132	</form>
	133	</div>
	134	<div class="clearer"></div>
	135	</div>
	136	</div>
	137
	138	<div class="footer-wrapper">
	139	<div class="footer" >
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
	142	</div>
	143	<div class="left">
	144
	145	<a href="../../../index.html" title="Full Table of Contents"
	146	>Contents</a> \|
	147	<a href="krb5_pac_verify_ext.html" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm."
	148	>previous</a> \|
	149	<a href="krb5_prepend_error_message.html" title="krb5_prepend_error_message - Add a prefix to the message for an error code."
	150	>next</a> \|
	151	<a href="../../../genindex.html" title="General Index"
	152	>index</a> \|
	153	<a href="../../../search.html" title="Enter search criteria"
	154	>Search</a> \|
	155	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_pac_get_client_info">feedback</a>
	156	</div>
	157	</div>
	158	</div>
	159
	160	</body>
	161	</html>⏎

+3

-3

doc/html/appdev/refs/api/krb5_pac_get_types.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_pac_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_pac_parse.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_pac_sign.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

145	145
146	146	<div class="footer-wrapper">
147	147	<div class="footer" >
148		<div class="right" ><i>Release: 1.17</i><br />
149		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	148	<div class="right" ><i>Release: 1.18.2</i><br />
	149	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
150	150	</div>
151	151	<div class="left">
152	152

+3

-3

doc/html/appdev/refs/api/krb5_pac_sign_ext.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_pac_verify.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+6

-6

doc/html/appdev/refs/api/krb5_pac_verify_ext.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="krb5_prepend_error_message - Add a prefix to the message for an error code." href="krb5_prepend_error_message.html" />
	28	<link rel="next" title="krb5_pac_get_client_info" href="krb5_pac_get_client_info.html" />
29	29	<link rel="prev" title="krb5_pac_verify - Verify a PAC." href="krb5_pac_verify.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="krb5_pac_verify.html" title="krb5_pac_verify - Verify a PAC."
43	43	accesskey="P">previous</a> \|
44		<a href="krb5_prepend_error_message.html" title="krb5_prepend_error_message - Add a prefix to the message for an error code."
	44	<a href="krb5_pac_get_client_info.html" title="krb5_pac_get_client_info"
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

145	145
146	146	<div class="footer-wrapper">
147	147	<div class="footer" >
148		<div class="right" ><i>Release: 1.17</i><br />
149		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	148	<div class="right" ><i>Release: 1.18.2</i><br />
	149	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
150	150	</div>
151	151	<div class="left">
152	152

154	154	>Contents</a> \|
155	155	<a href="krb5_pac_verify.html" title="krb5_pac_verify - Verify a PAC."
156	156	>previous</a> \|
157		<a href="krb5_prepend_error_message.html" title="krb5_prepend_error_message - Add a prefix to the message for an error code."
	157	<a href="krb5_pac_get_client_info.html" title="krb5_pac_get_client_info"
158	158	>next</a> \|
159	159	<a href="../../../genindex.html" title="General Index"
160	160	>index</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_parse_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/api/krb5_parse_name_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

167	167
168	168	<div class="footer-wrapper">
169	169	<div class="footer" >
170		<div class="right" ><i>Release: 1.17</i><br />
171		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	170	<div class="right" ><i>Release: 1.18.2</i><br />
	171	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
172	172	</div>
173	173	<div class="left">
174	174

+6

-6

doc/html/appdev/refs/api/krb5_prepend_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="krb5_principal2salt - Convert a principal name into the default salt for that principal." href="krb5_principal2salt.html" />
29		<link rel="prev" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm." href="krb5_pac_verify_ext.html" />
	29	<link rel="prev" title="krb5_pac_get_client_info" href="krb5_pac_get_client_info.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="krb5_pac_verify_ext.html" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm."
	42	<a href="krb5_pac_get_client_info.html" title="krb5_pac_get_client_info"
43	43	accesskey="P">previous</a> \|
44	44	<a href="krb5_principal2salt.html" title="krb5_principal2salt - Convert a principal name into the default salt for that principal."
45	45	accesskey="N">next</a> \|

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144
145	145	<a href="../../../index.html" title="Full Table of Contents"
146	146	>Contents</a> \|
147		<a href="krb5_pac_verify_ext.html" title="krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm."
	147	<a href="krb5_pac_get_client_info.html" title="krb5_pac_get_client_info"
148	148	>previous</a> \|
149	149	<a href="krb5_principal2salt.html" title="krb5_principal2salt - Convert a principal name into the default salt for that principal."
150	150	>next</a> \|

+3

-3

doc/html/appdev/refs/api/krb5_principal2salt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_principal_compare.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_principal_compare_any_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_principal_compare_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/api/krb5_process_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_prompter_posix.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_random_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+10

-10

doc/html/appdev/refs/api/krb5_rd_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_rd_cred - Read and validate a KRB-CRED message.<a class="headerlink" href="#krb5-rd-cred-read-and-validate-a-krb-cred-message" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_rd_cred">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_cred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> pcreddata</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> *<em> pppcreds</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> <em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_cred" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_cred</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> creddata</em>, <a class="reference internal" href="../types/krb5_creds.html#c.krb5_creds" title="krb5_creds">krb5_creds</a> *<em> creds_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> <em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_cred" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

73	73	<tbody valign="top">
74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76		<p><strong>[in]</strong> <strong>pcreddata</strong> - <strong>KRB-CRED</strong> message</p>
77		<p><strong>[out]</strong> <strong>pppcreds</strong> - Null-terminated array of forwarded credentials</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data (NULL if not needed)</p>
	76	<p><strong>[in]</strong> <strong>creddata</strong> - <strong>KRB-CRED</strong> message</p>
	77	<p><strong>[out]</strong> <strong>creds_out</strong> - Null-terminated array of forwarded credentials</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data (NULL if not needed)</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

92	92	</tbody>
93	93	</table>
94	94	<blockquote>
95		<div><em>pcreddata</em> will be decrypted using the receiving subkey if it is present in <em>auth_context</em> , or the session key if the receiving subkey is not present or fails to decrypt the message.</div></blockquote>
96		<p>Use <a class="reference internal" href="krb5_free_tgt_creds.html#c.krb5_free_tgt_creds" title="krb5_free_tgt_creds"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_tgt_creds()</span></code></a> to free <em>pppcreds</em> when it is no longer needed.</p>
	95	<div><em>creddata</em> will be decrypted using the receiving subkey if it is present in <em>auth_context</em> , or the session key if the receiving subkey is not present or fails to decrypt the message.</div></blockquote>
	96	<p>Use <a class="reference internal" href="krb5_free_tgt_creds.html#c.krb5_free_tgt_creds" title="krb5_free_tgt_creds"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_tgt_creds()</span></code></a> to free <em>creds_out</em> when it is no longer needed.</p>
97	97	<div class="admonition note">
98	98	<p class="first admonition-title">Note</p>
99		<p class="last">The <em>outdata</em> argument is required if <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in the <em>auth_context</em> .`</p>
	99	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .`</p>
100	100	</div>
101	101	</div>
102	102

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_rd_error.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+12

-16

doc/html/appdev/refs/api/krb5_rd_priv.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_rd_priv - Process a KRB-PRIV message.<a class="headerlink" href="#krb5-rd-priv-process-a-krb-priv-message" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_rd_priv">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_priv" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_priv" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication structure</p>
76	76	<p><strong>[in]</strong> <strong>inbuf</strong> - <strong>KRB-PRIV</strong> message to be parsed</p>
77		<p><strong>[out]</strong> <strong>outbuf</strong> - Data parsed from <strong>KRB-PRIV</strong> message</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
	77	<p><strong>[out]</strong> <strong>userdata_out</strong> - Data parsed from <strong>KRB-PRIV</strong> message</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data. Specify NULL if not needed</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

91	91	</tr>
92	92	</tbody>
93	93	</table>
94		<p>This function parses a <strong>KRB-PRIV</strong> message, verifies its integrity, and stores its unencrypted data into <em>outbuf</em> .</p>
95		<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
96		<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , then two additional checks are performed:</p>
97		<blockquote>
98		<div><ul class="simple">
99		<li>The timestamp in the message must be within the permitted clock skew (which is usually five minutes).</li>
100		<li>The message must not be a replayed message field in <em>auth_context</em> .</li>
101		</ul>
102		</div></blockquote>
	94	<p>This function parses a <strong>KRB-PRIV</strong> message, verifies its integrity, and stores its unencrypted data into <em>userdata_out</em> .</p>
	95	<p>If <em>auth_context</em> has a remote address set, the address will be used to verify the sender address in the KRB-PRIV message. If <em>auth_context</em> has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one.</p>
	96	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-PRIV message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
	97	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.</p>
	98	<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>userdata_out</em> when it is no longer needed.</p>
103	99	<div class="admonition note">
104	100	<p class="first admonition-title">Note</p>
105		<p class="last">If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , <em>outdata</em> is required.</p>
	101	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
106	102	</div>
107	103	</div>
108	104

162	158
163	159	<div class="footer-wrapper">
164	160	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	163	</div>
168	164	<div class="left">
169	165

+3

-3

doc/html/appdev/refs/api/krb5_rd_rep.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/appdev/refs/api/krb5_rd_rep_dce.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_rd_req.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

167	167
168	168	<div class="footer-wrapper">
169	169	<div class="footer" >
170		<div class="right" ><i>Release: 1.17</i><br />
171		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	170	<div class="right" ><i>Release: 1.18.2</i><br />
	171	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
172	172	</div>
173	173	<div class="left">
174	174

+11

-18

doc/html/appdev/refs/api/krb5_rd_safe.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>krb5_rd_safe - Process KRB-SAFE message.<a class="headerlink" href="#krb5-rd-safe-process-krb-safe-message" title="Permalink to this headline">¶</a></h1>
65	65	<dl class="function">
66	66	<dt id="c.krb5_rd_safe">
67		<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_safe</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_safe" title="Permalink to this definition">¶</a></dt>
	67	<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_safe</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> <em> userdata_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_safe" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70	70	<table class="docutils field-list" frame="void" rules="none">

74	74	<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
75	75	<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
76	76	<p><strong>[in]</strong> <strong>inbuf</strong> - <strong>KRB-SAFE</strong> message to be parsed</p>
77		<p><strong>[out]</strong> <strong>outbuf</strong> - Data parsed from <strong>KRB-SAFE</strong> message</p>
78		<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
	77	<p><strong>[out]</strong> <strong>userdata_out</strong> - Data parsed from <strong>KRB-SAFE</strong> message</p>
	78	<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data. Specify NULL if not needed</p>
79	79	</td>
80	80	</tr>
81	81	</tbody>

91	91	</tr>
92	92	</tbody>
93	93	</table>
94		<p>This function parses a <strong>KRB-SAFE</strong> message, verifies its integrity, and stores its data into <em>outbuf</em> .</p>
	94	<p>This function parses a <strong>KRB-SAFE</strong> message, verifies its integrity, and stores its data into <em>userdata_out</em> .</p>
	95	<p>If <em>auth_context</em> has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If <em>auth_context</em> has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one.</p>
95	96	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
96		<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , then two additional checks are performed:</p>
97		<blockquote>
98		<div><blockquote>
99		<div><ul class="simple">
100		<li>The timestamp in the message must be within the permitted clock skew (which is usually five minutes).</li>
101		<li>The message must not be a replayed message field in <em>auth_context</em> .</li>
102		</ul>
103		</div></blockquote>
104		<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>outbuf</em> when it is no longer needed.</p>
105		</div></blockquote>
	97	<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.</p>
	98	<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>userdata_out</em> when it is no longer needed.</p>
106	99	<div class="admonition note">
107	100	<p class="first admonition-title">Note</p>
108		<p class="last">The <em>outdata</em> argument is required if <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in the <em>auth_context</em> .</p>
	101	<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
109	102	</div>
110	103	</div>
111	104

165	158
166	159	<div class="footer-wrapper">
167	160	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
170	163	</div>
171	164	<div class="left">
172	165

+3

-3

doc/html/appdev/refs/api/krb5_read_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/api/krb5_realm_compare.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_recvauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

158	158
159	159	<div class="footer-wrapper">
160	160	<div class="footer" >
161		<div class="right" ><i>Release: 1.17</i><br />
162		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	161	<div class="right" ><i>Release: 1.18.2</i><br />
	162	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
163	163	</div>
164	164	<div class="left">
165	165

+3

-3

doc/html/appdev/refs/api/krb5_recvauth_version.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_responder_get_challenge.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_responder_list_questions.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_responder_otp_challenge_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_responder_otp_get_challenge.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_responder_otp_set_answer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_responder_pkinit_challenge_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

140	140
141	141	<div class="footer-wrapper">
142	142	<div class="footer" >
143		<div class="right" ><i>Release: 1.17</i><br />
144		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	143	<div class="right" ><i>Release: 1.18.2</i><br />
	144	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
145	145	</div>
146	146	<div class="left">
147	147

+3

-3

doc/html/appdev/refs/api/krb5_responder_pkinit_get_challenge.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_responder_pkinit_set_answer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_responder_set_answer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_salttype_to_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/api/krb5_sendauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

174	174
175	175	<div class="footer-wrapper">
176	176	<div class="footer" >
177		<div class="right" ><i>Release: 1.17</i><br />
178		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	177	<div class="right" ><i>Release: 1.18.2</i><br />
	178	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
179	179	</div>
180	180	<div class="left">
181	181

+3

-3

doc/html/appdev/refs/api/krb5_server_decrypt_ticket_keytab.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_set_default_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_set_default_tgs_enctypes.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_set_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/api/krb5_set_kdc_recv_hook.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_set_kdc_send_hook.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/api/krb5_set_password.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/api/krb5_set_password_using_ccache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/api/krb5_set_principal_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_set_real_time.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_set_trace_callback.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_set_trace_filename.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_sname_match.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_sname_to_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

165	165
166	166	<div class="footer-wrapper">
167	167	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	168	<div class="right" ><i>Release: 1.18.2</i><br />
	169	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
170	170	</div>
171	171	<div class="left">
172	172

+3

-3

doc/html/appdev/refs/api/krb5_string_to_cksumtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_string_to_deltat.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_string_to_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_string_to_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_string_to_salttype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_string_to_timestamp.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/api/krb5_timeofday.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_timestamp_to_sfstring.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/api/krb5_timestamp_to_string.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_free.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_get.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_get_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_get_times.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/api/krb5_tkt_creds_step.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/api/krb5_unparse_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_unparse_name_ext.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+3

-3

doc/html/appdev/refs/api/krb5_unparse_name_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

165	165
166	166	<div class="footer-wrapper">
167	167	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	168	<div class="right" ><i>Release: 1.18.2</i><br />
	169	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
170	170	</div>
171	171	<div class="left">
172	172

+3

-3

doc/html/appdev/refs/api/krb5_unparse_name_flags_ext.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/api/krb5_us_timeofday.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_use_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_verify_authdata_kdc_issued.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_verify_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/api/krb5_verify_init_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

153	153
154	154	<div class="footer-wrapper">
155	155	<div class="footer" >
156		<div class="right" ><i>Release: 1.17</i><br />
157		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	156	<div class="right" ><i>Release: 1.18.2</i><br />
	157	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
158	158	</div>
159	159	<div class="left">
160	160

+3

-3

doc/html/appdev/refs/api/krb5_verify_init_creds_opt_init.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_vprepend_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/api/krb5_vset_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/api/krb5_vwrap_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

139	139
140	140	<div class="footer-wrapper">
141	141	<div class="footer" >
142		<div class="right" ><i>Release: 1.17</i><br />
143		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	142	<div class="right" ><i>Release: 1.18.2</i><br />
	143	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
144	144	</div>
145	145	<div class="left">
146	146

+3

-3

doc/html/appdev/refs/api/krb5_wrap_error_message.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

127	127
128	128	<div class="footer-wrapper">
129	129	<div class="footer" >
130		<div class="right" ><i>Release: 1.17</i><br />
131		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	130	<div class="right" ><i>Release: 1.18.2</i><br />
	131	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
132	132	</div>
133	133	<div class="left">
134	134

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_ADDRPORT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_CHAOS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_DDP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_INET.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_INET6.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_IPPORT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_ISO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_IS_LOCAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_NETBIOS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ADDRTYPE_XNS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AD_TYPE_EXTERNAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AD_TYPE_REGISTERED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AD_TYPE_RESERVED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_RESERVED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_USE_SUBKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/AP_OPTS_WIRE_MASK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_CRC32.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_DESCBC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_NIST_SHA.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-4

doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

67	67	<code class="descname">ENCTYPE_DES_CBC_CRC</code><a class="headerlink" href="#ENCTYPE_DES_CBC_CRC" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70		<p>DES cbc mode with CRC-32.</p>
71	70	<table border="1" class="docutils">
72	71	<colgroup>
73	72	<col width="54%" />

137	136
138	137	<div class="footer-wrapper">
139	138	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	141	</div>
143	142	<div class="left">
144	143

+3

-4

doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

67	67	<code class="descname">ENCTYPE_DES_CBC_MD4</code><a class="headerlink" href="#ENCTYPE_DES_CBC_MD4" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70		<p>DES cbc mode with RSA-MD4.</p>
71	70	<table border="1" class="docutils">
72	71	<colgroup>
73	72	<col width="54%" />

137	136
138	137	<div class="footer-wrapper">
139	138	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	141	</div>
143	142	<div class="left">
144	143

+3

-4

doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

67	67	<code class="descname">ENCTYPE_DES_CBC_MD5</code><a class="headerlink" href="#ENCTYPE_DES_CBC_MD5" title="Permalink to this definition">¶</a></dt>
68	68	<dd></dd></dl>
69	69
70		<p>DES cbc mode with RSA-MD5.</p>
71	70	<table border="1" class="docutils">
72	71	<colgroup>
73	72	<col width="54%" />

137	136
138	137	<div class="footer-wrapper">
139	138	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	141	</div>
143	142	<div class="left">
144	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_NULL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_RSA_ENV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/ENCTYPE_UNKNOWN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_CANONICALIZE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_FORWARDABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_FORWARDED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_POSTDATED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_PROXIABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_PROXY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_RENEW.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_OPT_VALIDATE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KDC_TKT_COMMON_MASK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AP_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AP_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AS_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AS_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_SESAME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_CRED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_ERROR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_FAST_REQUIRED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_CACHED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_CANONICALIZE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_FORWARDABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_NO_STORE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GC_USER_USER.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_INT16_MAX.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_INT16_MIN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_INT32_MAX.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_INT32_MIN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_NONE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_PRINCIPAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_SMTP_NAME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_SRV_HST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_SRV_INST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_SRV_XHST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_UID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_UNKNOWN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_WELLKNOWN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_LOGON_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_AP_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_FOR_USER.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_FX_ERROR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_FX_FAST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_NONE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_OSF_DCE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+6

-6

doc/html/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../../../genindex.html" />
26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28		<link rel="next" title="KRB5_PADATA_PAC_REQUEST" href="KRB5_PADATA_PAC_REQUEST.html" />
	28	<link rel="next" title="KRB5_PADATA_PAC_OPTIONS" href="KRB5_PADATA_PAC_OPTIONS.html" />
29	29	<link rel="prev" title="KRB5_PADATA_OTP_PIN_CHANGE" href="KRB5_PADATA_OTP_PIN_CHANGE.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="KRB5_PADATA_OTP_PIN_CHANGE.html" title="KRB5_PADATA_OTP_PIN_CHANGE"
43	43	accesskey="P">previous</a> \|
44		<a href="KRB5_PADATA_PAC_REQUEST.html" title="KRB5_PADATA_PAC_REQUEST"
	44	<a href="KRB5_PADATA_PAC_OPTIONS.html" title="KRB5_PADATA_PAC_OPTIONS"
45	45	accesskey="N">next</a> \|
46	46	<a href="../../../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

146	146	>Contents</a> \|
147	147	<a href="KRB5_PADATA_OTP_PIN_CHANGE.html" title="KRB5_PADATA_OTP_PIN_CHANGE"
148	148	>previous</a> \|
149		<a href="KRB5_PADATA_PAC_REQUEST.html" title="KRB5_PADATA_PAC_REQUEST"
	149	<a href="KRB5_PADATA_PAC_OPTIONS.html" title="KRB5_PADATA_PAC_OPTIONS"
150	150	>next</a> \|
151	151	<a href="../../../genindex.html" title="General Index"
152	152	>index</a> \|

+162

-0

doc/html/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html less more

	0
	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	2	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	3
	4	<html xmlns="http://www.w3.org/1999/xhtml">
	5	<head>
	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	7	<title>KRB5_PADATA_PAC_OPTIONS — MIT Kerberos Documentation</title>
	8	<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
	9	<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
	10	<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
	11	<script type="text/javascript">
	12	var DOCUMENTATION_OPTIONS = {
	13	URL_ROOT: '../../../',
	14	VERSION: '1.18.2',
	15	COLLAPSE_INDEX: false,
	16	FILE_SUFFIX: '.html',
	17	HAS_SOURCE: true,
	18	SOURCELINK_SUFFIX: '.txt'
	19	};
	20	</script>
	21	<script type="text/javascript" src="../../../_static/jquery.js"></script>
	22	<script type="text/javascript" src="../../../_static/underscore.js"></script>
	23	<script type="text/javascript" src="../../../_static/doctools.js"></script>
	24	<link rel="author" title="About these documents" href="../../../about.html" />
	25	<link rel="index" title="Index" href="../../../genindex.html" />
	26	<link rel="search" title="Search" href="../../../search.html" />
	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
	28	<link rel="next" title="KRB5_PADATA_PAC_REQUEST" href="KRB5_PADATA_PAC_REQUEST.html" />
	29	<link rel="prev" title="KRB5_PADATA_OTP_REQUEST" href="KRB5_PADATA_OTP_REQUEST.html" />
	30	</head>
	31	<body>
	32	<div class="header-wrapper">
	33	<div class="header">
	34
	35
	36	<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
	37
	38	<div class="rel">
	39
	40	<a href="../../../index.html" title="Full Table of Contents"
	41	accesskey="C">Contents</a> \|
	42	<a href="KRB5_PADATA_OTP_REQUEST.html" title="KRB5_PADATA_OTP_REQUEST"
	43	accesskey="P">previous</a> \|
	44	<a href="KRB5_PADATA_PAC_REQUEST.html" title="KRB5_PADATA_PAC_REQUEST"
	45	accesskey="N">next</a> \|
	46	<a href="../../../genindex.html" title="General Index"
	47	accesskey="I">index</a> \|
	48	<a href="../../../search.html" title="Enter search criteria"
	49	accesskey="S">Search</a> \|
	50	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KRB5_PADATA_PAC_OPTIONS">feedback</a>
	51	</div>
	52	</div>
	53	</div>
	54
	55	<div class="content-wrapper">
	56	<div class="content">
	57	<div class="document">
	58
	59	<div class="documentwrapper">
	60	<div class="bodywrapper">
	61	<div class="body" role="main">
	62
	63	<div class="section" id="krb5-padata-pac-options">
	64	<span id="krb5-padata-pac-options-data"></span><h1>KRB5_PADATA_PAC_OPTIONS<a class="headerlink" href="#krb5-padata-pac-options" title="Permalink to this headline">¶</a></h1>
	65	<dl class="data">
	66	<dt id="KRB5_PADATA_PAC_OPTIONS">
	67	<code class="descname">KRB5_PADATA_PAC_OPTIONS</code><a class="headerlink" href="#KRB5_PADATA_PAC_OPTIONS" title="Permalink to this definition">¶</a></dt>
	68	<dd></dd></dl>
	69
	70	<p>MS-KILE and MS-SFU.</p>
	71	<table border="1" class="docutils">
	72	<colgroup>
	73	<col width="58%" />
	74	<col width="42%" />
	75	</colgroup>
	76	<tbody valign="top">
	77	<tr class="row-odd"><td><code class="docutils literal"><span class="pre">KRB5_PADATA_PAC_OPTIONS</span></code></td>
	78	<td><code class="docutils literal"><span class="pre">167</span></code></td>
	79	</tr>
	80	</tbody>
	81	</table>
	82	</div>
	83
	84
	85	</div>
	86	</div>
	87	</div>
	88	</div>
	89	<div class="sidebar">
	90	<h2>On this page</h2>
	91	<ul>
	92	<li><a class="reference internal" href="#">KRB5_PADATA_PAC_OPTIONS</a></li>
	93	</ul>
	94
	95	<br/>
	96	<h2>Table of contents</h2>
	97	<ul class="current">
	98	<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
	99	<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
	100	<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
	101	<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
	102	<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
	103	<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
	104	<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
	105	<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
	106	<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
	107	<li class="toctree-l3"><a class="reference internal" href="../api/index.html">krb5 API</a></li>
	108	<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
	109	<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 simple macros</a></li>
	110	</ul>
	111	</li>
	112	</ul>
	113	</li>
	114	<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
	115	<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
	116	<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
	117	<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
	118	<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
	119	<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
	120	<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
	121	<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
	122	</ul>
	123
	124	<br/>
	125	<h4><a href="../../../index.html">Full Table of Contents</a></h4>
	126	<h4>Search</h4>
	127	<form class="search" action="../../../search.html" method="get">
	128	<input type="text" name="q" size="18" />
	129	<input type="submit" value="Go" />
	130	<input type="hidden" name="check_keywords" value="yes" />
	131	<input type="hidden" name="area" value="default" />
	132	</form>
	133	</div>
	134	<div class="clearer"></div>
	135	</div>
	136	</div>
	137
	138	<div class="footer-wrapper">
	139	<div class="footer" >
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
	142	</div>
	143	<div class="left">
	144
	145	<a href="../../../index.html" title="Full Table of Contents"
	146	>Contents</a> \|
	147	<a href="KRB5_PADATA_OTP_REQUEST.html" title="KRB5_PADATA_OTP_REQUEST"
	148	>previous</a> \|
	149	<a href="KRB5_PADATA_PAC_REQUEST.html" title="KRB5_PADATA_PAC_REQUEST"
	150	>next</a> \|
	151	<a href="../../../genindex.html" title="General Index"
	152	>index</a> \|
	153	<a href="../../../search.html" title="Enter search criteria"
	154	>Search</a> \|
	155	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KRB5_PADATA_PAC_OPTIONS">feedback</a>
	156	</div>
	157	</div>
	158	</div>
	159
	160	</body>
	161	</html>⏎

+6

-6

doc/html/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../../../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../../../copyright.html" />
28	28	<link rel="next" title="KRB5_PADATA_PKINIT_KX" href="KRB5_PADATA_PKINIT_KX.html" />
29		<link rel="prev" title="KRB5_PADATA_OTP_REQUEST" href="KRB5_PADATA_OTP_REQUEST.html" />
	29	<link rel="prev" title="KRB5_PADATA_PAC_OPTIONS" href="KRB5_PADATA_PAC_OPTIONS.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../../../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="KRB5_PADATA_OTP_REQUEST.html" title="KRB5_PADATA_OTP_REQUEST"
	42	<a href="KRB5_PADATA_PAC_OPTIONS.html" title="KRB5_PADATA_PAC_OPTIONS"
43	43	accesskey="P">previous</a> \|
44	44	<a href="KRB5_PADATA_PKINIT_KX.html" title="KRB5_PADATA_PKINIT_KX"
45	45	accesskey="N">next</a> \|

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144
145	145	<a href="../../../index.html" title="Full Table of Contents"
146	146	>Contents</a> \|
147		<a href="KRB5_PADATA_OTP_REQUEST.html" title="KRB5_PADATA_OTP_REQUEST"
	147	<a href="KRB5_PADATA_PAC_OPTIONS.html" title="KRB5_PADATA_PAC_OPTIONS"
148	148	>previous</a> \|
149	149	<a href="KRB5_PADATA_PKINIT_KX.html" title="KRB5_PADATA_PKINIT_KX"
150	150	>next</a> \|

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_PW_SALT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_REFERRAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SESAME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SPAKE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_TGS_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PRIV.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_PVNO.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_REFERRAL_REALM.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+3

-3

doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/macros/KRB5_SAFE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_NOTICKET.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_OPENCLOSE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TGS_NAME.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_TGS_NAME_SIZE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_TGS_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TGS_REQ.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/macros/MSEC_DIRBIT.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/MSEC_VAL_MASK.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/SALT_TYPE_NO_LENGTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/THREEPARAMOPEN.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_ANONYMOUS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_ENC_PA_REP.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_FORWARDABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_FORWARDED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_HW_AUTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_INITIAL.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_INVALID.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_POSTDATED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_PRE_AUTH.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_PROXIABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_PROXY.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_RENEWABLE.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/VALID_INT_BITS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/VALID_UINT_BITS.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+5

-3

doc/html/appdev/refs/macros/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

113	113	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES3_CBC_ENV.html">ENCTYPE_DES3_CBC_ENV</a></li>
114	114	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES3_CBC_RAW.html">ENCTYPE_DES3_CBC_RAW</a></li>
115	115	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES3_CBC_SHA.html">ENCTYPE_DES3_CBC_SHA</a></li>
	116	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES3_CBC_SHA1.html">ENCTYPE_DES3_CBC_SHA1</a></li>
116	117	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES3_CBC_SHA1.html">ENCTYPE_DES3_CBC_SHA1</a></li>
117	118	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES_CBC_CRC.html">ENCTYPE_DES_CBC_CRC</a></li>
118	119	<li class="toctree-l1"><a class="reference internal" href="ENCTYPE_DES_CBC_MD4.html">ENCTYPE_DES_CBC_MD4</a></li>

319	320	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_OTP_CHALLENGE.html">KRB5_PADATA_OTP_CHALLENGE</a></li>
320	321	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_OTP_PIN_CHANGE.html">KRB5_PADATA_OTP_PIN_CHANGE</a></li>
321	322	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_OTP_REQUEST.html">KRB5_PADATA_OTP_REQUEST</a></li>
	323	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_PAC_OPTIONS.html">KRB5_PADATA_PAC_OPTIONS</a></li>
322	324	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_PAC_REQUEST.html">KRB5_PADATA_PAC_REQUEST</a></li>
323	325	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_PKINIT_KX.html">KRB5_PADATA_PKINIT_KX</a></li>
324	326	<li class="toctree-l1"><a class="reference internal" href="KRB5_PADATA_PK_AS_REP.html">KRB5_PADATA_PK_AS_REP</a></li>

506	508
507	509	<div class="footer-wrapper">
508	510	<div class="footer" >
509		<div class="right" ><i>Release: 1.17</i><br />
510		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	511	<div class="right" ><i>Release: 1.18.2</i><br />
	512	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
511	513	</div>
512	514	<div class="left">
513	515

+3

-3

doc/html/appdev/refs/macros/krb524_convert_creds_kdc.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb524_init_ets.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_const.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_component.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_name.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_set_realm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_set_realm_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_set_realm_length.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_size.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_princ_type.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_roundup.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_x.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/macros/krb5_xc.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

136	136
137	137	<div class="footer-wrapper">
138	138	<div class="footer" >
139		<div class="right" ><i>Release: 1.17</i><br />
140		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	139	<div class="right" ><i>Release: 1.18.2</i><br />
	140	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
141	141	</div>
142	142	<div class="left">
143	143

+3

-3

doc/html/appdev/refs/types/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

230	230
231	231	<div class="footer-wrapper">
232	232	<div class="footer" >
233		<div class="right" ><i>Release: 1.17</i><br />
234		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	233	<div class="right" ><i>Release: 1.18.2</i><br />
	234	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
235	235	</div>
236	236	<div class="left">
237	237

+3

-3

doc/html/appdev/refs/types/krb5_address.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/types/krb5_addrtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_ap_rep.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/types/krb5_ap_rep_enc_part.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

166	166
167	167	<div class="footer-wrapper">
168	168	<div class="footer" >
169		<div class="right" ><i>Release: 1.17</i><br />
170		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	169	<div class="right" ><i>Release: 1.18.2</i><br />
	170	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
171	171	</div>
172	172	<div class="left">
173	173

+3

-3

doc/html/appdev/refs/types/krb5_ap_req.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/types/krb5_auth_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_authdata.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/types/krb5_authdatatype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_authenticator.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

185	185
186	186	<div class="footer-wrapper">
187	187	<div class="footer" >
188		<div class="right" ><i>Release: 1.17</i><br />
189		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	188	<div class="right" ><i>Release: 1.18.2</i><br />
	189	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
190	190	</div>
191	191	<div class="left">
192	192

+3

-3

doc/html/appdev/refs/types/krb5_boolean.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_cc_cursor.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/types/krb5_ccache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_cccol_cursor.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/types/krb5_checksum.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/types/krb5_cksumtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_const_pointer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_const_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

163	163
164	164	<div class="footer-wrapper">
165	165	<div class="footer" >
166		<div class="right" ><i>Release: 1.17</i><br />
167		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	166	<div class="right" ><i>Release: 1.18.2</i><br />
	167	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
168	168	</div>
169	169	<div class="left">
170	170

+3

-3

doc/html/appdev/refs/types/krb5_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_cred.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/types/krb5_cred_enc_part.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

177	177
178	178	<div class="footer-wrapper">
179	179	<div class="footer" >
180		<div class="right" ><i>Release: 1.17</i><br />
181		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	180	<div class="right" ><i>Release: 1.18.2</i><br />
	181	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
182	182	</div>
183	183	<div class="left">
184	184

+3

-3

doc/html/appdev/refs/types/krb5_cred_info.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

178	178
179	179	<div class="footer-wrapper">
180	180	<div class="footer" >
181		<div class="right" ><i>Release: 1.17</i><br />
182		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	181	<div class="right" ><i>Release: 1.18.2</i><br />
	182	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
183	183	</div>
184	184	<div class="left">
185	185

+3

-3

doc/html/appdev/refs/types/krb5_creds.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

202	202
203	203	<div class="footer-wrapper">
204	204	<div class="footer" >
205		<div class="right" ><i>Release: 1.17</i><br />
206		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	205	<div class="right" ><i>Release: 1.18.2</i><br />
	206	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
207	207	</div>
208	208	<div class="left">
209	209

+3

-3

doc/html/appdev/refs/types/krb5_crypto_iov.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

149	149
150	150	<div class="footer-wrapper">
151	151	<div class="footer" >
152		<div class="right" ><i>Release: 1.17</i><br />
153		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	152	<div class="right" ><i>Release: 1.18.2</i><br />
	153	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
154	154	</div>
155	155	<div class="left">
156	156

+3

-3

doc/html/appdev/refs/types/krb5_cryptotype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/types/krb5_deltat.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_enc_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/types/krb5_enc_kdc_rep_part.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

203	203
204	204	<div class="footer-wrapper">
205	205	<div class="footer" >
206		<div class="right" ><i>Release: 1.17</i><br />
207		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	206	<div class="right" ><i>Release: 1.18.2</i><br />
	207	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
208	208	</div>
209	209	<div class="left">
210	210

+3

-3

doc/html/appdev/refs/types/krb5_enc_tkt_part.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

184	184
185	185	<div class="footer-wrapper">
186	186	<div class="footer" >
187		<div class="right" ><i>Release: 1.17</i><br />
188		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	187	<div class="right" ><i>Release: 1.18.2</i><br />
	188	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
189	189	</div>
190	190	<div class="left">
191	191

+3

-3

doc/html/appdev/refs/types/krb5_encrypt_block.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/types/krb5_enctype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_error.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

196	196
197	197	<div class="footer-wrapper">
198	198	<div class="footer" >
199		<div class="right" ><i>Release: 1.17</i><br />
200		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	199	<div class="right" ><i>Release: 1.18.2</i><br />
	200	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
201	201	</div>
202	202	<div class="left">
203	203

+3

-3

doc/html/appdev/refs/types/krb5_error_code.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/types/krb5_expire_callback_func.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_flags.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_get_init_creds_opt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

192	192
193	193	<div class="footer-wrapper">
194	194	<div class="footer" >
195		<div class="right" ><i>Release: 1.17</i><br />
196		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	195	<div class="right" ><i>Release: 1.18.2</i><br />
	196	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
197	197	</div>
198	198	<div class="left">
199	199

+3

-3

doc/html/appdev/refs/types/krb5_gic_opt_pa_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/types/krb5_init_creds_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_int16.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_int32.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_kdc_rep.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

178	178
179	179	<div class="footer-wrapper">
180	180	<div class="footer" >
181		<div class="right" ><i>Release: 1.17</i><br />
182		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	181	<div class="right" ><i>Release: 1.18.2</i><br />
	182	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
183	183	</div>
184	184	<div class="left">
185	185

+3

-3

doc/html/appdev/refs/types/krb5_kdc_req.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

232	232
233	233	<div class="footer-wrapper">
234	234	<div class="footer" >
235		<div class="right" ><i>Release: 1.17</i><br />
236		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	235	<div class="right" ><i>Release: 1.18.2</i><br />
	236	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
237	237	</div>
238	238	<div class="left">
239	239

+3

-3

doc/html/appdev/refs/types/krb5_key.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/types/krb5_keyblock.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/types/krb5_keytab.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_keytab_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

166	166
167	167	<div class="footer-wrapper">
168	168	<div class="footer" >
169		<div class="right" ><i>Release: 1.17</i><br />
170		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	169	<div class="right" ><i>Release: 1.18.2</i><br />
	170	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
171	171	</div>
172	172	<div class="left">
173	173

+3

-3

doc/html/appdev/refs/types/krb5_keyusage.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_kt_cursor.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_kvno.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_last_req_entry.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/types/krb5_magic.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_mk_req_checksum_func.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/types/krb5_msgtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_octet.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_pa_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

160	160
161	161	<div class="footer-wrapper">
162	162	<div class="footer" >
163		<div class="right" ><i>Release: 1.17</i><br />
164		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
165	165	</div>
166	166	<div class="left">
167	167

+3

-3

doc/html/appdev/refs/types/krb5_pa_pac_req.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/types/krb5_pa_server_referral_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/types/krb5_pa_svr_referral_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/appdev/refs/types/krb5_pac.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/types/krb5_pointer.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_post_recv_fn.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135
136	136	<div class="footer-wrapper">
137	137	<div class="footer" >
138		<div class="right" ><i>Release: 1.17</i><br />
139		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	138	<div class="right" ><i>Release: 1.18.2</i><br />
	139	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
140	140	</div>
141	141	<div class="left">
142	142

+3

-3

doc/html/appdev/refs/types/krb5_pre_send_fn.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/appdev/refs/types/krb5_preauthtype.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_principal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/types/krb5_principal_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

162	162
163	163	<div class="footer-wrapper">
164	164	<div class="footer" >
165		<div class="right" ><i>Release: 1.17</i><br />
166		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	165	<div class="right" ><i>Release: 1.18.2</i><br />
	166	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
167	167	</div>
168	168	<div class="left">
169	169

+3

-3

doc/html/appdev/refs/types/krb5_prompt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/types/krb5_prompt_type.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_prompter_fct.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

133	133
134	134	<div class="footer-wrapper">
135	135	<div class="footer" >
136		<div class="right" ><i>Release: 1.17</i><br />
137		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	136	<div class="right" ><i>Release: 1.18.2</i><br />
	137	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
138	138	</div>
139	139	<div class="left">
140	140

+3

-3

doc/html/appdev/refs/types/krb5_pwd_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/refs/types/krb5_rcache.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_replay_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/types/krb5_responder_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/types/krb5_responder_fn.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/types/krb5_responder_otp_challenge.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/types/krb5_responder_otp_tokeninfo.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

171	171
172	172	<div class="footer-wrapper">
173	173	<div class="footer" >
174		<div class="right" ><i>Release: 1.17</i><br />
175		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	174	<div class="right" ><i>Release: 1.18.2</i><br />
	175	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
176	176	</div>
177	177	<div class="left">
178	178

+3

-3

doc/html/appdev/refs/types/krb5_responder_pkinit_challenge.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/appdev/refs/types/krb5_responder_pkinit_identity.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/appdev/refs/types/krb5_response.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/types/krb5_ticket.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/types/krb5_ticket_times.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

161	161
162	162	<div class="footer-wrapper">
163	163	<div class="footer" >
164		<div class="right" ><i>Release: 1.17</i><br />
165		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	164	<div class="right" ><i>Release: 1.18.2</i><br />
	165	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
166	166	</div>
167	167	<div class="left">
168	168

+3

-3

doc/html/appdev/refs/types/krb5_timestamp.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

134	134
135	135	<div class="footer-wrapper">
136	136	<div class="footer" >
137		<div class="right" ><i>Release: 1.17</i><br />
138		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	137	<div class="right" ><i>Release: 1.18.2</i><br />
	138	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
139	139	</div>
140	140	<div class="left">
141	141

+3

-3

doc/html/appdev/refs/types/krb5_tkt_authent.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/appdev/refs/types/krb5_tkt_creds_context.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_trace_callback.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_trace_info.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/appdev/refs/types/krb5_transited.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

154	154
155	155	<div class="footer-wrapper">
156	156	<div class="footer" >
157		<div class="right" ><i>Release: 1.17</i><br />
158		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
159	159	</div>
160	160	<div class="left">
161	161

+3

-3

doc/html/appdev/refs/types/krb5_typed_data.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

156	156
157	157	<div class="footer-wrapper">
158	158	<div class="footer" >
159		<div class="right" ><i>Release: 1.17</i><br />
160		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	159	<div class="right" ><i>Release: 1.18.2</i><br />
	160	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
161	161	</div>
162	162	<div class="left">
163	163

+3

-3

doc/html/appdev/refs/types/krb5_ui_2.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_ui_4.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

132	132
133	133	<div class="footer-wrapper">
134	134	<div class="footer" >
135		<div class="right" ><i>Release: 1.17</i><br />
136		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	135	<div class="right" ><i>Release: 1.18.2</i><br />
	136	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
137	137	</div>
138	138	<div class="left">
139	139

+3

-3

doc/html/appdev/refs/types/krb5_verify_init_creds_opt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

147	147
148	148	<div class="footer-wrapper">
149	149	<div class="footer" >
150		<div class="right" ><i>Release: 1.17</i><br />
151		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	150	<div class="right" ><i>Release: 1.18.2</i><br />
	151	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
152	152	</div>
153	153	<div class="left">
154	154

+3

-3

doc/html/appdev/refs/types/passwd_phrase_element.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../../../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+3

-3

doc/html/appdev/y2038.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

138	138
139	139	<div class="footer-wrapper">
140	140	<div class="footer" >
141		<div class="right" ><i>Release: 1.17</i><br />
142		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	141	<div class="right" ><i>Release: 1.18.2</i><br />
	142	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
143	143	</div>
144	144	<div class="left">
145	145

+11

-4

doc/html/basic/ccache_def.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

102	102	directory must already exist. In post-1.10 releases the
103	103	requirement is for parent directory to exist and the current
104	104	process must have permissions to create the directory if it does
105		not exist. See <a class="reference internal" href="#col-ccache"><span class="std std-ref">Collections of caches</span></a> for details. New in release 1.10.</p>
	105	not exist. See <a class="reference internal" href="#col-ccache"><span class="std std-ref">Collections of caches</span></a> for details. New in release 1.10.
	106	The following residual forms are supported:</p>
	107	<ul class="simple">
	108	<li>DIR:dirname</li>
	109	<li>DIR::dirpath/filename - a single cache within the directory</li>
	110	</ul>
	111	<p>Switching to a ccache of the latter type causes it to become the
	112	primary for the directory.</p>
106	113	</li>
107	114	<li><p class="first"><strong>FILE</strong> caches are the simplest and most portable. A simple flat
108	115	file format is used to store one credential after another. This is

257	264
258	265	<div class="footer-wrapper">
259	266	<div class="footer" >
260		<div class="right" ><i>Release: 1.17</i><br />
261		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	267	<div class="right" ><i>Release: 1.18.2</i><br />
	268	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
262	269	</div>
263	270	<div class="left">
264	271

+3

-3

doc/html/basic/date_format.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

312	312
313	313	<div class="footer-wrapper">
314	314	<div class="footer" >
315		<div class="right" ><i>Release: 1.17</i><br />
316		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	315	<div class="right" ><i>Release: 1.18.2</i><br />
	316	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
317	317	</div>
318	318	<div class="left">
319	319

+3

-3

doc/html/basic/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

123	123
124	124	<div class="footer-wrapper">
125	125	<div class="footer" >
126		<div class="right" ><i>Release: 1.17</i><br />
127		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	126	<div class="right" ><i>Release: 1.18.2</i><br />
	127	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
128	128	</div>
129	129	<div class="left">
130	130

+5

-7

doc/html/basic/keytab_def.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

70	70	credentials for client applications.</p>
71	71	<p>Keytabs are named using the format <em>type</em><code class="docutils literal"><span class="pre">:</span></code><em>value</em>. Usually
72	72	<em>type</em> is <code class="docutils literal"><span class="pre">FILE</span></code> and <em>value</em> is the absolute pathname of the file.
73		Other possible values for <em>type</em> are <code class="docutils literal"><span class="pre">SRVTAB</span></code>, which indicates a
74		file in the deprecated Kerberos 4 srvtab format, and <code class="docutils literal"><span class="pre">MEMORY</span></code>, which
75		indicates a temporary keytab stored in the memory of the current
76		process.</p>
	73	The other possible value for <em>type</em> is <code class="docutils literal"><span class="pre">MEMORY</span></code>, which indicates a
	74	temporary keytab stored in the memory of the current process.</p>
77	75	<p>A keytab contains one or more entries, where each entry consists of a
78	76	timestamp (indicating when the entry was written to the keytab), a
79	77	principal name, a key version number, an encryption type, and the

165	163
166	164	<div class="footer-wrapper">
167	165	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	166	<div class="right" ><i>Release: 1.18.2</i><br />
	167	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
170	168	</div>
171	169	<div class="left">
172	170

+48

-37

doc/html/basic/rcache_def.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

67	67	request is detected in the replay cache, an error message is sent to
68	68	the application program.</p>
69	69	<p>The replay cache interface, like the credential cache and
70		<a class="reference internal" href="keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> interfaces, uses <cite>type:value</cite> strings to
	70	<a class="reference internal" href="keytab_def.html#keytab-definition"><span class="std std-ref">keytab</span></a> interfaces, uses <cite>type:residual</cite> strings to
71	71	indicate the type of replay cache and any associated cache naming
72	72	data to use.</p>
73	73	<div class="section" id="background-information">

110	110	authenticator triggers some interesting action in the service being
111	111	attacked.</p>
112	112	</div>
113		<div class="section" id="default-rcache-type">
114		<h2>Default rcache type<a class="headerlink" href="#default-rcache-type" title="Permalink to this headline">¶</a></h2>
115		<p>There is currently only one implemented kind of replay cache, called
116		<strong>dfl</strong>. It stores replay data in one file, occasionally rewriting it
117		to purge old, expired entries.</p>
118		<p>The default type can be overridden by the <strong>KRB5RCACHETYPE</strong>
119		environment variable.</p>
120		<p>The placement of the replay cache file is determined by the following:</p>
	113	<div class="section" id="replay-cache-types">
	114	<h2>Replay cache types<a class="headerlink" href="#replay-cache-types" title="Permalink to this headline">¶</a></h2>
	115	<p>Unlike the credential cache and keytab interfaces, replay cache types
	116	are in lowercase. The following types are defined:</p>
121	117	<ol class="arabic simple">
122		<li>The <strong>KRB5RCACHEDIR</strong> environment variable;</li>
123		<li>If KRB5RCACHEDIR is unspecified, on UNIX, the library
124		will fall back to the environment variable <strong>TMPDIR</strong>, and then to
125		a temporary directory determined at configuration time such as
126		<em>/tmp</em> or <em>/var/tmp</em>; on Windows, it will check the environment
127		variables <em>TEMP</em> and <em>TMP</em>, and fall back to the directory C:.</li>
	118	<li><strong>none</strong> disables the replay cache. The residual value is ignored.</li>
	119	<li><strong>file2</strong> (new in release 1.18) uses a hash-based format to store
	120	replay records. The file may grow to accommodate hash collisions.
	121	The residual value is the filename.</li>
	122	<li><strong>dfl</strong> is the default type if no environment variable or
	123	configuration specifies a different type. It stores replay data in
	124	a file2 replay cache with a filename based on the effective uid.
	125	The residual value is ignored.</li>
128	126	</ol>
129		</div>
130		<div class="section" id="performance-issues">
131		<h2>Performance issues<a class="headerlink" href="#performance-issues" title="Permalink to this headline">¶</a></h2>
132		<p>Several known minor performance issues that may occur when replay
133		cache is enabled on the Kerberos system include: delays due to writing
134		the authenticator data to disk slowing down response time for very
135		heavily loaded servers, and delays during the rewrite that may be
136		unacceptable to high-performance services.</p>
137		<p>For use cases where replays are adequately defended against for all
138		protocols using a given service principal name, or where performance
139		or other considerations outweigh the risk of replays, the special
140		replay cache type “none” can be specified:</p>
141		<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">KRB5RCACHETYPE</span><span class="o">=</span><span class="n">none</span>
142		</pre></div>
143		</div>
144		<p>It doesn’t record any information about authenticators, and reports
145		that any authenticator seen is not a replay.</p>
	127	<p>For the dfl type, the location of the replay cache file is determined
	128	as follows:</p>
	129	<ol class="arabic simple">
	130	<li>The directory is taken from the <strong>KRB5RCACHEDIR</strong> environment
	131	variable, or the <strong>TMPDIR</strong> environment variable, or a temporary
	132	directory determined at configuration time such as <code class="docutils literal"><span class="pre">/var/tmp</span></code>, in
	133	descending order of preference.</li>
	134	<li>The filename is <code class="docutils literal"><span class="pre">krb5_EUID.rcache2</span></code> where EUID is the effective
	135	uid of the process.</li>
	136	<li>The file is opened without following symbolic links, and ownership
	137	of the file is verified to match the effective uid.</li>
	138	</ol>
	139	<p>On Windows, the directory for the dfl type is the local appdata
	140	directory, unless overridden by the <strong>KRB5RCACHEDIR</strong> environment
	141	variable. The filename on Windows is <code class="docutils literal"><span class="pre">krb5.rcache2</span></code>, and the file
	142	is opened normally.</p>
	143	</div>
	144	<div class="section" id="default-replay-cache-name">
	145	<h2>Default replay cache name<a class="headerlink" href="#default-replay-cache-name" title="Permalink to this headline">¶</a></h2>
	146	<p>The default replay cache name is determined by the following, in
	147	descending order of priority:</p>
	148	<ol class="arabic simple">
	149	<li>The <strong>KRB5RCACHENAME</strong> environment variable (new in release 1.18).</li>
	150	<li>The <strong>KRB5RCACHETYPE</strong> environment variable. If this variable is
	151	set, the residual value is empty.</li>
	152	<li>The <strong>default_rcache_name</strong> profile variable in <a class="reference internal" href="../admin/conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>
	153	(new in release 1.18).</li>
	154	<li>If none of the above are set, the default replay cache name is
	155	<code class="docutils literal"><span class="pre">dfl:</span></code>.</li>
	156	</ol>
146	157	</div>
147	158	</div>
148	159

156	167	<ul>
157	168	<li><a class="reference internal" href="#">replay cache</a><ul>
158	169	<li><a class="reference internal" href="#background-information">Background information</a></li>
159		<li><a class="reference internal" href="#default-rcache-type">Default rcache type</a></li>
160		<li><a class="reference internal" href="#performance-issues">Performance issues</a></li>
	170	<li><a class="reference internal" href="#replay-cache-types">Replay cache types</a></li>
	171	<li><a class="reference internal" href="#default-replay-cache-name">Default replay cache name</a></li>
161	172	</ul>
162	173	</li>
163	174	</ul>

201	212
202	213	<div class="footer-wrapper">
203	214	<div class="footer" >
204		<div class="right" ><i>Release: 1.17</i><br />
205		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	215	<div class="right" ><i>Release: 1.18.2</i><br />
	216	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
206	217	</div>
207	218	<div class="left">
208	219

+3

-3

doc/html/basic/stash_file_def.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

131	131
132	132	<div class="footer-wrapper">
133	133	<div class="footer" >
134		<div class="right" ><i>Release: 1.17</i><br />
135		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	134	<div class="right" ><i>Release: 1.18.2</i><br />
	135	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
136	136	</div>
137	137	<div class="left">
138	138

+3

-3

doc/html/build/directory_org.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

226	226
227	227	<div class="footer-wrapper">
228	228	<div class="footer" >
229		<div class="right" ><i>Release: 1.17</i><br />
230		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	229	<div class="right" ><i>Release: 1.18.2</i><br />
	230	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
231	231	</div>
232	232	<div class="left">
233	233

+3

-3

doc/html/build/doing_build.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

262	262
263	263	<div class="footer-wrapper">
264	264	<div class="footer" >
265		<div class="right" ><i>Release: 1.17</i><br />
266		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	265	<div class="right" ><i>Release: 1.18.2</i><br />
	266	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
267	267	</div>
268	268	<div class="left">
269	269

+3

-3

doc/html/build/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

171	171
172	172	<div class="footer-wrapper">
173	173	<div class="footer" >
174		<div class="right" ><i>Release: 1.17</i><br />
175		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	174	<div class="right" ><i>Release: 1.18.2</i><br />
	175	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
176	176	</div>
177	177	<div class="left">
178	178

+6

-3

doc/html/build/options2configure.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

379	379	default is to use <code class="docutils literal"><span class="pre">krb5-config</span></code> from the program path. Specify
380	380	<code class="docutils literal"><span class="pre">--without-krb5-config</span></code> to disable the use of krb5-config and
381	381	use the usual built-in defaults.</dd>
	382	<dt><strong>-</strong><strong>-without-keyutils</strong></dt>
	383	<dd>Build without libkeyutils support. This disables the KEYRING
	384	credential cache type.</dd>
382	385	</dl>
383	386	</div>
384	387	<div class="section" id="examples">

461	464
462	465	<div class="footer-wrapper">
463	466	<div class="footer" >
464		<div class="right" ><i>Release: 1.17</i><br />
465		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	467	<div class="right" ><i>Release: 1.18.2</i><br />
	468	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
466	469	</div>
467	470	<div class="left">
468	471

+3

-3

doc/html/build/osconf.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+4

-4

doc/html/build_this.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<h1>How to build this documentation from the source<a class="headerlink" href="#how-to-build-this-documentation-from-the-source" title="Permalink to this headline">¶</a></h1>
65	65	<p>Pre-requisites for a simple build, or to update man pages:</p>
66	66	<ul class="simple">
67		<li>Sphinx 1.0.4 or higher (See <a class="reference external" href="http://www.sphinx-doc.org">http://www.sphinx-doc.org</a>) with the
	67	<li>Sphinx 1.0.4 or higher (See <a class="reference external" href="https://www.sphinx-doc.org">https://www.sphinx-doc.org</a>) with the
68	68	autodoc extension installed.</li>
69	69	</ul>
70	70	<p>Additional prerequisites to include the API reference based on Doxygen

183	183
184	184	<div class="footer-wrapper">
185	185	<div class="footer" >
186		<div class="right" ><i>Release: 1.17</i><br />
187		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	186	<div class="right" ><i>Release: 1.18.2</i><br />
	187	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
188	188	</div>
189	189	<div class="left">
190	190

+4

-4

doc/html/copyright.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

62	62
63	63	<div class="section" id="copyright">
64	64	<h1>Copyright<a class="headerlink" href="#copyright" title="Permalink to this headline">¶</a></h1>
65		<p>Copyright © 1985-2019 by the Massachusetts Institute of
	65	<p>Copyright © 1985-2020 by the Massachusetts Institute of
66	66	Technology and its contributors. All rights reserved.</p>
67	67	<p>See <a class="reference internal" href="mitK5license.html#mitk5license"><span class="std std-ref">MIT Kerberos License information</span></a> for additional copyright and license
68	68	information.</p>

111	111
112	112	<div class="footer-wrapper">
113	113	<div class="footer" >
114		<div class="right" ><i>Release: 1.17</i><br />
115		© <a href="#">Copyright</a> 1985-2019, MIT.
	114	<div class="right" ><i>Release: 1.18.2</i><br />
	115	© <a href="#">Copyright</a> 1985-2020, MIT.
116	116	</div>
117	117	<div class="left">
118	118

+4

-3

doc/html/formats/ccache_file_format.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

244	244	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
245	245	<li class="toctree-l2 current"><a class="current reference internal" href="#">Credential cache file format</a></li>
246	246	<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	247	<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
247	248	<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
248	249	<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
249	250	</ul>

270	271
271	272	<div class="footer-wrapper">
272	273	<div class="footer" >
273		<div class="right" ><i>Release: 1.17</i><br />
274		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	274	<div class="right" ><i>Release: 1.18.2</i><br />
	275	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
275	276	</div>
276	277	<div class="left">
277	278

+7

-6

doc/html/formats/cookie.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../copyright.html" />
28	28	<link rel="next" title="PKINIT freshness tokens" href="freshness_token.html" />
29		<link rel="prev" title="Keytab file format" href="keytab_file_format.html" />
	29	<link rel="prev" title="Replay cache file format" href="rcache_file_format.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="keytab_file_format.html" title="Keytab file format"
	42	<a href="rcache_file_format.html" title="Replay cache file format"
43	43	accesskey="P">previous</a> \|
44	44	<a href="freshness_token.html" title="PKINIT freshness tokens"
45	45	accesskey="N">next</a> \|

176	176	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
177	177	<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
178	178	<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	179	<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
179	180	<li class="toctree-l2 current"><a class="current reference internal" href="#">KDC cookie format</a></li>
180	181	<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
181	182	</ul>

202	203
203	204	<div class="footer-wrapper">
204	205	<div class="footer" >
205		<div class="right" ><i>Release: 1.17</i><br />
206		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	206	<div class="right" ><i>Release: 1.18.2</i><br />
	207	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
207	208	</div>
208	209	<div class="left">
209	210
210	211	<a href="../index.html" title="Full Table of Contents"
211	212	>Contents</a> \|
212		<a href="keytab_file_format.html" title="Keytab file format"
	213	<a href="rcache_file_format.html" title="Replay cache file format"
213	214	>previous</a> \|
214	215	<a href="freshness_token.html" title="PKINIT freshness tokens"
215	216	>next</a> \|

+4

-3

doc/html/formats/freshness_token.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

103	103	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
104	104	<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
105	105	<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	106	<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
106	107	<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
107	108	<li class="toctree-l2 current"><a class="current reference internal" href="#">PKINIT freshness tokens</a></li>
108	109	</ul>

129	130
130	131	<div class="footer-wrapper">
131	132	<div class="footer" >
132		<div class="right" ><i>Release: 1.17</i><br />
133		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	133	<div class="right" ><i>Release: 1.18.2</i><br />
	134	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
134	135	</div>
135	136	<div class="left">
136	137

+5

-3

doc/html/formats/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

66	66	<ul>
67	67	<li class="toctree-l1"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
68	68	<li class="toctree-l1"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	69	<li class="toctree-l1"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
69	70	<li class="toctree-l1"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
70	71	<li class="toctree-l1"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
71	72	</ul>

95	96	<li class="toctree-l1 current"><a class="current reference internal" href="#">Protocols and file formats</a><ul>
96	97	<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
97	98	<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	99	<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
98	100	<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
99	101	<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
100	102	</ul>

121	123
122	124	<div class="footer-wrapper">
123	125	<div class="footer" >
124		<div class="right" ><i>Release: 1.17</i><br />
125		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	126	<div class="right" ><i>Release: 1.18.2</i><br />
	127	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
126	128	</div>
127	129	<div class="left">
128	130

+7

-6

doc/html/formats/keytab_file_format.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

25	25	<link rel="index" title="Index" href="../genindex.html" />
26	26	<link rel="search" title="Search" href="../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../copyright.html" />
28		<link rel="next" title="KDC cookie format" href="cookie.html" />
	28	<link rel="next" title="Replay cache file format" href="rcache_file_format.html" />
29	29	<link rel="prev" title="Credential cache file format" href="ccache_file_format.html" />
30	30	</head>
31	31	<body>

41	41	accesskey="C">Contents</a> \|
42	42	<a href="ccache_file_format.html" title="Credential cache file format"
43	43	accesskey="P">previous</a> \|
44		<a href="cookie.html" title="KDC cookie format"
	44	<a href="rcache_file_format.html" title="Replay cache file format"
45	45	accesskey="N">next</a> \|
46	46	<a href="../genindex.html" title="General Index"
47	47	accesskey="I">index</a> \|

133	133	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
134	134	<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
135	135	<li class="toctree-l2 current"><a class="current reference internal" href="#">Keytab file format</a></li>
	136	<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
136	137	<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
137	138	<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
138	139	</ul>

159	160
160	161	<div class="footer-wrapper">
161	162	<div class="footer" >
162		<div class="right" ><i>Release: 1.17</i><br />
163		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	163	<div class="right" ><i>Release: 1.18.2</i><br />
	164	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
164	165	</div>
165	166	<div class="left">
166	167

168	169	>Contents</a> \|
169	170	<a href="ccache_file_format.html" title="Credential cache file format"
170	171	>previous</a> \|
171		<a href="cookie.html" title="KDC cookie format"
	172	<a href="rcache_file_format.html" title="Replay cache file format"
172	173	>next</a> \|
173	174	<a href="../genindex.html" title="General Index"
174	175	>index</a> \|

+179

-0

doc/html/formats/rcache_file_format.html less more

	0
	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	2	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	3
	4	<html xmlns="http://www.w3.org/1999/xhtml">
	5	<head>
	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	7	<title>Replay cache file format — MIT Kerberos Documentation</title>
	8	<link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
	9	<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
	10	<link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
	11	<script type="text/javascript">
	12	var DOCUMENTATION_OPTIONS = {
	13	URL_ROOT: '../',
	14	VERSION: '1.18.2',
	15	COLLAPSE_INDEX: false,
	16	FILE_SUFFIX: '.html',
	17	HAS_SOURCE: true,
	18	SOURCELINK_SUFFIX: '.txt'
	19	};
	20	</script>
	21	<script type="text/javascript" src="../_static/jquery.js"></script>
	22	<script type="text/javascript" src="../_static/underscore.js"></script>
	23	<script type="text/javascript" src="../_static/doctools.js"></script>
	24	<link rel="author" title="About these documents" href="../about.html" />
	25	<link rel="index" title="Index" href="../genindex.html" />
	26	<link rel="search" title="Search" href="../search.html" />
	27	<link rel="copyright" title="Copyright" href="../copyright.html" />
	28	<link rel="next" title="KDC cookie format" href="cookie.html" />
	29	<link rel="prev" title="Keytab file format" href="keytab_file_format.html" />
	30	</head>
	31	<body>
	32	<div class="header-wrapper">
	33	<div class="header">
	34
	35
	36	<h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
	37
	38	<div class="rel">
	39
	40	<a href="../index.html" title="Full Table of Contents"
	41	accesskey="C">Contents</a> \|
	42	<a href="keytab_file_format.html" title="Keytab file format"
	43	accesskey="P">previous</a> \|
	44	<a href="cookie.html" title="KDC cookie format"
	45	accesskey="N">next</a> \|
	46	<a href="../genindex.html" title="General Index"
	47	accesskey="I">index</a> \|
	48	<a href="../search.html" title="Enter search criteria"
	49	accesskey="S">Search</a> \|
	50	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a>
	51	</div>
	52	</div>
	53	</div>
	54
	55	<div class="content-wrapper">
	56	<div class="content">
	57	<div class="document">
	58
	59	<div class="documentwrapper">
	60	<div class="bodywrapper">
	61	<div class="body" role="main">
	62
	63	<div class="section" id="replay-cache-file-format">
	64	<h1>Replay cache file format<a class="headerlink" href="#replay-cache-file-format" title="Permalink to this headline">¶</a></h1>
	65	<p>This section documents the second version of the replay cache file
	66	format, used by the “file2” replay cache type (new in release 1.18).
	67	The first version of the file replay cache format is not documented.</p>
	68	<p>All accesses to the replay cache file take place under an exclusive
	69	POSIX or Windows file lock, obtained when the file is opened and
	70	released when it is closed. Replay cache files are automatically
	71	created when first accessed.</p>
	72	<p>For each store operation, a tag is derived from the checksum part of
	73	the <span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext of the authenticator. The checksum is
	74	coerced to a fixed length of 12 bytes, either through truncation or
	75	right-padding with zero bytes. A four-byte timestamp is appended to
	76	the tag to produce a total record length of 16 bytes.</p>
	77	<p>Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4
	78	algorithm (<a class="reference external" href="https://131002.net/siphash/siphash.pdf">siphash</a>); this field is populated with random bytes when
	79	the file is first created. All remaining bytes are divided into a
	80	series of expanding hash tables:</p>
	81	<ul class="simple">
	82	<li>Bytes 16-16383: hash table 1 (1023 slots)</li>
	83	<li>Bytes 16384-49151: hash table 2 (2048 slots)</li>
	84	<li>Bytes 49152-114687: hash table 3 (4096 slots)</li>
	85	<li>…</li>
	86	</ul>
	87	<p>Only some hash tables will be present in the file at any specific
	88	time, and the final table may be only partially filled. Replay cache
	89	files may be sparse if the filesystem supports it.</p>
	90	<p>For each table present in the file, the tag is hashed with SipHash-2-4
	91	using the seed recorded in the file. The first byte of the seed is
	92	incremented by one (modulo 256) for each table after the first. The
	93	resulting hash value is taken modulo one less than the table size
	94	(1022 for the first hash table, 2047 for the second) to produce the
	95	index. The record may be found at the slot given by the index or at
	96	the next slot.</p>
	97	<p>All candidate locations for the record must be searched until a slot
	98	is found with a timestamp of zero (indicating a slot which has never
	99	been written to) or an offset is reached at or beyond the end of the
	100	file. Any candidate location with a timestamp value of zero, with a
	101	timestamp value less than the current time minus clockskew, or at or
	102	beyond the end of the file is available for writing. When all
	103	candidate locations have been searched without finding a match, the
	104	new entry is written to the earliest candidate available for writing.</p>
	105	</div>
	106
	107
	108	</div>
	109	</div>
	110	</div>
	111	</div>
	112	<div class="sidebar">
	113	<h2>On this page</h2>
	114	<ul>
	115	<li><a class="reference internal" href="#">Replay cache file format</a></li>
	116	</ul>
	117
	118	<br/>
	119	<h2>Table of contents</h2>
	120	<ul class="current">
	121	<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
	122	<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
	123	<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
	124	<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
	125	<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
	126	<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
	127	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
	128	<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
	129	<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
	130	<li class="toctree-l2 current"><a class="current reference internal" href="#">Replay cache file format</a></li>
	131	<li class="toctree-l2"><a class="reference internal" href="cookie.html">KDC cookie format</a></li>
	132	<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
	133	</ul>
	134	</li>
	135	<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
	136	<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
	137	<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
	138	<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
	139	</ul>
	140
	141	<br/>
	142	<h4><a href="../index.html">Full Table of Contents</a></h4>
	143	<h4>Search</h4>
	144	<form class="search" action="../search.html" method="get">
	145	<input type="text" name="q" size="18" />
	146	<input type="submit" value="Go" />
	147	<input type="hidden" name="check_keywords" value="yes" />
	148	<input type="hidden" name="area" value="default" />
	149	</form>
	150	</div>
	151	<div class="clearer"></div>
	152	</div>
	153	</div>
	154
	155	<div class="footer-wrapper">
	156	<div class="footer" >
	157	<div class="right" ><i>Release: 1.18.2</i><br />
	158	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
	159	</div>
	160	<div class="left">
	161
	162	<a href="../index.html" title="Full Table of Contents"
	163	>Contents</a> \|
	164	<a href="keytab_file_format.html" title="Keytab file format"
	165	>previous</a> \|
	166	<a href="cookie.html" title="KDC cookie format"
	167	>next</a> \|
	168	<a href="../genindex.html" title="General Index"
	169	>index</a> \|
	170	<a href="../search.html" title="Enter search criteria"
	171	>Search</a> \|
	172	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Replay cache file format">feedback</a>
	173	</div>
	174	</div>
	175	</div>
	176
	177	</body>
	178	</html>⏎

+3

-3

doc/html/genindex-A.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

145	145
146	146	<div class="footer-wrapper">
147	147	<div class="footer" >
148		<div class="right" ><i>Release: 1.17</i><br />
149		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	148	<div class="right" ><i>Release: 1.18.2</i><br />
	149	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
150	150	</div>
151	151	<div class="left">
152	152

+3

-3

doc/html/genindex-C.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/genindex-E.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

155	155
156	156	<div class="footer-wrapper">
157	157	<div class="footer" >
158		<div class="right" ><i>Release: 1.17</i><br />
159		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	158	<div class="right" ><i>Release: 1.18.2</i><br />
	159	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
160	160	</div>
161	161	<div class="left">
162	162

+15

-23

doc/html/genindex-K.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

430	430	</li>
431	431	<li><a href="appdev/refs/api/krb5_cc_initialize.html#c.krb5_cc_initialize">krb5_cc_initialize (C function)</a>
432	432	</li>
433		<li><a href="appdev/refs/api/krb5_cc_last_change_time.html#c.krb5_cc_last_change_time">krb5_cc_last_change_time (C function)</a>
434		</li>
435		<li><a href="appdev/refs/api/krb5_cc_lock.html#c.krb5_cc_lock">krb5_cc_lock (C function)</a>
436		</li>
437	433	<li><a href="appdev/refs/api/krb5_cc_move.html#c.krb5_cc_move">krb5_cc_move (C function)</a>
438	434	</li>
439	435	<li><a href="appdev/refs/api/krb5_cc_new_unique.html#c.krb5_cc_new_unique">krb5_cc_new_unique (C function)</a>

462	458	</li>
463	459	<li><a href="appdev/refs/api/krb5_cc_switch.html#c.krb5_cc_switch">krb5_cc_switch (C function)</a>
464	460	</li>
465		<li><a href="appdev/refs/api/krb5_cc_unlock.html#c.krb5_cc_unlock">krb5_cc_unlock (C function)</a>
466		</li>
467	461	<li><a href="appdev/refs/types/krb5_ccache.html#c.krb5_ccache">krb5_ccache (C type)</a>
468	462	</li>
469	463	<li><a href="appdev/refs/types/krb5_cccol_cursor.html#c.krb5_cccol_cursor">krb5_cccol_cursor (C type)</a>

476	470	</li>
477	471	<li><a href="appdev/refs/api/krb5_cccol_have_content.html#c.krb5_cccol_have_content">krb5_cccol_have_content (C function)</a>
478	472	</li>
479		<li><a href="appdev/refs/api/krb5_cccol_last_change_time.html#c.krb5_cccol_last_change_time">krb5_cccol_last_change_time (C function)</a>
480		</li>
481		<li><a href="appdev/refs/api/krb5_cccol_lock.html#c.krb5_cccol_lock">krb5_cccol_lock (C function)</a>
482		</li>
483		<li><a href="appdev/refs/api/krb5_cccol_unlock.html#c.krb5_cccol_unlock">krb5_cccol_unlock (C function)</a>
484		</li>
485	473	<li><a href="appdev/refs/api/krb5_change_password.html#c.krb5_change_password">krb5_change_password (C function)</a>
486	474	</li>
487	475	<li><a href="appdev/refs/api/krb5_check_clockskew.html#c.krb5_check_clockskew">krb5_check_clockskew (C function)</a>

1027	1015	<li><a href="appdev/refs/macros/KRB5_INT16_MAX.html#KRB5_INT16_MAX">KRB5_INT16_MAX (built-in variable)</a>
1028	1016	</li>
1029	1017	<li><a href="appdev/refs/macros/KRB5_INT16_MIN.html#KRB5_INT16_MIN">KRB5_INT16_MIN (built-in variable)</a>
	1018	</li>
	1019	<li><a href="appdev/refs/types/krb5_int32.html#c.krb5_int32">krb5_int32 (C type)</a>
	1020	</li>
	1021	<li><a href="appdev/refs/macros/KRB5_INT32_MAX.html#KRB5_INT32_MAX">KRB5_INT32_MAX (built-in variable)</a>
	1022	</li>
	1023	<li><a href="appdev/refs/macros/KRB5_INT32_MIN.html#KRB5_INT32_MIN">KRB5_INT32_MIN (built-in variable)</a>
	1024	</li>
	1025	<li><a href="appdev/refs/api/krb5_is_config_principal.html#c.krb5_is_config_principal">krb5_is_config_principal (C function)</a>
1030	1026	</li>
1031	1027	</ul></td>
1032	1028	<td style="width: 33%; vertical-align: top;"><ul>
1033		<li><a href="appdev/refs/types/krb5_int32.html#c.krb5_int32">krb5_int32 (C type)</a>
1034		</li>
1035		<li><a href="appdev/refs/macros/KRB5_INT32_MAX.html#KRB5_INT32_MAX">KRB5_INT32_MAX (built-in variable)</a>
1036		</li>
1037		<li><a href="appdev/refs/macros/KRB5_INT32_MIN.html#KRB5_INT32_MIN">KRB5_INT32_MIN (built-in variable)</a>
1038		</li>
1039		<li><a href="appdev/refs/api/krb5_is_config_principal.html#c.krb5_is_config_principal">krb5_is_config_principal (C function)</a>
1040		</li>
1041	1029	<li><a href="appdev/refs/api/krb5_is_referral_realm.html#c.krb5_is_referral_realm">krb5_is_referral_realm (C function)</a>
1042	1030	</li>
1043	1031	<li><a href="appdev/refs/api/krb5_is_thread_safe.html#c.krb5_is_thread_safe">krb5_is_thread_safe (C function)</a>

1432	1420	</li>
1433	1421	<li><a href="appdev/refs/api/krb5_pac_get_buffer.html#c.krb5_pac_get_buffer">krb5_pac_get_buffer (C function)</a>
1434	1422	</li>
	1423	<li><a href="appdev/refs/api/krb5_pac_get_client_info.html#c.krb5_pac_get_client_info">krb5_pac_get_client_info (C function)</a>
	1424	</li>
1435	1425	<li><a href="appdev/refs/api/krb5_pac_get_types.html#c.krb5_pac_get_types">krb5_pac_get_types (C function)</a>
1436	1426	</li>
1437	1427	<li><a href="appdev/refs/api/krb5_pac_init.html#c.krb5_pac_init">krb5_pac_init (C function)</a>

1493	1483	<li><a href="appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html#KRB5_PADATA_OTP_PIN_CHANGE">KRB5_PADATA_OTP_PIN_CHANGE (built-in variable)</a>
1494	1484	</li>
1495	1485	<li><a href="appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html#KRB5_PADATA_OTP_REQUEST">KRB5_PADATA_OTP_REQUEST (built-in variable)</a>
	1486	</li>
	1487	<li><a href="appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html#KRB5_PADATA_PAC_OPTIONS">KRB5_PADATA_PAC_OPTIONS (built-in variable)</a>
1496	1488	</li>
1497	1489	<li><a href="appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html#KRB5_PADATA_PAC_REQUEST">KRB5_PADATA_PAC_REQUEST (built-in variable)</a>
1498	1490	</li>

2041	2033
2042	2034	<div class="footer-wrapper">
2043	2035	<div class="footer" >
2044		<div class="right" ><i>Release: 1.17</i><br />
2045		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	2036	<div class="right" ><i>Release: 1.18.2</i><br />
	2037	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
2046	2038	</div>
2047	2039	<div class="left">
2048	2040

+3

-3

doc/html/genindex-L.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

109	109
110	110	<div class="footer-wrapper">
111	111	<div class="footer" >
112		<div class="right" ><i>Release: 1.17</i><br />
113		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	112	<div class="right" ><i>Release: 1.18.2</i><br />
	113	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
114	114	</div>
115	115	<div class="left">
116	116

+3

-3

doc/html/genindex-M.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

111	111
112	112	<div class="footer-wrapper">
113	113	<div class="footer" >
114		<div class="right" ><i>Release: 1.17</i><br />
115		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	114	<div class="right" ><i>Release: 1.18.2</i><br />
	115	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
116	116	</div>
117	117	<div class="left">
118	118

+3

-3

doc/html/genindex-P.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

113	113
114	114	<div class="footer-wrapper">
115	115	<div class="footer" >
116		<div class="right" ><i>Release: 1.17</i><br />
117		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	116	<div class="right" ><i>Release: 1.18.2</i><br />
	117	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
118	118	</div>
119	119	<div class="left">
120	120

+4

-4

doc/html/genindex-R.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

76	76	</li>
77	77	<li><a href="mitK5features.html#index-0">RFC 3244</a>
78	78	</li>
79		<li><a href="formats/cookie.html#index-1">RFC 3961</a>, <a href="formats/cookie.html#index-2">[1]</a>, <a href="formats/freshness_token.html#index-1">[2]</a>
	79	<li><a href="formats/cookie.html#index-1">RFC 3961</a>, <a href="formats/cookie.html#index-2">[1]</a>, <a href="formats/freshness_token.html#index-1">[2]</a>, <a href="formats/rcache_file_format.html#index-0">[3]</a>
80	80	</li>
81	81	<li><a href="plugindev/clpreauth.html#index-0">RFC 4120</a>
82	82	</li>

168	168
169	169	<div class="footer-wrapper">
170	170	<div class="footer" >
171		<div class="right" ><i>Release: 1.17</i><br />
172		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	171	<div class="right" ><i>Release: 1.18.2</i><br />
	172	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
173	173	</div>
174	174	<div class="left">
175	175

+3

-3

doc/html/genindex-S.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

109	109
110	110	<div class="footer-wrapper">
111	111	<div class="footer" >
112		<div class="right" ><i>Release: 1.17</i><br />
113		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	112	<div class="right" ><i>Release: 1.18.2</i><br />
	113	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
114	114	</div>
115	115	<div class="left">
116	116

+3

-3

doc/html/genindex-T.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/genindex-V.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

109	109
110	110	<div class="footer-wrapper">
111	111	<div class="footer" >
112		<div class="right" ><i>Release: 1.17</i><br />
113		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	112	<div class="right" ><i>Release: 1.18.2</i><br />
	113	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
114	114	</div>
115	115	<div class="left">
116	116

+16

-24

doc/html/genindex-all.html less more

12	12	<script type="text/javascript">
13	13	var DOCUMENTATION_OPTIONS = {
14	14	URL_ROOT: './',
15		VERSION: '1.17',
	15	VERSION: '1.18.2',
16	16	COLLAPSE_INDEX: false,
17	17	FILE_SUFFIX: '.html',
18	18	HAS_SOURCE: true,

591	591	</li>
592	592	<li><a href="appdev/refs/api/krb5_cc_initialize.html#c.krb5_cc_initialize">krb5_cc_initialize (C function)</a>
593	593	</li>
594		<li><a href="appdev/refs/api/krb5_cc_last_change_time.html#c.krb5_cc_last_change_time">krb5_cc_last_change_time (C function)</a>
595		</li>
596		<li><a href="appdev/refs/api/krb5_cc_lock.html#c.krb5_cc_lock">krb5_cc_lock (C function)</a>
597		</li>
598	594	<li><a href="appdev/refs/api/krb5_cc_move.html#c.krb5_cc_move">krb5_cc_move (C function)</a>
599	595	</li>
600	596	<li><a href="appdev/refs/api/krb5_cc_new_unique.html#c.krb5_cc_new_unique">krb5_cc_new_unique (C function)</a>

623	619	</li>
624	620	<li><a href="appdev/refs/api/krb5_cc_switch.html#c.krb5_cc_switch">krb5_cc_switch (C function)</a>
625	621	</li>
626		<li><a href="appdev/refs/api/krb5_cc_unlock.html#c.krb5_cc_unlock">krb5_cc_unlock (C function)</a>
627		</li>
628	622	<li><a href="appdev/refs/types/krb5_ccache.html#c.krb5_ccache">krb5_ccache (C type)</a>
629	623	</li>
630	624	<li><a href="appdev/refs/types/krb5_cccol_cursor.html#c.krb5_cccol_cursor">krb5_cccol_cursor (C type)</a>

637	631	</li>
638	632	<li><a href="appdev/refs/api/krb5_cccol_have_content.html#c.krb5_cccol_have_content">krb5_cccol_have_content (C function)</a>
639	633	</li>
640		<li><a href="appdev/refs/api/krb5_cccol_last_change_time.html#c.krb5_cccol_last_change_time">krb5_cccol_last_change_time (C function)</a>
641		</li>
642		<li><a href="appdev/refs/api/krb5_cccol_lock.html#c.krb5_cccol_lock">krb5_cccol_lock (C function)</a>
643		</li>
644		<li><a href="appdev/refs/api/krb5_cccol_unlock.html#c.krb5_cccol_unlock">krb5_cccol_unlock (C function)</a>
645		</li>
646	634	<li><a href="appdev/refs/api/krb5_change_password.html#c.krb5_change_password">krb5_change_password (C function)</a>
647	635	</li>
648	636	<li><a href="appdev/refs/api/krb5_check_clockskew.html#c.krb5_check_clockskew">krb5_check_clockskew (C function)</a>

1188	1176	<li><a href="appdev/refs/macros/KRB5_INT16_MAX.html#KRB5_INT16_MAX">KRB5_INT16_MAX (built-in variable)</a>
1189	1177	</li>
1190	1178	<li><a href="appdev/refs/macros/KRB5_INT16_MIN.html#KRB5_INT16_MIN">KRB5_INT16_MIN (built-in variable)</a>
	1179	</li>
	1180	<li><a href="appdev/refs/types/krb5_int32.html#c.krb5_int32">krb5_int32 (C type)</a>
	1181	</li>
	1182	<li><a href="appdev/refs/macros/KRB5_INT32_MAX.html#KRB5_INT32_MAX">KRB5_INT32_MAX (built-in variable)</a>
	1183	</li>
	1184	<li><a href="appdev/refs/macros/KRB5_INT32_MIN.html#KRB5_INT32_MIN">KRB5_INT32_MIN (built-in variable)</a>
	1185	</li>
	1186	<li><a href="appdev/refs/api/krb5_is_config_principal.html#c.krb5_is_config_principal">krb5_is_config_principal (C function)</a>
1191	1187	</li>
1192	1188	</ul></td>
1193	1189	<td style="width: 33%; vertical-align: top;"><ul>
1194		<li><a href="appdev/refs/types/krb5_int32.html#c.krb5_int32">krb5_int32 (C type)</a>
1195		</li>
1196		<li><a href="appdev/refs/macros/KRB5_INT32_MAX.html#KRB5_INT32_MAX">KRB5_INT32_MAX (built-in variable)</a>
1197		</li>
1198		<li><a href="appdev/refs/macros/KRB5_INT32_MIN.html#KRB5_INT32_MIN">KRB5_INT32_MIN (built-in variable)</a>
1199		</li>
1200		<li><a href="appdev/refs/api/krb5_is_config_principal.html#c.krb5_is_config_principal">krb5_is_config_principal (C function)</a>
1201		</li>
1202	1190	<li><a href="appdev/refs/api/krb5_is_referral_realm.html#c.krb5_is_referral_realm">krb5_is_referral_realm (C function)</a>
1203	1191	</li>
1204	1192	<li><a href="appdev/refs/api/krb5_is_thread_safe.html#c.krb5_is_thread_safe">krb5_is_thread_safe (C function)</a>

1593	1581	</li>
1594	1582	<li><a href="appdev/refs/api/krb5_pac_get_buffer.html#c.krb5_pac_get_buffer">krb5_pac_get_buffer (C function)</a>
1595	1583	</li>
	1584	<li><a href="appdev/refs/api/krb5_pac_get_client_info.html#c.krb5_pac_get_client_info">krb5_pac_get_client_info (C function)</a>
	1585	</li>
1596	1586	<li><a href="appdev/refs/api/krb5_pac_get_types.html#c.krb5_pac_get_types">krb5_pac_get_types (C function)</a>
1597	1587	</li>
1598	1588	<li><a href="appdev/refs/api/krb5_pac_init.html#c.krb5_pac_init">krb5_pac_init (C function)</a>

1654	1644	<li><a href="appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html#KRB5_PADATA_OTP_PIN_CHANGE">KRB5_PADATA_OTP_PIN_CHANGE (built-in variable)</a>
1655	1645	</li>
1656	1646	<li><a href="appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html#KRB5_PADATA_OTP_REQUEST">KRB5_PADATA_OTP_REQUEST (built-in variable)</a>
	1647	</li>
	1648	<li><a href="appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html#KRB5_PADATA_PAC_OPTIONS">KRB5_PADATA_PAC_OPTIONS (built-in variable)</a>
1657	1649	</li>
1658	1650	<li><a href="appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html#KRB5_PADATA_PAC_REQUEST">KRB5_PADATA_PAC_REQUEST (built-in variable)</a>
1659	1651	</li>

2223	2215	</li>
2224	2216	<li><a href="mitK5features.html#index-0">RFC 3244</a>
2225	2217	</li>
2226		<li><a href="formats/cookie.html#index-1">RFC 3961</a>, <a href="formats/cookie.html#index-2">[1]</a>, <a href="formats/freshness_token.html#index-1">[2]</a>
	2218	<li><a href="formats/cookie.html#index-1">RFC 3961</a>, <a href="formats/cookie.html#index-2">[1]</a>, <a href="formats/freshness_token.html#index-1">[2]</a>, <a href="formats/rcache_file_format.html#index-0">[3]</a>
2227	2219	</li>
2228	2220	<li><a href="plugindev/clpreauth.html#index-0">RFC 4120</a>
2229	2221	</li>

2380	2372
2381	2373	<div class="footer-wrapper">
2382	2374	<div class="footer" >
2383		<div class="right" ><i>Release: 1.17</i><br />
2384		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	2375	<div class="right" ><i>Release: 1.18.2</i><br />
	2376	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
2385	2377	</div>
2386	2378	<div class="left">
2387	2379

+3

-3

doc/html/genindex.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

117	117
118	118	<div class="footer-wrapper">
119	119	<div class="footer" >
120		<div class="right" ><i>Release: 1.17</i><br />
121		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	120	<div class="right" ><i>Release: 1.18.2</i><br />
	121	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
122	122	</div>
123	123	<div class="left">
124	124

+8

-8

doc/html/index.html less more

4	4	<html xmlns="http://www.w3.org/1999/xhtml">
5	5	<head>
6	6	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7		<title>MIT Kerberos Documentation (1.17) — MIT Kerberos Documentation</title>
	7	<title>MIT Kerberos Documentation (1.18.2) — MIT Kerberos Documentation</title>
8	8	<link rel="stylesheet" href="_static/agogo.css" type="text/css" />
9	9	<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
10	10	<link rel="stylesheet" href="_static/kerb.css" type="text/css" />
11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

44	44	accesskey="I">index</a> \|
45	45	<a href="search.html" title="Enter search criteria"
46	46	accesskey="S">Search</a> \|
47		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos Documentation (1.17)">feedback</a>
	47	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos Documentation (1.18.2)">feedback</a>
48	48	</div>
49	49	</div>
50	50	</div>

58	58	<div class="body" role="main">
59	59
60	60	<div class="section" id="mit-kerberos-documentation-release">
61		<h1>MIT Kerberos Documentation (1.17)<a class="headerlink" href="#mit-kerberos-documentation-release" title="Permalink to this headline">¶</a></h1>
	61	<h1>MIT Kerberos Documentation (1.18.2)<a class="headerlink" href="#mit-kerberos-documentation-release" title="Permalink to this headline">¶</a></h1>
62	62	<div class="toctree-wrapper compound">
63	63	<ul>
64	64	<li class="toctree-l1"><a class="reference internal" href="user/index.html">For users</a></li>

84	84	<div class="sidebar">
85	85	<h2>On this page</h2>
86	86	<ul>
87		<li><a class="reference internal" href="#">MIT Kerberos Documentation (1.17)</a></li>
	87	<li><a class="reference internal" href="#">MIT Kerberos Documentation (1.18.2)</a></li>
88	88	</ul>
89	89
90	90	<br/>

119	119
120	120	<div class="footer-wrapper">
121	121	<div class="footer" >
122		<div class="right" ><i>Release: 1.17</i><br />
123		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	122	<div class="right" ><i>Release: 1.18.2</i><br />
	123	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
124	124	</div>
125	125	<div class="left">
126	126

132	132	>index</a> \|
133	133	<a href="search.html" title="Enter search criteria"
134	134	>Search</a> \|
135		<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos Documentation (1.17)">feedback</a>
	135	<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__MIT Kerberos Documentation (1.18.2)">feedback</a>
136	136	</div>
137	137	</div>
138	138	</div>

+25

-21

doc/html/mitK5defaults.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

93	93	<td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kdc.conf</span></code></td>
94	94	<td><strong>KRB5_KDC_PROFILE</strong></td>
95	95	</tr>
96		<tr class="row-even"><td>KDC database path (DB2)</td>
	96	<tr class="row-even"><td>GSS mechanism config file</td>
	97	<td><a class="reference internal" href="#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech</span></code></td>
	98	<td><strong>GSS_MECH_CONFIG</strong></td>
	99	</tr>
	100	<tr class="row-odd"><td>KDC database path (DB2)</td>
97	101	<td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/principal</span></code></td>
98	102	<td> </td>
99	103	</tr>
100		<tr class="row-odd"><td>Master key <a class="reference internal" href="basic/stash_file_def.html#stash-definition"><span class="std std-ref">stash file</span></a></td>
	104	<tr class="row-even"><td>Master key <a class="reference internal" href="basic/stash_file_def.html#stash-definition"><span class="std std-ref">stash file</span></a></td>
101	105	<td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/.k5.</span></code><em>realm</em></td>
102	106	<td> </td>
103	107	</tr>
104		<tr class="row-even"><td>Admin server ACL file <a class="reference internal" href="admin/conf_files/kadm5_acl.html#kadm5-acl-5"><span class="std std-ref">kadm5.acl</span></a></td>
	108	<tr class="row-odd"><td>Admin server ACL file <a class="reference internal" href="admin/conf_files/kadm5_acl.html#kadm5-acl-5"><span class="std std-ref">kadm5.acl</span></a></td>
105	109	<td><a class="reference internal" href="#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kadm5.acl</span></code></td>
106	110	<td> </td>
107	111	</tr>
108		<tr class="row-odd"><td>OTP socket directory</td>
	112	<tr class="row-even"><td>OTP socket directory</td>
109	113	<td><a class="reference internal" href="#paths"><span class="std std-ref">RUNSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code></td>
110	114	<td> </td>
111	115	</tr>
112		<tr class="row-even"><td>Plugin base directory</td>
	116	<tr class="row-odd"><td>Plugin base directory</td>
113	117	<td><a class="reference internal" href="#paths"><span class="std std-ref">LIBDIR</span></a><code class="docutils literal"><span class="pre">/krb5/plugins</span></code></td>
114	118	<td> </td>
115	119	</tr>
116		<tr class="row-odd"><td><a class="reference internal" href="basic/rcache_def.html#rcache-definition"><span class="std std-ref">replay cache</span></a> directory</td>
	120	<tr class="row-even"><td><a class="reference internal" href="basic/rcache_def.html#rcache-definition"><span class="std std-ref">replay cache</span></a> directory</td>
117	121	<td><code class="docutils literal"><span class="pre">/var/tmp</span></code></td>
118	122	<td><strong>KRB5RCACHEDIR</strong></td>
119	123	</tr>
120		<tr class="row-even"><td>Master key default enctype</td>
	124	<tr class="row-odd"><td>Master key default enctype</td>
121	125	<td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span></code></td>
122	126	<td> </td>
123	127	</tr>
124		<tr class="row-odd"><td>Default <a class="reference internal" href="admin/conf_files/kdc_conf.html#keysalt-lists"><span class="std std-ref">keysalt list</span></a></td>
125		<td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96:normal</span> <span class="pre">aes128-cts-hmac-sha1-96:normal</span> <span class="pre">des3-cbc-sha1:normal</span> <span class="pre">arcfour-hmac-md5:normal</span></code></td>
126		<td> </td>
127		</tr>
128		<tr class="row-even"><td>Permitted enctypes</td>
129		<td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span> <span class="pre">des-cbc-crc</span> <span class="pre">des-cbc-md5</span> <span class="pre">des-cbc-md4</span></code></td>
130		<td> </td>
131		</tr>
132		<tr class="row-odd"><td>KDC default port</td>
	128	<tr class="row-even"><td>Default <a class="reference internal" href="admin/conf_files/kdc_conf.html#keysalt-lists"><span class="std std-ref">keysalt list</span></a></td>
	129	<td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96:normal</span> <span class="pre">aes128-cts-hmac-sha1-96:normal</span></code></td>
	130	<td> </td>
	131	</tr>
	132	<tr class="row-odd"><td>Permitted enctypes</td>
	133	<td><code class="docutils literal"><span class="pre">aes256-cts-hmac-sha1-96</span> <span class="pre">aes128-cts-hmac-sha1-96</span> <span class="pre">aes256-cts-hmac-sha384-192</span> <span class="pre">aes128-cts-hmac-sha256-128</span> <span class="pre">des3-cbc-sha1</span> <span class="pre">arcfour-hmac-md5</span> <span class="pre">camellia256-cts-cmac</span> <span class="pre">camellia128-cts-cmac</span></code></td>
	134	<td> </td>
	135	</tr>
	136	<tr class="row-even"><td>KDC default port</td>
133	137	<td>88</td>
134	138	<td> </td>
135	139	</tr>
136		<tr class="row-even"><td>Admin server port</td>
	140	<tr class="row-odd"><td>Admin server port</td>
137	141	<td>749</td>
138	142	<td> </td>
139	143	</tr>
140		<tr class="row-odd"><td>Password change port</td>
	144	<tr class="row-even"><td>Password change port</td>
141	145	<td>464</td>
142	146	<td> </td>
143	147	</tr>

333	337
334	338	<div class="footer-wrapper">
335	339	<div class="footer" >
336		<div class="right" ><i>Release: 1.17</i><br />
337		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	340	<div class="right" ><i>Release: 1.18.2</i><br />
	341	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
338	342	</div>
339	343	<div class="left">
340	344

+66

-8

doc/html/mitK5features.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

71	71	<dl class="docutils">
72	72	<dt>Releases:</dt>
73	73	<dd><ul class="first last simple">
74		<li>Latest stable: <a class="reference external" href="https://web.mit.edu/kerberos/krb5-1.17/">https://web.mit.edu/kerberos/krb5-1.17/</a></li>
75		<li>Supported: <a class="reference external" href="https://web.mit.edu/kerberos/krb5-1.16/">https://web.mit.edu/kerberos/krb5-1.16/</a></li>
76		<li>Release cycle: 9 – 12 months</li>
	74	<li>Latest stable: <a class="reference external" href="https://web.mit.edu/kerberos/krb5-1.18/">https://web.mit.edu/kerberos/krb5-1.18/</a></li>
	75	<li>Supported: <a class="reference external" href="https://web.mit.edu/kerberos/krb5-1.17/">https://web.mit.edu/kerberos/krb5-1.17/</a></li>
	76	<li>Release cycle: approximately 12 months</li>
77	77	</ul>
78	78	</dd>
79	79	<dt>Supported platforms / OS distributions:</dt>

93	93	</dl>
94	94	<p>Database backends: LDAP, DB2, LMDB</p>
95	95	<p>krb4 support: Kerberos 5 release < 1.8</p>
96		<p>DES support: configurable (See <a class="reference internal" href="admin/advanced/retiring-des.html#retiring-des"><span class="std std-ref">Retiring DES</span></a>)</p>
	96	<p>DES support: Kerberos 5 release < 1.18 (See <a class="reference internal" href="admin/advanced/retiring-des.html#retiring-des"><span class="std std-ref">Retiring DES</span></a>)</p>
97	97	</div>
98	98	<div class="section" id="interoperability">
99	99	<h2>Interoperability<a class="headerlink" href="#interoperability" title="Permalink to this headline">¶</a></h2>

162	162	<li>Plugin to test password quality <a class="reference internal" href="plugindev/pwqual.html#pwqual-plugin"><span class="std std-ref">Password quality interface (pwqual)</span></a></li>
163	163	<li>Plugin to synchronize password changes <a class="reference internal" href="plugindev/kadm5_hook.html#kadm5-hook-plugin"><span class="std std-ref">KADM5 hook interface (kadm5_hook)</span></a></li>
164	164	<li>Parallel KDC</li>
165		<li>GSS-API extentions for SASL GS2 bridge <span class="target" id="index-8"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc5801.html"><strong>RFC 5801</strong></a> <span class="target" id="index-9"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc5587.html"><strong>RFC 5587</strong></a></li>
	165	<li>GSS-API extensions for SASL GS2 bridge <span class="target" id="index-8"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc5801.html"><strong>RFC 5801</strong></a> <span class="target" id="index-9"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc5587.html"><strong>RFC 5587</strong></a></li>
166	166	<li>Purging old keys</li>
167	167	<li>Naming extensions for delegation chain</li>
168	168	<li>Password expiration API</li>

496	496	</ul>
497	497	</li>
498	498	</ul>
	499	<p>Release 1.18</p>
	500	<ul class="simple">
	501	<li>Administrator experience:<ul>
	502	<li>Remove support for single-DES encryption types.</li>
	503	<li>Change the replay cache format to be more efficient and robust.
	504	Replay cache filenames using the new format end with <code class="docutils literal"><span class="pre">.rcache2</span></code>
	505	by default.</li>
	506	<li>setuid programs will automatically ignore environment variables
	507	that normally affect krb5 API functions, even if the caller does
	508	not use krb5_init_secure_context().</li>
	509	<li>Add an <code class="docutils literal"><span class="pre">enforce_ok_as_delegate</span></code> krb5.conf relation to disable
	510	credential forwarding during GSSAPI authentication unless the KDC
	511	sets the ok-as-delegate bit in the service ticket.</li>
	512	<li>Use the <code class="docutils literal"><span class="pre">permitted_enctypes</span></code> krb5.conf setting as the default
	513	value for <code class="docutils literal"><span class="pre">default_tkt_enctypes</span></code> and <code class="docutils literal"><span class="pre">default_tgs_enctypes</span></code>.</li>
	514	</ul>
	515	</li>
	516	<li>Developer experience:<ul>
	517	<li>Implement krb5_cc_remove_cred() for all credential cache types.</li>
	518	<li>Add the krb5_pac_get_client_info() API to get the client account
	519	name from a PAC.</li>
	520	</ul>
	521	</li>
	522	<li>Protocol evolution:<ul>
	523	<li>Add KDC support for S4U2Self requests where the user is identified
	524	by X.509 certificate. (Requires support for certificate lookup
	525	from a third-party KDB module.)</li>
	526	<li>Remove support for an old (“draft 9”) variant of PKINIT.</li>
	527	<li>Add support for Microsoft NegoEx. (Requires one or more
	528	third-party GSS modules implementing NegoEx mechanisms.)</li>
	529	<li>Honor the transited-policy-checked ticket flag on application
	530	servers, eliminating the requirement to configure capaths on
	531	servers in some scenarios.</li>
	532	</ul>
	533	</li>
	534	<li>User experience:<ul>
	535	<li>Add support for <code class="docutils literal"><span class="pre">dns_canonicalize_hostname=fallback</span></code>, causing
	536	host-based principal names to be tried first without DNS
	537	canonicalization, and again with DNS canonicalization if the
	538	un-canonicalized server is not found.</li>
	539	<li>Expand single-component hostnames in host-based principal names
	540	when DNS canonicalization is not used, adding the system’s first
	541	DNS search path as a suffix. Add a <code class="docutils literal"><span class="pre">qualify_shortname</span></code>
	542	krb5.conf relation to override this suffix or disable expansion.</li>
	543	</ul>
	544	</li>
	545	<li>Code quality:<ul>
	546	<li>The libkrb5 serialization code (used to export and import krb5 GSS
	547	security contexts) has been simplified and made type-safe.</li>
	548	<li>The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
	549	messages has been revised to conform to current coding practices.</li>
	550	<li>The test suite has been modified to work with macOS System
	551	Integrity Protection enabled.</li>
	552	<li>The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
	553	support can always be tested.</li>
	554	</ul>
	555	</li>
	556	</ul>
499	557	<p><cite>Pre-authentication mechanisms</cite></p>
500	558	<ul class="simple">
501	559	<li>PW-SALT <span class="target" id="index-11"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc4120.html#section-5.2.7.3"><strong>RFC 4120#section-5.2.7.3</strong></a></li>

567	625
568	626	<div class="footer-wrapper">
569	627	<div class="footer" >
570		<div class="right" ><i>Release: 1.17</i><br />
571		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	628	<div class="right" ><i>Release: 1.18.2</i><br />
	629	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
572	630	</div>
573	631	<div class="left">
574	632

+4

-4

doc/html/mitK5license.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

64	64	<span id="mitk5license"></span><h1>MIT Kerberos License information<a class="headerlink" href="#mit-kerberos-license-information" title="Permalink to this headline">¶</a></h1>
65	65	<div class="toctree-wrapper compound">
66	66	</div>
67		<p>Copyright © 1985-2019 by the Massachusetts Institute of Technology.</p>
	67	<p>Copyright © 1985-2020 by the Massachusetts Institute of Technology.</p>
68	68	<p>All rights reserved.</p>
69	69	<p>Redistribution and use in source and binary forms, with or without
70	70	modification, are permitted provided that the following conditions are

1295	1295
1296	1296	<div class="footer-wrapper">
1297	1297	<div class="footer" >
1298		<div class="right" ><i>Release: 1.17</i><br />
1299		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	1298	<div class="right" ><i>Release: 1.18.2</i><br />
	1299	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
1300	1300	</div>
1301	1301	<div class="left">
1302	1302

doc/html/objects.inv less more

Binary diff not shown

+3

-3

doc/html/plugindev/ccselect.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/plugindev/certauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/plugindev/clpreauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

168	168
169	169	<div class="footer-wrapper">
170	170	<div class="footer" >
171		<div class="right" ><i>Release: 1.17</i><br />
172		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	171	<div class="right" ><i>Release: 1.18.2</i><br />
	172	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
173	173	</div>
174	174	<div class="left">
175	175

+3

-3

doc/html/plugindev/general.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

223	223
224	224	<div class="footer-wrapper">
225	225	<div class="footer" >
226		<div class="right" ><i>Release: 1.17</i><br />
227		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	226	<div class="right" ><i>Release: 1.18.2</i><br />
	227	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
228	228	</div>
229	229	<div class="left">
230	230

+31

-9

doc/html/plugindev/gssapi.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

66	66	the set of built-in mechanisms.</p>
67	67	<p>A mechanism module is a Unix shared object or Windows DLL, built
68	68	separately from the krb5 tree. Modules are loaded according to the
69		<code class="docutils literal"><span class="pre">/etc/gss/mech</span></code> or <code class="docutils literal"><span class="pre">/etc/gss/mech.d/*.conf</span></code> config files, as
70		described in <a class="reference internal" href="../admin/host_config.html#gssapi-plugin-config"><span class="std std-ref">GSSAPI mechanism modules</span></a>.</p>
	69	GSS mechanism config files described in <a class="reference internal" href="../admin/host_config.html#gssapi-plugin-config"><span class="std std-ref">GSSAPI mechanism modules</span></a>.</p>
71	70	<p>For the most part, a GSSAPI mechanism module exports the same
72	71	functions as would a GSSAPI implementation itself, with the same
73	72	function signatures. The mechanism selection layer within the GSSAPI

84	83	of other mechanisms. If the mechglue detects conflicts, it will map
85	84	the mechanism’s status codes onto unique values, and then map them
86	85	back again when <strong>gss_display_status</strong> is called.</p>
	86	<div class="section" id="negoex-modules">
	87	<h2>NegoEx modules<a class="headerlink" href="#negoex-modules" title="Permalink to this headline">¶</a></h2>
	88	<p>Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft
	89	extension to SPNEGO called NegoEx. Beginning with release 1.18,
	90	mechanism modules can support NegoEx as follows:</p>
	91	<ul class="simple">
	92	<li>Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(),
	93	and gssspi_query_mechanism_info() SPIs declared in
	94	<code class="docutils literal"><span class="pre"><gssapi/gssapi_ext.h></span></code>.</li>
	95	<li>Implement gss_inquire_sec_context_by_oid() and answer the
	96	<strong>GSS_C_INQ_NEGOEX_KEY</strong> and <strong>GSS_C_INQ_NEGOEX_VERIFY_KEY</strong> OIDs
	97	to provide the checksum keys for outgoing and incoming checksums,
	98	respectively. The answer must be in two buffers: the first buffer
	99	contains the key contents, and the second buffer contains the key
	100	encryption type as a four-byte little-endian integer.</li>
	101	</ul>
	102	<p>By default, NegoEx mechanisms will not be directly negotiated via
	103	SPNEGO. If direct SPNEGO negotiation is required for
	104	interoperability, implement gss_inquire_attrs_for_mech() and assert
	105	the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable
	106	RFC 5587 attributes).</p>
	107	</div>
87	108	<div class="section" id="interposer-modules">
88	109	<h2>Interposer modules<a class="headerlink" href="#interposer-modules" title="Permalink to this headline">¶</a></h2>
89	110	<p>The mechglue also supports a kind of loadable module, called an

95	116	</pre></div>
96	117	</div>
97	118	<p>This function is invoked with the OID of the interposer mechanism as
98		specified in <code class="docutils literal"><span class="pre">/etc/gss/mech</span></code> or in a <code class="docutils literal"><span class="pre">/etc/gss/mech.d/*.conf</span></code>
99		file, and returns a set of mechanism OIDs to be interposed. The
100		returned OID set must have been created using the mechglue’s
101		gss_create_empty_oid_set and gss_add_oid_set_member functions.</p>
	119	specified in the mechanism config file, and returns a set of mechanism
	120	OIDs to be interposed. The returned OID set must have been created
	121	using the mechglue’s gss_create_empty_oid_set and
	122	gss_add_oid_set_member functions.</p>
102	123	<p>An interposer module must use the prefix <code class="docutils literal"><span class="pre">gssi_</span></code> for the GSSAPI
103	124	functions it exports, instead of the prefix <code class="docutils literal"><span class="pre">gss_</span></code>.</p>
104	125	<p>An interposer module can link against the GSSAPI library in order to

156	177	<h2>On this page</h2>
157	178	<ul>
158	179	<li><a class="reference internal" href="#">GSSAPI mechanism interface</a><ul>
	180	<li><a class="reference internal" href="#negoex-modules">NegoEx modules</a></li>
159	181	<li><a class="reference internal" href="#interposer-modules">Interposer modules</a></li>
160	182	</ul>
161	183	</li>

210	232
211	233	<div class="footer-wrapper">
212	234	<div class="footer" >
213		<div class="right" ><i>Release: 1.17</i><br />
214		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	235	<div class="right" ><i>Release: 1.18.2</i><br />
	236	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
215	237	</div>
216	238	<div class="left">
217	239

+3

-3

doc/html/plugindev/hostrealm.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

151	151
152	152	<div class="footer-wrapper">
153	153	<div class="footer" >
154		<div class="right" ><i>Release: 1.17</i><br />
155		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	154	<div class="right" ><i>Release: 1.18.2</i><br />
	155	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
156	156	</div>
157	157	<div class="left">
158	158

+4

-3

doc/html/plugindev/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

87	87	<li class="toctree-l1"><a class="reference internal" href="locate.html">Server location interface (locate)</a></li>
88	88	<li class="toctree-l1"><a class="reference internal" href="profile.html">Configuration interface (profile)</a></li>
89	89	<li class="toctree-l1"><a class="reference internal" href="gssapi.html">GSSAPI mechanism interface</a><ul>
	90	<li class="toctree-l2"><a class="reference internal" href="gssapi.html#negoex-modules">NegoEx modules</a></li>
90	91	<li class="toctree-l2"><a class="reference internal" href="gssapi.html#interposer-modules">Interposer modules</a></li>
91	92	</ul>
92	93	</li>

165	166
166	167	<div class="footer-wrapper">
167	168	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	169	<div class="right" ><i>Release: 1.18.2</i><br />
	170	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
170	171	</div>
171	172	<div class="left">
172	173

+3

-3

doc/html/plugindev/internal.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152
153	153	<div class="footer-wrapper">
154	154	<div class="footer" >
155		<div class="right" ><i>Release: 1.17</i><br />
156		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	155	<div class="right" ><i>Release: 1.18.2</i><br />
	156	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
157	157	</div>
158	158	<div class="left">
159	159

+3

-3

doc/html/plugindev/kadm5_auth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/plugindev/kadm5_hook.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

143	143
144	144	<div class="footer-wrapper">
145	145	<div class="footer" >
146		<div class="right" ><i>Release: 1.17</i><br />
147		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	146	<div class="right" ><i>Release: 1.18.2</i><br />
	147	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
148	148	</div>
149	149	<div class="left">
150	150

+3

-3

doc/html/plugindev/kdcpolicy.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

141	141
142	142	<div class="footer-wrapper">
143	143	<div class="footer" >
144		<div class="right" ><i>Release: 1.17</i><br />
145		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	144	<div class="right" ><i>Release: 1.18.2</i><br />
	145	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
146	146	</div>
147	147	<div class="left">
148	148

+3

-3

doc/html/plugindev/kdcpreauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

188	188
189	189	<div class="footer-wrapper">
190	190	<div class="footer" >
191		<div class="right" ><i>Release: 1.17</i><br />
192		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	191	<div class="right" ><i>Release: 1.18.2</i><br />
	192	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
193	193	</div>
194	194	<div class="left">
195	195

+3

-3

doc/html/plugindev/localauth.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

157	157
158	158	<div class="footer-wrapper">
159	159	<div class="footer" >
160		<div class="right" ><i>Release: 1.17</i><br />
161		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	160	<div class="right" ><i>Release: 1.18.2</i><br />
	161	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
162	162	</div>
163	163	<div class="left">
164	164

+3

-3

doc/html/plugindev/locate.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

146	146
147	147	<div class="footer-wrapper">
148	148	<div class="footer" >
149		<div class="right" ><i>Release: 1.17</i><br />
150		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	149	<div class="right" ><i>Release: 1.18.2</i><br />
	150	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
151	151	</div>
152	152	<div class="left">
153	153

+3

-3

doc/html/plugindev/profile.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

210	210
211	211	<div class="footer-wrapper">
212	212	<div class="footer" >
213		<div class="right" ><i>Release: 1.17</i><br />
214		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	213	<div class="right" ><i>Release: 1.18.2</i><br />
	214	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
215	215	</div>
216	216	<div class="left">
217	217

+3

-3

doc/html/plugindev/pwqual.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

142	142
143	143	<div class="footer-wrapper">
144	144	<div class="footer" >
145		<div class="right" ><i>Release: 1.17</i><br />
146		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	145	<div class="right" ><i>Release: 1.18.2</i><br />
	146	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
147	147	</div>
148	148	<div class="left">
149	149

+3

-3

doc/html/resources.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

163	163
164	164	<div class="footer-wrapper">
165	165	<div class="footer" >
166		<div class="right" ><i>Release: 1.17</i><br />
167		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	166	<div class="right" ><i>Release: 1.18.2</i><br />
	167	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
168	168	</div>
169	169	<div class="left">
170	170

+3

-3

doc/html/search.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: './',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

125	125
126	126	<div class="footer-wrapper">
127	127	<div class="footer" >
128		<div class="right" ><i>Release: 1.17</i><br />
129		© <a href="copyright.html">Copyright</a> 1985-2019, MIT.
	128	<div class="right" ><i>Release: 1.18.2</i><br />
	129	© <a href="copyright.html">Copyright</a> 1985-2020, MIT.
130	130	</div>
131	131	<div class="left">
132	132

+1

-1

doc/html/searchindex.js less more

0		Search.setIndex({docnames:["about","admin/admin_commands/index","admin/admin_commands/k5srvutil","admin/admin_commands/kadmin_local","admin/admin_commands/kadmind","admin/admin_commands/kdb5_ldap_util","admin/admin_commands/kdb5_util","admin/admin_commands/kprop","admin/admin_commands/kpropd","admin/admin_commands/kproplog","admin/admin_commands/krb5kdc","admin/admin_commands/ktutil","admin/admin_commands/sserver","admin/advanced/index","admin/advanced/ldapbackend","admin/advanced/retiring-des","admin/appl_servers","admin/auth_indicator","admin/backup_host","admin/conf_files/index","admin/conf_files/kadm5_acl","admin/conf_files/kdc_conf","admin/conf_files/krb5_conf","admin/conf_ldap","admin/database","admin/dbtypes","admin/dictionary","admin/enctypes","admin/env_variables","admin/host_config","admin/https","admin/index","admin/install","admin/install_appl_srv","admin/install_clients","admin/install_kdc","admin/lockout","admin/otp","admin/pkinit","admin/princ_dns","admin/realm_config","admin/spake","admin/troubleshoot","admin/various_envs","appdev/gssapi","appdev/h5l_mit_apidiff","appdev/index","appdev/init_creds","appdev/princ_handle","appdev/refs/api/index","appdev/refs/api/krb5_425_conv_principal","appdev/refs/api/krb5_524_conv_principal","appdev/refs/api/krb5_524_convert_creds","appdev/refs/api/krb5_address_compare","appdev/refs/api/krb5_address_order","appdev/refs/api/krb5_address_search","appdev/refs/api/krb5_allow_weak_crypto","appdev/refs/api/krb5_aname_to_localname","appdev/refs/api/krb5_anonymous_principal","appdev/refs/api/krb5_anonymous_realm","appdev/refs/api/krb5_appdefault_boolean","appdev/refs/api/krb5_appdefault_string","appdev/refs/api/krb5_auth_con_free","appdev/refs/api/krb5_auth_con_genaddrs","appdev/refs/api/krb5_auth_con_get_checksum_func","appdev/refs/api/krb5_auth_con_getaddrs","appdev/refs/api/krb5_auth_con_getauthenticator","appdev/refs/api/krb5_auth_con_getflags","appdev/refs/api/krb5_auth_con_getkey","appdev/refs/api/krb5_auth_con_getkey_k","appdev/refs/api/krb5_auth_con_getlocalseqnumber","appdev/refs/api/krb5_auth_con_getlocalsubkey","appdev/refs/api/krb5_auth_con_getrcache","appdev/refs/api/krb5_auth_con_getrecvsubkey","appdev/refs/api/krb5_auth_con_getrecvsubkey_k","appdev/refs/api/krb5_auth_con_getremoteseqnumber","appdev/refs/api/krb5_auth_con_getremotesubkey","appdev/refs/api/krb5_auth_con_getsendsubkey","appdev/refs/api/krb5_auth_con_getsendsubkey_k","appdev/refs/api/krb5_auth_con_init","appdev/refs/api/krb5_auth_con_initivector","appdev/refs/api/krb5_auth_con_set_checksum_func","appdev/refs/api/krb5_auth_con_set_req_cksumtype","appdev/refs/api/krb5_auth_con_setaddrs","appdev/refs/api/krb5_auth_con_setflags","appdev/refs/api/krb5_auth_con_setports","appdev/refs/api/krb5_auth_con_setrcache","appdev/refs/api/krb5_auth_con_setrecvsubkey","appdev/refs/api/krb5_auth_con_setrecvsubkey_k","appdev/refs/api/krb5_auth_con_setsendsubkey","appdev/refs/api/krb5_auth_con_setsendsubkey_k","appdev/refs/api/krb5_auth_con_setuseruserkey","appdev/refs/api/krb5_build_principal","appdev/refs/api/krb5_build_principal_alloc_va","appdev/refs/api/krb5_build_principal_ext","appdev/refs/api/krb5_build_principal_va","appdev/refs/api/krb5_c_block_size","appdev/refs/api/krb5_c_checksum_length","appdev/refs/api/krb5_c_crypto_length","appdev/refs/api/krb5_c_crypto_length_iov","appdev/refs/api/krb5_c_decrypt","appdev/refs/api/krb5_c_decrypt_iov","appdev/refs/api/krb5_c_derive_prfplus","appdev/refs/api/krb5_c_encrypt","appdev/refs/api/krb5_c_encrypt_iov","appdev/refs/api/krb5_c_encrypt_length","appdev/refs/api/krb5_c_enctype_compare","appdev/refs/api/krb5_c_free_state","appdev/refs/api/krb5_c_fx_cf2_simple","appdev/refs/api/krb5_c_init_state","appdev/refs/api/krb5_c_is_coll_proof_cksum","appdev/refs/api/krb5_c_is_keyed_cksum","appdev/refs/api/krb5_c_keyed_checksum_types","appdev/refs/api/krb5_c_keylengths","appdev/refs/api/krb5_c_make_checksum","appdev/refs/api/krb5_c_make_checksum_iov","appdev/refs/api/krb5_c_make_random_key","appdev/refs/api/krb5_c_padding_length","appdev/refs/api/krb5_c_prf","appdev/refs/api/krb5_c_prf_length","appdev/refs/api/krb5_c_prfplus","appdev/refs/api/krb5_c_random_add_entropy","appdev/refs/api/krb5_c_random_make_octets","appdev/refs/api/krb5_c_random_os_entropy","appdev/refs/api/krb5_c_random_seed","appdev/refs/api/krb5_c_random_to_key","appdev/refs/api/krb5_c_string_to_key","appdev/refs/api/krb5_c_string_to_key_with_params","appdev/refs/api/krb5_c_valid_cksumtype","appdev/refs/api/krb5_c_valid_enctype","appdev/refs/api/krb5_c_verify_checksum","appdev/refs/api/krb5_c_verify_checksum_iov","appdev/refs/api/krb5_calculate_checksum","appdev/refs/api/krb5_cc_cache_match","appdev/refs/api/krb5_cc_close","appdev/refs/api/krb5_cc_copy_creds","appdev/refs/api/krb5_cc_default","appdev/refs/api/krb5_cc_default_name","appdev/refs/api/krb5_cc_destroy","appdev/refs/api/krb5_cc_dup","appdev/refs/api/krb5_cc_end_seq_get","appdev/refs/api/krb5_cc_gen_new","appdev/refs/api/krb5_cc_get_config","appdev/refs/api/krb5_cc_get_flags","appdev/refs/api/krb5_cc_get_full_name","appdev/refs/api/krb5_cc_get_name","appdev/refs/api/krb5_cc_get_principal","appdev/refs/api/krb5_cc_get_type","appdev/refs/api/krb5_cc_initialize","appdev/refs/api/krb5_cc_last_change_time","appdev/refs/api/krb5_cc_lock","appdev/refs/api/krb5_cc_move","appdev/refs/api/krb5_cc_new_unique","appdev/refs/api/krb5_cc_next_cred","appdev/refs/api/krb5_cc_remove_cred","appdev/refs/api/krb5_cc_resolve","appdev/refs/api/krb5_cc_retrieve_cred","appdev/refs/api/krb5_cc_select","appdev/refs/api/krb5_cc_set_config","appdev/refs/api/krb5_cc_set_default_name","appdev/refs/api/krb5_cc_set_flags","appdev/refs/api/krb5_cc_start_seq_get","appdev/refs/api/krb5_cc_store_cred","appdev/refs/api/krb5_cc_support_switch","appdev/refs/api/krb5_cc_switch","appdev/refs/api/krb5_cc_unlock","appdev/refs/api/krb5_cccol_cursor_free","appdev/refs/api/krb5_cccol_cursor_new","appdev/refs/api/krb5_cccol_cursor_next","appdev/refs/api/krb5_cccol_have_content","appdev/refs/api/krb5_cccol_last_change_time","appdev/refs/api/krb5_cccol_lock","appdev/refs/api/krb5_cccol_unlock","appdev/refs/api/krb5_change_password","appdev/refs/api/krb5_check_clockskew","appdev/refs/api/krb5_checksum_size","appdev/refs/api/krb5_chpw_message","appdev/refs/api/krb5_cksumtype_to_string","appdev/refs/api/krb5_clear_error_message","appdev/refs/api/krb5_copy_addresses","appdev/refs/api/krb5_copy_authdata","appdev/refs/api/krb5_copy_authenticator","appdev/refs/api/krb5_copy_checksum","appdev/refs/api/krb5_copy_context","appdev/refs/api/krb5_copy_creds","appdev/refs/api/krb5_copy_data","appdev/refs/api/krb5_copy_error_message","appdev/refs/api/krb5_copy_keyblock","appdev/refs/api/krb5_copy_keyblock_contents","appdev/refs/api/krb5_copy_principal","appdev/refs/api/krb5_copy_ticket","appdev/refs/api/krb5_decode_authdata_container","appdev/refs/api/krb5_decode_ticket","appdev/refs/api/krb5_decrypt","appdev/refs/api/krb5_deltat_to_string","appdev/refs/api/krb5_eblock_enctype","appdev/refs/api/krb5_encode_authdata_container","appdev/refs/api/krb5_encrypt","appdev/refs/api/krb5_encrypt_size","appdev/refs/api/krb5_enctype_to_name","appdev/refs/api/krb5_enctype_to_string","appdev/refs/api/krb5_expand_hostname","appdev/refs/api/krb5_find_authdata","appdev/refs/api/krb5_finish_key","appdev/refs/api/krb5_finish_random_key","appdev/refs/api/krb5_free_addresses","appdev/refs/api/krb5_free_ap_rep_enc_part","appdev/refs/api/krb5_free_authdata","appdev/refs/api/krb5_free_authenticator","appdev/refs/api/krb5_free_checksum","appdev/refs/api/krb5_free_checksum_contents","appdev/refs/api/krb5_free_cksumtypes","appdev/refs/api/krb5_free_context","appdev/refs/api/krb5_free_cred_contents","appdev/refs/api/krb5_free_creds","appdev/refs/api/krb5_free_data","appdev/refs/api/krb5_free_data_contents","appdev/refs/api/krb5_free_default_realm","appdev/refs/api/krb5_free_enctypes","appdev/refs/api/krb5_free_error","appdev/refs/api/krb5_free_error_message","appdev/refs/api/krb5_free_host_realm","appdev/refs/api/krb5_free_keyblock","appdev/refs/api/krb5_free_keyblock_contents","appdev/refs/api/krb5_free_keytab_entry_contents","appdev/refs/api/krb5_free_principal","appdev/refs/api/krb5_free_string","appdev/refs/api/krb5_free_tgt_creds","appdev/refs/api/krb5_free_ticket","appdev/refs/api/krb5_free_unparsed_name","appdev/refs/api/krb5_fwd_tgt_creds","appdev/refs/api/krb5_get_credentials","appdev/refs/api/krb5_get_credentials_renew","appdev/refs/api/krb5_get_credentials_validate","appdev/refs/api/krb5_get_default_realm","appdev/refs/api/krb5_get_error_message","appdev/refs/api/krb5_get_etype_info","appdev/refs/api/krb5_get_fallback_host_realm","appdev/refs/api/krb5_get_host_realm","appdev/refs/api/krb5_get_in_tkt_with_keytab","appdev/refs/api/krb5_get_in_tkt_with_password","appdev/refs/api/krb5_get_in_tkt_with_skey","appdev/refs/api/krb5_get_init_creds_keytab","appdev/refs/api/krb5_get_init_creds_opt_alloc","appdev/refs/api/krb5_get_init_creds_opt_free","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_init","appdev/refs/api/krb5_get_init_creds_opt_set_address_list","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_pa","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life","appdev/refs/api/krb5_get_init_creds_opt_set_responder","appdev/refs/api/krb5_get_init_creds_opt_set_salt","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life","appdev/refs/api/krb5_get_init_creds_password","appdev/refs/api/krb5_get_permitted_enctypes","appdev/refs/api/krb5_get_profile","appdev/refs/api/krb5_get_prompt_types","appdev/refs/api/krb5_get_renewed_creds","appdev/refs/api/krb5_get_server_rcache","appdev/refs/api/krb5_get_time_offsets","appdev/refs/api/krb5_get_validated_creds","appdev/refs/api/krb5_init_context","appdev/refs/api/krb5_init_context_profile","appdev/refs/api/krb5_init_creds_free","appdev/refs/api/krb5_init_creds_get","appdev/refs/api/krb5_init_creds_get_creds","appdev/refs/api/krb5_init_creds_get_error","appdev/refs/api/krb5_init_creds_get_times","appdev/refs/api/krb5_init_creds_init","appdev/refs/api/krb5_init_creds_set_keytab","appdev/refs/api/krb5_init_creds_set_password","appdev/refs/api/krb5_init_creds_set_service","appdev/refs/api/krb5_init_creds_step","appdev/refs/api/krb5_init_keyblock","appdev/refs/api/krb5_init_random_key","appdev/refs/api/krb5_init_secure_context","appdev/refs/api/krb5_is_config_principal","appdev/refs/api/krb5_is_referral_realm","appdev/refs/api/krb5_is_thread_safe","appdev/refs/api/krb5_k_create_key","appdev/refs/api/krb5_k_decrypt","appdev/refs/api/krb5_k_decrypt_iov","appdev/refs/api/krb5_k_encrypt","appdev/refs/api/krb5_k_encrypt_iov","appdev/refs/api/krb5_k_free_key","appdev/refs/api/krb5_k_key_enctype","appdev/refs/api/krb5_k_key_keyblock","appdev/refs/api/krb5_k_make_checksum","appdev/refs/api/krb5_k_make_checksum_iov","appdev/refs/api/krb5_k_prf","appdev/refs/api/krb5_k_reference_key","appdev/refs/api/krb5_k_verify_checksum","appdev/refs/api/krb5_k_verify_checksum_iov","appdev/refs/api/krb5_kt_add_entry","appdev/refs/api/krb5_kt_client_default","appdev/refs/api/krb5_kt_close","appdev/refs/api/krb5_kt_default","appdev/refs/api/krb5_kt_default_name","appdev/refs/api/krb5_kt_dup","appdev/refs/api/krb5_kt_end_seq_get","appdev/refs/api/krb5_kt_free_entry","appdev/refs/api/krb5_kt_get_entry","appdev/refs/api/krb5_kt_get_name","appdev/refs/api/krb5_kt_get_type","appdev/refs/api/krb5_kt_have_content","appdev/refs/api/krb5_kt_next_entry","appdev/refs/api/krb5_kt_read_service_key","appdev/refs/api/krb5_kt_remove_entry","appdev/refs/api/krb5_kt_resolve","appdev/refs/api/krb5_kt_start_seq_get","appdev/refs/api/krb5_kuserok","appdev/refs/api/krb5_make_authdata_kdc_issued","appdev/refs/api/krb5_merge_authdata","appdev/refs/api/krb5_mk_1cred","appdev/refs/api/krb5_mk_error","appdev/refs/api/krb5_mk_ncred","appdev/refs/api/krb5_mk_priv","appdev/refs/api/krb5_mk_rep","appdev/refs/api/krb5_mk_rep_dce","appdev/refs/api/krb5_mk_req","appdev/refs/api/krb5_mk_req_extended","appdev/refs/api/krb5_mk_safe","appdev/refs/api/krb5_os_localaddr","appdev/refs/api/krb5_pac_add_buffer","appdev/refs/api/krb5_pac_free","appdev/refs/api/krb5_pac_get_buffer","appdev/refs/api/krb5_pac_get_types","appdev/refs/api/krb5_pac_init","appdev/refs/api/krb5_pac_parse","appdev/refs/api/krb5_pac_sign","appdev/refs/api/krb5_pac_sign_ext","appdev/refs/api/krb5_pac_verify","appdev/refs/api/krb5_pac_verify_ext","appdev/refs/api/krb5_parse_name","appdev/refs/api/krb5_parse_name_flags","appdev/refs/api/krb5_prepend_error_message","appdev/refs/api/krb5_principal2salt","appdev/refs/api/krb5_principal_compare","appdev/refs/api/krb5_principal_compare_any_realm","appdev/refs/api/krb5_principal_compare_flags","appdev/refs/api/krb5_process_key","appdev/refs/api/krb5_prompter_posix","appdev/refs/api/krb5_random_key","appdev/refs/api/krb5_rd_cred","appdev/refs/api/krb5_rd_error","appdev/refs/api/krb5_rd_priv","appdev/refs/api/krb5_rd_rep","appdev/refs/api/krb5_rd_rep_dce","appdev/refs/api/krb5_rd_req","appdev/refs/api/krb5_rd_safe","appdev/refs/api/krb5_read_password","appdev/refs/api/krb5_realm_compare","appdev/refs/api/krb5_recvauth","appdev/refs/api/krb5_recvauth_version","appdev/refs/api/krb5_responder_get_challenge","appdev/refs/api/krb5_responder_list_questions","appdev/refs/api/krb5_responder_otp_challenge_free","appdev/refs/api/krb5_responder_otp_get_challenge","appdev/refs/api/krb5_responder_otp_set_answer","appdev/refs/api/krb5_responder_pkinit_challenge_free","appdev/refs/api/krb5_responder_pkinit_get_challenge","appdev/refs/api/krb5_responder_pkinit_set_answer","appdev/refs/api/krb5_responder_set_answer","appdev/refs/api/krb5_salttype_to_string","appdev/refs/api/krb5_sendauth","appdev/refs/api/krb5_server_decrypt_ticket_keytab","appdev/refs/api/krb5_set_default_realm","appdev/refs/api/krb5_set_default_tgs_enctypes","appdev/refs/api/krb5_set_error_message","appdev/refs/api/krb5_set_kdc_recv_hook","appdev/refs/api/krb5_set_kdc_send_hook","appdev/refs/api/krb5_set_password","appdev/refs/api/krb5_set_password_using_ccache","appdev/refs/api/krb5_set_principal_realm","appdev/refs/api/krb5_set_real_time","appdev/refs/api/krb5_set_trace_callback","appdev/refs/api/krb5_set_trace_filename","appdev/refs/api/krb5_sname_match","appdev/refs/api/krb5_sname_to_principal","appdev/refs/api/krb5_string_to_cksumtype","appdev/refs/api/krb5_string_to_deltat","appdev/refs/api/krb5_string_to_enctype","appdev/refs/api/krb5_string_to_key","appdev/refs/api/krb5_string_to_salttype","appdev/refs/api/krb5_string_to_timestamp","appdev/refs/api/krb5_timeofday","appdev/refs/api/krb5_timestamp_to_sfstring","appdev/refs/api/krb5_timestamp_to_string","appdev/refs/api/krb5_tkt_creds_free","appdev/refs/api/krb5_tkt_creds_get","appdev/refs/api/krb5_tkt_creds_get_creds","appdev/refs/api/krb5_tkt_creds_get_times","appdev/refs/api/krb5_tkt_creds_init","appdev/refs/api/krb5_tkt_creds_step","appdev/refs/api/krb5_unparse_name","appdev/refs/api/krb5_unparse_name_ext","appdev/refs/api/krb5_unparse_name_flags","appdev/refs/api/krb5_unparse_name_flags_ext","appdev/refs/api/krb5_us_timeofday","appdev/refs/api/krb5_use_enctype","appdev/refs/api/krb5_verify_authdata_kdc_issued","appdev/refs/api/krb5_verify_checksum","appdev/refs/api/krb5_verify_init_creds","appdev/refs/api/krb5_verify_init_creds_opt_init","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail","appdev/refs/api/krb5_vprepend_error_message","appdev/refs/api/krb5_vset_error_message","appdev/refs/api/krb5_vwrap_error_message","appdev/refs/api/krb5_wrap_error_message","appdev/refs/index","appdev/refs/macros/ADDRTYPE_ADDRPORT","appdev/refs/macros/ADDRTYPE_CHAOS","appdev/refs/macros/ADDRTYPE_DDP","appdev/refs/macros/ADDRTYPE_INET","appdev/refs/macros/ADDRTYPE_INET6","appdev/refs/macros/ADDRTYPE_IPPORT","appdev/refs/macros/ADDRTYPE_ISO","appdev/refs/macros/ADDRTYPE_IS_LOCAL","appdev/refs/macros/ADDRTYPE_NETBIOS","appdev/refs/macros/ADDRTYPE_XNS","appdev/refs/macros/AD_TYPE_EXTERNAL","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK","appdev/refs/macros/AD_TYPE_REGISTERED","appdev/refs/macros/AD_TYPE_RESERVED","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED","appdev/refs/macros/AP_OPTS_RESERVED","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY","appdev/refs/macros/AP_OPTS_USE_SUBKEY","appdev/refs/macros/AP_OPTS_WIRE_MASK","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256","appdev/refs/macros/CKSUMTYPE_CRC32","appdev/refs/macros/CKSUMTYPE_DESCBC","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR","appdev/refs/macros/CKSUMTYPE_NIST_SHA","appdev/refs/macros/CKSUMTYPE_RSA_MD4","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES","appdev/refs/macros/CKSUMTYPE_RSA_MD5","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1","appdev/refs/macros/ENCTYPE_DES_CBC_CRC","appdev/refs/macros/ENCTYPE_DES_CBC_MD4","appdev/refs/macros/ENCTYPE_DES_CBC_MD5","appdev/refs/macros/ENCTYPE_DES_CBC_RAW","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS","appdev/refs/macros/ENCTYPE_NULL","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV","appdev/refs/macros/ENCTYPE_RSA_ENV","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS","appdev/refs/macros/ENCTYPE_UNKNOWN","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE","appdev/refs/macros/KDC_OPT_CANONICALIZE","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY","appdev/refs/macros/KDC_OPT_FORWARDABLE","appdev/refs/macros/KDC_OPT_FORWARDED","appdev/refs/macros/KDC_OPT_POSTDATED","appdev/refs/macros/KDC_OPT_PROXIABLE","appdev/refs/macros/KDC_OPT_PROXY","appdev/refs/macros/KDC_OPT_RENEW","appdev/refs/macros/KDC_OPT_RENEWABLE","appdev/refs/macros/KDC_OPT_RENEWABLE_OK","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS","appdev/refs/macros/KDC_OPT_VALIDATE","appdev/refs/macros/KDC_TKT_COMMON_MASK","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR","appdev/refs/macros/KRB5_AP_REP","appdev/refs/macros/KRB5_AP_REQ","appdev/refs/macros/KRB5_AS_REP","appdev/refs/macros/KRB5_AS_REQ","appdev/refs/macros/KRB5_AUTHDATA_AND_OR","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE","appdev/refs/macros/KRB5_AUTHDATA_SESAME","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY","appdev/refs/macros/KRB5_CRED","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP","appdev/refs/macros/KRB5_ERROR","appdev/refs/macros/KRB5_FAST_REQUIRED","appdev/refs/macros/KRB5_GC_CACHED","appdev/refs/macros/KRB5_GC_CANONICALIZE","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION","appdev/refs/macros/KRB5_GC_FORWARDABLE","appdev/refs/macros/KRB5_GC_NO_STORE","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK","appdev/refs/macros/KRB5_GC_USER_USER","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_INT16_MAX","appdev/refs/macros/KRB5_INT16_MIN","appdev/refs/macros/KRB5_INT32_MAX","appdev/refs/macros/KRB5_INT32_MIN","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION","appdev/refs/macros/KRB5_KPASSWD_HARDERROR","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED","appdev/refs/macros/KRB5_KPASSWD_MALFORMED","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR","appdev/refs/macros/KRB5_KPASSWD_SUCCESS","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME","appdev/refs/macros/KRB5_LRQ_NONE","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_PRINCIPAL","appdev/refs/macros/KRB5_NT_SMTP_NAME","appdev/refs/macros/KRB5_NT_SRV_HST","appdev/refs/macros/KRB5_NT_SRV_INST","appdev/refs/macros/KRB5_NT_SRV_XHST","appdev/refs/macros/KRB5_NT_UID","appdev/refs/macros/KRB5_NT_UNKNOWN","appdev/refs/macros/KRB5_NT_WELLKNOWN","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL","appdev/refs/macros/KRB5_PAC_CLIENT_INFO","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO","appdev/refs/macros/KRB5_PAC_LOGON_INFO","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO","appdev/refs/macros/KRB5_PADATA_AFS3_SALT","appdev/refs/macros/KRB5_PADATA_AP_REQ","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2","appdev/refs/macros/KRB5_PADATA_FOR_USER","appdev/refs/macros/KRB5_PADATA_FX_COOKIE","appdev/refs/macros/KRB5_PADATA_FX_ERROR","appdev/refs/macros/KRB5_PADATA_FX_FAST","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA","appdev/refs/macros/KRB5_PADATA_NONE","appdev/refs/macros/KRB5_PADATA_OSF_DCE","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST","appdev/refs/macros/KRB5_PADATA_PKINIT_KX","appdev/refs/macros/KRB5_PADATA_PK_AS_REP","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD","appdev/refs/macros/KRB5_PADATA_PW_SALT","appdev/refs/macros/KRB5_PADATA_REFERRAL","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2","appdev/refs/macros/KRB5_PADATA_SESAME","appdev/refs/macros/KRB5_PADATA_SPAKE","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO","appdev/refs/macros/KRB5_PADATA_TGS_REQ","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT","appdev/refs/macros/KRB5_PRIV","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH","appdev/refs/macros/KRB5_PVNO","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION","appdev/refs/macros/KRB5_REFERRAL_REALM","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT","appdev/refs/macros/KRB5_SAFE","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA","appdev/refs/macros/KRB5_TC_MATCH_FLAGS","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY","appdev/refs/macros/KRB5_TC_MATCH_KTYPE","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY","appdev/refs/macros/KRB5_TC_MATCH_TIMES","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT","appdev/refs/macros/KRB5_TC_NOTICKET","appdev/refs/macros/KRB5_TC_OPENCLOSE","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES","appdev/refs/macros/KRB5_TGS_NAME","appdev/refs/macros/KRB5_TGS_NAME_SIZE","appdev/refs/macros/KRB5_TGS_REP","appdev/refs/macros/KRB5_TGS_REQ","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY","appdev/refs/macros/MAX_KEYTAB_NAME_LEN","appdev/refs/macros/MSEC_DIRBIT","appdev/refs/macros/MSEC_VAL_MASK","appdev/refs/macros/SALT_TYPE_AFS_LENGTH","appdev/refs/macros/SALT_TYPE_NO_LENGTH","appdev/refs/macros/THREEPARAMOPEN","appdev/refs/macros/TKT_FLG_ANONYMOUS","appdev/refs/macros/TKT_FLG_ENC_PA_REP","appdev/refs/macros/TKT_FLG_FORWARDABLE","appdev/refs/macros/TKT_FLG_FORWARDED","appdev/refs/macros/TKT_FLG_HW_AUTH","appdev/refs/macros/TKT_FLG_INITIAL","appdev/refs/macros/TKT_FLG_INVALID","appdev/refs/macros/TKT_FLG_MAY_POSTDATE","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE","appdev/refs/macros/TKT_FLG_POSTDATED","appdev/refs/macros/TKT_FLG_PRE_AUTH","appdev/refs/macros/TKT_FLG_PROXIABLE","appdev/refs/macros/TKT_FLG_PROXY","appdev/refs/macros/TKT_FLG_RENEWABLE","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED","appdev/refs/macros/VALID_INT_BITS","appdev/refs/macros/VALID_UINT_BITS","appdev/refs/macros/index","appdev/refs/macros/krb524_convert_creds_kdc","appdev/refs/macros/krb524_init_ets","appdev/refs/macros/krb5_const","appdev/refs/macros/krb5_princ_component","appdev/refs/macros/krb5_princ_name","appdev/refs/macros/krb5_princ_realm","appdev/refs/macros/krb5_princ_set_realm","appdev/refs/macros/krb5_princ_set_realm_data","appdev/refs/macros/krb5_princ_set_realm_length","appdev/refs/macros/krb5_princ_size","appdev/refs/macros/krb5_princ_type","appdev/refs/macros/krb5_roundup","appdev/refs/macros/krb5_x","appdev/refs/macros/krb5_xc","appdev/refs/types/index","appdev/refs/types/krb5_address","appdev/refs/types/krb5_addrtype","appdev/refs/types/krb5_ap_rep","appdev/refs/types/krb5_ap_rep_enc_part","appdev/refs/types/krb5_ap_req","appdev/refs/types/krb5_auth_context","appdev/refs/types/krb5_authdata","appdev/refs/types/krb5_authdatatype","appdev/refs/types/krb5_authenticator","appdev/refs/types/krb5_boolean","appdev/refs/types/krb5_cc_cursor","appdev/refs/types/krb5_ccache","appdev/refs/types/krb5_cccol_cursor","appdev/refs/types/krb5_checksum","appdev/refs/types/krb5_cksumtype","appdev/refs/types/krb5_const_pointer","appdev/refs/types/krb5_const_principal","appdev/refs/types/krb5_context","appdev/refs/types/krb5_cred","appdev/refs/types/krb5_cred_enc_part","appdev/refs/types/krb5_cred_info","appdev/refs/types/krb5_creds","appdev/refs/types/krb5_crypto_iov","appdev/refs/types/krb5_cryptotype","appdev/refs/types/krb5_data","appdev/refs/types/krb5_deltat","appdev/refs/types/krb5_enc_data","appdev/refs/types/krb5_enc_kdc_rep_part","appdev/refs/types/krb5_enc_tkt_part","appdev/refs/types/krb5_encrypt_block","appdev/refs/types/krb5_enctype","appdev/refs/types/krb5_error","appdev/refs/types/krb5_error_code","appdev/refs/types/krb5_expire_callback_func","appdev/refs/types/krb5_flags","appdev/refs/types/krb5_get_init_creds_opt","appdev/refs/types/krb5_gic_opt_pa_data","appdev/refs/types/krb5_init_creds_context","appdev/refs/types/krb5_int16","appdev/refs/types/krb5_int32","appdev/refs/types/krb5_kdc_rep","appdev/refs/types/krb5_kdc_req","appdev/refs/types/krb5_key","appdev/refs/types/krb5_keyblock","appdev/refs/types/krb5_keytab","appdev/refs/types/krb5_keytab_entry","appdev/refs/types/krb5_keyusage","appdev/refs/types/krb5_kt_cursor","appdev/refs/types/krb5_kvno","appdev/refs/types/krb5_last_req_entry","appdev/refs/types/krb5_magic","appdev/refs/types/krb5_mk_req_checksum_func","appdev/refs/types/krb5_msgtype","appdev/refs/types/krb5_octet","appdev/refs/types/krb5_pa_data","appdev/refs/types/krb5_pa_pac_req","appdev/refs/types/krb5_pa_server_referral_data","appdev/refs/types/krb5_pa_svr_referral_data","appdev/refs/types/krb5_pac","appdev/refs/types/krb5_pointer","appdev/refs/types/krb5_post_recv_fn","appdev/refs/types/krb5_pre_send_fn","appdev/refs/types/krb5_preauthtype","appdev/refs/types/krb5_principal","appdev/refs/types/krb5_principal_data","appdev/refs/types/krb5_prompt","appdev/refs/types/krb5_prompt_type","appdev/refs/types/krb5_prompter_fct","appdev/refs/types/krb5_pwd_data","appdev/refs/types/krb5_rcache","appdev/refs/types/krb5_replay_data","appdev/refs/types/krb5_responder_context","appdev/refs/types/krb5_responder_fn","appdev/refs/types/krb5_responder_otp_challenge","appdev/refs/types/krb5_responder_otp_tokeninfo","appdev/refs/types/krb5_responder_pkinit_challenge","appdev/refs/types/krb5_responder_pkinit_identity","appdev/refs/types/krb5_response","appdev/refs/types/krb5_ticket","appdev/refs/types/krb5_ticket_times","appdev/refs/types/krb5_timestamp","appdev/refs/types/krb5_tkt_authent","appdev/refs/types/krb5_tkt_creds_context","appdev/refs/types/krb5_trace_callback","appdev/refs/types/krb5_trace_info","appdev/refs/types/krb5_transited","appdev/refs/types/krb5_typed_data","appdev/refs/types/krb5_ui_2","appdev/refs/types/krb5_ui_4","appdev/refs/types/krb5_verify_init_creds_opt","appdev/refs/types/passwd_phrase_element","appdev/y2038","basic/ccache_def","basic/date_format","basic/index","basic/keytab_def","basic/rcache_def","basic/stash_file_def","build/directory_org","build/doing_build","build/index","build/options2configure","build/osconf","build_this","copyright","formats/ccache_file_format","formats/cookie","formats/freshness_token","formats/index","formats/keytab_file_format","index","mitK5defaults","mitK5features","mitK5license","plugindev/ccselect","plugindev/certauth","plugindev/clpreauth","plugindev/general","plugindev/gssapi","plugindev/hostrealm","plugindev/index","plugindev/internal","plugindev/kadm5_auth","plugindev/kadm5_hook","plugindev/kdcpolicy","plugindev/kdcpreauth","plugindev/localauth","plugindev/locate","plugindev/profile","plugindev/pwqual","resources","user/index","user/pwd_mgmt","user/tkt_mgmt","user/user_commands/index","user/user_commands/kdestroy","user/user_commands/kinit","user/user_commands/klist","user/user_commands/kpasswd","user/user_commands/krb5-config","user/user_commands/ksu","user/user_commands/kswitch","user/user_commands/kvno","user/user_commands/sclient","user/user_config/index","user/user_config/k5identity","user/user_config/k5login","user/user_config/kerberos"],envversion:52,filenames:["about.rst","admin/admin_commands/index.rst","admin/admin_commands/k5srvutil.rst","admin/admin_commands/kadmin_local.rst","admin/admin_commands/kadmind.rst","admin/admin_commands/kdb5_ldap_util.rst","admin/admin_commands/kdb5_util.rst","admin/admin_commands/kprop.rst","admin/admin_commands/kpropd.rst","admin/admin_commands/kproplog.rst","admin/admin_commands/krb5kdc.rst","admin/admin_commands/ktutil.rst","admin/admin_commands/sserver.rst","admin/advanced/index.rst","admin/advanced/ldapbackend.rst","admin/advanced/retiring-des.rst","admin/appl_servers.rst","admin/auth_indicator.rst","admin/backup_host.rst","admin/conf_files/index.rst","admin/conf_files/kadm5_acl.rst","admin/conf_files/kdc_conf.rst","admin/conf_files/krb5_conf.rst","admin/conf_ldap.rst","admin/database.rst","admin/dbtypes.rst","admin/dictionary.rst","admin/enctypes.rst","admin/env_variables.rst","admin/host_config.rst","admin/https.rst","admin/index.rst","admin/install.rst","admin/install_appl_srv.rst","admin/install_clients.rst","admin/install_kdc.rst","admin/lockout.rst","admin/otp.rst","admin/pkinit.rst","admin/princ_dns.rst","admin/realm_config.rst","admin/spake.rst","admin/troubleshoot.rst","admin/various_envs.rst","appdev/gssapi.rst","appdev/h5l_mit_apidiff.rst","appdev/index.rst","appdev/init_creds.rst","appdev/princ_handle.rst","appdev/refs/api/index.rst","appdev/refs/api/krb5_425_conv_principal.rst","appdev/refs/api/krb5_524_conv_principal.rst","appdev/refs/api/krb5_524_convert_creds.rst","appdev/refs/api/krb5_address_compare.rst","appdev/refs/api/krb5_address_order.rst","appdev/refs/api/krb5_address_search.rst","appdev/refs/api/krb5_allow_weak_crypto.rst","appdev/refs/api/krb5_aname_to_localname.rst","appdev/refs/api/krb5_anonymous_principal.rst","appdev/refs/api/krb5_anonymous_realm.rst","appdev/refs/api/krb5_appdefault_boolean.rst","appdev/refs/api/krb5_appdefault_string.rst","appdev/refs/api/krb5_auth_con_free.rst","appdev/refs/api/krb5_auth_con_genaddrs.rst","appdev/refs/api/krb5_auth_con_get_checksum_func.rst","appdev/refs/api/krb5_auth_con_getaddrs.rst","appdev/refs/api/krb5_auth_con_getauthenticator.rst","appdev/refs/api/krb5_auth_con_getflags.rst","appdev/refs/api/krb5_auth_con_getkey.rst","appdev/refs/api/krb5_auth_con_getkey_k.rst","appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst","appdev/refs/api/krb5_auth_con_getlocalsubkey.rst","appdev/refs/api/krb5_auth_con_getrcache.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst","appdev/refs/api/krb5_auth_con_getremotesubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_init.rst","appdev/refs/api/krb5_auth_con_initivector.rst","appdev/refs/api/krb5_auth_con_set_checksum_func.rst","appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst","appdev/refs/api/krb5_auth_con_setaddrs.rst","appdev/refs/api/krb5_auth_con_setflags.rst","appdev/refs/api/krb5_auth_con_setports.rst","appdev/refs/api/krb5_auth_con_setrcache.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_setsendsubkey.rst","appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_setuseruserkey.rst","appdev/refs/api/krb5_build_principal.rst","appdev/refs/api/krb5_build_principal_alloc_va.rst","appdev/refs/api/krb5_build_principal_ext.rst","appdev/refs/api/krb5_build_principal_va.rst","appdev/refs/api/krb5_c_block_size.rst","appdev/refs/api/krb5_c_checksum_length.rst","appdev/refs/api/krb5_c_crypto_length.rst","appdev/refs/api/krb5_c_crypto_length_iov.rst","appdev/refs/api/krb5_c_decrypt.rst","appdev/refs/api/krb5_c_decrypt_iov.rst","appdev/refs/api/krb5_c_derive_prfplus.rst","appdev/refs/api/krb5_c_encrypt.rst","appdev/refs/api/krb5_c_encrypt_iov.rst","appdev/refs/api/krb5_c_encrypt_length.rst","appdev/refs/api/krb5_c_enctype_compare.rst","appdev/refs/api/krb5_c_free_state.rst","appdev/refs/api/krb5_c_fx_cf2_simple.rst","appdev/refs/api/krb5_c_init_state.rst","appdev/refs/api/krb5_c_is_coll_proof_cksum.rst","appdev/refs/api/krb5_c_is_keyed_cksum.rst","appdev/refs/api/krb5_c_keyed_checksum_types.rst","appdev/refs/api/krb5_c_keylengths.rst","appdev/refs/api/krb5_c_make_checksum.rst","appdev/refs/api/krb5_c_make_checksum_iov.rst","appdev/refs/api/krb5_c_make_random_key.rst","appdev/refs/api/krb5_c_padding_length.rst","appdev/refs/api/krb5_c_prf.rst","appdev/refs/api/krb5_c_prf_length.rst","appdev/refs/api/krb5_c_prfplus.rst","appdev/refs/api/krb5_c_random_add_entropy.rst","appdev/refs/api/krb5_c_random_make_octets.rst","appdev/refs/api/krb5_c_random_os_entropy.rst","appdev/refs/api/krb5_c_random_seed.rst","appdev/refs/api/krb5_c_random_to_key.rst","appdev/refs/api/krb5_c_string_to_key.rst","appdev/refs/api/krb5_c_string_to_key_with_params.rst","appdev/refs/api/krb5_c_valid_cksumtype.rst","appdev/refs/api/krb5_c_valid_enctype.rst","appdev/refs/api/krb5_c_verify_checksum.rst","appdev/refs/api/krb5_c_verify_checksum_iov.rst","appdev/refs/api/krb5_calculate_checksum.rst","appdev/refs/api/krb5_cc_cache_match.rst","appdev/refs/api/krb5_cc_close.rst","appdev/refs/api/krb5_cc_copy_creds.rst","appdev/refs/api/krb5_cc_default.rst","appdev/refs/api/krb5_cc_default_name.rst","appdev/refs/api/krb5_cc_destroy.rst","appdev/refs/api/krb5_cc_dup.rst","appdev/refs/api/krb5_cc_end_seq_get.rst","appdev/refs/api/krb5_cc_gen_new.rst","appdev/refs/api/krb5_cc_get_config.rst","appdev/refs/api/krb5_cc_get_flags.rst","appdev/refs/api/krb5_cc_get_full_name.rst","appdev/refs/api/krb5_cc_get_name.rst","appdev/refs/api/krb5_cc_get_principal.rst","appdev/refs/api/krb5_cc_get_type.rst","appdev/refs/api/krb5_cc_initialize.rst","appdev/refs/api/krb5_cc_last_change_time.rst","appdev/refs/api/krb5_cc_lock.rst","appdev/refs/api/krb5_cc_move.rst","appdev/refs/api/krb5_cc_new_unique.rst","appdev/refs/api/krb5_cc_next_cred.rst","appdev/refs/api/krb5_cc_remove_cred.rst","appdev/refs/api/krb5_cc_resolve.rst","appdev/refs/api/krb5_cc_retrieve_cred.rst","appdev/refs/api/krb5_cc_select.rst","appdev/refs/api/krb5_cc_set_config.rst","appdev/refs/api/krb5_cc_set_default_name.rst","appdev/refs/api/krb5_cc_set_flags.rst","appdev/refs/api/krb5_cc_start_seq_get.rst","appdev/refs/api/krb5_cc_store_cred.rst","appdev/refs/api/krb5_cc_support_switch.rst","appdev/refs/api/krb5_cc_switch.rst","appdev/refs/api/krb5_cc_unlock.rst","appdev/refs/api/krb5_cccol_cursor_free.rst","appdev/refs/api/krb5_cccol_cursor_new.rst","appdev/refs/api/krb5_cccol_cursor_next.rst","appdev/refs/api/krb5_cccol_have_content.rst","appdev/refs/api/krb5_cccol_last_change_time.rst","appdev/refs/api/krb5_cccol_lock.rst","appdev/refs/api/krb5_cccol_unlock.rst","appdev/refs/api/krb5_change_password.rst","appdev/refs/api/krb5_check_clockskew.rst","appdev/refs/api/krb5_checksum_size.rst","appdev/refs/api/krb5_chpw_message.rst","appdev/refs/api/krb5_cksumtype_to_string.rst","appdev/refs/api/krb5_clear_error_message.rst","appdev/refs/api/krb5_copy_addresses.rst","appdev/refs/api/krb5_copy_authdata.rst","appdev/refs/api/krb5_copy_authenticator.rst","appdev/refs/api/krb5_copy_checksum.rst","appdev/refs/api/krb5_copy_context.rst","appdev/refs/api/krb5_copy_creds.rst","appdev/refs/api/krb5_copy_data.rst","appdev/refs/api/krb5_copy_error_message.rst","appdev/refs/api/krb5_copy_keyblock.rst","appdev/refs/api/krb5_copy_keyblock_contents.rst","appdev/refs/api/krb5_copy_principal.rst","appdev/refs/api/krb5_copy_ticket.rst","appdev/refs/api/krb5_decode_authdata_container.rst","appdev/refs/api/krb5_decode_ticket.rst","appdev/refs/api/krb5_decrypt.rst","appdev/refs/api/krb5_deltat_to_string.rst","appdev/refs/api/krb5_eblock_enctype.rst","appdev/refs/api/krb5_encode_authdata_container.rst","appdev/refs/api/krb5_encrypt.rst","appdev/refs/api/krb5_encrypt_size.rst","appdev/refs/api/krb5_enctype_to_name.rst","appdev/refs/api/krb5_enctype_to_string.rst","appdev/refs/api/krb5_expand_hostname.rst","appdev/refs/api/krb5_find_authdata.rst","appdev/refs/api/krb5_finish_key.rst","appdev/refs/api/krb5_finish_random_key.rst","appdev/refs/api/krb5_free_addresses.rst","appdev/refs/api/krb5_free_ap_rep_enc_part.rst","appdev/refs/api/krb5_free_authdata.rst","appdev/refs/api/krb5_free_authenticator.rst","appdev/refs/api/krb5_free_checksum.rst","appdev/refs/api/krb5_free_checksum_contents.rst","appdev/refs/api/krb5_free_cksumtypes.rst","appdev/refs/api/krb5_free_context.rst","appdev/refs/api/krb5_free_cred_contents.rst","appdev/refs/api/krb5_free_creds.rst","appdev/refs/api/krb5_free_data.rst","appdev/refs/api/krb5_free_data_contents.rst","appdev/refs/api/krb5_free_default_realm.rst","appdev/refs/api/krb5_free_enctypes.rst","appdev/refs/api/krb5_free_error.rst","appdev/refs/api/krb5_free_error_message.rst","appdev/refs/api/krb5_free_host_realm.rst","appdev/refs/api/krb5_free_keyblock.rst","appdev/refs/api/krb5_free_keyblock_contents.rst","appdev/refs/api/krb5_free_keytab_entry_contents.rst","appdev/refs/api/krb5_free_principal.rst","appdev/refs/api/krb5_free_string.rst","appdev/refs/api/krb5_free_tgt_creds.rst","appdev/refs/api/krb5_free_ticket.rst","appdev/refs/api/krb5_free_unparsed_name.rst","appdev/refs/api/krb5_fwd_tgt_creds.rst","appdev/refs/api/krb5_get_credentials.rst","appdev/refs/api/krb5_get_credentials_renew.rst","appdev/refs/api/krb5_get_credentials_validate.rst","appdev/refs/api/krb5_get_default_realm.rst","appdev/refs/api/krb5_get_error_message.rst","appdev/refs/api/krb5_get_etype_info.rst","appdev/refs/api/krb5_get_fallback_host_realm.rst","appdev/refs/api/krb5_get_host_realm.rst","appdev/refs/api/krb5_get_in_tkt_with_keytab.rst","appdev/refs/api/krb5_get_in_tkt_with_password.rst","appdev/refs/api/krb5_get_in_tkt_with_skey.rst","appdev/refs/api/krb5_get_init_creds_keytab.rst","appdev/refs/api/krb5_get_init_creds_opt_alloc.rst","appdev/refs/api/krb5_get_init_creds_opt_free.rst","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_init.rst","appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst","appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst","appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst","appdev/refs/api/krb5_get_init_creds_password.rst","appdev/refs/api/krb5_get_permitted_enctypes.rst","appdev/refs/api/krb5_get_profile.rst","appdev/refs/api/krb5_get_prompt_types.rst","appdev/refs/api/krb5_get_renewed_creds.rst","appdev/refs/api/krb5_get_server_rcache.rst","appdev/refs/api/krb5_get_time_offsets.rst","appdev/refs/api/krb5_get_validated_creds.rst","appdev/refs/api/krb5_init_context.rst","appdev/refs/api/krb5_init_context_profile.rst","appdev/refs/api/krb5_init_creds_free.rst","appdev/refs/api/krb5_init_creds_get.rst","appdev/refs/api/krb5_init_creds_get_creds.rst","appdev/refs/api/krb5_init_creds_get_error.rst","appdev/refs/api/krb5_init_creds_get_times.rst","appdev/refs/api/krb5_init_creds_init.rst","appdev/refs/api/krb5_init_creds_set_keytab.rst","appdev/refs/api/krb5_init_creds_set_password.rst","appdev/refs/api/krb5_init_creds_set_service.rst","appdev/refs/api/krb5_init_creds_step.rst","appdev/refs/api/krb5_init_keyblock.rst","appdev/refs/api/krb5_init_random_key.rst","appdev/refs/api/krb5_init_secure_context.rst","appdev/refs/api/krb5_is_config_principal.rst","appdev/refs/api/krb5_is_referral_realm.rst","appdev/refs/api/krb5_is_thread_safe.rst","appdev/refs/api/krb5_k_create_key.rst","appdev/refs/api/krb5_k_decrypt.rst","appdev/refs/api/krb5_k_decrypt_iov.rst","appdev/refs/api/krb5_k_encrypt.rst","appdev/refs/api/krb5_k_encrypt_iov.rst","appdev/refs/api/krb5_k_free_key.rst","appdev/refs/api/krb5_k_key_enctype.rst","appdev/refs/api/krb5_k_key_keyblock.rst","appdev/refs/api/krb5_k_make_checksum.rst","appdev/refs/api/krb5_k_make_checksum_iov.rst","appdev/refs/api/krb5_k_prf.rst","appdev/refs/api/krb5_k_reference_key.rst","appdev/refs/api/krb5_k_verify_checksum.rst","appdev/refs/api/krb5_k_verify_checksum_iov.rst","appdev/refs/api/krb5_kt_add_entry.rst","appdev/refs/api/krb5_kt_client_default.rst","appdev/refs/api/krb5_kt_close.rst","appdev/refs/api/krb5_kt_default.rst","appdev/refs/api/krb5_kt_default_name.rst","appdev/refs/api/krb5_kt_dup.rst","appdev/refs/api/krb5_kt_end_seq_get.rst","appdev/refs/api/krb5_kt_free_entry.rst","appdev/refs/api/krb5_kt_get_entry.rst","appdev/refs/api/krb5_kt_get_name.rst","appdev/refs/api/krb5_kt_get_type.rst","appdev/refs/api/krb5_kt_have_content.rst","appdev/refs/api/krb5_kt_next_entry.rst","appdev/refs/api/krb5_kt_read_service_key.rst","appdev/refs/api/krb5_kt_remove_entry.rst","appdev/refs/api/krb5_kt_resolve.rst","appdev/refs/api/krb5_kt_start_seq_get.rst","appdev/refs/api/krb5_kuserok.rst","appdev/refs/api/krb5_make_authdata_kdc_issued.rst","appdev/refs/api/krb5_merge_authdata.rst","appdev/refs/api/krb5_mk_1cred.rst","appdev/refs/api/krb5_mk_error.rst","appdev/refs/api/krb5_mk_ncred.rst","appdev/refs/api/krb5_mk_priv.rst","appdev/refs/api/krb5_mk_rep.rst","appdev/refs/api/krb5_mk_rep_dce.rst","appdev/refs/api/krb5_mk_req.rst","appdev/refs/api/krb5_mk_req_extended.rst","appdev/refs/api/krb5_mk_safe.rst","appdev/refs/api/krb5_os_localaddr.rst","appdev/refs/api/krb5_pac_add_buffer.rst","appdev/refs/api/krb5_pac_free.rst","appdev/refs/api/krb5_pac_get_buffer.rst","appdev/refs/api/krb5_pac_get_types.rst","appdev/refs/api/krb5_pac_init.rst","appdev/refs/api/krb5_pac_parse.rst","appdev/refs/api/krb5_pac_sign.rst","appdev/refs/api/krb5_pac_sign_ext.rst","appdev/refs/api/krb5_pac_verify.rst","appdev/refs/api/krb5_pac_verify_ext.rst","appdev/refs/api/krb5_parse_name.rst","appdev/refs/api/krb5_parse_name_flags.rst","appdev/refs/api/krb5_prepend_error_message.rst","appdev/refs/api/krb5_principal2salt.rst","appdev/refs/api/krb5_principal_compare.rst","appdev/refs/api/krb5_principal_compare_any_realm.rst","appdev/refs/api/krb5_principal_compare_flags.rst","appdev/refs/api/krb5_process_key.rst","appdev/refs/api/krb5_prompter_posix.rst","appdev/refs/api/krb5_random_key.rst","appdev/refs/api/krb5_rd_cred.rst","appdev/refs/api/krb5_rd_error.rst","appdev/refs/api/krb5_rd_priv.rst","appdev/refs/api/krb5_rd_rep.rst","appdev/refs/api/krb5_rd_rep_dce.rst","appdev/refs/api/krb5_rd_req.rst","appdev/refs/api/krb5_rd_safe.rst","appdev/refs/api/krb5_read_password.rst","appdev/refs/api/krb5_realm_compare.rst","appdev/refs/api/krb5_recvauth.rst","appdev/refs/api/krb5_recvauth_version.rst","appdev/refs/api/krb5_responder_get_challenge.rst","appdev/refs/api/krb5_responder_list_questions.rst","appdev/refs/api/krb5_responder_otp_challenge_free.rst","appdev/refs/api/krb5_responder_otp_get_challenge.rst","appdev/refs/api/krb5_responder_otp_set_answer.rst","appdev/refs/api/krb5_responder_pkinit_challenge_free.rst","appdev/refs/api/krb5_responder_pkinit_get_challenge.rst","appdev/refs/api/krb5_responder_pkinit_set_answer.rst","appdev/refs/api/krb5_responder_set_answer.rst","appdev/refs/api/krb5_salttype_to_string.rst","appdev/refs/api/krb5_sendauth.rst","appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst","appdev/refs/api/krb5_set_default_realm.rst","appdev/refs/api/krb5_set_default_tgs_enctypes.rst","appdev/refs/api/krb5_set_error_message.rst","appdev/refs/api/krb5_set_kdc_recv_hook.rst","appdev/refs/api/krb5_set_kdc_send_hook.rst","appdev/refs/api/krb5_set_password.rst","appdev/refs/api/krb5_set_password_using_ccache.rst","appdev/refs/api/krb5_set_principal_realm.rst","appdev/refs/api/krb5_set_real_time.rst","appdev/refs/api/krb5_set_trace_callback.rst","appdev/refs/api/krb5_set_trace_filename.rst","appdev/refs/api/krb5_sname_match.rst","appdev/refs/api/krb5_sname_to_principal.rst","appdev/refs/api/krb5_string_to_cksumtype.rst","appdev/refs/api/krb5_string_to_deltat.rst","appdev/refs/api/krb5_string_to_enctype.rst","appdev/refs/api/krb5_string_to_key.rst","appdev/refs/api/krb5_string_to_salttype.rst","appdev/refs/api/krb5_string_to_timestamp.rst","appdev/refs/api/krb5_timeofday.rst","appdev/refs/api/krb5_timestamp_to_sfstring.rst","appdev/refs/api/krb5_timestamp_to_string.rst","appdev/refs/api/krb5_tkt_creds_free.rst","appdev/refs/api/krb5_tkt_creds_get.rst","appdev/refs/api/krb5_tkt_creds_get_creds.rst","appdev/refs/api/krb5_tkt_creds_get_times.rst","appdev/refs/api/krb5_tkt_creds_init.rst","appdev/refs/api/krb5_tkt_creds_step.rst","appdev/refs/api/krb5_unparse_name.rst","appdev/refs/api/krb5_unparse_name_ext.rst","appdev/refs/api/krb5_unparse_name_flags.rst","appdev/refs/api/krb5_unparse_name_flags_ext.rst","appdev/refs/api/krb5_us_timeofday.rst","appdev/refs/api/krb5_use_enctype.rst","appdev/refs/api/krb5_verify_authdata_kdc_issued.rst","appdev/refs/api/krb5_verify_checksum.rst","appdev/refs/api/krb5_verify_init_creds.rst","appdev/refs/api/krb5_verify_init_creds_opt_init.rst","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst","appdev/refs/api/krb5_vprepend_error_message.rst","appdev/refs/api/krb5_vset_error_message.rst","appdev/refs/api/krb5_vwrap_error_message.rst","appdev/refs/api/krb5_wrap_error_message.rst","appdev/refs/index.rst","appdev/refs/macros/ADDRTYPE_ADDRPORT.rst","appdev/refs/macros/ADDRTYPE_CHAOS.rst","appdev/refs/macros/ADDRTYPE_DDP.rst","appdev/refs/macros/ADDRTYPE_INET.rst","appdev/refs/macros/ADDRTYPE_INET6.rst","appdev/refs/macros/ADDRTYPE_IPPORT.rst","appdev/refs/macros/ADDRTYPE_ISO.rst","appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst","appdev/refs/macros/ADDRTYPE_NETBIOS.rst","appdev/refs/macros/ADDRTYPE_XNS.rst","appdev/refs/macros/AD_TYPE_EXTERNAL.rst","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst","appdev/refs/macros/AD_TYPE_REGISTERED.rst","appdev/refs/macros/AD_TYPE_RESERVED.rst","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst","appdev/refs/macros/AP_OPTS_RESERVED.rst","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst","appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst","appdev/refs/macros/AP_OPTS_WIRE_MASK.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst","appdev/refs/macros/CKSUMTYPE_CRC32.rst","appdev/refs/macros/CKSUMTYPE_DESCBC.rst","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst","appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst","appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_NULL.rst","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_UNKNOWN.rst","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst","appdev/refs/macros/KDC_OPT_CANONICALIZE.rst","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst","appdev/refs/macros/KDC_OPT_FORWARDABLE.rst","appdev/refs/macros/KDC_OPT_FORWARDED.rst","appdev/refs/macros/KDC_OPT_POSTDATED.rst","appdev/refs/macros/KDC_OPT_PROXIABLE.rst","appdev/refs/macros/KDC_OPT_PROXY.rst","appdev/refs/macros/KDC_OPT_RENEW.rst","appdev/refs/macros/KDC_OPT_RENEWABLE.rst","appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst","appdev/refs/macros/KDC_OPT_VALIDATE.rst","appdev/refs/macros/KDC_TKT_COMMON_MASK.rst","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst","appdev/refs/macros/KRB5_AP_REP.rst","appdev/refs/macros/KRB5_AP_REQ.rst","appdev/refs/macros/KRB5_AS_REP.rst","appdev/refs/macros/KRB5_AS_REQ.rst","appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst","appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst","appdev/refs/macros/KRB5_CRED.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst","appdev/refs/macros/KRB5_ERROR.rst","appdev/refs/macros/KRB5_FAST_REQUIRED.rst","appdev/refs/macros/KRB5_GC_CACHED.rst","appdev/refs/macros/KRB5_GC_CANONICALIZE.rst","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst","appdev/refs/macros/KRB5_GC_FORWARDABLE.rst","appdev/refs/macros/KRB5_GC_NO_STORE.rst","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst","appdev/refs/macros/KRB5_GC_USER_USER.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_INT16_MAX.rst","appdev/refs/macros/KRB5_INT16_MIN.rst","appdev/refs/macros/KRB5_INT32_MAX.rst","appdev/refs/macros/KRB5_INT32_MIN.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst","appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst","appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst","appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_NONE.rst","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_SMTP_NAME.rst","appdev/refs/macros/KRB5_NT_SRV_HST.rst","appdev/refs/macros/KRB5_NT_SRV_INST.rst","appdev/refs/macros/KRB5_NT_SRV_XHST.rst","appdev/refs/macros/KRB5_NT_UID.rst","appdev/refs/macros/KRB5_NT_UNKNOWN.rst","appdev/refs/macros/KRB5_NT_WELLKNOWN.rst","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst","appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst","appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst","appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst","appdev/refs/macros/KRB5_PADATA_AP_REQ.rst","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst","appdev/refs/macros/KRB5_PADATA_FOR_USER.rst","appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst","appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst","appdev/refs/macros/KRB5_PADATA_FX_FAST.rst","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst","appdev/refs/macros/KRB5_PADATA_NONE.rst","appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst","appdev/refs/macros/KRB5_PADATA_PW_SALT.rst","appdev/refs/macros/KRB5_PADATA_REFERRAL.rst","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst","appdev/refs/macros/KRB5_PADATA_SESAME.rst","appdev/refs/macros/KRB5_PADATA_SPAKE.rst","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst","appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst","appdev/refs/macros/KRB5_PRIV.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst","appdev/refs/macros/KRB5_PVNO.rst","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst","appdev/refs/macros/KRB5_REFERRAL_REALM.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst","appdev/refs/macros/KRB5_SAFE.rst","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst","appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst","appdev/refs/macros/KRB5_TC_NOTICKET.rst","appdev/refs/macros/KRB5_TC_OPENCLOSE.rst","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst","appdev/refs/macros/KRB5_TGS_NAME.rst","appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst","appdev/refs/macros/KRB5_TGS_REP.rst","appdev/refs/macros/KRB5_TGS_REQ.rst","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst","appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst","appdev/refs/macros/MSEC_DIRBIT.rst","appdev/refs/macros/MSEC_VAL_MASK.rst","appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst","appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst","appdev/refs/macros/THREEPARAMOPEN.rst","appdev/refs/macros/TKT_FLG_ANONYMOUS.rst","appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst","appdev/refs/macros/TKT_FLG_FORWARDABLE.rst","appdev/refs/macros/TKT_FLG_FORWARDED.rst","appdev/refs/macros/TKT_FLG_HW_AUTH.rst","appdev/refs/macros/TKT_FLG_INITIAL.rst","appdev/refs/macros/TKT_FLG_INVALID.rst","appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst","appdev/refs/macros/TKT_FLG_POSTDATED.rst","appdev/refs/macros/TKT_FLG_PRE_AUTH.rst","appdev/refs/macros/TKT_FLG_PROXIABLE.rst","appdev/refs/macros/TKT_FLG_PROXY.rst","appdev/refs/macros/TKT_FLG_RENEWABLE.rst","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst","appdev/refs/macros/VALID_INT_BITS.rst","appdev/refs/macros/VALID_UINT_BITS.rst","appdev/refs/macros/index.rst","appdev/refs/macros/krb524_convert_creds_kdc.rst","appdev/refs/macros/krb524_init_ets.rst","appdev/refs/macros/krb5_const.rst","appdev/refs/macros/krb5_princ_component.rst","appdev/refs/macros/krb5_princ_name.rst","appdev/refs/macros/krb5_princ_realm.rst","appdev/refs/macros/krb5_princ_set_realm.rst","appdev/refs/macros/krb5_princ_set_realm_data.rst","appdev/refs/macros/krb5_princ_set_realm_length.rst","appdev/refs/macros/krb5_princ_size.rst","appdev/refs/macros/krb5_princ_type.rst","appdev/refs/macros/krb5_roundup.rst","appdev/refs/macros/krb5_x.rst","appdev/refs/macros/krb5_xc.rst","appdev/refs/types/index.rst","appdev/refs/types/krb5_address.rst","appdev/refs/types/krb5_addrtype.rst","appdev/refs/types/krb5_ap_rep.rst","appdev/refs/types/krb5_ap_rep_enc_part.rst","appdev/refs/types/krb5_ap_req.rst","appdev/refs/types/krb5_auth_context.rst","appdev/refs/types/krb5_authdata.rst","appdev/refs/types/krb5_authdatatype.rst","appdev/refs/types/krb5_authenticator.rst","appdev/refs/types/krb5_boolean.rst","appdev/refs/types/krb5_cc_cursor.rst","appdev/refs/types/krb5_ccache.rst","appdev/refs/types/krb5_cccol_cursor.rst","appdev/refs/types/krb5_checksum.rst","appdev/refs/types/krb5_cksumtype.rst","appdev/refs/types/krb5_const_pointer.rst","appdev/refs/types/krb5_const_principal.rst","appdev/refs/types/krb5_context.rst","appdev/refs/types/krb5_cred.rst","appdev/refs/types/krb5_cred_enc_part.rst","appdev/refs/types/krb5_cred_info.rst","appdev/refs/types/krb5_creds.rst","appdev/refs/types/krb5_crypto_iov.rst","appdev/refs/types/krb5_cryptotype.rst","appdev/refs/types/krb5_data.rst","appdev/refs/types/krb5_deltat.rst","appdev/refs/types/krb5_enc_data.rst","appdev/refs/types/krb5_enc_kdc_rep_part.rst","appdev/refs/types/krb5_enc_tkt_part.rst","appdev/refs/types/krb5_encrypt_block.rst","appdev/refs/types/krb5_enctype.rst","appdev/refs/types/krb5_error.rst","appdev/refs/types/krb5_error_code.rst","appdev/refs/types/krb5_expire_callback_func.rst","appdev/refs/types/krb5_flags.rst","appdev/refs/types/krb5_get_init_creds_opt.rst","appdev/refs/types/krb5_gic_opt_pa_data.rst","appdev/refs/types/krb5_init_creds_context.rst","appdev/refs/types/krb5_int16.rst","appdev/refs/types/krb5_int32.rst","appdev/refs/types/krb5_kdc_rep.rst","appdev/refs/types/krb5_kdc_req.rst","appdev/refs/types/krb5_key.rst","appdev/refs/types/krb5_keyblock.rst","appdev/refs/types/krb5_keytab.rst","appdev/refs/types/krb5_keytab_entry.rst","appdev/refs/types/krb5_keyusage.rst","appdev/refs/types/krb5_kt_cursor.rst","appdev/refs/types/krb5_kvno.rst","appdev/refs/types/krb5_last_req_entry.rst","appdev/refs/types/krb5_magic.rst","appdev/refs/types/krb5_mk_req_checksum_func.rst","appdev/refs/types/krb5_msgtype.rst","appdev/refs/types/krb5_octet.rst","appdev/refs/types/krb5_pa_data.rst","appdev/refs/types/krb5_pa_pac_req.rst","appdev/refs/types/krb5_pa_server_referral_data.rst","appdev/refs/types/krb5_pa_svr_referral_data.rst","appdev/refs/types/krb5_pac.rst","appdev/refs/types/krb5_pointer.rst","appdev/refs/types/krb5_post_recv_fn.rst","appdev/refs/types/krb5_pre_send_fn.rst","appdev/refs/types/krb5_preauthtype.rst","appdev/refs/types/krb5_principal.rst","appdev/refs/types/krb5_principal_data.rst","appdev/refs/types/krb5_prompt.rst","appdev/refs/types/krb5_prompt_type.rst","appdev/refs/types/krb5_prompter_fct.rst","appdev/refs/types/krb5_pwd_data.rst","appdev/refs/types/krb5_rcache.rst","appdev/refs/types/krb5_replay_data.rst","appdev/refs/types/krb5_responder_context.rst","appdev/refs/types/krb5_responder_fn.rst","appdev/refs/types/krb5_responder_otp_challenge.rst","appdev/refs/types/krb5_responder_otp_tokeninfo.rst","appdev/refs/types/krb5_responder_pkinit_challenge.rst","appdev/refs/types/krb5_responder_pkinit_identity.rst","appdev/refs/types/krb5_response.rst","appdev/refs/types/krb5_ticket.rst","appdev/refs/types/krb5_ticket_times.rst","appdev/refs/types/krb5_timestamp.rst","appdev/refs/types/krb5_tkt_authent.rst","appdev/refs/types/krb5_tkt_creds_context.rst","appdev/refs/types/krb5_trace_callback.rst","appdev/refs/types/krb5_trace_info.rst","appdev/refs/types/krb5_transited.rst","appdev/refs/types/krb5_typed_data.rst","appdev/refs/types/krb5_ui_2.rst","appdev/refs/types/krb5_ui_4.rst","appdev/refs/types/krb5_verify_init_creds_opt.rst","appdev/refs/types/passwd_phrase_element.rst","appdev/y2038.rst","basic/ccache_def.rst","basic/date_format.rst","basic/index.rst","basic/keytab_def.rst","basic/rcache_def.rst","basic/stash_file_def.rst","build/directory_org.rst","build/doing_build.rst","build/index.rst","build/options2configure.rst","build/osconf.rst","build_this.rst","copyright.rst","formats/ccache_file_format.rst","formats/cookie.rst","formats/freshness_token.rst","formats/index.rst","formats/keytab_file_format.rst","index.rst","mitK5defaults.rst","mitK5features.rst","mitK5license.rst","plugindev/ccselect.rst","plugindev/certauth.rst","plugindev/clpreauth.rst","plugindev/general.rst","plugindev/gssapi.rst","plugindev/hostrealm.rst","plugindev/index.rst","plugindev/internal.rst","plugindev/kadm5_auth.rst","plugindev/kadm5_hook.rst","plugindev/kdcpolicy.rst","plugindev/kdcpreauth.rst","plugindev/localauth.rst","plugindev/locate.rst","plugindev/profile.rst","plugindev/pwqual.rst","resources.rst","user/index.rst","user/pwd_mgmt.rst","user/tkt_mgmt.rst","user/user_commands/index.rst","user/user_commands/kdestroy.rst","user/user_commands/kinit.rst","user/user_commands/klist.rst","user/user_commands/kpasswd.rst","user/user_commands/krb5-config.rst","user/user_commands/ksu.rst","user/user_commands/kswitch.rst","user/user_commands/kvno.rst","user/user_commands/sclient.rst","user/user_config/index.rst","user/user_config/k5identity.rst","user/user_config/k5login.rst","user/user_config/kerberos.rst"],objects:{"":{ADDRTYPE_ADDRPORT:[424,3,1,""],ADDRTYPE_CHAOS:[425,3,1,""],ADDRTYPE_DDP:[426,3,1,""],ADDRTYPE_INET6:[428,3,1,""],ADDRTYPE_INET:[427,3,1,""],ADDRTYPE_IPPORT:[429,3,1,""],ADDRTYPE_ISO:[430,3,1,""],ADDRTYPE_IS_LOCAL:[431,3,1,""],ADDRTYPE_NETBIOS:[432,3,1,""],ADDRTYPE_XNS:[433,3,1,""],AD_TYPE_EXTERNAL:[434,3,1,""],AD_TYPE_FIELD_TYPE_MASK:[435,3,1,""],AD_TYPE_REGISTERED:[436,3,1,""],AD_TYPE_RESERVED:[437,3,1,""],AP_OPTS_ETYPE_NEGOTIATION:[438,3,1,""],AP_OPTS_MUTUAL_REQUIRED:[439,3,1,""],AP_OPTS_RESERVED:[440,3,1,""],AP_OPTS_USE_SESSION_KEY:[441,3,1,""],AP_OPTS_USE_SUBKEY:[442,3,1,""],AP_OPTS_WIRE_MASK:[443,3,1,""],CKSUMTYPE_CMAC_CAMELLIA128:[444,3,1,""],CKSUMTYPE_CMAC_CAMELLIA256:[445,3,1,""],CKSUMTYPE_CRC32:[446,3,1,""],CKSUMTYPE_DESCBC:[447,3,1,""],CKSUMTYPE_HMAC_MD5_ARCFOUR:[448,3,1,""],CKSUMTYPE_HMAC_SHA1_96_AES128:[449,3,1,""],CKSUMTYPE_HMAC_SHA1_96_AES256:[450,3,1,""],CKSUMTYPE_HMAC_SHA1_DES3:[451,3,1,""],CKSUMTYPE_HMAC_SHA256_128_AES128:[452,3,1,""],CKSUMTYPE_HMAC_SHA384_192_AES256:[453,3,1,""],CKSUMTYPE_MD5_HMAC_ARCFOUR:[454,3,1,""],CKSUMTYPE_NIST_SHA:[455,3,1,""],CKSUMTYPE_RSA_MD4:[456,3,1,""],CKSUMTYPE_RSA_MD4_DES:[457,3,1,""],CKSUMTYPE_RSA_MD5:[458,3,1,""],CKSUMTYPE_RSA_MD5_DES:[459,3,1,""],ENCTYPE_AES128_CTS_HMAC_SHA1_96:[460,3,1,""],ENCTYPE_AES128_CTS_HMAC_SHA256_128:[461,3,1,""],ENCTYPE_AES256_CTS_HMAC_SHA1_96:[462,3,1,""],ENCTYPE_AES256_CTS_HMAC_SHA384_192:[463,3,1,""],ENCTYPE_ARCFOUR_HMAC:[464,3,1,""],ENCTYPE_ARCFOUR_HMAC_EXP:[465,3,1,""],ENCTYPE_CAMELLIA128_CTS_CMAC:[466,3,1,""],ENCTYPE_CAMELLIA256_CTS_CMAC:[467,3,1,""],ENCTYPE_DES3_CBC_ENV:[468,3,1,""],ENCTYPE_DES3_CBC_RAW:[469,3,1,""],ENCTYPE_DES3_CBC_SHA1:[471,3,1,""],ENCTYPE_DES3_CBC_SHA:[470,3,1,""],ENCTYPE_DES_CBC_CRC:[472,3,1,""],ENCTYPE_DES_CBC_MD4:[473,3,1,""],ENCTYPE_DES_CBC_MD5:[474,3,1,""],ENCTYPE_DES_CBC_RAW:[475,3,1,""],ENCTYPE_DES_HMAC_SHA1:[476,3,1,""],ENCTYPE_DSA_SHA1_CMS:[477,3,1,""],ENCTYPE_MD5_RSA_CMS:[478,3,1,""],ENCTYPE_NULL:[479,3,1,""],ENCTYPE_RC2_CBC_ENV:[480,3,1,""],ENCTYPE_RSA_ENV:[481,3,1,""],ENCTYPE_RSA_ES_OAEP_ENV:[482,3,1,""],ENCTYPE_SHA1_RSA_CMS:[483,3,1,""],ENCTYPE_UNKNOWN:[484,3,1,""],KDC_OPT_ALLOW_POSTDATE:[485,3,1,""],KDC_OPT_CANONICALIZE:[486,3,1,""],KDC_OPT_CNAME_IN_ADDL_TKT:[487,3,1,""],KDC_OPT_DISABLE_TRANSITED_CHECK:[488,3,1,""],KDC_OPT_ENC_TKT_IN_SKEY:[489,3,1,""],KDC_OPT_FORWARDABLE:[490,3,1,""],KDC_OPT_FORWARDED:[491,3,1,""],KDC_OPT_POSTDATED:[492,3,1,""],KDC_OPT_PROXIABLE:[493,3,1,""],KDC_OPT_PROXY:[494,3,1,""],KDC_OPT_RENEW:[495,3,1,""],KDC_OPT_RENEWABLE:[496,3,1,""],KDC_OPT_RENEWABLE_OK:[497,3,1,""],KDC_OPT_REQUEST_ANONYMOUS:[498,3,1,""],KDC_OPT_VALIDATE:[499,3,1,""],KDC_TKT_COMMON_MASK:[500,3,1,""],KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:[501,3,1,""],KRB5_ANONYMOUS_PRINCSTR:[502,3,1,""],KRB5_ANONYMOUS_REALMSTR:[503,3,1,""],KRB5_AP_REP:[504,3,1,""],KRB5_AP_REQ:[505,3,1,""],KRB5_AS_REP:[506,3,1,""],KRB5_AS_REQ:[507,3,1,""],KRB5_AUTHDATA_AND_OR:[508,3,1,""],KRB5_AUTHDATA_AUTH_INDICATOR:[509,3,1,""],KRB5_AUTHDATA_CAMMAC:[510,3,1,""],KRB5_AUTHDATA_ETYPE_NEGOTIATION:[511,3,1,""],KRB5_AUTHDATA_FX_ARMOR:[512,3,1,""],KRB5_AUTHDATA_IF_RELEVANT:[513,3,1,""],KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:[514,3,1,""],KRB5_AUTHDATA_KDC_ISSUED:[515,3,1,""],KRB5_AUTHDATA_MANDATORY_FOR_KDC:[516,3,1,""],KRB5_AUTHDATA_OSF_DCE:[517,3,1,""],KRB5_AUTHDATA_SESAME:[518,3,1,""],KRB5_AUTHDATA_SIGNTICKET:[519,3,1,""],KRB5_AUTHDATA_WIN2K_PAC:[520,3,1,""],KRB5_AUTH_CONTEXT_DO_SEQUENCE:[521,3,1,""],KRB5_AUTH_CONTEXT_DO_TIME:[522,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:[523,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:[524,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:[525,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:[526,3,1,""],KRB5_AUTH_CONTEXT_PERMIT_ALL:[527,3,1,""],KRB5_AUTH_CONTEXT_RET_SEQUENCE:[528,3,1,""],KRB5_AUTH_CONTEXT_RET_TIME:[529,3,1,""],KRB5_AUTH_CONTEXT_USE_SUBKEY:[530,3,1,""],KRB5_CRED:[531,3,1,""],KRB5_CRYPTO_TYPE_CHECKSUM:[532,3,1,""],KRB5_CRYPTO_TYPE_DATA:[533,3,1,""],KRB5_CRYPTO_TYPE_EMPTY:[534,3,1,""],KRB5_CRYPTO_TYPE_HEADER:[535,3,1,""],KRB5_CRYPTO_TYPE_PADDING:[536,3,1,""],KRB5_CRYPTO_TYPE_SIGN_ONLY:[537,3,1,""],KRB5_CRYPTO_TYPE_STREAM:[538,3,1,""],KRB5_CRYPTO_TYPE_TRAILER:[539,3,1,""],KRB5_CYBERSAFE_SECUREID:[540,3,1,""],KRB5_DOMAIN_X500_COMPRESS:[541,3,1,""],KRB5_ENCPADATA_REQ_ENC_PA_REP:[542,3,1,""],KRB5_ERROR:[543,3,1,""],KRB5_FAST_REQUIRED:[544,3,1,""],KRB5_GC_CACHED:[545,3,1,""],KRB5_GC_CANONICALIZE:[546,3,1,""],KRB5_GC_CONSTRAINED_DELEGATION:[547,3,1,""],KRB5_GC_FORWARDABLE:[548,3,1,""],KRB5_GC_NO_STORE:[549,3,1,""],KRB5_GC_NO_TRANSIT_CHECK:[550,3,1,""],KRB5_GC_USER_USER:[551,3,1,""],KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:[552,3,1,""],KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:[553,3,1,""],KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:[554,3,1,""],KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:[555,3,1,""],KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:[556,3,1,""],KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:[557,3,1,""],KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:[558,3,1,""],KRB5_GET_INIT_CREDS_OPT_PROXIABLE:[559,3,1,""],KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:[560,3,1,""],KRB5_GET_INIT_CREDS_OPT_SALT:[561,3,1,""],KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:[562,3,1,""],KRB5_INIT_CONTEXT_KDC:[563,3,1,""],KRB5_INIT_CONTEXT_SECURE:[564,3,1,""],KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:[565,3,1,""],KRB5_INT16_MAX:[566,3,1,""],KRB5_INT16_MIN:[567,3,1,""],KRB5_INT32_MAX:[568,3,1,""],KRB5_INT32_MIN:[569,3,1,""],KRB5_KEYUSAGE_AD_ITE:[570,3,1,""],KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:[571,3,1,""],KRB5_KEYUSAGE_AD_MTE:[572,3,1,""],KRB5_KEYUSAGE_AD_SIGNEDPATH:[573,3,1,""],KRB5_KEYUSAGE_APP_DATA_CKSUM:[574,3,1,""],KRB5_KEYUSAGE_APP_DATA_ENCRYPT:[575,3,1,""],KRB5_KEYUSAGE_AP_REP_ENCPART:[576,3,1,""],KRB5_KEYUSAGE_AP_REQ_AUTH:[577,3,1,""],KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:[578,3,1,""],KRB5_KEYUSAGE_AS_REP_ENCPART:[579,3,1,""],KRB5_KEYUSAGE_AS_REQ:[580,3,1,""],KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:[581,3,1,""],KRB5_KEYUSAGE_CAMMAC:[582,3,1,""],KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:[583,3,1,""],KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:[584,3,1,""],KRB5_KEYUSAGE_FAST_ENC:[585,3,1,""],KRB5_KEYUSAGE_FAST_FINISHED:[586,3,1,""],KRB5_KEYUSAGE_FAST_REP:[587,3,1,""],KRB5_KEYUSAGE_FAST_REQ_CHKSUM:[588,3,1,""],KRB5_KEYUSAGE_GSS_TOK_MIC:[589,3,1,""],KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:[590,3,1,""],KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:[591,3,1,""],KRB5_KEYUSAGE_IAKERB_FINISHED:[592,3,1,""],KRB5_KEYUSAGE_KDC_REP_TICKET:[593,3,1,""],KRB5_KEYUSAGE_KRB_CRED_ENCPART:[594,3,1,""],KRB5_KEYUSAGE_KRB_ERROR_CKSUM:[595,3,1,""],KRB5_KEYUSAGE_KRB_PRIV_ENCPART:[596,3,1,""],KRB5_KEYUSAGE_KRB_SAFE_CKSUM:[597,3,1,""],KRB5_KEYUSAGE_PA_AS_FRESHNESS:[598,3,1,""],KRB5_KEYUSAGE_PA_FX_COOKIE:[599,3,1,""],KRB5_KEYUSAGE_PA_OTP_REQUEST:[600,3,1,""],KRB5_KEYUSAGE_PA_PKINIT_KX:[601,3,1,""],KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:[602,3,1,""],KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:[603,3,1,""],KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:[604,3,1,""],KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:[605,3,1,""],KRB5_KEYUSAGE_PA_SAM_RESPONSE:[606,3,1,""],KRB5_KEYUSAGE_SPAKE:[607,3,1,""],KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:[608,3,1,""],KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:[609,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:[610,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:[611,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AUTH:[612,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:[613,3,1,""],KRB5_KPASSWD_ACCESSDENIED:[614,3,1,""],KRB5_KPASSWD_AUTHERROR:[615,3,1,""],KRB5_KPASSWD_BAD_VERSION:[616,3,1,""],KRB5_KPASSWD_HARDERROR:[617,3,1,""],KRB5_KPASSWD_INITIAL_FLAG_NEEDED:[618,3,1,""],KRB5_KPASSWD_MALFORMED:[619,3,1,""],KRB5_KPASSWD_SOFTERROR:[620,3,1,""],KRB5_KPASSWD_SUCCESS:[621,3,1,""],KRB5_LRQ_ALL_ACCT_EXPTIME:[622,3,1,""],KRB5_LRQ_ALL_LAST_INITIAL:[623,3,1,""],KRB5_LRQ_ALL_LAST_RENEWAL:[624,3,1,""],KRB5_LRQ_ALL_LAST_REQ:[625,3,1,""],KRB5_LRQ_ALL_LAST_TGT:[626,3,1,""],KRB5_LRQ_ALL_LAST_TGT_ISSUED:[627,3,1,""],KRB5_LRQ_ALL_PW_EXPTIME:[628,3,1,""],KRB5_LRQ_NONE:[629,3,1,""],KRB5_LRQ_ONE_ACCT_EXPTIME:[630,3,1,""],KRB5_LRQ_ONE_LAST_INITIAL:[631,3,1,""],KRB5_LRQ_ONE_LAST_RENEWAL:[632,3,1,""],KRB5_LRQ_ONE_LAST_REQ:[633,3,1,""],KRB5_LRQ_ONE_LAST_TGT:[634,3,1,""],KRB5_LRQ_ONE_LAST_TGT_ISSUED:[635,3,1,""],KRB5_LRQ_ONE_PW_EXPTIME:[636,3,1,""],KRB5_NT_ENTERPRISE_PRINCIPAL:[637,3,1,""],KRB5_NT_ENT_PRINCIPAL_AND_ID:[638,3,1,""],KRB5_NT_MS_PRINCIPAL:[639,3,1,""],KRB5_NT_MS_PRINCIPAL_AND_ID:[640,3,1,""],KRB5_NT_PRINCIPAL:[641,3,1,""],KRB5_NT_SMTP_NAME:[642,3,1,""],KRB5_NT_SRV_HST:[643,3,1,""],KRB5_NT_SRV_INST:[644,3,1,""],KRB5_NT_SRV_XHST:[645,3,1,""],KRB5_NT_UID:[646,3,1,""],KRB5_NT_UNKNOWN:[647,3,1,""],KRB5_NT_WELLKNOWN:[648,3,1,""],KRB5_NT_X500_PRINCIPAL:[649,3,1,""],KRB5_PAC_CLIENT_INFO:[650,3,1,""],KRB5_PAC_CREDENTIALS_INFO:[651,3,1,""],KRB5_PAC_DELEGATION_INFO:[652,3,1,""],KRB5_PAC_LOGON_INFO:[653,3,1,""],KRB5_PAC_PRIVSVR_CHECKSUM:[654,3,1,""],KRB5_PAC_SERVER_CHECKSUM:[655,3,1,""],KRB5_PAC_UPN_DNS_INFO:[656,3,1,""],KRB5_PADATA_AFS3_SALT:[657,3,1,""],KRB5_PADATA_AP_REQ:[658,3,1,""],KRB5_PADATA_AS_CHECKSUM:[659,3,1,""],KRB5_PADATA_AS_FRESHNESS:[660,3,1,""],KRB5_PADATA_ENCRYPTED_CHALLENGE:[661,3,1,""],KRB5_PADATA_ENC_SANDIA_SECURID:[662,3,1,""],KRB5_PADATA_ENC_TIMESTAMP:[663,3,1,""],KRB5_PADATA_ENC_UNIX_TIME:[664,3,1,""],KRB5_PADATA_ETYPE_INFO2:[666,3,1,""],KRB5_PADATA_ETYPE_INFO:[665,3,1,""],KRB5_PADATA_FOR_USER:[667,3,1,""],KRB5_PADATA_FX_COOKIE:[668,3,1,""],KRB5_PADATA_FX_ERROR:[669,3,1,""],KRB5_PADATA_FX_FAST:[670,3,1,""],KRB5_PADATA_GET_FROM_TYPED_DATA:[671,3,1,""],KRB5_PADATA_NONE:[672,3,1,""],KRB5_PADATA_OSF_DCE:[673,3,1,""],KRB5_PADATA_OTP_CHALLENGE:[674,3,1,""],KRB5_PADATA_OTP_PIN_CHANGE:[675,3,1,""],KRB5_PADATA_OTP_REQUEST:[676,3,1,""],KRB5_PADATA_PAC_REQUEST:[677,3,1,""],KRB5_PADATA_PKINIT_KX:[678,3,1,""],KRB5_PADATA_PK_AS_REP:[679,3,1,""],KRB5_PADATA_PK_AS_REP_OLD:[680,3,1,""],KRB5_PADATA_PK_AS_REQ:[681,3,1,""],KRB5_PADATA_PK_AS_REQ_OLD:[682,3,1,""],KRB5_PADATA_PW_SALT:[683,3,1,""],KRB5_PADATA_REFERRAL:[684,3,1,""],KRB5_PADATA_S4U_X509_USER:[685,3,1,""],KRB5_PADATA_SAM_CHALLENGE:[686,3,1,""],KRB5_PADATA_SAM_CHALLENGE_2:[687,3,1,""],KRB5_PADATA_SAM_REDIRECT:[688,3,1,""],KRB5_PADATA_SAM_RESPONSE:[689,3,1,""],KRB5_PADATA_SAM_RESPONSE_2:[690,3,1,""],KRB5_PADATA_SESAME:[691,3,1,""],KRB5_PADATA_SPAKE:[692,3,1,""],KRB5_PADATA_SVR_REFERRAL_INFO:[693,3,1,""],KRB5_PADATA_TGS_REQ:[694,3,1,""],KRB5_PADATA_USE_SPECIFIED_KVNO:[695,3,1,""],KRB5_PRINCIPAL_COMPARE_CASEFOLD:[696,3,1,""],KRB5_PRINCIPAL_COMPARE_ENTERPRISE:[697,3,1,""],KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:[698,3,1,""],KRB5_PRINCIPAL_COMPARE_UTF8:[699,3,1,""],KRB5_PRINCIPAL_PARSE_ENTERPRISE:[700,3,1,""],KRB5_PRINCIPAL_PARSE_IGNORE_REALM:[701,3,1,""],KRB5_PRINCIPAL_PARSE_NO_REALM:[702,3,1,""],KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:[703,3,1,""],KRB5_PRINCIPAL_UNPARSE_DISPLAY:[704,3,1,""],KRB5_PRINCIPAL_UNPARSE_NO_REALM:[705,3,1,""],KRB5_PRINCIPAL_UNPARSE_SHORT:[706,3,1,""],KRB5_PRIV:[707,3,1,""],KRB5_PROMPT_TYPE_NEW_PASSWORD:[708,3,1,""],KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:[709,3,1,""],KRB5_PROMPT_TYPE_PASSWORD:[710,3,1,""],KRB5_PROMPT_TYPE_PREAUTH:[711,3,1,""],KRB5_PVNO:[712,3,1,""],KRB5_REALM_BRANCH_CHAR:[713,3,1,""],KRB5_RECVAUTH_BADAUTHVERS:[714,3,1,""],KRB5_RECVAUTH_SKIP_VERSION:[715,3,1,""],KRB5_REFERRAL_REALM:[716,3,1,""],KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:[717,3,1,""],KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:[718,3,1,""],KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:[719,3,1,""],KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:[720,3,1,""],KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:[721,3,1,""],KRB5_RESPONDER_OTP_FORMAT_DECIMAL:[722,3,1,""],KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:[723,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:[724,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:[725,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:[726,3,1,""],KRB5_RESPONDER_QUESTION_OTP:[727,3,1,""],KRB5_RESPONDER_QUESTION_PASSWORD:[728,3,1,""],KRB5_RESPONDER_QUESTION_PKINIT:[729,3,1,""],KRB5_SAFE:[730,3,1,""],KRB5_SAM_MUST_PK_ENCRYPT_SAD:[731,3,1,""],KRB5_SAM_SEND_ENCRYPTED_SAD:[732,3,1,""],KRB5_SAM_USE_SAD_AS_KEY:[733,3,1,""],KRB5_TC_MATCH_2ND_TKT:[734,3,1,""],KRB5_TC_MATCH_AUTHDATA:[735,3,1,""],KRB5_TC_MATCH_FLAGS:[736,3,1,""],KRB5_TC_MATCH_FLAGS_EXACT:[737,3,1,""],KRB5_TC_MATCH_IS_SKEY:[738,3,1,""],KRB5_TC_MATCH_KTYPE:[739,3,1,""],KRB5_TC_MATCH_SRV_NAMEONLY:[740,3,1,""],KRB5_TC_MATCH_TIMES:[741,3,1,""],KRB5_TC_MATCH_TIMES_EXACT:[742,3,1,""],KRB5_TC_NOTICKET:[743,3,1,""],KRB5_TC_OPENCLOSE:[744,3,1,""],KRB5_TC_SUPPORTED_KTYPES:[745,3,1,""],KRB5_TGS_NAME:[746,3,1,""],KRB5_TGS_NAME_SIZE:[747,3,1,""],KRB5_TGS_REP:[748,3,1,""],KRB5_TGS_REQ:[749,3,1,""],KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:[750,3,1,""],KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:[751,3,1,""],KRB5_WELLKNOWN_NAMESTR:[752,3,1,""],LR_TYPE_INTERPRETATION_MASK:[753,3,1,""],LR_TYPE_THIS_SERVER_ONLY:[754,3,1,""],MAX_KEYTAB_NAME_LEN:[755,3,1,""],MSEC_DIRBIT:[756,3,1,""],MSEC_VAL_MASK:[757,3,1,""],SALT_TYPE_AFS_LENGTH:[758,3,1,""],SALT_TYPE_NO_LENGTH:[759,3,1,""],THREEPARAMOPEN:[760,3,1,""],TKT_FLG_ANONYMOUS:[761,3,1,""],TKT_FLG_ENC_PA_REP:[762,3,1,""],TKT_FLG_FORWARDABLE:[763,3,1,""],TKT_FLG_FORWARDED:[764,3,1,""],TKT_FLG_HW_AUTH:[765,3,1,""],TKT_FLG_INITIAL:[766,3,1,""],TKT_FLG_INVALID:[767,3,1,""],TKT_FLG_MAY_POSTDATE:[768,3,1,""],TKT_FLG_OK_AS_DELEGATE:[769,3,1,""],TKT_FLG_POSTDATED:[770,3,1,""],TKT_FLG_PRE_AUTH:[771,3,1,""],TKT_FLG_PROXIABLE:[772,3,1,""],TKT_FLG_PROXY:[773,3,1,""],TKT_FLG_RENEWABLE:[774,3,1,""],TKT_FLG_TRANSIT_POLICY_CHECKED:[775,3,1,""],VALID_INT_BITS:[776,3,1,""],VALID_UINT_BITS:[777,3,1,""],krb524_convert_creds_kdc:[779,3,1,""],krb524_init_ets:[780,3,1,""],krb5_425_conv_principal:[50,0,1,"c.krb5_425_conv_principal"],krb5_524_conv_principal:[51,0,1,"c.krb5_524_conv_principal"],krb5_524_convert_creds:[52,0,1,"c.krb5_524_convert_creds"],krb5_address:[794,1,1,"c.krb5_address"],krb5_address_compare:[53,0,1,"c.krb5_address_compare"],krb5_address_order:[54,0,1,"c.krb5_address_order"],krb5_address_search:[55,0,1,"c.krb5_address_search"],krb5_addrtype:[795,1,1,"c.krb5_addrtype"],krb5_allow_weak_crypto:[56,0,1,"c.krb5_allow_weak_crypto"],krb5_aname_to_localname:[57,0,1,"c.krb5_aname_to_localname"],krb5_anonymous_principal:[58,0,1,"c.krb5_anonymous_principal"],krb5_anonymous_realm:[59,0,1,"c.krb5_anonymous_realm"],krb5_ap_rep:[796,1,1,"c.krb5_ap_rep"],krb5_ap_rep_enc_part:[797,1,1,"c.krb5_ap_rep_enc_part"],krb5_ap_req:[798,1,1,"c.krb5_ap_req"],krb5_appdefault_boolean:[60,0,1,"c.krb5_appdefault_boolean"],krb5_appdefault_string:[61,0,1,"c.krb5_appdefault_string"],krb5_auth_con_free:[62,0,1,"c.krb5_auth_con_free"],krb5_auth_con_genaddrs:[63,0,1,"c.krb5_auth_con_genaddrs"],krb5_auth_con_get_checksum_func:[64,0,1,"c.krb5_auth_con_get_checksum_func"],krb5_auth_con_getaddrs:[65,0,1,"c.krb5_auth_con_getaddrs"],krb5_auth_con_getauthenticator:[66,0,1,"c.krb5_auth_con_getauthenticator"],krb5_auth_con_getflags:[67,0,1,"c.krb5_auth_con_getflags"],krb5_auth_con_getkey:[68,0,1,"c.krb5_auth_con_getkey"],krb5_auth_con_getkey_k:[69,0,1,"c.krb5_auth_con_getkey_k"],krb5_auth_con_getlocalseqnumber:[70,0,1,"c.krb5_auth_con_getlocalseqnumber"],krb5_auth_con_getlocalsubkey:[71,0,1,"c.krb5_auth_con_getlocalsubkey"],krb5_auth_con_getrcache:[72,0,1,"c.krb5_auth_con_getrcache"],krb5_auth_con_getrecvsubkey:[73,0,1,"c.krb5_auth_con_getrecvsubkey"],krb5_auth_con_getrecvsubkey_k:[74,0,1,"c.krb5_auth_con_getrecvsubkey_k"],krb5_auth_con_getremoteseqnumber:[75,0,1,"c.krb5_auth_con_getremoteseqnumber"],krb5_auth_con_getremotesubkey:[76,0,1,"c.krb5_auth_con_getremotesubkey"],krb5_auth_con_getsendsubkey:[77,0,1,"c.krb5_auth_con_getsendsubkey"],krb5_auth_con_getsendsubkey_k:[78,0,1,"c.krb5_auth_con_getsendsubkey_k"],krb5_auth_con_init:[79,0,1,"c.krb5_auth_con_init"],krb5_auth_con_initivector:[80,0,1,"c.krb5_auth_con_initivector"],krb5_auth_con_set_checksum_func:[81,0,1,"c.krb5_auth_con_set_checksum_func"],krb5_auth_con_set_req_cksumtype:[82,0,1,"c.krb5_auth_con_set_req_cksumtype"],krb5_auth_con_setaddrs:[83,0,1,"c.krb5_auth_con_setaddrs"],krb5_auth_con_setflags:[84,0,1,"c.krb5_auth_con_setflags"],krb5_auth_con_setports:[85,0,1,"c.krb5_auth_con_setports"],krb5_auth_con_setrcache:[86,0,1,"c.krb5_auth_con_setrcache"],krb5_auth_con_setrecvsubkey:[87,0,1,"c.krb5_auth_con_setrecvsubkey"],krb5_auth_con_setrecvsubkey_k:[88,0,1,"c.krb5_auth_con_setrecvsubkey_k"],krb5_auth_con_setsendsubkey:[89,0,1,"c.krb5_auth_con_setsendsubkey"],krb5_auth_con_setsendsubkey_k:[90,0,1,"c.krb5_auth_con_setsendsubkey_k"],krb5_auth_con_setuseruserkey:[91,0,1,"c.krb5_auth_con_setuseruserkey"],krb5_auth_context:[799,1,1,"c.krb5_auth_context"],krb5_authdata:[800,1,1,"c.krb5_authdata"],krb5_authdatatype:[801,1,1,"c.krb5_authdatatype"],krb5_authenticator:[802,1,1,"c.krb5_authenticator"],krb5_boolean:[803,1,1,"c.krb5_boolean"],krb5_build_principal:[92,0,1,"c.krb5_build_principal"],krb5_build_principal_alloc_va:[93,0,1,"c.krb5_build_principal_alloc_va"],krb5_build_principal_ext:[94,0,1,"c.krb5_build_principal_ext"],krb5_build_principal_va:[95,0,1,"c.krb5_build_principal_va"],krb5_c_block_size:[96,0,1,"c.krb5_c_block_size"],krb5_c_checksum_length:[97,0,1,"c.krb5_c_checksum_length"],krb5_c_crypto_length:[98,0,1,"c.krb5_c_crypto_length"],krb5_c_crypto_length_iov:[99,0,1,"c.krb5_c_crypto_length_iov"],krb5_c_decrypt:[100,0,1,"c.krb5_c_decrypt"],krb5_c_decrypt_iov:[101,0,1,"c.krb5_c_decrypt_iov"],krb5_c_derive_prfplus:[102,0,1,"c.krb5_c_derive_prfplus"],krb5_c_encrypt:[103,0,1,"c.krb5_c_encrypt"],krb5_c_encrypt_iov:[104,0,1,"c.krb5_c_encrypt_iov"],krb5_c_encrypt_length:[105,0,1,"c.krb5_c_encrypt_length"],krb5_c_enctype_compare:[106,0,1,"c.krb5_c_enctype_compare"],krb5_c_free_state:[107,0,1,"c.krb5_c_free_state"],krb5_c_fx_cf2_simple:[108,0,1,"c.krb5_c_fx_cf2_simple"],krb5_c_init_state:[109,0,1,"c.krb5_c_init_state"],krb5_c_is_coll_proof_cksum:[110,0,1,"c.krb5_c_is_coll_proof_cksum"],krb5_c_is_keyed_cksum:[111,0,1,"c.krb5_c_is_keyed_cksum"],krb5_c_keyed_checksum_types:[112,0,1,"c.krb5_c_keyed_checksum_types"],krb5_c_keylengths:[113,0,1,"c.krb5_c_keylengths"],krb5_c_make_checksum:[114,0,1,"c.krb5_c_make_checksum"],krb5_c_make_checksum_iov:[115,0,1,"c.krb5_c_make_checksum_iov"],krb5_c_make_random_key:[116,0,1,"c.krb5_c_make_random_key"],krb5_c_padding_length:[117,0,1,"c.krb5_c_padding_length"],krb5_c_prf:[118,0,1,"c.krb5_c_prf"],krb5_c_prf_length:[119,0,1,"c.krb5_c_prf_length"],krb5_c_prfplus:[120,0,1,"c.krb5_c_prfplus"],krb5_c_random_add_entropy:[121,0,1,"c.krb5_c_random_add_entropy"],krb5_c_random_make_octets:[122,0,1,"c.krb5_c_random_make_octets"],krb5_c_random_os_entropy:[123,0,1,"c.krb5_c_random_os_entropy"],krb5_c_random_seed:[124,0,1,"c.krb5_c_random_seed"],krb5_c_random_to_key:[125,0,1,"c.krb5_c_random_to_key"],krb5_c_string_to_key:[126,0,1,"c.krb5_c_string_to_key"],krb5_c_string_to_key_with_params:[127,0,1,"c.krb5_c_string_to_key_with_params"],krb5_c_valid_cksumtype:[128,0,1,"c.krb5_c_valid_cksumtype"],krb5_c_valid_enctype:[129,0,1,"c.krb5_c_valid_enctype"],krb5_c_verify_checksum:[130,0,1,"c.krb5_c_verify_checksum"],krb5_c_verify_checksum_iov:[131,0,1,"c.krb5_c_verify_checksum_iov"],krb5_calculate_checksum:[132,0,1,"c.krb5_calculate_checksum"],krb5_cc_cache_match:[133,0,1,"c.krb5_cc_cache_match"],krb5_cc_close:[134,0,1,"c.krb5_cc_close"],krb5_cc_copy_creds:[135,0,1,"c.krb5_cc_copy_creds"],krb5_cc_cursor:[804,1,1,"c.krb5_cc_cursor"],krb5_cc_default:[136,0,1,"c.krb5_cc_default"],krb5_cc_default_name:[137,0,1,"c.krb5_cc_default_name"],krb5_cc_destroy:[138,0,1,"c.krb5_cc_destroy"],krb5_cc_dup:[139,0,1,"c.krb5_cc_dup"],krb5_cc_end_seq_get:[140,0,1,"c.krb5_cc_end_seq_get"],krb5_cc_gen_new:[141,0,1,"c.krb5_cc_gen_new"],krb5_cc_get_config:[142,0,1,"c.krb5_cc_get_config"],krb5_cc_get_flags:[143,0,1,"c.krb5_cc_get_flags"],krb5_cc_get_full_name:[144,0,1,"c.krb5_cc_get_full_name"],krb5_cc_get_name:[145,0,1,"c.krb5_cc_get_name"],krb5_cc_get_principal:[146,0,1,"c.krb5_cc_get_principal"],krb5_cc_get_type:[147,0,1,"c.krb5_cc_get_type"],krb5_cc_initialize:[148,0,1,"c.krb5_cc_initialize"],krb5_cc_last_change_time:[149,0,1,"c.krb5_cc_last_change_time"],krb5_cc_lock:[150,0,1,"c.krb5_cc_lock"],krb5_cc_move:[151,0,1,"c.krb5_cc_move"],krb5_cc_new_unique:[152,0,1,"c.krb5_cc_new_unique"],krb5_cc_next_cred:[153,0,1,"c.krb5_cc_next_cred"],krb5_cc_remove_cred:[154,0,1,"c.krb5_cc_remove_cred"],krb5_cc_resolve:[155,0,1,"c.krb5_cc_resolve"],krb5_cc_retrieve_cred:[156,0,1,"c.krb5_cc_retrieve_cred"],krb5_cc_select:[157,0,1,"c.krb5_cc_select"],krb5_cc_set_config:[158,0,1,"c.krb5_cc_set_config"],krb5_cc_set_default_name:[159,0,1,"c.krb5_cc_set_default_name"],krb5_cc_set_flags:[160,0,1,"c.krb5_cc_set_flags"],krb5_cc_start_seq_get:[161,0,1,"c.krb5_cc_start_seq_get"],krb5_cc_store_cred:[162,0,1,"c.krb5_cc_store_cred"],krb5_cc_support_switch:[163,0,1,"c.krb5_cc_support_switch"],krb5_cc_switch:[164,0,1,"c.krb5_cc_switch"],krb5_cc_unlock:[165,0,1,"c.krb5_cc_unlock"],krb5_ccache:[805,1,1,"c.krb5_ccache"],krb5_cccol_cursor:[806,1,1,"c.krb5_cccol_cursor"],krb5_cccol_cursor_free:[166,0,1,"c.krb5_cccol_cursor_free"],krb5_cccol_cursor_new:[167,0,1,"c.krb5_cccol_cursor_new"],krb5_cccol_cursor_next:[168,0,1,"c.krb5_cccol_cursor_next"],krb5_cccol_have_content:[169,0,1,"c.krb5_cccol_have_content"],krb5_cccol_last_change_time:[170,0,1,"c.krb5_cccol_last_change_time"],krb5_cccol_lock:[171,0,1,"c.krb5_cccol_lock"],krb5_cccol_unlock:[172,0,1,"c.krb5_cccol_unlock"],krb5_change_password:[173,0,1,"c.krb5_change_password"],krb5_check_clockskew:[174,0,1,"c.krb5_check_clockskew"],krb5_checksum:[807,1,1,"c.krb5_checksum"],krb5_checksum_size:[175,0,1,"c.krb5_checksum_size"],krb5_chpw_message:[176,0,1,"c.krb5_chpw_message"],krb5_cksumtype:[808,1,1,"c.krb5_cksumtype"],krb5_cksumtype_to_string:[177,0,1,"c.krb5_cksumtype_to_string"],krb5_clear_error_message:[178,0,1,"c.krb5_clear_error_message"],krb5_const:[781,3,1,""],krb5_const_pointer:[809,1,1,"c.krb5_const_pointer"],krb5_const_principal:[810,1,1,"c.krb5_const_principal"],krb5_context:[811,1,1,"c.krb5_context"],krb5_copy_addresses:[179,0,1,"c.krb5_copy_addresses"],krb5_copy_authdata:[180,0,1,"c.krb5_copy_authdata"],krb5_copy_authenticator:[181,0,1,"c.krb5_copy_authenticator"],krb5_copy_checksum:[182,0,1,"c.krb5_copy_checksum"],krb5_copy_context:[183,0,1,"c.krb5_copy_context"],krb5_copy_creds:[184,0,1,"c.krb5_copy_creds"],krb5_copy_data:[185,0,1,"c.krb5_copy_data"],krb5_copy_error_message:[186,0,1,"c.krb5_copy_error_message"],krb5_copy_keyblock:[187,0,1,"c.krb5_copy_keyblock"],krb5_copy_keyblock_contents:[188,0,1,"c.krb5_copy_keyblock_contents"],krb5_copy_principal:[189,0,1,"c.krb5_copy_principal"],krb5_copy_ticket:[190,0,1,"c.krb5_copy_ticket"],krb5_cred:[812,1,1,"c.krb5_cred"],krb5_cred_enc_part:[813,1,1,"c.krb5_cred_enc_part"],krb5_cred_info:[814,1,1,"c.krb5_cred_info"],krb5_creds:[815,1,1,"c.krb5_creds"],krb5_crypto_iov:[816,1,1,"c.krb5_crypto_iov"],krb5_cryptotype:[817,1,1,"c.krb5_cryptotype"],krb5_data:[818,1,1,"c.krb5_data"],krb5_decode_authdata_container:[191,0,1,"c.krb5_decode_authdata_container"],krb5_decode_ticket:[192,0,1,"c.krb5_decode_ticket"],krb5_decrypt:[193,0,1,"c.krb5_decrypt"],krb5_deltat:[819,1,1,"c.krb5_deltat"],krb5_deltat_to_string:[194,0,1,"c.krb5_deltat_to_string"],krb5_eblock_enctype:[195,0,1,"c.krb5_eblock_enctype"],krb5_enc_data:[820,1,1,"c.krb5_enc_data"],krb5_enc_kdc_rep_part:[821,1,1,"c.krb5_enc_kdc_rep_part"],krb5_enc_tkt_part:[822,1,1,"c.krb5_enc_tkt_part"],krb5_encode_authdata_container:[196,0,1,"c.krb5_encode_authdata_container"],krb5_encrypt:[197,0,1,"c.krb5_encrypt"],krb5_encrypt_block:[823,1,1,"c.krb5_encrypt_block"],krb5_encrypt_size:[198,0,1,"c.krb5_encrypt_size"],krb5_enctype:[824,1,1,"c.krb5_enctype"],krb5_enctype_to_name:[199,0,1,"c.krb5_enctype_to_name"],krb5_enctype_to_string:[200,0,1,"c.krb5_enctype_to_string"],krb5_error:[825,1,1,"c.krb5_error"],krb5_error_code:[826,1,1,"c.krb5_error_code"],krb5_expand_hostname:[201,0,1,"c.krb5_expand_hostname"],krb5_expire_callback_func:[827,1,1,"c.krb5_expire_callback_func"],krb5_find_authdata:[202,0,1,"c.krb5_find_authdata"],krb5_finish_key:[203,0,1,"c.krb5_finish_key"],krb5_finish_random_key:[204,0,1,"c.krb5_finish_random_key"],krb5_flags:[828,1,1,"c.krb5_flags"],krb5_free_addresses:[205,0,1,"c.krb5_free_addresses"],krb5_free_ap_rep_enc_part:[206,0,1,"c.krb5_free_ap_rep_enc_part"],krb5_free_authdata:[207,0,1,"c.krb5_free_authdata"],krb5_free_authenticator:[208,0,1,"c.krb5_free_authenticator"],krb5_free_checksum:[209,0,1,"c.krb5_free_checksum"],krb5_free_checksum_contents:[210,0,1,"c.krb5_free_checksum_contents"],krb5_free_cksumtypes:[211,0,1,"c.krb5_free_cksumtypes"],krb5_free_context:[212,0,1,"c.krb5_free_context"],krb5_free_cred_contents:[213,0,1,"c.krb5_free_cred_contents"],krb5_free_creds:[214,0,1,"c.krb5_free_creds"],krb5_free_data:[215,0,1,"c.krb5_free_data"],krb5_free_data_contents:[216,0,1,"c.krb5_free_data_contents"],krb5_free_default_realm:[217,0,1,"c.krb5_free_default_realm"],krb5_free_enctypes:[218,0,1,"c.krb5_free_enctypes"],krb5_free_error:[219,0,1,"c.krb5_free_error"],krb5_free_error_message:[220,0,1,"c.krb5_free_error_message"],krb5_free_host_realm:[221,0,1,"c.krb5_free_host_realm"],krb5_free_keyblock:[222,0,1,"c.krb5_free_keyblock"],krb5_free_keyblock_contents:[223,0,1,"c.krb5_free_keyblock_contents"],krb5_free_keytab_entry_contents:[224,0,1,"c.krb5_free_keytab_entry_contents"],krb5_free_principal:[225,0,1,"c.krb5_free_principal"],krb5_free_string:[226,0,1,"c.krb5_free_string"],krb5_free_tgt_creds:[227,0,1,"c.krb5_free_tgt_creds"],krb5_free_ticket:[228,0,1,"c.krb5_free_ticket"],krb5_free_unparsed_name:[229,0,1,"c.krb5_free_unparsed_name"],krb5_fwd_tgt_creds:[230,0,1,"c.krb5_fwd_tgt_creds"],krb5_get_credentials:[231,0,1,"c.krb5_get_credentials"],krb5_get_credentials_renew:[232,0,1,"c.krb5_get_credentials_renew"],krb5_get_credentials_validate:[233,0,1,"c.krb5_get_credentials_validate"],krb5_get_default_realm:[234,0,1,"c.krb5_get_default_realm"],krb5_get_error_message:[235,0,1,"c.krb5_get_error_message"],krb5_get_etype_info:[236,0,1,"c.krb5_get_etype_info"],krb5_get_fallback_host_realm:[237,0,1,"c.krb5_get_fallback_host_realm"],krb5_get_host_realm:[238,0,1,"c.krb5_get_host_realm"],krb5_get_in_tkt_with_keytab:[239,0,1,"c.krb5_get_in_tkt_with_keytab"],krb5_get_in_tkt_with_password:[240,0,1,"c.krb5_get_in_tkt_with_password"],krb5_get_in_tkt_with_skey:[241,0,1,"c.krb5_get_in_tkt_with_skey"],krb5_get_init_creds_keytab:[242,0,1,"c.krb5_get_init_creds_keytab"],krb5_get_init_creds_opt:[829,1,1,"c.krb5_get_init_creds_opt"],krb5_get_init_creds_opt_alloc:[243,0,1,"c.krb5_get_init_creds_opt_alloc"],krb5_get_init_creds_opt_free:[244,0,1,"c.krb5_get_init_creds_opt_free"],krb5_get_init_creds_opt_get_fast_flags:[245,0,1,"c.krb5_get_init_creds_opt_get_fast_flags"],krb5_get_init_creds_opt_init:[246,0,1,"c.krb5_get_init_creds_opt_init"],krb5_get_init_creds_opt_set_address_list:[247,0,1,"c.krb5_get_init_creds_opt_set_address_list"],krb5_get_init_creds_opt_set_anonymous:[248,0,1,"c.krb5_get_init_creds_opt_set_anonymous"],krb5_get_init_creds_opt_set_canonicalize:[249,0,1,"c.krb5_get_init_creds_opt_set_canonicalize"],krb5_get_init_creds_opt_set_change_password_prompt:[250,0,1,"c.krb5_get_init_creds_opt_set_change_password_prompt"],krb5_get_init_creds_opt_set_etype_list:[251,0,1,"c.krb5_get_init_creds_opt_set_etype_list"],krb5_get_init_creds_opt_set_expire_callback:[252,0,1,"c.krb5_get_init_creds_opt_set_expire_callback"],krb5_get_init_creds_opt_set_fast_ccache:[253,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache"],krb5_get_init_creds_opt_set_fast_ccache_name:[254,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name"],krb5_get_init_creds_opt_set_fast_flags:[255,0,1,"c.krb5_get_init_creds_opt_set_fast_flags"],krb5_get_init_creds_opt_set_forwardable:[256,0,1,"c.krb5_get_init_creds_opt_set_forwardable"],krb5_get_init_creds_opt_set_in_ccache:[257,0,1,"c.krb5_get_init_creds_opt_set_in_ccache"],krb5_get_init_creds_opt_set_out_ccache:[258,0,1,"c.krb5_get_init_creds_opt_set_out_ccache"],krb5_get_init_creds_opt_set_pa:[259,0,1,"c.krb5_get_init_creds_opt_set_pa"],krb5_get_init_creds_opt_set_pac_request:[260,0,1,"c.krb5_get_init_creds_opt_set_pac_request"],krb5_get_init_creds_opt_set_preauth_list:[261,0,1,"c.krb5_get_init_creds_opt_set_preauth_list"],krb5_get_init_creds_opt_set_proxiable:[262,0,1,"c.krb5_get_init_creds_opt_set_proxiable"],krb5_get_init_creds_opt_set_renew_life:[263,0,1,"c.krb5_get_init_creds_opt_set_renew_life"],krb5_get_init_creds_opt_set_responder:[264,0,1,"c.krb5_get_init_creds_opt_set_responder"],krb5_get_init_creds_opt_set_salt:[265,0,1,"c.krb5_get_init_creds_opt_set_salt"],krb5_get_init_creds_opt_set_tkt_life:[266,0,1,"c.krb5_get_init_creds_opt_set_tkt_life"],krb5_get_init_creds_password:[267,0,1,"c.krb5_get_init_creds_password"],krb5_get_permitted_enctypes:[268,0,1,"c.krb5_get_permitted_enctypes"],krb5_get_profile:[269,0,1,"c.krb5_get_profile"],krb5_get_prompt_types:[270,0,1,"c.krb5_get_prompt_types"],krb5_get_renewed_creds:[271,0,1,"c.krb5_get_renewed_creds"],krb5_get_server_rcache:[272,0,1,"c.krb5_get_server_rcache"],krb5_get_time_offsets:[273,0,1,"c.krb5_get_time_offsets"],krb5_get_validated_creds:[274,0,1,"c.krb5_get_validated_creds"],krb5_gic_opt_pa_data:[830,1,1,"c.krb5_gic_opt_pa_data"],krb5_init_context:[275,0,1,"c.krb5_init_context"],krb5_init_context_profile:[276,0,1,"c.krb5_init_context_profile"],krb5_init_creds_context:[831,1,1,"c.krb5_init_creds_context"],krb5_init_creds_free:[277,0,1,"c.krb5_init_creds_free"],krb5_init_creds_get:[278,0,1,"c.krb5_init_creds_get"],krb5_init_creds_get_creds:[279,0,1,"c.krb5_init_creds_get_creds"],krb5_init_creds_get_error:[280,0,1,"c.krb5_init_creds_get_error"],krb5_init_creds_get_times:[281,0,1,"c.krb5_init_creds_get_times"],krb5_init_creds_init:[282,0,1,"c.krb5_init_creds_init"],krb5_init_creds_set_keytab:[283,0,1,"c.krb5_init_creds_set_keytab"],krb5_init_creds_set_password:[284,0,1,"c.krb5_init_creds_set_password"],krb5_init_creds_set_service:[285,0,1,"c.krb5_init_creds_set_service"],krb5_init_creds_step:[286,0,1,"c.krb5_init_creds_step"],krb5_init_keyblock:[287,0,1,"c.krb5_init_keyblock"],krb5_init_random_key:[288,0,1,"c.krb5_init_random_key"],krb5_init_secure_context:[289,0,1,"c.krb5_init_secure_context"],krb5_int16:[832,1,1,"c.krb5_int16"],krb5_int32:[833,1,1,"c.krb5_int32"],krb5_is_config_principal:[290,0,1,"c.krb5_is_config_principal"],krb5_is_referral_realm:[291,0,1,"c.krb5_is_referral_realm"],krb5_is_thread_safe:[292,0,1,"c.krb5_is_thread_safe"],krb5_k_create_key:[293,0,1,"c.krb5_k_create_key"],krb5_k_decrypt:[294,0,1,"c.krb5_k_decrypt"],krb5_k_decrypt_iov:[295,0,1,"c.krb5_k_decrypt_iov"],krb5_k_encrypt:[296,0,1,"c.krb5_k_encrypt"],krb5_k_encrypt_iov:[297,0,1,"c.krb5_k_encrypt_iov"],krb5_k_free_key:[298,0,1,"c.krb5_k_free_key"],krb5_k_key_enctype:[299,0,1,"c.krb5_k_key_enctype"],krb5_k_key_keyblock:[300,0,1,"c.krb5_k_key_keyblock"],krb5_k_make_checksum:[301,0,1,"c.krb5_k_make_checksum"],krb5_k_make_checksum_iov:[302,0,1,"c.krb5_k_make_checksum_iov"],krb5_k_prf:[303,0,1,"c.krb5_k_prf"],krb5_k_reference_key:[304,0,1,"c.krb5_k_reference_key"],krb5_k_verify_checksum:[305,0,1,"c.krb5_k_verify_checksum"],krb5_k_verify_checksum_iov:[306,0,1,"c.krb5_k_verify_checksum_iov"],krb5_kdc_rep:[834,1,1,"c.krb5_kdc_rep"],krb5_kdc_req:[835,1,1,"c.krb5_kdc_req"],krb5_key:[836,1,1,"c.krb5_key"],krb5_keyblock:[837,1,1,"c.krb5_keyblock"],krb5_keytab:[838,1,1,"c.krb5_keytab"],krb5_keytab_entry:[839,1,1,"c.krb5_keytab_entry"],krb5_keyusage:[840,1,1,"c.krb5_keyusage"],krb5_kt_add_entry:[307,0,1,"c.krb5_kt_add_entry"],krb5_kt_client_default:[308,0,1,"c.krb5_kt_client_default"],krb5_kt_close:[309,0,1,"c.krb5_kt_close"],krb5_kt_cursor:[841,1,1,"c.krb5_kt_cursor"],krb5_kt_default:[310,0,1,"c.krb5_kt_default"],krb5_kt_default_name:[311,0,1,"c.krb5_kt_default_name"],krb5_kt_dup:[312,0,1,"c.krb5_kt_dup"],krb5_kt_end_seq_get:[313,0,1,"c.krb5_kt_end_seq_get"],krb5_kt_free_entry:[314,0,1,"c.krb5_kt_free_entry"],krb5_kt_get_entry:[315,0,1,"c.krb5_kt_get_entry"],krb5_kt_get_name:[316,0,1,"c.krb5_kt_get_name"],krb5_kt_get_type:[317,0,1,"c.krb5_kt_get_type"],krb5_kt_have_content:[318,0,1,"c.krb5_kt_have_content"],krb5_kt_next_entry:[319,0,1,"c.krb5_kt_next_entry"],krb5_kt_read_service_key:[320,0,1,"c.krb5_kt_read_service_key"],krb5_kt_remove_entry:[321,0,1,"c.krb5_kt_remove_entry"],krb5_kt_resolve:[322,0,1,"c.krb5_kt_resolve"],krb5_kt_start_seq_get:[323,0,1,"c.krb5_kt_start_seq_get"],krb5_kuserok:[324,0,1,"c.krb5_kuserok"],krb5_kvno:[842,1,1,"c.krb5_kvno"],krb5_last_req_entry:[843,1,1,"c.krb5_last_req_entry"],krb5_magic:[844,1,1,"c.krb5_magic"],krb5_make_authdata_kdc_issued:[325,0,1,"c.krb5_make_authdata_kdc_issued"],krb5_merge_authdata:[326,0,1,"c.krb5_merge_authdata"],krb5_mk_1cred:[327,0,1,"c.krb5_mk_1cred"],krb5_mk_error:[328,0,1,"c.krb5_mk_error"],krb5_mk_ncred:[329,0,1,"c.krb5_mk_ncred"],krb5_mk_priv:[330,0,1,"c.krb5_mk_priv"],krb5_mk_rep:[331,0,1,"c.krb5_mk_rep"],krb5_mk_rep_dce:[332,0,1,"c.krb5_mk_rep_dce"],krb5_mk_req:[333,0,1,"c.krb5_mk_req"],krb5_mk_req_checksum_func:[845,1,1,"c.krb5_mk_req_checksum_func"],krb5_mk_req_extended:[334,0,1,"c.krb5_mk_req_extended"],krb5_mk_safe:[335,0,1,"c.krb5_mk_safe"],krb5_msgtype:[846,1,1,"c.krb5_msgtype"],krb5_octet:[847,1,1,"c.krb5_octet"],krb5_os_localaddr:[336,0,1,"c.krb5_os_localaddr"],krb5_pa_data:[848,1,1,"c.krb5_pa_data"],krb5_pa_pac_req:[849,1,1,"c.krb5_pa_pac_req"],krb5_pa_server_referral_data:[850,1,1,"c.krb5_pa_server_referral_data"],krb5_pa_svr_referral_data:[851,1,1,"c.krb5_pa_svr_referral_data"],krb5_pac:[852,1,1,"c.krb5_pac"],krb5_pac_add_buffer:[337,0,1,"c.krb5_pac_add_buffer"],krb5_pac_free:[338,0,1,"c.krb5_pac_free"],krb5_pac_get_buffer:[339,0,1,"c.krb5_pac_get_buffer"],krb5_pac_get_types:[340,0,1,"c.krb5_pac_get_types"],krb5_pac_init:[341,0,1,"c.krb5_pac_init"],krb5_pac_parse:[342,0,1,"c.krb5_pac_parse"],krb5_pac_sign:[343,0,1,"c.krb5_pac_sign"],krb5_pac_sign_ext:[344,0,1,"c.krb5_pac_sign_ext"],krb5_pac_verify:[345,0,1,"c.krb5_pac_verify"],krb5_pac_verify_ext:[346,0,1,"c.krb5_pac_verify_ext"],krb5_parse_name:[347,0,1,"c.krb5_parse_name"],krb5_parse_name_flags:[348,0,1,"c.krb5_parse_name_flags"],krb5_pointer:[853,1,1,"c.krb5_pointer"],krb5_post_recv_fn:[854,1,1,"c.krb5_post_recv_fn"],krb5_pre_send_fn:[855,1,1,"c.krb5_pre_send_fn"],krb5_preauthtype:[856,1,1,"c.krb5_preauthtype"],krb5_prepend_error_message:[349,0,1,"c.krb5_prepend_error_message"],krb5_princ_component:[782,3,1,""],krb5_princ_name:[783,3,1,""],krb5_princ_realm:[784,3,1,""],krb5_princ_set_realm:[785,3,1,""],krb5_princ_set_realm_data:[786,3,1,""],krb5_princ_set_realm_length:[787,3,1,""],krb5_princ_size:[788,3,1,""],krb5_princ_type:[789,3,1,""],krb5_principal2salt:[350,0,1,"c.krb5_principal2salt"],krb5_principal:[857,1,1,"c.krb5_principal"],krb5_principal_compare:[351,0,1,"c.krb5_principal_compare"],krb5_principal_compare_any_realm:[352,0,1,"c.krb5_principal_compare_any_realm"],krb5_principal_compare_flags:[353,0,1,"c.krb5_principal_compare_flags"],krb5_principal_data:[858,1,1,"c.krb5_principal_data"],krb5_process_key:[354,0,1,"c.krb5_process_key"],krb5_prompt:[859,1,1,"c.krb5_prompt"],krb5_prompt_type:[860,1,1,"c.krb5_prompt_type"],krb5_prompter_fct:[861,1,1,"c.krb5_prompter_fct"],krb5_prompter_posix:[355,0,1,"c.krb5_prompter_posix"],krb5_pwd_data:[862,1,1,"c.krb5_pwd_data"],krb5_random_key:[356,0,1,"c.krb5_random_key"],krb5_rcache:[863,1,1,"c.krb5_rcache"],krb5_rd_cred:[357,0,1,"c.krb5_rd_cred"],krb5_rd_error:[358,0,1,"c.krb5_rd_error"],krb5_rd_priv:[359,0,1,"c.krb5_rd_priv"],krb5_rd_rep:[360,0,1,"c.krb5_rd_rep"],krb5_rd_rep_dce:[361,0,1,"c.krb5_rd_rep_dce"],krb5_rd_req:[362,0,1,"c.krb5_rd_req"],krb5_rd_safe:[363,0,1,"c.krb5_rd_safe"],krb5_read_password:[364,0,1,"c.krb5_read_password"],krb5_realm_compare:[365,0,1,"c.krb5_realm_compare"],krb5_recvauth:[366,0,1,"c.krb5_recvauth"],krb5_recvauth_version:[367,0,1,"c.krb5_recvauth_version"],krb5_replay_data:[864,1,1,"c.krb5_replay_data"],krb5_responder_context:[865,1,1,"c.krb5_responder_context"],krb5_responder_fn:[866,1,1,"c.krb5_responder_fn"],krb5_responder_get_challenge:[368,0,1,"c.krb5_responder_get_challenge"],krb5_responder_list_questions:[369,0,1,"c.krb5_responder_list_questions"],krb5_responder_otp_challenge:[867,1,1,"c.krb5_responder_otp_challenge"],krb5_responder_otp_challenge_free:[370,0,1,"c.krb5_responder_otp_challenge_free"],krb5_responder_otp_get_challenge:[371,0,1,"c.krb5_responder_otp_get_challenge"],krb5_responder_otp_set_answer:[372,0,1,"c.krb5_responder_otp_set_answer"],krb5_responder_otp_tokeninfo:[868,1,1,"c.krb5_responder_otp_tokeninfo"],krb5_responder_pkinit_challenge:[869,1,1,"c.krb5_responder_pkinit_challenge"],krb5_responder_pkinit_challenge_free:[373,0,1,"c.krb5_responder_pkinit_challenge_free"],krb5_responder_pkinit_get_challenge:[374,0,1,"c.krb5_responder_pkinit_get_challenge"],krb5_responder_pkinit_identity:[870,1,1,"c.krb5_responder_pkinit_identity"],krb5_responder_pkinit_set_answer:[375,0,1,"c.krb5_responder_pkinit_set_answer"],krb5_responder_set_answer:[376,0,1,"c.krb5_responder_set_answer"],krb5_response:[871,1,1,"c.krb5_response"],krb5_roundup:[790,3,1,""],krb5_salttype_to_string:[377,0,1,"c.krb5_salttype_to_string"],krb5_sendauth:[378,0,1,"c.krb5_sendauth"],krb5_server_decrypt_ticket_keytab:[379,0,1,"c.krb5_server_decrypt_ticket_keytab"],krb5_set_default_realm:[380,0,1,"c.krb5_set_default_realm"],krb5_set_default_tgs_enctypes:[381,0,1,"c.krb5_set_default_tgs_enctypes"],krb5_set_error_message:[382,0,1,"c.krb5_set_error_message"],krb5_set_kdc_recv_hook:[383,0,1,"c.krb5_set_kdc_recv_hook"],krb5_set_kdc_send_hook:[384,0,1,"c.krb5_set_kdc_send_hook"],krb5_set_password:[385,0,1,"c.krb5_set_password"],krb5_set_password_using_ccache:[386,0,1,"c.krb5_set_password_using_ccache"],krb5_set_principal_realm:[387,0,1,"c.krb5_set_principal_realm"],krb5_set_real_time:[388,0,1,"c.krb5_set_real_time"],krb5_set_trace_callback:[389,0,1,"c.krb5_set_trace_callback"],krb5_set_trace_filename:[390,0,1,"c.krb5_set_trace_filename"],krb5_sname_match:[391,0,1,"c.krb5_sname_match"],krb5_sname_to_principal:[392,0,1,"c.krb5_sname_to_principal"],krb5_string_to_cksumtype:[393,0,1,"c.krb5_string_to_cksumtype"],krb5_string_to_deltat:[394,0,1,"c.krb5_string_to_deltat"],krb5_string_to_enctype:[395,0,1,"c.krb5_string_to_enctype"],krb5_string_to_key:[396,0,1,"c.krb5_string_to_key"],krb5_string_to_salttype:[397,0,1,"c.krb5_string_to_salttype"],krb5_string_to_timestamp:[398,0,1,"c.krb5_string_to_timestamp"],krb5_ticket:[872,1,1,"c.krb5_ticket"],krb5_ticket_times:[873,1,1,"c.krb5_ticket_times"],krb5_timeofday:[399,0,1,"c.krb5_timeofday"],krb5_timestamp:[874,1,1,"c.krb5_timestamp"],krb5_timestamp_to_sfstring:[400,0,1,"c.krb5_timestamp_to_sfstring"],krb5_timestamp_to_string:[401,0,1,"c.krb5_timestamp_to_string"],krb5_tkt_authent:[875,1,1,"c.krb5_tkt_authent"],krb5_tkt_creds_context:[876,1,1,"c.krb5_tkt_creds_context"],krb5_tkt_creds_free:[402,0,1,"c.krb5_tkt_creds_free"],krb5_tkt_creds_get:[403,0,1,"c.krb5_tkt_creds_get"],krb5_tkt_creds_get_creds:[404,0,1,"c.krb5_tkt_creds_get_creds"],krb5_tkt_creds_get_times:[405,0,1,"c.krb5_tkt_creds_get_times"],krb5_tkt_creds_init:[406,0,1,"c.krb5_tkt_creds_init"],krb5_tkt_creds_step:[407,0,1,"c.krb5_tkt_creds_step"],krb5_trace_callback:[877,1,1,"c.krb5_trace_callback"],krb5_trace_info:[878,1,1,"c.krb5_trace_info"],krb5_transited:[879,1,1,"c.krb5_transited"],krb5_typed_data:[880,1,1,"c.krb5_typed_data"],krb5_ui_2:[881,1,1,"c.krb5_ui_2"],krb5_ui_4:[882,1,1,"c.krb5_ui_4"],krb5_unparse_name:[408,0,1,"c.krb5_unparse_name"],krb5_unparse_name_ext:[409,0,1,"c.krb5_unparse_name_ext"],krb5_unparse_name_flags:[410,0,1,"c.krb5_unparse_name_flags"],krb5_unparse_name_flags_ext:[411,0,1,"c.krb5_unparse_name_flags_ext"],krb5_us_timeofday:[412,0,1,"c.krb5_us_timeofday"],krb5_use_enctype:[413,0,1,"c.krb5_use_enctype"],krb5_verify_authdata_kdc_issued:[414,0,1,"c.krb5_verify_authdata_kdc_issued"],krb5_verify_checksum:[415,0,1,"c.krb5_verify_checksum"],krb5_verify_init_creds:[416,0,1,"c.krb5_verify_init_creds"],krb5_verify_init_creds_opt:[883,1,1,"c.krb5_verify_init_creds_opt"],krb5_verify_init_creds_opt_init:[417,0,1,"c.krb5_verify_init_creds_opt_init"],krb5_verify_init_creds_opt_set_ap_req_nofail:[418,0,1,"c.krb5_verify_init_creds_opt_set_ap_req_nofail"],krb5_vprepend_error_message:[419,0,1,"c.krb5_vprepend_error_message"],krb5_vset_error_message:[420,0,1,"c.krb5_vset_error_message"],krb5_vwrap_error_message:[421,0,1,"c.krb5_vwrap_error_message"],krb5_wrap_error_message:[422,0,1,"c.krb5_wrap_error_message"],krb5_x:[791,3,1,""],krb5_xc:[792,3,1,""],passwd_phrase_element:[884,1,1,"c.passwd_phrase_element"]},krb5_address:{addrtype:[794,2,1,"c.krb5_address.addrtype"],contents:[794,2,1,"c.krb5_address.contents"],length:[794,2,1,"c.krb5_address.length"],magic:[794,2,1,"c.krb5_address.magic"]},krb5_ap_rep:{enc_part:[796,2,1,"c.krb5_ap_rep.enc_part"],magic:[796,2,1,"c.krb5_ap_rep.magic"]},krb5_ap_rep_enc_part:{ctime:[797,2,1,"c.krb5_ap_rep_enc_part.ctime"],cusec:[797,2,1,"c.krb5_ap_rep_enc_part.cusec"],magic:[797,2,1,"c.krb5_ap_rep_enc_part.magic"],seq_number:[797,2,1,"c.krb5_ap_rep_enc_part.seq_number"],subkey:[797,2,1,"c.krb5_ap_rep_enc_part.subkey"]},krb5_ap_req:{ap_options:[798,2,1,"c.krb5_ap_req.ap_options"],authenticator:[798,2,1,"c.krb5_ap_req.authenticator"],magic:[798,2,1,"c.krb5_ap_req.magic"],ticket:[798,2,1,"c.krb5_ap_req.ticket"]},krb5_authdata:{ad_type:[800,2,1,"c.krb5_authdata.ad_type"],contents:[800,2,1,"c.krb5_authdata.contents"],length:[800,2,1,"c.krb5_authdata.length"],magic:[800,2,1,"c.krb5_authdata.magic"]},krb5_authenticator:{authorization_data:[802,2,1,"c.krb5_authenticator.authorization_data"],checksum:[802,2,1,"c.krb5_authenticator.checksum"],client:[802,2,1,"c.krb5_authenticator.client"],ctime:[802,2,1,"c.krb5_authenticator.ctime"],cusec:[802,2,1,"c.krb5_authenticator.cusec"],magic:[802,2,1,"c.krb5_authenticator.magic"],seq_number:[802,2,1,"c.krb5_authenticator.seq_number"],subkey:[802,2,1,"c.krb5_authenticator.subkey"]},krb5_checksum:{checksum_type:[807,2,1,"c.krb5_checksum.checksum_type"],contents:[807,2,1,"c.krb5_checksum.contents"],length:[807,2,1,"c.krb5_checksum.length"],magic:[807,2,1,"c.krb5_checksum.magic"]},krb5_const_principal:{data:[810,2,1,"c.krb5_const_principal.data"],length:[810,2,1,"c.krb5_const_principal.length"],magic:[810,2,1,"c.krb5_const_principal.magic"],realm:[810,2,1,"c.krb5_const_principal.realm"],type:[810,2,1,"c.krb5_const_principal.type"]},krb5_cred:{enc_part2:[812,2,1,"c.krb5_cred.enc_part2"],enc_part:[812,2,1,"c.krb5_cred.enc_part"],magic:[812,2,1,"c.krb5_cred.magic"],tickets:[812,2,1,"c.krb5_cred.tickets"]},krb5_cred_enc_part:{magic:[813,2,1,"c.krb5_cred_enc_part.magic"],nonce:[813,2,1,"c.krb5_cred_enc_part.nonce"],r_address:[813,2,1,"c.krb5_cred_enc_part.r_address"],s_address:[813,2,1,"c.krb5_cred_enc_part.s_address"],ticket_info:[813,2,1,"c.krb5_cred_enc_part.ticket_info"],timestamp:[813,2,1,"c.krb5_cred_enc_part.timestamp"],usec:[813,2,1,"c.krb5_cred_enc_part.usec"]},krb5_cred_info:{caddrs:[814,2,1,"c.krb5_cred_info.caddrs"],client:[814,2,1,"c.krb5_cred_info.client"],flags:[814,2,1,"c.krb5_cred_info.flags"],magic:[814,2,1,"c.krb5_cred_info.magic"],server:[814,2,1,"c.krb5_cred_info.server"],session:[814,2,1,"c.krb5_cred_info.session"],times:[814,2,1,"c.krb5_cred_info.times"]},krb5_creds:{addresses:[815,2,1,"c.krb5_creds.addresses"],authdata:[815,2,1,"c.krb5_creds.authdata"],client:[815,2,1,"c.krb5_creds.client"],is_skey:[815,2,1,"c.krb5_creds.is_skey"],keyblock:[815,2,1,"c.krb5_creds.keyblock"],magic:[815,2,1,"c.krb5_creds.magic"],second_ticket:[815,2,1,"c.krb5_creds.second_ticket"],server:[815,2,1,"c.krb5_creds.server"],ticket:[815,2,1,"c.krb5_creds.ticket"],ticket_flags:[815,2,1,"c.krb5_creds.ticket_flags"],times:[815,2,1,"c.krb5_creds.times"]},krb5_crypto_iov:{data:[816,2,1,"c.krb5_crypto_iov.data"],flags:[816,2,1,"c.krb5_crypto_iov.flags"]},krb5_data:{data:[818,2,1,"c.krb5_data.data"],length:[818,2,1,"c.krb5_data.length"],magic:[818,2,1,"c.krb5_data.magic"]},krb5_enc_data:{ciphertext:[820,2,1,"c.krb5_enc_data.ciphertext"],enctype:[820,2,1,"c.krb5_enc_data.enctype"],kvno:[820,2,1,"c.krb5_enc_data.kvno"],magic:[820,2,1,"c.krb5_enc_data.magic"]},krb5_enc_kdc_rep_part:{caddrs:[821,2,1,"c.krb5_enc_kdc_rep_part.caddrs"],enc_padata:[821,2,1,"c.krb5_enc_kdc_rep_part.enc_padata"],flags:[821,2,1,"c.krb5_enc_kdc_rep_part.flags"],key_exp:[821,2,1,"c.krb5_enc_kdc_rep_part.key_exp"],last_req:[821,2,1,"c.krb5_enc_kdc_rep_part.last_req"],magic:[821,2,1,"c.krb5_enc_kdc_rep_part.magic"],msg_type:[821,2,1,"c.krb5_enc_kdc_rep_part.msg_type"],nonce:[821,2,1,"c.krb5_enc_kdc_rep_part.nonce"],server:[821,2,1,"c.krb5_enc_kdc_rep_part.server"],session:[821,2,1,"c.krb5_enc_kdc_rep_part.session"],times:[821,2,1,"c.krb5_enc_kdc_rep_part.times"]},krb5_enc_tkt_part:{authorization_data:[822,2,1,"c.krb5_enc_tkt_part.authorization_data"],caddrs:[822,2,1,"c.krb5_enc_tkt_part.caddrs"],client:[822,2,1,"c.krb5_enc_tkt_part.client"],flags:[822,2,1,"c.krb5_enc_tkt_part.flags"],magic:[822,2,1,"c.krb5_enc_tkt_part.magic"],session:[822,2,1,"c.krb5_enc_tkt_part.session"],times:[822,2,1,"c.krb5_enc_tkt_part.times"],transited:[822,2,1,"c.krb5_enc_tkt_part.transited"]},krb5_encrypt_block:{crypto_entry:[823,2,1,"c.krb5_encrypt_block.crypto_entry"],key:[823,2,1,"c.krb5_encrypt_block.key"],magic:[823,2,1,"c.krb5_encrypt_block.magic"]},krb5_error:{client:[825,2,1,"c.krb5_error.client"],ctime:[825,2,1,"c.krb5_error.ctime"],cusec:[825,2,1,"c.krb5_error.cusec"],e_data:[825,2,1,"c.krb5_error.e_data"],error:[825,2,1,"c.krb5_error.error"],magic:[825,2,1,"c.krb5_error.magic"],server:[825,2,1,"c.krb5_error.server"],stime:[825,2,1,"c.krb5_error.stime"],susec:[825,2,1,"c.krb5_error.susec"],text:[825,2,1,"c.krb5_error.text"]},krb5_get_init_creds_opt:{address_list:[829,2,1,"c.krb5_get_init_creds_opt.address_list"],etype_list:[829,2,1,"c.krb5_get_init_creds_opt.etype_list"],etype_list_length:[829,2,1,"c.krb5_get_init_creds_opt.etype_list_length"],flags:[829,2,1,"c.krb5_get_init_creds_opt.flags"],forwardable:[829,2,1,"c.krb5_get_init_creds_opt.forwardable"],preauth_list:[829,2,1,"c.krb5_get_init_creds_opt.preauth_list"],preauth_list_length:[829,2,1,"c.krb5_get_init_creds_opt.preauth_list_length"],proxiable:[829,2,1,"c.krb5_get_init_creds_opt.proxiable"],renew_life:[829,2,1,"c.krb5_get_init_creds_opt.renew_life"],salt:[829,2,1,"c.krb5_get_init_creds_opt.salt"],tkt_life:[829,2,1,"c.krb5_get_init_creds_opt.tkt_life"]},krb5_gic_opt_pa_data:{attr:[830,2,1,"c.krb5_gic_opt_pa_data.attr"],value:[830,2,1,"c.krb5_gic_opt_pa_data.value"]},krb5_kdc_rep:{client:[834,2,1,"c.krb5_kdc_rep.client"],enc_part2:[834,2,1,"c.krb5_kdc_rep.enc_part2"],enc_part:[834,2,1,"c.krb5_kdc_rep.enc_part"],magic:[834,2,1,"c.krb5_kdc_rep.magic"],msg_type:[834,2,1,"c.krb5_kdc_rep.msg_type"],padata:[834,2,1,"c.krb5_kdc_rep.padata"],ticket:[834,2,1,"c.krb5_kdc_rep.ticket"]},krb5_kdc_req:{addresses:[835,2,1,"c.krb5_kdc_req.addresses"],authorization_data:[835,2,1,"c.krb5_kdc_req.authorization_data"],client:[835,2,1,"c.krb5_kdc_req.client"],from:[835,2,1,"c.krb5_kdc_req.from"],kdc_options:[835,2,1,"c.krb5_kdc_req.kdc_options"],ktype:[835,2,1,"c.krb5_kdc_req.ktype"],magic:[835,2,1,"c.krb5_kdc_req.magic"],msg_type:[835,2,1,"c.krb5_kdc_req.msg_type"],nktypes:[835,2,1,"c.krb5_kdc_req.nktypes"],nonce:[835,2,1,"c.krb5_kdc_req.nonce"],padata:[835,2,1,"c.krb5_kdc_req.padata"],rtime:[835,2,1,"c.krb5_kdc_req.rtime"],second_ticket:[835,2,1,"c.krb5_kdc_req.second_ticket"],server:[835,2,1,"c.krb5_kdc_req.server"],till:[835,2,1,"c.krb5_kdc_req.till"],unenc_authdata:[835,2,1,"c.krb5_kdc_req.unenc_authdata"]},krb5_keyblock:{contents:[837,2,1,"c.krb5_keyblock.contents"],enctype:[837,2,1,"c.krb5_keyblock.enctype"],length:[837,2,1,"c.krb5_keyblock.length"],magic:[837,2,1,"c.krb5_keyblock.magic"]},krb5_keytab_entry:{key:[839,2,1,"c.krb5_keytab_entry.key"],magic:[839,2,1,"c.krb5_keytab_entry.magic"],principal:[839,2,1,"c.krb5_keytab_entry.principal"],timestamp:[839,2,1,"c.krb5_keytab_entry.timestamp"],vno:[839,2,1,"c.krb5_keytab_entry.vno"]},krb5_last_req_entry:{lr_type:[843,2,1,"c.krb5_last_req_entry.lr_type"],magic:[843,2,1,"c.krb5_last_req_entry.magic"],value:[843,2,1,"c.krb5_last_req_entry.value"]},krb5_pa_data:{contents:[848,2,1,"c.krb5_pa_data.contents"],length:[848,2,1,"c.krb5_pa_data.length"],magic:[848,2,1,"c.krb5_pa_data.magic"],pa_type:[848,2,1,"c.krb5_pa_data.pa_type"]},krb5_pa_pac_req:{include_pac:[849,2,1,"c.krb5_pa_pac_req.include_pac"]},krb5_pa_server_referral_data:{referral_valid_until:[850,2,1,"c.krb5_pa_server_referral_data.referral_valid_until"],referred_realm:[850,2,1,"c.krb5_pa_server_referral_data.referred_realm"],rep_cksum:[850,2,1,"c.krb5_pa_server_referral_data.rep_cksum"],requested_principal_name:[850,2,1,"c.krb5_pa_server_referral_data.requested_principal_name"],true_principal_name:[850,2,1,"c.krb5_pa_server_referral_data.true_principal_name"]},krb5_pa_svr_referral_data:{principal:[851,2,1,"c.krb5_pa_svr_referral_data.principal"]},krb5_principal:{data:[857,2,1,"c.krb5_principal.data"],length:[857,2,1,"c.krb5_principal.length"],magic:[857,2,1,"c.krb5_principal.magic"],realm:[857,2,1,"c.krb5_principal.realm"],type:[857,2,1,"c.krb5_principal.type"]},krb5_principal_data:{data:[858,2,1,"c.krb5_principal_data.data"],length:[858,2,1,"c.krb5_principal_data.length"],magic:[858,2,1,"c.krb5_principal_data.magic"],realm:[858,2,1,"c.krb5_principal_data.realm"],type:[858,2,1,"c.krb5_principal_data.type"]},krb5_prompt:{hidden:[859,2,1,"c.krb5_prompt.hidden"],prompt:[859,2,1,"c.krb5_prompt.prompt"],reply:[859,2,1,"c.krb5_prompt.reply"]},krb5_pwd_data:{element:[862,2,1,"c.krb5_pwd_data.element"],magic:[862,2,1,"c.krb5_pwd_data.magic"],sequence_count:[862,2,1,"c.krb5_pwd_data.sequence_count"]},krb5_replay_data:{seq:[864,2,1,"c.krb5_replay_data.seq"],timestamp:[864,2,1,"c.krb5_replay_data.timestamp"],usec:[864,2,1,"c.krb5_replay_data.usec"]},krb5_responder_otp_challenge:{service:[867,2,1,"c.krb5_responder_otp_challenge.service"],tokeninfo:[867,2,1,"c.krb5_responder_otp_challenge.tokeninfo"]},krb5_responder_otp_tokeninfo:{alg_id:[868,2,1,"c.krb5_responder_otp_tokeninfo.alg_id"],challenge:[868,2,1,"c.krb5_responder_otp_tokeninfo.challenge"],flags:[868,2,1,"c.krb5_responder_otp_tokeninfo.flags"],format:[868,2,1,"c.krb5_responder_otp_tokeninfo.format"],length:[868,2,1,"c.krb5_responder_otp_tokeninfo.length"],token_id:[868,2,1,"c.krb5_responder_otp_tokeninfo.token_id"],vendor:[868,2,1,"c.krb5_responder_otp_tokeninfo.vendor"]},krb5_responder_pkinit_challenge:{identities:[869,2,1,"c.krb5_responder_pkinit_challenge.identities"]},krb5_responder_pkinit_identity:{identity:[870,2,1,"c.krb5_responder_pkinit_identity.identity"],token_flags:[870,2,1,"c.krb5_responder_pkinit_identity.token_flags"]},krb5_response:{expected_nonce:[871,2,1,"c.krb5_response.expected_nonce"],magic:[871,2,1,"c.krb5_response.magic"],message_type:[871,2,1,"c.krb5_response.message_type"],request_time:[871,2,1,"c.krb5_response.request_time"],response:[871,2,1,"c.krb5_response.response"]},krb5_ticket:{enc_part2:[872,2,1,"c.krb5_ticket.enc_part2"],enc_part:[872,2,1,"c.krb5_ticket.enc_part"],magic:[872,2,1,"c.krb5_ticket.magic"],server:[872,2,1,"c.krb5_ticket.server"]},krb5_ticket_times:{authtime:[873,2,1,"c.krb5_ticket_times.authtime"],endtime:[873,2,1,"c.krb5_ticket_times.endtime"],renew_till:[873,2,1,"c.krb5_ticket_times.renew_till"],starttime:[873,2,1,"c.krb5_ticket_times.starttime"]},krb5_tkt_authent:{ap_options:[875,2,1,"c.krb5_tkt_authent.ap_options"],authenticator:[875,2,1,"c.krb5_tkt_authent.authenticator"],magic:[875,2,1,"c.krb5_tkt_authent.magic"],ticket:[875,2,1,"c.krb5_tkt_authent.ticket"]},krb5_trace_info:{message:[878,2,1,"c.krb5_trace_info.message"]},krb5_transited:{magic:[879,2,1,"c.krb5_transited.magic"],tr_contents:[879,2,1,"c.krb5_transited.tr_contents"],tr_type:[879,2,1,"c.krb5_transited.tr_type"]},krb5_typed_data:{data:[880,2,1,"c.krb5_typed_data.data"],length:[880,2,1,"c.krb5_typed_data.length"],magic:[880,2,1,"c.krb5_typed_data.magic"],type:[880,2,1,"c.krb5_typed_data.type"]},krb5_verify_init_creds_opt:{ap_req_nofail:[883,2,1,"c.krb5_verify_init_creds_opt.ap_req_nofail"],flags:[883,2,1,"c.krb5_verify_init_creds_opt.flags"]},passwd_phrase_element:{magic:[884,2,1,"c.passwd_phrase_element.magic"],passwd:[884,2,1,"c.passwd_phrase_element.passwd"],phrase:[884,2,1,"c.passwd_phrase_element.phrase"]}},objnames:{"0":["c","function","C function"],"1":["c","type","C type"],"2":["c","member","C member"],"3":["py","data","Python data"]},objtypes:{"0":"c:function","1":"c:type","2":"c:member","3":"py:data"},terms:{"01am":24,"05pm":887,"0x0000":479,"0x00000001":[442,499,522,523,741,744],"0x00000002":[438,495,525,529,738,743],"0x00000004":[521,524,736],"0x00000008":[489,526,528,742],"0x00000010":[22,497,527,737],"0x00000020":[488,530,735],"0x00000040":740,"0x00000080":734,"0x00000100":739,"0x00000200":745,"0x00008000":[498,761],"0x0001":[446,472,544,562,715,718,751],"0x00010000":[486,762],"0x0002":[427,456,473,560,714,717],"0x00020000":487,"0x0003":[457,474],"0x0004":[447,475,557,719],"0x00040000":769,"0x0005":[425,470],"0x0006":[433,469],"0x0007":[430,458],"0x0008":[459,476,559,720],"0x00080000":775,"0x0009":[455,477],"0x000a":478,"0x000b":483,"0x000c":[451,480],"0x000d":481,"0x000e":482,"0x000f":[449,468],"0x0010":[426,450,471,556],"0x00100000":765,"0x0011":[444,460],"0x0012":[445,462],"0x0013":[452,461],"0x0014":[432,453,463],"0x0017":464,"0x0018":[428,465],"0x0019":466,"0x001a":467,"0x0020":552,"0x00200000":771,"0x0040":558,"0x00400000":766,"0x0080":561,"0x00800000":[496,774],"0x0100":[424,555],"0x01000000":767,"0x0101":429,"0x01ff":484,"0x0200":554,"0x02000000":[492,770],"0x0400":553,"0x04000000":[485,768],"0x08000000":[494,773],"0x1":[564,565,702,706,710,750],"0x10000000":[493,772],"0x1fff":435,"0x2":[563,703,705,708],"0x2000":436,"0x20000000":[439,491,731,764],"0x3":709,"0x4":[700,704,711],"0x4000":434,"0x40000000":[441,490,732,763],"0x54800000":500,"0x7fff":[753,757],"0x8":701,"0x8000":[431,437,754,756],"0x80000000":[440,733],"0xfffffff0":443,"10d":887,"12h":[21,35],"1foo":22,"30m":887,"3de":15,"3h30m":927,"5h30m":930,"76cho3000":907,"83final":43,"8h30":887,"abstract":[908,910,916,917,919,923],"boolean":[6,21,24,37,49,56,859,883],"break":[33,891,895],"byte":[21,44,47,49,100,105,294,316,899,900,901,903,912],"case":[2,3,6,11,15,20,21,22,24,25,29,40,44,47,202,252,287,334,353,362,378,392,418,696,886,887,889,890,907,910,911,915,919,920,932,934,939,941],"char":[44,45,47,50,51,57,60,61,92,93,94,95,108,137,142,144,145,147,152,155,158,159,163,173,176,177,194,199,200,201,217,220,221,226,229,230,234,235,237,238,240,242,254,259,267,271,274,284,285,311,316,317,322,324,333,347,348,349,355,364,366,368,369,372,375,376,377,378,380,382,385,386,387,390,392,393,394,395,397,398,400,401,408,409,410,411,419,420,421,422,792,818,830,859,861,867,868,870,878,922],"class":[3,24,932],"const":[44,45,50,53,54,55,59,60,61,92,93,94,95,100,101,102,103,104,107,108,109,114,115,118,120,121,126,127,130,131,137,142,145,147,152,155,158,159,163,173,176,179,180,181,182,184,185,187,188,190,191,192,195,196,201,202,204,220,221,230,235,238,239,240,241,242,254,259,267,271,272,274,284,285,288,291,293,294,295,296,297,301,305,306,317,322,324,325,326,328,330,333,335,337,342,343,344,345,346,347,348,349,354,355,356,358,359,360,361,362,363,364,368,369,372,375,376,379,380,381,382,385,386,387,390,392,396,414,415,419,420,421,422,781,809,810,854,855,861,877,878,922],"default":[2,3,4,5,6,7,8,10,11,12,16,20,21,22,23,24,25,27,30,31,33,34,35,36,38,39,40,41,42,44,45,47,49,60,61,79,133,148,151,157,230,236,250,260,276,282,285,320,322,348,362,378,386,416,887,894,895,896,897,899,906,911,913,927,929,930,931,933,934,935,936,940,941],"export":[21,35,907,911,912,921,922],"final":[20,22,113,161,893,900],"function":[3,6,15,24,26,30,35,36,44,47,49,50,51,56,58,59,60,61,62,63,68,69,70,72,73,74,75,77,78,79,82,83,85,86,87,88,89,90,93,94,100,101,102,103,104,105,106,108,114,115,117,118,120,123,125,126,127,130,131,134,137,138,140,151,153,154,156,159,160,161,162,165,170,171,172,174,176,178,179,180,181,182,184,185,187,188,189,190,199,201,202,205,206,207,208,209,210,212,213,214,215,216,219,222,223,228,235,242,243,248,252,253,259,261,265,267,268,269,271,272,273,274,278,279,282,283,284,285,286,294,295,296,297,301,302,303,305,306,313,315,325,327,328,329,330,331,333,334,335,337,338,343,344,345,346,348,355,358,359,360,361,362,363,364,371,374,376,379,381,385,386,388,390,392,399,403,404,406,407,409,410,412,414,416,418,419,421,845,854,855,859,861,866,892,893,906,907,910,911,912,915,918,919,921,922],"goto":47,"h\u00f6gskola":907,"import":[5,6,15,16,18,20,22,24,35,36,906,912,926],"int":[44,52,54,57,60,63,92,93,94,95,98,112,117,121,123,173,230,248,249,250,251,256,261,262,286,311,316,348,353,355,364,385,386,407,409,410,411,418,794,800,803,807,818,829,835,837,842,846,848,859,861,862,880,883,911],"long":[3,15,24,26,27,38,39,40,42,44,100,294,368,369,728,755,886,889,906,907,910,919,922,936],"new":[2,3,6,14,15,16,21,22,24,25,27,35,36,38,42,44,49,88,90,130,133,139,144,157,163,167,169,173,174,176,179,180,181,182,183,184,185,187,189,190,199,201,202,218,226,236,242,250,252,253,257,260,264,267,269,276,282,287,305,308,312,318,331,334,341,343,344,346,347,348,362,368,369,370,371,372,373,374,375,376,383,384,385,386,389,390,402,403,404,405,406,407,409,708,709,886,890,906,907,911,912,915,916,919,926,927,930,932,941],"null":[20,22,44,45,47,49,55,65,93,100,101,103,104,108,114,130,137,142,157,158,159,168,180,202,205,207,227,230,231,235,237,238,242,247,267,271,274,276,280,282,294,295,296,297,301,305,320,326,327,329,330,333,334,335,336,343,344,345,346,347,357,359,362,363,364,366,367,368,369,372,375,378,380,383,384,385,386,389,391,392,400,409,410,411,414,416,782,906,911,920,922,941],"public":[22,41,907,915,916,917,918],"return":[3,8,9,12,21,22,23,24,39,44,47,49,51,53,55,57,58,60,61,70,75,92,93,94,101,104,110,111,120,128,129,134,136,138,142,143,145,146,147,148,151,152,154,155,156,157,158,159,162,164,176,183,196,199,221,230,231,234,235,236,238,242,267,269,270,271,274,275,278,286,289,290,291,295,297,307,308,310,311,313,315,316,319,320,321,322,323,325,327,329,334,343,347,348,355,358,364,368,369,371,374,378,380,381,383,385,386,387,389,391,392,399,401,403,407,408,409,410,411,412,414,416,418,720,854,855,895,906,908,909,910,911,912,913,916,917,919,920,921,922,923,930,934],"short":[15,20,22,42,311,889],"static":[47,911,922],"switch":[15,29,32,49,164,886],"true":[9,15,21,22,23,24,25,26,27,34,36,37,38,39,41,42,44,53,55,106,110,111,128,129,163,199,252,290,291,292,324,344,346,351,352,353,365,391,418,802,815,849,940],"try":[22,24,26,33,36,39,40,42,44,895,906,926,934],"var":[5,8,14,21,22,24,35,38,890,895,896,905,941],"void":[44,47,58,59,60,61,64,81,178,186,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,222,223,225,226,227,228,229,244,246,247,248,249,250,251,252,256,261,262,263,264,265,266,267,277,282,292,298,304,338,342,349,355,370,373,382,383,384,389,402,417,418,419,420,421,422,809,827,845,853,854,855,861,866,877,921,922],"while":[3,12,15,17,21,22,24,25,35,36,44,47,886,893,911,926,927,934,941],AES:[15,16,21,26,895,906,907],AFS:[15,21],AND:907,ARE:907,Adding:[18,33,35,899],Are:[3,24],BUT:907,But:890,CCS:907,CMS:[468,477,478,480,481,482,483],CTS:[15,21,906],DES:[13,21,22,27,33,42,468,472,473,474,906],DNS:[22,26,31,34,35,40,45,337,656,895,906],DNs:[5,23,24],Dis:20,Doing:894,FOR:907,For:[3,10,15,17,18,19,20,21,22,23,24,25,27,29,33,34,35,36,37,38,39,40,44,47,100,101,104,143,294,295,297,727,885,886,890,893,894,895,899,900,904,905,906,908,909,910,911,912,913,915,916,917,918,919,920,921,922,923,924,926,927,930,933,934,939,941],HAS:907,His:20,ITS:907,Its:[21,22,899],NFS:926,NOT:[5,24,35,907],Not:[21,22,45,52,154,614,886],ONE:[5,24],ORed:154,One:[3,21,24,35,37,39,44,345,886,887,926,927,940],SUCH:907,Such:[15,38,40,47],TGS:[3,21,22,24,26,27,36,49,231,406,748,849,906,918],THAT:907,THE:907,TLS:[23,30],That:[22,893],The:[0,3,4,5,6,7,8,9,10,11,12,16,20,21,22,23,24,25,26,27,29,30,32,34,35,36,38,39,40,41,42,44,47,54,63,70,72,75,79,81,94,100,101,103,104,114,118,120,122,126,127,130,136,137,139,145,147,149,151,156,169,173,180,183,196,205,207,224,227,231,235,236,252,255,259,269,275,281,289,293,294,295,296,297,301,303,305,310,312,317,320,325,326,329,330,335,337,347,348,349,357,359,362,363,368,369,370,371,372,373,374,375,376,379,383,384,385,386,392,401,405,406,408,409,410,414,416,422,618,719,727,729,734,735,738,739,741,745,796,802,816,826,839,854,855,859,865,872,885,886,887,889,890,891,892,893,894,895,896,897,899,900,901,903,905,906,907,908,909,910,911,912,913,915,916,917,918,919,920,921,922,923,924,926,927,929,930,932,934,936,938,939,940,941],Then:[3,6,18,24,25,35,930],There:[21,22,24,35,36,886,890,893,895,896,899,903,927],These:[15,17,21,22,23,24,35,36,38,40,44,722,893,899,906,907,910,912,915,939,941],UCS:906,USE:907,Use:[3,16,23,24,47,50,66,67,68,69,73,74,77,78,79,84,93,112,116,133,142,144,146,150,153,156,157,167,168,171,176,179,180,181,182,184,185,187,188,189,190,201,202,231,234,236,237,238,243,246,268,272,276,279,282,287,293,314,315,320,322,323,326,328,330,331,332,333,334,335,336,339,341,342,343,347,348,357,358,360,362,363,366,378,392,404,406,408,410,441,563,564,826,836,893,895,906,915,929,934],Used:[449,450,598,599,826,885,934],Uses:[2,3,16,22,24],Using:[3,6,14,15,24,26,39,41,926],WILL:907,WITH:907,With:[0,3,6,16,23,24,40,940],_kerbero:40,_kpasswd:40,_krb5_address:794,_krb5_ap_rep:[796,797],_krb5_ap_rep_enc_part:797,_krb5_ap_req:798,_krb5_auth_context:799,_krb5_authdata:800,_krb5_authent:802,_krb5_ccach:805,_krb5_cccol_cursor:806,_krb5_checksum:807,_krb5_context:[136,159,811],_krb5_cred:[812,815],_krb5_cred_enc_part:813,_krb5_cred_info:814,_krb5_crypto_iov:816,_krb5_data:818,_krb5_enc_data:820,_krb5_enc_kdc_rep_part:821,_krb5_enc_tkt_part:822,_krb5_encrypt_block:823,_krb5_error:825,_krb5_get_init_cr:829,_krb5_get_init_creds_opt:829,_krb5_gic_opt_pa_data:830,_krb5_init_creds_context:831,_krb5_kdc_rep:834,_krb5_kdc_req:835,_krb5_keyblock:837,_krb5_kt:838,_krb5_last_req_entri:843,_krb5_pa_data:848,_krb5_pa_pac_req:849,_krb5_pa_server_referral_data:850,_krb5_pa_svr_referral_data:851,_krb5_prompt:859,_krb5_pwd_data:862,_krb5_responder_otp_challeng:867,_krb5_responder_otp_tokeninfo:868,_krb5_responder_pkinit_challeng:869,_krb5_responder_pkinit_ident:870,_krb5_respons:871,_krb5_ticket:872,_krb5_ticket_tim:873,_krb5_tkt_authent:875,_krb5_tkt_creds_context:876,_krb5_trace_info:878,_krb5_transit:879,_krb5_typed_data:880,_krb5_verify_init_creds_opt:883,_passwd_phrase_el:884,_profile_t:[269,276],_tcp:40,_udp:40,abbrevi:[893,931],abc:[895,941],abi:874,abil:[15,371,374,940],abl:[16,17,20,21,22,24,26,30,35,36,40,886,891,926,927,934],abort:[791,792,921],about:[0,15,20,21,23,27,32,40,42,47,258,890,893,895,897,906,907,910,919,924,927,930,941],abov:[6,15,20,22,23,24,26,27,33,35,38,42,44,47,895,899,907,911,912,913,927,934],absenc:[21,47],absent:930,absolut:[21,22,885,889,893],ac02:907,acceler:907,accept:[3,4,8,15,17,21,22,24,27,35,39,40,42,154,392,887,889,893,906,907,908,912,921,922,927,930],acceptor:[906,931],acceptor_cred_handl:44,access:[3,4,8,9,15,16,18,19,20,21,22,23,24,25,26,29,30,33,34,35,36,38,40,44,47,886,891,893,901,906,910,915,916,918,919,920,925,927,933,934,939,940],accommod:47,accomplish:24,accord:[3,20,22,24,37,157,174,899,900,905,912,934,936],accordingli:893,account:[21,22,24,25,26,29,31,49,57,252,886,906,920,925,930,934,938,940],account_expir:[252,827],acknowledg:907,acl:[3,4,8,19,21,22,23,24,32,905],acl_fil:[4,8,20,21,35],acount:29,acquir:[3,6,24,44,49,252,281,405,548,899,906,912,936],acquisit:[44,406],across:[18,21,22,35,44,916,917,918,926],act:[10,20,890,906],action:[4,6,15,890,907,917],activ:[6,8,15,22,24,26,38,41,176,929],actor:20,actual:[6,15,24,27,36,47,99,100,101,103,104,114,130,294,295,296,297,301,305,890,927],actual_mech:44,ad_kdcissu:[325,414],ad_typ:[202,800,899],ad_type_extern:778,ad_type_field_type_mask:778,ad_type_regist:778,ad_type_reserv:778,add:[3,6,9,11,12,15,16,20,21,22,23,24,32,34,37,49,344,346,887,906,927],add_auth_ind:[906,919],add_mkei:[15,24],add_princip:[5,15,26,38],add_rel:922,added:[3,6,15,16,21,24,25,26,33,35,41,171,307,729,886,906,909],addent:[11,906],adding:[3,8,14,24,33,42],addit:[3,19,20,21,22,23,24,27,30,35,38,39,40,41,44,47,49,359,363,366,367,416,825,886,890,893,895,897,898,906,907,910,919,924,930,934,941],addition:[10,22,37,918,927],addpol:[3,24,36],addprinc:[3,24,35,38,887,916],addr1:[53,54],addr2:[53,54],addr:[55,239,240,241,336,814,815,821],address1:899,address2:899,address:[0,16,21,22,24,25,31,34,39,40,45,49,267,330,335,362,523,524,525,526,794,813,815,822,835,895,899,906,921,927,930,931],address_list:829,addresssanit:906,addrlist:55,addrtyp:[431,794,899],addrtype_addrport:778,addrtype_chao:778,addrtype_ddp:778,addrtype_inet6:778,addrtype_inet:778,addrtype_ipport:778,addrtype_is_loc:778,addrtype_iso:778,addrtype_netbio:778,addrtype_xn:778,adequ:890,adjust:[15,30,34,35,38,49,101,104,295,297,412],adm:[21,23,40],admcil:20,admcilsp:20,admin23:23,admin:[3,4,5,8,14,15,16,17,20,22,23,24,35,886,895,905,916,934,941],admin_serv:[3,8,21,22,24,35,40],adminhost:[3,24],administ:[4,16,35],administr:[0,2,3,4,5,6,11,14,15,16,17,19,20,21,22,23,25,26,32,33,36,37,39,886,892,904,905,906,907,917,924,926,930,940,941],adminjohndoefoo:22,adopt:22,adtyp:800,advanc:[15,31,153,319,906,924],advantag:[15,22,27,33],advertis:[22,907],advic:32,advis:[15,907],aead:49,aes128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],aes256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],aes:[21,907],aesni:[895,907],af_unspec:921,affect:[4,20,21,22,27,29,41,121,127,134,236,906,930,941],afford:33,afs3:[15,21],after:[2,3,4,6,8,10,12,14,15,22,24,25,26,34,35,36,38,81,99,137,235,279,383,404,874,885,886,891,893,899,900,903,906,926,927,934,941],afterward:[24,917],again:[15,24,29,34,35,709,890,912,926,927],against:[2,15,21,22,26,29,35,40,41,47,49,130,305,345,359,362,363,366,414,890,895,906,909,912,933,939],agent:21,agre:907,agreement:907,aklog:56,alexand:907,alg:895,alg_id:868,algid:727,algorithm:[15,27,127,895,907,934],alia:[3,11,24,44,49,145,147,317,368,369],alias:[3,11,16,23,24,39,40,906],alic:[11,29,939,940],all:[0,2,3,6,9,15,16,18,19,20,21,22,23,24,25,26,27,29,30,33,34,35,36,38,39,44,47,49,156,167,168,289,345,362,416,736,737,742,806,816,886,887,890,893,894,898,899,907,918,920,927,929,931,932,933,934,936,939,941],alloc:[44,47,49,62,79,94,99,100,101,103,104,108,116,118,120,122,125,151,287,294,295,296,297,303,358,360,409,816,859,909,911,913,916,920],allow:[2,3,4,5,6,8,10,12,15,16,17,18,19,20,21,22,24,25,27,29,30,33,34,35,36,37,38,39,41,42,44,47,49,112,259,286,362,407,409,887,889,891,893,895,897,900,906,907,908,909,910,912,913,914,915,916,917,918,919,920,921,922,923,926,927,930,933,940],allow_dup_skei:[3,24],allow_forward:[3,5,24],allow_postd:[3,5,24],allow_proxi:[3,24],allow_renew:[3,24],allow_srv:41,allow_svr:[3,24,26,36,41],allow_tgs_req:[3,24],allow_tix:[3,24],allow_weak_crypto:[15,21,22,27,42,49],allowedkeysalt:[3,24],almeida:907,alon:[35,911],along:[0,37,816,886,895],alongsid:35,alphabet:887,alphanumer:22,alreadi:[6,15,23,24,35,37,125,337,886,893,895,897,930,934],also:[14,16,18,19,23,24,25,26,27,29,30,33,34,35,36,38,39,40,41,44,47,127,345,406,885,886,889,895,897,899,906,907,909,910,912,913,915,916,918,920,922,923,927],alter:[15,38],altern:[8,21,22,25,29,35,38,44,501,893,895,905,906,907,930],although:[40,889,907,913,923,926,927],altogeth:21,alwai:[10,15,16,21,22,24,25,39,40,45,52,56,62,64,67,69,72,81,84,140,143,158,368,705,899,903],america:907,among:47,amount:[21,22,36,40,103,120,122,296,364,894],an2ln:[22,920],an2ln_typ:920,analog:16,anam:[57,934],anchor:[21,22,930],andrea:907,andrew:[5,24],ani:[0,3,6,8,9,10,15,16,17,18,20,21,22,24,25,26,29,33,35,37,38,39,40,41,42,44,47,49,57,138,148,156,157,159,231,267,275,282,285,286,315,320,362,366,367,407,416,729,826,886,890,891,899,900,906,907,908,913,920,926,927,930,934,940],ank:[3,24],anl:22,annot:[17,37,906],anonym:[3,21,24,26,29,44,49,502,503,906,927,930,931],anoth:[18,22,25,33,40,42,49,102,178,815,886,890,895,899,910,916,920,921,927,941],ansi:894,answer:[22,47,49,369,720,727,729,865],anticip:[34,40],anyon:[926,940],anyth:[22,38],anywai:[21,40,47,334],anywher:[926,941],ap_opt:[333,334,378,798,875],ap_opts_etype_negoti:778,ap_opts_mutual_requir:[334,362,378,778],ap_opts_reserv:778,ap_opts_use_session_kei:[334,778],ap_opts_use_subkei:[334,778],ap_opts_wire_mask:778,ap_req_authdata:202,ap_req_checksum_typ:22,ap_req_nofail:[418,883],ap_req_opt:[333,334,362,378],api:[0,15,42,44,46,99,101,104,124,193,195,197,198,203,204,252,257,258,269,288,295,297,354,356,413,729,816,836,886,892,895,906,908,919],appdata:22,appdefault:49,appear:[15,21,25,35,38,40,42,47,899,907,911],append:[3,21,24,390,889,895],appl:[892,907],appl_vers:[366,378],appli:[3,10,15,19,20,21,22,24,25,36,42,44,178,252,907,916,919,927,930,934,938],applic:[0,12,17,19,21,22,29,31,32,38,44,47,56,60,61,159,257,333,334,335,366,378,505,528,529,707,730,885,886,889,890,892,895,904,906,907,910,912,915,920,922,926,927,933,937,940],appnam:[60,61],appplic:49,approach:44,appropri:[6,15,22,24,25,29,30,35,38,40,44,47,157,376,401,908,918,919,930,931,934],approxim:894,apputil:892,aprepencpart:796,apt:14,arbitrari:[3,24,44],arcfour:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],architectur:[893,895],archiv:894,area:[35,47],arg:[3,24,419,420,421,791,792,895,934],arg_keytab:[239,242],argument:[3,4,6,10,15,21,24,45,47,49,64,81,92,94,252,264,267,270,282,335,355,357,363,389,419,420,421,878,895,906,911,912,920,934,936],argv_pars:907,ari:934,aris:907,armor:[21,38,49,236,910,919,930],armor_ccach:930,around:[24,895],arrai:[3,37,44,47,49,101,104,112,180,247,251,261,295,297,326,336,355,357,810,814,816,821,822,835,857,858,920,922],arrang:24,arriv:890,asan:895,asc:894,ascii:[6,24,40,899],ask:[6,38,40,47,49,727,728,729,910,926,927],asn:[49,900,901,909],aspect:[16,29,915],aspx:43,assert:[21,44,899,906,919],assign:[3,20,21,24,35,40,49,83,85,934],associ:[3,4,9,20,21,22,24,36,39,44,537,886,890,899,907,941],assum:[15,21,22,27,35,37,40,44,45,108,125,158,894,927,930,941],asynchron:[406,919],athena:[3,5,15,16,20,21,22,24,25,29,33,35,895,907,922,926,927,941],athent:267,attach:906,attack:[2,15,22,24,30,31,33,36,41,47,335,890,906,930],attempt:[0,3,6,21,22,24,25,30,36,40,44,123,250,257,416,899,934],attr:[23,259,830],attribut:[3,5,6,9,14,17,20,21,22,23,24,25,27,37,38,49,260,830,906,907,909,919,930,934],audit:906,aug:[3,24],augment:912,august:907,auth:[17,21,23,40,44,49,62,333,334,362,366,367,378,505,800,814,822],auth_context:[62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,91,230,327,329,330,331,332,333,334,335,357,359,360,361,362,363,366,367,378],auth_gssapi:[3,24],auth_to_loc:[22,29,920],auth_to_local_nam:[22,29],authdata1:899,authdata2:899,authdata:[191,196,231,325,326,414,815,899,914],authdata_plugin:915,authdatum:414,authent:[3,5,6,10,12,14,15,16,21,22,25,26,27,30,31,33,35,36,37,38,39,40,41,44,45,47,49,62,63,64,65,67,68,69,70,72,73,74,75,77,78,80,81,82,83,84,85,86,87,88,89,90,91,173,208,230,231,257,326,327,329,330,331,332,333,334,335,345,357,359,360,361,362,363,378,439,501,507,615,727,796,798,802,848,865,875,886,889,890,891,892,899,900,906,907,909,919,920,927,930,931,937,941],authfrom:181,author:[3,20,21,22,49,156,231,260,614,735,815,852,906,907,914,929],authoriaz:802,authorit:[20,22,157,908,913,916,920,921],authoritykeyidentifi:38,authorization_data:[802,822,835],authtim:[343,344,345,346,873,899],authto:181,authz:835,auto:906,autoconf:892,autodoc:897,autohead:893,autolock:907,autom:[893,906],automak:911,automat:[3,4,6,8,18,24,35,886,889,891,893,906,927,929,934],autoreconf:893,avail:[3,6,11,12,15,21,22,30,35,39,44,47,57,123,169,177,194,199,200,234,259,311,315,320,364,371,374,377,401,418,563,812,834,872,886,893,908,914,929,931,935,941],avoid:[3,14,15,20,25,39,47,252,895,906,927],awai:[15,42,926,927],awar:899,awk:6,ba548_90007:43,back:[14,20,21,24,25,31,40,41,886,890,895,900,906,912,915],backend:[13,15,23,895,906,907],background:[4,8,10,35],backslash:347,backspac:347,backup:[31,33,40,891],backward:[8,21,22,25,27,35,936],bad:[35,136,159],balanc:[15,39,40],banner:[47,355,861],bar:[6,22],basch:907,base:[0,3,21,22,23,24,25,26,35,38,39,40,44,47,50,60,61,63,99,118,272,303,391,886,897,905,906,907,910,915,919,923,927,930,939],basi:[15,19,24,40],basic:922,basicconstraint:38,baz:22,bb463167:43,becaus:[6,18,20,21,22,24,25,26,36,38,39,40,42,44,47,258,345,886,893,895,899,903,917,919,922,926,930,940],becom:[0,6,15,18,22,24,35,40,137,242,267,282,906,926,930,934],beeblebrox:35,been:[6,12,15,21,22,24,36,125,886,890,906,907,912,915,927,931,938,941],beep:[927,929],befor:[2,3,4,5,6,15,21,22,23,24,36,38,40,42,45,99,101,104,158,295,297,384,392,816,859,887,890,891,893,907,910,917,919,927,930],beforehand:44,begin:[4,6,22,24,29,37,100,101,103,104,294,295,296,297,406,899,913,922,939],behalf:936,behav:[3,44,409,418,885,895],behavior:[3,15,21,22,29,40,47,235,416,418,906,911,914,915,920,929,933,938],behind:[15,29],being:[3,15,21,22,24,30,40,45,47,252,375,729,890,897,939],belong:[34,164],below:[6,21,22,23,24,29,37,729,892,907,934],benefit:40,berkelei:[895,907],besid:22,best:[15,26,35,39],beta:[6,24],better:[24,25,836,906],between:[3,9,21,22,24,26,30,35,36,42,46,137,161,388,874,886,906,920,927,929,930],beyond:[910,915,919,941],big:[899,900,901,903,912],biggest:15,bin:[35,893,895,897,905,934],binari:[22,33,895,907],bind:[3,5,21,23,24,40,906,933],bind_dn:3,binddn:3,bindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],bindpwd:3,bison:895,bit:[15,21,25,38,44,47,67,84,143,156,160,362,874,885,899,903,906,934],bitwis:[154,729],bjaspan:[3,24],blank:939,bleep:[3,11,24,927,940,941],block:[15,21,25,49,100,101,103,104,123,294,295,296,297,906],blocksiz:96,bob:[934,940],bodi:[835,919],book:[16,906],boot:[35,891],bootstrap:22,borrow:927,boston:40,both:[3,12,22,23,24,25,27,29,30,37,38,40,41,44,162,252,258,893,907,911,934],bourn:35,box:37,brace:911,bracket:[21,22,29],breviti:900,brg:907,brian:907,bridg:906,brief:[33,892,915],broken:[15,895],brother:907,brute:[15,24,36],bsd:[906,907],btree:[6,24],buffer:[24,44,49,57,99,100,120,177,194,199,200,286,294,311,335,342,343,377,400,401,407,409,411,538,816],buflen:[177,194,199,200,377,400,401],bug:[0,24,39,43,892,893,924],build:[35,40,42,49,50,137,886,892,895,904,905,906,911,915,933],built:[22,25,29,47,49,381,886,893,895,906,907,912,922,927,933],builtin:[895,906,907],bullopensourc:43,bunch:24,bundl:[22,907],bunni:40,busi:907,byacc:895,c89:894,cacert:[23,30,38],cach:[3,15,16,22,24,29,44,45,49,79,139,141,230,231,236,254,271,274,327,329,330,333,335,362,378,406,416,522,545,549,744,888,892,895,896,902,905,906,914,927,929,930,931,933,934,935,936,939,941],cache_nam:[3,24,929,930,931],cache_out:[133,157],cacheconf:899,cachenam:[886,935],cachetyp:906,cacreateseri:38,caddr:[814,821,822],cakei:38,california:907,call:[15,17,21,22,24,25,29,35,44,47,92,94,101,104,114,126,127,137,159,161,183,235,252,258,268,275,282,286,289,295,297,301,313,322,327,383,384,407,816,859,866,885,886,890,892,893,906,910,911,912,917,919,920,926,934],callback:[49,267,282,355,383,384,390,845,859,861,865,906,910,919,921],caller:[44,47,72,86,100,101,103,104,118,120,122,137,145,147,252,259,276,286,294,295,296,297,303,317,319,334,335,364,368,369,407,416,816,885,906,913,919,922],camellia128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],camellia256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],camellia:[21,906],can:[0,2,3,4,5,6,8,9,10,11,14,15,16,17,18,19,20,21,22,23,24,25,26,27,29,30,33,34,35,36,37,38,39,40,41,42,44,47,51,57,137,139,157,231,261,278,312,335,345,347,369,389,392,403,406,416,418,726,854,855,865,873,885,886,887,889,890,893,894,895,897,899,900,906,908,909,910,911,912,913,915,916,917,918,919,920,921,923,926,927,930,934,938,941],cancel:24,candid:934,cannot:[3,16,24,25,26,36,38,44,47,136,154,170,267,347,416,874,899,927,930,931,936],canon:[4,16,23,24,39,40,199,916,920],canonhost_out:201,canonic:[16,22,23,34,44,49,392,546,906,930,936],capabl:[33,906,926],capac:26,capath:21,card:[3,21,22,24,906],care:[3,15,20,24,29,44,915],carefulli:38,carnegi:907,carri:[3,26,941],cartoon:35,casio:15,cast:[874,885,908,910,911,916,917,918,919,921,923],cat:6,categori:26,caus:[3,4,6,15,21,22,24,25,26,35,36,38,39,40,41,44,49,123,252,254,391,725,890,895,907,931,935],caution:3,cb_data:[389,877],cb_ret:922,cbc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],cbdata:922,cbrown:941,cc246071:906,cc246091:906,ccach:[3,24,42,49,133,136,149,150,165,168,171,231,232,233,239,240,241,253,257,258,271,274,333,378,386,406,416,806,895,905,908,932,936],ccache_typ:22,ccachenam:895,ccapi:[892,907],ccselect:[29,906,911,914,921],ccselect_plugin:[908,911],ceas:[0,6,24],cell:15,center:[10,892,907,941],central:0,cert:[17,22,23,38],certain:[24,33,243,895,907,936,941],certauth:[906,914],certauth_plugin:909,certid:22,certif:[3,21,22,23,30,41,49,260,685,901,906,914,941],certifi:22,certlabel:22,cf2:49,cflag:[895,933],cfr:907,ch06s05:43,chain:[21,22,906],challeng:[21,22,41,47,49,369,370,371,373,374,687,690,727,728,865,868,900,906],chang:[2,3,6,9,15,16,20,21,22,23,25,26,29,34,35,38,40,47,49,79,137,149,252,267,385,386,620,708,885,893,897,899,905,906,907,915,917,923,925,932,934,940],change_password_for:[385,386],change_tim:[45,149,170],changeov:35,changepw:[3,15,16,24,173,252,385],channel:[15,37,44,47,934],charact:[3,20,21,22,24,35,40,347,400,410,704,932],charg:907,check:[12,21,22,24,29,35,38,44,49,60,61,156,290,359,362,363,550,890,893,895,897,903,911,922,923,927,931,934],check_a:918,check_tg:918,checkout:897,checksum:[22,44,49,105,182,209,210,333,334,335,337,343,344,345,346,532,539,654,655,659,802,845,901],checksum_typ:807,cheetah:897,chicago:907,chl:[47,370,371,373],chl_out:374,choic:[22,39,44,47,257,930],choos:[15,23,26,35,39,40,44,891,908,926,930,939],chosen:[17,22,27,44,47,236,894,900,905,906,908,939],chpass:[3,24,917],chrand:[3,24],chunk:[115,302],cipher:[15,22,27,49,100,101,103,104,294,295,296,297],cipher_st:[100,101,103,104,294,295,296,297],ciphertext:[26,100,101,103,104,105,294,295,296,297,796,820,900],circular:24,circumst:[21,38],citi:907,ckf_:729,ckfrom:182,cksum:[114,130,301,305,415],cksumtyp:[82,97,112,114,115,131,177,301,302,306],cksumtype_cmac_camellia128:778,cksumtype_cmac_camellia256:778,cksumtype_crc32:778,cksumtype_descbc:778,cksumtype_hmac_md5_arcfour:778,cksumtype_hmac_sha1_96_aes128:778,cksumtype_hmac_sha1_96_aes256:778,cksumtype_hmac_sha1_des3:778,cksumtype_hmac_sha256_128_aes128:778,cksumtype_hmac_sha384_192_aes256:778,cksumtype_md5_hmac_arcfour:778,cksumtype_nist_sha:778,cksumtype_rsa_md4:778,cksumtype_rsa_md4_d:778,cksumtype_rsa_md5:778,cksumtype_rsa_md5_d:778,cksumtypep:393,ckto:182,claim:907,clang:906,clarifi:38,clariti:934,clean:[24,275,276,389,897,906,922],cleanli:906,cleanup:[47,922],clear:[3,6,11,16,24,37,47,49,137,159,380],clearpolici:[3,20,24],cleartext:[797,813,821],click:35,client1:38,client2:38,client:[3,12,15,16,17,19,21,22,23,24,26,27,29,32,33,35,36,37,39,40,41,42,44,47,49,146,157,230,231,242,248,249,265,267,271,274,282,283,284,334,337,362,366,406,650,729,796,797,802,814,815,822,825,834,835,886,890,892,895,899,900,901,905,906,907,908,909,911,914,916,919,921,927,930,931,933,934,936,939,941],client_cert:38,client_kei:906,client_princ:47,clientauth:22,clientkei:38,clifford:941,clock:[22,35,49,274,359,363,887,919,930],clockskew:[16,22,362,922,930],close:[33,49,72,86,133,138,139,151,168,174,272,312,744,917,923],clpreauth:[29,914],clpreauth_mymech_initvt:911,clpreauth_plugin:910,cmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],cmd_path:934,cname:[34,35,39,40],code:[0,21,22,24,42,44,47,49,50,51,57,63,65,66,68,70,73,74,75,77,78,79,80,82,83,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,103,104,105,106,107,108,109,112,113,114,115,116,118,119,120,121,122,123,125,126,127,130,131,134,135,136,142,143,146,148,150,151,152,153,154,155,156,157,158,159,160,161,162,164,165,166,167,168,170,171,172,173,176,177,178,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,221,224,230,231,234,236,238,242,258,267,268,269,271,272,273,274,275,278,279,280,281,282,283,284,285,286,287,289,294,295,296,297,301,302,303,305,306,307,308,310,311,313,315,316,319,320,321,322,323,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,347,348,350,355,357,358,359,360,361,362,363,364,366,367,377,378,379,380,381,385,386,387,388,392,399,400,401,403,404,405,406,407,408,409,410,411,412,416,719,825,826,854,874,885,892,894,895,906,907,910,911,912,915,917,919,921,922,923,924],coexist:20,collect:[22,44,49,133,157,171,717,718,892,906,908,929,930,931,935,939,941],collis:49,colon:[5,21,22,24,29,40,155,347,349,422,941],column:6,com:[3,6,9,11,14,17,21,22,23,24,29,36,38,39,40,42,43,900,901,906,907,926,927,939,940,941],com_err:[826,895,906,911],combin:[3,8,16,21,24,27,44,49,261,900,931],come:[22,47,362,893,894,926],comma:[3,6,10,21,22,24],command:[4,8,9,10,14,15,16,21,22,23,24,25,30,33,35,36,38,42,887,889,892,893,894,895,906,925,926,927,929,932,934,936,941],command_opt:[5,6,24],commenc:35,comment:[0,16,22],commerci:[22,38,907],commit:[9,907,917],common:[22,24,26,35,44,895,907,910,926,940],common_appdata:22,commonconfig:22,commonli:[8,42],commun:[0,22,23,24,26,30,35,38,44,854,886,892,907,908,924],compani:927,companion:37,compar:[48,49,130,305,900],comparison:22,compat:[8,21,22,37,44,893,895,906,916,918,936],compil:[0,893,894,895,896,906,907,933,934],compile_et:895,complet:[5,6,15,21,22,24,40,44,46,161,279,281,362,378,404,405,727,892,895,896],complex:906,compli:907,complic:[38,895],compon:[20,22,29,38,39,44,47,49,93,94,230,272,347,348,353,391,645,698,700,752,899,903,907,922,927,939],component1:[899,903],component2:[899,903],compos:38,compress:894,compromis:[15,18,22,33,886,891],comput:[15,21,22,30,44,45,47,49,92,118,130,236,303,305,901,907,910,919,926,927],concaten:[720,900,912],concatent:912,concept:[904,914],concern:[26,36,907,927],concis:922,concret:897,concurr:[21,25],condit:[38,157,906,907,934],conduct:30,conf:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,23,24,25,26,27,28,29,30,31,32,33,34,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],conf_keyfil:[5,24],conf_req_flag:44,conf_stat:44,confidenti:[27,44,906],config:[14,21,22,24,142,158,276,381,892,895,905,906,912,925,928],configur:[3,4,5,9,15,17,18,20,21,22,24,25,26,31,32,39,42,44,47,49,51,79,157,174,201,258,268,276,391,416,418,563,564,887,890,892,893,894,896,897,906,911,914,923,927,930,931,934,938,940,941],confirm:[2,3,5,6,24,131,306,906],conflict:[29,362,602,603,605,606,912],conform:[22,894,906,932],confound:105,confus:907,confusingli:47,confvalid:892,conjunct:936,connect:[3,4,5,8,12,21,24,33,35,39,44,49,886,890,906,907,927],consequenti:907,consid:[0,15,22,25,34,40,42,345,890,895,899],consider:[40,46,890],consist:[22,40,347,889,894,899,900,906,913,920],consol:21,consolid:0,consortium:[924,941],constant:[47,58,59,716,722,810],constitut:907,constrain:[3,24,337,547,652,906,936],constraint:[907,939],construct:[0,44,47,284,286,333,407,854,855,906,911,936],consult:[22,920],consum:[25,885,915],contact:[3,7,8,15,21,22,24,30,40,267,886,908,924,937],contain:[3,4,5,6,8,9,16,20,21,22,23,24,25,29,30,34,35,38,40,42,44,47,49,55,68,73,77,155,157,176,179,180,190,191,202,238,252,254,283,286,325,334,345,347,358,360,366,368,378,407,416,836,865,878,886,887,889,890,892,893,894,895,896,897,899,900,903,907,911,921,922,924,926,927,929,930,934,935,936,939,940,941],container_dn:[3,24],container_reference_dn:[5,24],containerdn:[3,24],containerref:[5,24],contempl:907,content:[0,6,9,12,14,15,24,28,35,38,44,45,47,49,83,85,125,134,138,148,151,181,182,184,185,187,189,190,205,206,207,208,209,214,215,219,222,228,287,337,338,794,800,807,816,837,848,879,886,899,901,903,907,930,931],context:[22,42,44,45,47,49,50,51,52,53,54,55,56,57,60,61,62,67,71,76,84,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,179,180,181,182,183,184,185,187,188,189,190,191,193,195,196,197,201,202,203,204,205,206,207,208,209,210,211,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,252,253,254,255,257,258,259,260,264,267,268,271,272,274,283,284,285,286,287,288,290,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,370,371,372,373,374,375,378,379,381,382,383,384,385,386,387,388,389,390,391,392,396,407,408,409,410,411,412,413,414,415,416,419,420,421,422,564,782,783,784,785,786,787,788,789,827,854,855,861,865,877,906,908,910,911,913,919,920,921],context_handl:[44,912],contigu:44,continu:[2,6,18,35,900,906,907,934],contract:907,contrari:[44,47],contribut:[102,108,120,121,904,907,941],contributor:[898,907],control:[4,15,16,19,20,21,22,23,27,29,35,37,38,39,42,44,47,250,286,407,416,895,896,906,908,913,914,915,918,920,921,922,923,938],convei:[15,24,40,44,826,852,906,907],conveni:[47,327,371,374,893],convent:[40,408,922],convention:941,convers:[22,900],convert:[14,15,22,44,49,176,265,392,939],cooki:[599,902,906,919],coordin:912,copi:[14,16,18,24,27,30,33,35,38,42,44,49,87,89,276,279,330,345,404,891,899,907,915,922,927,934],copyright:[892,894,907,941],core:[910,915,919,922,924],corpor:[907,941],correct:[4,10,15,22,24,34,35,42,125,724,886,895,906,907],correctli:[12,44,854,855,885,906,926],correspond:[6,20,22,38,44,45,47,57,155,252,270,345,873,897,900,906,911,917,941],corrupt:[6,18,24,906],cosin:14,cost:[24,30,895,907],could:[0,15,17,18,22,26,29,34,35,36,40,890,906,911,926,927,934],couldn:12,count:[3,6,24,49,88,90,112,293,899,903],counter:[3,24,36],countermeasur:33,counterpart:[20,34],countri:907,cours:18,courtesan:907,cover:34,coverag:893,cpp:895,cppflag:895,cppopt:895,cpu:41,cpw:[3,15,24],crash:[18,22,35],crawdad:907,crawford:907,crc32:22,crc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],creat:[3,4,7,12,15,20,21,22,23,25,29,32,33,36,44,48,49,68,73,77,94,114,115,126,127,136,139,179,180,181,182,183,184,185,187,189,190,212,243,269,278,301,302,312,313,328,335,348,362,366,367,378,390,403,416,700,886,887,889,893,897,900,906,907,908,909,910,912,913,914,916,917,918,919,920,921,922,923,924,926,927,930],create_polici:24,createtimestamp:14,creation:[15,22,24,38,900],creativ:907,creativecommon:907,creatorsnam:14,cred:[47,49,153,154,156,162,173,239,240,241,242,267,271,274,279,282,385,404,406,416,531,906,934],cred_handl:[44,912],cred_usag:44,credenti:[3,12,14,16,17,21,22,24,29,34,36,38,46,49,139,173,184,213,214,230,231,236,333,337,357,378,405,442,549,618,651,736,812,813,814,815,866,885,888,889,890,892,895,902,906,910,912,913,914,919,927,929,930,931,933,934,935,936,939,941],credentials_cach:[3,24],criteria:[38,886],critic:[47,924],crl:[21,22],cron:[18,21,35,40],cross:[21,22,344,345,346,362,895,906],crt:[21,22],crypto:[15,22,121,122,198,892,895,906,907],crypto_entri:823,crypto_test:907,cryptograph:[15,44,906,907],cryptographi:[15,41],cryptosystem:15,csv:[6,906],ctime:[797,802,825],cts:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],ctx:[44,73,74,77,78,87,88,89,90,178,183,220,235,277,278,279,280,281,282,283,284,285,286,349,368,369,370,371,372,373,374,375,376,382,402,403,404,405,406,407,419,420,421,422,866],ctype:[110,111,128,132,175,415],cuba:907,cultur:907,current:[2,3,6,8,9,11,15,21,22,23,24,29,39,40,49,137,186,334,349,385,442,731,878,886,889,890,895,899,906,910,913,914,919,927,932,939,941],curri:16,curs:895,cursor:[49,140,153,161,167,168,319,323,804,806],curv:[22,41],cusec:[797,802,825],custom:[22,897,905,906,909],cut:40,cve:906,cybersaf:[540,907],cycl:906,cygnu:[657,907],daemon:[8,20,21,22,24,32,37,38,39,886,891,906,911,941],daffodil:[16,927],dai:[3,5,22,24,38,49,399,887,927,941],daili:15,daisi:40,dal:915,damag:[886,907],danger:[18,934],danilo:907,dash:22,data:[3,6,9,15,21,22,23,24,25,27,33,44,45,47,49,64,80,81,99,114,115,118,120,121,122,124,130,131,142,154,156,158,176,185,215,219,231,252,260,264,265,267,269,282,301,302,303,305,306,327,330,333,334,335,337,339,343,344,355,357,359,362,363,371,374,378,379,383,384,385,386,389,391,396,468,480,481,482,537,538,671,711,735,782,783,786,800,802,810,812,815,816,818,821,822,825,827,834,835,845,848,852,854,855,857,858,861,864,866,875,880,886,890,891,895,899,900,901,903,906,907,909,910,911,914,918,919,923,931],data_length:117,data_set:44,databas:[2,4,5,6,7,8,9,10,12,16,19,20,21,22,23,29,31,32,33,36,38,44,889,891,892,895,896,905,906,907,914,917,919,930,933,934,941],database_modul:[14,21,23,25],database_nam:[21,24,35],datadir:895,datarootdir:895,datatyp:46,date:[3,6,8,21,22,38,174,231,401,821,888,906],datebas:4,david:[16,24,926,927,941],db2:[3,6,21,24,36,892,905,906],db3:895,db_185:895,db_arg:[3,4,6,10,24],db_header:895,db_lib:895,db_librari:[14,21,23,25],db_module_dir:[21,23],db_princ_arg:[3,24],dbadmin:20,dbmatch:22,dbmodul:[3,14,23,24,25,36],dbname:[3,6,10,24],dbutil:907,dce:[22,44,49,641,673,906],dcmd_path:934,deactiv:21,deal:[886,907],dealloc:[93,913,920],debian:[32,906],debug:[3,7,8,9,21,894],dec:[24,35,36,887],dec_err:328,dec_error:358,decid:[35,40,252,927],decim:[6,44,899,941],decis:[31,907,916,920,941],declar:44,decod:[22,47,49,162,191,362,899,909,911],decompos:538,decreas:[22,889],decrement:49,decrypt:[3,24,36,44,49,80,357,367,816,872,890,934],dedic:35,default_ccache_nam:[22,137,886,941],default_client_keytab_nam:[22,889],default_domain:22,default_kdb_fil:896,default_kdc_enctyp:896,default_keytab_nam:[22,889,896],default_principal_expir:[21,887],default_principal_flag:[20,21,906],default_profile_path:896,default_realm:[22,29,34,35,913,922],default_tgs_enctyp:[22,27],default_tkt_enctyp:[22,27],default_valu:[60,61],defaultrealm:49,defccnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],defcktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],defeat:41,defend:890,defens:26,defer:[44,913,916,920],defin:[3,12,21,22,34,35,40,44,102,120,235,729,895,899,900,911,915,922,923,934],definit:[10,17,21,892,907,916,918],defktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],dejagnu:[893,895],del_polici:[3,24],delai:[24,25,40,890,895,906,930],deleg:[3,21,24,337,547,652,899,906,927,931,936],delegated_cred_handl:44,delent:11,delet:[2,3,5,6,11,16,20,22,33,35,154,890,907,926,929,934,941],delimit:[22,316],delold:[2,15],delpol:[3,24],delprinc:[3,24],delstr:3,delta:[21,49],deltat:194,deltatp:394,demand:416,demonstr:[12,15],deni:[3,20,24,26,29,36,916,920,934],denial:22,denot:[6,20,887,900],depart:907,depend:[26,34,40,44,47,127,368,376,729,865,894,895,905,911,923,926,927],deploi:[37,38,39,893],deploy:[15,25,38],deprec:[21,71,76,95,124,132,175,193,195,197,198,203,204,232,233,239,240,241,246,288,314,354,356,396,413,415,889],der:[900,909,919],deriv:[6,15,21,24,26,49,100,101,103,104,114,130,294,295,296,297,301,305,900,906,907,932],des3:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],des:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],des_crc_session_support:[21,27],descend:886,describ:[0,3,15,16,17,22,24,25,26,29,33,35,38,44,335,378,408,816,825,826,885,899,907,910,911,912,914,922,927,934],descript:[24,33,40,44,825,892,905,906,908,909,910,913,915,916,917,918,919,920,921,922,923],descriptor:[63,366,367,378],design:[29,35,47,320,886,890,941],desir:[15,24,29,44,120,122,257,258,333,895,921,934],desired_mech:[44,912],desired_nam:44,desired_object:44,desktop:47,dest_ctx:186,destdir:893,destin:[33,893],destroi:[14,44,49,137,148,151,389,416,886,906,908,909,910,913,916,917,918,919,920,921,923,925,929,930],destroy_polici:24,detach:8,detail:[10,15,25,27,29,34,35,37,269,727,886,892,894,906,908,909,910,913,916,917,918,919,920,921,922,923,934],detect:[6,8,15,24,327,329,335,890,895,912],determin:[3,4,6,8,21,22,24,25,29,35,44,49,63,103,106,118,137,157,237,238,268,296,362,388,392,418,878,886,889,890,893,895,900,903,906,909,913,916,920,921,927,941],dev:[14,21,22,42,941],develop:[0,893,904,906,907,924,941],devic:[3,21,22,24,47],devicenam:21,dfl:[890,941],dget_tgt_via_passwd:934,dict:[3,22,24],dict_fil:[4,21,923],dictat:24,dictionari:[21,22,30,31,35,36,41,906,923,930],did:[35,230,274,345,927],didn:[12,29],differ:[3,6,12,16,22,23,26,27,29,34,35,38,39,40,44,46,49,108,120,162,378,388,854,890,893,895,911,919,920,926,927,930,934,941],diffi:[21,22,930],difficult:36,difficulti:39,digest:[21,907],digit:[887,941],digitalsignatur:[22,38],dir:[21,22,38,886,895,905,930,941],direct:[22,23,24,29,42,49,907,922,941],directli:[3,19,21,22,24,30,35,44,47,378,618,919,930,935],directori:[5,12,14,21,22,24,29,34,35,38,176,345,886,890,894,896,897,905,906,926,934,938,939,940,941],dirnam:22,disabl:[3,15,21,22,24,25,27,29,35,38,39,40,42,383,384,389,550,893,895,906,914,930,938,941],disable_encrypted_timestamp:[22,26,41],disable_fresh:[38,930],disable_last_success:[21,23,36],disable_lockout:[21,23,36],disallow:20,disallow_forward:[5,24],disassoci:[4,10],disast:40,disclaim:907,disclosur:[20,906],discoveri:[26,34,35,906],discuss:[35,890,907,915,924],disjoint:0,disk:[4,5,6,16,18,24,25,33,35,47,886,890,891,894],dispatch:912,displai:[2,3,5,9,11,16,24,38,47,252,719,889,899,906,907,930,931,937],display:176,disrupt:15,dist:894,distclean:893,distinguish:[5,22,24,907],distribut:[10,14,892,893,894,895,896,906,907,927,941],distributor:907,dll:[29,911,912,922],dns:[22,895],dns_canonicalize_hostnam:22,dns_lookup_kdc:22,dns_lookup_realm:[22,40],dns_uri_lookup:[22,40],dnsname:22,doc:[23,43,897],document:[5,21,22,24,30,34,35,44,885,893,895,906,907,911,924],doe:[3,6,8,10,15,16,21,22,24,25,26,35,38,39,41,44,47,57,120,145,155,163,316,318,348,378,392,400,416,886,889,893,895,900,907,911,912,913,920,922,926,927,934],doesn:[2,6,24,164,886,890,926],doing:[6,24,30,39,47,906,907,911,934],domain:[12,16,21,22,34,35,37,38,40,906,927],domain_realm:[29,34,40,939],don:[12,704,886,893,895,926,934,941],donat:[24,907],done:[8,14,23,24,33,35,40,886,895,910,919,922,934,941],door:43,doubl:887,down:[40,890],download:[8,43,907],downstream:[24,906],downtim:15,doxygen:[0,897],dprinc_look_ahead:934,draft:[684,687,690,906],drift:16,drive:893,drop:906,dry:6,dsa:477,dst:151,due:[15,20,24,42,890],dug:907,dugsong:907,dump:[4,7,8,18,21,25,35,905,906],dump_fil:4,dumpfil:[6,24,895],dumptyp:6,dup:21,duplic:[49,815,890],durabl:[21,25],durat:[3,21,22,24,873,930,934],dure:[3,4,8,18,21,22,24,35,36,41,44,355,383,416,708,890,899,900,906,910,917,927,934],dynam:[22,911,914,916,922],e19253:43,e2big:120,e_data:[825,919],each:[2,3,6,8,10,16,20,21,22,24,25,26,27,29,34,36,38,40,44,45,47,259,270,355,744,886,889,891,893,899,900,906,907,911,915,916,917,921,926,927,930,931,934,936,939,940],ear:907,earli:15,earlier:[21,22,27,35,231,920],earliest:[6,156],eas:37,easi:[15,18,26,36,927],easier:[0,15,906],easili:[15,35,893,906],eavesdrop:44,eavesdropp:890,ebaa:43,eblock:[193,195,197,203,204,288,354,356,396,413],echo:[355,364],edata:919,edit:[2,11,12,14,32,895,896,926],editor:0,edt:[3,24],edu:[0,3,5,12,15,16,20,21,22,24,25,29,33,35,43,906,907,922,924,926,927,934],educ:34,edwards25519:[22,41,907],edwards25519_t:907,effect:[15,20,21,22,24,38,40,720,886],effort:26,eight:34,einval:[267,376,393,395,397,398],either:[16,21,22,23,24,26,27,35,36,37,38,42,44,45,202,252,260,281,331,335,405,406,409,720,855,886,893,907,911,916,920,927,934,940],eku:[21,22],elaps:[3,24],element:[44,47,49,196,325,414,816,862,900],elimin:[15,41],ellipt:41,els:[35,911,926,927,934],elsewher:18,emac:895,email:[0,642,926],emailprotect:22,embed:671,empti:[3,6,20,21,22,24,37,44,47,49,94,236,238,286,348,391,392,407,416,895,899,930],enabl:[3,4,8,15,16,21,22,23,24,25,26,29,35,37,38,40,41,42,44,56,79,335,886,890,894,895,906,909,914,934,941],enable_onli:[22,29],enc:[3,6,16,21,24,206,815,906],enc_err:328,enc_errbuf:358,enc_padata:821,enc_part2:[379,812,834,872],enc_part:[796,812,834,872],encdata:900,enckdcreppart:821,enckrbcredpart:814,enclos:[21,22,887],encod:[22,47,49,196,327,329,343,344,358,541,872,879,899,900,909,919],encompass:44,encount:[22,35,931],encourag:22,encrypt:[2,3,6,15,16,18,22,24,26,30,31,33,35,37,41,44,47,49,80,96,99,100,101,113,114,115,117,125,126,127,130,131,156,236,287,294,295,301,302,305,306,315,320,329,330,360,362,397,481,482,539,599,664,739,797,798,812,814,815,816,821,822,834,835,872,889,890,891,892,896,900,901,906,907,910,919,924,931,936,941],encrypted_challeng:22,encrypted_challenge_ind:[21,906],encrypted_timestamp:22,enctyp:[6,11,15,21,22,24,49,96,98,99,100,102,105,108,112,113,117,119,126,127,199,200,218,231,287,294,315,320,381,413,820,822,835,837,899,903,905,906,910,936],enctype_aes128_cts_hmac_sha1_96:[449,778],enctype_aes128_cts_hmac_sha256_128:778,enctype_aes256_cts_hmac_sha1_96:[450,778],enctype_aes256_cts_hmac_sha384_192:778,enctype_arcfour_hmac:778,enctype_arcfour_hmac_exp:778,enctype_camellia128_cts_cmac:778,enctype_camellia256_cts_cmac:778,enctype_des3_cbc_env:778,enctype_des3_cbc_raw:778,enctype_des3_cbc_sha1:778,enctype_des3_cbc_sha:778,enctype_des_cbc_crc:778,enctype_des_cbc_md4:778,enctype_des_cbc_md5:778,enctype_des_cbc_raw:778,enctype_des_hmac_sha1:778,enctype_dsa_sha1_cm:778,enctype_md5_rsa_cm:778,enctype_nul:[102,236,778],enctype_out:236,enctype_rc2_cbc_env:778,enctype_rsa_env:778,enctype_rsa_es_oaep_env:778,enctype_sha1_rsa_cm:778,enctype_unknown:778,enctypep:395,end:[6,14,21,22,24,25,31,34,35,40,93,94,168,336,814,822,835,873,895,899,903,906,915,934,941],endian:[899,900,901,903,912],endors:907,endpoint:[63,907],endtim:[231,873,899],energi:907,engin:40,enomem:[120,230,238,307,327,329],enough:[3,24,100,103,174,294,296,755],ensur:[15,16,18,21,23,24,25,26,35,38,47,171,178,854,855,913,920,927],enter:[3,5,10,15,24,35,38,335,364,912,926,927],enterpris:[39,44,348,700,906,930],entir:[3,15,40,538,899,919],entiti:[44,907],entri:[3,8,9,11,12,14,15,16,20,21,22,23,24,25,33,35,36,38,39,40,41,42,44,47,49,156,180,202,205,207,227,252,314,320,325,326,335,340,355,362,416,821,839,843,886,889,890,891,900,901,906,918,919,927,931,934],entropi:[49,906],entrycsn:14,entryuuid:14,enumer:15,env:[22,38,42,941],envelop:[468,480,481,482],environ:[15,21,22,24,25,27,29,31,35,36,38,42,44,57,137,275,276,289,389,390,886,889,890,893,905,906],envvar:22,eperm:[916,920],epoch:[49,874],equal:[16,25,903,906,934],equip:941,equival:[21,37,173,385,386,906],err_fmt:[22,906],erron:42,error:[3,8,21,22,25,35,38,40,44,49,50,51,57,63,65,66,68,70,73,74,75,77,78,79,80,82,83,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,103,104,105,106,107,108,109,112,113,114,115,116,118,119,120,121,122,123,125,126,127,130,131,134,135,136,138,142,143,146,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,164,165,166,167,168,170,171,172,173,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,221,224,230,231,234,236,238,242,243,245,250,255,267,268,269,271,272,273,274,275,278,279,281,282,283,284,285,286,287,289,294,295,296,297,301,302,303,305,306,307,308,310,311,313,315,316,319,320,321,322,323,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,347,348,350,355,357,359,360,361,362,363,364,366,367,377,378,379,380,381,385,386,387,388,392,399,400,401,403,404,405,406,407,408,409,410,411,412,416,543,615,617,702,703,825,826,854,890,892,895,906,910,911,916,917,919,920,927,936],error_t:907,escap:704,especi:[16,35,39,906],essenti:21,est:[24,36,887],establish:[38,44,890],etc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],etyp:[6,236,381,665,906,936],etype_list:[251,829],etype_list_length:[251,829],euid:[22,905],evalu:22,even:[15,21,22,24,26,29,35,39,40,44,252,391,885,887,890,907,930],event:[40,49,906,907,919],eventu:40,everi:[21,22,24,33,35,49,323,886],evid:44,evolut:906,exact:[23,894],exactli:[22,35,156,409,737,738,742,900,934],examin:[22,38,910,919],exampl:[3,5,6,9,14,15,17,21,22,23,25,29,33,35,36,38,39,40,42,44,57,101,104,295,297,886,887,890,893,894,906,907,911,922,926,927,930,934,941],exce:[885,887],except:[3,16,20,22,24,38,40,44,333,906,907,934],excess:893,exchang:[35,41,49,231,254,286,366,378,439,866,900,919],exclud:[6,18,33,906],exclus:[3,907,934],exec:[895,933,934],execprefix:895,execut:[3,6,23,35,47,383,894,895,933],exemplari:907,exhaust:33,exist:[0,2,3,5,6,15,16,21,22,23,24,29,33,35,36,44,47,49,138,148,158,333,334,362,366,367,378,409,416,886,891,899,906,912,930,932,934],exit:[3,8,10,11,24,886,906,927,931,936],exp:[3,16,21,22,27,38],expand:22,expans:895,expdat:[3,24],expect:[15,22,35,42,274,343,344,345,346,719,897,910,915,927],expected_nonc:871,expens:[21,26,36],experi:[0,15,40,906],experienc:[0,921],experiment:906,expir:[2,3,6,20,21,22,24,34,38,44,47,49,231,250,267,821,873,886,887,890,899,906,927,930,931,934,941],expiri:[15,252,906],explain:35,explcit:907,explicit:[15,20,22,23,25,29,40],explicitli:[3,15,20,24,29,35,45,260,895,906,916,917,918,927],expos:[3,6,15,24,47,837,930,934],express:[3,22,24,887,907],extend:[14,21,22,38,49,422,878,912,941],extendedkeyusag:38,extens:[38,40,44,254,897,906,912],extent:[906,907],extern:[14,21,44,899],extfil:38,extra:[20,24,40,41,755,894],extra_address:22,extract:[3,16,20,24,35,236,889,906],extrem:3,eytab:[3,16],facil:[4,16,21,44,906],facilit:906,factor:[22,900],fail:[2,3,6,15,16,21,22,24,25,36,40,44,47,235,267,286,345,357,407,854,893,895,906,912,913,927,929,934],fail_count:6,failov:40,failur:[3,6,15,22,24,25,36,47,120,130,131,162,267,305,306,315,409,410,411,906,907,921,923],failurecountinterv:[3,24,36],failuretim:[3,24],fake:[22,47],fall:[40,41,886,890],fallback:[3,21,22,24,41,47,906,913],fallback_realm:913,fals:[15,21,22,24,27,29,34,37,38,39,40,53,55,106,110,111,128,129,163,199,252,290,291,292,324,351,352,353,365,391,418,940],famili:[21,124,193,195,197,198,203,204,257,258,288,354,356,413,921],famou:35,far:38,fashion:[30,907,934],fast:[21,22,26,37,38,49,236,544,599,899,906,910,919],fast_avail:899,fast_ccache_nam:254,faster:[26,40,886,893],fatal:157,fdii:927,feasibl:35,featur:[25,30,371,374,904,907,924],feb:9,februari:885,fee:907,feedback:0,fellow:907,fenc:911,fences_wicker_initvt:911,fermi:907,fetch:[4,5,6,10,11,22,24,72,142,416,906],few:[895,926,941],fiat:907,fiction:911,fictiti:927,field:[3,6,21,22,24,36,37,38,40,45,47,49,156,263,315,334,335,344,346,355,359,360,362,363,414,738,742,878,899,900,903,906,910,911,919,923,927,939],file:[3,4,5,6,7,9,10,11,12,14,15,16,17,18,20,23,25,29,30,31,32,38,39,40,42,47,49,51,155,269,276,322,366,367,378,381,744,886,887,888,889,890,892,893,894,895,896,897,904,905,906,907,908,909,910,911,912,913,915,916,917,918,919,920,921,922,923,925,926,927,934,939,940,941],filenam:[2,3,5,6,7,8,21,22,24,35,37,38,42,44,390,941],filesystem:[21,24,35,38,905],filesytem:38,fill:[47,49,51,57,120,122,135,153,155,231,237,238,308,311,316,331,350,360,361,393,394,397,399,400,903,911,922],filter:[21,22],find:[12,22,24,40,44,49,51,899,906,908,926,927,930,934],fine:[40,44],fini:[908,909,910,913,916,917,918,919,920,921],finish:49,fip:906,fire:40,firewal:[30,40,42],firm:907,first:[3,6,9,12,17,20,21,22,23,24,27,29,35,38,39,40,44,45,53,54,94,106,137,235,265,272,286,326,351,352,353,364,365,389,407,752,816,889,890,893,895,897,899,900,901,903,907,909,911,913,918,920,927,932,934,939,941],fit:[316,907],five:[3,22,24,35,359,363,887,890,917,932],fix:[6,906],flag:[2,3,5,6,11,15,20,21,22,23,24,26,29,34,36,40,41,44,47,49,56,63,70,75,79,123,154,156,199,276,286,329,330,331,335,344,346,355,357,359,362,363,366,367,407,717,718,719,720,724,725,726,727,729,736,737,814,815,816,821,822,829,868,883,886,895,906,910,919,927,929,930,931,933,934],flag_rsa_protocol:930,flagnam:20,flat:886,flavor:[3,24],flexibl:[22,39],flip:15,flush:922,fmt:[349,382,419,420,421,422],fnal:907,folder:22,follow:[2,3,6,8,10,14,15,16,20,21,22,23,24,25,26,27,29,30,35,36,37,38,40,44,63,235,252,255,270,337,347,348,355,362,364,392,410,886,887,889,890,892,893,895,896,899,900,901,903,906,907,911,912,915,922,924,926,927,930,931,933,934,938,939,940,941],foo:[3,6,16,22],foobar:[40,895,940],fool:26,foot:911,for_us:936,forbid:[3,24],forbidden:22,forc:[3,5,8,9,11,15,20,21,22,24,26,36,40,41,137],foreground:[4,8],forev:[3,24],forget:[5,24,35,159],fork:[10,35,934],form:[0,3,16,21,22,24,25,26,29,30,35,40,44,155,322,330,335,376,392,642,865,886,891,900,906,907,930,939,941],format:[0,3,6,20,21,22,37,40,44,49,349,408,419,421,422,722,727,729,868,878,886,888,889,895,897,901,904,906,911,912,934],former:391,formerli:519,formul:22,forth:22,fortuna:[895,906,907],forward:[3,16,21,22,24,34,35,37,39,44,49,357,531,548,829,927,930,931,934,941],found:[7,10,12,21,22,24,35,40,60,61,154,156,157,202,320,362,895,926,927,934,935,941],foundat:907,four:[22,25,36,41,899,900,901,912,934],fqdn:30,fraction:26,frame:899,framework:[44,906,907],fred:29,free:[47,48,49,50,66,68,73,77,92,94,112,116,142,144,146,153,156,176,179,180,181,182,184,185,187,188,189,190,201,202,231,234,236,243,268,279,282,287,293,315,320,322,326,328,331,332,333,334,335,336,339,341,342,343,347,348,357,358,360,362,363,366,378,392,404,406,408,410,907,909,911,922],free_ind:909,free_list:913,free_modreq:919,free_restrict:916,free_str:[920,922],free_valu:922,freed:[45,58,59,62,79,86,107,137,145,147,205,206,207,208,209,211,214,215,217,218,219,222,223,224,225,226,228,229,235,269,317,338,368,369,371,374,854,855],freeli:907,freenod:924,frequent:[15,34,39,40,874,926],fresh:[0,16,18,21,598,902,906,930,934],fri:9,friend:927,friendli:906,friendlier:906,from:[0,2,3,4,5,6,7,8,9,10,11,18,20,21,22,23,25,26,27,29,30,33,35,36,38,39,40,42,44,45,47,49,50,94,100,101,102,103,104,114,120,122,130,151,171,172,173,176,187,188,190,202,248,252,257,265,276,294,295,296,297,301,305,326,330,331,334,345,349,355,359,360,361,362,363,378,379,381,383,385,386,416,422,442,821,834,835,886,889,890,893,894,895,899,900,904,906,907,908,909,910,912,914,915,917,922,924,926,927,930,932,934,936,939,941],from_mast:[8,905],front:[21,347],fsanit:895,ftp:[33,35],fubar:[22,941],fulfil:934,full:[4,8,9,15,21,24,40,49,335,895,906,915,926,934],fulli:[3,16,20,22,24,30,33,35,36,47,930,941],fullname_out:144,fulvio:43,func:[64,81],fund:907,fundsxpress:907,furnish:907,further:[10,35,890,940],furthermor:[15,252,907],futur:[24,38,44,159,235,878,906,913],g10:907,g_accept_sec_context:907,g_acquire_cr:907,g_canon_nam:907,g_compare_nam:907,g_context_tim:907,g_delete_sec_context:907,g_dsp_name:907,g_dsp_statu:907,g_dup_nam:907,g_exp_sec_context:907,g_export_nam:907,g_glue:907,g_imp_nam:907,g_imp_sec_context:907,g_init_sec_context:907,g_initi:907,g_inquire_context:907,g_inquire_cr:907,g_inquire_nam:907,g_process_context:907,g_rel_buff:907,g_rel_cr:907,g_rel_nam:907,g_rel_oid_set:907,g_seal:907,g_sign:907,g_store_cr:907,g_unseal:907,g_userok:907,g_util:907,g_verifi:907,gain:[15,26,35,916,918,927],gcc:895,gen_sym:934,gener:[2,9,12,15,16,18,20,21,22,24,26,27,33,36,42,44,49,114,126,127,267,290,301,331,334,344,345,442,523,524,525,526,813,830,845,886,890,892,893,894,895,897,899,906,907,910,914,919,924,927,934,939],generalizedtim:900,generalstr:38,generic_trusted_ca:[21,22],gennadi:934,genrsa:38,german:906,get:[3,12,14,15,17,20,21,22,23,24,33,34,36,39,40,49,60,61,167,243,261,265,282,895,906,910,913,919,926,927,930,934,941],get_cooki:[906,919],get_cr:47,get_princ:[3,24],get_tgt_via_passwd:934,get_valu:922,getaddrinfo:39,getdat:[3,5,6,20,24],gethostnam:[39,44],getnameinfo:39,getopt:892,getpol:[3,24],getprinc:[3,6,15,24,36,906],getpwuid:[3,24],getrandom:906,getstr:3,getusershel:934,gic_opt:910,give:[6,15,24,29,39,893,899,900,907,920,926,927],given:[2,3,5,6,8,10,15,21,22,24,29,37,39,40,42,47,49,50,60,61,125,136,322,333,392,855,890,895,899,907,931],gladman:907,glob:[3,6,16,24],global:[5,20,21,22,23,24,49,142,158,906],glorifi:911,glossolalia:15,glue:892,gmbh:907,gmt:887,gnu:[39,893,895,906,907],goal:47,going:[21,25,927],good:[12,16,24,35,123,907,926,927,941],googl:907,gotten:927,gov:[22,907],govern:[24,907,932],gpg:894,gpl:907,grace:930,gracefulli:912,grain:44,grammar:[899,903],grant:[3,15,20,21,22,24,27,29,35,36,38,40,44,47,49,231,242,267,271,274,749,886,906,907,916,920,925,927,930,934,940],gratitud:907,great:[20,156,274,741],greg:941,groff:0,group:[21,22,41,900,907],gs2:906,gss:[29,892,899,906,912],gss_:912,gss_accept_sec_context:[44,906,912],gss_acquire_cr:[44,906],gss_acquire_cred_impersonate_nam:44,gss_acquire_cred_with_password:906,gss_add_cr:912,gss_add_cred_from:912,gss_add_cred_impersonate_nam:912,gss_add_cred_with_password:912,gss_add_oid_set_memb:912,gss_buffer_desc:44,gss_buffer_set_t:44,gss_buffer_t:[44,912],gss_c_accept:44,gss_c_both:44,gss_c_buffer_flag_alloc:44,gss_c_buffer_type_data:44,gss_c_buffer_type_head:44,gss_c_buffer_type_mic_token:44,gss_c_buffer_type_pad:44,gss_c_buffer_type_sign_onli:44,gss_c_buffer_type_stream:44,gss_c_buffer_type_trail:44,gss_c_dce_styl:44,gss_c_deleg_policy_flag:906,gss_c_no_credenti:44,gss_c_no_nam:44,gss_c_nt_anonym:44,gss_c_nt_export_nam:44,gss_c_nt_hostbased_servic:44,gss_c_nt_machine_uid_nam:44,gss_c_nt_string_uid_nam:44,gss_c_nt_user_nam:44,gss_c_null_oid:44,gss_c_qop_default:44,gss_c_sec_context_sasl_ssf:906,gss_create_empty_oid_set:912,gss_cred_id_t:[44,912],gss_cred_usage_t:44,gss_ctx_id_t:[44,912],gss_display_statu:912,gss_error:44,gss_export_cr:44,gss_export_nam:44,gss_get_mic_iov:44,gss_get_mic_iov_length:44,gss_get_name_attribut:44,gss_import_cr:[44,912],gss_import_nam:[44,912],gss_import_sec_context:912,gss_init_sec_context:44,gss_inquire_cr:44,gss_inquire_cred_by_oid:[44,906],gss_inquire_nam:44,gss_inquire_sec_context_by_oid:906,gss_iov:906,gss_iov_buffer_desc:44,gss_iov_buffer_desc_struct:44,gss_iov_buffer_flag_alloc:44,gss_iov_buffer_t:44,gss_iov_buffer_type_data:44,gss_iov_buffer_type_head:44,gss_iov_buffer_type_mic_token:44,gss_iov_buffer_type_pad:44,gss_iov_buffer_type_sign_onli:44,gss_iov_buffer_type_stream:44,gss_iov_buffer_type_trail:44,gss_krb5_cred_no_ci_flags_x:906,gss_krb5_get_cred_imperson:[44,906],gss_krb5_nt_enterprise_nam:[44,906],gss_krb5_nt_principal_nam:44,gss_mech_interpos:912,gss_name_t:[44,912],gss_oid:[44,912],gss_oid_set:[44,912],gss_qop_t:44,gss_release_iov_buff:44,gss_s_cred_unavail:44,gss_s_unavail:44,gss_store_cr:906,gss_unwrap_aead:44,gss_unwrap_iov:44,gss_verify_mic_iov:44,gss_wrap_aead:44,gss_wrap_iov:44,gss_wrap_iov_length:44,gss_wrapex:906,gssapi:[17,21,22,46,885,886,889,890,892,906,907,908,914,933],gssapi_err_gener:907,gssapi_ext:44,gssapi_krb5:44,gssapiauthent:29,gssapip_spnego:907,gssapistrictacceptorcheck:39,gssapiv2:44,gssd_pname_to_uid:907,gssi_:912,gssi_import_cred_by_mech:912,gssi_import_name_by_mech:912,gssi_import_sec_context_by_mech:912,gssrpc:907,guarante:15,guard:890,guess:[22,35,906],guest:[3,22,24],guid:[16,31,33,914],h5l:[22,45],h71000:43,had:[6,24,29,35,38,926,927,940],haddl:86,hand:[15,24,35],handi:35,handl:[3,6,15,20,24,37,44,49,72,133,136,138,140,142,143,144,145,146,147,148,149,150,152,153,154,155,156,157,158,160,161,162,164,165,168,230,231,242,253,257,258,272,283,307,308,310,313,315,316,317,318,319,321,323,330,339,343,344,345,346,362,406,416,907,910,915,919],handle_error:44,handle_out_of_space_error:44,happen:[3,18,21,24,35,40,42,927],happi:907,hard:[21,24],hardcod:[886,889,922],hardwar:[3,21,24,35,47,919,927,931],harm:890,harvard:907,harwood:941,has:[0,3,5,6,12,15,16,18,20,21,22,24,25,26,27,28,29,35,36,38,39,40,44,47,79,125,267,270,286,391,407,728,886,890,893,894,895,899,903,906,907,912,916,917,918,921,926,927,931,934,939],hash:[6,22,24,38,900,906],hat:[907,941],have:[0,2,3,6,8,12,15,16,18,20,21,22,24,25,26,27,29,33,34,35,36,38,39,40,44,47,102,156,237,281,405,886,890,893,894,897,899,900,903,906,907,908,910,911,912,915,916,917,919,921,923,926,927,930,934,938,940,941],have_getusershel:934,haven:[895,941],hdata:237,head:22,header:[6,22,44,49,535,538,798,895,908,909,910,911,913,915,916,917,918,919,920,921,922,923],headernam:895,heavili:890,heim_org:22,heimdal:[43,44,46,886,906],held:[907,931],hellman:[21,22,930],help:[22,38,890,895,906,922,924,927,933,941],helpdesk:15,henc:12,her:[40,927,940],here:[0,16,20,21,22,24,29,36,42,44,47,887,895,911,926,927],hereaft:907,herebi:907,hesiod:[22,895,907],heurist:[22,157,237,908,934,939],hexadecim:[6,906],hhmmss:887,hidden:[47,355,859],hide:[3,24,930],hierarch:[4,22,906],hierarchi:24,high:[15,17,25,890],higher:[44,886,897,906],highest:[3,6,15,16,22,315,320,416],highli:[894,906],himself:927,hin:894,hint:[3,21,24,152],his:[20,24,927,934,940],hist_kvno:6,histor:[29,34,885],histori:[6,895,906],hit:[49,934],hmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],hold:[3,44,79,177,194,199,200,400,401,886],holder:907,hole:[33,35,40,903],home:[5,22,24,29,926,934,938,939,940],honor:[42,927],hook:[49,854,855,906,914],hope:907,hopefulli:36,host01:941,host:[3,4,7,8,12,15,16,17,21,22,24,25,26,30,31,32,34,37,38,39,40,44,47,49,201,230,237,333,335,391,392,416,643,645,890,893,895,906,914,919,926,927,930,931,934,938,939,940,941],host_based_servic:[21,40],host_realm:913,hostaccount:29,hostnam:[3,12,16,21,22,24,34,35,38,39,42,44,49,333,391,392,895,906,913,936,939,941],hostrealm:[29,906,914],hostrealm_plugin:913,hotp:3,hour:[5,20,21,24,34,887,926,927,934,941],houston:40,how:[15,21,22,24,27,29,33,35,38,40,44,231,418,894,895,904,908,914,921,922,926,930],howev:[3,6,15,18,21,22,24,26,33,34,36,38,40,893,907,927,941],html:[0,23,43,894,897,906],html_subst:897,htmlsrc:897,http:[22,23,26,31,39,40,43,893,894,897,906,907,924],http_anchor:[22,30],hudson:941,human:[176,887,906],hundr:25,hwauth:21,hxx:907,iakerb:906,icr:44,idea:39,ideal:[16,24,35,47,893],ident:[3,21,23,24,44,49,364,729,869,870,886,906,910,926,927,930,932],identif:[906,907],identifi:[4,10,22,29,173,272,320,322,722,815,821,836,907],iec:894,ietf:906,ignor:[3,16,20,21,22,29,44,49,170,242,267,271,274,276,285,289,345,348,353,362,391,534,698,701,854,893,895,899,906,911,939],ignore_acceptor_hostnam:[22,39,44],illinoi:43,illumin:941,imap:[39,895,939],immedi:[6,15,22,24,40,906,919],impact:36,impend:47,imperson:906,impl:895,implement:[0,15,21,22,24,25,29,30,37,40,41,44,45,47,52,114,120,154,301,385,386,886,890,893,895,899,901,903,906,907,908,909,910,911,912,913,915,916,917,919,920,921,922,923,924,927,934,941],impli:[907,930],implicit:21,implicitli:22,impos:916,imposs:[24,36],improv:[0,15,21,22,36,906,924],in_authdat:180,in_cr:[231,232,233,334,378],in_data:[333,334,378],in_length:[132,415],in_tkt_servic:[242,267,271,274],inaccess:40,inaccur:22,inaddr:179,inadequ:42,inauthdat1:326,inauthdat2:326,inbuf:[359,360,361,362,363],inc:[907,927,941],incc:135,incident:907,includ:[6,9,14,16,17,20,21,22,23,24,25,33,34,35,38,39,40,44,49,100,105,123,145,294,316,334,343,344,346,347,362,409,677,802,815,822,835,849,885,886,890,892,895,896,897,899,900,903,906,907,910,911,912,916,918,919,922,926,930,934,941],include_pac:849,includedir:[22,895],inclus:907,incom:[21,39],incompat:[22,893,895,915],incomplet:22,inconsist:25,incorpor:[0,21,25],incorrect:[36,40,724,725,926,927],incorrectli:927,incr:184,increas:[21,25,41,101,104,295,297,914],increment:[4,8,9,15,20,21,25,32,36,40,49,88,90,906,907],indata:185,inde:927,independ:[22,27,139,167,252,312,895],index:[6,23,30,43,372,894],indic:[3,6,15,20,21,22,24,27,29,31,37,38,40,42,44,47,157,252,331,717,718,719,720,724,725,726,727,826,886,887,889,890,899,900,901,903,906,907,909,910,911,919,927,930],indirect:907,individu:[9,21,907,927,941],inetcomperson:14,inetd:[8,12,35,42],infd:63,influenc:39,info2:906,info:[21,35,236,650,652,656,665,815,821,877,906],inform:[3,4,6,7,9,11,14,21,23,27,29,34,35,39,40,42,44,47,176,192,236,257,258,289,329,331,337,345,367,389,390,418,651,653,729,813,814,852,859,864,878,886,894,895,898,899,900,903,906,910,911,914,915,919,922,924,930,941],infrastructur:[22,41,892,893,906],infrequ:906,inherit:[926,934],ini:22,init:[4,10,908,909,910,913,916,917,918,919,920,921],init_cr:47,initi:[3,5,12,15,22,23,24,26,27,35,36,41,46,49,100,103,116,125,236,276,294,296,404,507,866,873,886,889,895,899,906,907,910,911,926,927,930,931,933,934,941],initiator_cred_handl:44,inittab:35,initvt:911,inject:26,inop:15,inout:[99,100,101,103,104,115,294,295,296,297,302,333,334,362,364,366,367,378,409],inprinc:189,inptr:[193,197],input:[24,44,49,50,100,101,103,104,108,114,118,120,125,145,201,202,231,294,295,296,297,301,303,355,378,379,406,908,920,923],input_assoc_buff:44,input_ccach:930,input_message_buff:44,input_name_buff:912,input_name_typ:912,input_payload_buff:44,inputlen:105,inquir:[3,16,20,24],inquiri:20,ins:33,insecur:[15,33,40,44,237],insensit:[40,353,696,887],insert:[26,814,821],insid:[16,27,202,900,906],insist:934,inspect:[17,383,384,854,855,916,918],inst:51,instal:[12,14,15,16,18,22,24,29,31,33,40,891,894,897,915,929,933],instanc:[20,22,24,29,34,36,44,50,51,643,644,890,899,906,911,941],instead:[3,4,6,8,15,21,22,24,25,35,38,39,47,246,253,285,314,345,347,419,421,855,895,906,907,912,919,929,931,934,940],institut:[898,907,941],instruct:[24,35,38,895,924],insuffici:[230,238,307,327,329,895],int16_t:832,int32_t:833,int_max:776,intact:907,integ:[3,16,21,22,24,37,38,885,899,900,903],integr:[27,34,44,47,330,335,359,363,892,894,905,906,907,927],intel:907,intend:[3,10,24,42,44,47,355,934],interact:[2,3,22,24,40,371,895],intercept:[29,912],interest:[22,36,890,896],interfac:[3,11,15,20,21,24,29,35,47,886,890,892,895,906,911,914],interface_modname_initvt:911,interface_module_initvt:911,interface_plugin:911,interfer:893,intermedi:[21,22,24,44,231,899,900,906,927],intern:[25,37,42,108,720,836,908,909,910,914,916,917,918,919,921,923,941],internet:39,interoper:[38,385,386,886],interpos:[29,914],interpret:[3,37,44,47,155,252,912,930,934,936],interprocess_token:912,interrupt:[15,267,907],intersect:27,interv:[3,8,24,35,36,885,887],interven:24,intervent:15,introduc:[3,21,22,909,913,917,918,920],intrud:927,invalid:[15,22,24,51,137,140,159,267,320,927,930,931],invers:903,investig:895,invis:26,invoc:[6,42,44],invok:[4,8,9,11,12,22,24,25,47,81,137,252,389,912,919,920,921,930,932,934],involv:[22,919],iov:[49,101,104,295,297,816,906],iov_count:44,iprop:[4,8,21,906,907],iprop_en:[4,8,21,24],iprop_hdr:907,iprop_listen:21,iprop_logfil:[21,24],iprop_master_ulogs:[21,24],iprop_port:[21,24],iprop_replica_pol:[8,21,24],iprop_resync_timeout:[21,24],iprop_slave_pol:21,ipropd_svc:907,ipv4:39,ipv6:[22,39,906],iran:907,is_last_req:[252,827],is_skei:[156,738,815,899],isi:934,isn:[21,24,337,890,893,907],iso:894,isol:40,issu:[2,3,15,21,22,24,27,30,33,36,37,38,40,44,47,325,414,873,895,906,910,919,927,930],issuanc:[3,24],issuer:[22,38,325,414],issueraltnam:38,item:[23,260,720,911,919],iter:[3,21,24,25,49,168,362,806,908,922],iterator_cr:922,iterator_fre:922,its:[3,4,8,10,15,16,18,21,22,24,25,27,29,30,33,34,35,36,38,39,40,41,42,44,47,49,88,90,93,108,118,235,276,303,335,359,362,363,384,414,887,898,899,907,908,909,910,911,912,919,923,929,930,931,939],itself:[3,4,8,10,15,16,21,22,24,29,44,47,205,206,207,208,209,210,213,214,215,216,219,222,223,228,338,725,815,886,889,891,912,919,927],ivec:[193,197],januari:[24,885,887],jellinghau:907,jennif:[3,24,926,927,941],jeremi:907,jimi:12,job:[8,18,35,40],joeadmin:[20,24,33,940],joeuser:941,johndo:22,jqpublic:934,json:[3,37,47,371,374,727,729,899],jul:887,juli:887,just:[6,15,16,21,22,24,34,35,44,330,641,886,893,896,910,927,934,940],k5_gic_opt:[242,267],k5_random_kei:[116,125],k5_vic_opt:[417,418],k5ident:[22,29,925,938],k5login:[22,29,925,926,934,938],k5login_authorit:[22,29,940],k5login_directori:[22,29],k5srvutil:[1,15,889],k5user:934,k5wiki:[893,906,924],kadm5:[3,4,6,19,21,22,24,25,35,892,905,906,907,914,916],kadm5_auth:[20,906,914],kadm5_auth_modinfo:916,kadm5_auth_plugin:916,kadm5_auth_restrict:916,kadm5_hook:[906,914],kadm5_hook_modinfo:917,kadm5_hook_plugin:917,kadm5_pass_q_:923,kadm:933,kadmin5:33,kadmin:[1,2,4,5,6,10,11,12,15,16,17,20,21,22,23,25,26,27,33,35,36,38,40,41,44,173,252,385,886,887,889,892,906,907,914,917,932,933,941],kadmind:[1,3,5,9,20,21,22,23,24,25,27,29,35,40,123,891,906,914,932,941],kadmind_listen:21,kadmind_port:[4,21,35],kaduk:15,kbd5_util:24,kbuild:892,kcm:[22,886,906,907,941],kcm_mach_servic:22,kcm_socket:22,kdb5_err:907,kdb5_ldap_util:[1,3,4,10,14,21,23,24,25],kdb5_util:[1,4,7,8,10,11,15,21,24,25,35,887,892,905,906,941],kdb5_util_path:4,kdb5_util_prog:8,kdb:[4,14,24,25,36,892,906,907,914,918,930,933],kdb_convert:907,kdb_log:907,kdc1:40,kdc2:40,kdc:[3,4,5,6,8,9,10,11,14,16,17,18,19,20,22,23,24,25,26,27,30,32,33,34,37,41,44,47,49,102,108,120,173,231,237,242,248,252,254,265,267,276,337,343,344,345,346,416,544,546,563,654,727,821,834,835,854,855,873,886,889,891,892,895,896,899,901,902,906,909,910,913,914,915,921,923,927,930,941],kdc_cert:38,kdc_default_opt:22,kdc_err_more_preauth_data_requir:906,kdc_listen:[21,35],kdc_max_dgram_reply_s:21,kdc_opt_allow_postd:778,kdc_opt_canonic:778,kdc_opt_cname_in_addl_tkt:778,kdc_opt_disable_transited_check:778,kdc_opt_enc_tkt_in_skei:778,kdc_opt_forward:778,kdc_opt_postd:778,kdc_opt_proxi:778,kdc_opt_renew:778,kdc_opt_renewable_ok:[22,778],kdc_opt_request_anonym:778,kdc_opt_valid:778,kdc_option:835,kdc_port:21,kdc_princ_nam:38,kdc_princip:38,kdc_principal_seq:38,kdc_req_checksum_typ:22,kdc_tcp_listen:[21,35,38],kdc_tcp_listen_backlog:21,kdc_tcp_port:21,kdc_timesync:22,kdc_tkt_common_mask:778,kdcdefault:[10,35,38,41],kdcissu:49,kdckei:38,kdclist:35,kdcpolici:[906,914],kdcpolicy_plugin:918,kdcpreauth:[906,914],kdcpreauth_mymech_initvt:911,kdcpreauth_plugin:919,kdcproxi:30,kdestroi:[34,886,906,925,928,930,931,935,936,941],keep:[3,9,16,24,36,890,893,894,926],keepkvno:3,keepold:[3,15,24,906],kei:[2,3,5,6,9,10,11,12,14,16,17,20,21,22,26,29,33,35,37,38,39,41,42,44,47,49,74,78,88,90,101,104,106,107,109,114,115,118,120,130,131,142,156,158,188,223,231,236,241,265,283,284,287,299,300,312,313,318,325,329,334,343,344,345,346,354,357,362,366,367,414,416,441,442,664,729,739,745,802,814,815,821,822,823,836,837,839,889,890,891,892,895,896,899,900,901,905,906,910,919,927,930,931,936,941],kept:[3,18,21,24,33],kerber:[15,34,35,934],kerbero:[2,3,4,5,6,7,8,9,10,11,12,15,19,20,21,22,25,26,27,28,29,31,32,33,34,37,38,39,43,44,46,47,48,49,57,63,65,66,68,70,73,74,75,77,78,79,80,82,83,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,103,104,105,106,107,108,109,112,113,114,115,116,118,119,121,122,123,125,126,127,130,131,134,135,136,142,143,146,148,150,151,152,153,154,155,156,158,159,160,161,162,164,165,166,167,168,170,171,172,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,221,224,230,231,234,236,242,243,245,255,267,268,269,271,272,273,274,275,278,279,280,281,282,283,284,285,286,287,289,294,295,296,297,301,302,303,305,306,307,308,310,311,313,315,316,319,320,321,322,323,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,347,348,350,355,357,358,359,360,361,362,363,364,366,367,377,378,379,380,381,385,386,387,388,392,399,400,401,403,404,405,406,407,408,409,410,411,412,416,886,887,889,890,891,892,893,895,896,898,899,914,917,920,922,924,925,926,929,930,931,932,933,934,935,936,937,938,939,940],kerberosnf:43,kerboro:19,kern:21,kernel:[886,892,906],key_data:[293,300],key_exp:821,key_stash_fil:[6,21,24,35],keyagr:38,keyblock:[49,71,76,91,102,108,116,118,222,223,231,287,288,335,356,362,396,815,899],keyboard:[4,6,10,24,49],keybyt:113,keydata:6,keyencipher:[22,38],keyexchang:108,keyfil:[6,21,23,24],keyfilenam:22,keyid:38,keyindex:6,keyinfo:6,keylength:113,keylist:[11,16],keyprocarg:320,keyr:[886,906,941],keysalt:[2,3,16,24,905],keyspac:15,keytab:[2,3,7,8,11,12,15,18,22,24,29,32,42,44,47,49,309,315,316,317,319,322,323,362,366,367,418,886,888,890,891,895,896,899,902,905,906,930,931,933,934,941],keytab_fil:930,keytab_nam:931,keytab_out:308,keytabl:839,keytabnam:895,keytyp:10,keyusag:38,keyword:[22,887],kfw:906,kill:35,kind:[39,44,106,886,890,907,910,912,919],kinit:[3,12,17,22,23,24,29,30,34,35,36,38,42,47,886,887,910,925,928,929,931,934,935,936,937,941],kiprop:[4,8,24],kkdcp:[30,40,906,907],klau:907,kldap:[14,21],klein:907,klist:[15,16,34,886,889,925,928,929,930,934,935,941],klmdb:21,know:[22,34,36,38,890,895,912,927],knowledg:[0,15,18,416,910,919],known:[6,21,24,27,39,47,49,155,238,322,647,648,890,896,906,939],korea:907,kpasswd:[3,4,15,16,21,22,24,30,34,906,925,926,928,941],kpasswd_listen:21,kpasswd_port:21,kpasswd_serv:[22,30,40],kpclientauth:21,kpkdc:22,kprop:[1,4,6,8,16,24,25,35,36,892,905,907,941],kprop_path:4,kprop_port:[4,905,941],kpropd:[1,4,7,9,24,35,42,892,905,906],kpropd_rpc:907,kproplog:[1,8,907],kpserverauth:[22,38],krb4:906,krb524:22,krb524_convert_creds_kdc:778,krb524_init_et:778,krb524_krb4_disabl:52,krb5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,23,24,25,26,27,28,29,30,31,32,33,34,36,37,38,39,40,41,42,43,44,45,46,47,48,50,51,52,53,54,55,56,57,58,59,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,213,214,215,216,217,218,219,220,221,222,223,224,225,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,277,278,279,280,281,282,283,284,285,286,287,288,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,779,780,781,782,783,784,785,786,787,788,789,790,791,792,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,934,935,936,937,938,939,940,941],krb5_425_conv_princip:49,krb5_524_conv_princip:49,krb5_524_convert_cr:[49,779],krb5_address:[53,54,55,65,83,85,179,205,239,240,241,247,336,793,813,814,815,821,822,829,835],krb5_address_compar:49,krb5_address_ord:49,krb5_address_search:49,krb5_addrtyp:[793,794],krb5_allow_weak_crypto:49,krb5_altauth_att_challenge_respons:778,krb5_aname_to_localnam:[49,906,920],krb5_anonymous_princip:49,krb5_anonymous_princstr:[58,778],krb5_anonymous_realm:49,krb5_anonymous_realmstr:[59,778],krb5_ap_rep:[778,793],krb5_ap_rep_enc_part:[49,360,378,793],krb5_ap_req:[778,793],krb5_appdefault_boolean:[49,61],krb5_appdefault_str:[49,60],krb5_as_rep:[778,834],krb5_as_req:[778,835],krb5_auth_con_fre:[49,79],krb5_auth_con_genaddr:[49,83,85],krb5_auth_con_get_checksum_func:49,krb5_auth_con_getaddr:[45,49],krb5_auth_con_getauthent:49,krb5_auth_con_getflag:49,krb5_auth_con_getkei:49,krb5_auth_con_getkey_k:49,krb5_auth_con_getlocalseqnumb:49,krb5_auth_con_getlocalsubkei:49,krb5_auth_con_getrcach:49,krb5_auth_con_getrecvsubkei:[49,76],krb5_auth_con_getrecvsubkey_k:49,krb5_auth_con_getremoteseqnumb:49,krb5_auth_con_getremotesubkei:49,krb5_auth_con_getsendsubkei:[49,71],krb5_auth_con_getsendsubkey_k:49,krb5_auth_con_init:[49,62],krb5_auth_con_initivector:49,krb5_auth_con_set_checksum_func:49,krb5_auth_con_set_req_cksumtyp:49,krb5_auth_con_setaddr:[45,49],krb5_auth_con_setflag:[49,79],krb5_auth_con_setport:[45,49],krb5_auth_con_setrcach:49,krb5_auth_con_setrecvsubkei:[45,49],krb5_auth_con_setrecvsubkey_k:49,krb5_auth_con_setsendsubkei:[45,49],krb5_auth_con_setsendsubkey_k:49,krb5_auth_con_setuseruserkei:[49,362],krb5_auth_context:[49,63,64,65,66,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,85,86,87,88,89,90,91,230,327,329,330,331,332,333,334,335,357,359,360,361,362,363,366,367,378,793,845],krb5_auth_context_do_sequ:[67,70,75,84,330,331,335,359,363,778],krb5_auth_context_do_tim:[67,79,84,330,335,359,363,778],krb5_auth_context_generate_local_addr:[63,778],krb5_auth_context_generate_local_full_addr:[63,778],krb5_auth_context_generate_remote_addr:[63,778],krb5_auth_context_generate_remote_full_addr:[63,778],krb5_auth_context_permit_al:778,krb5_auth_context_ret_sequ:[67,84,329,330,331,335,357,359,363,778],krb5_auth_context_ret_tim:[67,84,329,330,335,357,359,363,778],krb5_auth_context_use_subkei:778,krb5_authdata:[180,191,196,202,207,325,326,414,793,802,815,822,835],krb5_authdata_and_or:778,krb5_authdata_auth_ind:778,krb5_authdata_cammac:778,krb5_authdata_etype_negoti:778,krb5_authdata_fx_armor:778,krb5_authdata_if_relev:778,krb5_authdata_initial_verified_ca:778,krb5_authdata_kdc_issu:778,krb5_authdata_mandatory_for_kdc:778,krb5_authdata_osf_dc:778,krb5_authdata_sesam:778,krb5_authdata_signticket:778,krb5_authdata_win2k_pac:778,krb5_authdatatyp:[191,196,202,793,800],krb5_authent:[49,66,793,875],krb5_bad_enctyp:[117,293],krb5_boolean:[53,55,56,106,110,111,128,129,130,131,163,199,260,290,291,292,305,306,324,344,346,351,352,353,365,391,793,815,827,849],krb5_build_princip:[47,48,49,93],krb5_build_principal_alloc_va:[48,49,92,95],krb5_build_principal_ext:[48,49],krb5_build_principal_va:49,krb5_c_:[124,193,195,197,198,203,204,288,354,356,413],krb5_c_block_siz:49,krb5_c_checksum_length:[49,175],krb5_c_crypto_length:49,krb5_c_crypto_length_iov:49,krb5_c_decrypt:[49,294],krb5_c_decrypt_iov:[49,104,295],krb5_c_derive_prfplu:[49,906],krb5_c_encrypt:49,krb5_c_encrypt_iov:[49,297],krb5_c_encrypt_length:[49,103,296],krb5_c_enctype_compar:49,krb5_c_free_stat:49,krb5_c_fx_cf2_simpl:49,krb5_c_init_st:49,krb5_c_is_coll_proof_cksum:49,krb5_c_is_keyed_cksum:49,krb5_c_keyed_checksum_typ:49,krb5_c_keylength:[49,125],krb5_c_make_checksum:[49,132,301],krb5_c_make_checksum_iov:[49,131,302],krb5_c_make_random_kei:49,krb5_c_padding_length:49,krb5_c_prf:[49,120,303],krb5_c_prf_length:[49,118],krb5_c_prfplu:[49,906],krb5_c_random_add_entropi:49,krb5_c_random_make_octet:49,krb5_c_random_os_entropi:49,krb5_c_random_se:49,krb5_c_random_to_kei:49,krb5_c_string_to_kei:[49,127,396],krb5_c_string_to_key_with_param:49,krb5_c_valid_cksumtyp:49,krb5_c_valid_enctyp:49,krb5_c_verify_checksum:[49,114,301,305,415],krb5_c_verify_checksum_iov:[49,115,306],krb5_calculate_checksum:49,krb5_cc_badnam:230,krb5_cc_cache_match:49,krb5_cc_close:[49,133,157,168],krb5_cc_copy_cr:49,krb5_cc_cursor:[140,153,161,793],krb5_cc_default:49,krb5_cc_default_nam:[49,136,159],krb5_cc_destroi:49,krb5_cc_dup:49,krb5_cc_end_seq_get:[49,161],krb5_cc_gen_new:49,krb5_cc_get_config:49,krb5_cc_get_flag:49,krb5_cc_get_full_nam:49,krb5_cc_get_nam:49,krb5_cc_get_princip:[48,49],krb5_cc_get_typ:49,krb5_cc_initi:[49,146],krb5_cc_last_change_tim:49,krb5_cc_lock:[49,165],krb5_cc_move:49,krb5_cc_new_uniqu:49,krb5_cc_next_cr:[49,140],krb5_cc_nosupp:154,krb5_cc_notfound:[133,157,169],krb5_cc_remove_cr:49,krb5_cc_resolv:[49,145],krb5_cc_retrieve_cr:[49,154],krb5_cc_select:49,krb5_cc_set_config:[45,49,290],krb5_cc_set_default_nam:[49,137],krb5_cc_set_flag:49,krb5_cc_start_seq_get:[49,140,153],krb5_cc_store_cr:49,krb5_cc_support_switch:49,krb5_cc_switch:49,krb5_cc_unlock:[49,150],krb5_ccach:[133,134,135,136,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,160,161,162,164,165,168,230,231,232,233,239,240,241,253,257,258,271,274,333,378,386,406,416,793],krb5_ccache_conf_data:899,krb5_cccol:908,krb5_cccol_cursor:[166,167,168,793],krb5_cccol_cursor_fre:[49,167,168],krb5_cccol_cursor_new:[49,166,168],krb5_cccol_cursor_next:[49,166,167],krb5_cccol_have_cont:49,krb5_cccol_last_change_tim:[45,49],krb5_cccol_lock:[49,172],krb5_cccol_unlock:[49,171],krb5_ccselect_moddata:908,krb5_ccselect_vt:911,krb5_change_password:[49,176],krb5_check_clockskew:49,krb5_checksum:[49,114,130,132,301,305,415,793,802,850],krb5_checksum_s:49,krb5_chpw_fail:267,krb5_chpw_messag:49,krb5_chpw_pwdnull:267,krb5_cksumtyp:[82,97,110,111,112,114,115,128,131,132,175,177,211,301,302,306,393,415,793,807],krb5_cksumtype_to_str:49,krb5_clear_error_messag:49,krb5_client_ktnam:[889,905,941],krb5_clpreauth_moddata:910,krb5_clpreauth_modreq:910,krb5_config:[8,22,35,905,906,941],krb5_config_cantopen:51,krb5_config_notenufspac:[57,311],krb5_const:778,krb5_const_point:[132,193,197,415,793],krb5_const_princip:[51,57,58,142,158,189,290,315,325,343,344,345,346,350,351,352,353,362,365,391,408,409,410,411,793],krb5_context:[45,47,49,50,51,52,53,54,55,56,57,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,178,179,180,181,182,184,185,186,187,188,189,190,191,193,195,196,197,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,252,253,254,255,257,258,259,260,264,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,378,379,380,382,383,384,385,386,387,389,390,391,392,396,399,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,419,420,421,422,793,827,845,854,855,861,866,877,911],krb5_copy_address:49,krb5_copy_authdata:49,krb5_copy_authent:49,krb5_copy_checksum:49,krb5_copy_context:49,krb5_copy_cr:49,krb5_copy_data:[49,854,855],krb5_copy_error_messag:49,krb5_copy_keyblock:49,krb5_copy_keyblock_cont:49,krb5_copy_princip:[48,49],krb5_copy_ticket:49,krb5_cred:[47,49,52,153,154,156,162,173,227,231,232,233,239,240,241,242,267,271,274,279,327,329,334,357,378,385,404,406,416,778,793],krb5_cred_enc_part:[793,812],krb5_cred_info:[793,813],krb5_crypto_iov:[99,101,104,115,131,295,297,302,306,793],krb5_crypto_typ:[98,816],krb5_crypto_type_checksum:[115,131,302,306,778],krb5_crypto_type_data:[115,131,302,306,778],krb5_crypto_type_empti:778,krb5_crypto_type_head:778,krb5_crypto_type_pad:778,krb5_crypto_type_sign_onli:[99,115,131,302,306,778],krb5_crypto_type_stream:778,krb5_crypto_type_trail:778,krb5_cryptotyp:[98,793,816],krb5_cybersafe_secureid:778,krb5_data:[49,59,60,61,100,101,102,103,104,107,109,114,118,120,121,122,124,125,126,127,130,142,158,173,176,192,230,236,237,265,272,286,291,294,295,296,297,301,303,305,327,328,329,330,331,332,333,334,335,337,339,343,344,350,357,358,359,360,361,362,363,367,378,385,386,396,407,793,810,815,816,820,825,829,845,850,854,855,857,858,859,871,879,884],krb5_db_entri:909,krb5_decode_authdata_contain:[49,196],krb5_decode_ticket:49,krb5_decrypt:49,krb5_deltat:[194,242,263,266,267,282,394,793,829],krb5_deltat_badformat:394,krb5_deltat_to_str:49,krb5_domain_x500_compress:778,krb5_eblock_enctyp:49,krb5_enc_data:[100,103,294,296,793,796,798,812,834,835,872],krb5_enc_kdc_rep_part:[793,834],krb5_enc_tkt_part:[793,872],krb5_encode_authdata_contain:[49,191],krb5_encpadata_req_enc_pa_rep:778,krb5_encrypt:49,krb5_encrypt_block:[193,195,197,203,204,288,354,356,396,413,793],krb5_encrypt_s:49,krb5_enctyp:[96,98,99,102,105,106,112,113,116,117,119,125,126,127,129,195,198,199,200,218,236,239,240,241,251,268,287,299,315,320,381,395,413,793,820,823,829,835,837],krb5_enctype_to_nam:49,krb5_enctype_to_str:49,krb5_end_seq_get:153,krb5_error:[219,280,328,358,378,778,793],krb5_error_cod:[47,50,51,56,57,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,130,131,132,133,134,135,136,138,139,140,141,142,143,144,146,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,164,165,166,167,168,169,170,171,172,173,174,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,193,194,196,197,199,200,201,202,203,204,221,224,230,231,232,233,234,235,236,237,238,239,240,241,242,243,245,252,253,254,255,257,258,259,260,264,267,268,269,271,272,273,274,275,276,278,279,280,281,282,283,284,285,286,287,288,289,293,294,295,296,297,300,301,302,303,305,306,307,308,309,310,311,312,313,314,315,316,318,319,320,321,322,323,325,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,343,344,345,346,347,348,349,350,354,355,356,357,358,359,360,361,362,363,364,366,367,371,372,374,375,376,377,378,379,380,381,382,385,386,387,388,389,390,392,393,394,395,396,397,398,399,400,401,403,404,405,406,407,408,409,410,411,412,413,414,415,416,419,420,421,422,793,844,845,854,855,861,866,911],krb5_expand_hostnam:49,krb5_expire_callback_func:[252,793],krb5_fast_requir:[255,778],krb5_fcc_intern:136,krb5_fences_vt:911,krb5_fences_vtable_v2:911,krb5_find_authdata:49,krb5_finish_kei:49,krb5_finish_random_kei:49,krb5_flag:[143,154,156,160,231,232,233,239,240,241,245,255,276,333,334,362,378,406,793,798,814,815,821,822,829,835,868,875,883],krb5_free_address:[49,179,336],krb5_free_ap_rep_enc_part:[49,360,378],krb5_free_authdata:[49,180,202,326],krb5_free_authent:[49,66,181],krb5_free_checksum:[49,182],krb5_free_checksum_cont:[49,114,301],krb5_free_cksumtyp:[49,112],krb5_free_context:[49,137,183,275,289],krb5_free_cr:[49,184,231,378],krb5_free_cred_cont:[47,49,153,156,279,404],krb5_free_data:[49,185],krb5_free_data_cont:[49,142,236,328,331,332,333,334,335,339,343,363],krb5_free_default_realm:[49,234],krb5_free_enctyp:[49,268],krb5_free_error:[49,358,378],krb5_free_error_messag:[49,235],krb5_free_host_realm:[49,237,238],krb5_free_keyblock:[49,68,73,77,187,287,320],krb5_free_keyblock_cont:[49,116,126,127,188],krb5_free_keytab_entry_cont:[49,314,315],krb5_free_princip:[47,48,49,50,92,93,94,146,157,189,347,348,392],krb5_free_str:[49,144,176,201],krb5_free_tgt_cr:[49,357],krb5_free_ticket:[49,190,362,366],krb5_free_unparsed_nam:[49,408,410],krb5_fwd_tgt_cred:49,krb5_gc:406,krb5_gc_cach:[231,778],krb5_gc_canonic:778,krb5_gc_constrained_deleg:778,krb5_gc_forward:778,krb5_gc_no_stor:778,krb5_gc_no_transit_check:778,krb5_gc_user_us:[231,778],krb5_generate_seq_numb:331,krb5_get_credenti:[49,378,383,384,406],krb5_get_credentials_renew:49,krb5_get_credentials_valid:49,krb5_get_default_realm:49,krb5_get_error_messag:[49,826],krb5_get_etype_info:[49,906],krb5_get_fallback_host_realm:49,krb5_get_host_realm:[49,392],krb5_get_in_tkt_with_keytab:49,krb5_get_in_tkt_with_password:49,krb5_get_in_tkt_with_skei:49,krb5_get_init_cr:[241,257,258],krb5_get_init_creds_keytab:[49,239],krb5_get_init_creds_opt:[47,236,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,282,793],krb5_get_init_creds_opt_address_list:778,krb5_get_init_creds_opt_alloc:[47,49,244,246],krb5_get_init_creds_opt_anonym:778,krb5_get_init_creds_opt_canonic:778,krb5_get_init_creds_opt_chg_pwd_prmpt:778,krb5_get_init_creds_opt_etype_list:778,krb5_get_init_creds_opt_forward:778,krb5_get_init_creds_opt_fre:[47,49,243],krb5_get_init_creds_opt_get_fast_flag:49,krb5_get_init_creds_opt_init:49,krb5_get_init_creds_opt_preauth_list:778,krb5_get_init_creds_opt_proxi:778,krb5_get_init_creds_opt_renew_lif:778,krb5_get_init_creds_opt_salt:778,krb5_get_init_creds_opt_set_address_list:49,krb5_get_init_creds_opt_set_anonym:[47,49],krb5_get_init_creds_opt_set_canonic:49,krb5_get_init_creds_opt_set_change_password_prompt:49,krb5_get_init_creds_opt_set_etype_list:[49,236],krb5_get_init_creds_opt_set_expire_callback:49,krb5_get_init_creds_opt_set_fast_ccach:49,krb5_get_init_creds_opt_set_fast_ccache_nam:[49,236,253],krb5_get_init_creds_opt_set_fast_flag:[49,254],krb5_get_init_creds_opt_set_forward:49,krb5_get_init_creds_opt_set_in_ccach:49,krb5_get_init_creds_opt_set_out_ccach:49,krb5_get_init_creds_opt_set_pa:[49,261],krb5_get_init_creds_opt_set_pac_request:49,krb5_get_init_creds_opt_set_preauth_list:49,krb5_get_init_creds_opt_set_proxi:49,krb5_get_init_creds_opt_set_renew_lif:49,krb5_get_init_creds_opt_set_respond:[47,49],krb5_get_init_creds_opt_set_salt:[49,261],krb5_get_init_creds_opt_set_tkt_lif:[47,49],krb5_get_init_creds_opt_tkt_lif:778,krb5_get_init_creds_password:[47,49,240,250,252,355],krb5_get_permitted_enctyp:49,krb5_get_profil:49,krb5_get_prompt_typ:[47,49],krb5_get_renewed_cr:[49,232],krb5_get_server_rcach:49,krb5_get_time_offset:49,krb5_get_validated_cr:[49,233],krb5_gic_opt_pa_data:793,krb5_init_context:[49,212],krb5_init_context_kdc:[276,778],krb5_init_context_profil:49,krb5_init_context_secur:[276,778],krb5_init_creds_context:[277,278,279,280,281,282,283,284,285,286,793],krb5_init_creds_fre:[49,282],krb5_init_creds_get:[49,279,281,282],krb5_init_creds_get_cr:[49,278],krb5_init_creds_get_error:49,krb5_init_creds_get_tim:49,krb5_init_creds_init:[49,277,278,286,355],krb5_init_creds_set_keytab:49,krb5_init_creds_set_password:49,krb5_init_creds_set_servic:49,krb5_init_creds_step:[49,279,281,282],krb5_init_creds_step_flag_continu:[286,778],krb5_init_keyblock:49,krb5_init_random_kei:49,krb5_init_secure_context:[49,212,275],krb5_int16:793,krb5_int16_max:[567,778],krb5_int16_min:778,krb5_int32:[67,70,75,84,273,366,367,377,388,392,397,412,793,795,797,801,802,808,810,813,817,819,821,824,825,826,828,835,840,843,856,857,858,860,864,868,870,871,874,880],krb5_int32_max:[569,778],krb5_int32_min:778,krb5_invalid_princip:51,krb5_is_config_princip:[48,49],krb5_is_referral_realm:49,krb5_is_thread_saf:49,krb5_k:836,krb5_k_create_kei:49,krb5_k_decrypt:49,krb5_k_decrypt_iov:[49,297],krb5_k_encrypt:49,krb5_k_encrypt_iov:[49,295],krb5_k_free_kei:[49,69,74,78,293],krb5_k_key_enctyp:49,krb5_k_key_keyblock:49,krb5_k_make_checksum:[49,114],krb5_k_make_checksum_iov:[49,115,306],krb5_k_prf:49,krb5_k_reference_kei:49,krb5_k_verify_checksum:[49,130],krb5_k_verify_checksum_iov:[49,131,302],krb5_kdc_profil:[8,10,21,35,905,906,941],krb5_kdc_rep:[239,240,241,793],krb5_kdc_req:793,krb5_kdc_unreach:267,krb5_kdcpolicy_moddata:918,krb5_kdcpreauth_moddata:919,krb5_kdcpreauth_modreq:919,krb5_kdcrep_modifi:274,krb5_kdcrep_skew:274,krb5_kei:[49,69,74,78,88,90,294,295,296,297,298,301,302,303,304,305,306,793],krb5_key_st:836,krb5_keyblock:[49,68,71,73,76,77,87,89,91,100,101,102,103,104,107,108,109,114,115,116,118,120,125,126,127,130,131,187,188,241,288,293,300,320,325,343,344,345,346,354,356,396,414,793,797,802,814,815,821,822,823,839],krb5_keytab:[239,242,283,307,308,309,310,312,313,315,316,317,318,319,321,322,323,362,366,367,379,416,793],krb5_keytab_entri:[224,307,314,315,319,321,793],krb5_keytab_entry_st:839,krb5_keyusag:[100,101,103,104,109,114,115,130,131,294,295,296,297,301,302,305,306,793],krb5_keyusage_ad_it:778,krb5_keyusage_ad_kdcissued_cksum:778,krb5_keyusage_ad_mt:778,krb5_keyusage_ad_signedpath:778,krb5_keyusage_ap_rep_encpart:778,krb5_keyusage_ap_req_auth:778,krb5_keyusage_ap_req_auth_cksum:778,krb5_keyusage_app_data_cksum:778,krb5_keyusage_app_data_encrypt:778,krb5_keyusage_as_rep_encpart:778,krb5_keyusage_as_req:778,krb5_keyusage_as_req_pa_enc_t:778,krb5_keyusage_cammac:778,krb5_keyusage_enc_challenge_cli:778,krb5_keyusage_enc_challenge_kdc:778,krb5_keyusage_fast_enc:778,krb5_keyusage_fast_finish:778,krb5_keyusage_fast_rep:778,krb5_keyusage_fast_req_chksum:778,krb5_keyusage_gss_tok_m:778,krb5_keyusage_gss_tok_wrap_integ:778,krb5_keyusage_gss_tok_wrap_priv:778,krb5_keyusage_iakerb_finish:778,krb5_keyusage_kdc_rep_ticket:778,krb5_keyusage_krb_cred_encpart:778,krb5_keyusage_krb_error_cksum:778,krb5_keyusage_krb_priv_encpart:778,krb5_keyusage_krb_safe_cksum:778,krb5_keyusage_pa_as_fresh:778,krb5_keyusage_pa_fx_cooki:778,krb5_keyusage_pa_otp_request:778,krb5_keyusage_pa_pkinit_kx:778,krb5_keyusage_pa_s4u_x509_user_repli:[606,778],krb5_keyusage_pa_s4u_x509_user_request:[605,778],krb5_keyusage_pa_sam_challenge_cksum:778,krb5_keyusage_pa_sam_challenge_trackid:[603,778],krb5_keyusage_pa_sam_respons:[602,778],krb5_keyusage_spak:778,krb5_keyusage_tgs_rep_encpart_sesskei:778,krb5_keyusage_tgs_rep_encpart_subkei:778,krb5_keyusage_tgs_req_ad_sesskei:778,krb5_keyusage_tgs_req_ad_subkei:778,krb5_keyusage_tgs_req_auth:778,krb5_keyusage_tgs_req_auth_cksum:778,krb5_kpasswd_accessdeni:778,krb5_kpasswd_autherror:[173,778],krb5_kpasswd_bad_vers:778,krb5_kpasswd_harderror:[173,778],krb5_kpasswd_initial_flag_need:778,krb5_kpasswd_malform:[173,778],krb5_kpasswd_softerror:[173,778],krb5_kpasswd_success:[173,385,778],krb5_kt_add_entri:49,krb5_kt_client_default:49,krb5_kt_close:[49,322],krb5_kt_cursor:[313,319,323,793],krb5_kt_default:49,krb5_kt_default_nam:49,krb5_kt_dup:49,krb5_kt_end:319,krb5_kt_end_seq_get:[49,323],krb5_kt_free_entri:[49,319],krb5_kt_get_entri:49,krb5_kt_get_nam:49,krb5_kt_get_typ:49,krb5_kt_have_cont:49,krb5_kt_name_toolong:316,krb5_kt_next_entri:49,krb5_kt_notfound:318,krb5_kt_nowrit:[307,321],krb5_kt_read_service_kei:49,krb5_kt_remove_entri:49,krb5_kt_resolv:49,krb5_kt_start_seq_get:[49,313],krb5_ktname:[44,889,905,941],krb5_kuserok:[48,49,906,920],krb5_kvno:[315,320,793,820,839],krb5_last_req_entri:[793,821],krb5_ldif:14,krb5_libos_badpwdmatch:[267,364],krb5_libos_pwdintr:267,krb5_lname_no_tran:920,krb5_lname_notran:57,krb5_lrq_all_acct_exptim:778,krb5_lrq_all_last_initi:778,krb5_lrq_all_last_renew:778,krb5_lrq_all_last_req:778,krb5_lrq_all_last_tgt:778,krb5_lrq_all_last_tgt_issu:778,krb5_lrq_all_pw_exptim:778,krb5_lrq_none:778,krb5_lrq_one_acct_exptim:778,krb5_lrq_one_last_initi:778,krb5_lrq_one_last_renew:778,krb5_lrq_one_last_req:778,krb5_lrq_one_last_tgt:778,krb5_lrq_one_last_tgt_issu:778,krb5_lrq_one_pw_exptim:778,krb5_magic:[793,794,796,797,798,800,802,807,810,812,813,814,815,818,820,821,822,823,825,834,835,837,839,843,848,857,858,862,871,872,875,879,880,884],krb5_make_authdata_kdc_issu:49,krb5_merge_authdata:49,krb5_mk_1cred:49,krb5_mk_error:49,krb5_mk_ncred:[49,327],krb5_mk_priv:[49,80],krb5_mk_rep:49,krb5_mk_rep_dc:49,krb5_mk_req:[49,81,82,334],krb5_mk_req_checksum_func:[64,81,793],krb5_mk_req_extend:[49,333],krb5_mk_safe:[49,330],krb5_msgtype:[504,505,506,507,531,543,707,730,748,749,793,821,834,835],krb5_no_2nd_tkt:274,krb5_no_tkt_suppli:[230,274],krb5_nt_ent_principal_and_id:778,krb5_nt_enterprise_princip:778,krb5_nt_ms_princip:778,krb5_nt_ms_principal_and_id:778,krb5_nt_princip:778,krb5_nt_smtp_name:778,krb5_nt_srv_hst:[230,392,778],krb5_nt_srv_inst:778,krb5_nt_srv_xhst:778,krb5_nt_uid:778,krb5_nt_unknown:[392,778],krb5_nt_wellknown:778,krb5_nt_x500_princip:778,krb5_octet:[793,794,800,807,837,848,871,879,880],krb5_os_localaddr:49,krb5_pa_data:[793,821,834,835],krb5_pa_pac_req:793,krb5_pa_server_referral_data:793,krb5_pa_svr_referral_data:793,krb5_pac:[337,338,339,340,341,342,343,344,345,346,793],krb5_pac_add_buff:49,krb5_pac_client_info:[337,778],krb5_pac_credentials_info:[337,778],krb5_pac_data:852,krb5_pac_delegation_info:[337,778],krb5_pac_fre:[49,341,342],krb5_pac_get_buff:49,krb5_pac_get_typ:49,krb5_pac_init:49,krb5_pac_logon_info:[337,778],krb5_pac_pars:49,krb5_pac_privsvr_checksum:[337,778],krb5_pac_server_checksum:[337,778],krb5_pac_sign:[49,344],krb5_pac_sign_ext:49,krb5_pac_upn_dns_info:[337,778],krb5_pac_verifi:[49,346],krb5_pac_verify_ext:49,krb5_padata_afs3_salt:778,krb5_padata_ap_req:[694,778],krb5_padata_as_checksum:778,krb5_padata_as_fresh:778,krb5_padata_enc_sandia_securid:778,krb5_padata_enc_timestamp:778,krb5_padata_enc_unix_tim:778,krb5_padata_encrypted_challeng:778,krb5_padata_etype_info2:778,krb5_padata_etype_info:778,krb5_padata_for_us:778,krb5_padata_fx_cooki:778,krb5_padata_fx_error:778,krb5_padata_fx_fast:778,krb5_padata_get_from_typed_data:778,krb5_padata_non:778,krb5_padata_osf_dc:778,krb5_padata_otp_challeng:778,krb5_padata_otp_pin_chang:778,krb5_padata_otp_request:778,krb5_padata_pac_request:778,krb5_padata_pk_as_rep:778,krb5_padata_pk_as_rep_old:778,krb5_padata_pk_as_req:778,krb5_padata_pk_as_req_old:778,krb5_padata_pkinit_kx:778,krb5_padata_pw_salt:778,krb5_padata_referr:778,krb5_padata_s4u_x509_us:778,krb5_padata_sam_challeng:778,krb5_padata_sam_challenge_2:778,krb5_padata_sam_redirect:778,krb5_padata_sam_respons:778,krb5_padata_sam_response_2:778,krb5_padata_sesam:778,krb5_padata_spak:778,krb5_padata_svr_referral_info:778,krb5_padata_tgs_req:778,krb5_padata_use_specified_kvno:778,krb5_parse_nam:[47,48,49,348,408],krb5_parse_name_flag:[48,49],krb5_plugin_no_handl:[913,916,920,921],krb5_plugin_ver_notsupp:911,krb5_plugin_vt:911,krb5_pointer:[193,197,204,288,320,356,366,367,378,793,804,841],krb5_post_recv_fn:[383,793],krb5_pre_send_fn:[384,793],krb5_preauth_fail:267,krb5_preauthtyp:[239,240,241,261,793,829,848],krb5_prepend_error_messag:[49,419,906],krb5_princ_compon:778,krb5_princ_nam:778,krb5_princ_nomatch:[230,274],krb5_princ_realm:778,krb5_princ_set_realm:778,krb5_princ_set_realm_data:778,krb5_princ_set_realm_length:778,krb5_princ_siz:[778,782],krb5_princ_typ:778,krb5_princip:[47,48,49,50,92,93,94,95,133,146,148,157,189,225,230,236,242,267,271,274,282,320,324,366,367,378,385,386,387,392,414,416,793,802,814,815,821,822,825,834,835,839,850,851,872],krb5_principal2salt:49,krb5_principal_compar:[48,49,352,353,391],krb5_principal_compare_any_realm:[48,49],krb5_principal_compare_casefold:[353,778],krb5_principal_compare_enterpris:[353,778],krb5_principal_compare_flag:[48,49],krb5_principal_compare_ignore_realm:[353,778],krb5_principal_compare_utf8:[353,778],krb5_principal_data:[48,793,810,857],krb5_principal_parse_enterpris:[348,778],krb5_principal_parse_ignore_realm:[348,778],krb5_principal_parse_no_realm:[348,778],krb5_principal_parse_require_realm:[348,778],krb5_principal_unparse_displai:[410,778],krb5_principal_unparse_no_realm:[410,778],krb5_principal_unparse_short:[410,778],krb5_priv:778,krb5_process_kei:49,krb5_prog_etype_nosupp:381,krb5_prompt:[355,793,861],krb5_prompt_typ:[270,793],krb5_prompt_type_new_password:[270,778],krb5_prompt_type_new_password_again:[270,778],krb5_prompt_type_password:[270,778],krb5_prompt_type_preauth:[270,778],krb5_prompter_fct:[267,282,793],krb5_prompter_posix:[47,49],krb5_prop:[16,35,42],krb5_pvno:778,krb5_pwd_data:793,krb5_pwqual_moddata:923,krb5_random_kei:49,krb5_randsourc:121,krb5_rc_close:272,krb5_rc_requir:[327,329],krb5_rc_st:863,krb5_rcach:[72,86,272,793],krb5_rd_cred:[49,329],krb5_rd_error:49,krb5_rd_priv:[49,80,864],krb5_rd_rep:49,krb5_rd_rep_dc:49,krb5_rd_req:49,krb5_rd_safe:[49,864],krb5_read_error:49,krb5_read_password:49,krb5_realm_branch_char:778,krb5_realm_cant_resolv:267,krb5_realm_compar:[48,49],krb5_recvauth:[49,367,378],krb5_recvauth_badauthv:778,krb5_recvauth_skip_vers:778,krb5_recvauth_vers:49,krb5_referral_realm:[49,778],krb5_replay_data:[327,329,330,335,357,359,363,793],krb5_responder_context:[47,368,369,370,371,372,373,374,375,376,793,866],krb5_responder_context_st:865,krb5_responder_fn:[264,793,865],krb5_responder_get_challeng:[47,49,369,865],krb5_responder_list_quest:[47,49,865],krb5_responder_otp_challeng:[47,370,371,793],krb5_responder_otp_challenge_fre:[47,49,371],krb5_responder_otp_flags_collect_pin:[720,778],krb5_responder_otp_flags_collect_token:778,krb5_responder_otp_flags_nextotp:778,krb5_responder_otp_flags_separate_pin:778,krb5_responder_otp_format_alphanumer:778,krb5_responder_otp_format_decim:778,krb5_responder_otp_format_hexadecim:778,krb5_responder_otp_get_challeng:[47,49],krb5_responder_otp_set_answ:[47,49],krb5_responder_otp_tokeninfo:[793,867],krb5_responder_pkinit_challeng:[47,373,374,793],krb5_responder_pkinit_challenge_fre:[49,374],krb5_responder_pkinit_flags_token_:729,krb5_responder_pkinit_flags_token_user_pin_count_low:778,krb5_responder_pkinit_flags_token_user_pin_final_tri:778,krb5_responder_pkinit_flags_token_user_pin_lock:778,krb5_responder_pkinit_get_challeng:[47,49],krb5_responder_pkinit_ident:[793,869],krb5_responder_pkinit_set_answ:[47,49],krb5_responder_question_otp:[47,49,778],krb5_responder_question_password:[47,778],krb5_responder_question_pkinit:[47,49,778],krb5_responder_set_answ:[47,49,369,865],krb5_respons:793,krb5_roundup:778,krb5_safe:778,krb5_salttype_to_str:49,krb5_sam_must_pk_encrypt_sad:778,krb5_sam_send_encrypted_sad:778,krb5_sam_use_sad_as_kei:778,krb5_sendauth:[49,366],krb5_server_decrypt_ticket_keytab:49,krb5_set_default_realm:[45,49],krb5_set_default_tgs_enctyp:[49,268],krb5_set_error_messag:49,krb5_set_kdc_recv_hook:49,krb5_set_kdc_send_hook:49,krb5_set_password:[48,49,176],krb5_set_password_using_ccach:[48,49],krb5_set_principal_realm:[48,49],krb5_set_real_tim:49,krb5_set_trace_callback:49,krb5_set_trace_filenam:49,krb5_sname_match:[48,49,362],krb5_sname_to_princip:[48,49],krb5_string_to_cksumtyp:49,krb5_string_to_deltat:49,krb5_string_to_enctyp:49,krb5_string_to_kei:49,krb5_string_to_salttyp:49,krb5_string_to_timestamp:49,krb5_tc_match_2nd_tkt:[156,778],krb5_tc_match_authdata:[156,778],krb5_tc_match_flag:[156,778],krb5_tc_match_flags_exact:[156,778],krb5_tc_match_is_skei:[156,778],krb5_tc_match_ktyp:[156,778],krb5_tc_match_srv_nameonli:[156,778],krb5_tc_match_tim:[156,778],krb5_tc_match_times_exact:[156,778],krb5_tc_noticket:778,krb5_tc_openclos:778,krb5_tc_supported_ktyp:[156,778],krb5_tgs_name:778,krb5_tgs_name_s:778,krb5_tgs_rep:778,krb5_tgs_req:[778,835],krb5_ticket:[49,192,228,362,366,367,379,793,798,812,834,835,875],krb5_ticket_tim:[281,405,793,814,815,821,822],krb5_timeofdai:49,krb5_timestamp:[45,46,149,170,174,273,343,344,345,346,388,398,399,400,401,412,793,797,802,813,821,825,827,835,839,843,850,864,871,873],krb5_timestamp_to_sfstr:49,krb5_timestamp_to_str:49,krb5_tkt_authent:793,krb5_tkt_creds_context:[402,403,404,405,406,407,793],krb5_tkt_creds_fre:[49,406],krb5_tkt_creds_get:[49,404,405,406],krb5_tkt_creds_get_cr:[49,403],krb5_tkt_creds_get_tim:49,krb5_tkt_creds_init:[49,403],krb5_tkt_creds_step:[49,404,405,406],krb5_tkt_creds_step_flag_continu:[407,778],krb5_trace:[42,389,390,941],krb5_trace_callback:[389,793,878],krb5_trace_info:[389,793,877],krb5_trace_nosupp:[389,390],krb5_transit:[793,822],krb5_typed_data:793,krb5_ui_2:793,krb5_ui_4:[337,339,340,361,793,797,802,825,864],krb5_unparse_nam:[48,49,409,410],krb5_unparse_name_ext:49,krb5_unparse_name_flag:[48,49],krb5_unparse_name_flags_ext:49,krb5_us_timeofdai:49,krb5_use_enctyp:49,krb5_verify_authdata_kdc_issu:49,krb5_verify_checksum:49,krb5_verify_init_cr:[47,49,418],krb5_verify_init_creds_opt:[47,416,417,418,793],krb5_verify_init_creds_opt_ap_req_nofail:778,krb5_verify_init_creds_opt_init:[47,49,416],krb5_verify_init_creds_opt_set_ap_req_nofail:[47,49,416],krb5_vprepend_error_messag:49,krb5_vset_error_messag:49,krb5_vwrap_error_messag:49,krb5_wellknown_namestr:778,krb5_wrap_error_messag:[49,421,906],krb5_x:778,krb5_xc:778,krb5cc_1984:934,krb5cc_320:927,krb5cc_:[905,934,941],krb5cc_p11795:927,krb5cc_ttypa:927,krb5ccname:[137,886,929,930,931,934,941],krb5kdc:[0,1,2,3,4,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],krb5kdc_err_key_exp:267,krb5kdc_err_more_preauth_data_requir:919,krb5krb_ap_err_skew:174,krb5krb_err_response_too_big:[286,407],krb5lib:35,krb5plugin_service_locate_ft:921,krb5rcachedir:[890,905,941],krb5rcachetyp:[890,941],krb5srv:40,krb:[22,49,906,907],krb_ap_rep:49,krb_ap_req:49,krb_error:[49,378],krbadmin:[21,23],krbcanonicalnam:23,krbcontain:[14,21,23],krbcore:924,krbdev:924,krbnfs_howto_v3:43,krbprincipalnam:23,krbtest:[17,24,36,42,900,901,939],krbtgt:[3,20,38,42,44,285,644,746,899,900,901,906,927,936],kreen:907,ksu:[907,925,928,941],ksu_opt:934,kswitch:[886,925,928,941],ktadd:[15,33,35,889],kth:907,ktid:322,ktutil:[1,2,889,892,906],ktype:[129,239,240,241,268,835],kungliga:907,kv5m_context:[136,159],kvno:[3,6,11,15,16,17,24,27,30,33,35,42,315,416,820,872,900,925,928],lab:[5,24,907],label:[22,907],laboratori:907,lack:[38,381,906],lag:934,larg:[21,24,25,35,37,40,47,101,104,120,295,297,893,906],larger:[25,33,38,885,903,906],largest:36,last:[3,6,9,21,24,25,36,45,49,180,205,207,227,252,319,326,389,724,843,886,887,909,918],last_fail:6,last_req:821,last_success:6,lastpwd:6,latenc:25,later:[3,20,21,22,24,27,34,38,39,40,42,44,137,254,729,885,900,903,906,907,913,920],latest:[35,231,873,893,906,927],latter:[23,391],launchpad:43,law:907,lawsuit:907,lawyer:907,layer:[906,912,915],layout:[44,905],lcom_err:933,lcurs:895,ldap:[3,4,5,6,10,13,21,23,36,895,906,907],ldap_conns_per_serv:[21,23],ldap_kadmind_dn:[5,14,21,23,24],ldap_kadmind_sasl_authcid:[5,21,24],ldap_kadmind_sasl_authzid:21,ldap_kadmind_sasl_mech:21,ldap_kadmind_sasl_realm:21,ldap_kdc_dn:[5,14,21,23,24],ldap_kdc_sasl_authcid:[5,21,24],ldap_kdc_sasl_authzid:21,ldap_kdc_sasl_mech:21,ldap_kdc_sasl_realm:21,ldap_kerberos_container_dn:[14,21,23],ldap_serv:[14,21,23],ldap_service_password_fil:[14,21,23],ldapadd:14,ldapi:[5,14,21,23,24,25],ldapuri:[3,5,24],ldb:895,ldflag:895,ldif:14,ldname:895,ldopt:895,lead:[21,934],learn:16,least:[16,24,33,35,40,100,103,156,294,296,409,724,741,903,916,920],leav:[3,15,24,25,29,33,34,40],left:[21,22,287,901,911],leg:906,legaci:[47,874],legal:[287,934],legitim:[26,47,890,934],lehman:907,lehmann:907,len:[12,119,340,342],length:[3,21,24,34,44,47,49,92,93,100,101,103,104,117,118,120,125,198,251,261,267,287,291,294,295,296,297,316,342,364,400,727,787,788,794,800,807,810,818,837,848,857,858,868,880,899,900,903,912,932],lengthi:906,less:[3,16,21,26,886,893,903,906],let:[100,294,921,940],letter:[35,40,927],level:[3,5,10,24,26,38,40,44,893,897,922],liabil:907,liabl:907,lib:[38,893,895,905,907,933],libc:39,libdefault:[16,21,27,29,34,35,39,40,41,42,44,45,886,889,922],libdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],libedit:895,libev:907,libkdb5:909,libkdb_ldap:14,libkrb5:[22,29,44,885],libldap2:14,libpam:43,librari:[3,16,19,21,22,25,27,30,39,42,43,44,47,49,50,51,53,54,55,56,57,60,61,62,63,64,65,66,67,68,69,70,72,73,74,75,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,102,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,120,121,122,123,125,126,127,130,131,133,134,135,136,137,138,139,140,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,176,178,179,180,181,182,183,184,185,186,187,188,189,190,191,196,201,202,205,206,207,208,209,210,211,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,234,235,236,237,238,242,243,244,245,252,253,254,255,257,258,259,260,264,267,268,269,270,271,272,273,274,277,278,279,280,281,282,283,284,285,286,287,290,293,294,295,296,297,301,302,303,305,306,307,308,309,310,311,312,313,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,355,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,399,402,403,404,405,406,407,408,409,410,411,412,414,416,419,420,421,422,854,855,885,886,890,892,893,895,905,906,907,908,909,910,912,913,914,920,921,922,933,941],libtool:911,libverto:[895,919],licens:[894,895,898,906],life:[3,5,20,24,930],lifetim:[3,6,15,22,24,49,156,368,369,741,815,821,886,906,909,918,927,930,934,941],lightn:906,lightweight:892,like:[3,6,8,12,15,16,20,22,24,33,34,35,38,39,40,42,44,199,886,890,891,893,895,897,907,911,915,927],likelihood:24,likewis:934,limit:[21,24,25,26,35,40,907,934,941],line:[0,3,8,10,12,14,16,20,21,22,24,29,35,36,38,355,894,895,906,907,926,934,936,939,940,941],link:[0,22,23,24,31,35,893,894,895,897,909,912,933],linkdn:[3,24],linker:895,linux:[886,895,906],list:[0,2,3,4,6,10,15,16,20,22,23,27,29,33,35,37,40,41,44,47,49,94,156,168,191,196,202,221,237,238,325,381,414,419,420,421,822,865,886,895,896,905,907,909,910,913,919,922,926,927,931,934,939,940],list_mkei:24,list_princip:16,listen:[4,8,10,21,35,40,906],listinfo:924,listpol:[3,24],listprinc:[3,24],liter:911,live:[6,911],lk5crypto:933,lkrb5:933,lmdb:[21,25,895,906],lname:[57,934],lndir:[892,894],lnsize_in:57,lnsl:895,load:[8,14,15,18,21,24,25,35,39,41,890,895,912,922],load_dump:[6,24],loadabl:[21,22,912],loader:895,local0:21,local7:21,local:[3,5,8,12,14,15,16,21,22,24,29,33,35,37,40,44,47,49,63,65,81,237,238,330,331,333,335,347,362,392,401,410,523,524,706,887,891,892,895,897,899,900,901,905,906,913,914,926,927,930,931,933,934,936,941],local_addr:[45,65,83],local_appdata:22,local_port:85,local_realm:934,localauth:[906,914],localauth_plugin:920,localedir:895,localfr:29,localhost:16,localhostnam:44,localstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],locat:[4,7,8,10,20,21,22,23,25,26,30,35,40,42,44,49,886,893,895,896,905,906,907,914,922,927,929,930,931,933,934,935,936,941],locate_plugin:921,lock:[6,21,24,25,35,36,49,165,725,726,906,927],lockdown_kei:[3,20,24,906],lockit:3,lockout:[3,21,24,25,26,31],lockout_polici:36,lockoutdur:[3,24,36],lockouttim:[3,24],log:[8,9,24,25,34,35,38,40,47,49,726,886,906,914,926,927,929,934,940,941],log_:21,log_daemon:21,log_info:21,logic:40,login:[21,22,34,39,42,47,927,934,941],logon:[21,337,653],logout:[927,929],longer:[20,24,26,34,40,44,50,66,68,69,73,74,77,78,79,92,93,94,112,114,116,126,127,133,142,144,146,153,156,157,167,168,176,179,180,181,182,183,184,185,187,188,189,190,201,202,231,234,236,237,238,243,268,272,275,279,282,287,289,293,301,315,320,322,323,326,328,331,332,333,334,335,336,339,341,342,343,347,348,357,358,360,362,363,366,378,392,404,406,408,410,895,906,927,930],look:[0,8,12,16,21,22,24,29,38,39,40,44,392,893,895,911,927,930,934],lookasid:895,lookup:[22,34,39,40,201,804,895,906,921],lose:[6,24],loss:[24,907],lost:[18,893,907],lot:40,lower:[3,20,22,24,44,237,922,932,939],lowercas:24,lowest:22,lpr:21,lr_type:843,lr_type_interpretation_mask:778,lr_type_this_server_onli:778,lrealm:[217,234,380],lsocket:895,lss:895,ltd:907,lucid:[13,23],luke:40,luser:324,lxml:897,lynx:14,mac:892,mach:[22,907],machin:[4,8,12,15,16,18,19,22,23,32,33,35,38,39,40,886,891,895,926,927,940,941],maco:[22,345,886,892,906,907],macro:[423,878,934],made:[8,22,24,35,42,137,260,276,381,886,907,915,917,935,941],magic:[136,159,794,796,797,798,800,802,807,810,812,813,814,815,818,820,821,822,823,825,834,835,837,839,843,848,857,858,862,871,872,875,879,880,884],mai:[3,6,8,10,11,15,16,20,21,22,23,24,25,26,27,29,34,35,36,37,38,39,40,41,42,44,47,100,108,121,123,127,202,231,235,236,248,252,265,269,294,334,362,378,383,384,391,392,416,720,836,854,866,878,887,890,893,895,896,899,900,903,906,907,910,912,913,915,916,917,918,919,922,924,926,927,929,930,934,939,941],mail:[21,886,927,934,939],mailbox:890,mailman:924,main:[371,374,924],maintain:[0,9,16,21,24,893,895,941],mainten:[3,6,24],maj_ver:911,major:[44,894,911],make:[0,3,6,12,14,15,16,18,21,22,23,24,26,27,29,33,34,35,36,38,40,42,44,49,113,243,248,257,371,374,406,885,893,894,895,897,899,906,907,912,926,930,935],makedepend:892,makefil:[893,895,897],malform:[173,230,619,899],malici:[3,24,47],malloc:922,man:[0,3,22,890,895,906],manag:[5,20,24,34,906,922,925,941],mandatori:[114,115,130,131,301,302,305,306,901],mandir:895,mani:[3,18,22,24,29,36,40,42,915,927,941],manipul:[23,24,46,816,889],manner:907,manual:[0,6,10,24,34,35,893,895,906],manual_test:893,map:[22,29,34,35,44,895,906,912,913,920,934,939],mapsiz:[21,25],marc:907,mark:[3,6,21,24,35,345,907],marker:[899,906],marko:907,markup:[0,897],marshal:[899,900,906],masachusett:941,mask:[67,84,143,156,160],masquerad:[18,926,927],massachusett:[898,907],master:[3,4,5,6,7,8,9,10,14,18,21,22,32,36,40,42,891,892,896,905,906],master_kdc:[22,40],master_key_nam:[6,21,24],master_key_typ:[5,6,15,21,24,35],match:[0,2,3,6,16,20,21,22,24,29,30,34,38,39,44,49,60,61,120,154,156,202,230,231,274,315,362,366,378,406,734,735,736,737,738,739,740,742,745,835,886,905,906,922,936,939,941],materi:[15,47,907,911],matt:907,matter:[18,22],max_keytab_name_len:778,max_lif:[6,21,35],max_read:[21,25],max_renew_lif:6,max_renewable_lif:[21,35],max_renewable_ticket_lif:[5,24],max_ticket_lif:[5,24],maxfailur:[3,24,36],maximum:[3,5,6,10,15,16,21,22,24,25,34,40,47,316,364,885,919,927,930],maxlif:[3,20,24],maxnumb:[3,24],maxpathlen:755,maxrenewlif:[3,5,20,24],maxtktlif:[5,24],mcred:156,md4:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],md5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],mdb:25,mean:[3,12,15,21,22,24,34,35,38,47,891,893,896,907,927,934,941],meaning:[3,24],meant:927,measur:[26,885],mech:[29,906,912],mech_typ:912,mechan:[3,17,21,22,23,24,37,38,40,41,44,47,157,257,890,899,900,906,910,911,914,919,921,930],mechglu:[907,912],media:[5,22,24],medvinski:934,meet:939,megabyt:[21,25,894],mellon:907,member:21,membership:47,memori:[42,44,49,94,143,230,238,307,327,329,360,416,816,886,889,895,906,911,913,920],memset:47,mention:[21,23,907],merchant:907,merg:[19,21,49,907],messag:[3,8,14,21,22,25,35,42,49,79,366,378,384,531,538,707,730,796,821,825,834,835,854,855,872,878,890,892,900,906,907,911,926,927,933,934,936,941],message_out:176,message_typ:871,met:[907,934],metadata:6,method:[22,26,40,237,899,908,909,910,911,913,916,917,918,919,920,921,922,923,930],mexico:907,mgluep:907,mic:[14,532,906],mic_token:44,michigan:907,microsecond:[273,388,412,797,813,864,899],microsoft:[21,22,27,30,43,44,385,454,906],microsystem:907,middl:890,might:[15,18,24,29,30,35,36,39,40,44,893,895,899,907,911,926,941],migrat:[15,24,42,906],miller:[907,941],min:[3,20,24,887],min_ver:911,minclass:[3,24],minim:[6,15,24,25],minimum:[3,21,24,34],minlength:[3,24],minlif:[3,24],minor:[15,44,890,894,906,911,912,921],minor_statu:[44,912],minu:21,minut:[5,21,22,24,359,363,887,890,926,927,941],mismatch:[44,267,345,926],miss:[274,897],mission:934,mistak:926,mistakenli:178,mit1:900,mit:[3,5,12,15,16,18,20,21,22,25,29,31,32,33,35,39,40,42,44,46,47,885,886,892,894,895,897,898,899,900,901,910,912,914,915,919,922,924,926,927,930,941],mitig:[26,47,890,906],mitiys4k5:35,mix:927,mk_cmd:895,mk_req:845,mkdir:893,mkei:6,mkey_convert:[6,24],mkey_fil:[6,24],mkeynam:[6,10,24],mkeytyp:[5,6,24],mkeyvno:[5,6,24],mkvno:6,modbi:6,mode:[3,6,8,15,21,24,42,468,472,473,474,480,719,895,906,930,934],modern:[15,16,24,39],modestli:41,modif:[6,9,20,22,35,49,907],modifi:[3,6,9,16,19,20,23,26,29,33,35,41,44,101,104,115,137,145,147,161,295,297,302,317,343,368,369,855,895,907,917,922,930],modifiersnam:14,modifytimestamp:14,modnam:[22,29],modpol:[3,24],modprinc:[3,24,36,38,41,916],modtim:6,modul:[3,4,6,21,22,24,36,259,275,895,897,904,906,908,909,910,913,915,916,917,918,919,920,921,922,923,930],modular:906,module_nam:22,modulenam:22,modulepath:22,moira:907,mon:[3,24,36],monitor:26,month:[887,906],more:[6,15,16,20,21,22,23,24,26,30,33,35,36,38,39,40,42,44,47,269,286,347,407,565,727,729,750,878,886,889,890,892,895,896,900,906,913,919,924,926,941],more_preauth_data_requir:910,morn:34,most:[2,6,18,21,22,24,25,26,27,29,34,35,38,40,41,42,44,49,157,170,886,889,890,892,906,910,911,912,927,929,941],mostli:895,move:[21,28,35,49],msdn:906,msec_dirbit:778,msec_val_mask:778,msg:220,msg_type:[821,834,835],mslsa:886,mssclogin:22,much:[15,26,39,156,926],multi:[36,38,906],multihom:22,multipl:[3,10,15,16,17,21,22,23,24,25,29,35,36,37,38,40,44,47,836,886,890,893,906,911,912,919,930,939,941],multipli:36,multithread:49,muse:907,must:[2,3,6,7,8,11,15,16,20,21,22,23,24,25,29,30,33,34,35,36,37,38,40,44,47,58,59,70,75,79,100,101,103,104,114,118,120,122,126,127,137,147,155,156,161,180,183,202,205,207,227,231,235,248,254,275,277,278,281,282,286,289,294,295,296,297,301,303,317,319,322,326,330,335,348,359,362,363,371,374,376,378,405,409,717,718,720,727,729,731,734,735,736,737,738,739,740,741,742,745,816,836,859,886,893,894,895,899,900,901,903,906,907,909,911,912,913,916,918,919,920,922,926,927,932,934,936,941],mutabl:836,mutex:836,mutual:[35,334,378,439,504,796,934],my_cach:934,my_proxi:22,my_respond:47,mydir:886,mydomain:21,mymodul:29,mypreauth:29,myrealm:47,myremotetokentyp:21,name:[2,3,4,5,6,8,10,12,14,15,16,17,20,21,22,23,24,25,29,30,31,33,34,35,37,38,41,47,49,50,51,60,61,142,148,156,158,162,221,229,230,234,237,242,253,254,259,267,271,272,274,285,315,320,322,324,325,333,337,343,344,345,346,353,355,362,365,368,380,385,387,408,409,410,411,414,416,502,638,640,641,642,643,647,650,656,729,740,802,822,851,861,865,872,887,889,890,894,897,899,900,903,905,906,907,908,911,913,920,921,922,923,927,929,930,931,932,933,934,936,941],name_s:311,name_str:38,name_typ:38,namelen:316,nat:[22,24],nation:907,nativ:[34,371,374,885,895,899,903,905,906],natur:39,naval:907,ncsa:43,nctx_out:183,ndnhnmn:887,nearli:3,necessari:[3,14,15,22,23,24,25,34,35,38,40,44,267,344,346,390,409,910,911,915,926,927],necessarili:15,need:[4,6,12,15,16,20,21,22,23,24,33,34,35,36,38,40,41,42,44,47,50,65,66,68,69,73,74,77,78,79,92,93,94,100,101,103,104,112,114,116,126,127,133,142,144,146,153,156,157,167,168,176,179,180,181,182,183,184,185,187,188,189,190,201,202,231,234,236,237,238,243,265,268,272,275,279,282,286,287,289,293,294,295,296,297,301,315,320,322,323,326,327,328,329,330,331,332,333,334,335,336,339,341,342,343,347,348,357,358,359,360,362,363,366,367,378,392,404,406,407,408,410,565,728,729,750,886,887,892,893,894,895,897,900,906,912,913,915,920,922,924,926,927,930,933],needchang:[3,5,24],neg:[29,874,903],neglig:907,negoti:[21,899,906],neither:[3,22,24,44,907,931,934],nersc:22,net:[22,43,907,924],netbio:55,netbsd:[906,907],netlib:895,netlogon:454,network:[3,16,18,22,24,26,30,33,35,39,40,41,44,47,267,378,523,524,525,526,892,895,926,927,940,941],neuman:941,never:[3,15,16,18,20,21,22,24,25,36,101,104,235,295,297,926,927],new_message_out:855,new_mkey_fil:[6,24],new_princip:3,new_reply_out:[854,855],new_stat:109,newer:[6,15,21,24,39,895],newest:24,newli:[3,6,24,38,108,114,126,127,183,301,333,334,362,366,367,378,886,893,906],newlin:[347,355],newprinc:[3,24],newpw:[173,385,386],next:[3,6,18,24,35,36,49,100,101,103,104,121,294,295,296,297,719,893,899,900,906,910,919,927,934],nfs:39,nfsv4:43,nii:934,nippon:907,nis:14,nist:[22,41],nitem:911,nktype:835,nlgilman:12,nls:906,no_auth_data_requir:[3,24],no_host_referr:[21,40],noaddress:22,nofail:47,nofork:4,nokei:[3,24,38],non:[2,3,15,20,22,24,34,38,45,100,101,103,104,114,123,130,131,158,231,248,252,257,276,294,295,296,297,301,305,306,320,334,345,362,378,385,386,391,854,899,903,906,930,933,934],nonc:[361,813,821,835,906],none:[3,21,22,23,24,27,37,38,58,59,133,280,292,309,372,375,890,900,934,941],nonexist:906,noninfring:907,nonrepudi:38,nonzero:[22,231,936],noout:38,nopw:[3,24],nor:[22,907,931,934],norandkei:[3,16],norealm:[15,21],normal:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],north:907,nosync:[21,25],notabl:24,note:[3,5,6,15,21,22,24,27,33,35,157,248,252,602,603,605,606,887,893,919,927,930,934,940,941],noth:[8,890],notic:[18,25,35,907],notifi:924,novel:907,now:[8,15,35,38,40,242,267,282,719,906,927],nowait:[8,12,35],nrl:907,nss:907,nt_wellknown:752,ntlm:906,ntt:907,num:9,num_data:[99,101,104,115,131,295,297,302,306],num_prompt:[355,861],number:[2,3,4,5,6,8,9,10,11,12,15,16,20,21,22,24,25,36,37,38,40,47,49,67,79,81,84,101,104,113,136,159,295,297,315,320,330,331,335,340,355,359,361,362,363,521,528,712,727,729,797,816,835,839,864,874,885,887,889,893,895,897,899,900,901,903,906,907,910,919,931,932,933,934,936],numer:[6,35,173,385,386,887,906,931],numwork:10,object:[3,5,6,21,22,23,25,26,29,36,37,44,49,269,276,729,893,895,899,907,908,909,910,911,912,913,916,917,918,919,920,921,922,923],observ:[26,30,36],obtain:[2,3,17,18,21,22,24,26,27,34,35,38,39,47,49,81,136,237,265,278,281,333,334,362,378,405,406,416,442,618,826,886,889,895,906,907,922,923,925,926,930,934,936],obvious:33,occasion:[35,890],occur:[3,6,9,24,79,149,345,389,890,906],occurr:178,octet:49,odd:927,oeap:482,off:[16,22,25,26,29,34,36,40,355,364],offer:[22,25,41,895],offlin:[15,26,930],offset:[10,49,412,899],often:[21,23,24,29,34,39,40,889,893,915,941],oid:[29,44,906,912],oid_op:907,ok_as_deleg:[3,24],ok_to_auth_as_deleg:[3,24,44],okai:[3,24,927,931],olcschemaconfig:14,old:[2,3,6,15,16,21,22,24,35,38,250,349,422,890,906,926],old_cod:[421,422],old_princip:3,oldcc:907,older:[15,24,906,919],oldest_kvno_to_keep:3,om_uint32:[44,912],omit:[11,23,29,410,705,706,899,903,922],onc:[3,6,15,16,22,24,35,44,47,79,364,724,886,890,893,917,921,926,941],one:[2,3,5,6,8,9,16,17,18,20,21,22,24,25,26,27,29,33,35,36,37,38,40,41,42,44,47,49,156,250,270,271,277,278,282,286,334,337,347,392,729,886,887,889,890,893,895,896,897,899,900,906,908,910,911,913,916,919,920,926,927,930,932,934,935],ones:[22,26,35,893,911,927],onli:[3,4,6,8,9,10,15,16,19,20,21,22,23,24,27,29,33,34,35,36,40,42,44,47,49,55,115,156,231,235,248,252,302,364,368,369,545,720,740,851,878,885,886,890,891,893,895,899,906,907,912,913,919,920,922,926,927,930,934,936,939],onlin:[15,26],onlyrealm:[15,21],onto:[18,22,33,35,895,912,927],opaqu:[49,293,836,906],open:[6,22,24,25,47,49,51,310,320,322,345,390,744,760,906,907,923,930],openldap:[3,5,14,24,25,31,895,907],openldap_ldapconf:21,opensc:22,openssh:[29,39],openssl:[22,23,38,895,906],openvis:[3,907],oper:[2,3,4,5,9,10,15,16,20,21,22,23,25,29,34,35,36,38,39,42,44,49,63,120,121,122,123,137,159,161,385,386,389,744,826,836,886,892,893,894,895,900,905,906,907,916,920,930,934,941],oppos:38,opt:[47,236,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,933],optim:895,optimist:[21,41,49,261],option1:22,option2:22,option:[2,11,12,16,20,23,25,29,30,35,36,37,38,40,49,60,61,231,232,233,236,239,240,241,242,260,267,276,282,330,333,334,335,347,378,406,416,418,546,727,797,798,802,813,814,821,825,829,830,835,873,889,893,894,906,909,910,911,913,916,918,920,927,941],oracl:[43,907],order:[3,4,6,15,17,18,20,21,22,23,24,33,34,35,36,38,44,47,49,252,727,886,889,894,895,899,903,907,908,912,922,941],ordinari:[15,893,906,941],ordinarili:[2,252],org:[5,22,23,24,43,893,894,897,906,907,924,940,941],organ:[894,907],orig_hostnam:201,origin:[3,15,24,40,44,47,895,907,912],osconf:894,osf:673,other:[3,4,6,10,15,16,20,21,22,24,25,27,29,35,36,38,39,40,44,47,157,286,315,362,407,644,729,826,885,886,889,890,892,893,894,895,899,900,903,906,907,910,912,916,917,918,920,921,922,924,926,927,932,934,939,940],othernam:38,otherrealm:22,otherwis:[3,6,15,16,21,22,24,30,34,35,37,38,40,44,50,53,55,63,65,66,68,70,73,74,75,77,78,79,80,82,83,85,86,87,88,89,90,91,96,97,98,99,100,101,103,104,105,106,107,108,109,111,112,113,114,115,116,117,118,119,121,122,123,125,126,127,130,131,135,143,150,153,156,160,161,165,166,167,168,170,171,172,173,177,179,180,181,182,184,185,187,188,189,190,191,192,194,196,199,200,202,224,231,242,243,245,255,267,268,271,272,273,274,278,279,280,281,282,283,284,285,286,287,290,291,292,293,294,295,296,297,301,302,303,305,306,324,326,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,348,350,351,352,353,357,358,359,360,361,362,363,364,365,366,367,377,378,379,388,391,393,394,395,397,398,400,401,403,404,405,406,407,416,886,895,900,907,911,918,927,930,931,932,934],otp:[3,17,26,31,47,371,686,688,689,711,727,905,906],our:[21,37,892,893,907],out:[3,8,12,22,24,25,34,36,37,38,42,44,50,51,57,60,61,64,65,66,67,68,69,70,72,73,74,75,77,78,79,90,92,93,94,96,97,98,100,102,103,105,106,108,109,112,113,114,116,117,118,119,120,122,123,125,126,127,130,131,133,135,136,139,142,143,144,146,149,152,153,155,156,157,161,167,168,170,173,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,201,202,230,231,234,236,237,238,242,243,245,258,267,268,269,271,272,273,274,275,276,279,280,281,282,286,287,289,293,294,296,301,303,305,306,308,310,311,312,313,315,316,319,320,322,323,325,326,327,328,329,330,331,332,333,334,335,336,339,340,341,342,343,344,347,348,350,357,358,359,360,361,362,363,364,366,367,371,374,377,378,385,386,392,393,394,395,397,398,399,400,401,404,405,406,407,408,410,411,412,414,532,533,535,536,539,886,895,907,926,929,936],out_cr:[231,232,233,378],out_flag:245,outaddr:179,outag:[21,40],outauthdat:326,outbuf:[230,330,331,332,333,334,335,359,363],outcc:135,outcksum:132,outcr:184,outdata:[185,327,329,330,335,357,359,363],outfil:6,outgo:16,outlin:[0,30],outprinc:189,outptr:[193,197],output:[3,6,9,16,21,24,35,42,44,49,100,101,102,103,104,108,118,120,121,173,188,231,286,294,295,296,297,303,355,362,364,367,407,855,864,886,897,906,908,909,911,930,931,933,936,941],output_cr:44,output_message_buff:44,output_nam:912,output_payload_buff:44,outreach:15,outsid:[16,886,941],outweigh:890,over:[0,10,15,16,21,22,24,25,27,29,33,35,37,39,40,44,47,49,108,114,115,118,158,168,301,302,303,366,378,806,906,908,914,922,926,927],overrid:[3,6,10,15,21,22,24,37,49,381,383,384,389,390,854,895,903,930],overridden:[2,10,11,20,22,890,906],overview:892,overwrit:[6,24,387,929],overwritten:[21,816],ovsec_adm_export:[6,24],ovsec_adm_import:[6,24],own:[0,3,16,21,22,24,25,26,35,39,384,909,911,912,923,926,927,934,940],owner:907,p27:43,pa_as_fresh:901,pa_config_data:899,pa_hardwar:919,pa_real:910,pa_replaces_kei:919,pa_typ:[848,899],pa_type_list:[910,919],pac:[3,21,24,49,677,849,852,906],pac_client_info:[344,346],packag:[14,30,35,893,907],packet:[21,26,37,334,906,919],pad:[44,49,100,101,104,105,294,295,297,536],padata:[834,835,910,919],padl:907,page:[0,3,22,894,895,906],pair:[6,14,21,22,27,830],pam:34,parallel:[10,40,893,906],param:[50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422],paramet:[6,10,21,29,36,37,44,47,49,176,236,327,329,344,346,895,896,899,905,906,912,916,919,934],parent:[22,40,886,905],pars:[3,16,29,44,46,47,49,242,267,271,274,285,359,363,371,374,892,899],part:[15,22,24,27,33,39,42,206,271,274,285,290,347,362,387,812,822,834,872,886,891,899,900,907,911,912,922,934,941],parti:[29,37,44,906,907,941],partial:[15,20,47],particip:[22,35],particular:[2,11,15,17,18,20,21,22,38,44,47,322,893,895,907,926,927],particularli:[15,18,26,40,926,933],partit:40,pass:[15,21,22,29,37,44,100,101,103,104,235,257,277,278,282,286,287,289,294,295,296,297,329,371,374,383,384,385,389,390,878,893,895,912,921,930,934],passcod:662,passiv:26,passwd:[5,24,34,884,907,934],passwd_phrase_el:[793,862],password:[3,4,5,6,9,10,11,14,15,16,17,18,20,21,22,23,25,26,27,29,30,33,34,35,36,37,38,40,41,49,240,252,265,618,620,708,709,710,728,729,886,891,905,906,910,914,925,927,932,934,940,941],password_changing_servic:[3,24],password_expir:[252,827],past:[3,24,924],pasword:26,patch:24,path:[4,5,8,21,22,24,26,29,30,35,40,362,893,895,897,934,941],pathnam:[4,8,22,24,25,29,30,38,889,893,896,941],pattern:[6,22,29,939],paus:24,pcred:327,pcreddata:357,pdf:[0,43],pem:[17,22,23,30,38],peopl:21,pepper1:108,pepper2:108,pepper:49,per:[3,6,9,10,15,19,21,22,24,27,29,37,40,44,47,886,908,910,913,916,917,919,920,921,922,923],perfect:890,perform:[3,4,5,6,12,20,21,22,23,24,25,26,35,38,40,44,47,63,92,257,261,265,359,362,363,366,378,385,386,389,418,439,836,886,906,907,916,917,918,927],perhap:[3,15,21,24,25],period:[6,8,15,18,21,22,24,25,36,927,930],permiss:[3,16,19,20,21,24,35,44,138,148,162,886,906,907,927],permit:[3,20,21,22,24,37,49,201,258,359,363,905,906,907,930,940],permitted_enctyp:[22,27],persist:[22,886],person:[18,35,907,926,927],pertain:[10,907],pgp:[894,924],phase:934,phrase:884,physic:[33,40],pick:[21,26,38,893],pid:[4,8,10,906],pid_fil:[4,8,10],piec:[36,272],pin:[372,375,717,720,724,725,726,727,859],pipermail:924,pkc:[22,729],pkcs11:[22,907],pkcs12:22,pkinit:[3,17,24,26,31,41,42,108,649,679,680,681,682,729,895,902,906,907,914,930],pkinit_allow_upn:[21,22],pkinit_anchor:[3,21,22,24,38,930],pkinit_cert_match:[3,22,38,906],pkinit_dh_min_bit:[21,22],pkinit_eku:22,pkinit_eku_check:[21,22,38],pkinit_ident:[21,22,38],pkinit_ind:[17,21],pkinit_kdc_hostnam:[22,38],pkinit_pool:[21,22],pkinit_require_crl_check:[21,22],pkinit_require_fresh:[21,38],pkinit_revok:[21,22],pkinit_san:22,place:[2,4,8,10,15,22,27,29,33,34,38,40,44,45,47,49,108,118,236,271,274,286,303,335,367,379,407,816,855,895,897,909,917,929,934,940],placehold:[892,894],placement:890,plain:900,plaintext:[117,533],plan:24,platform:[25,874,885,886,893,894,895,906],pleas:[0,16,21,727,924],plu:[21,927,934],plug:907,pluggabl:[22,29,906,911,914,917,922],plugin:[3,14,21,892,895,904,905,906,907,922],plugin_base_dir:22,pnl:22,point:[3,15,16,22,24,33,35,44,334,409,416,816,886,891,895,906,924],pointer:[25,44,45,47,92,136,137,180,205,207,220,224,227,237,238,263,269,270,326,327,334,336,360,368,369,389,398,409,814,816,821,861,872,908,909,910,911,916,917,919,921,923],pol:[3,20,24],polici:[3,4,5,6,17,20,21,22,25,26,35,36,176,362,906,914,915,916,923,927,931,932],policy_nam:[5,24],poll:[4,8,21,24,906],pool:15,pop:33,popul:[15,25,45,151],popular:35,port:[3,4,7,8,10,12,16,21,22,24,35,37,42,45,49,63,335,524,526,905,941],portabl:886,portiion:907,portion:[22,37,156,273,322,388,412,740,797,802,813,825,864,907],portmapp:24,portnum:10,pose:15,posit:[6,20,29,36,874,903],posix:[6,874,885,900,901],possess:[38,927],possibl:[3,5,6,15,16,18,21,22,23,24,25,26,27,33,35,36,38,39,40,44,47,49,94,173,231,729,889,890,895,907,910,911,919,924,927,939],post:[49,886,924],postdat:[3,20,21,24,274,927,930,931],potenti:[15,33,35,47,891],power:[21,25,26,40,906],ppcred:329,ppdata:[327,329],pppcred:357,practic:[15,22,47,100,294,906],pre:[0,17,21,23,44,49,92,267,333,334,362,366,367,378,383,848,897,900,906,907,917,930],pre_auth_typ:[239,240,241],preauth:[21,665,830,899,906,907,910,919],preauth_list:[261,829],preauth_list_length:[261,829],preauth_plugin:[910,919],preauth_requir:[910,919],preauthent:[3,17,21,22,24,26,29,31,38,42,47,49,257,711,821,834,835,848,865,899,906,911,914,927,930,931],prebuilt:893,preced:[10,15,22,40,903,934,941],precis:34,precomput:49,predefin:40,prefer:[3,22,24,39,44,243,889,906,913],preferred_preauth_typ:22,prefix:[21,22,40,49,347,893,895,906,912,933,934],preiniti:[118,120,122,303],prepar:[49,80,323,406],prepend:[40,349,422,895],preprocessor:895,prerequisit:[893,897],preselect:930,presenc:899,presens:22,present:[8,15,17,21,22,23,24,29,35,37,38,44,47,252,329,337,348,357,368,369,376,391,618,701,702,703,873,889,890,893,903,922,927,931,941],preserv:[6,24,907],presid:907,pressvr:15,presum:890,prevent:[2,3,20,21,22,24,26,27,30,39,41,334,521,522,890,906,907,917,926,930],previou:[0,3,22,24,35,38,45,159,257,268,286,387,407,421,422,899],previous:[3,6,24,44,49,893,906],prf:[49,119,900,906],primari:[3,24,25,49,146,886,908,917,921,923,924,929,930,935,939,941],primarili:[25,56,937],princ1:[38,351,352,353,365],princ2:[38,351,352,353,365],princ:[3,6,16,22,50,51,92,93,94,95,391,782,783,784,785,786,787,788,789,900],princ_flag:6,princ_lockout:6,princ_look_ahead:934,princ_meta:6,princ_nam:[38,929],princ_out:157,princ_stringattr:6,princ_tktpolici:6,princip:[2,3,4,5,6,7,8,9,10,11,12,15,17,18,20,21,22,23,25,26,27,29,30,31,32,33,34,37,38,41,42,44,46,47,49,79,142,148,151,156,158,162,173,230,236,242,249,267,271,272,274,282,315,320,325,333,337,343,344,345,346,362,366,367,378,406,408,409,410,411,414,416,502,641,648,656,697,699,740,752,814,815,821,825,834,835,839,851,886,887,889,890,896,900,901,903,905,906,908,909,915,916,918,919,920,923,926,927,930,931,932,934,935,936,939,940,941],principal_databas:8,principal_nam:38,principal_out:[347,348],principal_seq:38,principalnam:906,principl:700,princnam:[26,36,41,47,886],print:[3,6,7,8,24,364,906,933,934,936],printabl:[368,376],prior:[6,8,21,24,42,44,137,907,911],priorit:40,prioriti:[15,21,40,237,886,908],priv:49,privat:[22,38,707,895,900,901,906,924],privileg:[3,16,20,35,44,49,260,926,940,941],privsvr:[345,346],privsvr_kei:[343,344],prng:[121,122,123,895,906,907],probabl:[6,12,15,24,35,893],problem:[14,15,24,39,334,890,906,924],proce:934,procedur:[6,33,35,892,893],proceed:24,process:[3,4,6,8,9,10,15,16,21,22,24,25,26,35,44,47,49,137,157,176,358,416,886,889,890,906,909,910,913,916,917,918,919,921,923,930,941],procur:[38,907],produc:[6,22,24,47,105,125,894,910,913,919,931,933],product:[35,907],prof_no_rel:922,profil:[19,21,22,49,137,391,886,889,892,896,906,907,914],profile_module_init:922,profile_module_init_fn:922,profile_releas:269,profile_tcl:907,profile_vt:922,profit:907,program:[2,3,4,6,8,12,16,21,22,24,29,31,33,34,35,38,39,40,42,44,47,57,275,381,890,892,893,894,897,899,905,906,907,927,933,934,941],programm:933,programmat:47,progress:[15,21],prohibit:[3,24,907],project:[0,691,895,906,907,911,941],promot:[15,907],prompt2:364,prompt:[2,3,5,6,24,35,47,49,267,364,708,709,710,711,859,861,891,906,910,926,927,932,934],prompter:[252,267,270,282,355,859,861,866],prone:906,proof:[49,927],propag:[4,6,7,8,15,18,20,21,22,25,32,36,892,906,907,926],proper:[12,14,24,38,362,893],properli:[30,35,38,42,885,895],properti:[22,907,925],proponli:[4,24],proprietari:37,protect:[6,16,26,27,33,36,38,41,44,79,254,330,335,729,836,890,906],protocol:[2,3,15,22,24,30,40,44,49,254,667,685,712,821,825,834,835,890,892,904,906,916,927,930,936,941],prototyp:[892,911],prove:[47,901,910,919],provid:[0,3,4,10,16,22,23,24,25,27,29,30,33,35,38,39,40,42,44,47,99,123,236,362,375,416,885,886,893,895,906,907,909,915,918,922,926,934,941],provis:907,proxi:[21,22,26,31,37,40,44,906,927,931],proxiabl:[3,21,22,24,49,829,927,930,931,934],proxy_imperson:899,pseudo:[49,892],pto:190,ptr:[39,44,204,288,342,356,791,792,821,822,872],pty:[892,907],publish:[39,907],punctuat:[3,22,24,35,932],purg:[3,6,15,890,906],purge_mkei:24,purgekei:[15,24,38],purpos:[10,21,22,27,35,895,907,930,937],put:[4,10,35,347,797],pw_expir:6,pwchang:21,pwd:893,pwexpdat:[3,24],pwexpir:[3,20,24],pwqual:[29,906,914],pwqual_plugin:923,pwservic:21,python:[30,897,906],qop_req:44,qop_stat:44,qualifi:[3,16,20,22,24,941],qualiti:[22,29,906,914,925],queri:[3,22,24,40,44,47,906],question:[0,21,40,49,371,374,727,728,729,865,866,924],queue:[21,907],quietli:929,quit:[6,33],quot:[3,6,24,347,408,410,887],quux:22,r13:[6,24],r18:[6,24],r_address:813,rabbit:40,radiu:[21,37,906],randkei:[3,15,24,35,38,906],random:[3,6,15,16,21,22,24,26,35,49,900,906],random_data:125,randomli:[2,27],randsourc:121,rang:930,rapidli:16,rare:[25,38,887,889],rassen:907,rather:[3,4,5,6,10,16,21,22,24,33,39,40,57,286,407,886,893,900,912,930],raw:[21,893],rc2:480,rc4:[21,906],rcach:[72,86,272,327,329,335],rcmd:22,rcommand:643,rcptr:272,rctmpdir:896,rctx:[47,368,369,370,371,372,373,374,375,376,866],rdn:[16,22,34,39,44],reach:[21,22,25,168,319],react:250,read:[3,5,6,9,11,21,22,23,24,29,35,36,38,47,49,257,267,269,323,355,374,416,895,903,919,922,926,931,941],readabl:[16,22,33,176,887,889,891,906],reader:[22,25],readi:[6,35],readlin:895,readm:[892,894],real:[22,353,388,697,934],realiti:0,realloc:45,realm1:10,realm2:10,realm3:10,realm:[3,4,5,6,7,8,10,12,14,15,16,17,20,23,25,26,27,30,31,34,35,37,38,39,41,44,45,47,49,50,51,60,61,92,93,94,95,123,156,217,221,237,242,258,267,271,274,285,286,291,345,347,348,353,362,391,392,406,407,410,503,698,701,702,703,705,706,716,784,785,786,787,802,810,814,822,825,834,835,851,854,855,857,858,872,886,895,896,899,900,901,903,905,906,914,921,923,926,927,930,934,939,940,941],realm_try_domain:22,realmlist:221,realmnam:[38,47],realmsp:[237,238],reason:[15,18,22,25,29,34,40,345,885,899,907,926,927,934],reboot:[21,35,891],rebuild:[895,897],receiv:[3,4,8,9,15,21,22,24,38,40,42,44,49,230,252,280,330,335,357,366,377,378,865,909,910,919,920,923,927,941],recent:[2,6,18,21,26,27,38,44,49,170,890,901,906,927],reciev:334,recipi:[813,907],recogn:[3,21,22,38,42,930,939],recognit:[906,907],recommend:[5,6,18,21,22,24,33,35,40,41,44,893,894,895,924,927,929],recomput:137,reconf:892,record:[6,10,22,24,34,35,39,40,890,900,903,906],recov:[6,24,906,910],recurs:[6,24,25,906],recv_hook:383,recvauth:[366,378],red:[907,941],redhat:906,redirect:[22,35],redistribut:907,reduc:[15,22,24,34,101,104,295,297,893,895],redwood:907,refcount:906,refer:[3,5,16,20,21,23,24,40,44,46,49,88,90,139,293,312,851,906,907,915,920,934],referenc:[23,899,907],referr:[21,22,40,237,238,344,346,392,684,693,716,906,913,927],referral_valid_until:850,referred_realm:850,reflect:[24,35,101,104,137,269,295,297,335,900,901],reforward:927,refrain:912,refresh:[44,899],refresh_tim:899,refus:[12,15,35],regard:907,regardless:[6,20,22,44],regener:897,regent:907,regexp:22,region:[44,115,131,302,306,816],regist:[4,22,24,29,40,907,914,941],registr:22,regress:893,regul:907,regular:[15,22,35,38,44,934],regularli:[18,40],reiniti:151,reject:[12,16,17,21,22,35,173,620,927],reject_bad_transit:21,rekei:15,rel:[21,22,49,887,893,899,934],relai:10,relat:[4,6,21,22,23,29,30,36,38,40,176,815,906,907],relationship:[22,920],releas:[0,3,4,6,8,17,20,21,22,24,25,26,27,34,36,38,39,41,42,44,47,49,69,74,78,83,85,114,126,127,157,167,171,183,221,237,238,275,289,301,319,323,885,886,900,901,903,906,909,910,911,913,915,916,917,918,919,920,930],relev:[35,39,79,202,900],reli:[16,35,895],reliabl:25,relianc:22,relinguish:86,reload:24,remain:[3,4,6,15,21,24,44,45,252,645,885,886,903,907,917,919,934],remaind:22,rememb:[35,38,899],remot:[3,4,7,16,21,24,34,39,44,49,63,65,176,230,330,335,359,362,363,385,386,525,526,892,906,926,927,934,940,941],remote_addr:[45,65,83,362],remote_port:85,remotehost:937,remov:[2,3,6,14,21,22,24,27,29,38,49,158,171,893,906,917,926],renam:[3,24,895,906,917],rename_sect:922,render:[15,893],renew:[3,5,6,21,22,24,49,835,873,906,918,927,930,931,934,941],renew_lif:[263,829],renew_lifetim:22,renew_til:[814,822,873,899],renewable_lif:930,renprinc:3,rep:[192,206,331,332,360,361,796,821,834,849],rep_cksum:850,rep_result:378,repeat:[6,21,22,35,836,899,912],repl:360,replac:[3,5,14,22,24,29,35,71,76,95,124,193,195,197,198,203,204,232,233,239,240,241,288,354,356,413,895,903,907,910,930],replai:[44,49,79,327,329,330,335,357,359,362,363,521,522,864,886,888,896,905,906,941],repli:[12,27,47,108,252,265,274,286,355,360,361,383,384,407,719,834,854,855,859,900,910,919,930],replic:[8,35],replica:[4,6,7,8,9,15,16,18,21,22,24,32,33,36,42,892,906],replica_datatran:[7,35,905],replica_datatrans_hostnam:24,replica_dumpfil:8,replica_host:7,replicahostnam:8,reply_out:855,report:[6,39,890,892,906,924,930,936],repositori:897,repres:[3,22,35,44,874,885,889,900],represent:[22,44,49,347,348,401,409,410,802,821,834,835,872,885,899,903,907],representaton:796,reproduc:907,req:[22,27,38,252,333,334,362,505,835],req_pac:260,request:[3,4,6,8,9,10,15,16,17,20,21,22,23,24,25,26,29,34,36,37,38,41,44,47,49,156,173,202,230,231,236,242,248,260,267,274,283,284,334,362,381,406,504,506,507,619,667,685,741,748,749,796,798,821,835,843,887,889,890,899,900,901,906,909,910,912,918,919,924,927,930,934,936,941],request_fini:910,request_init:910,request_tim:871,requested_principal_nam:850,requir:[3,4,6,8,9,12,15,16,17,21,22,23,24,25,26,27,29,33,35,36,37,38,39,40,41,44,47,49,99,113,117,118,121,243,248,254,255,327,329,330,335,357,359,363,544,727,851,866,885,886,893,894,895,897,900,906,907,909,919,922,927,932,940,941],require_auth:[3,17,906],requires_hwauth:[3,24,919],requires_preauth:[3,5,15,24,26,36,38,41],requires_pwchang:[5,24],requisit:897,research:907,resembl:729,reserv:[898,907],reset:[3,9,24,36,47,160,389,906],resid:[16,40,47,891,907,939,940],residu:[22,40,155,322,886,920,922,941],resiz:409,resolut:[16,34,39,44,237,906,934],resolv:[16,34,49,267,322,886,895,906,931,934],resourc:[43,44,47,893,904],respect:[3,35,83,85,231,347,887,907,926],respond:[4,49,370,371,372,373,374,375,720,727,728,729,865,866,906,919],respons:[3,4,24,38,41,47,86,173,236,252,286,360,407,504,506,543,565,728,748,750,796,835,871,890,906,907,910,913,919,930,937,941],rest:[29,895],restart:[12,15,20,21,24,25,35,38,42],restor:[6,18,906],restrict:[3,5,15,20,22,24,49,231,907,916,918,930,934],restrict_anonymous_to_tgt:[21,38],restructuredtext:0,resubmit:930,result:[0,14,15,16,22,23,24,38,40,41,42,44,47,49,100,103,108,118,125,145,159,161,196,202,235,294,296,303,325,378,379,406,408,409,422,895,899,900,906,907,908,913,918,919,920,927,934,936],result_cod:[173,385,386],result_code_str:[173,385,386],result_str:[173,176,385,386],resum:24,resync:[4,9,24,906],resynchron:9,ret:[47,350],ret_as_repli:[239,240,241],ret_princ:392,ret_valu:[60,61],retain:[2,3,15,21,24,907,916,918,940],retir:[13,24,906],retransmit:895,retri:[21,37,40],retriev:[3,6,25,42,44,45,47,49,161,278,315,369,378,403,406,865,906,907],return_padata:919,return_pwd:364,retval:[50,51,52,54,56,57,62,63,64,65,66,67,68,69,70,72,73,74,75,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,121,122,123,125,126,127,130,131,133,134,135,136,138,140,142,143,146,148,150,151,152,153,154,155,156,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,221,224,230,231,234,236,238,242,243,245,255,267,268,269,271,272,273,274,275,278,279,280,281,282,283,284,285,286,287,289,292,293,294,295,296,297,301,302,303,305,306,307,308,309,310,311,313,315,316,318,319,320,321,322,323,324,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,347,348,350,351,352,353,355,357,358,359,360,361,362,363,364,365,366,367,376,377,378,379,380,381,385,386,387,388,390,392,393,394,395,397,398,399,400,401,403,404,405,406,407,408,409,410,411,412,416,911],reus:24,rev:[6,24,25],revers:[6,16,22,24,34,44,907,931],review:894,revis:907,revoc:[21,22],revok:[21,22,36],rewrit:890,rfc4120:30,rfc:[15,21,22,40,44,49,325,385,386,414,444,445,448,449,450,452,453,460,461,462,463,464,465,466,467,511,540,542,600,657,660,661,662,663,664,665,666,668,669,670,671,673,674,675,676,678,679,681,683,688,691,693,695,727,890,899,900,901,906,910],rhost:230,ricciardi:43,richard:907,ride:21,right:[5,20,21,24,101,104,295,297,816,898,907],risk:[15,27,31,47,890],rkt:11,rlen:[92,93,94,95],rlogin:934,roam:22,robbi:941,robin:16,robust:906,rock:[910,919],roll:24,rollback:15,rollov:[6,24],root:[8,12,15,16,18,20,21,22,33,35,891,895,926,934,939,940,941],rotat:39,round:[41,906,919],rout:35,routin:[22,859],royal:907,rpath:[893,895,933],rpc:[21,22,24,44,49,616,892,906,907],rpcbind:24,rsa:[21,22,38,473,474,478,481,482,483,907,930],rst:[11,897],rtime:835,rule:[3,16,20,22,24,29,40,44,157,934,936,939,940],run:[3,4,6,8,9,10,12,14,15,16,21,22,23,24,25,27,29,33,34,35,38,40,42,886,893,894,895,897,905,906,929,931,934,941],runstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],runtim:905,s2kparam:49,s2kparams_out:236,s4u2proxi:[44,899],s4u2self:[44,344,346,906,936],s4u:906,s4uself:21,s_address:813,safe:[22,29,49,330,359,730,885],safe_checksum_typ:22,safer:926,safest:927,sai:890,sake:934,sale:907,salt:[2,3,6,11,16,21,24,26,49,126,127,396,829,906],salt_out:236,salt_type_afs_length:778,salt_type_no_length:778,salttyp:[6,21,27,377],salttypep:397,sam:[686,688,689,906],samba:[29,906],same:[3,4,5,10,12,16,20,21,22,23,24,25,29,37,40,44,53,54,92,102,106,108,137,139,154,158,178,187,235,257,277,278,282,286,312,351,352,353,365,391,836,886,890,895,906,911,912,926,930,934],sampl:[12,16,23,35,892,907,926,927,934,937],san:[21,22,906],sandia:907,sasl:[3,5,21,24,44,906],sasl_authcid:3,sasl_authzid:3,sasl_mech:3,sasl_realm:3,satisfactori:26,satisfi:893,save:[38,41,67,84,528,529,900,906,919],sbin:[8,12,35,895,905],sbindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],scalar:900,scenario:[15,906],schedul:[15,24],schema:[23,25],schema_convert:14,scheme:40,schneier:906,sclient:[12,925,928],sclogin:21,scope:[5,24],screen:927,screensav:927,script:[3,4,10,24,35,892,893,895,906],search:[5,21,22,24,49,154,156,202,231,320,886,893,929,935],search_scop:[5,24],searchscop:[5,24],sec:[49,802,825,887],second:[3,10,21,22,24,29,37,38,40,44,45,53,54,106,156,230,235,273,274,326,351,352,353,364,365,388,389,391,412,734,797,813,815,835,864,874,885,887,890,899,900,903,911,927,930,934,941],second_ticket:[815,835,899],secondari:35,secret:[3,21,22,37,44,47,839,926],section:[3,10,20,23,24,29,34,35,36,38,40,42,44,49,120,325,414,600,674,675,676,890,893,894,899,900,906,922,923,934,939],sector:[6,24],secur:[3,7,15,16,21,22,23,24,26,31,32,35,38,40,42,44,47,257,564,891,892,906,907,924,927,941],securecooki:900,securid:[662,906],sed:895,see:[15,16,18,23,24,25,27,29,33,35,36,37,40,44,47,98,100,101,103,104,109,114,115,121,131,132,175,236,269,294,295,296,297,301,302,306,325,362,396,406,414,415,416,600,727,886,887,890,891,892,893,895,897,898,899,906,907,908,909,910,911,913,914,915,916,917,918,919,920,921,922,923,924,926,927],seed:[123,132,335,415],seed_length:[132,415],seen:890,segment:40,select:[6,15,22,24,29,44,47,49,118,303,362,372,886,895,906,912,914,930,934,939],self:[22,23],sell:907,semant:47,semfiajf42:21,send:[0,4,16,21,22,24,26,27,33,35,42,49,236,252,329,366,378,383,890,892,895,906,924,926,930,941],send_hook:384,sendauth:[12,35,49],sender:[330,335,813],sensit:257,sent:[6,21,24,26,37,38,42,44,378,384,855,890,893,900,906,919,927],sentenc:35,separ:[0,3,5,6,10,17,20,21,22,23,24,25,26,29,40,51,347,349,422,720,894,895,900,906,912,922,926,941],seq:864,seq_numb:[797,802],seqnumb:[70,75],sequenc:[26,38,49,67,79,81,84,330,331,335,359,361,362,363,521,528,797,802,864,891,899,900,903,912],sequence_count:862,sequenti:[49,319,804],seri:[39,49],serial:[9,44],serv:[4,22,24,906],server1:[5,24],server:[2,3,4,5,6,7,8,9,10,12,17,19,21,22,23,24,25,26,29,30,31,32,35,37,38,39,40,44,47,49,162,173,230,231,271,274,337,343,344,345,346,362,378,385,386,416,505,617,655,719,749,796,814,815,821,825,835,872,886,889,890,892,896,899,905,906,907,908,914,915,927,933,934,936,937,939,941],server_kei:[343,344],server_port:12,server_str:176,serverauth:22,servic:[2,3,5,8,10,12,16,17,20,21,22,23,25,29,30,32,33,34,35,44,49,173,231,242,252,267,271,272,274,333,334,366,385,416,643,644,645,727,867,886,890,892,899,906,907,908,913,921,927,930,936,939,941],service1:936,service2:936,service_loc:921,service_nam:930,service_passwd:[5,24],sesam:[47,691],session:[3,15,16,21,22,24,34,35,44,47,49,231,325,329,334,357,414,441,442,802,814,815,821,822,886,890,927,931,936,941],session_enctyp:[3,24],set:[0,3,4,5,6,15,16,17,19,20,21,22,23,24,25,26,27,29,30,32,33,34,35,36,38,39,40,41,42,44,45,47,49,63,69,70,74,75,78,79,99,103,123,146,149,156,157,164,168,170,231,236,260,286,287,293,296,310,322,329,330,335,355,357,359,362,363,364,372,376,380,390,407,409,410,411,422,546,720,736,854,855,865,886,887,895,906,912,919,920,926,927,929,930,931,934,940,941],set_cooki:[906,919],set_str:[24,27,37,38],setstr:[3,17],setuid:[42,941],setup:[24,35,123,893,906],sever:[3,16,17,21,22,24,25,38,40,886,890,892,893,895,899,911,941],sha1:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],sha256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],sha2:[21,906],sha384:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],sha:[15,21,22,906],shadowlastchang:23,shall:907,share:[0,15,22,24,29,47,334,895,911,912,922,926],sharealik:907,sharp:20,she:[927,940],shell:[3,5,24,35,42,906,926,927,933,939],shorter:22,shortest:199,shortli:[34,926],should:[0,2,3,4,5,6,10,12,14,15,16,18,21,22,23,24,25,26,27,29,30,33,34,35,38,39,40,44,47,72,86,145,155,230,252,256,262,276,286,313,322,331,334,345,362,364,368,369,407,729,849,854,855,874,885,886,887,891,893,895,899,901,906,907,908,910,911,912,916,917,918,919,921,922,923,926,927,930,934,936,941],show:[2,6,21,42,859,886,897,905,927,931],shown:[21,22,886],shrubberi:43,shutdown:25,sick:907,sid:[22,638,639],side:[23,24,44,366,378,890],sighup:[10,42],sign1:44,sign2:44,sign:[3,20,21,22,24,33,38,42,44,49,885,894,901,903,930,941],sign_onli:44,signal:10,signatur:[414,477,478,483,894,912,922],signedpath:[3,21,24],signific:[26,36],silent:931,similar:[6,22,30,44,93,106,114,115,127,130,131,253,301,302,303,305,306,330,333,344,346,348,352,367,409,410,419,421,906,911,921,927,934],similarli:[16,347,729,927],simpl:[5,12,18,24,108,423,886,890],simplest:[29,44,886,893],simpli:[29,37,38,41,44,47,728,893,912,926,927],simplifi:[258,906],simul:934,simultan:836,sinc:[3,12,15,16,18,22,23,24,38,49,334,724,874,885,899,912,919,940,941],singl:[0,3,15,21,22,24,25,27,29,33,35,38,40,41,44,47,49,196,325,348,411,700,895,906,912,919,934],site:[16,24,35,40,906,927,930,940],situat:[15,21,25,29,40,936],size:[9,21,22,24,25,38,42,49,98,99,101,104,115,117,131,193,197,295,297,302,306,364,409,411,816,895,903],size_return:364,size_t:[96,97,99,101,104,105,113,115,117,119,131,132,175,177,193,194,197,198,199,200,287,295,297,302,306,340,342,372,377,400,401,415],sizeof:[44,47,922],skei:[21,815],skew:[49,274,359,363,919,930],skip:[24,38,416,418,895],slack:40,slapd:[14,23],slaptest:14,slash:[347,941],slat:911,slightli:895,slot:[11,22],slotid:22,slow:890,slower:[15,25],small:57,smaller:[22,903],smard:22,smart:[21,22,906],sms:20,smtp:642,sname:[392,936],sni:906,sock_dgram:921,sock_stream:921,socket:[21,22,37,49,378,905,921],softwar:[15,16,22,25,26,29,43,47,895,907,924],solari:[32,893,895,906],solaris9ab:43,sole:22,solut:35,some:[2,3,6,15,21,22,24,25,29,30,32,35,38,39,40,42,47,49,100,123,154,157,294,392,755,886,887,890,892,893,894,895,896,905,906,911,915,922,924,926,927,930,939,941],someon:[18,22,35,926,927],someth:[12,15,21,39,890],sometim:[24,26,39,930],somewhat:[38,890],song:907,soon:[8,24],sophist:47,sort:39,sourc:[0,10,24,29,35,40,43,44,121,123,893,894,895,904,907,911,915,922,924,934],source_cache_nam:934,source_us:934,southern:907,space:[3,17,21,25,38,39,57,100,103,118,120,122,294,296,303,311,349,364,409,422,887,894],spake:[21,22,26,31,906,907],spake_preauth_group:[21,22,41],spake_preauth_ind:21,spake_preauth_kdc_challeng:[21,41],sparc:906,spawn:4,special:[21,24,29,36,44,410,648,704,886,890,906,907,912,930],specif:[3,4,6,10,15,19,20,21,22,23,24,25,27,35,40,44,49,50,57,158,320,322,366,367,412,729,886,887,889,895,897,906,907,911,916,921,927],specifi:[3,4,5,6,7,8,9,10,11,15,16,17,19,20,21,23,24,29,30,35,37,38,40,44,47,49,93,94,100,101,103,104,114,126,130,231,234,236,242,267,271,274,294,295,296,297,301,305,315,320,323,330,335,347,348,359,362,363,378,386,416,741,886,890,895,900,901,906,912,919,927,929,930,931,932,933,934,935,936,941],speed:[23,26],sphinx:897,sphinx_arg:897,spi:912,split:[3,40,906],spnego:[906,907],spnego_mech:907,spoof:[22,26,40],sprecif:894,spuriou:906,sqlite3:6,sqlite:6,squar:[21,22,29],src:[14,151,893,895,897,907],src_ctx:186,src_name:44,srcdir:897,srv:[22,34,35,40,906],srvtab:[11,889],ss_lib:895,sscope:[5,24],sserver:[1,937],ssh:[16,34,927,940,941],sshd:22,sshing:941,ssl:[23,30,38],sspi:906,stabl:[906,916,917,918,923],stage:[15,900,917],stai:[3,16],stale:[0,22,27],stamp:[6,9],stand:35,standalon:[8,42,906],standard:[3,6,9,15,21,24,38,42,44,889,906,907,933],standart:14,start:[0,3,4,6,8,10,14,15,16,20,21,22,23,24,25,27,32,38,42,49,814,822,835,873,886,891,893,901,906,927,934],start_tim:[242,267,282,930],starttim:[873,899],startup:[35,906],stash:[3,5,10,14,15,21,23,35,42,888,905],stash_fil:[6,24],stashfilenam:[5,6,24],stashsrvpw:[3,14,21,23,24],state:[6,9,15,21,35,47,49,79,100,101,103,104,294,295,296,297,836,900,905,906,907,908,910,911,913,916,917,919,920,921,922,923],statement:[907,936],statu:[3,826,906,907,909,912,931,934,936],stderr:[21,941],stdin:355,stdlib:922,stdout:[42,355],stduser:24,step:[6,14,15,16,24,35,38,934],steve:941,still:[3,4,6,10,15,21,22,24,33,34,35,36,40,151,276,893,906,930,934,936],stime:825,stockholm:907,stolen:927,stop:[4,10,25,911],storag:[47,49,58,59,83,85,162,177,194,199,200,287,364,377,401,886],store:[2,3,4,5,6,8,15,16,18,21,22,23,24,25,27,35,38,44,47,49,81,100,101,103,104,231,242,257,294,295,296,297,334,359,362,363,364,409,416,549,720,829,886,889,890,893,896,899,906,923,927,930,931,934],str:44,strategi:36,strcmp:922,strdup:922,stream:[8,12,21,35,37,44],strength:906,strengthen:15,strict:907,strictli:35,string2kei:15,string:[3,5,6,16,17,20,21,22,24,26,27,29,35,37,38,40,44,47,49,102,173,176,199,235,236,265,271,274,285,349,368,376,382,385,386,419,420,421,422,727,728,729,810,815,826,857,858,878,886,887,890,895,906,907,909,911,912,919,920,922,930,934],strip_realm:[21,37],strlcpy:907,strlen:[44,47],strong:[17,22,123],stronger:[15,17,22,27],strongest:[27,123],strptime:907,struct:[44,49,52,269,276,794,796,797,798,799,800,802,805,806,807,811,812,813,814,815,816,818,820,821,822,823,825,829,830,831,834,835,836,837,838,839,843,848,849,850,851,852,858,859,862,863,864,865,867,868,869,870,871,872,873,875,876,878,879,880,883,884,916,922],structur:[44,47,48,49,93,101,104,136,159,176,180,189,219,228,244,247,248,249,250,251,252,256,259,260,261,262,264,265,266,276,282,287,289,295,297,326,328,338,348,358,359,368,371,374,378,392,416,418,423,538,794,800,812,815,816,825,852,872,879,885,910,911,916,918,919,921],structuralobjectclass:14,studio:906,style:[3,22,24,40,419,420,421,638,640],sub:[5,22,24,892],subcommand:15,subdirectori:[22,29,892,897,905],subdomain:[40,939],subject:[0,21,22,24,38,907],subjectalternativenam:22,subjectaltnam:38,subjectkeyidentifi:38,subkei:[49,81,329,357,362,797,802],sublicens:907,submit:[27,44],subprocess:10,subregion:44,subschema:23,subscrib:924,subsect:[17,21,22,23,25,26,29,30,36,38,41],subsequ:[9,10,15,25,137,282,286,407,907],subsess:[27,334,442],subset:[40,892,895],substanti:907,substhtml:897,substitut:[22,35,38,907],subsystem:895,subtag:22,subtre:[3,5,21,23,24],subtree_dn_list:[5,24],succe:[21,22,35,44,47,416],succeed:[12,35],success:[3,6,8,21,24,25,26,36,47,50,51,57,63,65,66,68,70,73,74,75,77,78,79,80,82,83,85,86,87,88,89,90,91,92,93,94,96,97,98,99,100,101,103,104,105,106,107,108,109,112,113,114,115,116,117,118,119,120,121,122,123,125,126,127,130,131,133,134,135,136,138,142,143,145,146,148,150,151,152,153,155,156,158,159,160,161,162,164,165,166,167,168,170,171,172,173,174,176,177,179,180,181,182,183,184,185,187,188,189,190,191,192,194,196,199,200,221,224,230,231,234,236,238,242,243,245,255,267,268,269,271,272,273,274,275,278,279,280,281,282,283,284,285,286,287,289,293,294,295,296,297,301,302,303,305,306,307,308,310,311,313,315,316,319,320,321,322,323,326,327,328,329,330,331,332,333,334,335,336,337,339,340,341,342,345,347,348,350,355,357,358,359,360,361,362,363,364,366,367,377,378,379,380,381,385,386,387,388,392,393,394,395,397,398,399,400,401,403,404,405,406,407,408,409,410,411,412,416,418,621,826,890,910,913,923,934,936],successfulli:[3,6,12,24,36,44,47,252,418,854,855],sudan:907,sudden:21,sudo:14,suffici:[3,5,15,24,25,895],suffix:[29,44,895],suggest:[0,252],suit:[35,892,893,895,906],suitabl:[6,893,895,906,907,927],summar:931,summari:[8,9],sun:907,suncc:895,sunw_dbprop_en:24,sunw_dbprop_master_ulogs:24,sunw_dbprop_slave_pol:24,sunwaadm:43,supersed:[10,15],supervisor:10,supplement:21,suppli:[3,11,44,47,49,170,230,252,265,269,274,283,284,285,335,345,375,376,389,724,725,865,895,910,911,919],support:[3,4,6,10,21,22,24,25,26,27,38,40,41,44,47,49,156,164,254,260,381,389,390,544,745,886,888,892,893,894,895,899,900,906,907,910,911,912,919,924,930],supported_enctyp:[15,21,27,35,906],suppos:[927,940],suppress:[3,6,21,24,895,906,929,934,936],sure:[3,5,12,15,16,23,24,34,42,926,927,930],surpris:15,surround:29,surviv:[21,886],susec:825,swap:[35,40],sweden:907,swig:907,symbol:[6,347,893,894,897,905,911,912],symmetri:21,synchron:[9,15,16,22,25,35,42,49,278,406,719,906,919],syntact:22,syntax:[21,22,38,906],synthes:[384,854],synthet:[383,899],syria:907,sysadv6:43,sysconfdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941],sysdoc:43,syslog:[21,22,35,911],system:[3,6,15,16,20,21,22,24,25,30,33,34,35,36,37,38,39,42,44,47,49,57,123,137,148,176,289,385,386,388,399,684,687,690,865,886,890,891,892,893,894,906,907,911,920,924,926,927,929,930,940,941],systest:[3,24],t1417:43,t_mddriver:907,tab:[3,6,24,347,906],tabdump:906,tabl:[3,6,24,49,283,312,313,318,362,366,416,839,889,892,894,895,897,905,906,931],tabular:[6,906],tag:[21,22,35,899],tail:35,take:[10,15,20,21,22,24,26,27,29,33,40,42,44,45,47,92,125,127,329,379,720,816,887,906,908,917,926,927,934],taken:[6,15,40,252],talk:890,tamper:44,tape:33,tar:[893,894],target:[20,22,35,44,886,899,906],target_nam:44,target_princip:20,target_principal_nam:934,target_us:934,target_user_login_nam:934,task:[15,47,92],tcl:[893,895],tclpath:895,tcp:[8,10,12,16,21,22,24,30,35,38,40,286,407,906,921],team:924,teardown:893,technet:43,techniqu:[41,47],technolog:[898,907,941],tekniska:907,telegraph:907,telephon:907,tell:[4,10,893,926,927,933],telnet:[22,643,934],temp:[22,890],templat:892,temporari:[3,14,22,24,35,38,889,890,905,906],temporarili:3,ten:[34,927],tend:16,term:[3,15,24,26,27,38,42,728,886,889,906,907,910,919,936],termin:[4,10,49,180,202,227,237,238,247,268,329,355,357,364,369,409,892,922,934],ters:[3,24],test1:[3,24,887],test2:[3,24,887],test3:[3,24,887],test4:887,test:[3,9,10,12,15,22,24,38,49,892,895,897,906,907,930,937],test_html:897,testdir:42,testus:[3,24],texinfo:0,text:[6,24,29,37,38,47,176,368,816,825,859,900,933],tgt:[3,15,21,24,27,38,47,49,227,345,346,899,900,906,927,934],than:[3,4,5,6,10,12,15,16,20,21,22,24,25,26,27,29,33,36,38,39,40,44,57,237,286,378,407,886,890,893,900,903,906,910,912,926,930],thei:[3,6,9,15,16,21,22,24,29,34,35,38,39,40,42,44,47,236,378,720,836,885,886,889,893,895,899,906,919,926,927,938,941],them:[3,15,16,21,23,24,25,26,30,33,35,38,39,40,42,47,83,85,260,334,347,406,720,886,893,895,906,907,911,912,922,927,929,941],themselv:[6,24],theodor:907,theori:907,therebi:940,therefor:[23,24,26,40,899,919],thereof:907,thi:[0,2,3,4,5,6,8,9,10,11,12,14,15,16,18,20,21,22,23,24,25,26,27,28,29,33,34,35,36,37,38,39,40,41,42,44,47,49,50,51,56,58,59,60,61,62,63,68,69,70,72,73,74,75,77,78,79,82,83,85,86,87,88,89,90,93,94,99,100,101,102,103,104,105,106,108,114,115,117,118,120,121,123,125,126,127,130,131,134,137,138,140,142,145,151,153,154,156,159,160,161,162,165,170,171,172,174,176,178,179,180,181,182,184,185,187,188,189,190,199,201,202,205,206,207,208,209,210,212,213,214,215,216,219,222,223,228,235,242,243,248,250,252,253,259,260,261,265,267,268,269,271,272,273,274,277,278,279,282,283,284,285,286,294,295,296,297,301,302,303,305,306,313,322,325,327,328,329,330,331,333,334,335,337,338,343,344,345,346,348,355,358,359,360,361,362,363,364,366,367,371,374,376,378,379,381,383,385,386,388,389,390,392,399,403,404,406,407,409,410,412,414,416,418,419,421,717,718,719,720,724,725,726,728,821,839,873,874,885,886,890,891,892,893,894,895,899,900,904,905,906,907,908,910,912,914,916,917,918,919,920,922,923,924,926,927,929,930,931,933,934,936,940,941],think:[39,911,926],third:[22,29,37,38,899,906,907,941],thorough:40,those:[3,6,15,16,20,22,24,26,35,40,44,47,895,897,903,906,907,910,912,915,916,919,936,940,941],though:[15,893,927],thousand:25,thread:[25,836,886,895,906],threadsaf:292,three:[15,25,27,36,40,41,378,899,906,927,941],threeparamopen:778,threshold:24,through:[16,17,21,22,24,25,29,30,34,35,36,40,47,237,289,389,390,418,899,906,917,926,927],throughput:[21,25],thu:[24,890,895,934],ticket:[2,3,5,6,12,15,16,17,20,21,22,23,27,29,34,35,36,37,38,40,42,44,47,49,156,162,190,202,230,236,242,254,267,271,274,326,334,337,345,362,366,367,378,545,548,551,650,734,749,798,802,812,814,815,821,822,834,835,872,873,875,886,887,899,906,909,910,918,919,924,925,926,929,930,931,934,936,937,940,941],ticket_authdata:202,ticket_flag:[5,24,815,899],ticket_info:813,ticket_lifetim:[22,34],tied:917,tightli:[15,29,33,891],till:835,time:[0,2,3,5,6,9,10,14,15,16,20,21,22,23,24,25,29,35,36,37,38,40,42,44,45,49,137,149,161,170,231,235,242,252,267,282,362,401,724,741,742,797,813,814,815,821,822,835,839,873,885,886,888,890,891,895,896,899,900,905,906,907,912,918,926,927,930,931,934,941],time_offset:10,time_rec:[44,906],time_req:44,time_t:[6,874,885],timeofdai:412,timeout:[15,21,37],timeret:399,timestamp:[6,15,22,26,38,41,49,67,84,330,343,344,345,346,359,363,399,522,529,664,813,839,843,864,874,885,889,890,899,900,901,903,906,919,931],timestampp:398,titl:[892,907],tkt:815,tkt_flg_anonym:778,tkt_flg_enc_pa_rep:778,tkt_flg_forward:778,tkt_flg_hw_auth:778,tkt_flg_initi:778,tkt_flg_invalid:778,tkt_flg_may_postd:778,tkt_flg_ok_as_deleg:778,tkt_flg_postdat:778,tkt_flg_pre_auth:778,tkt_flg_proxi:778,tkt_flg_proxiabl:778,tkt_flg_renew:778,tkt_flg_transit_policy_check:778,tkt_life:[266,829],tktpolici:[3,5,24],tls:23,tls_cacert:23,tlyu:[3,24],tmp:[3,14,16,22,35,890,896,905,927,934,941],tmpbuild:893,tmpdir:[890,941],tmppolici:[5,24],todd:907,todo:926,token:[17,21,22,47,371,598,718,719,720,722,725,726,902,906,912,919,930],token_flag:870,token_id:868,token_len:44,tokenid:727,tokeninfo:[372,727,867],toler:22,tom:3,too:[3,24,57,101,104,120,274,295,297,311],tool:[6,23,24,892,894,906,911],toolkit:892,top:[10,40,886,893,894,897],top_srcdir:897,topic:[0,31,35],topolog:4,tort:907,tortiou:907,total:[21,26,930,934],toward:[0,24],tr_content:879,tr_type:879,trace:[49,878,906,941],trace_log:42,track:[3,6,9,24,36,890,924],trademark:907,tradit:[6,36],traffic:30,trail:[21,934],trailer:[44,49,538],transact:[25,941],transcript:900,transfer:[4,38],transform:895,transit:[21,22,25,362,541,550,667,685,822,879,927,930,931,936],transitori:15,translat:[22,57,906],transmiss:18,transmit:[24,44,286,407,906,919],transpar:941,transport:[24,40,286,407],travers:[6,24],treat:[3,22,37,44,55,345,353,699,874,899,930,936],treatment:40,tree:[0,14,23,24,25,35,894,895,897,912,915,922],tri:[21,22,26,45,362,416,913],trigger:890,trillium:[16,33,927],trim:[100,294],trip:[41,906,919],tripl:[15,21,906],trivial:[26,906],troubl:43,troubleshoot:[31,35],true_principal_nam:850,truncat:927,trust:[21,22,30,38,44,275,930],tryagain:910,tty04:21,tty:[5,24],tune:40,tupl:[3,24],turn:[8,16,22,25,34,36,41,355,364,895,934],twice:[3,24,25,35,899,917,926,932],two:[3,19,21,22,24,25,27,29,35,36,38,39,45,49,54,359,363,364,887,899,900,903,906,908,912,920,927,930,934],txt:[6,35,40],type:[2,3,5,6,10,16,17,22,24,26,29,31,33,35,39,40,45,47,49,96,99,100,101,103,104,105,109,113,114,115,116,117,121,125,126,127,130,131,154,155,156,164,167,191,196,202,230,231,236,287,294,295,296,297,301,302,305,306,315,316,320,322,335,337,339,392,423,501,541,647,671,739,745,789,802,810,816,821,843,845,848,857,858,872,874,879,880,885,889,893,896,899,900,901,903,906,908,910,911,915,916,917,918,919,920,921,922,923,926,927,930,931,934,940,941],typedef:[44,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884],typic:[4,16,21,22,27,34,39,40,44,47,99,260,272,897,905,908,910,911,916,917,919,923,936],u2u:936,ubuntu:[13,23,43,906],ucb:934,udp:[10,16,21,22,30,40,286,407,906,921],udp_preference_limit:22,uid:[22,44,886,905,934,940,941],uid_t:44,uidnumb:886,uint16_t:881,uint32_t:[874,882,885],uint8_t:847,uint_max:[758,759,777],ulog:[21,24],umich:907,unabl:[18,22,24],unaccept:890,unalloc:287,unam:29,unambigu:252,unansw:866,unauthent:33,unavail:[24,35,40],unchang:[3,15,16,934],unclean:25,uncommon:890,uncondition:[235,895],unconfigur:[40,897],undefin:[161,934],under:[3,5,6,10,21,22,23,24,39,158,162,890,893,906,907],underli:44,underneath:23,underscor:[22,907],understand:47,undertaken:0,unenc_authdata:835,unencapsul:906,unencrypt:[33,359,802,812,834,835],unescap:6,unfinish:919,unicod:907,unifi:0,unimpl:911,unimport:899,uninterrupt:15,uniqu:[3,16,49,272,416,644,646,886,912],unit:[887,895,907,927],univers:907,unix:[6,16,21,22,29,32,37,44,890,911,912,922],unkei:47,unknown:[12,42,616,899],unless:[2,3,6,11,15,20,21,22,24,27,29,33,35,40,44,320,389,416,418,891,906,920,934,938],unlik:[15,41,886,906,927],unlimit:907,unlink:[6,24],unlock:[24,36,49,150,171,172,906],unlockit:[3,21,24,25],unmodifi:[907,934],unnecessari:24,unpack:894,unpars:[44,49,409,411],unpleas:15,unport:907,unprint:[3,24],unqualifi:34,unquot:6,unrecogn:895,unrestrict:[33,891],unser:44,unset:[22,44,49,178,941],unsign:[92,93,94,95,98,112,117,121,286,316,364,407,409,411,794,800,803,807,818,837,842,846,848,880,885],unspecifi:[22,40,890],unstabl:917,unsuccess:38,unsupport:[38,895],unswapp:886,untest:895,until:[3,6,15,22,24,44,171,885,886,890,895,906,927],untrust:[44,941],unus:[152,355,378,906],unusu:[29,38],unwrap:[44,49],updat:[2,4,6,8,9,14,15,21,22,23,25,35,36,100,101,103,104,231,294,295,296,297,687,690,895,900,906,915,924],update_princ_encrypt:[15,24],update_rel:922,upgrad:[22,24,27,35,40],upn:[21,22,353,637,639,697,906],upon:[6,8,24,895,934],upper:[3,20,24,40,932],uppercas:[22,920,941],upstream:[24,895,906],upstreamhostnam:24,uri:[3,5,21,22,24,34,35,40,906],url:[21,25,30,40],usa:907,usabl:49,usag:[21,22,38,44,100,101,103,104,109,114,115,130,131,294,295,296,297,301,302,305,306,836,885,900,901,933,934,936],usc:934,use:[0,3,4,5,6,7,8,15,16,17,21,22,24,25,26,27,29,30,34,35,36,37,38,39,40,41,42,44,47,49,56,79,106,123,230,243,275,282,320,333,347,362,378,392,406,409,416,854,855,873,885,890,892,893,894,895,897,899,903,905,906,907,908,909,910,911,912,915,919,922,923,924,926,927,930,933,934,936,940,941],use_mkei:[15,24],usec:[802,813,825,864],used:[2,3,4,5,6,7,8,9,10,11,12,15,16,17,19,20,21,22,23,24,25,26,29,35,37,38,39,40,41,42,44,47,57,82,99,101,104,121,122,130,145,230,231,234,235,236,242,248,254,255,261,265,267,271,274,284,295,297,305,320,330,331,333,334,335,347,348,355,359,362,363,378,406,416,418,729,814,836,845,855,859,874,885,886,889,890,891,892,893,899,900,903,905,906,907,909,910,911,912,913,919,922,924,927,929,930,931,932,933,934,936,938,939,941],useful:[8,9,26,27,34,40,70,75,886,890,895,907,924,933,936,937,941],useless:15,user:[0,3,5,6,8,14,15,16,17,20,21,22,23,24,26,34,35,36,37,38,39,40,42,44,49,57,91,137,176,231,234,330,334,335,337,364,551,641,656,719,726,859,886,887,890,892,893,895,897,904,905,906,907,910,923,924,926,927,929,930,932,934,936,939,940,941],user_dn:[5,24],userconfig:22,userdata:[330,335],userid:[22,895],userinfo:43,usernam:[3,12,22,24,35,37,38,44,324,667,927,930],userok:920,userpassword:23,userpkcs12:23,userpolici:[5,24],userprincipalnam:21,uses:[2,3,4,8,15,16,19,20,21,22,24,25,27,29,36,37,38,40,41,44,46,102,123,253,333,385,386,408,419,421,874,886,890,899,900,901,903,906,922,932,933,941],using:[3,6,11,12,14,15,16,17,19,20,21,22,23,24,25,26,29,30,34,35,37,38,39,40,41,42,44,47,49,114,118,126,130,159,235,254,257,274,286,301,305,329,331,335,343,347,357,362,369,378,381,407,618,865,886,889,890,894,895,897,899,901,906,907,911,912,913,919,920,926,927,930,931,934,936,937,939,940,941],usr:[5,8,12,14,21,22,24,35,895,897,905,933,934],usual:[3,10,12,21,22,24,26,36,38,40,44,47,100,294,359,363,886,889,895,899,911,927,936,941],utf:[47,353,368,376,699,906,907],util:[14,24,35,40,48,893,895,907,929,941],uucp:21,v4_instance_convert:22,v4_realm:22,v4cred:52,v5cred:52,va_list:[49,93,95],vagu:895,val:[205,206,207,208,209,210,211,213,214,215,216,218,219,222,225,226,228,229],valid:[21,22,24,40,44,49,67,84,110,125,130,156,163,231,242,255,267,276,282,305,334,337,345,346,348,353,362,368,369,410,416,873,886,887,892,899,903,906,918,927,930,936,940,941],valid_int_bit:778,valid_uint_bit:778,valu:[3,5,6,10,14,15,16,17,20,21,22,23,24,25,26,27,29,34,35,37,38,40,44,47,49,67,84,118,126,127,137,154,156,159,173,231,252,255,259,270,276,303,337,371,372,374,378,389,391,400,711,717,718,720,722,727,729,785,786,787,826,830,843,854,855,874,885,886,887,889,890,895,896,897,899,900,901,903,906,910,912,919,920,922,927,929,930,931,933,934,939,941],valuabl:[47,907],vaniti:39,vararg:92,vari:[16,34,894,905,929,930],variabl:[2,3,4,5,6,7,8,9,10,11,12,16,17,20,21,22,24,25,26,31,35,36,38,40,41,42,44,49,94,137,142,158,276,289,389,390,886,889,890,896,906,922,923,929,930,931,932,934,935,936,937],variad:[92,419,421],variant:[24,895,906,912],varieti:27,variou:[15,31,44,362,892,896,906,927],vendor:[727,868,933],verbatim:907,verbos:[3,6,16,24,893,906,930],veri:[15,21,22,24,890,922],verif:[21,22,35,47,49,416,886,925,927],verifi:[5,21,22,24,35,38,44,49,248,359,360,361,362,363,364,890,894,910,919,926,927,934],verifier_cred_handl:912,verify_ap_req_nofail:22,versa:[38,906],version:[0,2,3,5,6,9,10,15,16,21,22,24,25,30,39,44,45,49,158,235,254,315,320,366,378,616,712,810,812,834,839,872,885,889,893,894,895,897,899,901,903,906,907,911,917,921,931,933,934,936,937],verto:[895,907],veto:918,via:[0,3,6,8,21,22,24,35,36,47,49,281,389,405,815,906,914,934,940],vice:[38,906],view:[8,24,35,925],view_polici:24,viola:16,virtual:[16,22],visibl:[15,24,26,906],visit:927,vista:[27,906],visual:906,vnder:15,vno:[3,15,24,315,320,839],volum:906,vopt:47,vpath:[893,894],vprintf:[419,420,421],vtabl:[910,911,919,922],vulner:[15,24,33,47,906,924],wai:[22,24,29,40,44,47,127,243,257,378,885,886,887,889,895,897,906,907,915,920,926,927,939],wait:[8,21,24,40],wake:16,walk:[6,24,926],want:[3,24,29,35,545,551,893,921,926,927,934],warn:[3,14,24,35,252,897,906,907],warranti:907,wasn:45,weak:[15,21,22,27,42],web:[35,886,906],wed:24,week:[5,24],weight:40,well:[15,22,24,35,39,44,47,344,346,648,892,895,906,913],wellknown:[38,47,503,752],went:927,were:[15,16,22,35,44,416,618,886,906,907,927],what:[6,15,20,21,22,24,27,39,44,890,910,911,919,923,926,927,933],whatev:40,whatsoev:907,when:[3,4,6,8,9,10,12,15,16,17,18,21,22,23,24,27,29,30,34,35,37,38,39,40,41,42,44,47,50,66,68,69,73,74,77,78,79,80,86,92,93,94,112,114,116,126,127,133,137,142,144,146,153,156,157,167,168,176,179,180,181,182,183,184,185,187,188,189,190,201,202,231,234,235,236,237,238,242,243,257,261,265,267,268,272,275,279,282,287,289,293,301,315,320,322,323,326,328,331,332,333,334,335,336,339,341,342,343,347,348,355,357,358,360,362,363,364,366,378,392,404,406,408,410,727,728,729,886,889,890,895,897,899,905,906,908,912,913,917,920,922,923,924,926,927,929,930,931,933,934,936,939,941],whenev:47,where:[3,4,6,7,8,15,16,18,21,22,23,24,26,29,40,44,47,322,392,885,886,889,890,893,894,895,900,906,911,927,930,934,941],whether:[4,6,8,10,15,21,22,27,29,36,37,44,47,49,106,230,248,249,250,252,256,260,262,324,409,894,900,906,907,909,916,923,927,934],which:[3,4,5,6,7,8,9,10,11,12,14,15,16,20,21,22,23,24,25,26,29,30,34,35,36,37,38,39,40,41,42,44,47,127,170,180,202,236,237,252,257,287,315,334,335,359,362,363,369,371,374,375,873,874,885,886,889,890,892,893,894,895,896,899,900,901,903,905,906,907,908,910,911,912,915,916,917,918,919,921,922,923,927,933,934,936,939,940,941],whichev:16,whitespac:[3,21,22,24],who:[0,5,17,21,24,26,35,38,926,927],whoami:911,whole:[24,38,142,158,345],whom:[907,926],whose:[3,5,10,16,18,20,22,24,35,39,41,44,47,133,224,236,899,903,927,940],wicker:911,wicker_appear:911,wicker_brac:911,wicker_construct:911,wicker_foot:911,wicker_materi:911,wicker_slat:911,wide:[22,30,37],wiki:[893,906],wild:[3,24],wildcard:[20,21,906,939],willi:15,willing:[21,22,27],win:907,winbind:29,winbind_krb5_loc:29,window:[22,27,29,30,385,386,637,639,677,693,886,890,892,906,911,912,922,927],wish:[17,22,35,40,44,257,893,894,895,896,907,912,923,926,927,941],with_realm:[344,346],within:[3,16,21,22,24,25,35,36,40,44,49,133,157,259,268,359,363,368,376,389,836,901,906,907,912,930,939,941],without:[3,8,15,20,21,22,24,25,29,33,35,36,37,38,44,134,371,374,538,855,886,893,895,906,907,926,927,934,941],wkt:11,won:[22,38,927],worcest:907,word:[22,35,927],work:[2,3,4,6,22,24,35,36,37,40,41,44,886,895,906,907,919,920,924,926,927,941],workaround:39,workdai:34,worker:[10,25],workflow:15,workstat:47,worri:[23,893,941],wors:22,worst:15,worth:33,would:[6,15,17,18,21,22,24,26,29,33,35,38,39,40,41,44,47,891,906,912,926,927,933,940,941],wrap:[24,49,325,912],wrapper:[878,900,901],wrfile:15,writabl:[35,321,922],write:[0,6,8,10,11,21,22,23,24,25,29,35,36,258,355,390,886,890,906,911,922,941],writeabl:307,writer:0,written:[3,4,158,839,889,907],wrong:[36,38,907,927,934],wsgi:30,wst:11,www7:43,www:[23,43,897,906],x11r6:893,x509:[38,906,930],x509_anchor:[22,930],x509_proxi:22,x509_proxy_ca:22,x509_user_ident:[17,22,930],x86:[895,906],x86_64:[895,906],xconsortium:893,xml:897,xore:[22,362],xvm:15,xyz:941,yacc:895,yarrow:906,year:[46,887,906],yes:[3,5,24,895,930],yet:[6,22,24,35,38,39,886,895,915,927],yflag:895,yield:919,you:[0,3,4,5,10,12,14,16,17,18,21,22,23,24,25,29,33,34,35,36,38,40,41,42,726,887,891,893,894,895,896,897,907,924,926,927,929,934,941],your:[0,12,18,21,22,24,27,33,34,35,38,40,893,894,895,907,915,925,927,929,938,941],your_princnam:38,your_realmnam:38,yourdir:35,yourself:[927,941],yymmddhhmmss:887,yyyi:887,yyyymmddhhmmss:887,zanarotti:47,zephyr:[15,907],zero:[3,22,25,40,44,45,49,123,130,131,248,252,267,268,291,305,306,315,729,731,854,899,900,903,906,911],zone:[15,40,887],zonetest:15},titles:["Contributing to the MIT Kerberos Documentation","Administration programs","k5srvutil","kadmin","kadmind","kdb5_ldap_util","kdb5_util","kprop","kpropd","kproplog","krb5kdc","ktutil","sserver","Advanced topics","LDAP backend on Ubuntu 10.4 (lucid)","Retiring DES","Application servers","Authentication indicators","Backups of secure hosts","Configuration Files","kadm5.acl","kdc.conf","krb5.conf","Configuring Kerberos with OpenLDAP back-end","Database administration","Database types","Addressing dictionary attack risks","Encryption types","Environment variables","Host configuration","HTTPS proxy configuration","For administrators","Installation guide","UNIX Application Servers","Installing and configuring UNIX client machines","Installing KDCs","Account lockout","OTP Preauthentication","PKINIT configuration","Principal names and DNS","Realm configuration decisions","SPAKE Preauthentication","Troubleshooting","Various links","Developing with GSSAPI","Differences between Heimdal and MIT Kerberos API","For application developers","Initial credentials","Principal manipulation and parsing","krb5 API","krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.","krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.","krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.","krb5_address_compare - Compare two Kerberos addresses.","krb5_address_order - Return an ordering of the specified addresses.","krb5_address_search - Search a list of addresses for a specified address.","krb5_allow_weak_crypto - Allow the appplication to override the profile\u2019s allow_weak_crypto setting.","krb5_aname_to_localname - Convert a principal name to a local name.","krb5_anonymous_principal - Build an anonymous principal.","krb5_anonymous_realm - Return an anonymous realm data.","krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.","krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf.","krb5_auth_con_free - Free a krb5_auth_context structure.","krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket.","krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context.","krb5_auth_con_getaddrs - Retrieve address fields from an auth context.","krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context.","krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.","krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock.","krb5_auth_con_getkey_k - Retrieve the session key from an auth context.","krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context.","krb5_auth_con_getlocalsubkey","krb5_auth_con_getrcache - Retrieve the replay cache from an auth context.","krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context.","krb5_auth_con_getremotesubkey","krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.","krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.","krb5_auth_con_init - Create and initialize an authentication context.","krb5_auth_con_initivector - Cause an auth context to use cipher state.","krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.","krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.","krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context.","krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.","krb5_auth_con_setports - Set local and remote port fields in an auth context.","krb5_auth_con_setrcache - Set the replay cache in an auth context.","krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.","krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context.","krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock.","krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context.","krb5_auth_con_setuseruserkey - Set the session key in an auth context.","krb5_build_principal - Build a principal name using null-terminated strings.","krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list.","krb5_build_principal_ext - Build a principal name using length-counted strings.","krb5_build_principal_va","krb5_c_block_size - Return cipher block size.","krb5_c_checksum_length - Return the length of checksums for a checksum type.","krb5_c_crypto_length - Return a length of a message field specific to the encryption type.","krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array.","krb5_c_decrypt - Decrypt data using a key (operates on keyblock).","krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock).","krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+).","krb5_c_encrypt - Encrypt data using a key (operates on keyblock).","krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).","krb5_c_encrypt_length - Compute encrypted data length.","krb5_c_enctype_compare - Compare two encryption types.","krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state() .","krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.","krb5_c_init_state - Initialize a new cipher state.","krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof.","krb5_c_is_keyed_cksum - Test whether a checksum type is keyed.","krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type.","krb5_c_keylengths - Return length of the specified key in bytes.","krb5_c_make_checksum - Compute a checksum (operates on keyblock).","krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock)","krb5_c_make_random_key - Generate an enctype-specific random encryption key.","krb5_c_padding_length - Return a number of padding octets.","krb5_c_prf - Generate enctype-specific pseudo-random bytes.","krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type.","krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+.","krb5_c_random_add_entropy - Add entropy to the pseudo-random number generator.","krb5_c_random_make_octets - Generate pseudo-random bytes.","krb5_c_random_os_entropy - Collect entropy from the OS if possible.","krb5_c_random_seed","krb5_c_random_to_key - Generate an enctype-specific key from random data.","krb5_c_string_to_key - Convert a string (such a password) to a key.","krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters.","krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type.","krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type.","krb5_c_verify_checksum - Verify a checksum (operates on keyblock).","krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock).","krb5_calculate_checksum","krb5_cc_cache_match - Find a credential cache with a specified client principal.","krb5_cc_close - Close a credential cache handle.","krb5_cc_copy_creds - Copy a credential cache.","krb5_cc_default - Resolve the default credential cache name.","krb5_cc_default_name - Return the name of the default credential cache.","krb5_cc_destroy - Destroy a credential cache.","krb5_cc_dup - Duplicate ccache handle.","krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries.","krb5_cc_gen_new","krb5_cc_get_config - Get a configuration value from a credential cache.","krb5_cc_get_flags - Retrieve flags from a credential cache structure.","krb5_cc_get_full_name - Retrieve the full name of a credential cache.","krb5_cc_get_name - Retrieve the name, but not type of a credential cache.","krb5_cc_get_principal - Get the default principal of a credential cache.","krb5_cc_get_type - Retrieve the type of a credential cache.","krb5_cc_initialize - Initialize a credential cache.","krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache.","krb5_cc_lock - Lock a credential cache.","krb5_cc_move - Move a credential cache.","krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name.","krb5_cc_next_cred - Retrieve the next entry from the credential cache.","krb5_cc_remove_cred - Remove credentials from a credential cache.","krb5_cc_resolve - Resolve a credential cache name.","krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache.","krb5_cc_select - Select a credential cache to use with a server principal.","krb5_cc_set_config - Store a configuration value in a credential cache.","krb5_cc_set_default_name - Set the default credential cache name.","krb5_cc_set_flags - Set options flags on a credential cache.","krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache.","krb5_cc_store_cred - Store credentials in a credential cache.","krb5_cc_support_switch - Determine whether a credential cache type supports switching.","krb5_cc_switch - Make a credential cache the primary cache for its collection.","krb5_cc_unlock - Unlock a credential cache.","krb5_cccol_cursor_free - Free a credential cache collection cursor.","krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.","krb5_cccol_cursor_next - Get the next credential cache in the collection.","krb5_cccol_have_content - Check if the credential cache collection contains any credentials.","krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache.","krb5_cccol_lock - Acquire a global lock for credential caches.","krb5_cccol_unlock - Release a global lock for credential caches.","krb5_change_password - Change a password for an existing Kerberos account.","krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.","krb5_checksum_size","krb5_chpw_message - Get a result message for changing or setting a password.","krb5_cksumtype_to_string - Convert a checksum type to a string.","krb5_clear_error_message - Clear the extended error message in a context.","krb5_copy_addresses - Copy an array of addresses.","krb5_copy_authdata - Copy an authorization data list.","krb5_copy_authenticator - Copy a krb5_authenticator structure.","krb5_copy_checksum - Copy a krb5_checksum structure.","krb5_copy_context - Copy a krb5_context structure.","krb5_copy_creds - Copy a krb5_creds structure.","krb5_copy_data - Copy a krb5_data object.","krb5_copy_error_message - Copy the most recent extended error message from one context to another.","krb5_copy_keyblock - Copy a keyblock.","krb5_copy_keyblock_contents - Copy the contents of a keyblock.","krb5_copy_principal - Copy a principal.","krb5_copy_ticket - Copy a krb5_ticket structure.","krb5_decode_authdata_container - Unwrap authorization data.","krb5_decode_ticket - Decode an ASN.1-formatted ticket.","krb5_decrypt","krb5_deltat_to_string - Convert a relative time value to a string.","krb5_eblock_enctype","krb5_encode_authdata_container - Wrap authorization data in a container.","krb5_encrypt","krb5_encrypt_size","krb5_enctype_to_name - Convert an encryption type to a name or alias.","krb5_enctype_to_string - Convert an encryption type to a string.","krb5_expand_hostname - Canonicalize a hostname, possibly using name service.","krb5_find_authdata - Find authorization data elements.","krb5_finish_key","krb5_finish_random_key","krb5_free_addresses - Free the data stored in array of addresses.","krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure.","krb5_free_authdata - Free the storage assigned to array of authentication data.","krb5_free_authenticator - Free a krb5_authenticator structure.","krb5_free_checksum - Free a krb5_checksum structure.","krb5_free_checksum_contents - Free the contents of a krb5_checksum structure.","krb5_free_cksumtypes - Free an array of checksum types.","krb5_free_context - Free a krb5 library context.","krb5_free_cred_contents - Free the contents of a krb5_creds structure.","krb5_free_creds - Free a krb5_creds structure.","krb5_free_data - Free a krb5_data structure.","krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.","krb5_free_default_realm - Free a defaultrealm string returned by krb5_get_default_realm() .","krb5_free_enctypes - Free an array of encryption types.","krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() .","krb5_free_error_message - Free an error message generated by krb5_get_error_message() .","krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() .","krb5_free_keyblock - Free a krb5_keyblock structure.","krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure.","krb5_free_keytab_entry_contents - Free the contents of a key table entry.","krb5_free_principal - Free the storage assigned to a principal.","krb5_free_string - Free a string allocated by a krb5 function.","krb5_free_tgt_creds - Free an array of credential structures.","krb5_free_ticket - Free a ticket.","krb5_free_unparsed_name - Free a string representation of a principal.","krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.","krb5_get_credentials - Get an additional ticket.","krb5_get_credentials_renew","krb5_get_credentials_validate","krb5_get_default_realm - Retrieve the default realm.","krb5_get_error_message - Get the (possibly extended) error message for a code.","krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC.","krb5_get_fallback_host_realm","krb5_get_host_realm - Get the Kerberos realm names for a host.","krb5_get_in_tkt_with_keytab","krb5_get_in_tkt_with_password","krb5_get_in_tkt_with_skey","krb5_get_init_creds_keytab - Get initial credentials using a key table.","krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure.","krb5_get_init_creds_opt_free - Free initial credential options.","krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options.","krb5_get_init_creds_opt_init","krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options.","krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options.","krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options.","krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options.","krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options.","krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options.","krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options.","krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options.","krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options.","krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options.","krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options.","krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket.","krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options.","krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options.","krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options.","krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options.","krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options.","krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options.","krb5_get_init_creds_password - Get initial credentials using a password.","krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys.","krb5_get_profile - Retrieve configuration profile from the context.","krb5_get_prompt_types - Get prompt types array from a context.","krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential.","krb5_get_server_rcache - Generate a replay cache object for server use and open it.","krb5_get_time_offsets - Return the time offsets from the os context.","krb5_get_validated_creds - Get validated credentials from the KDC.","krb5_init_context - Create a krb5 library context.","krb5_init_context_profile - Create a krb5 library context using a specified profile.","krb5_init_creds_free - Free an initial credentials context.","krb5_init_creds_get - Acquire credentials using an initial credentials context.","krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context.","krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context.","krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context.","krb5_init_creds_init - Create a context for acquiring initial credentials.","krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials.","krb5_init_creds_set_password - Set a password for acquiring initial credentials.","krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials.","krb5_init_creds_step - Get the next KDC request for acquiring initial credentials.","krb5_init_keyblock - Initialize an empty krb5_keyblock .","krb5_init_random_key","krb5_init_secure_context - Create a krb5 library context using only configuration files.","krb5_is_config_principal - Test whether a principal is a configuration principal.","krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM.","krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support.","krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock.","krb5_k_decrypt - Decrypt data using a key (operates on opaque key).","krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key).","krb5_k_encrypt - Encrypt data using a key (operates on opaque key).","krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key).","krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero.","krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure.","krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure.","krb5_k_make_checksum - Compute a checksum (operates on opaque key).","krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key)","krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).","krb5_k_reference_key - Increment the reference count on a key.","krb5_k_verify_checksum - Verify a checksum (operates on opaque key).","krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key).","krb5_kt_add_entry - Add a new entry to a key table.","krb5_kt_client_default - Resolve the default client key table.","krb5_kt_close - Close a key table handle.","krb5_kt_default - Resolve the default key table.","krb5_kt_default_name - Get the default key table name.","krb5_kt_dup - Duplicate keytab handle.","krb5_kt_end_seq_get - Release a keytab cursor.","krb5_kt_free_entry","krb5_kt_get_entry - Get an entry from a key table.","krb5_kt_get_name - Get a key table name.","krb5_kt_get_type - Return the type of a key table.","krb5_kt_have_content - Check if a keytab exists and contains entries.","krb5_kt_next_entry - Retrieve the next entry from the key table.","krb5_kt_read_service_key - Retrieve a service key from a key table.","krb5_kt_remove_entry - Remove an entry from a key table.","krb5_kt_resolve - Get a handle for a key table.","krb5_kt_start_seq_get - Start a sequential retrieval of key table entries.","krb5_kuserok - Determine if a principal is authorized to log in as a local user.","krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data.","krb5_merge_authdata - Merge two authorization data lists into a new list.","krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.","krb5_mk_error - Format and encode a KRB_ERROR message.","krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.","krb5_mk_priv - Format a KRB-PRIV message.","krb5_mk_rep - Format and encrypt a KRB_AP_REP message.","krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC.","krb5_mk_req - Create a KRB_AP_REQ message.","krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.","krb5_mk_safe - Format a KRB-SAFE message.","krb5_os_localaddr - Return all interface addresses for this host.","krb5_pac_add_buffer - Add a buffer to a PAC handle.","krb5_pac_free - Free a PAC handle.","krb5_pac_get_buffer - Retrieve a buffer value from a PAC.","krb5_pac_get_types - Return an array of buffer types in a PAC handle.","krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle.","krb5_pac_parse - Unparse an encoded PAC into a new handle.","krb5_pac_sign - Sign a PAC.","krb5_pac_sign_ext - Sign a PAC, possibly with a specified realm.","krb5_pac_verify - Verify a PAC.","krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.","krb5_parse_name - Convert a string principal name to a krb5_principal structure.","krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags.","krb5_prepend_error_message - Add a prefix to the message for an error code.","krb5_principal2salt - Convert a principal name into the default salt for that principal.","krb5_principal_compare - Compare two principals.","krb5_principal_compare_any_realm - Compare two principals ignoring realm components.","krb5_principal_compare_flags - Compare two principals with additional flags.","krb5_process_key","krb5_prompter_posix - Prompt user for password.","krb5_random_key","krb5_rd_cred - Read and validate a KRB-CRED message.","krb5_rd_error - Decode a KRB-ERROR message.","krb5_rd_priv - Process a KRB-PRIV message.","krb5_rd_rep - Parse and decrypt a KRB_AP_REP message.","krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC.","krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.","krb5_rd_safe - Process KRB-SAFE message.","krb5_read_password - Read a password from keyboard input.","krb5_realm_compare - Compare the realms of two principals.","krb5_recvauth - Server function for sendauth protocol.","krb5_recvauth_version - Server function for sendauth protocol with version parameter.","krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context.","krb5_responder_list_questions - List the question names contained in the responder context.","krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge() .","krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct.","krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question.","krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge() .","krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct.","krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity.","krb5_responder_set_answer - Answer a named question in the responder context.","krb5_salttype_to_string - Convert a salt type to a string.","krb5_sendauth - Client function for sendauth protocol.","krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table.","krb5_set_default_realm - Override the default realm for the specified context.","krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure.","krb5_set_error_message - Set an extended error message for an error code.","krb5_set_kdc_recv_hook - Set a KDC post-receive hook function.","krb5_set_kdc_send_hook - Set a KDC pre-send hook function.","krb5_set_password - Set a password for a principal using specified credentials.","krb5_set_password_using_ccache - Set a password for a principal using cached credentials.","krb5_set_principal_realm - Set the realm field of a principal.","krb5_set_real_time - Set time offset field in a krb5_context structure.","krb5_set_trace_callback - Specify a callback function for trace events.","krb5_set_trace_filename - Specify a file name for directing trace events.","krb5_sname_match - Test whether a principal matches a matching principal.","krb5_sname_to_principal - Generate a full principal name from a service name.","krb5_string_to_cksumtype - Convert a string to a checksum type.","krb5_string_to_deltat - Convert a string to a delta time value.","krb5_string_to_enctype - Convert a string to an encryption type.","krb5_string_to_key","krb5_string_to_salttype - Convert a string to a salt type.","krb5_string_to_timestamp - Convert a string to a timestamp.","krb5_timeofday - Retrieve the current time with context specific time offset adjustment.","krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding.","krb5_timestamp_to_string - Convert a timestamp to a string.","krb5_tkt_creds_free - Free a TGS request context.","krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context.","krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context.","krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context.","krb5_tkt_creds_init - Create a context to get credentials from a KDC\u2019s Ticket Granting Service.","krb5_tkt_creds_step - Get the next KDC request in a TGS exchange.","krb5_unparse_name - Convert a krb5_principal structure to a string representation.","krb5_unparse_name_ext - Convert krb5_principal structure to string and length.","krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags.","krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags.","krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.","krb5_use_enctype","krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data.","krb5_verify_checksum","krb5_verify_init_creds - Verify initial credentials against a keytab.","krb5_verify_init_creds_opt_init - Initialize a credential verification options structure.","krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required.","krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list.","krb5_vset_error_message - Set an extended error message for an error code using a va_list.","krb5_vwrap_error_message - Add a prefix to a different error code\u2019s message using a va_list.","krb5_wrap_error_message - Add a prefix to a different error code\u2019s message.","Complete reference - API and datatypes","ADDRTYPE_ADDRPORT","ADDRTYPE_CHAOS","ADDRTYPE_DDP","ADDRTYPE_INET","ADDRTYPE_INET6","ADDRTYPE_IPPORT","ADDRTYPE_ISO","ADDRTYPE_IS_LOCAL","ADDRTYPE_NETBIOS","ADDRTYPE_XNS","AD_TYPE_EXTERNAL","AD_TYPE_FIELD_TYPE_MASK","AD_TYPE_REGISTERED","AD_TYPE_RESERVED","AP_OPTS_ETYPE_NEGOTIATION","AP_OPTS_MUTUAL_REQUIRED","AP_OPTS_RESERVED","AP_OPTS_USE_SESSION_KEY","AP_OPTS_USE_SUBKEY","AP_OPTS_WIRE_MASK","CKSUMTYPE_CMAC_CAMELLIA128","CKSUMTYPE_CMAC_CAMELLIA256","CKSUMTYPE_CRC32","CKSUMTYPE_DESCBC","CKSUMTYPE_HMAC_MD5_ARCFOUR","CKSUMTYPE_HMAC_SHA1_96_AES128","CKSUMTYPE_HMAC_SHA1_96_AES256","CKSUMTYPE_HMAC_SHA1_DES3","CKSUMTYPE_HMAC_SHA256_128_AES128","CKSUMTYPE_HMAC_SHA384_192_AES256","CKSUMTYPE_MD5_HMAC_ARCFOUR","CKSUMTYPE_NIST_SHA","CKSUMTYPE_RSA_MD4","CKSUMTYPE_RSA_MD4_DES","CKSUMTYPE_RSA_MD5","CKSUMTYPE_RSA_MD5_DES","ENCTYPE_AES128_CTS_HMAC_SHA1_96","ENCTYPE_AES128_CTS_HMAC_SHA256_128","ENCTYPE_AES256_CTS_HMAC_SHA1_96","ENCTYPE_AES256_CTS_HMAC_SHA384_192","ENCTYPE_ARCFOUR_HMAC","ENCTYPE_ARCFOUR_HMAC_EXP","ENCTYPE_CAMELLIA128_CTS_CMAC","ENCTYPE_CAMELLIA256_CTS_CMAC","ENCTYPE_DES3_CBC_ENV","ENCTYPE_DES3_CBC_RAW","ENCTYPE_DES3_CBC_SHA","ENCTYPE_DES3_CBC_SHA1","ENCTYPE_DES_CBC_CRC","ENCTYPE_DES_CBC_MD4","ENCTYPE_DES_CBC_MD5","ENCTYPE_DES_CBC_RAW","ENCTYPE_DES_HMAC_SHA1","ENCTYPE_DSA_SHA1_CMS","ENCTYPE_MD5_RSA_CMS","ENCTYPE_NULL","ENCTYPE_RC2_CBC_ENV","ENCTYPE_RSA_ENV","ENCTYPE_RSA_ES_OAEP_ENV","ENCTYPE_SHA1_RSA_CMS","ENCTYPE_UNKNOWN","KDC_OPT_ALLOW_POSTDATE","KDC_OPT_CANONICALIZE","KDC_OPT_CNAME_IN_ADDL_TKT","KDC_OPT_DISABLE_TRANSITED_CHECK","KDC_OPT_ENC_TKT_IN_SKEY","KDC_OPT_FORWARDABLE","KDC_OPT_FORWARDED","KDC_OPT_POSTDATED","KDC_OPT_PROXIABLE","KDC_OPT_PROXY","KDC_OPT_RENEW","KDC_OPT_RENEWABLE","KDC_OPT_RENEWABLE_OK","KDC_OPT_REQUEST_ANONYMOUS","KDC_OPT_VALIDATE","KDC_TKT_COMMON_MASK","KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","KRB5_ANONYMOUS_PRINCSTR","KRB5_ANONYMOUS_REALMSTR","KRB5_AP_REP","KRB5_AP_REQ","KRB5_AS_REP","KRB5_AS_REQ","KRB5_AUTHDATA_AND_OR","KRB5_AUTHDATA_AUTH_INDICATOR","KRB5_AUTHDATA_CAMMAC","KRB5_AUTHDATA_ETYPE_NEGOTIATION","KRB5_AUTHDATA_FX_ARMOR","KRB5_AUTHDATA_IF_RELEVANT","KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","KRB5_AUTHDATA_KDC_ISSUED","KRB5_AUTHDATA_MANDATORY_FOR_KDC","KRB5_AUTHDATA_OSF_DCE","KRB5_AUTHDATA_SESAME","KRB5_AUTHDATA_SIGNTICKET","KRB5_AUTHDATA_WIN2K_PAC","KRB5_AUTH_CONTEXT_DO_SEQUENCE","KRB5_AUTH_CONTEXT_DO_TIME","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","KRB5_AUTH_CONTEXT_PERMIT_ALL","KRB5_AUTH_CONTEXT_RET_SEQUENCE","KRB5_AUTH_CONTEXT_RET_TIME","KRB5_AUTH_CONTEXT_USE_SUBKEY","KRB5_CRED","KRB5_CRYPTO_TYPE_CHECKSUM","KRB5_CRYPTO_TYPE_DATA","KRB5_CRYPTO_TYPE_EMPTY","KRB5_CRYPTO_TYPE_HEADER","KRB5_CRYPTO_TYPE_PADDING","KRB5_CRYPTO_TYPE_SIGN_ONLY","KRB5_CRYPTO_TYPE_STREAM","KRB5_CRYPTO_TYPE_TRAILER","KRB5_CYBERSAFE_SECUREID","KRB5_DOMAIN_X500_COMPRESS","KRB5_ENCPADATA_REQ_ENC_PA_REP","KRB5_ERROR","KRB5_FAST_REQUIRED","KRB5_GC_CACHED","KRB5_GC_CANONICALIZE","KRB5_GC_CONSTRAINED_DELEGATION","KRB5_GC_FORWARDABLE","KRB5_GC_NO_STORE","KRB5_GC_NO_TRANSIT_CHECK","KRB5_GC_USER_USER","KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","KRB5_GET_INIT_CREDS_OPT_PROXIABLE","KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","KRB5_GET_INIT_CREDS_OPT_SALT","KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","KRB5_INIT_CONTEXT_KDC","KRB5_INIT_CONTEXT_SECURE","KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","KRB5_INT16_MAX","KRB5_INT16_MIN","KRB5_INT32_MAX","KRB5_INT32_MIN","KRB5_KEYUSAGE_AD_ITE","KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","KRB5_KEYUSAGE_AD_MTE","KRB5_KEYUSAGE_AD_SIGNEDPATH","KRB5_KEYUSAGE_APP_DATA_CKSUM","KRB5_KEYUSAGE_APP_DATA_ENCRYPT","KRB5_KEYUSAGE_AP_REP_ENCPART","KRB5_KEYUSAGE_AP_REQ_AUTH","KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","KRB5_KEYUSAGE_AS_REP_ENCPART","KRB5_KEYUSAGE_AS_REQ","KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","KRB5_KEYUSAGE_CAMMAC","KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","KRB5_KEYUSAGE_FAST_ENC","KRB5_KEYUSAGE_FAST_FINISHED","KRB5_KEYUSAGE_FAST_REP","KRB5_KEYUSAGE_FAST_REQ_CHKSUM","KRB5_KEYUSAGE_GSS_TOK_MIC","KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","KRB5_KEYUSAGE_IAKERB_FINISHED","KRB5_KEYUSAGE_KDC_REP_TICKET","KRB5_KEYUSAGE_KRB_CRED_ENCPART","KRB5_KEYUSAGE_KRB_ERROR_CKSUM","KRB5_KEYUSAGE_KRB_PRIV_ENCPART","KRB5_KEYUSAGE_KRB_SAFE_CKSUM","KRB5_KEYUSAGE_PA_AS_FRESHNESS","KRB5_KEYUSAGE_PA_FX_COOKIE","KRB5_KEYUSAGE_PA_OTP_REQUEST","KRB5_KEYUSAGE_PA_PKINIT_KX","KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","KRB5_KEYUSAGE_PA_SAM_RESPONSE","KRB5_KEYUSAGE_SPAKE","KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AUTH","KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","KRB5_KPASSWD_ACCESSDENIED","KRB5_KPASSWD_AUTHERROR","KRB5_KPASSWD_BAD_VERSION","KRB5_KPASSWD_HARDERROR","KRB5_KPASSWD_INITIAL_FLAG_NEEDED","KRB5_KPASSWD_MALFORMED","KRB5_KPASSWD_SOFTERROR","KRB5_KPASSWD_SUCCESS","KRB5_LRQ_ALL_ACCT_EXPTIME","KRB5_LRQ_ALL_LAST_INITIAL","KRB5_LRQ_ALL_LAST_RENEWAL","KRB5_LRQ_ALL_LAST_REQ","KRB5_LRQ_ALL_LAST_TGT","KRB5_LRQ_ALL_LAST_TGT_ISSUED","KRB5_LRQ_ALL_PW_EXPTIME","KRB5_LRQ_NONE","KRB5_LRQ_ONE_ACCT_EXPTIME","KRB5_LRQ_ONE_LAST_INITIAL","KRB5_LRQ_ONE_LAST_RENEWAL","KRB5_LRQ_ONE_LAST_REQ","KRB5_LRQ_ONE_LAST_TGT","KRB5_LRQ_ONE_LAST_TGT_ISSUED","KRB5_LRQ_ONE_PW_EXPTIME","KRB5_NT_ENTERPRISE_PRINCIPAL","KRB5_NT_ENT_PRINCIPAL_AND_ID","KRB5_NT_MS_PRINCIPAL","KRB5_NT_MS_PRINCIPAL_AND_ID","KRB5_NT_PRINCIPAL","KRB5_NT_SMTP_NAME","KRB5_NT_SRV_HST","KRB5_NT_SRV_INST","KRB5_NT_SRV_XHST","KRB5_NT_UID","KRB5_NT_UNKNOWN","KRB5_NT_WELLKNOWN","KRB5_NT_X500_PRINCIPAL","KRB5_PAC_CLIENT_INFO","KRB5_PAC_CREDENTIALS_INFO","KRB5_PAC_DELEGATION_INFO","KRB5_PAC_LOGON_INFO","KRB5_PAC_PRIVSVR_CHECKSUM","KRB5_PAC_SERVER_CHECKSUM","KRB5_PAC_UPN_DNS_INFO","KRB5_PADATA_AFS3_SALT","KRB5_PADATA_AP_REQ","KRB5_PADATA_AS_CHECKSUM","KRB5_PADATA_AS_FRESHNESS","KRB5_PADATA_ENCRYPTED_CHALLENGE","KRB5_PADATA_ENC_SANDIA_SECURID","KRB5_PADATA_ENC_TIMESTAMP","KRB5_PADATA_ENC_UNIX_TIME","KRB5_PADATA_ETYPE_INFO","KRB5_PADATA_ETYPE_INFO2","KRB5_PADATA_FOR_USER","KRB5_PADATA_FX_COOKIE","KRB5_PADATA_FX_ERROR","KRB5_PADATA_FX_FAST","KRB5_PADATA_GET_FROM_TYPED_DATA","KRB5_PADATA_NONE","KRB5_PADATA_OSF_DCE","KRB5_PADATA_OTP_CHALLENGE","KRB5_PADATA_OTP_PIN_CHANGE","KRB5_PADATA_OTP_REQUEST","KRB5_PADATA_PAC_REQUEST","KRB5_PADATA_PKINIT_KX","KRB5_PADATA_PK_AS_REP","KRB5_PADATA_PK_AS_REP_OLD","KRB5_PADATA_PK_AS_REQ","KRB5_PADATA_PK_AS_REQ_OLD","KRB5_PADATA_PW_SALT","KRB5_PADATA_REFERRAL","KRB5_PADATA_S4U_X509_USER","KRB5_PADATA_SAM_CHALLENGE","KRB5_PADATA_SAM_CHALLENGE_2","KRB5_PADATA_SAM_REDIRECT","KRB5_PADATA_SAM_RESPONSE","KRB5_PADATA_SAM_RESPONSE_2","KRB5_PADATA_SESAME","KRB5_PADATA_SPAKE","KRB5_PADATA_SVR_REFERRAL_INFO","KRB5_PADATA_TGS_REQ","KRB5_PADATA_USE_SPECIFIED_KVNO","KRB5_PRINCIPAL_COMPARE_CASEFOLD","KRB5_PRINCIPAL_COMPARE_ENTERPRISE","KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","KRB5_PRINCIPAL_COMPARE_UTF8","KRB5_PRINCIPAL_PARSE_ENTERPRISE","KRB5_PRINCIPAL_PARSE_IGNORE_REALM","KRB5_PRINCIPAL_PARSE_NO_REALM","KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","KRB5_PRINCIPAL_UNPARSE_DISPLAY","KRB5_PRINCIPAL_UNPARSE_NO_REALM","KRB5_PRINCIPAL_UNPARSE_SHORT","KRB5_PRIV","KRB5_PROMPT_TYPE_NEW_PASSWORD","KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","KRB5_PROMPT_TYPE_PASSWORD","KRB5_PROMPT_TYPE_PREAUTH","KRB5_PVNO","KRB5_REALM_BRANCH_CHAR","KRB5_RECVAUTH_BADAUTHVERS","KRB5_RECVAUTH_SKIP_VERSION","KRB5_REFERRAL_REALM","KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","KRB5_RESPONDER_OTP_FORMAT_DECIMAL","KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","KRB5_RESPONDER_QUESTION_OTP","KRB5_RESPONDER_QUESTION_PASSWORD","KRB5_RESPONDER_QUESTION_PKINIT","KRB5_SAFE","KRB5_SAM_MUST_PK_ENCRYPT_SAD","KRB5_SAM_SEND_ENCRYPTED_SAD","KRB5_SAM_USE_SAD_AS_KEY","KRB5_TC_MATCH_2ND_TKT","KRB5_TC_MATCH_AUTHDATA","KRB5_TC_MATCH_FLAGS","KRB5_TC_MATCH_FLAGS_EXACT","KRB5_TC_MATCH_IS_SKEY","KRB5_TC_MATCH_KTYPE","KRB5_TC_MATCH_SRV_NAMEONLY","KRB5_TC_MATCH_TIMES","KRB5_TC_MATCH_TIMES_EXACT","KRB5_TC_NOTICKET","KRB5_TC_OPENCLOSE","KRB5_TC_SUPPORTED_KTYPES","KRB5_TGS_NAME","KRB5_TGS_NAME_SIZE","KRB5_TGS_REP","KRB5_TGS_REQ","KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","KRB5_WELLKNOWN_NAMESTR","LR_TYPE_INTERPRETATION_MASK","LR_TYPE_THIS_SERVER_ONLY","MAX_KEYTAB_NAME_LEN","MSEC_DIRBIT","MSEC_VAL_MASK","SALT_TYPE_AFS_LENGTH","SALT_TYPE_NO_LENGTH","THREEPARAMOPEN","TKT_FLG_ANONYMOUS","TKT_FLG_ENC_PA_REP","TKT_FLG_FORWARDABLE","TKT_FLG_FORWARDED","TKT_FLG_HW_AUTH","TKT_FLG_INITIAL","TKT_FLG_INVALID","TKT_FLG_MAY_POSTDATE","TKT_FLG_OK_AS_DELEGATE","TKT_FLG_POSTDATED","TKT_FLG_PRE_AUTH","TKT_FLG_PROXIABLE","TKT_FLG_PROXY","TKT_FLG_RENEWABLE","TKT_FLG_TRANSIT_POLICY_CHECKED","VALID_INT_BITS","VALID_UINT_BITS","krb5 simple macros","krb524_convert_creds_kdc","krb524_init_ets","krb5_const","krb5_princ_component","krb5_princ_name","krb5_princ_realm","krb5_princ_set_realm","krb5_princ_set_realm_data","krb5_princ_set_realm_length","krb5_princ_size","krb5_princ_type","krb5_roundup","krb5_x","krb5_xc","krb5 types and structures","krb5_address","krb5_addrtype","krb5_ap_rep","krb5_ap_rep_enc_part","krb5_ap_req","krb5_auth_context","krb5_authdata","krb5_authdatatype","krb5_authenticator","krb5_boolean","krb5_cc_cursor","krb5_ccache","krb5_cccol_cursor","krb5_checksum","krb5_cksumtype","krb5_const_pointer","krb5_const_principal","krb5_context","krb5_cred","krb5_cred_enc_part","krb5_cred_info","krb5_creds","krb5_crypto_iov","krb5_cryptotype","krb5_data","krb5_deltat","krb5_enc_data","krb5_enc_kdc_rep_part","krb5_enc_tkt_part","krb5_encrypt_block","krb5_enctype","krb5_error","krb5_error_code","krb5_expire_callback_func","krb5_flags","krb5_get_init_creds_opt","krb5_gic_opt_pa_data","krb5_init_creds_context","krb5_int16","krb5_int32","krb5_kdc_rep","krb5_kdc_req","krb5_key","krb5_keyblock","krb5_keytab","krb5_keytab_entry","krb5_keyusage","krb5_kt_cursor","krb5_kvno","krb5_last_req_entry","krb5_magic","krb5_mk_req_checksum_func","krb5_msgtype","krb5_octet","krb5_pa_data","krb5_pa_pac_req","krb5_pa_server_referral_data","krb5_pa_svr_referral_data","krb5_pac","krb5_pointer","krb5_post_recv_fn","krb5_pre_send_fn","krb5_preauthtype","krb5_principal","krb5_principal_data","krb5_prompt","krb5_prompt_type","krb5_prompter_fct","krb5_pwd_data","krb5_rcache","krb5_replay_data","krb5_responder_context","krb5_responder_fn","krb5_responder_otp_challenge","krb5_responder_otp_tokeninfo","krb5_responder_pkinit_challenge","krb5_responder_pkinit_identity","krb5_response","krb5_ticket","krb5_ticket_times","krb5_timestamp","krb5_tkt_authent","krb5_tkt_creds_context","krb5_trace_callback","krb5_trace_info","krb5_transited","krb5_typed_data","krb5_ui_2","krb5_ui_4","krb5_verify_init_creds_opt","passwd_phrase_element","Year 2038 considerations for uses of krb5_timestamp","Credential cache","Supported date and time formats","Kerberos V5 concepts","keytab","replay cache","stash file","Organization of the source directory","Doing the build","Building Kerberos V5","Options to <em>configure</em>","osconf.hin","How to build this documentation from the source","Copyright","Credential cache file format","KDC cookie format","PKINIT freshness tokens","Protocols and file formats","Keytab file format","MIT Kerberos Documentation (1.17)","MIT Kerberos defaults","MIT Kerberos features","MIT Kerberos License information","Credential cache selection interface (ccselect)","PKINIT certificate authorization interface (certauth)","Client preauthentication interface (clpreauth)","General plugin concepts","GSSAPI mechanism interface","Host-to-realm interface (hostrealm)","For plugin module developers","Internal pluggable interfaces","kadmin authorization interface (kadm5_auth)","KADM5 hook interface (kadm5_hook)","KDC policy interface (kdcpolicy)","KDC preauthentication interface (kdcpreauth)","Local authorization interface (localauth)","Server location interface (locate)","Configuration interface (profile)","Password quality interface (pwqual)","Resources","For users","Password management","Ticket management","User commands","kdestroy","kinit","klist","kpasswd","krb5-config","ksu","kswitch","kvno","sclient","User config files",".k5identity",".k5login","kerberos"],titleterms:{"boolean":60,"byte":[113,118,120,122,303],"default":[15,29,37,136,137,146,159,234,308,310,311,350,380,381,886,889,890,905],"export":44,"function":[119,226,264,366,367,378,383,384,389],"import":44,"new":[109,152,243,307,326,342,934],"null":92,"public":[49,778,793],"return":[54,59,96,97,98,112,113,117,137,149,170,217,268,273,317,336,340,370,373],"switch":[35,163],"while":42,Adding:[15,16,24],DES:15,DNS:[16,39],Doing:893,For:[31,46,914,925],One:47,TGS:[381,402,403,404,405,407],THE:934,The:[15,33,37],Useful:14,Using:893,abbrevi:887,about:[24,33],absolut:887,acceptor:44,access:926,account:[36,173,926],acl:[20,35],acquir:[171,278,279,282,283,284,285,286,404],ad_type_extern:434,ad_type_field_type_mask:435,ad_type_regist:436,ad_type_reserv:437,add:[35,121,307,337,349,419,421,422],add_entri:11,add_mkei:6,add_polici:[3,24],add_princip:[3,24],addit:[32,127,231,353],address:[26,53,54,55,63,65,83,179,205,247,336],addrtype_addrport:424,addrtype_chao:425,addrtype_ddp:426,addrtype_inet6:428,addrtype_inet:427,addrtype_ipport:429,addrtype_is_loc:431,addrtype_iso:430,addrtype_netbio:432,addrtype_xn:433,adjust:399,admin:[40,42],administr:[1,24,31,35],advanc:13,advic:[33,39],aead:[44,101,104,295,297],against:416,alia:199,all:336,alloc:[107,219,221,226,243],allow:[56,174,251],allow_weak_crypto:56,also:[2,3,4,5,6,7,8,9,10,11,12,20,21,22,929,930,931,932,933,934,935,936,937,939,940,941],alter:886,ani:[169,170],anonym:[38,47,58,59,248],anoth:186,answer:[372,375,376],ap_opts_etype_negoti:438,ap_opts_mutual_requir:439,ap_opts_reserv:440,ap_opts_use_session_kei:441,ap_opts_use_subkei:442,ap_opts_wire_mask:443,api:[45,49,423,897],appdefault:[22,60,61],applic:[15,16,33,39,46],appplic:56,archiv:924,argument:93,ark:6,armor:[253,254],arrai:[99,115,131,179,205,207,211,218,227,270,302,306,329,340],ask:260,asn:192,assign:[207,225],attack:26,attribut:[44,341],auth:[63,64,65,66,68,69,70,72,73,74,75,77,78,80,81,82,83,85,86,87,88,89,90,91],authdata:915,authent:[17,24,42,66,79,207,934],author:[29,38,180,191,196,202,324,325,326,414,909,915,916,920,934,941],autoconf:893,avail:24,back:[18,23],backend:14,background:[0,890],backup:18,behavior:[20,39],berkelei:25,between:45,binari:893,block:96,buffer:[337,339,340],bug:941,build:[14,58,92,93,94,893,894,897],built:292,cach:[72,86,133,134,135,136,137,138,140,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,253,257,258,272,386,886,890,899,908],call:49,callback:[47,64,81,252,389],cannot:42,canonic:[39,201,249],capath:22,caus:80,ccach:[139,254,886],ccselect:[22,908],cert:42,certauth:[22,909],certif:[38,42,341,909],cf2:108,chain:42,challeng:368,chang:[24,173,176,250,926],change_password:[3,24],channel:924,check:[169,174,291,318],checksum:[64,81,82,97,110,111,112,114,115,128,130,131,177,211,301,302,305,306,393],choos:27,cipher:[80,96,107,109],cksumtype_cmac_camellia128:444,cksumtype_cmac_camellia256:445,cksumtype_crc32:446,cksumtype_descbc:447,cksumtype_hmac_md5_arcfour:448,cksumtype_hmac_sha1_96_aes128:449,cksumtype_hmac_sha1_96_aes256:450,cksumtype_hmac_sha1_des3:451,cksumtype_hmac_sha256_128_aes128:452,cksumtype_hmac_sha384_192_aes256:453,cksumtype_md5_hmac_arcfour:454,cksumtype_nist_sha:455,cksumtype_rsa_md4:456,cksumtype_rsa_md4_d:457,cksumtype_rsa_md5:458,cksumtype_rsa_md5_d:459,clean:893,clear:178,clear_list:11,client:[30,34,38,133,308,378,889,910],clock:[16,174],close:[134,309],clpreauth:[22,910],code:[235,349,382,419,420,421,422],collect:[123,164,166,167,168,169,886],collis:110,combin:108,command:[3,5,6,11,928],common:12,commonli:895,compar:[53,106,351,352,353,365],compat:27,complet:423,compon:352,comput:[105,108,114,301],concept:[888,911],conf:[21,22,35,60,61],config:[933,938],configur:[14,16,19,23,27,29,30,34,35,36,37,38,40,142,158,269,289,290,895,899,922],connect:[42,63],consider:[37,885],constrain:44,contain:[169,196,318,369],content:[19,32,188,210,213,216,223,224,894,914],context:[63,64,65,66,68,69,70,72,73,74,75,77,78,79,80,81,82,83,85,86,87,88,89,90,91,178,186,212,269,270,273,275,276,277,278,279,280,281,282,289,368,369,376,380,399,402,403,404,405,406,934],contribut:0,conveni:49,convert:[50,51,52,57,126,127,177,194,199,200,347,348,350,377,393,394,395,397,398,400,401,408,409,410,411],cooki:900,copi:[135,179,180,181,182,183,184,185,186,187,188,189,190,300],copyright:898,correct:16,count:[94,298,304],creat:[5,6,14,24,35,38,42,79,152,275,276,282,289,293,333,334,341,406,934],create_polici:5,cred:[230,327,329,357],credenti:[42,44,47,52,133,134,135,136,137,138,140,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,227,242,243,244,245,247,248,249,250,251,252,253,254,255,256,257,258,259,261,262,263,264,265,266,267,271,274,277,278,279,280,281,282,283,284,285,286,327,329,334,385,386,403,404,406,416,417,418,886,899,908],cross:24,current:[174,399],cursor:[166,313],daemon:35,dai:412,data:[59,100,101,102,103,104,105,125,180,191,196,202,205,207,216,293,294,295,296,297,325,326,368,414,915],databas:[3,14,15,18,24,25,35,40,915],datatyp:423,date:[24,887],db2:25,dbdefault:21,dbmodul:21,dce:[332,361],decis:40,declar:[794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884],decod:[192,358,371,374],decrement:298,decrypt:[100,101,294,295,360,361,362,379],defaultrealm:217,defin:37,del_str:3,deleg:44,delet:24,delete_entri:11,delete_polici:[3,24],delete_princip:[3,24],delta:394,deprec:[49,778],deriv:102,descript:[2,3,4,5,6,7,8,9,10,11,12,20,929,930,931,932,933,934,935,936,937,939,940,941],destroi:[5,6,24,138,927],destroy_polici:5,determin:[163,324],develop:[44,46,914],dictionari:26,differ:[24,45,421,422],direct:390,directli:49,directori:[892,893,895],discoveri:40,document:[0,887,897,904],domain_realm:22,dump:[6,24],duplic:[139,312],durat:887,dure:42,each:35,edit:35,effect:934,element:[115,131,202,302,306],empti:[287,341],encod:[325,328,342],encrypt:[21,27,42,98,103,104,105,106,112,116,119,129,199,200,218,251,268,296,297,331,332,381,395],enctyp:[27,116,118,125,236,293,299,303],enctype_aes128_cts_hmac_sha1_96:460,enctype_aes128_cts_hmac_sha256_128:461,enctype_aes256_cts_hmac_sha1_96:462,enctype_aes256_cts_hmac_sha384_192:463,enctype_arcfour_hmac:464,enctype_arcfour_hmac_exp:465,enctype_camellia128_cts_cmac:466,enctype_camellia256_cts_cmac:467,enctype_des3_cbc_env:468,enctype_des3_cbc_raw:469,enctype_des3_cbc_sha1:471,enctype_des3_cbc_sha:470,enctype_des_cbc_crc:472,enctype_des_cbc_md4:473,enctype_des_cbc_md5:474,enctype_des_cbc_raw:475,enctype_des_hmac_sha1:476,enctype_dsa_sha1_cm:477,enctype_md5_rsa_cm:478,enctype_nul:479,enctype_rc2_cbc_env:480,enctype_rsa_env:481,enctype_rsa_es_oaep_env:482,enctype_sha1_rsa_cm:483,enctype_unknown:484,end:23,entri:[140,153,224,307,315,318,319,321,323,899,903],entropi:[121,123],environ:[2,3,4,5,6,7,8,9,10,11,12,28,895,929,930,931,932,934,935,936,937,941],epoch:412,error:[12,42,178,186,219,220,235,280,349,358,382,419,420,421,422],event:[389,390],everi:161,exampl:[10,11,16,20,24,47,895,933,939,940],exchang:[42,407],execut:934,exist:[173,271,318],expans:22,expir:[42,252],extend:[178,186,235,382,420],fact:906,fail:[35,42],fast:[245,253,254,255],featur:[895,906],field:[65,84,85,98,216,387,388],file:[8,19,21,22,24,33,34,35,289,390,891,899,902,903,929,930,931,935,936,938],fill:[99,115,302],find:[133,202],fine:895,finish:140,firewal:16,flag:[67,84,143,160,245,248,249,250,255,256,262,348,353,410,411],format:[24,192,230,327,328,329,330,331,332,335,411,887,899,900,902,903],forward:[230,256],free:[62,107,166,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,244,277,298,338,370,373,402],frequent:[42,49],fresh:[38,901],from:[14,15,16,24,60,61,63,64,65,66,67,68,69,70,72,73,74,75,77,78,123,125,142,143,153,154,156,186,236,245,269,270,271,273,274,279,280,281,293,300,315,319,320,321,339,346,364,392,404,405,406,897,911],full:[144,392],gener:[38,63,116,118,120,121,122,125,220,272,303,392,905,911],get:[16,42,47,64,119,142,146,168,176,230,231,235,238,242,267,270,271,274,280,286,311,315,316,322,406,407],get_init_cr:47,get_polici:[3,24],get_princip:[3,24],get_str:3,getdat:887,given:368,global:[171,172],grant:[406,926],gssapi:[29,44,912],guid:32,handl:[134,139,309,312,322,337,338,340,341,342],has:42,header:[99,899],heimdal:45,hin:896,histori:[3,15,24,941],hit:298,hook:[383,384,917],host:[18,29,33,35,42,238,336,913],hostnam:[40,201],hostrealm:[22,913],how:897,http:30,ident:[22,375],ignor:352,includ:260,increment:[24,35,304],indic:17,inform:[16,22,24,890,907],initi:[42,44,47,79,109,148,242,243,244,245,247,248,249,250,251,252,253,254,255,256,257,258,259,261,262,263,264,265,266,267,277,278,279,280,281,282,283,284,285,286,287,416,417],input:[102,257,364],instal:[32,34,35,893,895,934],instanc:37,instruct:934,interact:47,interfac:[22,49,336,908,909,910,912,913,915,916,917,918,919,920,921,922,923],intern:[793,915],interoper:906,interpos:912,iov:[44,99,115,131,302,306],irc:924,issu:890,iter:167,its:164,k5ident:939,k5login:940,k5srvutil:2,kadm5:[20,917],kadm5_auth:[22,916],kadm5_hook:[22,917],kadmin:[3,24,916],kadmind:[4,911],kdb5_ldap_util:5,kdb5_util:6,kdb:915,kdc:[15,21,29,35,36,38,40,42,236,260,271,274,280,286,383,384,406,407,900,905,911,918,919],kdc_opt_allow_postd:485,kdc_opt_canonic:486,kdc_opt_cname_in_addl_tkt:487,kdc_opt_disable_transited_check:488,kdc_opt_enc_tkt_in_skei:489,kdc_opt_forward:[490,491],kdc_opt_postd:492,kdc_opt_proxi:[493,494],kdc_opt_renew:[495,496],kdc_opt_renewable_ok:497,kdc_opt_request_anonym:498,kdc_opt_valid:499,kdc_tkt_common_mask:500,kdcdefault:21,kdcissu:[325,414],kdcpolici:918,kdcpreauth:[22,919],kdestroi:[927,929],kei:[15,24,27,68,69,91,100,102,103,108,111,112,113,116,125,126,127,224,242,268,293,294,295,296,297,298,301,302,303,304,305,306,307,308,309,310,311,315,316,317,319,320,321,322,323,379,903],kerbero:[0,14,16,18,23,24,35,40,45,50,51,52,53,128,129,173,238,292,888,894,904,905,906,907,915,927,941],keyblock:[68,73,74,77,87,89,100,101,103,104,114,115,130,131,187,188,293,300],keyboard:364,keysalt:21,keytab:[16,33,35,39,283,312,313,318,416,889,903],kinit:[927,930],kldap:25,klist:[927,931],klmdb:25,known:[167,170],kpasswd:932,kprop:[7,42],kpropd:8,kproplog:9,krb524_convert_creds_kdc:779,krb524_init_et:780,krb5:[22,35,49,60,61,212,226,275,276,289,778,793,933],krb5_425_conv_princip:50,krb5_524_conv_princip:51,krb5_524_convert_cr:52,krb5_address:794,krb5_address_compar:53,krb5_address_ord:54,krb5_address_search:55,krb5_addrtyp:795,krb5_allow_weak_crypto:56,krb5_altauth_att_challenge_respons:501,krb5_aname_to_localnam:57,krb5_anonymous_princip:58,krb5_anonymous_princstr:502,krb5_anonymous_realm:59,krb5_anonymous_realmstr:503,krb5_ap_rep:[504,796],krb5_ap_rep_enc_part:[206,797],krb5_ap_req:[505,798],krb5_appdefault_boolean:60,krb5_appdefault_str:61,krb5_as_rep:506,krb5_as_req:507,krb5_auth_con_fre:62,krb5_auth_con_genaddr:63,krb5_auth_con_get_checksum_func:64,krb5_auth_con_getaddr:65,krb5_auth_con_getauthent:66,krb5_auth_con_getflag:67,krb5_auth_con_getkei:68,krb5_auth_con_getkey_k:69,krb5_auth_con_getlocalseqnumb:70,krb5_auth_con_getlocalsubkei:71,krb5_auth_con_getrcach:72,krb5_auth_con_getrecvsubkei:73,krb5_auth_con_getrecvsubkey_k:74,krb5_auth_con_getremoteseqnumb:75,krb5_auth_con_getremotesubkei:76,krb5_auth_con_getsendsubkei:77,krb5_auth_con_getsendsubkey_k:78,krb5_auth_con_init:79,krb5_auth_con_initivector:80,krb5_auth_con_set_checksum_func:81,krb5_auth_con_set_req_cksumtyp:82,krb5_auth_con_setaddr:83,krb5_auth_con_setflag:84,krb5_auth_con_setport:85,krb5_auth_con_setrcach:86,krb5_auth_con_setrecvsubkei:87,krb5_auth_con_setrecvsubkey_k:88,krb5_auth_con_setsendsubkei:89,krb5_auth_con_setsendsubkey_k:90,krb5_auth_con_setuseruserkei:91,krb5_auth_context:[62,67,84,799],krb5_auth_context_do_sequ:521,krb5_auth_context_do_tim:522,krb5_auth_context_generate_local_addr:523,krb5_auth_context_generate_local_full_addr:524,krb5_auth_context_generate_remote_addr:525,krb5_auth_context_generate_remote_full_addr:526,krb5_auth_context_permit_al:527,krb5_auth_context_ret_sequ:528,krb5_auth_context_ret_tim:529,krb5_auth_context_use_subkei:530,krb5_authdata:800,krb5_authdata_and_or:508,krb5_authdata_auth_ind:509,krb5_authdata_cammac:510,krb5_authdata_etype_negoti:511,krb5_authdata_fx_armor:512,krb5_authdata_if_relev:513,krb5_authdata_initial_verified_ca:514,krb5_authdata_kdc_issu:515,krb5_authdata_mandatory_for_kdc:516,krb5_authdata_osf_dc:517,krb5_authdata_sesam:518,krb5_authdata_signticket:519,krb5_authdata_win2k_pac:520,krb5_authdatatyp:801,krb5_authent:[181,208,802],krb5_boolean:803,krb5_build_princip:92,krb5_build_principal_alloc_va:93,krb5_build_principal_ext:94,krb5_build_principal_va:95,krb5_c_block_siz:96,krb5_c_checksum_length:97,krb5_c_crypto_length:98,krb5_c_crypto_length_iov:99,krb5_c_decrypt:100,krb5_c_decrypt_iov:101,krb5_c_derive_prfplu:102,krb5_c_encrypt:103,krb5_c_encrypt_iov:104,krb5_c_encrypt_length:105,krb5_c_enctype_compar:106,krb5_c_free_stat:107,krb5_c_fx_cf2_simpl:108,krb5_c_init_st:[107,109],krb5_c_is_coll_proof_cksum:110,krb5_c_is_keyed_cksum:111,krb5_c_keyed_checksum_typ:112,krb5_c_keylength:113,krb5_c_make_checksum:114,krb5_c_make_checksum_iov:115,krb5_c_make_random_kei:116,krb5_c_padding_length:117,krb5_c_prf:118,krb5_c_prf_length:119,krb5_c_prfplu:120,krb5_c_random_add_entropi:121,krb5_c_random_make_octet:122,krb5_c_random_os_entropi:123,krb5_c_random_se:124,krb5_c_random_to_kei:125,krb5_c_string_to_kei:126,krb5_c_string_to_key_with_param:127,krb5_c_valid_cksumtyp:128,krb5_c_valid_enctyp:129,krb5_c_verify_checksum:130,krb5_c_verify_checksum_iov:131,krb5_calculate_checksum:132,krb5_cc_cache_match:133,krb5_cc_close:134,krb5_cc_copy_cr:135,krb5_cc_cursor:804,krb5_cc_default:136,krb5_cc_default_nam:137,krb5_cc_destroi:138,krb5_cc_dup:139,krb5_cc_end_seq_get:140,krb5_cc_gen_new:141,krb5_cc_get_config:142,krb5_cc_get_flag:143,krb5_cc_get_full_nam:144,krb5_cc_get_nam:145,krb5_cc_get_princip:146,krb5_cc_get_typ:147,krb5_cc_initi:148,krb5_cc_last_change_tim:149,krb5_cc_lock:150,krb5_cc_move:151,krb5_cc_new_uniqu:152,krb5_cc_next_cr:153,krb5_cc_remove_cr:154,krb5_cc_resolv:155,krb5_cc_retrieve_cr:156,krb5_cc_select:157,krb5_cc_set_config:158,krb5_cc_set_default_nam:159,krb5_cc_set_flag:160,krb5_cc_start_seq_get:161,krb5_cc_store_cr:162,krb5_cc_support_switch:163,krb5_cc_switch:164,krb5_cc_unlock:165,krb5_ccach:805,krb5_cccol_cursor:806,krb5_cccol_cursor_fre:166,krb5_cccol_cursor_new:167,krb5_cccol_cursor_next:168,krb5_cccol_have_cont:169,krb5_cccol_last_change_tim:170,krb5_cccol_lock:171,krb5_cccol_unlock:172,krb5_change_password:173,krb5_check_clockskew:174,krb5_checksum:[182,209,210,807],krb5_checksum_s:175,krb5_chpw_messag:176,krb5_cksumtyp:808,krb5_cksumtype_to_str:177,krb5_clear_error_messag:178,krb5_const:781,krb5_const_point:809,krb5_const_princip:810,krb5_context:[183,381,388,811],krb5_copy_address:179,krb5_copy_authdata:180,krb5_copy_authent:181,krb5_copy_checksum:182,krb5_copy_context:183,krb5_copy_cr:184,krb5_copy_data:185,krb5_copy_error_messag:186,krb5_copy_keyblock:187,krb5_copy_keyblock_cont:188,krb5_copy_princip:189,krb5_copy_ticket:190,krb5_cred:[184,213,214,531,812,815],krb5_cred_enc_part:813,krb5_cred_info:814,krb5_crypto_iov:816,krb5_crypto_type_checksum:532,krb5_crypto_type_data:533,krb5_crypto_type_empti:534,krb5_crypto_type_head:535,krb5_crypto_type_pad:536,krb5_crypto_type_sign_onli:537,krb5_crypto_type_stream:538,krb5_crypto_type_trail:539,krb5_cryptotyp:817,krb5_cybersafe_secureid:540,krb5_data:[185,215,216,818],krb5_decode_authdata_contain:191,krb5_decode_ticket:192,krb5_decrypt:193,krb5_deltat:819,krb5_deltat_to_str:194,krb5_domain_x500_compress:541,krb5_eblock_enctyp:195,krb5_enc_data:820,krb5_enc_kdc_rep_part:821,krb5_enc_tkt_part:822,krb5_encode_authdata_contain:196,krb5_encpadata_req_enc_pa_rep:542,krb5_encrypt:197,krb5_encrypt_block:823,krb5_encrypt_s:198,krb5_enctyp:824,krb5_enctype_to_nam:199,krb5_enctype_to_str:200,krb5_error:[543,825],krb5_error_cod:826,krb5_expand_hostnam:201,krb5_expire_callback_func:827,krb5_fast_requir:544,krb5_find_authdata:202,krb5_finish_kei:203,krb5_finish_random_kei:204,krb5_flag:828,krb5_free_address:205,krb5_free_ap_rep_enc_part:206,krb5_free_authdata:207,krb5_free_authent:208,krb5_free_checksum:209,krb5_free_checksum_cont:210,krb5_free_cksumtyp:211,krb5_free_context:212,krb5_free_cr:214,krb5_free_cred_cont:213,krb5_free_data:215,krb5_free_data_cont:216,krb5_free_default_realm:217,krb5_free_enctyp:218,krb5_free_error:219,krb5_free_error_messag:220,krb5_free_host_realm:221,krb5_free_keyblock:222,krb5_free_keyblock_cont:223,krb5_free_keytab_entry_cont:224,krb5_free_princip:225,krb5_free_str:226,krb5_free_tgt_cr:227,krb5_free_ticket:228,krb5_free_unparsed_nam:229,krb5_fwd_tgt_cred:230,krb5_gc_cach:545,krb5_gc_canonic:546,krb5_gc_constrained_deleg:547,krb5_gc_forward:548,krb5_gc_no_stor:549,krb5_gc_no_transit_check:550,krb5_gc_user_us:551,krb5_get_credenti:231,krb5_get_credentials_renew:232,krb5_get_credentials_valid:233,krb5_get_default_realm:[217,234],krb5_get_error_messag:[220,235],krb5_get_etype_info:236,krb5_get_fallback_host_realm:237,krb5_get_host_realm:[221,238],krb5_get_in_tkt_with_keytab:239,krb5_get_in_tkt_with_password:240,krb5_get_in_tkt_with_skei:241,krb5_get_init_creds_keytab:242,krb5_get_init_creds_opt:829,krb5_get_init_creds_opt_address_list:552,krb5_get_init_creds_opt_alloc:243,krb5_get_init_creds_opt_anonym:553,krb5_get_init_creds_opt_canonic:554,krb5_get_init_creds_opt_chg_pwd_prmpt:555,krb5_get_init_creds_opt_etype_list:556,krb5_get_init_creds_opt_forward:557,krb5_get_init_creds_opt_fre:244,krb5_get_init_creds_opt_get_fast_flag:245,krb5_get_init_creds_opt_init:246,krb5_get_init_creds_opt_preauth_list:558,krb5_get_init_creds_opt_proxi:559,krb5_get_init_creds_opt_renew_lif:560,krb5_get_init_creds_opt_salt:561,krb5_get_init_creds_opt_set_address_list:247,krb5_get_init_creds_opt_set_anonym:248,krb5_get_init_creds_opt_set_canonic:249,krb5_get_init_creds_opt_set_change_password_prompt:250,krb5_get_init_creds_opt_set_etype_list:251,krb5_get_init_creds_opt_set_expire_callback:252,krb5_get_init_creds_opt_set_fast_ccach:253,krb5_get_init_creds_opt_set_fast_ccache_nam:254,krb5_get_init_creds_opt_set_fast_flag:255,krb5_get_init_creds_opt_set_forward:256,krb5_get_init_creds_opt_set_in_ccach:257,krb5_get_init_creds_opt_set_out_ccach:258,krb5_get_init_creds_opt_set_pa:259,krb5_get_init_creds_opt_set_pac_request:260,krb5_get_init_creds_opt_set_preauth_list:261,krb5_get_init_creds_opt_set_proxi:262,krb5_get_init_creds_opt_set_renew_lif:263,krb5_get_init_creds_opt_set_respond:264,krb5_get_init_creds_opt_set_salt:265,krb5_get_init_creds_opt_set_tkt_lif:266,krb5_get_init_creds_opt_tkt_lif:562,krb5_get_init_creds_password:267,krb5_get_permitted_enctyp:268,krb5_get_profil:269,krb5_get_prompt_typ:270,krb5_get_renewed_cr:271,krb5_get_server_rcach:272,krb5_get_time_offset:273,krb5_get_validated_cr:274,krb5_gic_opt_pa_data:830,krb5_init_context:275,krb5_init_context_kdc:563,krb5_init_context_profil:276,krb5_init_context_secur:564,krb5_init_creds_context:831,krb5_init_creds_fre:277,krb5_init_creds_get:278,krb5_init_creds_get_cr:279,krb5_init_creds_get_error:280,krb5_init_creds_get_tim:281,krb5_init_creds_init:282,krb5_init_creds_set_keytab:283,krb5_init_creds_set_password:284,krb5_init_creds_set_servic:285,krb5_init_creds_step:286,krb5_init_creds_step_flag_continu:565,krb5_init_keyblock:287,krb5_init_random_kei:288,krb5_init_secure_context:289,krb5_int16:832,krb5_int16_max:566,krb5_int16_min:567,krb5_int32:833,krb5_int32_max:568,krb5_int32_min:569,krb5_is_config_princip:290,krb5_is_referral_realm:291,krb5_is_thread_saf:292,krb5_k_create_kei:293,krb5_k_decrypt:294,krb5_k_decrypt_iov:295,krb5_k_encrypt:296,krb5_k_encrypt_iov:297,krb5_k_free_kei:298,krb5_k_key_enctyp:299,krb5_k_key_keyblock:300,krb5_k_make_checksum:301,krb5_k_make_checksum_iov:302,krb5_k_prf:303,krb5_k_reference_kei:304,krb5_k_verify_checksum:305,krb5_k_verify_checksum_iov:306,krb5_kdc_rep:834,krb5_kdc_req:835,krb5_kei:[293,299,300,836],krb5_keyblock:[222,223,287,837],krb5_keytab:838,krb5_keytab_entri:839,krb5_keyusag:840,krb5_keyusage_ad_it:570,krb5_keyusage_ad_kdcissued_cksum:571,krb5_keyusage_ad_mt:572,krb5_keyusage_ad_signedpath:573,krb5_keyusage_ap_rep_encpart:576,krb5_keyusage_ap_req_auth:577,krb5_keyusage_ap_req_auth_cksum:578,krb5_keyusage_app_data_cksum:574,krb5_keyusage_app_data_encrypt:575,krb5_keyusage_as_rep_encpart:579,krb5_keyusage_as_req:580,krb5_keyusage_as_req_pa_enc_t:581,krb5_keyusage_cammac:582,krb5_keyusage_enc_challenge_cli:583,krb5_keyusage_enc_challenge_kdc:584,krb5_keyusage_fast_enc:585,krb5_keyusage_fast_finish:586,krb5_keyusage_fast_rep:587,krb5_keyusage_fast_req_chksum:588,krb5_keyusage_gss_tok_m:589,krb5_keyusage_gss_tok_wrap_integ:590,krb5_keyusage_gss_tok_wrap_priv:591,krb5_keyusage_iakerb_finish:592,krb5_keyusage_kdc_rep_ticket:593,krb5_keyusage_krb_cred_encpart:594,krb5_keyusage_krb_error_cksum:595,krb5_keyusage_krb_priv_encpart:596,krb5_keyusage_krb_safe_cksum:597,krb5_keyusage_pa_as_fresh:598,krb5_keyusage_pa_fx_cooki:599,krb5_keyusage_pa_otp_request:600,krb5_keyusage_pa_pkinit_kx:601,krb5_keyusage_pa_s4u_x509_user_repli:602,krb5_keyusage_pa_s4u_x509_user_request:603,krb5_keyusage_pa_sam_challenge_cksum:604,krb5_keyusage_pa_sam_challenge_trackid:605,krb5_keyusage_pa_sam_respons:606,krb5_keyusage_spak:607,krb5_keyusage_tgs_rep_encpart_sesskei:608,krb5_keyusage_tgs_rep_encpart_subkei:609,krb5_keyusage_tgs_req_ad_sesskei:610,krb5_keyusage_tgs_req_ad_subkei:611,krb5_keyusage_tgs_req_auth:612,krb5_keyusage_tgs_req_auth_cksum:613,krb5_kpasswd_accessdeni:614,krb5_kpasswd_autherror:615,krb5_kpasswd_bad_vers:616,krb5_kpasswd_harderror:617,krb5_kpasswd_initial_flag_need:618,krb5_kpasswd_malform:619,krb5_kpasswd_softerror:620,krb5_kpasswd_success:621,krb5_kt_add_entri:307,krb5_kt_client_default:308,krb5_kt_close:309,krb5_kt_cursor:841,krb5_kt_default:310,krb5_kt_default_nam:311,krb5_kt_dup:312,krb5_kt_end_seq_get:313,krb5_kt_free_entri:314,krb5_kt_get_entri:315,krb5_kt_get_nam:316,krb5_kt_get_typ:317,krb5_kt_have_cont:318,krb5_kt_next_entri:319,krb5_kt_read_service_kei:320,krb5_kt_remove_entri:321,krb5_kt_resolv:322,krb5_kt_start_seq_get:323,krb5_kuserok:324,krb5_kvno:842,krb5_last_req_entri:843,krb5_lrq_all_acct_exptim:622,krb5_lrq_all_last_initi:623,krb5_lrq_all_last_renew:624,krb5_lrq_all_last_req:625,krb5_lrq_all_last_tgt:626,krb5_lrq_all_last_tgt_issu:627,krb5_lrq_all_pw_exptim:628,krb5_lrq_none:629,krb5_lrq_one_acct_exptim:630,krb5_lrq_one_last_initi:631,krb5_lrq_one_last_renew:632,krb5_lrq_one_last_req:633,krb5_lrq_one_last_tgt:634,krb5_lrq_one_last_tgt_issu:635,krb5_lrq_one_pw_exptim:636,krb5_magic:844,krb5_make_authdata_kdc_issu:325,krb5_merge_authdata:326,krb5_mk_1cred:327,krb5_mk_error:328,krb5_mk_ncred:329,krb5_mk_priv:330,krb5_mk_rep:331,krb5_mk_rep_dc:332,krb5_mk_req:333,krb5_mk_req_checksum_func:845,krb5_mk_req_extend:334,krb5_mk_safe:335,krb5_msgtype:846,krb5_nt_ent_principal_and_id:638,krb5_nt_enterprise_princip:637,krb5_nt_ms_princip:639,krb5_nt_ms_principal_and_id:640,krb5_nt_princip:641,krb5_nt_smtp_name:642,krb5_nt_srv_hst:643,krb5_nt_srv_inst:644,krb5_nt_srv_xhst:645,krb5_nt_uid:646,krb5_nt_unknown:647,krb5_nt_wellknown:648,krb5_nt_x500_princip:649,krb5_octet:847,krb5_os_localaddr:336,krb5_pa_data:848,krb5_pa_pac_req:849,krb5_pa_server_referral_data:850,krb5_pa_svr_referral_data:851,krb5_pac:852,krb5_pac_add_buff:337,krb5_pac_client_info:650,krb5_pac_credentials_info:651,krb5_pac_delegation_info:652,krb5_pac_fre:338,krb5_pac_get_buff:339,krb5_pac_get_typ:340,krb5_pac_init:341,krb5_pac_logon_info:653,krb5_pac_pars:342,krb5_pac_privsvr_checksum:654,krb5_pac_server_checksum:655,krb5_pac_sign:343,krb5_pac_sign_ext:344,krb5_pac_upn_dns_info:656,krb5_pac_verifi:345,krb5_pac_verify_ext:346,krb5_padata_afs3_salt:657,krb5_padata_ap_req:658,krb5_padata_as_checksum:659,krb5_padata_as_fresh:660,krb5_padata_enc_sandia_securid:662,krb5_padata_enc_timestamp:663,krb5_padata_enc_unix_tim:664,krb5_padata_encrypted_challeng:661,krb5_padata_etype_info2:666,krb5_padata_etype_info:665,krb5_padata_for_us:667,krb5_padata_fx_cooki:668,krb5_padata_fx_error:669,krb5_padata_fx_fast:670,krb5_padata_get_from_typed_data:671,krb5_padata_non:672,krb5_padata_osf_dc:673,krb5_padata_otp_challeng:674,krb5_padata_otp_pin_chang:675,krb5_padata_otp_request:676,krb5_padata_pac_request:677,krb5_padata_pk_as_rep:679,krb5_padata_pk_as_rep_old:680,krb5_padata_pk_as_req:681,krb5_padata_pk_as_req_old:682,krb5_padata_pkinit_kx:678,krb5_padata_pw_salt:683,krb5_padata_referr:684,krb5_padata_s4u_x509_us:685,krb5_padata_sam_challeng:686,krb5_padata_sam_challenge_2:687,krb5_padata_sam_redirect:688,krb5_padata_sam_respons:689,krb5_padata_sam_response_2:690,krb5_padata_sesam:691,krb5_padata_spak:692,krb5_padata_svr_referral_info:693,krb5_padata_tgs_req:694,krb5_padata_use_specified_kvno:695,krb5_parse_nam:347,krb5_parse_name_flag:348,krb5_pointer:853,krb5_post_recv_fn:854,krb5_pre_send_fn:855,krb5_preauthtyp:856,krb5_prepend_error_messag:349,krb5_princ_compon:782,krb5_princ_nam:783,krb5_princ_realm:784,krb5_princ_set_realm:785,krb5_princ_set_realm_data:786,krb5_princ_set_realm_length:787,krb5_princ_siz:788,krb5_princ_typ:789,krb5_princip:[347,348,408,409,410,411,857],krb5_principal2salt:350,krb5_principal_compar:351,krb5_principal_compare_any_realm:352,krb5_principal_compare_casefold:696,krb5_principal_compare_enterpris:697,krb5_principal_compare_flag:353,krb5_principal_compare_ignore_realm:698,krb5_principal_compare_utf8:699,krb5_principal_data:858,krb5_principal_parse_enterpris:700,krb5_principal_parse_ignore_realm:701,krb5_principal_parse_no_realm:702,krb5_principal_parse_require_realm:703,krb5_principal_unparse_displai:704,krb5_principal_unparse_no_realm:705,krb5_principal_unparse_short:706,krb5_priv:707,krb5_process_kei:354,krb5_prompt:859,krb5_prompt_typ:860,krb5_prompt_type_new_password:708,krb5_prompt_type_new_password_again:709,krb5_prompt_type_password:710,krb5_prompt_type_preauth:711,krb5_prompter_fct:861,krb5_prompter_posix:355,krb5_pvno:712,krb5_pwd_data:862,krb5_random_kei:356,krb5_rcach:863,krb5_rd_cred:357,krb5_rd_error:358,krb5_rd_priv:359,krb5_rd_rep:360,krb5_rd_rep_dc:361,krb5_rd_req:362,krb5_rd_safe:363,krb5_read_error:219,krb5_read_password:364,krb5_realm_branch_char:713,krb5_realm_compar:365,krb5_recvauth:366,krb5_recvauth_badauthv:714,krb5_recvauth_skip_vers:715,krb5_recvauth_vers:367,krb5_referral_realm:[291,716],krb5_replay_data:864,krb5_responder_context:865,krb5_responder_fn:866,krb5_responder_get_challeng:368,krb5_responder_list_quest:369,krb5_responder_otp_challeng:867,krb5_responder_otp_challenge_fre:370,krb5_responder_otp_flags_collect_pin:717,krb5_responder_otp_flags_collect_token:718,krb5_responder_otp_flags_nextotp:719,krb5_responder_otp_flags_separate_pin:720,krb5_responder_otp_format_alphanumer:721,krb5_responder_otp_format_decim:722,krb5_responder_otp_format_hexadecim:723,krb5_responder_otp_get_challeng:[370,371],krb5_responder_otp_set_answ:372,krb5_responder_otp_tokeninfo:868,krb5_responder_pkinit_challeng:869,krb5_responder_pkinit_challenge_fre:373,krb5_responder_pkinit_flags_token_user_pin_count_low:724,krb5_responder_pkinit_flags_token_user_pin_final_tri:725,krb5_responder_pkinit_flags_token_user_pin_lock:726,krb5_responder_pkinit_get_challeng:[373,374],krb5_responder_pkinit_ident:870,krb5_responder_pkinit_set_answ:375,krb5_responder_question_otp:[371,372,727],krb5_responder_question_password:728,krb5_responder_question_pkinit:[374,375,729],krb5_responder_set_answ:376,krb5_respons:871,krb5_roundup:790,krb5_safe:730,krb5_salttype_to_str:377,krb5_sam_must_pk_encrypt_sad:731,krb5_sam_send_encrypted_sad:732,krb5_sam_use_sad_as_kei:733,krb5_sendauth:[219,378],krb5_server_decrypt_ticket_keytab:379,krb5_set_default_realm:380,krb5_set_default_tgs_enctyp:381,krb5_set_error_messag:382,krb5_set_kdc_recv_hook:383,krb5_set_kdc_send_hook:384,krb5_set_password:385,krb5_set_password_using_ccach:386,krb5_set_principal_realm:387,krb5_set_real_tim:388,krb5_set_trace_callback:389,krb5_set_trace_filenam:390,krb5_sname_match:391,krb5_sname_to_princip:392,krb5_string_to_cksumtyp:393,krb5_string_to_deltat:394,krb5_string_to_enctyp:395,krb5_string_to_kei:396,krb5_string_to_salttyp:397,krb5_string_to_timestamp:398,krb5_tc_match_2nd_tkt:734,krb5_tc_match_authdata:735,krb5_tc_match_flag:736,krb5_tc_match_flags_exact:737,krb5_tc_match_is_skei:738,krb5_tc_match_ktyp:739,krb5_tc_match_srv_nameonli:740,krb5_tc_match_tim:741,krb5_tc_match_times_exact:742,krb5_tc_noticket:743,krb5_tc_openclos:744,krb5_tc_supported_ktyp:745,krb5_tgs_name:746,krb5_tgs_name_s:747,krb5_tgs_rep:748,krb5_tgs_req:749,krb5_ticket:[190,872],krb5_ticket_tim:873,krb5_timeofdai:399,krb5_timestamp:[874,885],krb5_timestamp_to_sfstr:400,krb5_timestamp_to_str:401,krb5_tkt_authent:875,krb5_tkt_creds_context:876,krb5_tkt_creds_fre:402,krb5_tkt_creds_get:403,krb5_tkt_creds_get_cr:404,krb5_tkt_creds_get_tim:405,krb5_tkt_creds_init:406,krb5_tkt_creds_step:407,krb5_tkt_creds_step_flag_continu:750,krb5_trace_callback:877,krb5_trace_info:878,krb5_transit:879,krb5_typed_data:880,krb5_ui_2:881,krb5_ui_4:882,krb5_unparse_nam:408,krb5_unparse_name_ext:409,krb5_unparse_name_flag:410,krb5_unparse_name_flags_ext:411,krb5_us_timeofdai:412,krb5_use_enctyp:413,krb5_verify_authdata_kdc_issu:414,krb5_verify_checksum:415,krb5_verify_init_cr:416,krb5_verify_init_creds_opt:883,krb5_verify_init_creds_opt_ap_req_nofail:751,krb5_verify_init_creds_opt_init:417,krb5_verify_init_creds_opt_set_ap_req_nofail:418,krb5_vprepend_error_messag:419,krb5_vset_error_messag:420,krb5_vwrap_error_messag:421,krb5_wellknown_namestr:752,krb5_wrap_error_messag:422,krb5_x:791,krb5_xc:792,krb5kdc:10,krb:[108,230,327,329,330,335,357,358,359,363],krb_ap_rep:[331,332,360,361],krb_ap_req:[333,334,362],krb_error:328,krbtgt:[15,24],ksu:934,kswitch:935,ktadd:[3,16],ktremov:[3,16],ktutil:11,kvno:936,last:[149,170,280],ldap:[14,24,25],legaci:[15,49],length:[94,97,98,99,105,113,119,409],lib:892,libdefault:22,librari:[212,275,276,289,292],licens:907,lifetim:[263,266],lightn:25,like:905,line:[5,6],link:43,list:[5,11,21,24,42,55,93,112,180,268,326,369,906,924],list_mkei:6,list_polici:[3,5,24],list_princip:[3,24],list_request:[3,11],lndir:893,load:6,local:[57,70,83,85,324,920],localauth:[22,920],locat:[29,254,921],lock:[3,150,171,172],lockout:36,log:[21,42,324,911],login:29,lr_type_interpretation_mask:753,lr_type_this_server_onli:754,lucid:14,machin:34,macro:778,mail:924,make:164,man:897,manag:[926,927],manipul:48,map:[25,40],master:[15,24,35],match:[291,391],max_keytab_name_len:755,mechan:[29,912],member:[794,796,797,798,800,802,807,810,812,813,814,815,816,818,820,821,822,823,825,829,830,834,835,837,839,843,848,849,850,851,857,858,859,862,864,867,868,869,870,871,872,873,875,878,879,880,883,884],memori:[25,221],merg:326,messag:[12,44,98,176,178,186,220,230,235,327,328,329,330,331,332,333,334,335,349,357,358,359,360,361,362,363,382,419,420,421,422],mic:44,mismatch:39,mit:[0,24,45,904,905,906,907],modif:[149,170],modifi:[5,24],modify_polici:[3,5,24],modify_princip:[3,24],modul:[20,25,29,911,912,914],most:[186,895],move:151,msec_dirbit:756,msec_val_mask:757,multithread:292,name:[39,40,44,57,92,93,94,136,137,144,145,152,155,159,199,201,238,311,316,347,348,350,369,376,390,392,886,895],next:[153,168,286,319,407],note:929,number:[70,75,117,121],object:[24,185,272],obtain:[403,894,927],octet:117,offset:[273,388,399],one:[186,375],onli:289,onto:40,opaqu:[294,295,296,297,301,302,303,305,306],open:272,openldap:23,oper:[24,100,101,103,104,114,115,130,131,294,295,296,297,301,302,303,305,306],optimist:265,option:[3,4,5,6,7,8,9,10,21,22,24,47,160,243,244,245,247,248,249,250,251,252,253,254,255,256,257,258,259,261,262,263,264,265,266,400,417,895,929,930,931,932,933,934,935,936],order:54,organ:892,osconf:896,other:37,otp:[21,37],output:[119,258,400],over:167,overrid:[39,56,380],overview:24,pac:[260,337,338,339,340,341,342,343,344,345,346],packag:[895,897],pad:[99,117,400],page:[897,924],paramet:[22,127,367],pars:[48,360,361,362],passwd_phrase_el:884,password:[24,47,126,127,173,176,250,267,284,355,364,385,386,923,926],path:905,pepper:108,perform:[36,890],permit:268,pin:47,pkinit:[21,22,38,47,901,909],place:[101,104,295,297],pluggabl:915,plugin:[22,29,911,914],polici:[24,918],port:[40,85],possibl:[123,201,235,344,346],post:383,pre:384,preauthent:[37,41,259,261,265,910,919],precomput:93,prefix:[349,419,421,422],prepar:[161,167],prerequisit:[14,894],previous:107,prf:[102,120],primari:164,princip:[16,24,35,36,39,48,50,51,57,58,92,93,94,133,146,157,189,225,229,285,290,324,347,348,350,351,352,353,365,385,386,387,391,392,899],priv:[330,359],privileg:[24,341],procedur:15,process:[140,359,363],profil:[29,56,269,276,922],program:[1,895],prompt:[250,270,355],prompter:47,proof:110,propag:[24,35,40,905],properti:927,protocol:[366,367,378,902],provis:39,proxi:30,proxiabl:262,pseudo:[118,119,120,121,122,303],purge_mkei:6,purgekei:3,pwqual:[22,923],qualiti:[923,926],question:[47,368,369,372,375,376],quick:906,quit:[3,11],random:[116,118,119,120,121,122,125,303],rare:49,rcach:890,read:[161,357,364],read_kt:11,read_st:11,realm:[21,22,24,29,40,59,234,238,344,346,352,365,380,387,913],receiv:[73,74,87,88,383],recent:186,refer:[14,32,298,304,423,897],refus:42,reject:42,rel:194,releas:[172,313,897],remot:[75,83,85],remov:[15,16,154,321],rename_princip:3,renew:[263,271],replai:[72,86,272,890],replic:36,replica:[35,40,905],represent:[229,408],request:[27,286,402,403,404,405,407],requir:[418,934],resolv:[136,155,308,310],resourc:924,respond:[47,264,368,369,376],restor:24,restrict:[247,941],result:176,retir:15,retriev:[24,60,61,65,66,67,68,69,70,72,73,74,75,77,78,143,144,145,147,153,156,234,236,245,269,279,281,299,300,319,320,323,339,368,399,404,405,412],revers:39,rfc:[102,120],risk:26,rout:42,rpc:[332,361],s2kparam:236,s4u:44,safe:[335,363],salt:[236,265,350,377,397],salt_type_afs_length:758,salt_type_no_length:759,sampl:[21,22],schema:14,sclient:937,search:55,sec:412,section:[21,22,60,61],secur:[18,33,39,900,934],see:[2,3,4,5,6,7,8,9,10,11,12,20,21,22,929,930,931,932,933,934,935,936,937,939,940,941],seen:42,select:[27,157,908],send:[77,78,89,90,384],sendauth:[42,366,367,378],separ:893,sequenc:[70,75],sequenti:[140,161,323],seri:140,server:[15,16,33,42,157,272,366,367,921],servic:[15,24,27,39,40,201,285,320,392,406],session:[27,68,69,91,268],set:[14,56,81,82,83,84,85,86,87,88,89,90,91,159,160,176,247,248,249,250,251,252,253,254,255,256,257,258,261,262,263,264,265,266,284,327,381,382,383,384,385,386,387,388,418,420],set_str:3,setup:36,shell:[39,934],should:49,side:934,sign:[325,343,344],simpl:[778,897],sinc:412,singl:[327,893],site:897,size:96,skew:[16,174],socket:63,softwar:894,some:[33,102],sourc:[14,892,897],spake:[41,900],specif:[39,98,116,118,125,303,399],specifi:[22,54,55,113,128,129,133,152,156,276,283,285,344,346,379,380,385,389,390],sserver:12,ssh:39,start:[35,323],stash:[6,24,891],stashsrvpw:5,state:[36,80,107,109],storag:[207,225],store:[158,162,205],string:[61,92,94,108,126,127,177,194,200,217,226,229,347,348,377,393,394,395,397,398,400,401,408,409,410,411],strong:15,struct:[371,374],structur:[21,22,62,67,84,143,181,182,183,184,190,206,208,209,210,213,214,215,216,222,223,227,243,299,300,347,381,388,408,409,410,411,417,793],subkei:[73,74,77,78,87,88,89,90],sun:24,suppli:[259,334],support:[15,42,101,104,163,292,295,297,887],synchron:403,synopsi:[2,3,4,5,6,7,8,9,10,11,12,929,930,931,932,933,934,935,936,937],syntax:20,system:[412,895,905],tabdump:6,tabl:[224,242,307,308,309,310,311,315,316,317,319,320,321,322,323,379],tarbal:897,target:934,termin:92,test:[36,110,111,290,292,391,893],tgt:230,thi:[336,887,897],threeparamopen:760,ticket:[24,192,228,231,260,263,266,281,379,405,406,927],time:[47,174,194,273,281,388,394,399,405,412,887],timestamp:[149,170,174,398,400,401],tkt_flg_anonym:761,tkt_flg_enc_pa_rep:762,tkt_flg_forward:[763,764],tkt_flg_hw_auth:765,tkt_flg_initi:766,tkt_flg_invalid:767,tkt_flg_may_postd:768,tkt_flg_ok_as_deleg:769,tkt_flg_postdat:770,tkt_flg_pre_auth:771,tkt_flg_proxi:773,tkt_flg_proxiabl:772,tkt_flg_renew:774,tkt_flg_transit_policy_check:775,token:[37,38,44,901],tool:886,topic:13,trace:[42,389,390],trailer:99,tree:893,trivial:900,troubleshoot:[42,43],tune:895,tutori:43,two:[53,106,108,326,351,352,353,365],type:[15,21,25,27,37,42,44,82,97,98,106,110,111,112,119,128,129,145,147,152,163,177,199,200,211,218,251,261,268,270,317,340,377,381,393,395,397,793,886,890,895],ubuntu:14,uniqu:152,unix:[33,34,905],unlock:[3,165],unpars:342,unset:[248,249,250,256,262],unwrap:[191,414],updat:[24,897],update_princ_encrypt:6,upgrad:15,usabl:112,usag:15,use:[80,157,272,283,886],use_mkei:6,used:[49,887,895],user:[47,324,355,925,928,938],uses:885,using:[92,93,94,100,102,103,120,201,242,267,271,276,278,289,294,296,334,379,385,386,403,419,420,421,893],util:892,va_list:[419,420,421],valid:[128,129,131,274,306,357],valid_int_bit:776,valid_uint_bit:777,valu:[60,61,142,158,194,339,370,373,394],variabl:[27,28,93,895,941],variou:43,verif:[42,417,418,926],verifi:[47,128,129,130,305,345,346,414,416],version:[367,900],via:102,view:[5,927],view_polici:5,web:[897,924],whether:[110,111,163,290,292,391,418],whitepap:43,wiki:924,within:[174,893],without:897,work:16,wrap:[44,196],write_kt:11,write_st:11,year:885,your:[16,926],zero:[216,298]}})⏎
	0	Search.setIndex({docnames:["about","admin/admin_commands/index","admin/admin_commands/k5srvutil","admin/admin_commands/kadmin_local","admin/admin_commands/kadmind","admin/admin_commands/kdb5_ldap_util","admin/admin_commands/kdb5_util","admin/admin_commands/kprop","admin/admin_commands/kpropd","admin/admin_commands/kproplog","admin/admin_commands/krb5kdc","admin/admin_commands/ktutil","admin/admin_commands/sserver","admin/advanced/index","admin/advanced/retiring-des","admin/appl_servers","admin/auth_indicator","admin/backup_host","admin/conf_files/index","admin/conf_files/kadm5_acl","admin/conf_files/kdc_conf","admin/conf_files/krb5_conf","admin/conf_ldap","admin/database","admin/dbtypes","admin/dictionary","admin/enctypes","admin/env_variables","admin/host_config","admin/https","admin/index","admin/install","admin/install_appl_srv","admin/install_clients","admin/install_kdc","admin/lockout","admin/otp","admin/pkinit","admin/princ_dns","admin/realm_config","admin/spake","admin/troubleshoot","admin/various_envs","appdev/gssapi","appdev/h5l_mit_apidiff","appdev/index","appdev/init_creds","appdev/princ_handle","appdev/refs/api/index","appdev/refs/api/krb5_425_conv_principal","appdev/refs/api/krb5_524_conv_principal","appdev/refs/api/krb5_524_convert_creds","appdev/refs/api/krb5_address_compare","appdev/refs/api/krb5_address_order","appdev/refs/api/krb5_address_search","appdev/refs/api/krb5_allow_weak_crypto","appdev/refs/api/krb5_aname_to_localname","appdev/refs/api/krb5_anonymous_principal","appdev/refs/api/krb5_anonymous_realm","appdev/refs/api/krb5_appdefault_boolean","appdev/refs/api/krb5_appdefault_string","appdev/refs/api/krb5_auth_con_free","appdev/refs/api/krb5_auth_con_genaddrs","appdev/refs/api/krb5_auth_con_get_checksum_func","appdev/refs/api/krb5_auth_con_getaddrs","appdev/refs/api/krb5_auth_con_getauthenticator","appdev/refs/api/krb5_auth_con_getflags","appdev/refs/api/krb5_auth_con_getkey","appdev/refs/api/krb5_auth_con_getkey_k","appdev/refs/api/krb5_auth_con_getlocalseqnumber","appdev/refs/api/krb5_auth_con_getlocalsubkey","appdev/refs/api/krb5_auth_con_getrcache","appdev/refs/api/krb5_auth_con_getrecvsubkey","appdev/refs/api/krb5_auth_con_getrecvsubkey_k","appdev/refs/api/krb5_auth_con_getremoteseqnumber","appdev/refs/api/krb5_auth_con_getremotesubkey","appdev/refs/api/krb5_auth_con_getsendsubkey","appdev/refs/api/krb5_auth_con_getsendsubkey_k","appdev/refs/api/krb5_auth_con_init","appdev/refs/api/krb5_auth_con_initivector","appdev/refs/api/krb5_auth_con_set_checksum_func","appdev/refs/api/krb5_auth_con_set_req_cksumtype","appdev/refs/api/krb5_auth_con_setaddrs","appdev/refs/api/krb5_auth_con_setflags","appdev/refs/api/krb5_auth_con_setports","appdev/refs/api/krb5_auth_con_setrcache","appdev/refs/api/krb5_auth_con_setrecvsubkey","appdev/refs/api/krb5_auth_con_setrecvsubkey_k","appdev/refs/api/krb5_auth_con_setsendsubkey","appdev/refs/api/krb5_auth_con_setsendsubkey_k","appdev/refs/api/krb5_auth_con_setuseruserkey","appdev/refs/api/krb5_build_principal","appdev/refs/api/krb5_build_principal_alloc_va","appdev/refs/api/krb5_build_principal_ext","appdev/refs/api/krb5_build_principal_va","appdev/refs/api/krb5_c_block_size","appdev/refs/api/krb5_c_checksum_length","appdev/refs/api/krb5_c_crypto_length","appdev/refs/api/krb5_c_crypto_length_iov","appdev/refs/api/krb5_c_decrypt","appdev/refs/api/krb5_c_decrypt_iov","appdev/refs/api/krb5_c_derive_prfplus","appdev/refs/api/krb5_c_encrypt","appdev/refs/api/krb5_c_encrypt_iov","appdev/refs/api/krb5_c_encrypt_length","appdev/refs/api/krb5_c_enctype_compare","appdev/refs/api/krb5_c_free_state","appdev/refs/api/krb5_c_fx_cf2_simple","appdev/refs/api/krb5_c_init_state","appdev/refs/api/krb5_c_is_coll_proof_cksum","appdev/refs/api/krb5_c_is_keyed_cksum","appdev/refs/api/krb5_c_keyed_checksum_types","appdev/refs/api/krb5_c_keylengths","appdev/refs/api/krb5_c_make_checksum","appdev/refs/api/krb5_c_make_checksum_iov","appdev/refs/api/krb5_c_make_random_key","appdev/refs/api/krb5_c_padding_length","appdev/refs/api/krb5_c_prf","appdev/refs/api/krb5_c_prf_length","appdev/refs/api/krb5_c_prfplus","appdev/refs/api/krb5_c_random_add_entropy","appdev/refs/api/krb5_c_random_make_octets","appdev/refs/api/krb5_c_random_os_entropy","appdev/refs/api/krb5_c_random_seed","appdev/refs/api/krb5_c_random_to_key","appdev/refs/api/krb5_c_string_to_key","appdev/refs/api/krb5_c_string_to_key_with_params","appdev/refs/api/krb5_c_valid_cksumtype","appdev/refs/api/krb5_c_valid_enctype","appdev/refs/api/krb5_c_verify_checksum","appdev/refs/api/krb5_c_verify_checksum_iov","appdev/refs/api/krb5_calculate_checksum","appdev/refs/api/krb5_cc_cache_match","appdev/refs/api/krb5_cc_close","appdev/refs/api/krb5_cc_copy_creds","appdev/refs/api/krb5_cc_default","appdev/refs/api/krb5_cc_default_name","appdev/refs/api/krb5_cc_destroy","appdev/refs/api/krb5_cc_dup","appdev/refs/api/krb5_cc_end_seq_get","appdev/refs/api/krb5_cc_gen_new","appdev/refs/api/krb5_cc_get_config","appdev/refs/api/krb5_cc_get_flags","appdev/refs/api/krb5_cc_get_full_name","appdev/refs/api/krb5_cc_get_name","appdev/refs/api/krb5_cc_get_principal","appdev/refs/api/krb5_cc_get_type","appdev/refs/api/krb5_cc_initialize","appdev/refs/api/krb5_cc_move","appdev/refs/api/krb5_cc_new_unique","appdev/refs/api/krb5_cc_next_cred","appdev/refs/api/krb5_cc_remove_cred","appdev/refs/api/krb5_cc_resolve","appdev/refs/api/krb5_cc_retrieve_cred","appdev/refs/api/krb5_cc_select","appdev/refs/api/krb5_cc_set_config","appdev/refs/api/krb5_cc_set_default_name","appdev/refs/api/krb5_cc_set_flags","appdev/refs/api/krb5_cc_start_seq_get","appdev/refs/api/krb5_cc_store_cred","appdev/refs/api/krb5_cc_support_switch","appdev/refs/api/krb5_cc_switch","appdev/refs/api/krb5_cccol_cursor_free","appdev/refs/api/krb5_cccol_cursor_new","appdev/refs/api/krb5_cccol_cursor_next","appdev/refs/api/krb5_cccol_have_content","appdev/refs/api/krb5_change_password","appdev/refs/api/krb5_check_clockskew","appdev/refs/api/krb5_checksum_size","appdev/refs/api/krb5_chpw_message","appdev/refs/api/krb5_cksumtype_to_string","appdev/refs/api/krb5_clear_error_message","appdev/refs/api/krb5_copy_addresses","appdev/refs/api/krb5_copy_authdata","appdev/refs/api/krb5_copy_authenticator","appdev/refs/api/krb5_copy_checksum","appdev/refs/api/krb5_copy_context","appdev/refs/api/krb5_copy_creds","appdev/refs/api/krb5_copy_data","appdev/refs/api/krb5_copy_error_message","appdev/refs/api/krb5_copy_keyblock","appdev/refs/api/krb5_copy_keyblock_contents","appdev/refs/api/krb5_copy_principal","appdev/refs/api/krb5_copy_ticket","appdev/refs/api/krb5_decode_authdata_container","appdev/refs/api/krb5_decode_ticket","appdev/refs/api/krb5_decrypt","appdev/refs/api/krb5_deltat_to_string","appdev/refs/api/krb5_eblock_enctype","appdev/refs/api/krb5_encode_authdata_container","appdev/refs/api/krb5_encrypt","appdev/refs/api/krb5_encrypt_size","appdev/refs/api/krb5_enctype_to_name","appdev/refs/api/krb5_enctype_to_string","appdev/refs/api/krb5_expand_hostname","appdev/refs/api/krb5_find_authdata","appdev/refs/api/krb5_finish_key","appdev/refs/api/krb5_finish_random_key","appdev/refs/api/krb5_free_addresses","appdev/refs/api/krb5_free_ap_rep_enc_part","appdev/refs/api/krb5_free_authdata","appdev/refs/api/krb5_free_authenticator","appdev/refs/api/krb5_free_checksum","appdev/refs/api/krb5_free_checksum_contents","appdev/refs/api/krb5_free_cksumtypes","appdev/refs/api/krb5_free_context","appdev/refs/api/krb5_free_cred_contents","appdev/refs/api/krb5_free_creds","appdev/refs/api/krb5_free_data","appdev/refs/api/krb5_free_data_contents","appdev/refs/api/krb5_free_default_realm","appdev/refs/api/krb5_free_enctypes","appdev/refs/api/krb5_free_error","appdev/refs/api/krb5_free_error_message","appdev/refs/api/krb5_free_host_realm","appdev/refs/api/krb5_free_keyblock","appdev/refs/api/krb5_free_keyblock_contents","appdev/refs/api/krb5_free_keytab_entry_contents","appdev/refs/api/krb5_free_principal","appdev/refs/api/krb5_free_string","appdev/refs/api/krb5_free_tgt_creds","appdev/refs/api/krb5_free_ticket","appdev/refs/api/krb5_free_unparsed_name","appdev/refs/api/krb5_fwd_tgt_creds","appdev/refs/api/krb5_get_credentials","appdev/refs/api/krb5_get_credentials_renew","appdev/refs/api/krb5_get_credentials_validate","appdev/refs/api/krb5_get_default_realm","appdev/refs/api/krb5_get_error_message","appdev/refs/api/krb5_get_etype_info","appdev/refs/api/krb5_get_fallback_host_realm","appdev/refs/api/krb5_get_host_realm","appdev/refs/api/krb5_get_in_tkt_with_keytab","appdev/refs/api/krb5_get_in_tkt_with_password","appdev/refs/api/krb5_get_in_tkt_with_skey","appdev/refs/api/krb5_get_init_creds_keytab","appdev/refs/api/krb5_get_init_creds_opt_alloc","appdev/refs/api/krb5_get_init_creds_opt_free","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_init","appdev/refs/api/krb5_get_init_creds_opt_set_address_list","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_pa","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life","appdev/refs/api/krb5_get_init_creds_opt_set_responder","appdev/refs/api/krb5_get_init_creds_opt_set_salt","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life","appdev/refs/api/krb5_get_init_creds_password","appdev/refs/api/krb5_get_permitted_enctypes","appdev/refs/api/krb5_get_profile","appdev/refs/api/krb5_get_prompt_types","appdev/refs/api/krb5_get_renewed_creds","appdev/refs/api/krb5_get_server_rcache","appdev/refs/api/krb5_get_time_offsets","appdev/refs/api/krb5_get_validated_creds","appdev/refs/api/krb5_init_context","appdev/refs/api/krb5_init_context_profile","appdev/refs/api/krb5_init_creds_free","appdev/refs/api/krb5_init_creds_get","appdev/refs/api/krb5_init_creds_get_creds","appdev/refs/api/krb5_init_creds_get_error","appdev/refs/api/krb5_init_creds_get_times","appdev/refs/api/krb5_init_creds_init","appdev/refs/api/krb5_init_creds_set_keytab","appdev/refs/api/krb5_init_creds_set_password","appdev/refs/api/krb5_init_creds_set_service","appdev/refs/api/krb5_init_creds_step","appdev/refs/api/krb5_init_keyblock","appdev/refs/api/krb5_init_random_key","appdev/refs/api/krb5_init_secure_context","appdev/refs/api/krb5_is_config_principal","appdev/refs/api/krb5_is_referral_realm","appdev/refs/api/krb5_is_thread_safe","appdev/refs/api/krb5_k_create_key","appdev/refs/api/krb5_k_decrypt","appdev/refs/api/krb5_k_decrypt_iov","appdev/refs/api/krb5_k_encrypt","appdev/refs/api/krb5_k_encrypt_iov","appdev/refs/api/krb5_k_free_key","appdev/refs/api/krb5_k_key_enctype","appdev/refs/api/krb5_k_key_keyblock","appdev/refs/api/krb5_k_make_checksum","appdev/refs/api/krb5_k_make_checksum_iov","appdev/refs/api/krb5_k_prf","appdev/refs/api/krb5_k_reference_key","appdev/refs/api/krb5_k_verify_checksum","appdev/refs/api/krb5_k_verify_checksum_iov","appdev/refs/api/krb5_kt_add_entry","appdev/refs/api/krb5_kt_client_default","appdev/refs/api/krb5_kt_close","appdev/refs/api/krb5_kt_default","appdev/refs/api/krb5_kt_default_name","appdev/refs/api/krb5_kt_dup","appdev/refs/api/krb5_kt_end_seq_get","appdev/refs/api/krb5_kt_free_entry","appdev/refs/api/krb5_kt_get_entry","appdev/refs/api/krb5_kt_get_name","appdev/refs/api/krb5_kt_get_type","appdev/refs/api/krb5_kt_have_content","appdev/refs/api/krb5_kt_next_entry","appdev/refs/api/krb5_kt_read_service_key","appdev/refs/api/krb5_kt_remove_entry","appdev/refs/api/krb5_kt_resolve","appdev/refs/api/krb5_kt_start_seq_get","appdev/refs/api/krb5_kuserok","appdev/refs/api/krb5_make_authdata_kdc_issued","appdev/refs/api/krb5_merge_authdata","appdev/refs/api/krb5_mk_1cred","appdev/refs/api/krb5_mk_error","appdev/refs/api/krb5_mk_ncred","appdev/refs/api/krb5_mk_priv","appdev/refs/api/krb5_mk_rep","appdev/refs/api/krb5_mk_rep_dce","appdev/refs/api/krb5_mk_req","appdev/refs/api/krb5_mk_req_extended","appdev/refs/api/krb5_mk_safe","appdev/refs/api/krb5_os_localaddr","appdev/refs/api/krb5_pac_add_buffer","appdev/refs/api/krb5_pac_free","appdev/refs/api/krb5_pac_get_buffer","appdev/refs/api/krb5_pac_get_client_info","appdev/refs/api/krb5_pac_get_types","appdev/refs/api/krb5_pac_init","appdev/refs/api/krb5_pac_parse","appdev/refs/api/krb5_pac_sign","appdev/refs/api/krb5_pac_sign_ext","appdev/refs/api/krb5_pac_verify","appdev/refs/api/krb5_pac_verify_ext","appdev/refs/api/krb5_parse_name","appdev/refs/api/krb5_parse_name_flags","appdev/refs/api/krb5_prepend_error_message","appdev/refs/api/krb5_principal2salt","appdev/refs/api/krb5_principal_compare","appdev/refs/api/krb5_principal_compare_any_realm","appdev/refs/api/krb5_principal_compare_flags","appdev/refs/api/krb5_process_key","appdev/refs/api/krb5_prompter_posix","appdev/refs/api/krb5_random_key","appdev/refs/api/krb5_rd_cred","appdev/refs/api/krb5_rd_error","appdev/refs/api/krb5_rd_priv","appdev/refs/api/krb5_rd_rep","appdev/refs/api/krb5_rd_rep_dce","appdev/refs/api/krb5_rd_req","appdev/refs/api/krb5_rd_safe","appdev/refs/api/krb5_read_password","appdev/refs/api/krb5_realm_compare","appdev/refs/api/krb5_recvauth","appdev/refs/api/krb5_recvauth_version","appdev/refs/api/krb5_responder_get_challenge","appdev/refs/api/krb5_responder_list_questions","appdev/refs/api/krb5_responder_otp_challenge_free","appdev/refs/api/krb5_responder_otp_get_challenge","appdev/refs/api/krb5_responder_otp_set_answer","appdev/refs/api/krb5_responder_pkinit_challenge_free","appdev/refs/api/krb5_responder_pkinit_get_challenge","appdev/refs/api/krb5_responder_pkinit_set_answer","appdev/refs/api/krb5_responder_set_answer","appdev/refs/api/krb5_salttype_to_string","appdev/refs/api/krb5_sendauth","appdev/refs/api/krb5_server_decrypt_ticket_keytab","appdev/refs/api/krb5_set_default_realm","appdev/refs/api/krb5_set_default_tgs_enctypes","appdev/refs/api/krb5_set_error_message","appdev/refs/api/krb5_set_kdc_recv_hook","appdev/refs/api/krb5_set_kdc_send_hook","appdev/refs/api/krb5_set_password","appdev/refs/api/krb5_set_password_using_ccache","appdev/refs/api/krb5_set_principal_realm","appdev/refs/api/krb5_set_real_time","appdev/refs/api/krb5_set_trace_callback","appdev/refs/api/krb5_set_trace_filename","appdev/refs/api/krb5_sname_match","appdev/refs/api/krb5_sname_to_principal","appdev/refs/api/krb5_string_to_cksumtype","appdev/refs/api/krb5_string_to_deltat","appdev/refs/api/krb5_string_to_enctype","appdev/refs/api/krb5_string_to_key","appdev/refs/api/krb5_string_to_salttype","appdev/refs/api/krb5_string_to_timestamp","appdev/refs/api/krb5_timeofday","appdev/refs/api/krb5_timestamp_to_sfstring","appdev/refs/api/krb5_timestamp_to_string","appdev/refs/api/krb5_tkt_creds_free","appdev/refs/api/krb5_tkt_creds_get","appdev/refs/api/krb5_tkt_creds_get_creds","appdev/refs/api/krb5_tkt_creds_get_times","appdev/refs/api/krb5_tkt_creds_init","appdev/refs/api/krb5_tkt_creds_step","appdev/refs/api/krb5_unparse_name","appdev/refs/api/krb5_unparse_name_ext","appdev/refs/api/krb5_unparse_name_flags","appdev/refs/api/krb5_unparse_name_flags_ext","appdev/refs/api/krb5_us_timeofday","appdev/refs/api/krb5_use_enctype","appdev/refs/api/krb5_verify_authdata_kdc_issued","appdev/refs/api/krb5_verify_checksum","appdev/refs/api/krb5_verify_init_creds","appdev/refs/api/krb5_verify_init_creds_opt_init","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail","appdev/refs/api/krb5_vprepend_error_message","appdev/refs/api/krb5_vset_error_message","appdev/refs/api/krb5_vwrap_error_message","appdev/refs/api/krb5_wrap_error_message","appdev/refs/index","appdev/refs/macros/ADDRTYPE_ADDRPORT","appdev/refs/macros/ADDRTYPE_CHAOS","appdev/refs/macros/ADDRTYPE_DDP","appdev/refs/macros/ADDRTYPE_INET","appdev/refs/macros/ADDRTYPE_INET6","appdev/refs/macros/ADDRTYPE_IPPORT","appdev/refs/macros/ADDRTYPE_ISO","appdev/refs/macros/ADDRTYPE_IS_LOCAL","appdev/refs/macros/ADDRTYPE_NETBIOS","appdev/refs/macros/ADDRTYPE_XNS","appdev/refs/macros/AD_TYPE_EXTERNAL","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK","appdev/refs/macros/AD_TYPE_REGISTERED","appdev/refs/macros/AD_TYPE_RESERVED","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED","appdev/refs/macros/AP_OPTS_RESERVED","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY","appdev/refs/macros/AP_OPTS_USE_SUBKEY","appdev/refs/macros/AP_OPTS_WIRE_MASK","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256","appdev/refs/macros/CKSUMTYPE_CRC32","appdev/refs/macros/CKSUMTYPE_DESCBC","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR","appdev/refs/macros/CKSUMTYPE_NIST_SHA","appdev/refs/macros/CKSUMTYPE_RSA_MD4","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES","appdev/refs/macros/CKSUMTYPE_RSA_MD5","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1","appdev/refs/macros/ENCTYPE_DES_CBC_CRC","appdev/refs/macros/ENCTYPE_DES_CBC_MD4","appdev/refs/macros/ENCTYPE_DES_CBC_MD5","appdev/refs/macros/ENCTYPE_DES_CBC_RAW","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS","appdev/refs/macros/ENCTYPE_NULL","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV","appdev/refs/macros/ENCTYPE_RSA_ENV","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS","appdev/refs/macros/ENCTYPE_UNKNOWN","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE","appdev/refs/macros/KDC_OPT_CANONICALIZE","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY","appdev/refs/macros/KDC_OPT_FORWARDABLE","appdev/refs/macros/KDC_OPT_FORWARDED","appdev/refs/macros/KDC_OPT_POSTDATED","appdev/refs/macros/KDC_OPT_PROXIABLE","appdev/refs/macros/KDC_OPT_PROXY","appdev/refs/macros/KDC_OPT_RENEW","appdev/refs/macros/KDC_OPT_RENEWABLE","appdev/refs/macros/KDC_OPT_RENEWABLE_OK","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS","appdev/refs/macros/KDC_OPT_VALIDATE","appdev/refs/macros/KDC_TKT_COMMON_MASK","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR","appdev/refs/macros/KRB5_AP_REP","appdev/refs/macros/KRB5_AP_REQ","appdev/refs/macros/KRB5_AS_REP","appdev/refs/macros/KRB5_AS_REQ","appdev/refs/macros/KRB5_AUTHDATA_AND_OR","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE","appdev/refs/macros/KRB5_AUTHDATA_SESAME","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY","appdev/refs/macros/KRB5_CRED","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP","appdev/refs/macros/KRB5_ERROR","appdev/refs/macros/KRB5_FAST_REQUIRED","appdev/refs/macros/KRB5_GC_CACHED","appdev/refs/macros/KRB5_GC_CANONICALIZE","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION","appdev/refs/macros/KRB5_GC_FORWARDABLE","appdev/refs/macros/KRB5_GC_NO_STORE","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK","appdev/refs/macros/KRB5_GC_USER_USER","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_INT16_MAX","appdev/refs/macros/KRB5_INT16_MIN","appdev/refs/macros/KRB5_INT32_MAX","appdev/refs/macros/KRB5_INT32_MIN","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION","appdev/refs/macros/KRB5_KPASSWD_HARDERROR","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED","appdev/refs/macros/KRB5_KPASSWD_MALFORMED","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR","appdev/refs/macros/KRB5_KPASSWD_SUCCESS","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME","appdev/refs/macros/KRB5_LRQ_NONE","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_PRINCIPAL","appdev/refs/macros/KRB5_NT_SMTP_NAME","appdev/refs/macros/KRB5_NT_SRV_HST","appdev/refs/macros/KRB5_NT_SRV_INST","appdev/refs/macros/KRB5_NT_SRV_XHST","appdev/refs/macros/KRB5_NT_UID","appdev/refs/macros/KRB5_NT_UNKNOWN","appdev/refs/macros/KRB5_NT_WELLKNOWN","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL","appdev/refs/macros/KRB5_PAC_CLIENT_INFO","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO","appdev/refs/macros/KRB5_PAC_LOGON_INFO","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO","appdev/refs/macros/KRB5_PADATA_AFS3_SALT","appdev/refs/macros/KRB5_PADATA_AP_REQ","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2","appdev/refs/macros/KRB5_PADATA_FOR_USER","appdev/refs/macros/KRB5_PADATA_FX_COOKIE","appdev/refs/macros/KRB5_PADATA_FX_ERROR","appdev/refs/macros/KRB5_PADATA_FX_FAST","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA","appdev/refs/macros/KRB5_PADATA_NONE","appdev/refs/macros/KRB5_PADATA_OSF_DCE","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST","appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST","appdev/refs/macros/KRB5_PADATA_PKINIT_KX","appdev/refs/macros/KRB5_PADATA_PK_AS_REP","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD","appdev/refs/macros/KRB5_PADATA_PW_SALT","appdev/refs/macros/KRB5_PADATA_REFERRAL","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2","appdev/refs/macros/KRB5_PADATA_SESAME","appdev/refs/macros/KRB5_PADATA_SPAKE","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO","appdev/refs/macros/KRB5_PADATA_TGS_REQ","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT","appdev/refs/macros/KRB5_PRIV","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH","appdev/refs/macros/KRB5_PVNO","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION","appdev/refs/macros/KRB5_REFERRAL_REALM","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT","appdev/refs/macros/KRB5_SAFE","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA","appdev/refs/macros/KRB5_TC_MATCH_FLAGS","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY","appdev/refs/macros/KRB5_TC_MATCH_KTYPE","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY","appdev/refs/macros/KRB5_TC_MATCH_TIMES","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT","appdev/refs/macros/KRB5_TC_NOTICKET","appdev/refs/macros/KRB5_TC_OPENCLOSE","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES","appdev/refs/macros/KRB5_TGS_NAME","appdev/refs/macros/KRB5_TGS_NAME_SIZE","appdev/refs/macros/KRB5_TGS_REP","appdev/refs/macros/KRB5_TGS_REQ","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY","appdev/refs/macros/MAX_KEYTAB_NAME_LEN","appdev/refs/macros/MSEC_DIRBIT","appdev/refs/macros/MSEC_VAL_MASK","appdev/refs/macros/SALT_TYPE_AFS_LENGTH","appdev/refs/macros/SALT_TYPE_NO_LENGTH","appdev/refs/macros/THREEPARAMOPEN","appdev/refs/macros/TKT_FLG_ANONYMOUS","appdev/refs/macros/TKT_FLG_ENC_PA_REP","appdev/refs/macros/TKT_FLG_FORWARDABLE","appdev/refs/macros/TKT_FLG_FORWARDED","appdev/refs/macros/TKT_FLG_HW_AUTH","appdev/refs/macros/TKT_FLG_INITIAL","appdev/refs/macros/TKT_FLG_INVALID","appdev/refs/macros/TKT_FLG_MAY_POSTDATE","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE","appdev/refs/macros/TKT_FLG_POSTDATED","appdev/refs/macros/TKT_FLG_PRE_AUTH","appdev/refs/macros/TKT_FLG_PROXIABLE","appdev/refs/macros/TKT_FLG_PROXY","appdev/refs/macros/TKT_FLG_RENEWABLE","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED","appdev/refs/macros/VALID_INT_BITS","appdev/refs/macros/VALID_UINT_BITS","appdev/refs/macros/index","appdev/refs/macros/krb524_convert_creds_kdc","appdev/refs/macros/krb524_init_ets","appdev/refs/macros/krb5_const","appdev/refs/macros/krb5_princ_component","appdev/refs/macros/krb5_princ_name","appdev/refs/macros/krb5_princ_realm","appdev/refs/macros/krb5_princ_set_realm","appdev/refs/macros/krb5_princ_set_realm_data","appdev/refs/macros/krb5_princ_set_realm_length","appdev/refs/macros/krb5_princ_size","appdev/refs/macros/krb5_princ_type","appdev/refs/macros/krb5_roundup","appdev/refs/macros/krb5_x","appdev/refs/macros/krb5_xc","appdev/refs/types/index","appdev/refs/types/krb5_address","appdev/refs/types/krb5_addrtype","appdev/refs/types/krb5_ap_rep","appdev/refs/types/krb5_ap_rep_enc_part","appdev/refs/types/krb5_ap_req","appdev/refs/types/krb5_auth_context","appdev/refs/types/krb5_authdata","appdev/refs/types/krb5_authdatatype","appdev/refs/types/krb5_authenticator","appdev/refs/types/krb5_boolean","appdev/refs/types/krb5_cc_cursor","appdev/refs/types/krb5_ccache","appdev/refs/types/krb5_cccol_cursor","appdev/refs/types/krb5_checksum","appdev/refs/types/krb5_cksumtype","appdev/refs/types/krb5_const_pointer","appdev/refs/types/krb5_const_principal","appdev/refs/types/krb5_context","appdev/refs/types/krb5_cred","appdev/refs/types/krb5_cred_enc_part","appdev/refs/types/krb5_cred_info","appdev/refs/types/krb5_creds","appdev/refs/types/krb5_crypto_iov","appdev/refs/types/krb5_cryptotype","appdev/refs/types/krb5_data","appdev/refs/types/krb5_deltat","appdev/refs/types/krb5_enc_data","appdev/refs/types/krb5_enc_kdc_rep_part","appdev/refs/types/krb5_enc_tkt_part","appdev/refs/types/krb5_encrypt_block","appdev/refs/types/krb5_enctype","appdev/refs/types/krb5_error","appdev/refs/types/krb5_error_code","appdev/refs/types/krb5_expire_callback_func","appdev/refs/types/krb5_flags","appdev/refs/types/krb5_get_init_creds_opt","appdev/refs/types/krb5_gic_opt_pa_data","appdev/refs/types/krb5_init_creds_context","appdev/refs/types/krb5_int16","appdev/refs/types/krb5_int32","appdev/refs/types/krb5_kdc_rep","appdev/refs/types/krb5_kdc_req","appdev/refs/types/krb5_key","appdev/refs/types/krb5_keyblock","appdev/refs/types/krb5_keytab","appdev/refs/types/krb5_keytab_entry","appdev/refs/types/krb5_keyusage","appdev/refs/types/krb5_kt_cursor","appdev/refs/types/krb5_kvno","appdev/refs/types/krb5_last_req_entry","appdev/refs/types/krb5_magic","appdev/refs/types/krb5_mk_req_checksum_func","appdev/refs/types/krb5_msgtype","appdev/refs/types/krb5_octet","appdev/refs/types/krb5_pa_data","appdev/refs/types/krb5_pa_pac_req","appdev/refs/types/krb5_pa_server_referral_data","appdev/refs/types/krb5_pa_svr_referral_data","appdev/refs/types/krb5_pac","appdev/refs/types/krb5_pointer","appdev/refs/types/krb5_post_recv_fn","appdev/refs/types/krb5_pre_send_fn","appdev/refs/types/krb5_preauthtype","appdev/refs/types/krb5_principal","appdev/refs/types/krb5_principal_data","appdev/refs/types/krb5_prompt","appdev/refs/types/krb5_prompt_type","appdev/refs/types/krb5_prompter_fct","appdev/refs/types/krb5_pwd_data","appdev/refs/types/krb5_rcache","appdev/refs/types/krb5_replay_data","appdev/refs/types/krb5_responder_context","appdev/refs/types/krb5_responder_fn","appdev/refs/types/krb5_responder_otp_challenge","appdev/refs/types/krb5_responder_otp_tokeninfo","appdev/refs/types/krb5_responder_pkinit_challenge","appdev/refs/types/krb5_responder_pkinit_identity","appdev/refs/types/krb5_response","appdev/refs/types/krb5_ticket","appdev/refs/types/krb5_ticket_times","appdev/refs/types/krb5_timestamp","appdev/refs/types/krb5_tkt_authent","appdev/refs/types/krb5_tkt_creds_context","appdev/refs/types/krb5_trace_callback","appdev/refs/types/krb5_trace_info","appdev/refs/types/krb5_transited","appdev/refs/types/krb5_typed_data","appdev/refs/types/krb5_ui_2","appdev/refs/types/krb5_ui_4","appdev/refs/types/krb5_verify_init_creds_opt","appdev/refs/types/passwd_phrase_element","appdev/y2038","basic/ccache_def","basic/date_format","basic/index","basic/keytab_def","basic/rcache_def","basic/stash_file_def","build/directory_org","build/doing_build","build/index","build/options2configure","build/osconf","build_this","copyright","formats/ccache_file_format","formats/cookie","formats/freshness_token","formats/index","formats/keytab_file_format","formats/rcache_file_format","index","mitK5defaults","mitK5features","mitK5license","plugindev/ccselect","plugindev/certauth","plugindev/clpreauth","plugindev/general","plugindev/gssapi","plugindev/hostrealm","plugindev/index","plugindev/internal","plugindev/kadm5_auth","plugindev/kadm5_hook","plugindev/kdcpolicy","plugindev/kdcpreauth","plugindev/localauth","plugindev/locate","plugindev/profile","plugindev/pwqual","resources","user/index","user/pwd_mgmt","user/tkt_mgmt","user/user_commands/index","user/user_commands/kdestroy","user/user_commands/kinit","user/user_commands/klist","user/user_commands/kpasswd","user/user_commands/krb5-config","user/user_commands/ksu","user/user_commands/kswitch","user/user_commands/kvno","user/user_commands/sclient","user/user_config/index","user/user_config/k5identity","user/user_config/k5login","user/user_config/kerberos"],envversion:52,filenames:["about.rst","admin/admin_commands/index.rst","admin/admin_commands/k5srvutil.rst","admin/admin_commands/kadmin_local.rst","admin/admin_commands/kadmind.rst","admin/admin_commands/kdb5_ldap_util.rst","admin/admin_commands/kdb5_util.rst","admin/admin_commands/kprop.rst","admin/admin_commands/kpropd.rst","admin/admin_commands/kproplog.rst","admin/admin_commands/krb5kdc.rst","admin/admin_commands/ktutil.rst","admin/admin_commands/sserver.rst","admin/advanced/index.rst","admin/advanced/retiring-des.rst","admin/appl_servers.rst","admin/auth_indicator.rst","admin/backup_host.rst","admin/conf_files/index.rst","admin/conf_files/kadm5_acl.rst","admin/conf_files/kdc_conf.rst","admin/conf_files/krb5_conf.rst","admin/conf_ldap.rst","admin/database.rst","admin/dbtypes.rst","admin/dictionary.rst","admin/enctypes.rst","admin/env_variables.rst","admin/host_config.rst","admin/https.rst","admin/index.rst","admin/install.rst","admin/install_appl_srv.rst","admin/install_clients.rst","admin/install_kdc.rst","admin/lockout.rst","admin/otp.rst","admin/pkinit.rst","admin/princ_dns.rst","admin/realm_config.rst","admin/spake.rst","admin/troubleshoot.rst","admin/various_envs.rst","appdev/gssapi.rst","appdev/h5l_mit_apidiff.rst","appdev/index.rst","appdev/init_creds.rst","appdev/princ_handle.rst","appdev/refs/api/index.rst","appdev/refs/api/krb5_425_conv_principal.rst","appdev/refs/api/krb5_524_conv_principal.rst","appdev/refs/api/krb5_524_convert_creds.rst","appdev/refs/api/krb5_address_compare.rst","appdev/refs/api/krb5_address_order.rst","appdev/refs/api/krb5_address_search.rst","appdev/refs/api/krb5_allow_weak_crypto.rst","appdev/refs/api/krb5_aname_to_localname.rst","appdev/refs/api/krb5_anonymous_principal.rst","appdev/refs/api/krb5_anonymous_realm.rst","appdev/refs/api/krb5_appdefault_boolean.rst","appdev/refs/api/krb5_appdefault_string.rst","appdev/refs/api/krb5_auth_con_free.rst","appdev/refs/api/krb5_auth_con_genaddrs.rst","appdev/refs/api/krb5_auth_con_get_checksum_func.rst","appdev/refs/api/krb5_auth_con_getaddrs.rst","appdev/refs/api/krb5_auth_con_getauthenticator.rst","appdev/refs/api/krb5_auth_con_getflags.rst","appdev/refs/api/krb5_auth_con_getkey.rst","appdev/refs/api/krb5_auth_con_getkey_k.rst","appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst","appdev/refs/api/krb5_auth_con_getlocalsubkey.rst","appdev/refs/api/krb5_auth_con_getrcache.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst","appdev/refs/api/krb5_auth_con_getremotesubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_init.rst","appdev/refs/api/krb5_auth_con_initivector.rst","appdev/refs/api/krb5_auth_con_set_checksum_func.rst","appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst","appdev/refs/api/krb5_auth_con_setaddrs.rst","appdev/refs/api/krb5_auth_con_setflags.rst","appdev/refs/api/krb5_auth_con_setports.rst","appdev/refs/api/krb5_auth_con_setrcache.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_setsendsubkey.rst","appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_setuseruserkey.rst","appdev/refs/api/krb5_build_principal.rst","appdev/refs/api/krb5_build_principal_alloc_va.rst","appdev/refs/api/krb5_build_principal_ext.rst","appdev/refs/api/krb5_build_principal_va.rst","appdev/refs/api/krb5_c_block_size.rst","appdev/refs/api/krb5_c_checksum_length.rst","appdev/refs/api/krb5_c_crypto_length.rst","appdev/refs/api/krb5_c_crypto_length_iov.rst","appdev/refs/api/krb5_c_decrypt.rst","appdev/refs/api/krb5_c_decrypt_iov.rst","appdev/refs/api/krb5_c_derive_prfplus.rst","appdev/refs/api/krb5_c_encrypt.rst","appdev/refs/api/krb5_c_encrypt_iov.rst","appdev/refs/api/krb5_c_encrypt_length.rst","appdev/refs/api/krb5_c_enctype_compare.rst","appdev/refs/api/krb5_c_free_state.rst","appdev/refs/api/krb5_c_fx_cf2_simple.rst","appdev/refs/api/krb5_c_init_state.rst","appdev/refs/api/krb5_c_is_coll_proof_cksum.rst","appdev/refs/api/krb5_c_is_keyed_cksum.rst","appdev/refs/api/krb5_c_keyed_checksum_types.rst","appdev/refs/api/krb5_c_keylengths.rst","appdev/refs/api/krb5_c_make_checksum.rst","appdev/refs/api/krb5_c_make_checksum_iov.rst","appdev/refs/api/krb5_c_make_random_key.rst","appdev/refs/api/krb5_c_padding_length.rst","appdev/refs/api/krb5_c_prf.rst","appdev/refs/api/krb5_c_prf_length.rst","appdev/refs/api/krb5_c_prfplus.rst","appdev/refs/api/krb5_c_random_add_entropy.rst","appdev/refs/api/krb5_c_random_make_octets.rst","appdev/refs/api/krb5_c_random_os_entropy.rst","appdev/refs/api/krb5_c_random_seed.rst","appdev/refs/api/krb5_c_random_to_key.rst","appdev/refs/api/krb5_c_string_to_key.rst","appdev/refs/api/krb5_c_string_to_key_with_params.rst","appdev/refs/api/krb5_c_valid_cksumtype.rst","appdev/refs/api/krb5_c_valid_enctype.rst","appdev/refs/api/krb5_c_verify_checksum.rst","appdev/refs/api/krb5_c_verify_checksum_iov.rst","appdev/refs/api/krb5_calculate_checksum.rst","appdev/refs/api/krb5_cc_cache_match.rst","appdev/refs/api/krb5_cc_close.rst","appdev/refs/api/krb5_cc_copy_creds.rst","appdev/refs/api/krb5_cc_default.rst","appdev/refs/api/krb5_cc_default_name.rst","appdev/refs/api/krb5_cc_destroy.rst","appdev/refs/api/krb5_cc_dup.rst","appdev/refs/api/krb5_cc_end_seq_get.rst","appdev/refs/api/krb5_cc_gen_new.rst","appdev/refs/api/krb5_cc_get_config.rst","appdev/refs/api/krb5_cc_get_flags.rst","appdev/refs/api/krb5_cc_get_full_name.rst","appdev/refs/api/krb5_cc_get_name.rst","appdev/refs/api/krb5_cc_get_principal.rst","appdev/refs/api/krb5_cc_get_type.rst","appdev/refs/api/krb5_cc_initialize.rst","appdev/refs/api/krb5_cc_move.rst","appdev/refs/api/krb5_cc_new_unique.rst","appdev/refs/api/krb5_cc_next_cred.rst","appdev/refs/api/krb5_cc_remove_cred.rst","appdev/refs/api/krb5_cc_resolve.rst","appdev/refs/api/krb5_cc_retrieve_cred.rst","appdev/refs/api/krb5_cc_select.rst","appdev/refs/api/krb5_cc_set_config.rst","appdev/refs/api/krb5_cc_set_default_name.rst","appdev/refs/api/krb5_cc_set_flags.rst","appdev/refs/api/krb5_cc_start_seq_get.rst","appdev/refs/api/krb5_cc_store_cred.rst","appdev/refs/api/krb5_cc_support_switch.rst","appdev/refs/api/krb5_cc_switch.rst","appdev/refs/api/krb5_cccol_cursor_free.rst","appdev/refs/api/krb5_cccol_cursor_new.rst","appdev/refs/api/krb5_cccol_cursor_next.rst","appdev/refs/api/krb5_cccol_have_content.rst","appdev/refs/api/krb5_change_password.rst","appdev/refs/api/krb5_check_clockskew.rst","appdev/refs/api/krb5_checksum_size.rst","appdev/refs/api/krb5_chpw_message.rst","appdev/refs/api/krb5_cksumtype_to_string.rst","appdev/refs/api/krb5_clear_error_message.rst","appdev/refs/api/krb5_copy_addresses.rst","appdev/refs/api/krb5_copy_authdata.rst","appdev/refs/api/krb5_copy_authenticator.rst","appdev/refs/api/krb5_copy_checksum.rst","appdev/refs/api/krb5_copy_context.rst","appdev/refs/api/krb5_copy_creds.rst","appdev/refs/api/krb5_copy_data.rst","appdev/refs/api/krb5_copy_error_message.rst","appdev/refs/api/krb5_copy_keyblock.rst","appdev/refs/api/krb5_copy_keyblock_contents.rst","appdev/refs/api/krb5_copy_principal.rst","appdev/refs/api/krb5_copy_ticket.rst","appdev/refs/api/krb5_decode_authdata_container.rst","appdev/refs/api/krb5_decode_ticket.rst","appdev/refs/api/krb5_decrypt.rst","appdev/refs/api/krb5_deltat_to_string.rst","appdev/refs/api/krb5_eblock_enctype.rst","appdev/refs/api/krb5_encode_authdata_container.rst","appdev/refs/api/krb5_encrypt.rst","appdev/refs/api/krb5_encrypt_size.rst","appdev/refs/api/krb5_enctype_to_name.rst","appdev/refs/api/krb5_enctype_to_string.rst","appdev/refs/api/krb5_expand_hostname.rst","appdev/refs/api/krb5_find_authdata.rst","appdev/refs/api/krb5_finish_key.rst","appdev/refs/api/krb5_finish_random_key.rst","appdev/refs/api/krb5_free_addresses.rst","appdev/refs/api/krb5_free_ap_rep_enc_part.rst","appdev/refs/api/krb5_free_authdata.rst","appdev/refs/api/krb5_free_authenticator.rst","appdev/refs/api/krb5_free_checksum.rst","appdev/refs/api/krb5_free_checksum_contents.rst","appdev/refs/api/krb5_free_cksumtypes.rst","appdev/refs/api/krb5_free_context.rst","appdev/refs/api/krb5_free_cred_contents.rst","appdev/refs/api/krb5_free_creds.rst","appdev/refs/api/krb5_free_data.rst","appdev/refs/api/krb5_free_data_contents.rst","appdev/refs/api/krb5_free_default_realm.rst","appdev/refs/api/krb5_free_enctypes.rst","appdev/refs/api/krb5_free_error.rst","appdev/refs/api/krb5_free_error_message.rst","appdev/refs/api/krb5_free_host_realm.rst","appdev/refs/api/krb5_free_keyblock.rst","appdev/refs/api/krb5_free_keyblock_contents.rst","appdev/refs/api/krb5_free_keytab_entry_contents.rst","appdev/refs/api/krb5_free_principal.rst","appdev/refs/api/krb5_free_string.rst","appdev/refs/api/krb5_free_tgt_creds.rst","appdev/refs/api/krb5_free_ticket.rst","appdev/refs/api/krb5_free_unparsed_name.rst","appdev/refs/api/krb5_fwd_tgt_creds.rst","appdev/refs/api/krb5_get_credentials.rst","appdev/refs/api/krb5_get_credentials_renew.rst","appdev/refs/api/krb5_get_credentials_validate.rst","appdev/refs/api/krb5_get_default_realm.rst","appdev/refs/api/krb5_get_error_message.rst","appdev/refs/api/krb5_get_etype_info.rst","appdev/refs/api/krb5_get_fallback_host_realm.rst","appdev/refs/api/krb5_get_host_realm.rst","appdev/refs/api/krb5_get_in_tkt_with_keytab.rst","appdev/refs/api/krb5_get_in_tkt_with_password.rst","appdev/refs/api/krb5_get_in_tkt_with_skey.rst","appdev/refs/api/krb5_get_init_creds_keytab.rst","appdev/refs/api/krb5_get_init_creds_opt_alloc.rst","appdev/refs/api/krb5_get_init_creds_opt_free.rst","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_init.rst","appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst","appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst","appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst","appdev/refs/api/krb5_get_init_creds_password.rst","appdev/refs/api/krb5_get_permitted_enctypes.rst","appdev/refs/api/krb5_get_profile.rst","appdev/refs/api/krb5_get_prompt_types.rst","appdev/refs/api/krb5_get_renewed_creds.rst","appdev/refs/api/krb5_get_server_rcache.rst","appdev/refs/api/krb5_get_time_offsets.rst","appdev/refs/api/krb5_get_validated_creds.rst","appdev/refs/api/krb5_init_context.rst","appdev/refs/api/krb5_init_context_profile.rst","appdev/refs/api/krb5_init_creds_free.rst","appdev/refs/api/krb5_init_creds_get.rst","appdev/refs/api/krb5_init_creds_get_creds.rst","appdev/refs/api/krb5_init_creds_get_error.rst","appdev/refs/api/krb5_init_creds_get_times.rst","appdev/refs/api/krb5_init_creds_init.rst","appdev/refs/api/krb5_init_creds_set_keytab.rst","appdev/refs/api/krb5_init_creds_set_password.rst","appdev/refs/api/krb5_init_creds_set_service.rst","appdev/refs/api/krb5_init_creds_step.rst","appdev/refs/api/krb5_init_keyblock.rst","appdev/refs/api/krb5_init_random_key.rst","appdev/refs/api/krb5_init_secure_context.rst","appdev/refs/api/krb5_is_config_principal.rst","appdev/refs/api/krb5_is_referral_realm.rst","appdev/refs/api/krb5_is_thread_safe.rst","appdev/refs/api/krb5_k_create_key.rst","appdev/refs/api/krb5_k_decrypt.rst","appdev/refs/api/krb5_k_decrypt_iov.rst","appdev/refs/api/krb5_k_encrypt.rst","appdev/refs/api/krb5_k_encrypt_iov.rst","appdev/refs/api/krb5_k_free_key.rst","appdev/refs/api/krb5_k_key_enctype.rst","appdev/refs/api/krb5_k_key_keyblock.rst","appdev/refs/api/krb5_k_make_checksum.rst","appdev/refs/api/krb5_k_make_checksum_iov.rst","appdev/refs/api/krb5_k_prf.rst","appdev/refs/api/krb5_k_reference_key.rst","appdev/refs/api/krb5_k_verify_checksum.rst","appdev/refs/api/krb5_k_verify_checksum_iov.rst","appdev/refs/api/krb5_kt_add_entry.rst","appdev/refs/api/krb5_kt_client_default.rst","appdev/refs/api/krb5_kt_close.rst","appdev/refs/api/krb5_kt_default.rst","appdev/refs/api/krb5_kt_default_name.rst","appdev/refs/api/krb5_kt_dup.rst","appdev/refs/api/krb5_kt_end_seq_get.rst","appdev/refs/api/krb5_kt_free_entry.rst","appdev/refs/api/krb5_kt_get_entry.rst","appdev/refs/api/krb5_kt_get_name.rst","appdev/refs/api/krb5_kt_get_type.rst","appdev/refs/api/krb5_kt_have_content.rst","appdev/refs/api/krb5_kt_next_entry.rst","appdev/refs/api/krb5_kt_read_service_key.rst","appdev/refs/api/krb5_kt_remove_entry.rst","appdev/refs/api/krb5_kt_resolve.rst","appdev/refs/api/krb5_kt_start_seq_get.rst","appdev/refs/api/krb5_kuserok.rst","appdev/refs/api/krb5_make_authdata_kdc_issued.rst","appdev/refs/api/krb5_merge_authdata.rst","appdev/refs/api/krb5_mk_1cred.rst","appdev/refs/api/krb5_mk_error.rst","appdev/refs/api/krb5_mk_ncred.rst","appdev/refs/api/krb5_mk_priv.rst","appdev/refs/api/krb5_mk_rep.rst","appdev/refs/api/krb5_mk_rep_dce.rst","appdev/refs/api/krb5_mk_req.rst","appdev/refs/api/krb5_mk_req_extended.rst","appdev/refs/api/krb5_mk_safe.rst","appdev/refs/api/krb5_os_localaddr.rst","appdev/refs/api/krb5_pac_add_buffer.rst","appdev/refs/api/krb5_pac_free.rst","appdev/refs/api/krb5_pac_get_buffer.rst","appdev/refs/api/krb5_pac_get_client_info.rst","appdev/refs/api/krb5_pac_get_types.rst","appdev/refs/api/krb5_pac_init.rst","appdev/refs/api/krb5_pac_parse.rst","appdev/refs/api/krb5_pac_sign.rst","appdev/refs/api/krb5_pac_sign_ext.rst","appdev/refs/api/krb5_pac_verify.rst","appdev/refs/api/krb5_pac_verify_ext.rst","appdev/refs/api/krb5_parse_name.rst","appdev/refs/api/krb5_parse_name_flags.rst","appdev/refs/api/krb5_prepend_error_message.rst","appdev/refs/api/krb5_principal2salt.rst","appdev/refs/api/krb5_principal_compare.rst","appdev/refs/api/krb5_principal_compare_any_realm.rst","appdev/refs/api/krb5_principal_compare_flags.rst","appdev/refs/api/krb5_process_key.rst","appdev/refs/api/krb5_prompter_posix.rst","appdev/refs/api/krb5_random_key.rst","appdev/refs/api/krb5_rd_cred.rst","appdev/refs/api/krb5_rd_error.rst","appdev/refs/api/krb5_rd_priv.rst","appdev/refs/api/krb5_rd_rep.rst","appdev/refs/api/krb5_rd_rep_dce.rst","appdev/refs/api/krb5_rd_req.rst","appdev/refs/api/krb5_rd_safe.rst","appdev/refs/api/krb5_read_password.rst","appdev/refs/api/krb5_realm_compare.rst","appdev/refs/api/krb5_recvauth.rst","appdev/refs/api/krb5_recvauth_version.rst","appdev/refs/api/krb5_responder_get_challenge.rst","appdev/refs/api/krb5_responder_list_questions.rst","appdev/refs/api/krb5_responder_otp_challenge_free.rst","appdev/refs/api/krb5_responder_otp_get_challenge.rst","appdev/refs/api/krb5_responder_otp_set_answer.rst","appdev/refs/api/krb5_responder_pkinit_challenge_free.rst","appdev/refs/api/krb5_responder_pkinit_get_challenge.rst","appdev/refs/api/krb5_responder_pkinit_set_answer.rst","appdev/refs/api/krb5_responder_set_answer.rst","appdev/refs/api/krb5_salttype_to_string.rst","appdev/refs/api/krb5_sendauth.rst","appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst","appdev/refs/api/krb5_set_default_realm.rst","appdev/refs/api/krb5_set_default_tgs_enctypes.rst","appdev/refs/api/krb5_set_error_message.rst","appdev/refs/api/krb5_set_kdc_recv_hook.rst","appdev/refs/api/krb5_set_kdc_send_hook.rst","appdev/refs/api/krb5_set_password.rst","appdev/refs/api/krb5_set_password_using_ccache.rst","appdev/refs/api/krb5_set_principal_realm.rst","appdev/refs/api/krb5_set_real_time.rst","appdev/refs/api/krb5_set_trace_callback.rst","appdev/refs/api/krb5_set_trace_filename.rst","appdev/refs/api/krb5_sname_match.rst","appdev/refs/api/krb5_sname_to_principal.rst","appdev/refs/api/krb5_string_to_cksumtype.rst","appdev/refs/api/krb5_string_to_deltat.rst","appdev/refs/api/krb5_string_to_enctype.rst","appdev/refs/api/krb5_string_to_key.rst","appdev/refs/api/krb5_string_to_salttype.rst","appdev/refs/api/krb5_string_to_timestamp.rst","appdev/refs/api/krb5_timeofday.rst","appdev/refs/api/krb5_timestamp_to_sfstring.rst","appdev/refs/api/krb5_timestamp_to_string.rst","appdev/refs/api/krb5_tkt_creds_free.rst","appdev/refs/api/krb5_tkt_creds_get.rst","appdev/refs/api/krb5_tkt_creds_get_creds.rst","appdev/refs/api/krb5_tkt_creds_get_times.rst","appdev/refs/api/krb5_tkt_creds_init.rst","appdev/refs/api/krb5_tkt_creds_step.rst","appdev/refs/api/krb5_unparse_name.rst","appdev/refs/api/krb5_unparse_name_ext.rst","appdev/refs/api/krb5_unparse_name_flags.rst","appdev/refs/api/krb5_unparse_name_flags_ext.rst","appdev/refs/api/krb5_us_timeofday.rst","appdev/refs/api/krb5_use_enctype.rst","appdev/refs/api/krb5_verify_authdata_kdc_issued.rst","appdev/refs/api/krb5_verify_checksum.rst","appdev/refs/api/krb5_verify_init_creds.rst","appdev/refs/api/krb5_verify_init_creds_opt_init.rst","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst","appdev/refs/api/krb5_vprepend_error_message.rst","appdev/refs/api/krb5_vset_error_message.rst","appdev/refs/api/krb5_vwrap_error_message.rst","appdev/refs/api/krb5_wrap_error_message.rst","appdev/refs/index.rst","appdev/refs/macros/ADDRTYPE_ADDRPORT.rst","appdev/refs/macros/ADDRTYPE_CHAOS.rst","appdev/refs/macros/ADDRTYPE_DDP.rst","appdev/refs/macros/ADDRTYPE_INET.rst","appdev/refs/macros/ADDRTYPE_INET6.rst","appdev/refs/macros/ADDRTYPE_IPPORT.rst","appdev/refs/macros/ADDRTYPE_ISO.rst","appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst","appdev/refs/macros/ADDRTYPE_NETBIOS.rst","appdev/refs/macros/ADDRTYPE_XNS.rst","appdev/refs/macros/AD_TYPE_EXTERNAL.rst","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst","appdev/refs/macros/AD_TYPE_REGISTERED.rst","appdev/refs/macros/AD_TYPE_RESERVED.rst","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst","appdev/refs/macros/AP_OPTS_RESERVED.rst","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst","appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst","appdev/refs/macros/AP_OPTS_WIRE_MASK.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst","appdev/refs/macros/CKSUMTYPE_CRC32.rst","appdev/refs/macros/CKSUMTYPE_DESCBC.rst","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst","appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst","appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_NULL.rst","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_UNKNOWN.rst","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst","appdev/refs/macros/KDC_OPT_CANONICALIZE.rst","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst","appdev/refs/macros/KDC_OPT_FORWARDABLE.rst","appdev/refs/macros/KDC_OPT_FORWARDED.rst","appdev/refs/macros/KDC_OPT_POSTDATED.rst","appdev/refs/macros/KDC_OPT_PROXIABLE.rst","appdev/refs/macros/KDC_OPT_PROXY.rst","appdev/refs/macros/KDC_OPT_RENEW.rst","appdev/refs/macros/KDC_OPT_RENEWABLE.rst","appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst","appdev/refs/macros/KDC_OPT_VALIDATE.rst","appdev/refs/macros/KDC_TKT_COMMON_MASK.rst","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst","appdev/refs/macros/KRB5_AP_REP.rst","appdev/refs/macros/KRB5_AP_REQ.rst","appdev/refs/macros/KRB5_AS_REP.rst","appdev/refs/macros/KRB5_AS_REQ.rst","appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst","appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst","appdev/refs/macros/KRB5_CRED.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst","appdev/refs/macros/KRB5_ERROR.rst","appdev/refs/macros/KRB5_FAST_REQUIRED.rst","appdev/refs/macros/KRB5_GC_CACHED.rst","appdev/refs/macros/KRB5_GC_CANONICALIZE.rst","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst","appdev/refs/macros/KRB5_GC_FORWARDABLE.rst","appdev/refs/macros/KRB5_GC_NO_STORE.rst","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst","appdev/refs/macros/KRB5_GC_USER_USER.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_INT16_MAX.rst","appdev/refs/macros/KRB5_INT16_MIN.rst","appdev/refs/macros/KRB5_INT32_MAX.rst","appdev/refs/macros/KRB5_INT32_MIN.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst","appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst","appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst","appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_NONE.rst","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_SMTP_NAME.rst","appdev/refs/macros/KRB5_NT_SRV_HST.rst","appdev/refs/macros/KRB5_NT_SRV_INST.rst","appdev/refs/macros/KRB5_NT_SRV_XHST.rst","appdev/refs/macros/KRB5_NT_UID.rst","appdev/refs/macros/KRB5_NT_UNKNOWN.rst","appdev/refs/macros/KRB5_NT_WELLKNOWN.rst","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst","appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst","appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst","appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst","appdev/refs/macros/KRB5_PADATA_AP_REQ.rst","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst","appdev/refs/macros/KRB5_PADATA_FOR_USER.rst","appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst","appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst","appdev/refs/macros/KRB5_PADATA_FX_FAST.rst","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst","appdev/refs/macros/KRB5_PADATA_NONE.rst","appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst","appdev/refs/macros/KRB5_PADATA_PW_SALT.rst","appdev/refs/macros/KRB5_PADATA_REFERRAL.rst","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst","appdev/refs/macros/KRB5_PADATA_SESAME.rst","appdev/refs/macros/KRB5_PADATA_SPAKE.rst","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst","appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst","appdev/refs/macros/KRB5_PRIV.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst","appdev/refs/macros/KRB5_PVNO.rst","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst","appdev/refs/macros/KRB5_REFERRAL_REALM.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst","appdev/refs/macros/KRB5_SAFE.rst","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst","appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst","appdev/refs/macros/KRB5_TC_NOTICKET.rst","appdev/refs/macros/KRB5_TC_OPENCLOSE.rst","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst","appdev/refs/macros/KRB5_TGS_NAME.rst","appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst","appdev/refs/macros/KRB5_TGS_REP.rst","appdev/refs/macros/KRB5_TGS_REQ.rst","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst","appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst","appdev/refs/macros/MSEC_DIRBIT.rst","appdev/refs/macros/MSEC_VAL_MASK.rst","appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst","appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst","appdev/refs/macros/THREEPARAMOPEN.rst","appdev/refs/macros/TKT_FLG_ANONYMOUS.rst","appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst","appdev/refs/macros/TKT_FLG_FORWARDABLE.rst","appdev/refs/macros/TKT_FLG_FORWARDED.rst","appdev/refs/macros/TKT_FLG_HW_AUTH.rst","appdev/refs/macros/TKT_FLG_INITIAL.rst","appdev/refs/macros/TKT_FLG_INVALID.rst","appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst","appdev/refs/macros/TKT_FLG_POSTDATED.rst","appdev/refs/macros/TKT_FLG_PRE_AUTH.rst","appdev/refs/macros/TKT_FLG_PROXIABLE.rst","appdev/refs/macros/TKT_FLG_PROXY.rst","appdev/refs/macros/TKT_FLG_RENEWABLE.rst","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst","appdev/refs/macros/VALID_INT_BITS.rst","appdev/refs/macros/VALID_UINT_BITS.rst","appdev/refs/macros/index.rst","appdev/refs/macros/krb524_convert_creds_kdc.rst","appdev/refs/macros/krb524_init_ets.rst","appdev/refs/macros/krb5_const.rst","appdev/refs/macros/krb5_princ_component.rst","appdev/refs/macros/krb5_princ_name.rst","appdev/refs/macros/krb5_princ_realm.rst","appdev/refs/macros/krb5_princ_set_realm.rst","appdev/refs/macros/krb5_princ_set_realm_data.rst","appdev/refs/macros/krb5_princ_set_realm_length.rst","appdev/refs/macros/krb5_princ_size.rst","appdev/refs/macros/krb5_princ_type.rst","appdev/refs/macros/krb5_roundup.rst","appdev/refs/macros/krb5_x.rst","appdev/refs/macros/krb5_xc.rst","appdev/refs/types/index.rst","appdev/refs/types/krb5_address.rst","appdev/refs/types/krb5_addrtype.rst","appdev/refs/types/krb5_ap_rep.rst","appdev/refs/types/krb5_ap_rep_enc_part.rst","appdev/refs/types/krb5_ap_req.rst","appdev/refs/types/krb5_auth_context.rst","appdev/refs/types/krb5_authdata.rst","appdev/refs/types/krb5_authdatatype.rst","appdev/refs/types/krb5_authenticator.rst","appdev/refs/types/krb5_boolean.rst","appdev/refs/types/krb5_cc_cursor.rst","appdev/refs/types/krb5_ccache.rst","appdev/refs/types/krb5_cccol_cursor.rst","appdev/refs/types/krb5_checksum.rst","appdev/refs/types/krb5_cksumtype.rst","appdev/refs/types/krb5_const_pointer.rst","appdev/refs/types/krb5_const_principal.rst","appdev/refs/types/krb5_context.rst","appdev/refs/types/krb5_cred.rst","appdev/refs/types/krb5_cred_enc_part.rst","appdev/refs/types/krb5_cred_info.rst","appdev/refs/types/krb5_creds.rst","appdev/refs/types/krb5_crypto_iov.rst","appdev/refs/types/krb5_cryptotype.rst","appdev/refs/types/krb5_data.rst","appdev/refs/types/krb5_deltat.rst","appdev/refs/types/krb5_enc_data.rst","appdev/refs/types/krb5_enc_kdc_rep_part.rst","appdev/refs/types/krb5_enc_tkt_part.rst","appdev/refs/types/krb5_encrypt_block.rst","appdev/refs/types/krb5_enctype.rst","appdev/refs/types/krb5_error.rst","appdev/refs/types/krb5_error_code.rst","appdev/refs/types/krb5_expire_callback_func.rst","appdev/refs/types/krb5_flags.rst","appdev/refs/types/krb5_get_init_creds_opt.rst","appdev/refs/types/krb5_gic_opt_pa_data.rst","appdev/refs/types/krb5_init_creds_context.rst","appdev/refs/types/krb5_int16.rst","appdev/refs/types/krb5_int32.rst","appdev/refs/types/krb5_kdc_rep.rst","appdev/refs/types/krb5_kdc_req.rst","appdev/refs/types/krb5_key.rst","appdev/refs/types/krb5_keyblock.rst","appdev/refs/types/krb5_keytab.rst","appdev/refs/types/krb5_keytab_entry.rst","appdev/refs/types/krb5_keyusage.rst","appdev/refs/types/krb5_kt_cursor.rst","appdev/refs/types/krb5_kvno.rst","appdev/refs/types/krb5_last_req_entry.rst","appdev/refs/types/krb5_magic.rst","appdev/refs/types/krb5_mk_req_checksum_func.rst","appdev/refs/types/krb5_msgtype.rst","appdev/refs/types/krb5_octet.rst","appdev/refs/types/krb5_pa_data.rst","appdev/refs/types/krb5_pa_pac_req.rst","appdev/refs/types/krb5_pa_server_referral_data.rst","appdev/refs/types/krb5_pa_svr_referral_data.rst","appdev/refs/types/krb5_pac.rst","appdev/refs/types/krb5_pointer.rst","appdev/refs/types/krb5_post_recv_fn.rst","appdev/refs/types/krb5_pre_send_fn.rst","appdev/refs/types/krb5_preauthtype.rst","appdev/refs/types/krb5_principal.rst","appdev/refs/types/krb5_principal_data.rst","appdev/refs/types/krb5_prompt.rst","appdev/refs/types/krb5_prompt_type.rst","appdev/refs/types/krb5_prompter_fct.rst","appdev/refs/types/krb5_pwd_data.rst","appdev/refs/types/krb5_rcache.rst","appdev/refs/types/krb5_replay_data.rst","appdev/refs/types/krb5_responder_context.rst","appdev/refs/types/krb5_responder_fn.rst","appdev/refs/types/krb5_responder_otp_challenge.rst","appdev/refs/types/krb5_responder_otp_tokeninfo.rst","appdev/refs/types/krb5_responder_pkinit_challenge.rst","appdev/refs/types/krb5_responder_pkinit_identity.rst","appdev/refs/types/krb5_response.rst","appdev/refs/types/krb5_ticket.rst","appdev/refs/types/krb5_ticket_times.rst","appdev/refs/types/krb5_timestamp.rst","appdev/refs/types/krb5_tkt_authent.rst","appdev/refs/types/krb5_tkt_creds_context.rst","appdev/refs/types/krb5_trace_callback.rst","appdev/refs/types/krb5_trace_info.rst","appdev/refs/types/krb5_transited.rst","appdev/refs/types/krb5_typed_data.rst","appdev/refs/types/krb5_ui_2.rst","appdev/refs/types/krb5_ui_4.rst","appdev/refs/types/krb5_verify_init_creds_opt.rst","appdev/refs/types/passwd_phrase_element.rst","appdev/y2038.rst","basic/ccache_def.rst","basic/date_format.rst","basic/index.rst","basic/keytab_def.rst","basic/rcache_def.rst","basic/stash_file_def.rst","build/directory_org.rst","build/doing_build.rst","build/index.rst","build/options2configure.rst","build/osconf.rst","build_this.rst","copyright.rst","formats/ccache_file_format.rst","formats/cookie.rst","formats/freshness_token.rst","formats/index.rst","formats/keytab_file_format.rst","formats/rcache_file_format.rst","index.rst","mitK5defaults.rst","mitK5features.rst","mitK5license.rst","plugindev/ccselect.rst","plugindev/certauth.rst","plugindev/clpreauth.rst","plugindev/general.rst","plugindev/gssapi.rst","plugindev/hostrealm.rst","plugindev/index.rst","plugindev/internal.rst","plugindev/kadm5_auth.rst","plugindev/kadm5_hook.rst","plugindev/kdcpolicy.rst","plugindev/kdcpreauth.rst","plugindev/localauth.rst","plugindev/locate.rst","plugindev/profile.rst","plugindev/pwqual.rst","resources.rst","user/index.rst","user/pwd_mgmt.rst","user/tkt_mgmt.rst","user/user_commands/index.rst","user/user_commands/kdestroy.rst","user/user_commands/kinit.rst","user/user_commands/klist.rst","user/user_commands/kpasswd.rst","user/user_commands/krb5-config.rst","user/user_commands/ksu.rst","user/user_commands/kswitch.rst","user/user_commands/kvno.rst","user/user_commands/sclient.rst","user/user_config/index.rst","user/user_config/k5identity.rst","user/user_config/k5login.rst","user/user_config/kerberos.rst"],objects:{"":{ADDRTYPE_ADDRPORT:[418,3,1,""],ADDRTYPE_CHAOS:[419,3,1,""],ADDRTYPE_DDP:[420,3,1,""],ADDRTYPE_INET6:[422,3,1,""],ADDRTYPE_INET:[421,3,1,""],ADDRTYPE_IPPORT:[423,3,1,""],ADDRTYPE_ISO:[424,3,1,""],ADDRTYPE_IS_LOCAL:[425,3,1,""],ADDRTYPE_NETBIOS:[426,3,1,""],ADDRTYPE_XNS:[427,3,1,""],AD_TYPE_EXTERNAL:[428,3,1,""],AD_TYPE_FIELD_TYPE_MASK:[429,3,1,""],AD_TYPE_REGISTERED:[430,3,1,""],AD_TYPE_RESERVED:[431,3,1,""],AP_OPTS_ETYPE_NEGOTIATION:[432,3,1,""],AP_OPTS_MUTUAL_REQUIRED:[433,3,1,""],AP_OPTS_RESERVED:[434,3,1,""],AP_OPTS_USE_SESSION_KEY:[435,3,1,""],AP_OPTS_USE_SUBKEY:[436,3,1,""],AP_OPTS_WIRE_MASK:[437,3,1,""],CKSUMTYPE_CMAC_CAMELLIA128:[438,3,1,""],CKSUMTYPE_CMAC_CAMELLIA256:[439,3,1,""],CKSUMTYPE_CRC32:[440,3,1,""],CKSUMTYPE_DESCBC:[441,3,1,""],CKSUMTYPE_HMAC_MD5_ARCFOUR:[442,3,1,""],CKSUMTYPE_HMAC_SHA1_96_AES128:[443,3,1,""],CKSUMTYPE_HMAC_SHA1_96_AES256:[444,3,1,""],CKSUMTYPE_HMAC_SHA1_DES3:[445,3,1,""],CKSUMTYPE_HMAC_SHA256_128_AES128:[446,3,1,""],CKSUMTYPE_HMAC_SHA384_192_AES256:[447,3,1,""],CKSUMTYPE_MD5_HMAC_ARCFOUR:[448,3,1,""],CKSUMTYPE_NIST_SHA:[449,3,1,""],CKSUMTYPE_RSA_MD4:[450,3,1,""],CKSUMTYPE_RSA_MD4_DES:[451,3,1,""],CKSUMTYPE_RSA_MD5:[452,3,1,""],CKSUMTYPE_RSA_MD5_DES:[453,3,1,""],ENCTYPE_AES128_CTS_HMAC_SHA1_96:[454,3,1,""],ENCTYPE_AES128_CTS_HMAC_SHA256_128:[455,3,1,""],ENCTYPE_AES256_CTS_HMAC_SHA1_96:[456,3,1,""],ENCTYPE_AES256_CTS_HMAC_SHA384_192:[457,3,1,""],ENCTYPE_ARCFOUR_HMAC:[458,3,1,""],ENCTYPE_ARCFOUR_HMAC_EXP:[459,3,1,""],ENCTYPE_CAMELLIA128_CTS_CMAC:[460,3,1,""],ENCTYPE_CAMELLIA256_CTS_CMAC:[461,3,1,""],ENCTYPE_DES3_CBC_ENV:[462,3,1,""],ENCTYPE_DES3_CBC_RAW:[463,3,1,""],ENCTYPE_DES3_CBC_SHA1:[465,3,1,""],ENCTYPE_DES3_CBC_SHA:[464,3,1,""],ENCTYPE_DES_CBC_CRC:[466,3,1,""],ENCTYPE_DES_CBC_MD4:[467,3,1,""],ENCTYPE_DES_CBC_MD5:[468,3,1,""],ENCTYPE_DES_CBC_RAW:[469,3,1,""],ENCTYPE_DES_HMAC_SHA1:[470,3,1,""],ENCTYPE_DSA_SHA1_CMS:[471,3,1,""],ENCTYPE_MD5_RSA_CMS:[472,3,1,""],ENCTYPE_NULL:[473,3,1,""],ENCTYPE_RC2_CBC_ENV:[474,3,1,""],ENCTYPE_RSA_ENV:[475,3,1,""],ENCTYPE_RSA_ES_OAEP_ENV:[476,3,1,""],ENCTYPE_SHA1_RSA_CMS:[477,3,1,""],ENCTYPE_UNKNOWN:[478,3,1,""],KDC_OPT_ALLOW_POSTDATE:[479,3,1,""],KDC_OPT_CANONICALIZE:[480,3,1,""],KDC_OPT_CNAME_IN_ADDL_TKT:[481,3,1,""],KDC_OPT_DISABLE_TRANSITED_CHECK:[482,3,1,""],KDC_OPT_ENC_TKT_IN_SKEY:[483,3,1,""],KDC_OPT_FORWARDABLE:[484,3,1,""],KDC_OPT_FORWARDED:[485,3,1,""],KDC_OPT_POSTDATED:[486,3,1,""],KDC_OPT_PROXIABLE:[487,3,1,""],KDC_OPT_PROXY:[488,3,1,""],KDC_OPT_RENEW:[489,3,1,""],KDC_OPT_RENEWABLE:[490,3,1,""],KDC_OPT_RENEWABLE_OK:[491,3,1,""],KDC_OPT_REQUEST_ANONYMOUS:[492,3,1,""],KDC_OPT_VALIDATE:[493,3,1,""],KDC_TKT_COMMON_MASK:[494,3,1,""],KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:[495,3,1,""],KRB5_ANONYMOUS_PRINCSTR:[496,3,1,""],KRB5_ANONYMOUS_REALMSTR:[497,3,1,""],KRB5_AP_REP:[498,3,1,""],KRB5_AP_REQ:[499,3,1,""],KRB5_AS_REP:[500,3,1,""],KRB5_AS_REQ:[501,3,1,""],KRB5_AUTHDATA_AND_OR:[502,3,1,""],KRB5_AUTHDATA_AUTH_INDICATOR:[503,3,1,""],KRB5_AUTHDATA_CAMMAC:[504,3,1,""],KRB5_AUTHDATA_ETYPE_NEGOTIATION:[505,3,1,""],KRB5_AUTHDATA_FX_ARMOR:[506,3,1,""],KRB5_AUTHDATA_IF_RELEVANT:[507,3,1,""],KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:[508,3,1,""],KRB5_AUTHDATA_KDC_ISSUED:[509,3,1,""],KRB5_AUTHDATA_MANDATORY_FOR_KDC:[510,3,1,""],KRB5_AUTHDATA_OSF_DCE:[511,3,1,""],KRB5_AUTHDATA_SESAME:[512,3,1,""],KRB5_AUTHDATA_SIGNTICKET:[513,3,1,""],KRB5_AUTHDATA_WIN2K_PAC:[514,3,1,""],KRB5_AUTH_CONTEXT_DO_SEQUENCE:[515,3,1,""],KRB5_AUTH_CONTEXT_DO_TIME:[516,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:[517,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:[518,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:[519,3,1,""],KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:[520,3,1,""],KRB5_AUTH_CONTEXT_PERMIT_ALL:[521,3,1,""],KRB5_AUTH_CONTEXT_RET_SEQUENCE:[522,3,1,""],KRB5_AUTH_CONTEXT_RET_TIME:[523,3,1,""],KRB5_AUTH_CONTEXT_USE_SUBKEY:[524,3,1,""],KRB5_CRED:[525,3,1,""],KRB5_CRYPTO_TYPE_CHECKSUM:[526,3,1,""],KRB5_CRYPTO_TYPE_DATA:[527,3,1,""],KRB5_CRYPTO_TYPE_EMPTY:[528,3,1,""],KRB5_CRYPTO_TYPE_HEADER:[529,3,1,""],KRB5_CRYPTO_TYPE_PADDING:[530,3,1,""],KRB5_CRYPTO_TYPE_SIGN_ONLY:[531,3,1,""],KRB5_CRYPTO_TYPE_STREAM:[532,3,1,""],KRB5_CRYPTO_TYPE_TRAILER:[533,3,1,""],KRB5_CYBERSAFE_SECUREID:[534,3,1,""],KRB5_DOMAIN_X500_COMPRESS:[535,3,1,""],KRB5_ENCPADATA_REQ_ENC_PA_REP:[536,3,1,""],KRB5_ERROR:[537,3,1,""],KRB5_FAST_REQUIRED:[538,3,1,""],KRB5_GC_CACHED:[539,3,1,""],KRB5_GC_CANONICALIZE:[540,3,1,""],KRB5_GC_CONSTRAINED_DELEGATION:[541,3,1,""],KRB5_GC_FORWARDABLE:[542,3,1,""],KRB5_GC_NO_STORE:[543,3,1,""],KRB5_GC_NO_TRANSIT_CHECK:[544,3,1,""],KRB5_GC_USER_USER:[545,3,1,""],KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:[546,3,1,""],KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:[547,3,1,""],KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:[548,3,1,""],KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:[549,3,1,""],KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:[550,3,1,""],KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:[551,3,1,""],KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:[552,3,1,""],KRB5_GET_INIT_CREDS_OPT_PROXIABLE:[553,3,1,""],KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:[554,3,1,""],KRB5_GET_INIT_CREDS_OPT_SALT:[555,3,1,""],KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:[556,3,1,""],KRB5_INIT_CONTEXT_KDC:[557,3,1,""],KRB5_INIT_CONTEXT_SECURE:[558,3,1,""],KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:[559,3,1,""],KRB5_INT16_MAX:[560,3,1,""],KRB5_INT16_MIN:[561,3,1,""],KRB5_INT32_MAX:[562,3,1,""],KRB5_INT32_MIN:[563,3,1,""],KRB5_KEYUSAGE_AD_ITE:[564,3,1,""],KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:[565,3,1,""],KRB5_KEYUSAGE_AD_MTE:[566,3,1,""],KRB5_KEYUSAGE_AD_SIGNEDPATH:[567,3,1,""],KRB5_KEYUSAGE_APP_DATA_CKSUM:[568,3,1,""],KRB5_KEYUSAGE_APP_DATA_ENCRYPT:[569,3,1,""],KRB5_KEYUSAGE_AP_REP_ENCPART:[570,3,1,""],KRB5_KEYUSAGE_AP_REQ_AUTH:[571,3,1,""],KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:[572,3,1,""],KRB5_KEYUSAGE_AS_REP_ENCPART:[573,3,1,""],KRB5_KEYUSAGE_AS_REQ:[574,3,1,""],KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:[575,3,1,""],KRB5_KEYUSAGE_CAMMAC:[576,3,1,""],KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:[577,3,1,""],KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:[578,3,1,""],KRB5_KEYUSAGE_FAST_ENC:[579,3,1,""],KRB5_KEYUSAGE_FAST_FINISHED:[580,3,1,""],KRB5_KEYUSAGE_FAST_REP:[581,3,1,""],KRB5_KEYUSAGE_FAST_REQ_CHKSUM:[582,3,1,""],KRB5_KEYUSAGE_GSS_TOK_MIC:[583,3,1,""],KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:[584,3,1,""],KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:[585,3,1,""],KRB5_KEYUSAGE_IAKERB_FINISHED:[586,3,1,""],KRB5_KEYUSAGE_KDC_REP_TICKET:[587,3,1,""],KRB5_KEYUSAGE_KRB_CRED_ENCPART:[588,3,1,""],KRB5_KEYUSAGE_KRB_ERROR_CKSUM:[589,3,1,""],KRB5_KEYUSAGE_KRB_PRIV_ENCPART:[590,3,1,""],KRB5_KEYUSAGE_KRB_SAFE_CKSUM:[591,3,1,""],KRB5_KEYUSAGE_PA_AS_FRESHNESS:[592,3,1,""],KRB5_KEYUSAGE_PA_FX_COOKIE:[593,3,1,""],KRB5_KEYUSAGE_PA_OTP_REQUEST:[594,3,1,""],KRB5_KEYUSAGE_PA_PKINIT_KX:[595,3,1,""],KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:[596,3,1,""],KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:[597,3,1,""],KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:[598,3,1,""],KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:[599,3,1,""],KRB5_KEYUSAGE_PA_SAM_RESPONSE:[600,3,1,""],KRB5_KEYUSAGE_SPAKE:[601,3,1,""],KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:[602,3,1,""],KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:[603,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:[604,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:[605,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AUTH:[606,3,1,""],KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:[607,3,1,""],KRB5_KPASSWD_ACCESSDENIED:[608,3,1,""],KRB5_KPASSWD_AUTHERROR:[609,3,1,""],KRB5_KPASSWD_BAD_VERSION:[610,3,1,""],KRB5_KPASSWD_HARDERROR:[611,3,1,""],KRB5_KPASSWD_INITIAL_FLAG_NEEDED:[612,3,1,""],KRB5_KPASSWD_MALFORMED:[613,3,1,""],KRB5_KPASSWD_SOFTERROR:[614,3,1,""],KRB5_KPASSWD_SUCCESS:[615,3,1,""],KRB5_LRQ_ALL_ACCT_EXPTIME:[616,3,1,""],KRB5_LRQ_ALL_LAST_INITIAL:[617,3,1,""],KRB5_LRQ_ALL_LAST_RENEWAL:[618,3,1,""],KRB5_LRQ_ALL_LAST_REQ:[619,3,1,""],KRB5_LRQ_ALL_LAST_TGT:[620,3,1,""],KRB5_LRQ_ALL_LAST_TGT_ISSUED:[621,3,1,""],KRB5_LRQ_ALL_PW_EXPTIME:[622,3,1,""],KRB5_LRQ_NONE:[623,3,1,""],KRB5_LRQ_ONE_ACCT_EXPTIME:[624,3,1,""],KRB5_LRQ_ONE_LAST_INITIAL:[625,3,1,""],KRB5_LRQ_ONE_LAST_RENEWAL:[626,3,1,""],KRB5_LRQ_ONE_LAST_REQ:[627,3,1,""],KRB5_LRQ_ONE_LAST_TGT:[628,3,1,""],KRB5_LRQ_ONE_LAST_TGT_ISSUED:[629,3,1,""],KRB5_LRQ_ONE_PW_EXPTIME:[630,3,1,""],KRB5_NT_ENTERPRISE_PRINCIPAL:[631,3,1,""],KRB5_NT_ENT_PRINCIPAL_AND_ID:[632,3,1,""],KRB5_NT_MS_PRINCIPAL:[633,3,1,""],KRB5_NT_MS_PRINCIPAL_AND_ID:[634,3,1,""],KRB5_NT_PRINCIPAL:[635,3,1,""],KRB5_NT_SMTP_NAME:[636,3,1,""],KRB5_NT_SRV_HST:[637,3,1,""],KRB5_NT_SRV_INST:[638,3,1,""],KRB5_NT_SRV_XHST:[639,3,1,""],KRB5_NT_UID:[640,3,1,""],KRB5_NT_UNKNOWN:[641,3,1,""],KRB5_NT_WELLKNOWN:[642,3,1,""],KRB5_NT_X500_PRINCIPAL:[643,3,1,""],KRB5_PAC_CLIENT_INFO:[644,3,1,""],KRB5_PAC_CREDENTIALS_INFO:[645,3,1,""],KRB5_PAC_DELEGATION_INFO:[646,3,1,""],KRB5_PAC_LOGON_INFO:[647,3,1,""],KRB5_PAC_PRIVSVR_CHECKSUM:[648,3,1,""],KRB5_PAC_SERVER_CHECKSUM:[649,3,1,""],KRB5_PAC_UPN_DNS_INFO:[650,3,1,""],KRB5_PADATA_AFS3_SALT:[651,3,1,""],KRB5_PADATA_AP_REQ:[652,3,1,""],KRB5_PADATA_AS_CHECKSUM:[653,3,1,""],KRB5_PADATA_AS_FRESHNESS:[654,3,1,""],KRB5_PADATA_ENCRYPTED_CHALLENGE:[655,3,1,""],KRB5_PADATA_ENC_SANDIA_SECURID:[656,3,1,""],KRB5_PADATA_ENC_TIMESTAMP:[657,3,1,""],KRB5_PADATA_ENC_UNIX_TIME:[658,3,1,""],KRB5_PADATA_ETYPE_INFO2:[660,3,1,""],KRB5_PADATA_ETYPE_INFO:[659,3,1,""],KRB5_PADATA_FOR_USER:[661,3,1,""],KRB5_PADATA_FX_COOKIE:[662,3,1,""],KRB5_PADATA_FX_ERROR:[663,3,1,""],KRB5_PADATA_FX_FAST:[664,3,1,""],KRB5_PADATA_GET_FROM_TYPED_DATA:[665,3,1,""],KRB5_PADATA_NONE:[666,3,1,""],KRB5_PADATA_OSF_DCE:[667,3,1,""],KRB5_PADATA_OTP_CHALLENGE:[668,3,1,""],KRB5_PADATA_OTP_PIN_CHANGE:[669,3,1,""],KRB5_PADATA_OTP_REQUEST:[670,3,1,""],KRB5_PADATA_PAC_OPTIONS:[671,3,1,""],KRB5_PADATA_PAC_REQUEST:[672,3,1,""],KRB5_PADATA_PKINIT_KX:[673,3,1,""],KRB5_PADATA_PK_AS_REP:[674,3,1,""],KRB5_PADATA_PK_AS_REP_OLD:[675,3,1,""],KRB5_PADATA_PK_AS_REQ:[676,3,1,""],KRB5_PADATA_PK_AS_REQ_OLD:[677,3,1,""],KRB5_PADATA_PW_SALT:[678,3,1,""],KRB5_PADATA_REFERRAL:[679,3,1,""],KRB5_PADATA_S4U_X509_USER:[680,3,1,""],KRB5_PADATA_SAM_CHALLENGE:[681,3,1,""],KRB5_PADATA_SAM_CHALLENGE_2:[682,3,1,""],KRB5_PADATA_SAM_REDIRECT:[683,3,1,""],KRB5_PADATA_SAM_RESPONSE:[684,3,1,""],KRB5_PADATA_SAM_RESPONSE_2:[685,3,1,""],KRB5_PADATA_SESAME:[686,3,1,""],KRB5_PADATA_SPAKE:[687,3,1,""],KRB5_PADATA_SVR_REFERRAL_INFO:[688,3,1,""],KRB5_PADATA_TGS_REQ:[689,3,1,""],KRB5_PADATA_USE_SPECIFIED_KVNO:[690,3,1,""],KRB5_PRINCIPAL_COMPARE_CASEFOLD:[691,3,1,""],KRB5_PRINCIPAL_COMPARE_ENTERPRISE:[692,3,1,""],KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:[693,3,1,""],KRB5_PRINCIPAL_COMPARE_UTF8:[694,3,1,""],KRB5_PRINCIPAL_PARSE_ENTERPRISE:[695,3,1,""],KRB5_PRINCIPAL_PARSE_IGNORE_REALM:[696,3,1,""],KRB5_PRINCIPAL_PARSE_NO_REALM:[697,3,1,""],KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:[698,3,1,""],KRB5_PRINCIPAL_UNPARSE_DISPLAY:[699,3,1,""],KRB5_PRINCIPAL_UNPARSE_NO_REALM:[700,3,1,""],KRB5_PRINCIPAL_UNPARSE_SHORT:[701,3,1,""],KRB5_PRIV:[702,3,1,""],KRB5_PROMPT_TYPE_NEW_PASSWORD:[703,3,1,""],KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:[704,3,1,""],KRB5_PROMPT_TYPE_PASSWORD:[705,3,1,""],KRB5_PROMPT_TYPE_PREAUTH:[706,3,1,""],KRB5_PVNO:[707,3,1,""],KRB5_REALM_BRANCH_CHAR:[708,3,1,""],KRB5_RECVAUTH_BADAUTHVERS:[709,3,1,""],KRB5_RECVAUTH_SKIP_VERSION:[710,3,1,""],KRB5_REFERRAL_REALM:[711,3,1,""],KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:[712,3,1,""],KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:[713,3,1,""],KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:[714,3,1,""],KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:[715,3,1,""],KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:[716,3,1,""],KRB5_RESPONDER_OTP_FORMAT_DECIMAL:[717,3,1,""],KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:[718,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:[719,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:[720,3,1,""],KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:[721,3,1,""],KRB5_RESPONDER_QUESTION_OTP:[722,3,1,""],KRB5_RESPONDER_QUESTION_PASSWORD:[723,3,1,""],KRB5_RESPONDER_QUESTION_PKINIT:[724,3,1,""],KRB5_SAFE:[725,3,1,""],KRB5_SAM_MUST_PK_ENCRYPT_SAD:[726,3,1,""],KRB5_SAM_SEND_ENCRYPTED_SAD:[727,3,1,""],KRB5_SAM_USE_SAD_AS_KEY:[728,3,1,""],KRB5_TC_MATCH_2ND_TKT:[729,3,1,""],KRB5_TC_MATCH_AUTHDATA:[730,3,1,""],KRB5_TC_MATCH_FLAGS:[731,3,1,""],KRB5_TC_MATCH_FLAGS_EXACT:[732,3,1,""],KRB5_TC_MATCH_IS_SKEY:[733,3,1,""],KRB5_TC_MATCH_KTYPE:[734,3,1,""],KRB5_TC_MATCH_SRV_NAMEONLY:[735,3,1,""],KRB5_TC_MATCH_TIMES:[736,3,1,""],KRB5_TC_MATCH_TIMES_EXACT:[737,3,1,""],KRB5_TC_NOTICKET:[738,3,1,""],KRB5_TC_OPENCLOSE:[739,3,1,""],KRB5_TC_SUPPORTED_KTYPES:[740,3,1,""],KRB5_TGS_NAME:[741,3,1,""],KRB5_TGS_NAME_SIZE:[742,3,1,""],KRB5_TGS_REP:[743,3,1,""],KRB5_TGS_REQ:[744,3,1,""],KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:[745,3,1,""],KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:[746,3,1,""],KRB5_WELLKNOWN_NAMESTR:[747,3,1,""],LR_TYPE_INTERPRETATION_MASK:[748,3,1,""],LR_TYPE_THIS_SERVER_ONLY:[749,3,1,""],MAX_KEYTAB_NAME_LEN:[750,3,1,""],MSEC_DIRBIT:[751,3,1,""],MSEC_VAL_MASK:[752,3,1,""],SALT_TYPE_AFS_LENGTH:[753,3,1,""],SALT_TYPE_NO_LENGTH:[754,3,1,""],THREEPARAMOPEN:[755,3,1,""],TKT_FLG_ANONYMOUS:[756,3,1,""],TKT_FLG_ENC_PA_REP:[757,3,1,""],TKT_FLG_FORWARDABLE:[758,3,1,""],TKT_FLG_FORWARDED:[759,3,1,""],TKT_FLG_HW_AUTH:[760,3,1,""],TKT_FLG_INITIAL:[761,3,1,""],TKT_FLG_INVALID:[762,3,1,""],TKT_FLG_MAY_POSTDATE:[763,3,1,""],TKT_FLG_OK_AS_DELEGATE:[764,3,1,""],TKT_FLG_POSTDATED:[765,3,1,""],TKT_FLG_PRE_AUTH:[766,3,1,""],TKT_FLG_PROXIABLE:[767,3,1,""],TKT_FLG_PROXY:[768,3,1,""],TKT_FLG_RENEWABLE:[769,3,1,""],TKT_FLG_TRANSIT_POLICY_CHECKED:[770,3,1,""],VALID_INT_BITS:[771,3,1,""],VALID_UINT_BITS:[772,3,1,""],krb524_convert_creds_kdc:[774,3,1,""],krb524_init_ets:[775,3,1,""],krb5_425_conv_principal:[49,0,1,"c.krb5_425_conv_principal"],krb5_524_conv_principal:[50,0,1,"c.krb5_524_conv_principal"],krb5_524_convert_creds:[51,0,1,"c.krb5_524_convert_creds"],krb5_address:[789,1,1,"c.krb5_address"],krb5_address_compare:[52,0,1,"c.krb5_address_compare"],krb5_address_order:[53,0,1,"c.krb5_address_order"],krb5_address_search:[54,0,1,"c.krb5_address_search"],krb5_addrtype:[790,1,1,"c.krb5_addrtype"],krb5_allow_weak_crypto:[55,0,1,"c.krb5_allow_weak_crypto"],krb5_aname_to_localname:[56,0,1,"c.krb5_aname_to_localname"],krb5_anonymous_principal:[57,0,1,"c.krb5_anonymous_principal"],krb5_anonymous_realm:[58,0,1,"c.krb5_anonymous_realm"],krb5_ap_rep:[791,1,1,"c.krb5_ap_rep"],krb5_ap_rep_enc_part:[792,1,1,"c.krb5_ap_rep_enc_part"],krb5_ap_req:[793,1,1,"c.krb5_ap_req"],krb5_appdefault_boolean:[59,0,1,"c.krb5_appdefault_boolean"],krb5_appdefault_string:[60,0,1,"c.krb5_appdefault_string"],krb5_auth_con_free:[61,0,1,"c.krb5_auth_con_free"],krb5_auth_con_genaddrs:[62,0,1,"c.krb5_auth_con_genaddrs"],krb5_auth_con_get_checksum_func:[63,0,1,"c.krb5_auth_con_get_checksum_func"],krb5_auth_con_getaddrs:[64,0,1,"c.krb5_auth_con_getaddrs"],krb5_auth_con_getauthenticator:[65,0,1,"c.krb5_auth_con_getauthenticator"],krb5_auth_con_getflags:[66,0,1,"c.krb5_auth_con_getflags"],krb5_auth_con_getkey:[67,0,1,"c.krb5_auth_con_getkey"],krb5_auth_con_getkey_k:[68,0,1,"c.krb5_auth_con_getkey_k"],krb5_auth_con_getlocalseqnumber:[69,0,1,"c.krb5_auth_con_getlocalseqnumber"],krb5_auth_con_getlocalsubkey:[70,0,1,"c.krb5_auth_con_getlocalsubkey"],krb5_auth_con_getrcache:[71,0,1,"c.krb5_auth_con_getrcache"],krb5_auth_con_getrecvsubkey:[72,0,1,"c.krb5_auth_con_getrecvsubkey"],krb5_auth_con_getrecvsubkey_k:[73,0,1,"c.krb5_auth_con_getrecvsubkey_k"],krb5_auth_con_getremoteseqnumber:[74,0,1,"c.krb5_auth_con_getremoteseqnumber"],krb5_auth_con_getremotesubkey:[75,0,1,"c.krb5_auth_con_getremotesubkey"],krb5_auth_con_getsendsubkey:[76,0,1,"c.krb5_auth_con_getsendsubkey"],krb5_auth_con_getsendsubkey_k:[77,0,1,"c.krb5_auth_con_getsendsubkey_k"],krb5_auth_con_init:[78,0,1,"c.krb5_auth_con_init"],krb5_auth_con_initivector:[79,0,1,"c.krb5_auth_con_initivector"],krb5_auth_con_set_checksum_func:[80,0,1,"c.krb5_auth_con_set_checksum_func"],krb5_auth_con_set_req_cksumtype:[81,0,1,"c.krb5_auth_con_set_req_cksumtype"],krb5_auth_con_setaddrs:[82,0,1,"c.krb5_auth_con_setaddrs"],krb5_auth_con_setflags:[83,0,1,"c.krb5_auth_con_setflags"],krb5_auth_con_setports:[84,0,1,"c.krb5_auth_con_setports"],krb5_auth_con_setrcache:[85,0,1,"c.krb5_auth_con_setrcache"],krb5_auth_con_setrecvsubkey:[86,0,1,"c.krb5_auth_con_setrecvsubkey"],krb5_auth_con_setrecvsubkey_k:[87,0,1,"c.krb5_auth_con_setrecvsubkey_k"],krb5_auth_con_setsendsubkey:[88,0,1,"c.krb5_auth_con_setsendsubkey"],krb5_auth_con_setsendsubkey_k:[89,0,1,"c.krb5_auth_con_setsendsubkey_k"],krb5_auth_con_setuseruserkey:[90,0,1,"c.krb5_auth_con_setuseruserkey"],krb5_auth_context:[794,1,1,"c.krb5_auth_context"],krb5_authdata:[795,1,1,"c.krb5_authdata"],krb5_authdatatype:[796,1,1,"c.krb5_authdatatype"],krb5_authenticator:[797,1,1,"c.krb5_authenticator"],krb5_boolean:[798,1,1,"c.krb5_boolean"],krb5_build_principal:[91,0,1,"c.krb5_build_principal"],krb5_build_principal_alloc_va:[92,0,1,"c.krb5_build_principal_alloc_va"],krb5_build_principal_ext:[93,0,1,"c.krb5_build_principal_ext"],krb5_build_principal_va:[94,0,1,"c.krb5_build_principal_va"],krb5_c_block_size:[95,0,1,"c.krb5_c_block_size"],krb5_c_checksum_length:[96,0,1,"c.krb5_c_checksum_length"],krb5_c_crypto_length:[97,0,1,"c.krb5_c_crypto_length"],krb5_c_crypto_length_iov:[98,0,1,"c.krb5_c_crypto_length_iov"],krb5_c_decrypt:[99,0,1,"c.krb5_c_decrypt"],krb5_c_decrypt_iov:[100,0,1,"c.krb5_c_decrypt_iov"],krb5_c_derive_prfplus:[101,0,1,"c.krb5_c_derive_prfplus"],krb5_c_encrypt:[102,0,1,"c.krb5_c_encrypt"],krb5_c_encrypt_iov:[103,0,1,"c.krb5_c_encrypt_iov"],krb5_c_encrypt_length:[104,0,1,"c.krb5_c_encrypt_length"],krb5_c_enctype_compare:[105,0,1,"c.krb5_c_enctype_compare"],krb5_c_free_state:[106,0,1,"c.krb5_c_free_state"],krb5_c_fx_cf2_simple:[107,0,1,"c.krb5_c_fx_cf2_simple"],krb5_c_init_state:[108,0,1,"c.krb5_c_init_state"],krb5_c_is_coll_proof_cksum:[109,0,1,"c.krb5_c_is_coll_proof_cksum"],krb5_c_is_keyed_cksum:[110,0,1,"c.krb5_c_is_keyed_cksum"],krb5_c_keyed_checksum_types:[111,0,1,"c.krb5_c_keyed_checksum_types"],krb5_c_keylengths:[112,0,1,"c.krb5_c_keylengths"],krb5_c_make_checksum:[113,0,1,"c.krb5_c_make_checksum"],krb5_c_make_checksum_iov:[114,0,1,"c.krb5_c_make_checksum_iov"],krb5_c_make_random_key:[115,0,1,"c.krb5_c_make_random_key"],krb5_c_padding_length:[116,0,1,"c.krb5_c_padding_length"],krb5_c_prf:[117,0,1,"c.krb5_c_prf"],krb5_c_prf_length:[118,0,1,"c.krb5_c_prf_length"],krb5_c_prfplus:[119,0,1,"c.krb5_c_prfplus"],krb5_c_random_add_entropy:[120,0,1,"c.krb5_c_random_add_entropy"],krb5_c_random_make_octets:[121,0,1,"c.krb5_c_random_make_octets"],krb5_c_random_os_entropy:[122,0,1,"c.krb5_c_random_os_entropy"],krb5_c_random_seed:[123,0,1,"c.krb5_c_random_seed"],krb5_c_random_to_key:[124,0,1,"c.krb5_c_random_to_key"],krb5_c_string_to_key:[125,0,1,"c.krb5_c_string_to_key"],krb5_c_string_to_key_with_params:[126,0,1,"c.krb5_c_string_to_key_with_params"],krb5_c_valid_cksumtype:[127,0,1,"c.krb5_c_valid_cksumtype"],krb5_c_valid_enctype:[128,0,1,"c.krb5_c_valid_enctype"],krb5_c_verify_checksum:[129,0,1,"c.krb5_c_verify_checksum"],krb5_c_verify_checksum_iov:[130,0,1,"c.krb5_c_verify_checksum_iov"],krb5_calculate_checksum:[131,0,1,"c.krb5_calculate_checksum"],krb5_cc_cache_match:[132,0,1,"c.krb5_cc_cache_match"],krb5_cc_close:[133,0,1,"c.krb5_cc_close"],krb5_cc_copy_creds:[134,0,1,"c.krb5_cc_copy_creds"],krb5_cc_cursor:[799,1,1,"c.krb5_cc_cursor"],krb5_cc_default:[135,0,1,"c.krb5_cc_default"],krb5_cc_default_name:[136,0,1,"c.krb5_cc_default_name"],krb5_cc_destroy:[137,0,1,"c.krb5_cc_destroy"],krb5_cc_dup:[138,0,1,"c.krb5_cc_dup"],krb5_cc_end_seq_get:[139,0,1,"c.krb5_cc_end_seq_get"],krb5_cc_gen_new:[140,0,1,"c.krb5_cc_gen_new"],krb5_cc_get_config:[141,0,1,"c.krb5_cc_get_config"],krb5_cc_get_flags:[142,0,1,"c.krb5_cc_get_flags"],krb5_cc_get_full_name:[143,0,1,"c.krb5_cc_get_full_name"],krb5_cc_get_name:[144,0,1,"c.krb5_cc_get_name"],krb5_cc_get_principal:[145,0,1,"c.krb5_cc_get_principal"],krb5_cc_get_type:[146,0,1,"c.krb5_cc_get_type"],krb5_cc_initialize:[147,0,1,"c.krb5_cc_initialize"],krb5_cc_move:[148,0,1,"c.krb5_cc_move"],krb5_cc_new_unique:[149,0,1,"c.krb5_cc_new_unique"],krb5_cc_next_cred:[150,0,1,"c.krb5_cc_next_cred"],krb5_cc_remove_cred:[151,0,1,"c.krb5_cc_remove_cred"],krb5_cc_resolve:[152,0,1,"c.krb5_cc_resolve"],krb5_cc_retrieve_cred:[153,0,1,"c.krb5_cc_retrieve_cred"],krb5_cc_select:[154,0,1,"c.krb5_cc_select"],krb5_cc_set_config:[155,0,1,"c.krb5_cc_set_config"],krb5_cc_set_default_name:[156,0,1,"c.krb5_cc_set_default_name"],krb5_cc_set_flags:[157,0,1,"c.krb5_cc_set_flags"],krb5_cc_start_seq_get:[158,0,1,"c.krb5_cc_start_seq_get"],krb5_cc_store_cred:[159,0,1,"c.krb5_cc_store_cred"],krb5_cc_support_switch:[160,0,1,"c.krb5_cc_support_switch"],krb5_cc_switch:[161,0,1,"c.krb5_cc_switch"],krb5_ccache:[800,1,1,"c.krb5_ccache"],krb5_cccol_cursor:[801,1,1,"c.krb5_cccol_cursor"],krb5_cccol_cursor_free:[162,0,1,"c.krb5_cccol_cursor_free"],krb5_cccol_cursor_new:[163,0,1,"c.krb5_cccol_cursor_new"],krb5_cccol_cursor_next:[164,0,1,"c.krb5_cccol_cursor_next"],krb5_cccol_have_content:[165,0,1,"c.krb5_cccol_have_content"],krb5_change_password:[166,0,1,"c.krb5_change_password"],krb5_check_clockskew:[167,0,1,"c.krb5_check_clockskew"],krb5_checksum:[802,1,1,"c.krb5_checksum"],krb5_checksum_size:[168,0,1,"c.krb5_checksum_size"],krb5_chpw_message:[169,0,1,"c.krb5_chpw_message"],krb5_cksumtype:[803,1,1,"c.krb5_cksumtype"],krb5_cksumtype_to_string:[170,0,1,"c.krb5_cksumtype_to_string"],krb5_clear_error_message:[171,0,1,"c.krb5_clear_error_message"],krb5_const:[776,3,1,""],krb5_const_pointer:[804,1,1,"c.krb5_const_pointer"],krb5_const_principal:[805,1,1,"c.krb5_const_principal"],krb5_context:[806,1,1,"c.krb5_context"],krb5_copy_addresses:[172,0,1,"c.krb5_copy_addresses"],krb5_copy_authdata:[173,0,1,"c.krb5_copy_authdata"],krb5_copy_authenticator:[174,0,1,"c.krb5_copy_authenticator"],krb5_copy_checksum:[175,0,1,"c.krb5_copy_checksum"],krb5_copy_context:[176,0,1,"c.krb5_copy_context"],krb5_copy_creds:[177,0,1,"c.krb5_copy_creds"],krb5_copy_data:[178,0,1,"c.krb5_copy_data"],krb5_copy_error_message:[179,0,1,"c.krb5_copy_error_message"],krb5_copy_keyblock:[180,0,1,"c.krb5_copy_keyblock"],krb5_copy_keyblock_contents:[181,0,1,"c.krb5_copy_keyblock_contents"],krb5_copy_principal:[182,0,1,"c.krb5_copy_principal"],krb5_copy_ticket:[183,0,1,"c.krb5_copy_ticket"],krb5_cred:[807,1,1,"c.krb5_cred"],krb5_cred_enc_part:[808,1,1,"c.krb5_cred_enc_part"],krb5_cred_info:[809,1,1,"c.krb5_cred_info"],krb5_creds:[810,1,1,"c.krb5_creds"],krb5_crypto_iov:[811,1,1,"c.krb5_crypto_iov"],krb5_cryptotype:[812,1,1,"c.krb5_cryptotype"],krb5_data:[813,1,1,"c.krb5_data"],krb5_decode_authdata_container:[184,0,1,"c.krb5_decode_authdata_container"],krb5_decode_ticket:[185,0,1,"c.krb5_decode_ticket"],krb5_decrypt:[186,0,1,"c.krb5_decrypt"],krb5_deltat:[814,1,1,"c.krb5_deltat"],krb5_deltat_to_string:[187,0,1,"c.krb5_deltat_to_string"],krb5_eblock_enctype:[188,0,1,"c.krb5_eblock_enctype"],krb5_enc_data:[815,1,1,"c.krb5_enc_data"],krb5_enc_kdc_rep_part:[816,1,1,"c.krb5_enc_kdc_rep_part"],krb5_enc_tkt_part:[817,1,1,"c.krb5_enc_tkt_part"],krb5_encode_authdata_container:[189,0,1,"c.krb5_encode_authdata_container"],krb5_encrypt:[190,0,1,"c.krb5_encrypt"],krb5_encrypt_block:[818,1,1,"c.krb5_encrypt_block"],krb5_encrypt_size:[191,0,1,"c.krb5_encrypt_size"],krb5_enctype:[819,1,1,"c.krb5_enctype"],krb5_enctype_to_name:[192,0,1,"c.krb5_enctype_to_name"],krb5_enctype_to_string:[193,0,1,"c.krb5_enctype_to_string"],krb5_error:[820,1,1,"c.krb5_error"],krb5_error_code:[821,1,1,"c.krb5_error_code"],krb5_expand_hostname:[194,0,1,"c.krb5_expand_hostname"],krb5_expire_callback_func:[822,1,1,"c.krb5_expire_callback_func"],krb5_find_authdata:[195,0,1,"c.krb5_find_authdata"],krb5_finish_key:[196,0,1,"c.krb5_finish_key"],krb5_finish_random_key:[197,0,1,"c.krb5_finish_random_key"],krb5_flags:[823,1,1,"c.krb5_flags"],krb5_free_addresses:[198,0,1,"c.krb5_free_addresses"],krb5_free_ap_rep_enc_part:[199,0,1,"c.krb5_free_ap_rep_enc_part"],krb5_free_authdata:[200,0,1,"c.krb5_free_authdata"],krb5_free_authenticator:[201,0,1,"c.krb5_free_authenticator"],krb5_free_checksum:[202,0,1,"c.krb5_free_checksum"],krb5_free_checksum_contents:[203,0,1,"c.krb5_free_checksum_contents"],krb5_free_cksumtypes:[204,0,1,"c.krb5_free_cksumtypes"],krb5_free_context:[205,0,1,"c.krb5_free_context"],krb5_free_cred_contents:[206,0,1,"c.krb5_free_cred_contents"],krb5_free_creds:[207,0,1,"c.krb5_free_creds"],krb5_free_data:[208,0,1,"c.krb5_free_data"],krb5_free_data_contents:[209,0,1,"c.krb5_free_data_contents"],krb5_free_default_realm:[210,0,1,"c.krb5_free_default_realm"],krb5_free_enctypes:[211,0,1,"c.krb5_free_enctypes"],krb5_free_error:[212,0,1,"c.krb5_free_error"],krb5_free_error_message:[213,0,1,"c.krb5_free_error_message"],krb5_free_host_realm:[214,0,1,"c.krb5_free_host_realm"],krb5_free_keyblock:[215,0,1,"c.krb5_free_keyblock"],krb5_free_keyblock_contents:[216,0,1,"c.krb5_free_keyblock_contents"],krb5_free_keytab_entry_contents:[217,0,1,"c.krb5_free_keytab_entry_contents"],krb5_free_principal:[218,0,1,"c.krb5_free_principal"],krb5_free_string:[219,0,1,"c.krb5_free_string"],krb5_free_tgt_creds:[220,0,1,"c.krb5_free_tgt_creds"],krb5_free_ticket:[221,0,1,"c.krb5_free_ticket"],krb5_free_unparsed_name:[222,0,1,"c.krb5_free_unparsed_name"],krb5_fwd_tgt_creds:[223,0,1,"c.krb5_fwd_tgt_creds"],krb5_get_credentials:[224,0,1,"c.krb5_get_credentials"],krb5_get_credentials_renew:[225,0,1,"c.krb5_get_credentials_renew"],krb5_get_credentials_validate:[226,0,1,"c.krb5_get_credentials_validate"],krb5_get_default_realm:[227,0,1,"c.krb5_get_default_realm"],krb5_get_error_message:[228,0,1,"c.krb5_get_error_message"],krb5_get_etype_info:[229,0,1,"c.krb5_get_etype_info"],krb5_get_fallback_host_realm:[230,0,1,"c.krb5_get_fallback_host_realm"],krb5_get_host_realm:[231,0,1,"c.krb5_get_host_realm"],krb5_get_in_tkt_with_keytab:[232,0,1,"c.krb5_get_in_tkt_with_keytab"],krb5_get_in_tkt_with_password:[233,0,1,"c.krb5_get_in_tkt_with_password"],krb5_get_in_tkt_with_skey:[234,0,1,"c.krb5_get_in_tkt_with_skey"],krb5_get_init_creds_keytab:[235,0,1,"c.krb5_get_init_creds_keytab"],krb5_get_init_creds_opt:[824,1,1,"c.krb5_get_init_creds_opt"],krb5_get_init_creds_opt_alloc:[236,0,1,"c.krb5_get_init_creds_opt_alloc"],krb5_get_init_creds_opt_free:[237,0,1,"c.krb5_get_init_creds_opt_free"],krb5_get_init_creds_opt_get_fast_flags:[238,0,1,"c.krb5_get_init_creds_opt_get_fast_flags"],krb5_get_init_creds_opt_init:[239,0,1,"c.krb5_get_init_creds_opt_init"],krb5_get_init_creds_opt_set_address_list:[240,0,1,"c.krb5_get_init_creds_opt_set_address_list"],krb5_get_init_creds_opt_set_anonymous:[241,0,1,"c.krb5_get_init_creds_opt_set_anonymous"],krb5_get_init_creds_opt_set_canonicalize:[242,0,1,"c.krb5_get_init_creds_opt_set_canonicalize"],krb5_get_init_creds_opt_set_change_password_prompt:[243,0,1,"c.krb5_get_init_creds_opt_set_change_password_prompt"],krb5_get_init_creds_opt_set_etype_list:[244,0,1,"c.krb5_get_init_creds_opt_set_etype_list"],krb5_get_init_creds_opt_set_expire_callback:[245,0,1,"c.krb5_get_init_creds_opt_set_expire_callback"],krb5_get_init_creds_opt_set_fast_ccache:[246,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache"],krb5_get_init_creds_opt_set_fast_ccache_name:[247,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name"],krb5_get_init_creds_opt_set_fast_flags:[248,0,1,"c.krb5_get_init_creds_opt_set_fast_flags"],krb5_get_init_creds_opt_set_forwardable:[249,0,1,"c.krb5_get_init_creds_opt_set_forwardable"],krb5_get_init_creds_opt_set_in_ccache:[250,0,1,"c.krb5_get_init_creds_opt_set_in_ccache"],krb5_get_init_creds_opt_set_out_ccache:[251,0,1,"c.krb5_get_init_creds_opt_set_out_ccache"],krb5_get_init_creds_opt_set_pa:[252,0,1,"c.krb5_get_init_creds_opt_set_pa"],krb5_get_init_creds_opt_set_pac_request:[253,0,1,"c.krb5_get_init_creds_opt_set_pac_request"],krb5_get_init_creds_opt_set_preauth_list:[254,0,1,"c.krb5_get_init_creds_opt_set_preauth_list"],krb5_get_init_creds_opt_set_proxiable:[255,0,1,"c.krb5_get_init_creds_opt_set_proxiable"],krb5_get_init_creds_opt_set_renew_life:[256,0,1,"c.krb5_get_init_creds_opt_set_renew_life"],krb5_get_init_creds_opt_set_responder:[257,0,1,"c.krb5_get_init_creds_opt_set_responder"],krb5_get_init_creds_opt_set_salt:[258,0,1,"c.krb5_get_init_creds_opt_set_salt"],krb5_get_init_creds_opt_set_tkt_life:[259,0,1,"c.krb5_get_init_creds_opt_set_tkt_life"],krb5_get_init_creds_password:[260,0,1,"c.krb5_get_init_creds_password"],krb5_get_permitted_enctypes:[261,0,1,"c.krb5_get_permitted_enctypes"],krb5_get_profile:[262,0,1,"c.krb5_get_profile"],krb5_get_prompt_types:[263,0,1,"c.krb5_get_prompt_types"],krb5_get_renewed_creds:[264,0,1,"c.krb5_get_renewed_creds"],krb5_get_server_rcache:[265,0,1,"c.krb5_get_server_rcache"],krb5_get_time_offsets:[266,0,1,"c.krb5_get_time_offsets"],krb5_get_validated_creds:[267,0,1,"c.krb5_get_validated_creds"],krb5_gic_opt_pa_data:[825,1,1,"c.krb5_gic_opt_pa_data"],krb5_init_context:[268,0,1,"c.krb5_init_context"],krb5_init_context_profile:[269,0,1,"c.krb5_init_context_profile"],krb5_init_creds_context:[826,1,1,"c.krb5_init_creds_context"],krb5_init_creds_free:[270,0,1,"c.krb5_init_creds_free"],krb5_init_creds_get:[271,0,1,"c.krb5_init_creds_get"],krb5_init_creds_get_creds:[272,0,1,"c.krb5_init_creds_get_creds"],krb5_init_creds_get_error:[273,0,1,"c.krb5_init_creds_get_error"],krb5_init_creds_get_times:[274,0,1,"c.krb5_init_creds_get_times"],krb5_init_creds_init:[275,0,1,"c.krb5_init_creds_init"],krb5_init_creds_set_keytab:[276,0,1,"c.krb5_init_creds_set_keytab"],krb5_init_creds_set_password:[277,0,1,"c.krb5_init_creds_set_password"],krb5_init_creds_set_service:[278,0,1,"c.krb5_init_creds_set_service"],krb5_init_creds_step:[279,0,1,"c.krb5_init_creds_step"],krb5_init_keyblock:[280,0,1,"c.krb5_init_keyblock"],krb5_init_random_key:[281,0,1,"c.krb5_init_random_key"],krb5_init_secure_context:[282,0,1,"c.krb5_init_secure_context"],krb5_int16:[827,1,1,"c.krb5_int16"],krb5_int32:[828,1,1,"c.krb5_int32"],krb5_is_config_principal:[283,0,1,"c.krb5_is_config_principal"],krb5_is_referral_realm:[284,0,1,"c.krb5_is_referral_realm"],krb5_is_thread_safe:[285,0,1,"c.krb5_is_thread_safe"],krb5_k_create_key:[286,0,1,"c.krb5_k_create_key"],krb5_k_decrypt:[287,0,1,"c.krb5_k_decrypt"],krb5_k_decrypt_iov:[288,0,1,"c.krb5_k_decrypt_iov"],krb5_k_encrypt:[289,0,1,"c.krb5_k_encrypt"],krb5_k_encrypt_iov:[290,0,1,"c.krb5_k_encrypt_iov"],krb5_k_free_key:[291,0,1,"c.krb5_k_free_key"],krb5_k_key_enctype:[292,0,1,"c.krb5_k_key_enctype"],krb5_k_key_keyblock:[293,0,1,"c.krb5_k_key_keyblock"],krb5_k_make_checksum:[294,0,1,"c.krb5_k_make_checksum"],krb5_k_make_checksum_iov:[295,0,1,"c.krb5_k_make_checksum_iov"],krb5_k_prf:[296,0,1,"c.krb5_k_prf"],krb5_k_reference_key:[297,0,1,"c.krb5_k_reference_key"],krb5_k_verify_checksum:[298,0,1,"c.krb5_k_verify_checksum"],krb5_k_verify_checksum_iov:[299,0,1,"c.krb5_k_verify_checksum_iov"],krb5_kdc_rep:[829,1,1,"c.krb5_kdc_rep"],krb5_kdc_req:[830,1,1,"c.krb5_kdc_req"],krb5_key:[831,1,1,"c.krb5_key"],krb5_keyblock:[832,1,1,"c.krb5_keyblock"],krb5_keytab:[833,1,1,"c.krb5_keytab"],krb5_keytab_entry:[834,1,1,"c.krb5_keytab_entry"],krb5_keyusage:[835,1,1,"c.krb5_keyusage"],krb5_kt_add_entry:[300,0,1,"c.krb5_kt_add_entry"],krb5_kt_client_default:[301,0,1,"c.krb5_kt_client_default"],krb5_kt_close:[302,0,1,"c.krb5_kt_close"],krb5_kt_cursor:[836,1,1,"c.krb5_kt_cursor"],krb5_kt_default:[303,0,1,"c.krb5_kt_default"],krb5_kt_default_name:[304,0,1,"c.krb5_kt_default_name"],krb5_kt_dup:[305,0,1,"c.krb5_kt_dup"],krb5_kt_end_seq_get:[306,0,1,"c.krb5_kt_end_seq_get"],krb5_kt_free_entry:[307,0,1,"c.krb5_kt_free_entry"],krb5_kt_get_entry:[308,0,1,"c.krb5_kt_get_entry"],krb5_kt_get_name:[309,0,1,"c.krb5_kt_get_name"],krb5_kt_get_type:[310,0,1,"c.krb5_kt_get_type"],krb5_kt_have_content:[311,0,1,"c.krb5_kt_have_content"],krb5_kt_next_entry:[312,0,1,"c.krb5_kt_next_entry"],krb5_kt_read_service_key:[313,0,1,"c.krb5_kt_read_service_key"],krb5_kt_remove_entry:[314,0,1,"c.krb5_kt_remove_entry"],krb5_kt_resolve:[315,0,1,"c.krb5_kt_resolve"],krb5_kt_start_seq_get:[316,0,1,"c.krb5_kt_start_seq_get"],krb5_kuserok:[317,0,1,"c.krb5_kuserok"],krb5_kvno:[837,1,1,"c.krb5_kvno"],krb5_last_req_entry:[838,1,1,"c.krb5_last_req_entry"],krb5_magic:[839,1,1,"c.krb5_magic"],krb5_make_authdata_kdc_issued:[318,0,1,"c.krb5_make_authdata_kdc_issued"],krb5_merge_authdata:[319,0,1,"c.krb5_merge_authdata"],krb5_mk_1cred:[320,0,1,"c.krb5_mk_1cred"],krb5_mk_error:[321,0,1,"c.krb5_mk_error"],krb5_mk_ncred:[322,0,1,"c.krb5_mk_ncred"],krb5_mk_priv:[323,0,1,"c.krb5_mk_priv"],krb5_mk_rep:[324,0,1,"c.krb5_mk_rep"],krb5_mk_rep_dce:[325,0,1,"c.krb5_mk_rep_dce"],krb5_mk_req:[326,0,1,"c.krb5_mk_req"],krb5_mk_req_checksum_func:[840,1,1,"c.krb5_mk_req_checksum_func"],krb5_mk_req_extended:[327,0,1,"c.krb5_mk_req_extended"],krb5_mk_safe:[328,0,1,"c.krb5_mk_safe"],krb5_msgtype:[841,1,1,"c.krb5_msgtype"],krb5_octet:[842,1,1,"c.krb5_octet"],krb5_os_localaddr:[329,0,1,"c.krb5_os_localaddr"],krb5_pa_data:[843,1,1,"c.krb5_pa_data"],krb5_pa_pac_req:[844,1,1,"c.krb5_pa_pac_req"],krb5_pa_server_referral_data:[845,1,1,"c.krb5_pa_server_referral_data"],krb5_pa_svr_referral_data:[846,1,1,"c.krb5_pa_svr_referral_data"],krb5_pac:[847,1,1,"c.krb5_pac"],krb5_pac_add_buffer:[330,0,1,"c.krb5_pac_add_buffer"],krb5_pac_free:[331,0,1,"c.krb5_pac_free"],krb5_pac_get_buffer:[332,0,1,"c.krb5_pac_get_buffer"],krb5_pac_get_client_info:[333,0,1,"c.krb5_pac_get_client_info"],krb5_pac_get_types:[334,0,1,"c.krb5_pac_get_types"],krb5_pac_init:[335,0,1,"c.krb5_pac_init"],krb5_pac_parse:[336,0,1,"c.krb5_pac_parse"],krb5_pac_sign:[337,0,1,"c.krb5_pac_sign"],krb5_pac_sign_ext:[338,0,1,"c.krb5_pac_sign_ext"],krb5_pac_verify:[339,0,1,"c.krb5_pac_verify"],krb5_pac_verify_ext:[340,0,1,"c.krb5_pac_verify_ext"],krb5_parse_name:[341,0,1,"c.krb5_parse_name"],krb5_parse_name_flags:[342,0,1,"c.krb5_parse_name_flags"],krb5_pointer:[848,1,1,"c.krb5_pointer"],krb5_post_recv_fn:[849,1,1,"c.krb5_post_recv_fn"],krb5_pre_send_fn:[850,1,1,"c.krb5_pre_send_fn"],krb5_preauthtype:[851,1,1,"c.krb5_preauthtype"],krb5_prepend_error_message:[343,0,1,"c.krb5_prepend_error_message"],krb5_princ_component:[777,3,1,""],krb5_princ_name:[778,3,1,""],krb5_princ_realm:[779,3,1,""],krb5_princ_set_realm:[780,3,1,""],krb5_princ_set_realm_data:[781,3,1,""],krb5_princ_set_realm_length:[782,3,1,""],krb5_princ_size:[783,3,1,""],krb5_princ_type:[784,3,1,""],krb5_principal2salt:[344,0,1,"c.krb5_principal2salt"],krb5_principal:[852,1,1,"c.krb5_principal"],krb5_principal_compare:[345,0,1,"c.krb5_principal_compare"],krb5_principal_compare_any_realm:[346,0,1,"c.krb5_principal_compare_any_realm"],krb5_principal_compare_flags:[347,0,1,"c.krb5_principal_compare_flags"],krb5_principal_data:[853,1,1,"c.krb5_principal_data"],krb5_process_key:[348,0,1,"c.krb5_process_key"],krb5_prompt:[854,1,1,"c.krb5_prompt"],krb5_prompt_type:[855,1,1,"c.krb5_prompt_type"],krb5_prompter_fct:[856,1,1,"c.krb5_prompter_fct"],krb5_prompter_posix:[349,0,1,"c.krb5_prompter_posix"],krb5_pwd_data:[857,1,1,"c.krb5_pwd_data"],krb5_random_key:[350,0,1,"c.krb5_random_key"],krb5_rcache:[858,1,1,"c.krb5_rcache"],krb5_rd_cred:[351,0,1,"c.krb5_rd_cred"],krb5_rd_error:[352,0,1,"c.krb5_rd_error"],krb5_rd_priv:[353,0,1,"c.krb5_rd_priv"],krb5_rd_rep:[354,0,1,"c.krb5_rd_rep"],krb5_rd_rep_dce:[355,0,1,"c.krb5_rd_rep_dce"],krb5_rd_req:[356,0,1,"c.krb5_rd_req"],krb5_rd_safe:[357,0,1,"c.krb5_rd_safe"],krb5_read_password:[358,0,1,"c.krb5_read_password"],krb5_realm_compare:[359,0,1,"c.krb5_realm_compare"],krb5_recvauth:[360,0,1,"c.krb5_recvauth"],krb5_recvauth_version:[361,0,1,"c.krb5_recvauth_version"],krb5_replay_data:[859,1,1,"c.krb5_replay_data"],krb5_responder_context:[860,1,1,"c.krb5_responder_context"],krb5_responder_fn:[861,1,1,"c.krb5_responder_fn"],krb5_responder_get_challenge:[362,0,1,"c.krb5_responder_get_challenge"],krb5_responder_list_questions:[363,0,1,"c.krb5_responder_list_questions"],krb5_responder_otp_challenge:[862,1,1,"c.krb5_responder_otp_challenge"],krb5_responder_otp_challenge_free:[364,0,1,"c.krb5_responder_otp_challenge_free"],krb5_responder_otp_get_challenge:[365,0,1,"c.krb5_responder_otp_get_challenge"],krb5_responder_otp_set_answer:[366,0,1,"c.krb5_responder_otp_set_answer"],krb5_responder_otp_tokeninfo:[863,1,1,"c.krb5_responder_otp_tokeninfo"],krb5_responder_pkinit_challenge:[864,1,1,"c.krb5_responder_pkinit_challenge"],krb5_responder_pkinit_challenge_free:[367,0,1,"c.krb5_responder_pkinit_challenge_free"],krb5_responder_pkinit_get_challenge:[368,0,1,"c.krb5_responder_pkinit_get_challenge"],krb5_responder_pkinit_identity:[865,1,1,"c.krb5_responder_pkinit_identity"],krb5_responder_pkinit_set_answer:[369,0,1,"c.krb5_responder_pkinit_set_answer"],krb5_responder_set_answer:[370,0,1,"c.krb5_responder_set_answer"],krb5_response:[866,1,1,"c.krb5_response"],krb5_roundup:[785,3,1,""],krb5_salttype_to_string:[371,0,1,"c.krb5_salttype_to_string"],krb5_sendauth:[372,0,1,"c.krb5_sendauth"],krb5_server_decrypt_ticket_keytab:[373,0,1,"c.krb5_server_decrypt_ticket_keytab"],krb5_set_default_realm:[374,0,1,"c.krb5_set_default_realm"],krb5_set_default_tgs_enctypes:[375,0,1,"c.krb5_set_default_tgs_enctypes"],krb5_set_error_message:[376,0,1,"c.krb5_set_error_message"],krb5_set_kdc_recv_hook:[377,0,1,"c.krb5_set_kdc_recv_hook"],krb5_set_kdc_send_hook:[378,0,1,"c.krb5_set_kdc_send_hook"],krb5_set_password:[379,0,1,"c.krb5_set_password"],krb5_set_password_using_ccache:[380,0,1,"c.krb5_set_password_using_ccache"],krb5_set_principal_realm:[381,0,1,"c.krb5_set_principal_realm"],krb5_set_real_time:[382,0,1,"c.krb5_set_real_time"],krb5_set_trace_callback:[383,0,1,"c.krb5_set_trace_callback"],krb5_set_trace_filename:[384,0,1,"c.krb5_set_trace_filename"],krb5_sname_match:[385,0,1,"c.krb5_sname_match"],krb5_sname_to_principal:[386,0,1,"c.krb5_sname_to_principal"],krb5_string_to_cksumtype:[387,0,1,"c.krb5_string_to_cksumtype"],krb5_string_to_deltat:[388,0,1,"c.krb5_string_to_deltat"],krb5_string_to_enctype:[389,0,1,"c.krb5_string_to_enctype"],krb5_string_to_key:[390,0,1,"c.krb5_string_to_key"],krb5_string_to_salttype:[391,0,1,"c.krb5_string_to_salttype"],krb5_string_to_timestamp:[392,0,1,"c.krb5_string_to_timestamp"],krb5_ticket:[867,1,1,"c.krb5_ticket"],krb5_ticket_times:[868,1,1,"c.krb5_ticket_times"],krb5_timeofday:[393,0,1,"c.krb5_timeofday"],krb5_timestamp:[869,1,1,"c.krb5_timestamp"],krb5_timestamp_to_sfstring:[394,0,1,"c.krb5_timestamp_to_sfstring"],krb5_timestamp_to_string:[395,0,1,"c.krb5_timestamp_to_string"],krb5_tkt_authent:[870,1,1,"c.krb5_tkt_authent"],krb5_tkt_creds_context:[871,1,1,"c.krb5_tkt_creds_context"],krb5_tkt_creds_free:[396,0,1,"c.krb5_tkt_creds_free"],krb5_tkt_creds_get:[397,0,1,"c.krb5_tkt_creds_get"],krb5_tkt_creds_get_creds:[398,0,1,"c.krb5_tkt_creds_get_creds"],krb5_tkt_creds_get_times:[399,0,1,"c.krb5_tkt_creds_get_times"],krb5_tkt_creds_init:[400,0,1,"c.krb5_tkt_creds_init"],krb5_tkt_creds_step:[401,0,1,"c.krb5_tkt_creds_step"],krb5_trace_callback:[872,1,1,"c.krb5_trace_callback"],krb5_trace_info:[873,1,1,"c.krb5_trace_info"],krb5_transited:[874,1,1,"c.krb5_transited"],krb5_typed_data:[875,1,1,"c.krb5_typed_data"],krb5_ui_2:[876,1,1,"c.krb5_ui_2"],krb5_ui_4:[877,1,1,"c.krb5_ui_4"],krb5_unparse_name:[402,0,1,"c.krb5_unparse_name"],krb5_unparse_name_ext:[403,0,1,"c.krb5_unparse_name_ext"],krb5_unparse_name_flags:[404,0,1,"c.krb5_unparse_name_flags"],krb5_unparse_name_flags_ext:[405,0,1,"c.krb5_unparse_name_flags_ext"],krb5_us_timeofday:[406,0,1,"c.krb5_us_timeofday"],krb5_use_enctype:[407,0,1,"c.krb5_use_enctype"],krb5_verify_authdata_kdc_issued:[408,0,1,"c.krb5_verify_authdata_kdc_issued"],krb5_verify_checksum:[409,0,1,"c.krb5_verify_checksum"],krb5_verify_init_creds:[410,0,1,"c.krb5_verify_init_creds"],krb5_verify_init_creds_opt:[878,1,1,"c.krb5_verify_init_creds_opt"],krb5_verify_init_creds_opt_init:[411,0,1,"c.krb5_verify_init_creds_opt_init"],krb5_verify_init_creds_opt_set_ap_req_nofail:[412,0,1,"c.krb5_verify_init_creds_opt_set_ap_req_nofail"],krb5_vprepend_error_message:[413,0,1,"c.krb5_vprepend_error_message"],krb5_vset_error_message:[414,0,1,"c.krb5_vset_error_message"],krb5_vwrap_error_message:[415,0,1,"c.krb5_vwrap_error_message"],krb5_wrap_error_message:[416,0,1,"c.krb5_wrap_error_message"],krb5_x:[786,3,1,""],krb5_xc:[787,3,1,""],passwd_phrase_element:[879,1,1,"c.passwd_phrase_element"]},krb5_address:{addrtype:[789,2,1,"c.krb5_address.addrtype"],contents:[789,2,1,"c.krb5_address.contents"],length:[789,2,1,"c.krb5_address.length"],magic:[789,2,1,"c.krb5_address.magic"]},krb5_ap_rep:{enc_part:[791,2,1,"c.krb5_ap_rep.enc_part"],magic:[791,2,1,"c.krb5_ap_rep.magic"]},krb5_ap_rep_enc_part:{ctime:[792,2,1,"c.krb5_ap_rep_enc_part.ctime"],cusec:[792,2,1,"c.krb5_ap_rep_enc_part.cusec"],magic:[792,2,1,"c.krb5_ap_rep_enc_part.magic"],seq_number:[792,2,1,"c.krb5_ap_rep_enc_part.seq_number"],subkey:[792,2,1,"c.krb5_ap_rep_enc_part.subkey"]},krb5_ap_req:{ap_options:[793,2,1,"c.krb5_ap_req.ap_options"],authenticator:[793,2,1,"c.krb5_ap_req.authenticator"],magic:[793,2,1,"c.krb5_ap_req.magic"],ticket:[793,2,1,"c.krb5_ap_req.ticket"]},krb5_authdata:{ad_type:[795,2,1,"c.krb5_authdata.ad_type"],contents:[795,2,1,"c.krb5_authdata.contents"],length:[795,2,1,"c.krb5_authdata.length"],magic:[795,2,1,"c.krb5_authdata.magic"]},krb5_authenticator:{authorization_data:[797,2,1,"c.krb5_authenticator.authorization_data"],checksum:[797,2,1,"c.krb5_authenticator.checksum"],client:[797,2,1,"c.krb5_authenticator.client"],ctime:[797,2,1,"c.krb5_authenticator.ctime"],cusec:[797,2,1,"c.krb5_authenticator.cusec"],magic:[797,2,1,"c.krb5_authenticator.magic"],seq_number:[797,2,1,"c.krb5_authenticator.seq_number"],subkey:[797,2,1,"c.krb5_authenticator.subkey"]},krb5_checksum:{checksum_type:[802,2,1,"c.krb5_checksum.checksum_type"],contents:[802,2,1,"c.krb5_checksum.contents"],length:[802,2,1,"c.krb5_checksum.length"],magic:[802,2,1,"c.krb5_checksum.magic"]},krb5_const_principal:{data:[805,2,1,"c.krb5_const_principal.data"],length:[805,2,1,"c.krb5_const_principal.length"],magic:[805,2,1,"c.krb5_const_principal.magic"],realm:[805,2,1,"c.krb5_const_principal.realm"],type:[805,2,1,"c.krb5_const_principal.type"]},krb5_cred:{enc_part2:[807,2,1,"c.krb5_cred.enc_part2"],enc_part:[807,2,1,"c.krb5_cred.enc_part"],magic:[807,2,1,"c.krb5_cred.magic"],tickets:[807,2,1,"c.krb5_cred.tickets"]},krb5_cred_enc_part:{magic:[808,2,1,"c.krb5_cred_enc_part.magic"],nonce:[808,2,1,"c.krb5_cred_enc_part.nonce"],r_address:[808,2,1,"c.krb5_cred_enc_part.r_address"],s_address:[808,2,1,"c.krb5_cred_enc_part.s_address"],ticket_info:[808,2,1,"c.krb5_cred_enc_part.ticket_info"],timestamp:[808,2,1,"c.krb5_cred_enc_part.timestamp"],usec:[808,2,1,"c.krb5_cred_enc_part.usec"]},krb5_cred_info:{caddrs:[809,2,1,"c.krb5_cred_info.caddrs"],client:[809,2,1,"c.krb5_cred_info.client"],flags:[809,2,1,"c.krb5_cred_info.flags"],magic:[809,2,1,"c.krb5_cred_info.magic"],server:[809,2,1,"c.krb5_cred_info.server"],session:[809,2,1,"c.krb5_cred_info.session"],times:[809,2,1,"c.krb5_cred_info.times"]},krb5_creds:{addresses:[810,2,1,"c.krb5_creds.addresses"],authdata:[810,2,1,"c.krb5_creds.authdata"],client:[810,2,1,"c.krb5_creds.client"],is_skey:[810,2,1,"c.krb5_creds.is_skey"],keyblock:[810,2,1,"c.krb5_creds.keyblock"],magic:[810,2,1,"c.krb5_creds.magic"],second_ticket:[810,2,1,"c.krb5_creds.second_ticket"],server:[810,2,1,"c.krb5_creds.server"],ticket:[810,2,1,"c.krb5_creds.ticket"],ticket_flags:[810,2,1,"c.krb5_creds.ticket_flags"],times:[810,2,1,"c.krb5_creds.times"]},krb5_crypto_iov:{data:[811,2,1,"c.krb5_crypto_iov.data"],flags:[811,2,1,"c.krb5_crypto_iov.flags"]},krb5_data:{data:[813,2,1,"c.krb5_data.data"],length:[813,2,1,"c.krb5_data.length"],magic:[813,2,1,"c.krb5_data.magic"]},krb5_enc_data:{ciphertext:[815,2,1,"c.krb5_enc_data.ciphertext"],enctype:[815,2,1,"c.krb5_enc_data.enctype"],kvno:[815,2,1,"c.krb5_enc_data.kvno"],magic:[815,2,1,"c.krb5_enc_data.magic"]},krb5_enc_kdc_rep_part:{caddrs:[816,2,1,"c.krb5_enc_kdc_rep_part.caddrs"],enc_padata:[816,2,1,"c.krb5_enc_kdc_rep_part.enc_padata"],flags:[816,2,1,"c.krb5_enc_kdc_rep_part.flags"],key_exp:[816,2,1,"c.krb5_enc_kdc_rep_part.key_exp"],last_req:[816,2,1,"c.krb5_enc_kdc_rep_part.last_req"],magic:[816,2,1,"c.krb5_enc_kdc_rep_part.magic"],msg_type:[816,2,1,"c.krb5_enc_kdc_rep_part.msg_type"],nonce:[816,2,1,"c.krb5_enc_kdc_rep_part.nonce"],server:[816,2,1,"c.krb5_enc_kdc_rep_part.server"],session:[816,2,1,"c.krb5_enc_kdc_rep_part.session"],times:[816,2,1,"c.krb5_enc_kdc_rep_part.times"]},krb5_enc_tkt_part:{authorization_data:[817,2,1,"c.krb5_enc_tkt_part.authorization_data"],caddrs:[817,2,1,"c.krb5_enc_tkt_part.caddrs"],client:[817,2,1,"c.krb5_enc_tkt_part.client"],flags:[817,2,1,"c.krb5_enc_tkt_part.flags"],magic:[817,2,1,"c.krb5_enc_tkt_part.magic"],session:[817,2,1,"c.krb5_enc_tkt_part.session"],times:[817,2,1,"c.krb5_enc_tkt_part.times"],transited:[817,2,1,"c.krb5_enc_tkt_part.transited"]},krb5_encrypt_block:{crypto_entry:[818,2,1,"c.krb5_encrypt_block.crypto_entry"],key:[818,2,1,"c.krb5_encrypt_block.key"],magic:[818,2,1,"c.krb5_encrypt_block.magic"]},krb5_error:{client:[820,2,1,"c.krb5_error.client"],ctime:[820,2,1,"c.krb5_error.ctime"],cusec:[820,2,1,"c.krb5_error.cusec"],e_data:[820,2,1,"c.krb5_error.e_data"],error:[820,2,1,"c.krb5_error.error"],magic:[820,2,1,"c.krb5_error.magic"],server:[820,2,1,"c.krb5_error.server"],stime:[820,2,1,"c.krb5_error.stime"],susec:[820,2,1,"c.krb5_error.susec"],text:[820,2,1,"c.krb5_error.text"]},krb5_get_init_creds_opt:{address_list:[824,2,1,"c.krb5_get_init_creds_opt.address_list"],etype_list:[824,2,1,"c.krb5_get_init_creds_opt.etype_list"],etype_list_length:[824,2,1,"c.krb5_get_init_creds_opt.etype_list_length"],flags:[824,2,1,"c.krb5_get_init_creds_opt.flags"],forwardable:[824,2,1,"c.krb5_get_init_creds_opt.forwardable"],preauth_list:[824,2,1,"c.krb5_get_init_creds_opt.preauth_list"],preauth_list_length:[824,2,1,"c.krb5_get_init_creds_opt.preauth_list_length"],proxiable:[824,2,1,"c.krb5_get_init_creds_opt.proxiable"],renew_life:[824,2,1,"c.krb5_get_init_creds_opt.renew_life"],salt:[824,2,1,"c.krb5_get_init_creds_opt.salt"],tkt_life:[824,2,1,"c.krb5_get_init_creds_opt.tkt_life"]},krb5_gic_opt_pa_data:{attr:[825,2,1,"c.krb5_gic_opt_pa_data.attr"],value:[825,2,1,"c.krb5_gic_opt_pa_data.value"]},krb5_kdc_rep:{client:[829,2,1,"c.krb5_kdc_rep.client"],enc_part2:[829,2,1,"c.krb5_kdc_rep.enc_part2"],enc_part:[829,2,1,"c.krb5_kdc_rep.enc_part"],magic:[829,2,1,"c.krb5_kdc_rep.magic"],msg_type:[829,2,1,"c.krb5_kdc_rep.msg_type"],padata:[829,2,1,"c.krb5_kdc_rep.padata"],ticket:[829,2,1,"c.krb5_kdc_rep.ticket"]},krb5_kdc_req:{addresses:[830,2,1,"c.krb5_kdc_req.addresses"],authorization_data:[830,2,1,"c.krb5_kdc_req.authorization_data"],client:[830,2,1,"c.krb5_kdc_req.client"],from:[830,2,1,"c.krb5_kdc_req.from"],kdc_options:[830,2,1,"c.krb5_kdc_req.kdc_options"],ktype:[830,2,1,"c.krb5_kdc_req.ktype"],magic:[830,2,1,"c.krb5_kdc_req.magic"],msg_type:[830,2,1,"c.krb5_kdc_req.msg_type"],nktypes:[830,2,1,"c.krb5_kdc_req.nktypes"],nonce:[830,2,1,"c.krb5_kdc_req.nonce"],padata:[830,2,1,"c.krb5_kdc_req.padata"],rtime:[830,2,1,"c.krb5_kdc_req.rtime"],second_ticket:[830,2,1,"c.krb5_kdc_req.second_ticket"],server:[830,2,1,"c.krb5_kdc_req.server"],till:[830,2,1,"c.krb5_kdc_req.till"],unenc_authdata:[830,2,1,"c.krb5_kdc_req.unenc_authdata"]},krb5_keyblock:{contents:[832,2,1,"c.krb5_keyblock.contents"],enctype:[832,2,1,"c.krb5_keyblock.enctype"],length:[832,2,1,"c.krb5_keyblock.length"],magic:[832,2,1,"c.krb5_keyblock.magic"]},krb5_keytab_entry:{key:[834,2,1,"c.krb5_keytab_entry.key"],magic:[834,2,1,"c.krb5_keytab_entry.magic"],principal:[834,2,1,"c.krb5_keytab_entry.principal"],timestamp:[834,2,1,"c.krb5_keytab_entry.timestamp"],vno:[834,2,1,"c.krb5_keytab_entry.vno"]},krb5_last_req_entry:{lr_type:[838,2,1,"c.krb5_last_req_entry.lr_type"],magic:[838,2,1,"c.krb5_last_req_entry.magic"],value:[838,2,1,"c.krb5_last_req_entry.value"]},krb5_pa_data:{contents:[843,2,1,"c.krb5_pa_data.contents"],length:[843,2,1,"c.krb5_pa_data.length"],magic:[843,2,1,"c.krb5_pa_data.magic"],pa_type:[843,2,1,"c.krb5_pa_data.pa_type"]},krb5_pa_pac_req:{include_pac:[844,2,1,"c.krb5_pa_pac_req.include_pac"]},krb5_pa_server_referral_data:{referral_valid_until:[845,2,1,"c.krb5_pa_server_referral_data.referral_valid_until"],referred_realm:[845,2,1,"c.krb5_pa_server_referral_data.referred_realm"],rep_cksum:[845,2,1,"c.krb5_pa_server_referral_data.rep_cksum"],requested_principal_name:[845,2,1,"c.krb5_pa_server_referral_data.requested_principal_name"],true_principal_name:[845,2,1,"c.krb5_pa_server_referral_data.true_principal_name"]},krb5_pa_svr_referral_data:{principal:[846,2,1,"c.krb5_pa_svr_referral_data.principal"]},krb5_principal:{data:[852,2,1,"c.krb5_principal.data"],length:[852,2,1,"c.krb5_principal.length"],magic:[852,2,1,"c.krb5_principal.magic"],realm:[852,2,1,"c.krb5_principal.realm"],type:[852,2,1,"c.krb5_principal.type"]},krb5_principal_data:{data:[853,2,1,"c.krb5_principal_data.data"],length:[853,2,1,"c.krb5_principal_data.length"],magic:[853,2,1,"c.krb5_principal_data.magic"],realm:[853,2,1,"c.krb5_principal_data.realm"],type:[853,2,1,"c.krb5_principal_data.type"]},krb5_prompt:{hidden:[854,2,1,"c.krb5_prompt.hidden"],prompt:[854,2,1,"c.krb5_prompt.prompt"],reply:[854,2,1,"c.krb5_prompt.reply"]},krb5_pwd_data:{element:[857,2,1,"c.krb5_pwd_data.element"],magic:[857,2,1,"c.krb5_pwd_data.magic"],sequence_count:[857,2,1,"c.krb5_pwd_data.sequence_count"]},krb5_replay_data:{seq:[859,2,1,"c.krb5_replay_data.seq"],timestamp:[859,2,1,"c.krb5_replay_data.timestamp"],usec:[859,2,1,"c.krb5_replay_data.usec"]},krb5_responder_otp_challenge:{service:[862,2,1,"c.krb5_responder_otp_challenge.service"],tokeninfo:[862,2,1,"c.krb5_responder_otp_challenge.tokeninfo"]},krb5_responder_otp_tokeninfo:{alg_id:[863,2,1,"c.krb5_responder_otp_tokeninfo.alg_id"],challenge:[863,2,1,"c.krb5_responder_otp_tokeninfo.challenge"],flags:[863,2,1,"c.krb5_responder_otp_tokeninfo.flags"],format:[863,2,1,"c.krb5_responder_otp_tokeninfo.format"],length:[863,2,1,"c.krb5_responder_otp_tokeninfo.length"],token_id:[863,2,1,"c.krb5_responder_otp_tokeninfo.token_id"],vendor:[863,2,1,"c.krb5_responder_otp_tokeninfo.vendor"]},krb5_responder_pkinit_challenge:{identities:[864,2,1,"c.krb5_responder_pkinit_challenge.identities"]},krb5_responder_pkinit_identity:{identity:[865,2,1,"c.krb5_responder_pkinit_identity.identity"],token_flags:[865,2,1,"c.krb5_responder_pkinit_identity.token_flags"]},krb5_response:{expected_nonce:[866,2,1,"c.krb5_response.expected_nonce"],magic:[866,2,1,"c.krb5_response.magic"],message_type:[866,2,1,"c.krb5_response.message_type"],request_time:[866,2,1,"c.krb5_response.request_time"],response:[866,2,1,"c.krb5_response.response"]},krb5_ticket:{enc_part2:[867,2,1,"c.krb5_ticket.enc_part2"],enc_part:[867,2,1,"c.krb5_ticket.enc_part"],magic:[867,2,1,"c.krb5_ticket.magic"],server:[867,2,1,"c.krb5_ticket.server"]},krb5_ticket_times:{authtime:[868,2,1,"c.krb5_ticket_times.authtime"],endtime:[868,2,1,"c.krb5_ticket_times.endtime"],renew_till:[868,2,1,"c.krb5_ticket_times.renew_till"],starttime:[868,2,1,"c.krb5_ticket_times.starttime"]},krb5_tkt_authent:{ap_options:[870,2,1,"c.krb5_tkt_authent.ap_options"],authenticator:[870,2,1,"c.krb5_tkt_authent.authenticator"],magic:[870,2,1,"c.krb5_tkt_authent.magic"],ticket:[870,2,1,"c.krb5_tkt_authent.ticket"]},krb5_trace_info:{message:[873,2,1,"c.krb5_trace_info.message"]},krb5_transited:{magic:[874,2,1,"c.krb5_transited.magic"],tr_contents:[874,2,1,"c.krb5_transited.tr_contents"],tr_type:[874,2,1,"c.krb5_transited.tr_type"]},krb5_typed_data:{data:[875,2,1,"c.krb5_typed_data.data"],length:[875,2,1,"c.krb5_typed_data.length"],magic:[875,2,1,"c.krb5_typed_data.magic"],type:[875,2,1,"c.krb5_typed_data.type"]},krb5_verify_init_creds_opt:{ap_req_nofail:[878,2,1,"c.krb5_verify_init_creds_opt.ap_req_nofail"],flags:[878,2,1,"c.krb5_verify_init_creds_opt.flags"]},passwd_phrase_element:{magic:[879,2,1,"c.passwd_phrase_element.magic"],passwd:[879,2,1,"c.passwd_phrase_element.passwd"],phrase:[879,2,1,"c.passwd_phrase_element.phrase"]}},objnames:{"0":["c","function","C function"],"1":["c","type","C type"],"2":["c","member","C member"],"3":["py","data","Python data"]},objtypes:{"0":"c:function","1":"c:type","2":"c:member","3":"py:data"},terms:{"01am":23,"05pm":882,"0x0000":473,"0x00000001":[436,493,516,517,736,739],"0x00000002":[432,489,519,523,733,738],"0x00000004":[515,518,731],"0x00000008":[483,520,522,737],"0x00000010":[21,491,521,732],"0x00000020":[482,524,730],"0x00000040":735,"0x00000080":729,"0x00000100":734,"0x00000200":740,"0x00008000":[492,756],"0x0001":[440,466,538,556,710,713,746],"0x00010000":[480,757],"0x0002":[421,450,467,554,709,712],"0x00020000":481,"0x0003":[451,468],"0x0004":[441,469,551,714],"0x00040000":764,"0x0005":[419,464],"0x0006":[427,463],"0x0007":[424,452],"0x0008":[453,470,553,715],"0x00080000":770,"0x0009":[449,471],"0x000a":472,"0x000b":477,"0x000c":[445,474],"0x000d":475,"0x000e":476,"0x000f":[443,462],"0x0010":[420,444,465,550],"0x00100000":760,"0x0011":[438,454],"0x0012":[439,456],"0x0013":[446,455],"0x0014":[426,447,457],"0x0017":458,"0x0018":[422,459],"0x0019":460,"0x001a":461,"0x0020":546,"0x00200000":766,"0x0040":552,"0x00400000":761,"0x0080":555,"0x00800000":[490,769],"0x0100":[418,549],"0x01000000":762,"0x0101":423,"0x01ff":478,"0x0200":548,"0x02000000":[486,765],"0x0400":547,"0x04000000":[479,763],"0x08000000":[488,768],"0x1":[558,559,697,701,705,745],"0x10000000":[487,767],"0x1fff":429,"0x2":[557,698,700,703],"0x2000":430,"0x20000000":[433,485,726,759],"0x3":704,"0x4":[695,699,706],"0x4000":428,"0x40000000":[435,484,727,758],"0x54800000":494,"0x7fff":[748,752],"0x8":696,"0x8000":[425,431,749,751],"0x80000000":[434,728],"0xfffffff0":437,"10d":882,"12h":[20,34],"1foo":21,"30m":882,"3de":14,"3h30m":923,"5h30m":926,"76cho3000":903,"8h30":882,"abstract":[904,906,912,913,915,919],"boolean":[6,20,23,36,48,55,854,878],"break":[32,886,890],"byte":[20,43,46,48,99,104,287,309,894,895,896,898,899,908],"case":[2,3,6,11,14,19,20,21,23,24,28,39,43,46,195,245,280,322,327,347,356,372,386,412,691,881,882,884,903,906,907,911,915,916,928,930,935,937],"char":[43,46,49,50,56,59,60,91,92,93,94,107,136,141,143,144,146,149,152,155,156,160,166,169,170,187,192,193,194,210,213,214,219,222,223,227,228,230,231,233,235,247,252,260,264,267,277,278,304,309,310,315,317,326,333,341,342,343,349,358,360,362,363,366,369,370,371,372,374,376,379,380,381,384,386,387,388,389,391,392,394,395,402,403,404,405,413,414,415,416,787,813,825,854,856,862,863,865,873,918],"class":[3,23,928],"const":[43,49,52,53,54,58,59,60,91,92,93,94,99,100,101,102,103,106,107,108,113,114,117,119,120,125,126,129,130,136,141,144,146,149,152,155,156,160,166,169,172,173,174,175,177,178,180,181,183,184,185,188,189,194,195,197,213,214,223,228,231,232,233,234,235,247,252,260,264,265,267,277,278,281,284,286,287,288,289,290,294,298,299,310,315,317,318,319,321,323,326,328,330,333,336,337,338,339,340,341,342,343,348,349,350,352,353,354,355,356,357,358,362,363,366,369,370,373,374,375,376,379,380,381,384,386,390,408,409,413,414,415,416,776,804,805,849,850,856,872,873,918],"default":[2,3,4,5,6,7,8,10,11,12,15,19,20,21,22,23,24,26,29,30,32,33,34,35,37,38,39,40,41,43,44,46,48,59,60,78,132,147,148,154,223,229,243,253,265,269,275,278,313,315,342,356,372,380,410,882,889,890,891,892,894,902,907,908,909,923,925,926,927,929,930,931,932,936,937],"export":[20,34,902,903,907,908,917,918],"final":[19,21,112,158,888,895,899],"function":[3,6,14,23,25,29,34,35,43,46,48,49,50,55,57,58,59,60,61,62,67,68,69,71,72,73,74,76,77,78,81,82,84,85,86,87,88,89,92,93,99,100,101,102,103,104,105,107,113,114,116,117,119,122,124,125,126,129,130,133,136,137,139,148,150,151,153,156,157,158,159,167,169,171,172,173,174,175,177,178,180,181,182,183,192,194,195,198,199,200,201,202,203,205,206,207,208,209,212,215,216,221,228,235,236,241,245,246,252,254,258,260,261,262,264,265,266,267,271,272,275,276,277,278,279,287,288,289,290,294,295,296,298,299,306,308,318,320,321,322,323,324,326,327,328,330,331,337,338,339,340,342,349,352,353,354,355,356,357,358,365,368,370,373,375,379,380,382,384,386,393,397,398,400,401,403,404,406,408,410,412,413,415,840,849,850,854,856,861,887,888,902,903,906,907,908,911,914,915,917,918],"goto":46,"h\u00f6gskola":903,"import":[5,6,14,15,17,19,21,23,34,35,902,908,922],"int":[43,51,53,56,59,62,91,92,93,94,97,111,116,120,122,166,223,241,242,243,244,249,254,255,279,304,309,342,347,349,358,379,380,401,403,404,405,412,789,795,798,802,813,824,830,832,837,841,843,854,856,857,875,878,907],"long":[3,14,15,23,25,26,37,38,39,41,43,99,287,362,363,723,750,881,884,902,903,906,915,918,932],"new":[2,3,6,14,15,20,21,23,24,26,34,35,37,41,43,48,87,89,129,132,138,143,154,160,163,165,166,167,169,172,173,174,175,176,177,178,180,182,183,192,194,195,211,219,229,235,243,245,246,250,253,257,260,262,269,275,280,298,301,305,311,324,327,335,337,338,340,341,342,356,362,363,364,365,366,367,368,369,370,377,378,379,380,383,384,396,397,398,399,400,401,403,703,704,881,885,899,902,903,907,908,911,912,915,922,923,926,928,937],"null":[19,20,21,43,44,46,48,54,64,92,99,100,102,103,107,113,129,136,141,154,155,156,164,173,195,198,200,220,223,224,228,230,231,235,240,260,264,267,269,273,275,287,288,289,290,294,298,313,319,320,322,323,326,327,328,329,337,338,339,340,341,351,353,356,357,358,360,361,362,363,366,369,372,374,377,378,379,380,383,385,386,394,403,404,405,408,410,777,902,907,916,918,937],"public":[21,40,903,911,912,913,914],"return":[3,8,9,12,20,21,22,23,38,43,46,48,50,52,54,56,57,59,60,69,74,91,92,93,100,103,109,110,119,127,128,133,135,137,141,142,144,145,146,147,148,149,151,152,153,154,155,156,159,161,169,176,189,192,214,223,224,227,228,229,231,235,260,262,263,264,267,268,271,279,282,283,284,288,290,300,301,303,304,306,308,309,312,313,314,315,316,318,320,322,327,337,341,342,349,352,358,362,363,365,368,372,374,375,377,379,380,381,383,385,386,393,395,397,401,402,403,404,405,406,408,410,412,715,849,850,890,902,904,905,906,907,908,909,912,913,915,916,917,918,919,926,930],"short":[14,19,21,41,304,884],"static":[46,907,918],"switch":[14,28,31,48,161,881],"true":[9,14,20,21,22,23,24,25,26,33,35,36,37,38,40,41,43,52,54,105,109,110,127,128,160,192,245,283,284,285,317,338,340,345,346,347,359,385,412,797,810,844,936],"try":[21,25,32,35,38,39,41,43,890,902,922,930],"var":[5,8,20,21,23,34,37,885,890,891,901,937],"void":[43,46,57,58,59,60,63,80,171,179,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,215,216,218,219,220,221,222,237,239,240,241,242,243,244,245,249,254,255,256,257,258,259,260,270,275,285,291,297,331,336,343,349,364,367,376,377,378,383,396,411,412,413,414,415,416,804,822,840,848,849,850,856,861,872,917,918],"while":[3,12,14,15,16,20,21,23,24,34,35,43,46,881,888,907,922,923,930,937],AES:[14,15,20,25,890,902,903],AFS:14,AND:903,ARE:903,Adding:[17,32,34,894],Are:[3,23],BUT:903,But:885,CCS:903,CMS:[462,471,472,474,475,476,477],CTS:[14,20,902],DES:[13,20,26,41,462,902],DNS:[21,25,30,33,34,39,44,330,650,890,902],DNs:[5,22,23],Dis:19,Doing:889,FOR:903,For:[3,10,14,16,17,18,19,20,21,22,23,24,26,28,32,33,34,35,36,37,38,39,43,46,99,100,103,142,287,288,290,722,880,881,885,888,889,890,894,895,899,900,901,902,904,905,906,907,908,909,911,912,913,914,915,916,917,918,919,920,922,923,926,929,930,935,937],HAS:903,His:19,ITS:[42,903],Its:[20,21,894],NFS:922,NOT:[5,23,34,903],Not:[20,21,44,51,151,608,881],ONE:[5,23],ORed:151,One:[3,20,23,34,36,38,43,339,881,882,922,923,936],SUCH:903,Such:[14,37,39,46],TGS:[3,20,21,23,25,26,35,48,224,400,743,844,902,914],THAT:903,THE:903,TLS:[22,29],That:[21,888],The:[0,3,4,5,6,7,8,9,10,11,12,15,19,20,21,22,23,24,25,26,28,29,31,33,34,35,37,38,39,40,41,43,46,53,62,69,71,74,78,80,93,99,100,102,103,113,117,119,121,125,126,129,135,136,138,144,146,148,153,165,166,173,176,189,198,200,217,220,224,228,229,245,248,252,262,268,274,282,286,287,288,289,290,294,296,298,303,305,310,313,318,319,322,323,328,330,341,342,343,351,353,356,357,362,363,364,365,366,367,368,369,370,373,377,378,379,380,386,395,399,400,402,403,404,408,410,416,612,714,722,724,729,730,733,734,736,740,791,797,811,821,834,849,850,854,860,867,880,881,882,884,885,886,887,888,889,890,891,892,894,895,896,898,899,901,902,903,904,905,906,907,908,909,911,912,913,914,915,916,917,918,919,920,922,923,925,926,928,930,932,934,935,936,937],Then:[3,6,17,23,24,34,926],There:[20,21,23,34,35,881,888,890,891,894,898,923],These:[14,16,20,21,23,34,35,37,39,43,717,888,894,902,903,906,908,911,935,937],UCS:902,USE:903,Use:[3,15,22,23,46,49,65,66,67,68,72,73,76,77,78,83,92,111,115,132,141,143,145,150,153,154,163,164,169,172,173,174,175,177,178,180,181,182,183,194,195,224,227,229,230,231,236,239,261,265,269,272,275,280,286,307,308,313,315,316,319,321,322,323,324,325,326,327,328,329,332,335,336,337,341,342,351,352,353,354,356,357,360,372,386,398,400,402,404,435,557,558,821,831,888,890,902,911,925,930],Used:[443,444,592,593,821,880,930],Uses:[2,3,15,21,23],Using:[3,6,14,23,25,38,40,922],WILL:903,WITH:903,With:[0,3,6,15,22,23,39,936],_kerbero:39,_kpasswd:39,_krb5_address:789,_krb5_ap_rep:[791,792],_krb5_ap_rep_enc_part:792,_krb5_ap_req:793,_krb5_auth_context:794,_krb5_authdata:795,_krb5_authent:797,_krb5_ccach:800,_krb5_cccol_cursor:801,_krb5_checksum:802,_krb5_context:[135,156,806],_krb5_cred:[807,810],_krb5_cred_enc_part:808,_krb5_cred_info:809,_krb5_crypto_iov:811,_krb5_data:813,_krb5_enc_data:815,_krb5_enc_kdc_rep_part:816,_krb5_enc_tkt_part:817,_krb5_encrypt_block:818,_krb5_error:820,_krb5_get_init_cr:824,_krb5_get_init_creds_opt:824,_krb5_gic_opt_pa_data:825,_krb5_init_creds_context:826,_krb5_kdc_rep:829,_krb5_kdc_req:830,_krb5_keyblock:832,_krb5_kt:833,_krb5_last_req_entri:838,_krb5_pa_data:843,_krb5_pa_pac_req:844,_krb5_pa_server_referral_data:845,_krb5_pa_svr_referral_data:846,_krb5_prompt:854,_krb5_pwd_data:857,_krb5_responder_otp_challeng:862,_krb5_responder_otp_tokeninfo:863,_krb5_responder_pkinit_challeng:864,_krb5_responder_pkinit_ident:865,_krb5_respons:866,_krb5_ticket:867,_krb5_ticket_tim:868,_krb5_tkt_authent:870,_krb5_tkt_creds_context:871,_krb5_trace_info:873,_krb5_transit:874,_krb5_typed_data:875,_krb5_verify_init_creds_opt:878,_passwd_phrase_el:879,_profile_t:[262,269],_tcp:39,_udp:39,abbrevi:[888,927],abc:[890,937],abi:869,abil:[14,365,368,936],abl:[15,16,19,20,21,23,25,29,34,35,39,881,886,922,923,930],abort:[786,787,917],about:[0,14,19,20,22,26,31,39,41,46,251,885,888,890,892,902,903,906,915,920,923,926,937],abov:[6,14,19,21,22,23,25,26,32,34,37,41,43,46,885,890,894,903,907,908,909,923,930],absenc:[20,46],absent:926,absolut:[20,21,880,884,888],ac02:903,acceler:903,accept:[3,4,8,14,15,16,20,21,23,26,34,38,39,41,151,386,882,884,888,902,903,904,908,917,918,923,926],acceptor:[902,927],acceptor_cred_handl:43,access:[3,4,8,9,14,15,17,18,19,20,21,22,23,24,25,26,28,29,32,33,34,35,37,39,43,46,881,886,888,896,899,902,906,911,912,914,915,916,921,923,929,930,935,936],accommod:[46,885],accomplish:23,accord:[3,19,21,23,36,154,167,894,895,901,908,930,932],accordingli:888,account:[20,21,23,24,25,28,30,48,56,245,881,902,916,921,926,930,934,936],account_expir:[245,822],acknowledg:903,acl:[3,4,8,18,20,21,22,23,31,901],acl_fil:[4,8,19,20,34],acquir:[3,6,23,43,48,245,274,399,542,894,902,908,932],acquisit:[43,400],across:[17,20,21,34,43,912,913,914,922],act:[10,19,21,26,885,902],action:[4,6,14,885,903,913],activ:[6,8,14,21,23,25,37,40,169,925],actor:19,actual:[6,14,23,26,35,46,98,99,100,102,103,113,129,287,288,289,290,294,298,885,923],actual_mech:43,ad_kdcissu:[318,408],ad_typ:[195,795,894],ad_type_extern:773,ad_type_field_type_mask:773,ad_type_regist:773,ad_type_reserv:773,add:[3,6,9,11,12,14,15,19,20,21,22,23,31,33,36,48,338,340,882,902,923],add_auth_ind:[902,915],add_mkei:[14,23],add_princip:[5,14,25,37],add_rel:918,added:[3,6,14,15,20,23,24,25,32,34,40,300,724,881,902,905],addent:[11,902],adding:[3,8,23,32,41,902],addit:[3,18,19,20,21,22,23,26,29,34,37,38,39,40,43,46,48,360,361,410,820,881,885,888,890,892,893,902,903,906,915,920,926,930,937],addition:[10,21,36,914,923],addpol:[3,23,35],addprinc:[3,23,34,37,882,912],addr1:[52,53],addr2:[52,53],addr:[54,232,233,234,329,809,810,816],address1:894,address2:894,address:[0,15,20,21,23,24,30,33,38,39,44,48,260,322,323,328,353,356,357,517,518,519,520,789,808,810,817,830,890,894,902,917,923,926,927],address_list:824,addresssanit:902,addrlist:54,addrtyp:[425,789,894],addrtype_addrport:773,addrtype_chao:773,addrtype_ddp:773,addrtype_inet6:773,addrtype_inet:773,addrtype_ipport:773,addrtype_is_loc:773,addrtype_iso:773,addrtype_netbio:773,addrtype_xn:773,adjust:[14,29,33,34,37,48,100,103,288,290,406],adm:[20,22,39],admcil:19,admcilsp:19,admin24:22,admin:[3,4,5,8,14,15,16,19,21,23,32,34,881,890,901,912,930,937],admin_serv:[3,8,20,21,23,34,39],adminhost:[3,23],administ:[4,15,34],administr:[0,2,3,4,5,6,11,14,15,16,18,19,20,21,22,24,25,31,32,35,36,38,881,887,900,901,902,903,913,920,922,926,936,937],adminjohndoefoo:21,adtyp:795,advanc:[14,30,150,312,902,920],advantag:[14,21,26,32],advertis:[21,903],advic:31,advis:[14,903],aead:48,aes128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],aes256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],aes:[20,903],aesni:[890,903],af_unspec:917,affect:[4,19,20,21,26,28,40,120,126,133,229,902,926,937],afford:32,afs3:14,after:[2,3,4,6,8,10,12,14,21,23,24,25,33,34,35,37,80,98,136,228,272,377,398,869,880,881,886,888,894,895,898,899,902,922,923,930,937],afterward:[23,913],again:[14,23,28,33,34,704,885,902,908,922,923],against:[2,14,20,21,25,28,34,39,40,46,48,129,298,339,353,356,357,360,408,885,890,902,905,908,929,935],agent:20,agre:903,agreement:903,aklog:55,alexand:903,alg:890,alg_id:863,algid:722,algorithm:[14,26,126,890,899,903,930],alia:[3,11,23,43,48,144,146,310,362,363],alias:[3,11,15,22,23,38,39,902],alic:[11,28,935,936],all:[0,2,3,6,9,14,15,17,18,19,20,21,23,24,25,28,29,32,33,34,35,37,38,43,46,48,153,163,164,282,339,356,410,731,732,737,801,811,881,882,885,888,889,893,894,899,902,903,914,916,923,925,927,928,929,930,932,935,937],alloc:[43,46,48,61,78,93,98,99,100,102,103,107,115,117,119,121,124,148,280,287,288,289,290,296,352,354,403,811,854,905,907,909,912,916],allow:[2,3,4,5,6,8,10,12,14,15,16,17,18,19,20,21,23,24,26,28,29,32,33,34,35,36,37,38,40,41,43,46,48,111,252,279,356,401,403,882,884,886,888,890,892,895,902,903,904,905,906,908,909,910,911,912,913,914,915,916,917,918,919,922,923,926,929,936],allow_dup_skei:[3,23],allow_forward:[3,5,23],allow_postd:[3,5,23],allow_proxi:[3,23],allow_renew:[3,23],allow_svr:[3,23,25,35,40],allow_tgs_req:[3,23],allow_tix:[3,23],allow_weak_crypto:[14,21,26,41,48],allowedkeysalt:[3,23],almeida:903,alon:[34,907],along:[0,36,811,881,890,908],alongsid:34,alphabet:882,alphanumer:21,alreadi:[6,14,22,23,34,36,124,330,881,888,890,892,926,930],also:[15,17,18,22,23,24,25,26,28,29,32,33,34,35,37,38,39,40,43,46,126,339,400,880,881,884,890,892,894,902,903,905,906,908,909,911,912,914,916,918,919,923],alter:[14,37],altern:[8,15,20,21,22,24,28,34,37,43,495,888,890,901,902,903,926],although:[39,884,903,909,919,922,923],altogeth:20,alwai:[14,15,20,21,23,24,38,39,44,51,55,61,63,66,68,71,80,83,139,142,155,362,700,894,898,902],america:903,among:46,amount:[20,21,35,39,102,119,121,289,358,889],an2ln:[21,916],an2ln_typ:916,analog:15,anam:[56,930],anchor:[20,21,926],andrea:903,andrew:[5,23],ani:[0,3,6,8,9,10,14,15,16,17,19,20,21,23,24,25,28,32,34,36,37,38,39,40,41,43,46,48,56,137,147,153,154,156,224,260,268,275,278,279,308,313,356,360,361,401,410,724,821,881,885,886,894,895,899,902,903,904,908,909,916,922,923,926,930,936],ank:[3,23],anl:21,annot:[16,36,902],anonym:[3,20,23,25,28,43,48,496,497,902,923,926,927],anoth:[15,17,21,24,32,39,41,48,101,171,810,881,885,890,894,906,912,916,917,923,937],ansi:889,answer:[21,46,48,363,715,722,724,860,908],anticip:[33,39],anyon:[922,936],anyth:[21,37],anywai:[20,39,46,327],anywher:[922,937],ap_opt:[326,327,372,793,870],ap_opts_etype_negoti:773,ap_opts_mutual_requir:[327,356,372,773],ap_opts_reserv:773,ap_opts_use_session_kei:[327,773],ap_opts_use_subkei:[327,773],ap_opts_wire_mask:773,ap_req_authdata:195,ap_req_nofail:[412,878],ap_req_opt:[326,327,356,372],api:[0,14,41,43,45,98,100,103,123,186,188,190,191,196,197,245,250,251,262,281,288,290,348,350,407,724,811,831,881,887,890,902,904,915],appdata:[21,885],appdefault:48,appear:[14,20,21,24,34,37,39,41,46,894,903,907],append:[3,20,23,384,884,890,899],appl:[887,903],appl_vers:[360,372],appli:[3,10,14,18,19,20,21,23,24,35,41,43,171,245,903,912,915,923,926,930,934],applic:[0,12,16,18,20,21,28,30,31,37,43,46,48,59,60,156,250,326,327,328,360,372,499,522,523,702,725,880,881,884,885,887,890,900,902,903,906,908,911,916,918,922,923,929,933,936],appnam:[59,60],approach:43,appropri:[6,14,21,23,24,28,29,34,37,39,43,46,154,370,395,904,914,915,926,927,930],approxim:[889,902],apputil:887,aprepencpart:791,arbitrari:[3,23,43],arcfour:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],architectur:[888,890],archiv:[42,889],area:[34,46],arg:[3,23,413,414,415,786,787,890,930],arg_keytab:[232,235],argument:[3,4,6,10,14,20,23,44,46,48,63,80,91,93,245,257,260,263,275,322,323,328,349,351,353,357,383,413,414,415,873,890,902,907,908,916,930,932],argv_pars:903,ari:930,aris:903,armor:[20,37,48,229,906,915,926],armor_ccach:926,around:[23,890],arrai:[3,36,43,46,48,100,103,111,173,240,244,254,288,290,319,329,349,351,805,809,811,816,817,830,852,853,916,918],arrang:23,arriv:885,asan:890,asc:889,ascii:[6,23,39,894],ask:[6,37,39,46,48,722,723,724,906,922,923,930],asn:[48,895,896,905],aspect:[15,28,911],assert:[20,43,894,902,908,915],assign:[3,19,20,23,34,39,48,82,84,930],associ:[3,4,9,19,20,21,23,35,38,43,531,881,885,894,903,937],assum:[14,21,34,36,39,43,44,107,124,155,889,923,926,937],asynchron:[400,915],athena:[3,5,14,15,19,20,21,23,24,28,32,34,890,903,918,922,923,937],athent:260,attach:902,attack:[2,14,21,23,29,30,32,35,40,46,322,323,328,885,902,926],attempt:[0,3,6,20,21,23,24,29,35,39,43,122,243,250,410,894,930],attr:[252,825],attribut:[3,5,6,9,16,19,20,21,22,23,24,26,36,37,48,253,825,902,903,905,908,915,926,930],audit:902,aug:[3,23],augment:908,august:903,auth:[16,20,39,43,48,61,326,327,356,360,361,372,499,795,809,817],auth_context:[61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,90,223,320,322,323,324,325,326,327,328,351,353,354,355,356,357,360,361,372],auth_gssapi:[3,23],auth_to_loc:[21,28,916],auth_to_local_nam:[21,28],authdata1:894,authdata2:894,authdata:[184,189,224,318,319,408,810,894,910],authdata_plugin:911,authdatum:408,authent:[3,5,6,10,12,14,15,20,21,22,24,25,26,29,30,32,34,35,36,37,38,39,40,43,44,46,48,61,62,63,64,66,67,68,69,71,72,73,74,76,77,79,80,81,82,83,84,85,86,87,88,89,90,166,201,223,224,250,319,320,322,323,324,325,326,327,328,339,351,353,354,355,356,357,372,433,495,501,609,722,791,793,797,843,860,870,881,884,885,886,887,894,895,899,902,903,905,915,916,923,926,927,933,937],authfrom:174,author:[3,19,20,21,48,153,224,253,608,730,810,847,902,903,910,925],authoriaz:797,authorit:[19,21,154,904,909,912,916,917],authoritykeyidentifi:37,authorization_data:[797,817,830],authtim:[337,338,339,340,868,894],authtime_out:333,authto:174,authz:830,auto:902,autoconf:887,autodoc:892,autohead:888,autolock:903,autom:[888,902],automak:907,automat:[3,4,6,8,15,17,23,34,881,884,886,888,899,902,923,925,930],autoreconf:888,avail:[3,6,11,12,14,20,21,29,34,38,43,46,56,122,165,170,187,192,193,227,252,304,308,313,358,365,368,371,395,412,557,807,829,867,881,888,899,904,910,925,927,931,937],avoid:[3,14,19,24,38,46,245,890,902,923],awai:[14,41,922,923],awar:894,awk:6,back:[19,20,23,24,30,39,40,881,890,895,902,908,911],backend:[14,890,902,903],background:[4,8,10,34],backslash:341,backspac:341,backup:[30,32,39,886],backward:[8,20,21,24,26,34,932],bad:[34,135,156],balanc:[14,38,39],banner:[46,349,856],bar:[6,21],basch:903,base:[0,3,20,21,22,23,24,25,34,37,38,39,43,46,49,59,60,62,98,117,296,385,881,885,892,901,902,903,906,911,915,919,923,926,935],basi:[14,18,23,39],basic:918,basicconstraint:37,baz:21,bb463167:42,becaus:[6,17,19,20,21,23,24,25,35,37,38,39,41,43,46,251,339,881,888,890,894,898,913,915,918,922,926,936],becom:[0,6,14,17,21,23,34,39,136,235,260,275,881,902,922,926,930],beeblebrox:34,been:[6,12,14,20,21,23,35,124,881,885,899,902,903,908,911,923,927,934,937],beep:[923,925],befor:[2,3,4,5,6,14,15,20,21,22,23,35,37,39,41,44,98,100,103,155,288,290,378,386,811,854,882,885,886,888,903,906,913,915,923,926],beforehand:43,began:14,begin:[4,6,15,21,23,28,36,99,100,102,103,287,288,289,290,400,894,908,909,918,935],behalf:932,behav:[3,43,403,412,880,890],behavior:[3,14,20,21,28,39,46,228,410,412,902,907,910,911,916,925,929,934],behind:[14,28],being:[3,14,20,21,23,29,39,44,46,245,369,724,885,892,935],belong:[33,161],below:[6,20,21,23,28,36,724,887,903,930],benefit:39,berkelei:[890,903],besid:[15,21],best:[14,25,34,38],beta:[6,23],better:[23,24,831,902],between:[3,9,20,21,23,25,29,34,35,41,45,136,158,382,869,881,902,916,923,925,926],beyond:[899,906,911,915,937],big:[894,895,896,898,908],biggest:14,bin:[34,888,890,892,901,930],binari:[21,32,890,903],bind:[3,5,20,22,23,39,902,929],bind_dn:3,binddn:3,bindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],bindpwd:3,bison:890,bit:[14,20,24,37,46,66,83,142,153,157,356,869,880,894,898,902,930],bitwis:[151,724],bjaspan:[3,23],blank:935,bleep:[3,11,23,923,936,937],block:[14,20,24,48,99,100,102,103,122,287,288,289,290,902],blocksiz:95,bob:[930,936],bodi:[830,915],book:[15,902],boot:[34,886],bootstrap:21,borrow:923,boston:39,both:[3,12,21,22,23,24,26,28,29,36,37,39,40,43,159,245,251,888,903,907,930],bourn:34,box:36,brace:[21,907],bracket:[20,21,28],breviti:895,brg:903,brian:903,bridg:902,brief:[32,887,911],broken:[14,890],brother:903,brute:[14,23,35],bsd:[902,903],btree:[6,23],buffer:[23,43,48,56,98,99,119,170,187,192,193,279,287,304,328,336,337,371,394,395,401,403,405,532,811,908],buflen:[170,187,192,193,371,394,395],bug:[0,23,38,42,887,888,920],build:[34,39,41,48,49,136,881,887,890,900,901,902,907,911,929],built:[21,24,28,46,48,375,881,888,890,902,903,908,918,923,929],builtin:[890,902,903],bundl:[21,903],bunni:39,busi:903,byacc:890,c89:889,cacert:[29,37],cach:[3,14,15,21,23,28,43,44,48,78,138,140,223,224,229,247,264,267,320,322,323,326,328,353,356,357,372,400,410,516,539,543,739,883,887,890,891,897,901,902,910,923,925,926,927,929,930,931,932,935,937],cache_nam:[3,23,925,926,927],cache_out:[132,154],cacheconf:894,cachenam:[881,931],cachetyp:902,cacreateseri:37,caddr:[809,816,817],cakei:37,california:903,call:[14,16,20,21,23,24,28,34,43,46,91,93,100,103,113,125,126,136,156,158,176,228,245,251,261,268,275,279,282,288,290,294,306,315,320,377,378,401,811,854,861,880,881,887,888,902,906,907,908,913,915,916,922,930],callback:[48,260,275,349,377,378,384,840,854,856,860,902,906,915,917],caller:[43,46,71,85,99,100,102,103,117,119,121,136,144,146,245,252,269,279,287,288,289,290,296,310,312,327,358,362,363,401,410,811,880,902,909,915,918],camellia128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],camellia256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],camellia:[20,902],can:[0,2,3,4,5,6,8,9,10,11,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,32,33,34,35,36,37,38,39,40,41,43,46,50,56,136,138,154,224,254,271,305,328,339,341,363,383,386,397,400,410,412,721,849,850,860,868,880,881,882,884,885,888,889,890,892,894,895,902,904,905,906,907,908,909,911,912,913,914,915,916,917,919,922,923,926,930,934,937],cancel:23,candid:[899,930],cannot:[3,15,23,24,25,35,37,43,46,135,151,260,341,410,869,894,923,926,927,932],canon:[4,15,22,23,38,39,192,912,916],canonhost_out:194,canonic:[15,21,22,33,43,48,386,540,902,926,932],capabl:[32,902,922],capac:25,capath:[20,902],card:[3,20,21,23,902],care:[3,14,19,23,28,43,911],carefulli:37,carnegi:903,carri:[3,25,937],cartoon:34,casio:14,cast:[869,880,904,906,907,912,913,914,915,917,919],cat:6,categori:25,caus:[3,4,6,14,20,21,23,24,25,34,35,37,38,39,40,43,48,122,245,247,385,720,881,885,890,902,903,927,931],caution:3,cb_data:[383,872],cb_ret:918,cbc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],cbdata:918,cbrown:937,cc246071:902,cc246091:902,ccach:[3,23,41,48,132,135,164,224,225,226,232,233,234,246,250,251,264,267,326,372,380,400,410,801,890,901,904,928,932],ccache_typ:21,ccachenam:890,ccapi:[887,903],ccselect:[28,902,907,910,917],ccselect_plugin:[904,907],ceas:[0,6,23],cell:14,center:[10,887,903,937],central:0,cert:[16,21,37],cert_fil:932,certain:[23,32,236,890,903,932,937],certauth:[902,910],certauth_plugin:905,certid:21,certif:[3,20,21,29,40,48,253,680,896,902,910,932,937],certifi:21,certlabel:21,cf2:48,cflag:[890,929],cfr:903,chain:[20,21,902],challeng:[20,21,40,46,48,363,364,365,367,368,682,685,722,723,860,863,895,902],chang:[2,3,6,9,14,15,19,20,21,22,24,25,28,33,34,37,39,46,48,78,136,158,245,260,379,380,614,703,880,888,892,894,901,902,903,911,913,919,921,928,930,936],change_password_for:[379,380],changeov:34,changepw:[3,14,15,23,166,245,379],channel:[14,36,43,46,322,930],charact:[3,19,20,21,23,34,39,341,394,404,699,928],charg:903,check:[12,20,21,23,28,34,37,43,48,59,60,153,283,353,356,357,544,888,890,892,898,902,907,918,919,923,927,930],check_a:914,check_tg:914,checkout:892,checksum:[43,48,104,175,202,203,326,327,328,330,337,338,339,340,526,533,648,649,653,797,840,896,899,908],checksum_typ:802,cheetah:892,chicago:903,chl:[46,364,365,367],chl_out:368,choic:[21,38,43,46,250,926],choos:[14,22,25,34,38,39,43,886,904,922,926,935],chosen:[16,21,22,26,43,46,229,889,895,901,902,904,935],chpass:[3,23,913],chrand:[3,23],chunk:[114,295],cipher:[14,26,48,99,100,102,103,287,288,289,290],cipher_st:[99,100,102,103,287,288,289,290],ciphertext:[25,99,100,102,103,104,287,288,289,290,791,815,895,899],circular:23,circumst:[20,37],citi:903,ckf_:724,ckfrom:175,cksum:[113,129,294,298,409],cksumtyp:[81,96,111,113,114,130,170,294,295,299],cksumtype_cmac_camellia128:773,cksumtype_cmac_camellia256:773,cksumtype_crc32:773,cksumtype_descbc:773,cksumtype_hmac_md5_arcfour:773,cksumtype_hmac_sha1_96_aes128:773,cksumtype_hmac_sha1_96_aes256:773,cksumtype_hmac_sha1_des3:773,cksumtype_hmac_sha256_128_aes128:773,cksumtype_hmac_sha384_192_aes256:773,cksumtype_md5_hmac_arcfour:773,cksumtype_nist_sha:773,cksumtype_rsa_md4:773,cksumtype_rsa_md4_d:773,cksumtype_rsa_md5:773,cksumtype_rsa_md5_d:773,cksumtypep:387,ckto:175,claim:903,clang:902,clarifi:37,clariti:930,clean:[23,268,269,383,892,902,918],cleanli:902,cleanup:[46,918],clear:[3,6,11,15,23,36,46,48,136,156,374],clearpolici:[3,19,23],cleartext:[792,808,816],click:34,client1:37,client2:37,client:[3,12,14,16,18,20,21,22,23,25,26,28,31,32,34,35,36,38,39,40,41,43,46,48,145,154,223,224,235,241,242,258,260,264,267,275,276,277,327,330,356,360,400,644,724,791,792,797,809,810,817,820,829,830,881,885,887,890,894,895,896,901,902,903,904,905,907,910,912,915,917,923,926,927,929,930,932,935,937],client_cert:37,client_kei:902,client_princ:46,clientauth:21,clientkei:37,clifford:937,clock:[21,34,48,267,353,357,882,915,926],clockskew:[15,21,356,899,918,926],close:[21,32,48,71,85,132,137,138,148,164,167,265,305,739,899,913,919],clpreauth:[28,910],clpreauth_mymech_initvt:907,clpreauth_plugin:906,cmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],cmd_path:930,cname:[33,34,38,39],code:[0,20,21,23,41,43,46,48,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,119,120,121,122,124,125,126,129,130,133,134,135,141,142,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,166,169,170,171,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,251,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,303,304,306,308,309,312,313,314,315,316,319,320,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,341,342,344,349,351,352,353,354,355,356,357,358,360,361,371,372,373,374,375,379,380,381,382,386,393,394,395,397,398,399,400,401,402,403,404,405,406,410,714,820,821,849,869,880,887,889,890,902,903,906,907,908,911,913,915,917,918,919,920],coerc:899,coexist:19,collect:[21,43,48,132,154,712,713,887,902,904,925,926,927,931,935,937],collis:[48,885],colon:[5,20,21,23,28,39,152,341,343,416,937],column:6,com:[3,6,9,11,16,20,21,22,23,28,35,37,38,39,41,42,895,896,902,903,922,923,935,936,937],com_err:[821,890,902,907],combin:[3,8,15,20,23,26,43,48,254,895,927],come:[21,46,356,888,889,922],comma:[3,6,10,20,21,23],command:[4,8,9,10,14,15,20,21,22,23,24,29,32,34,35,37,41,882,884,887,888,889,890,902,921,922,923,925,928,930,932,937],command_opt:[5,6,23],commenc:34,comment:[0,15,21],commerci:[21,37,903],commit:[9,903,913],common:[21,23,25,34,43,890,903,906,922,936],common_appdata:21,commonconfig:21,commonli:[8,41],commun:[0,21,23,25,29,34,37,43,849,881,887,903,904,920],compani:923,companion:36,compar:[47,48,129,298,895],comparison:21,compat:[8,20,21,36,43,888,890,902,912,914,932],compil:[0,888,889,890,891,902,903,929,930],compile_et:890,complet:[5,6,14,20,21,23,39,43,45,158,272,274,356,372,398,399,722,887,890,891],complex:902,compli:903,complic:[37,890],compon:[19,21,28,37,38,43,46,48,92,93,223,341,342,347,385,639,693,695,747,894,898,902,903,918,923,935],component1:[894,898],component2:[894,898],compos:37,compress:889,compromis:[14,17,21,32,881,886],comput:[14,20,21,29,43,44,46,48,91,117,129,229,296,298,896,903,906,915,922,923],concaten:[715,895,908],concatent:908,concept:[900,910],concern:[25,35,903,923],concis:918,concret:892,concurr:[20,24],condit:[37,154,902,903,930],conduct:29,conf:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,22,23,24,25,26,27,28,29,30,31,32,33,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],conf_keyfil:[5,23],conf_req_flag:43,conf_stat:43,confidenti:[26,43,902],config:[20,21,23,141,155,269,375,887,890,901,902,908,921,924],configur:[3,4,5,9,14,16,17,19,20,21,23,24,25,30,31,38,41,43,46,48,50,78,154,167,194,251,261,269,385,410,412,557,558,882,885,887,888,889,891,892,902,907,910,919,923,926,927,930,934,936,937],confirm:[2,3,5,6,23,130,299,902],conflict:[15,28,356,596,597,599,600,908],conform:[21,889,902,928],confound:104,confus:903,confusingli:46,confvalid:887,conjunct:932,connect:[3,4,5,8,12,20,23,32,34,38,43,48,881,885,902,903,923],consequ:14,consequenti:903,consid:[0,14,21,24,33,39,41,339,885,890,894],consider:[39,45],consist:[21,39,341,884,889,894,895,902,909,916],consol:20,consolid:0,consortium:[920,937],constant:[46,57,58,711,717,805],constitut:903,constrain:[3,23,330,541,646,902,932],constraint:[903,935],construct:[0,43,46,277,279,326,401,849,850,902,907,932],consult:[21,916],consum:[24,880,911],contact:[3,7,8,14,20,21,23,29,39,260,881,904,920,933],contain:[3,4,5,6,8,9,15,19,20,21,22,23,24,28,29,33,34,37,39,41,43,46,48,54,67,72,76,152,154,169,172,173,183,184,195,231,245,247,276,279,318,327,339,341,352,353,354,357,360,362,372,401,410,831,860,873,881,882,884,885,887,888,889,890,891,892,894,895,898,899,903,907,908,917,918,920,922,923,925,926,930,931,932,935,936,937],container_dn:[3,23],container_reference_dn:[5,23],containerdn:[3,23],containerref:[5,23],contempl:903,content:[0,6,9,12,14,23,27,34,37,43,44,46,48,82,84,124,133,137,147,148,174,175,177,178,180,182,183,198,199,200,201,202,207,208,212,215,221,280,330,331,789,795,802,811,832,843,874,881,894,896,898,903,908,926,927],context:[21,41,43,44,46,48,49,50,51,52,53,54,55,56,59,60,61,66,70,75,83,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,172,173,174,175,176,177,178,180,181,182,183,184,186,188,189,190,194,195,196,197,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,264,265,267,276,277,278,279,280,281,283,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,364,365,366,367,368,369,372,373,375,376,377,378,379,380,381,382,383,384,385,386,390,401,402,403,404,405,406,407,408,409,410,413,414,415,416,558,777,778,779,780,781,782,783,784,822,849,850,856,860,872,902,904,906,907,909,915,916,917],context_handl:[43,908],contigu:43,continu:[2,6,17,34,895,902,903,930],contract:903,contrari:[43,46],contribut:[101,107,119,120,900,903,937],contributor:[893,903],control:[4,14,15,18,19,20,21,22,26,28,34,36,37,38,41,43,46,243,279,401,410,890,891,902,904,909,910,911,914,916,917,918,919,934],convei:[14,23,39,43,821,847,902,903],conveni:[46,320,365,368,888],convent:[39,402,918],convention:937,convers:[21,895],convert:[14,21,43,48,169,258,386,935],cooki:[593,897,902,915],coordin:908,copi:[15,17,23,26,29,32,34,37,41,43,48,86,88,269,272,339,398,886,894,903,911,918,923,930],copyright:[887,889,903,937],core:[906,911,915,918,920],corpor:[903,937],correct:[4,10,14,21,23,33,34,41,124,719,881,890,902,903],correctli:[12,43,849,850,880,902,922],correspond:[6,19,21,37,43,44,46,56,152,245,263,339,868,892,895,902,907,913,937],corrupt:[6,17,23,902],cost:[23,29,890,903],could:[0,14,16,17,21,25,28,33,34,35,39,885,902,907,922,923,930],couldn:12,count:[3,6,23,48,87,89,111,286,894,898],counter:[3,23,35],countermeasur:32,counterpart:[19,33],countri:903,cours:17,courtesan:903,cover:33,coverag:888,cpp:890,cppflag:890,cppopt:890,cpu:40,cpw:[3,14,23],crash:[17,21,34],crawdad:903,crawford:903,crc:[14,26],creat:[3,4,7,12,14,15,19,20,21,22,24,28,31,32,35,43,47,48,67,72,76,93,113,114,125,126,135,138,172,173,174,175,176,177,178,180,182,183,205,236,262,265,271,294,295,305,306,321,328,342,356,360,361,372,384,397,410,695,881,882,884,888,892,895,899,902,903,904,905,906,908,909,910,912,913,914,915,916,917,918,919,920,922,923,926],create_polici:23,creation:[14,21,23,37,895],creativ:903,creativecommon:903,cred:[46,48,150,151,153,159,166,232,233,234,235,260,264,267,272,275,379,398,400,410,525,902,930],cred_handl:[43,908],cred_usag:43,creddata:351,credenti:[3,12,16,20,21,23,28,33,35,37,45,48,138,166,177,206,207,223,224,229,326,330,351,372,399,436,543,612,645,731,807,808,809,810,861,880,883,884,885,887,890,897,902,906,908,909,910,915,923,925,926,927,929,930,931,932,935,937],credentials_cach:[3,23],creds_out:351,criteria:[37,881],critic:[46,920],crl:[20,21],cron:[17,20,34,39],cross:[20,21,338,339,340,356,890,902],crt:[20,21],crypto:[14,120,121,191,887,890,902,903],crypto_entri:818,crypto_test:903,cryptograph:[14,43,902,903],cryptographi:[14,40],cryptosystem:14,csv:[6,902],ctime:[792,797,820],cts:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],ctx:[43,72,73,76,77,86,87,88,89,171,176,213,228,270,271,272,273,274,275,276,277,278,279,343,362,363,364,365,366,367,368,369,370,376,396,397,398,399,400,401,413,414,415,416,861],ctype:[109,110,127,131,168,409],cuba:903,cultur:903,current:[2,3,6,8,9,11,14,20,21,22,23,28,38,39,48,136,179,327,343,353,357,379,436,726,873,881,884,890,894,899,902,906,909,910,915,923,928,935,937],curri:15,curs:890,cursor:[48,139,150,158,163,164,312,316,799,801],curv:[21,40],cusec:[792,797,820],custom:[21,892,901,902,905],cut:39,cve:902,cybersaf:[534,903],cycl:902,cygnu:[651,903],daemon:[8,19,20,21,23,31,36,37,38,881,886,902,907,937],daffodil:[15,923],dai:[3,5,21,23,37,48,393,882,923,937],daili:14,daisi:39,dal:911,damag:[881,903],danger:[17,930],danilo:903,dash:21,data:[3,6,9,14,20,21,22,23,24,26,32,43,44,46,48,63,79,80,98,113,114,117,119,120,121,123,129,130,141,151,153,155,169,178,208,212,224,245,253,257,258,260,262,275,294,295,296,298,299,320,323,326,327,328,330,332,337,338,349,351,353,356,357,365,368,372,373,377,378,379,380,383,385,390,462,474,475,476,531,532,665,706,730,777,778,781,795,797,805,807,810,811,813,816,817,820,822,829,830,840,843,847,849,850,852,853,856,859,861,870,875,881,885,886,890,894,895,896,898,902,903,905,906,907,910,914,915,919,927],data_length:116,data_set:43,databas:[2,4,5,6,7,8,9,10,12,15,18,19,20,21,22,26,28,30,31,32,35,37,43,884,886,887,890,891,901,902,903,910,913,915,926,929,930,937],database_modul:[20,24],database_nam:[20,23,34],datadir:890,datarootdir:890,datatyp:45,date:[3,6,8,20,21,37,167,224,395,816,883,902],datebas:4,david:[15,23,922,923,937],db2:[3,6,20,23,35,887,901,902],db3:890,db_185:890,db_arg:[3,4,6,10,23],db_header:890,db_lib:890,db_librari:[20,22,24],db_module_dir:20,db_princ_arg:[3,23],dbadmin:19,dbdefault:[5,23],dbmatch:21,dbmodul:[3,22,23,24,35],dbname:[3,6,10,23],dbutil:903,dce:[43,48,635,667,902],dcmd_path:930,deactiv:20,deal:[881,903],dealloc:[92,909,916],debian:[31,902],debug:[3,7,8,9,20,28,889],dec:[34,35,882],dec_err:321,dec_error:352,decid:[34,39,245,923],decim:[6,43,894,937],decis:[30,903,912,916,937],declar:[43,908],decod:[21,46,48,159,184,356,894,905,907],decompos:532,decreas:[21,884],decrement:48,decrypt:[3,23,35,43,48,79,351,361,811,867,885,930],dedic:34,default_ccache_nam:[21,136,881,937],default_client_keytab_nam:[15,21,884],default_domain:21,default_kdb_fil:891,default_kdc_enctyp:891,default_keytab_nam:[21,884,891],default_principal_expir:[20,882],default_principal_flag:[19,20,902],default_profile_path:891,default_rcache_nam:[21,885],default_realm:[21,28,33,34,909,918],default_tgs_enctyp:[21,26,902],default_tkt_enctyp:[21,26,902],default_valu:[59,60],defaut_tgs_enctyp:26,defccnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],defcktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],defeat:40,defens:25,defer:[43,909,912,916],defin:[3,12,20,21,33,34,39,43,101,119,228,724,885,890,894,895,907,911,918,919,930],definit:[10,16,20,887,903,912,914],defktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],dejagnu:[888,890],del_polici:[3,23],delai:[24,39,890,902,926],deleg:[3,20,21,23,330,541,646,894,902,923,927,932],delegated_cred_handl:43,delent:11,delet:[2,3,5,6,11,15,19,21,32,34,151,885,903,922,925,930,937],delimit:[21,309],delold:[2,14],delpol:[3,23],delprinc:[3,23],delstr:3,delta:[20,48],deltat:187,deltatp:388,demand:410,demonstr:[12,14],deni:[3,19,23,25,28,35,912,916,930],denial:21,denot:[6,19,882,895],depart:903,depend:[25,33,39,43,46,126,362,370,724,860,889,890,901,907,919,922,923],deploi:[36,37,38,888],deploy:[14,24,37],deprec:[14,20,70,75,94,123,131,168,186,188,190,191,196,197,225,226,232,233,234,239,281,307,348,350,390,407,409],der:[895,905,915],der_out:[320,322,323,328],deriv:[6,14,20,23,25,48,99,100,102,103,113,129,287,288,289,290,294,298,895,899,902,903,928],des3:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],des:[14,26],descend:[881,885],describ:[0,3,14,15,16,21,23,24,25,28,32,34,37,43,372,402,811,820,821,880,894,903,906,907,908,910,918,923,930],descript:[23,32,39,43,820,887,901,902,904,905,906,909,911,912,913,914,915,916,917,918,919],descriptor:[62,360,361,372],design:[28,34,46,313,881,885,937],desir:[14,15,23,28,43,119,121,250,251,326,890,917,930],desired_mech:[43,908],desired_nam:43,desired_object:43,desktop:46,dest_ctx:179,destdir:888,destin:[32,888],destroi:[43,48,136,147,148,383,410,881,902,904,905,906,909,912,913,914,915,916,917,919,921,925,926],destroy_polici:23,detach:8,detail:[10,14,15,22,24,26,28,33,34,36,262,722,881,887,889,902,904,905,906,909,912,913,914,915,916,917,918,919,930],detect:[6,8,14,23,320,322,323,328,353,357,885,890,908],determin:[3,4,5,6,8,20,21,23,24,28,34,43,48,62,102,105,117,136,154,230,231,261,289,356,382,386,412,873,881,884,885,888,890,895,898,902,905,909,912,916,917,923,937],dev:[20,21,41,937],develop:[0,888,900,902,903,920,937],devic:[3,20,21,23,46],devicenam:20,dfl:[21,885,937],dget_tgt_via_passwd:930,dict:[3,21,23],dict_fil:[4,20,919],dictat:23,dictionari:[20,21,29,30,34,35,40,902,919,926],did:[34,223,267,339,923],didn:[12,28],differ:[3,6,12,15,21,25,26,28,33,34,37,38,39,43,45,48,107,119,159,265,372,382,849,885,888,890,907,915,916,922,923,926,930,937],diffi:[20,21,926],difficult:35,difficulti:38,digest:[20,903],digit:[882,937],digitalsignatur:[21,37],dir:[20,21,37,881,890,901,926,937],direct:[21,22,23,28,41,48,903,908,918,937],directli:[3,18,20,21,23,29,34,43,46,372,612,908,915,926,931],directori:[5,12,20,21,22,23,28,33,34,37,169,339,881,885,889,891,892,901,902,922,930,934,935,936,937],dirnam:[21,881],dirpath:881,disabl:[3,14,20,21,23,24,26,28,34,37,38,39,41,377,378,383,544,885,888,890,902,910,926,934,937],disable_encrypted_timestamp:[21,25,40],disable_fresh:[37,926],disable_last_success:[20,22,35],disable_lockout:[20,22,35],disallow:19,disallow_forward:[5,23],disassoci:[4,10],disast:39,disclaim:903,disclosur:[19,902],discoveri:[25,33,34,902],discuss:[34,885,903,911,920],disjoint:0,disk:[4,5,6,15,17,23,24,32,34,46,881,886,889],dispatch:908,displai:[2,3,5,9,11,15,23,37,42,46,245,714,884,894,902,903,926,927,933],display:169,disrupt:14,dist:889,distclean:888,distinguish:[5,21,23,903],distribut:[10,887,888,889,890,891,902,903,923,937],distributor:903,divid:899,dll:[28,907,908,918],dns:[21,890],dns_canonicalize_hostnam:[21,902],dns_lookup_kdc:21,dns_lookup_realm:[21,39],dns_uri_lookup:[21,39],dnsname:21,doc:[22,42,892],document:[5,20,21,23,29,33,34,43,880,888,890,899,902,903,907,920],doe:[3,6,8,10,14,15,20,21,22,23,24,25,34,37,38,40,43,46,56,119,144,152,160,309,311,342,372,386,394,410,881,884,888,890,895,902,903,907,908,909,916,918,922,923,930],doesn:[2,6,23,161,881,922],doing:[6,23,29,38,46,902,903,907,930],domain:[12,15,20,21,33,34,36,37,39,902,923],domain_realm:[28,33,39,935],don:[12,699,881,888,890,922,930,937],donat:[23,903],done:[8,22,23,32,34,39,881,890,906,915,918,930,937],doubl:882,down:39,download:[8,903],downstream:[23,902],downtim:14,doxygen:[0,892],dprinc_look_ahead:930,draft:[679,682,685,902],drift:15,drive:888,drop:902,dry:6,dsa:471,dst:148,due:[14,19,23,41],dug:903,dugsong:903,dump:[4,7,8,17,20,24,34,901,902],dump_fil:4,dumpfil:[6,23,890],dumptyp:6,dup:20,duplic:[48,810,885],durabl:[20,24],durat:[3,20,21,23,868,926,930],dure:[3,4,8,17,20,21,23,34,35,40,43,349,377,410,703,894,895,902,906,913,923,930],dynam:[21,907,910,912,918],e19253:42,e2big:119,e_data:[820,915],each:[2,3,6,8,10,15,19,20,21,23,24,25,26,28,33,35,37,39,43,44,46,252,263,265,349,739,881,884,886,888,894,895,899,902,903,907,911,912,913,917,922,923,926,927,930,932,935,936],ear:903,earli:14,earlier:[20,26,34,224,916],earliest:[6,153,899],eas:36,easi:[14,17,25,35,923],easier:[0,14,902],easili:[14,34,888,902],eavesdrop:43,eavesdropp:885,ebaa:42,eblock:[186,188,190,196,197,281,348,350,390,407],echo:[349,358],edata:915,edit:[2,11,12,31,890,891,922],editor:0,edt:[3,23],edu:[0,3,5,12,14,15,19,20,21,23,24,28,32,34,42,902,903,918,920,922,923,930],educ:33,edwards25519:[21,40,903],edwards25519_t:903,effect:[14,19,20,21,23,37,39,715,881,885],effici:902,effort:25,eight:33,einval:[260,370,387,389,391,392],either:[15,20,21,22,23,25,26,34,35,36,37,41,43,44,195,245,253,274,322,323,324,328,399,400,403,715,850,881,888,899,903,907,912,916,923,930,936],eku:[20,21],elaps:[3,23],element:[43,46,48,189,318,408,811,857,895],elimin:[14,40,902],ellipt:40,els:[34,907,922,923,930],elsewher:17,emac:890,email:[0,636,922],emailprotect:21,embed:665,empti:[3,6,19,20,21,23,36,43,46,48,93,229,231,279,342,385,386,401,410,885,890,894,926],enabl:[3,4,8,14,15,20,21,22,23,24,25,28,34,36,37,39,40,41,43,55,78,881,889,890,902,905,910,930,937],enable_onli:[21,28],enc:[3,6,15,20,23,199,810,902],enc_err:321,enc_errbuf:352,enc_padata:816,enc_part2:[373,807,829,867],enc_part:[791,807,829,867],encdata:895,enckdcreppart:816,enckrbcredpart:809,enclos:[20,21,882],encod:[21,46,48,189,320,322,337,338,352,535,867,874,894,895,905,915],encompass:43,encount:[21,34,927],encourag:21,encrypt:[2,3,6,14,15,17,21,23,25,29,30,32,34,36,40,43,46,48,79,95,98,99,100,112,113,114,116,124,125,126,129,130,153,229,280,287,288,294,295,298,299,308,313,322,323,354,356,391,475,476,533,593,658,734,792,793,807,809,810,811,816,817,829,830,867,884,885,886,887,891,895,896,902,903,906,908,915,920,927,932,937],encrypted_challeng:21,encrypted_challenge_ind:[20,902],encrypted_timestamp:21,enctyp:[6,11,14,20,21,23,48,95,97,98,99,101,104,107,111,112,116,118,125,126,192,193,211,224,280,287,308,313,375,407,815,817,830,832,894,898,901,902,906,932],enctype_aes128_cts_hmac_sha1_96:[443,773],enctype_aes128_cts_hmac_sha256_128:773,enctype_aes256_cts_hmac_sha1_96:[444,773],enctype_aes256_cts_hmac_sha384_192:773,enctype_arcfour_hmac:773,enctype_arcfour_hmac_exp:773,enctype_camellia128_cts_cmac:773,enctype_camellia256_cts_cmac:773,enctype_des3_cbc_env:773,enctype_des3_cbc_raw:773,enctype_des3_cbc_sha1:773,enctype_des3_cbc_sha:773,enctype_des_cbc_crc:773,enctype_des_cbc_md4:773,enctype_des_cbc_md5:773,enctype_des_cbc_raw:773,enctype_des_hmac_sha1:773,enctype_dsa_sha1_cm:773,enctype_md5_rsa_cm:773,enctype_nul:[101,229,773],enctype_out:229,enctype_rc2_cbc_env:773,enctype_rsa_env:773,enctype_rsa_es_oaep_env:773,enctype_sha1_rsa_cm:773,enctype_unknown:773,enctypep:389,end:[6,20,21,23,24,30,33,34,39,92,93,164,329,809,817,830,868,890,894,898,899,902,911,930,937],endian:[894,895,896,898,908],endors:903,endpoint:[62,903],endtim:[224,868,894],energi:903,enforc:21,enforce_ok_as_deleg:[21,902],engin:39,enomem:[119,223,231,300,320,322],enough:[3,23,99,102,167,287,289,750],ensur:[14,15,17,20,23,24,25,34,37,46,171,849,850,909,916,923],enter:[3,5,10,14,23,34,37,322,323,328,358,908,922,923],enterpris:[38,43,342,695,902,926,932],entir:[3,14,20,39,532,894,915],entiti:[43,903],entri:[3,8,9,11,12,14,15,19,20,21,22,23,24,32,34,35,37,38,39,40,41,43,46,48,153,173,195,198,200,220,245,307,313,318,319,322,323,328,334,349,356,410,816,834,838,881,884,886,895,896,899,902,914,915,923,927,930],entropi:[48,902],enumer:14,env:[21,37,41,937],envelop:[462,474,475,476],environ:[14,15,20,21,23,24,26,28,30,34,35,37,41,43,56,136,268,269,282,383,384,881,884,885,888,901,902],envvar:21,eperm:[912,916],epoch:[48,869],equal:[15,24,898,902,930],equip:937,equival:[20,36,166,379,380,902],err_fmt:[21,902],erron:41,error:[3,8,20,21,24,34,37,39,43,48,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,119,120,121,122,124,125,126,129,130,133,134,135,137,141,142,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,166,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,243,248,260,261,262,264,265,266,267,268,271,272,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,303,304,306,308,309,312,313,314,315,316,319,320,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,341,342,344,349,351,353,354,355,356,357,358,360,361,371,372,373,374,375,379,380,381,382,386,393,394,395,397,398,399,400,401,402,403,404,405,406,410,537,609,611,697,698,820,821,849,885,887,890,902,906,907,912,913,915,916,923,932],error_t:903,escap:699,especi:[15,34,38,902],essenti:20,est:[23,35,882],establish:[37,43,885],etc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],etyp:[6,229,375,659,902,932],etype_list:[244,824],etype_list_length:[244,824],euid:[21,885,901],evalu:21,even:[14,20,21,23,25,28,34,38,39,43,245,385,880,882,885,902,903,926,930],event:[39,48,902,903,915],eventu:39,everi:[20,21,23,32,34,48,316,881],evid:43,evolut:902,exact:[22,889],exactli:[21,34,153,403,732,733,737,895,930],examin:[21,37,906,915],exampl:[3,5,6,9,14,16,20,21,22,24,28,32,34,35,37,38,39,41,43,56,100,103,288,290,881,882,885,888,889,902,903,907,918,922,923,926,930,937],exce:[880,882],except:[3,15,19,21,23,37,39,43,326,902,903,930],excess:888,exchang:[34,40,48,224,247,279,360,372,433,861,895,915],exclud:[6,17,32,902],exclus:[3,899,903,930],exec:[890,929,930],execprefix:890,execut:[3,6,22,34,46,377,889,890,929],exemplari:903,exhaust:32,exist:[0,2,3,5,6,14,15,20,21,22,23,28,32,34,35,43,46,48,137,147,155,326,327,356,360,361,372,403,410,881,886,894,902,908,926,928,930],exit:[3,8,10,11,23,881,902,923,927,932],exp:[3,15,20,21,26,37],expand:[21,899,902],expans:[890,902],expdat:[3,23],expect:[14,21,34,41,267,337,338,339,340,714,892,906,911,923],expected_nonc:866,expens:[20,25,35],experi:[0,14,39,902],experienc:[0,917],experiment:902,expir:[2,3,6,15,19,20,21,23,33,37,43,46,48,224,243,260,816,868,881,882,885,894,902,923,926,927,930,937],expiri:[14,245,902],explain:34,explcit:903,explicit:[14,19,21,22,24,28,39],explicitli:[3,14,19,23,28,34,44,253,890,902,912,913,914,923],expos:[3,6,14,23,46,832,926,930],express:[3,21,23,882,903],extend:[20,21,37,48,416,873,908,937],extendedkeyusag:37,extens:[37,39,43,247,892,902,908],extent:903,extern:[20,22,43,894],extfil:37,extra:[19,39,40,750,889],extra_address:21,extract:[3,15,19,23,34,229,884,902],extrem:3,eytab:[3,15],facil:[4,15,20,43,902],facilit:902,factor:[21,895],fail:[2,3,6,14,15,20,21,23,24,35,39,43,46,228,260,279,339,351,401,849,888,890,902,908,909,923,925,930],fail_count:6,failov:39,failur:[3,6,14,23,24,35,46,119,129,130,159,260,298,299,308,403,404,405,902,903,917,919],failurecountinterv:[3,23,35],failuretim:[3,23],fake:[21,46],fall:[39,40,881],fallback:[3,20,21,23,40,46,902,909],fallback_realm:909,fals:[14,20,21,23,26,28,33,36,37,38,39,52,54,105,109,110,127,128,160,192,245,283,284,285,317,345,346,347,359,385,412,936],famili:[20,123,186,188,190,191,196,197,250,251,281,348,350,407,917],famou:34,far:37,fashion:[29,903,930],fast:[20,21,25,36,37,48,229,538,593,894,902,906,915],fast_avail:894,fast_ccache_nam:247,faster:[25,39,881,888],fatal:154,fdii:923,feasibl:34,featur:[24,29,365,368,900,903,920],feb:9,februari:880,fee:903,feedback:0,fellow:903,fenc:907,fences_wicker_initvt:907,fermi:903,fetch:[4,5,6,10,11,21,23,71,141,410,902],few:[890,922,937],fiat:903,fiction:907,fictiti:923,field:[3,6,20,21,23,35,36,37,39,44,46,48,153,256,308,327,328,338,340,349,353,354,356,357,408,733,737,873,894,895,898,899,902,906,907,915,919,923,935],file2:[885,899,937],file:[3,4,5,6,7,9,10,11,12,14,15,16,17,19,22,24,28,29,30,31,37,38,39,41,46,48,50,152,262,269,315,360,361,372,375,739,881,882,883,884,885,887,888,889,890,891,892,900,901,902,903,904,905,906,907,908,909,911,912,913,914,915,916,917,918,919,921,922,923,930,935,936,937],filenam:[2,3,5,6,7,8,15,20,21,23,28,34,36,37,41,43,384,881,885,902,937],filesystem:[20,23,34,37,899,901],fill:[46,48,50,56,119,121,134,150,152,224,230,231,301,304,309,324,344,354,355,387,388,391,393,394,898,899,907,918],filter:[20,21],find:[12,21,23,39,43,48,50,894,899,902,904,922,923,926,930],fine:[39,43],fini:[904,905,906,909,912,913,914,915,916,917],finish:48,fip:902,fire:39,firewal:[29,39,41],firm:903,first:[3,6,9,12,16,19,20,21,22,23,26,28,34,37,38,39,43,44,52,53,93,105,136,228,258,279,319,345,346,347,358,359,383,401,747,811,884,885,888,890,892,894,895,896,898,899,902,903,905,907,908,909,914,916,923,928,930,935,937],fit:[309,903],five:[3,21,23,34,882,885,913,928],fix:[6,899,902],flag:[2,3,5,6,11,14,19,20,21,22,23,25,28,33,35,39,40,43,46,48,55,62,69,74,78,122,151,153,192,269,279,322,323,324,328,338,340,349,351,353,356,357,360,361,401,712,713,714,715,719,720,721,722,724,731,732,809,810,811,816,817,824,863,878,881,890,902,906,915,923,925,926,927,929,930],flag_rsa_protocol:926,flagnam:19,flat:881,flavor:[3,23],flexibl:[21,38],flip:14,flush:918,fmt:[343,376,413,414,415,416],fnal:903,folder:21,follow:[2,3,6,8,10,14,15,19,20,21,22,23,24,25,26,28,29,34,35,36,37,39,43,62,228,245,248,263,330,341,342,349,356,358,386,404,881,882,884,885,887,888,890,891,894,895,896,898,902,903,907,908,911,918,920,922,923,926,927,929,930,934,935,936,937],foo:[3,6,15,21],foobar:[39,890,936],fool:25,foot:907,for_us:932,forbid:[3,23],forbidden:21,forc:[3,5,8,9,11,14,19,20,21,23,25,35,39,40,136],foreground:[4,8],forev:[3,23],forget:[5,23,34,156],fork:[10,34,930],form:[0,3,15,20,21,23,24,25,28,29,34,39,43,152,315,322,323,328,370,386,636,860,881,886,895,902,903,926,935,937],format:[0,3,6,19,20,21,36,39,43,48,343,402,413,415,416,717,722,724,863,873,881,883,884,885,890,892,896,900,902,907,908,930,932,937],former:385,formerli:513,formul:21,forth:21,fortuna:[890,902,903],forward:[3,15,20,21,23,33,34,36,38,43,48,351,525,542,824,902,923,926,927,930,937],found:[7,10,12,20,21,23,34,39,59,60,151,153,154,195,313,356,890,899,902,922,923,930,931,937],foundat:903,four:[21,24,35,40,894,895,896,899,908,930],fqdn:29,fraction:25,frame:894,framework:[43,902,903],fred:28,free:[46,47,48,49,65,67,72,76,91,93,111,115,141,143,145,150,153,169,172,173,174,175,177,178,180,181,182,183,194,195,224,227,229,236,261,272,275,280,286,308,313,315,319,321,322,323,324,325,326,327,328,329,332,335,336,337,341,342,351,352,353,354,356,357,360,372,386,398,400,402,404,903,905,907,918],free_ind:905,free_list:909,free_modreq:915,free_restrict:912,free_str:[916,918],free_valu:918,freed:[44,57,58,61,78,85,106,136,144,146,198,199,200,201,202,204,207,208,210,211,212,215,216,217,218,219,221,222,228,262,310,331,362,363,365,368,849,850],freeli:903,freenod:920,frequent:[14,33,38,39,869,922],fresh:[0,15,17,20,592,897,902,926,930],fri:9,friend:923,friendli:902,friendlier:902,from:[0,2,3,4,5,6,7,8,9,10,11,17,19,20,21,22,24,25,26,28,29,32,34,35,37,38,39,41,43,44,46,48,49,93,99,100,101,102,103,113,119,121,129,148,166,169,180,181,183,195,241,245,250,258,269,287,288,289,290,294,298,319,324,327,339,343,349,353,354,355,356,357,372,373,375,377,379,380,410,416,436,816,829,830,881,884,885,888,889,890,894,895,899,900,902,903,904,905,906,908,910,911,913,918,920,922,923,926,928,930,932,935,937],from_mast:[8,901],front:[20,341],fsanit:890,ftp:[32,34],fubar:[21,937],fulfil:930,full:[4,8,9,14,20,23,39,48,328,890,902,911,922,930],fulli:[3,15,19,21,23,29,32,34,35,46,926,937],fullname_out:143,fulvio:42,func:[63,80],fund:903,fundsxpress:903,furnish:903,further:[10,34,885,936],furthermor:[14,245,903],futur:[23,37,43,156,228,873,902,909],g10:903,g_accept_sec_context:903,g_acquire_cr:903,g_canon_nam:903,g_compare_nam:903,g_context_tim:903,g_delete_sec_context:903,g_dsp_name:903,g_dsp_statu:903,g_dup_nam:903,g_exp_sec_context:903,g_export_nam:903,g_glue:903,g_imp_nam:903,g_imp_sec_context:903,g_init_sec_context:903,g_initi:903,g_inquire_context:903,g_inquire_cr:903,g_inquire_nam:903,g_process_context:903,g_rel_buff:903,g_rel_cr:903,g_rel_nam:903,g_rel_oid_set:903,g_seal:903,g_sign:903,g_store_cr:903,g_unseal:903,g_userok:903,g_util:903,g_verifi:903,gain:[14,25,34,912,914,923],gcc:890,gen_sym:930,gener:[2,9,12,14,15,17,19,20,21,23,25,26,32,35,41,43,48,113,125,126,260,283,294,324,327,338,339,436,517,518,519,520,808,825,840,881,885,887,888,889,890,892,894,902,903,906,910,915,920,923,930,935],generalizedtim:895,generalstr:37,generic_trusted_ca:[20,21],gennadi:930,genrsa:37,german:902,get:[3,12,14,16,19,20,21,23,32,33,35,38,39,48,59,60,163,236,254,258,275,890,902,906,909,915,922,923,926,930,937],get_cooki:[902,915],get_cr:46,get_princ:[3,23],get_tgt_via_passwd:930,get_valu:918,getaddrinfo:38,getdat:[3,5,6,19,23],gethostnam:[38,43],getnameinfo:38,getopt:887,getpol:[3,23],getprinc:[3,6,14,23,35,902],getpwuid:[3,23],getrandom:902,getstr:3,getusershel:930,gic_opt:906,give:[6,14,23,28,38,888,894,895,903,916,922,923],given:[2,3,5,6,8,10,14,20,21,23,28,36,38,39,41,46,48,49,59,60,124,135,315,326,386,850,890,894,899,903,927],gladman:903,glob:[3,6,15,23],global:[5,19,20,21,22,23,141,155,902],glorifi:907,glossolalia:14,glue:887,gmbh:903,gmt:882,gnu:[38,888,890,902,903],goal:46,going:[20,24,923],good:[12,15,23,34,122,903,922,923,937],googl:903,gotten:923,gov:[21,903],govern:[23,903,928],gpg:889,gpl:903,grace:926,gracefulli:908,grain:43,grammar:[894,898],grant:[3,14,19,20,21,23,26,28,34,35,37,39,43,46,48,224,235,260,264,267,744,881,902,903,912,916,921,923,926,930,936],gratitud:903,great:[19,153,267,736],greg:937,groff:0,group:[20,21,40,895,903],grow:885,gs2:902,gss:[28,887,894,901,902,908,937],gss_:908,gss_accept_sec_context:[43,902,908],gss_acquire_cr:[43,902],gss_acquire_cred_impersonate_nam:43,gss_acquire_cred_with_password:902,gss_add_cr:908,gss_add_cred_from:908,gss_add_cred_impersonate_nam:908,gss_add_cred_with_password:908,gss_add_oid_set_memb:908,gss_buffer_desc:43,gss_buffer_set_t:43,gss_buffer_t:[43,908],gss_c_accept:43,gss_c_both:43,gss_c_buffer_flag_alloc:43,gss_c_buffer_type_data:43,gss_c_buffer_type_head:43,gss_c_buffer_type_mic_token:43,gss_c_buffer_type_pad:43,gss_c_buffer_type_sign_onli:43,gss_c_buffer_type_stream:43,gss_c_buffer_type_trail:43,gss_c_dce_styl:43,gss_c_deleg_policy_flag:902,gss_c_inq_negoex_kei:908,gss_c_inq_negoex_verify_kei:908,gss_c_ma_negoex_and_spnego:908,gss_c_no_credenti:43,gss_c_no_nam:43,gss_c_nt_anonym:43,gss_c_nt_export_nam:43,gss_c_nt_hostbased_servic:43,gss_c_nt_machine_uid_nam:43,gss_c_nt_string_uid_nam:43,gss_c_nt_user_nam:43,gss_c_null_oid:43,gss_c_qop_default:43,gss_c_sec_context_sasl_ssf:902,gss_create_empty_oid_set:908,gss_cred_id_t:[43,908],gss_cred_usage_t:43,gss_ctx_id_t:[43,908],gss_display_statu:908,gss_error:43,gss_export_cr:43,gss_export_nam:43,gss_get_mic_iov:43,gss_get_mic_iov_length:43,gss_get_name_attribut:43,gss_import_cr:[43,908],gss_import_nam:[43,908],gss_import_sec_context:908,gss_init_sec_context:43,gss_inquire_attrs_for_mech:908,gss_inquire_cr:43,gss_inquire_cred_by_oid:[43,902],gss_inquire_nam:43,gss_inquire_sec_context_by_oid:[902,908],gss_iov:902,gss_iov_buffer_desc:43,gss_iov_buffer_desc_struct:43,gss_iov_buffer_flag_alloc:43,gss_iov_buffer_t:43,gss_iov_buffer_type_data:43,gss_iov_buffer_type_head:43,gss_iov_buffer_type_mic_token:43,gss_iov_buffer_type_pad:43,gss_iov_buffer_type_sign_onli:43,gss_iov_buffer_type_stream:43,gss_iov_buffer_type_trail:43,gss_krb5_cred_no_ci_flags_x:902,gss_krb5_get_cred_imperson:[43,902],gss_krb5_nt_enterprise_nam:[43,902],gss_krb5_nt_principal_nam:43,gss_mech_config:[28,901,937],gss_mech_interpos:908,gss_name_t:[43,908],gss_oid:[43,908],gss_oid_set:[43,908],gss_qop_t:43,gss_release_iov_buff:43,gss_s_cred_unavail:43,gss_s_unavail:43,gss_store_cr:902,gss_unwrap_aead:43,gss_unwrap_iov:43,gss_verify_mic_iov:43,gss_wrap_aead:43,gss_wrap_iov:43,gss_wrap_iov_length:43,gss_wrapex:902,gssapi:[15,16,20,21,45,880,881,884,885,887,902,903,904,910,929,937],gssapi_err_gener:903,gssapi_ext:[43,908],gssapi_krb5:43,gssapiauthent:28,gssapip_spnego:903,gssapistrictacceptorcheck:38,gssapiv2:43,gssd_pname_to_uid:903,gssi_:908,gssi_import_cred_by_mech:908,gssi_import_name_by_mech:908,gssi_import_sec_context_by_mech:908,gssrpc:903,gssspi_exchange_meta_data:908,gssspi_query_mechanism_info:908,gssspi_query_meta_data:908,guarante:14,guard:885,guess:[21,34,902],guest:[3,21,23],guid:[15,30,32,910],h5l:[21,44],had:[6,23,28,34,37,922,923,936],haddl:85,hand:[14,23,34],handi:34,handl:[3,6,14,19,23,36,43,48,71,132,135,137,139,141,142,143,144,145,146,147,149,150,151,152,153,154,155,157,158,159,161,164,223,224,235,246,250,251,265,276,300,301,303,306,308,309,310,311,312,314,316,332,337,338,339,340,356,400,410,903,906,911,915],handle_error:43,handle_out_of_space_error:43,happen:[3,17,20,23,34,39,41,923],happi:903,hard:[20,23],hardcod:[881,884,918],hardwar:[3,20,23,34,46,915,923,927],harm:885,harvard:903,harwood:937,has:[0,3,5,6,12,14,15,17,19,20,21,23,24,25,26,27,28,34,35,37,38,39,43,46,78,124,260,263,279,353,357,385,401,723,881,885,888,889,890,894,898,899,902,903,908,912,913,914,917,922,923,927,930,935],hash:[6,21,23,37,885,895,899,902],hat:[903,937],have:[0,2,3,6,8,12,14,15,17,19,20,21,23,24,25,26,28,32,33,34,35,37,38,39,43,46,101,153,230,274,399,881,885,888,889,892,894,895,898,899,902,903,904,906,907,908,911,912,913,915,917,919,922,923,926,930,934,936,937],have_getusershel:930,haven:[890,937],hdata:230,head:21,header:[6,21,43,48,529,532,793,890,904,905,906,907,909,911,912,913,914,915,916,917,918,919],headernam:890,heim_org:21,heimdal:[42,43,45,881,902],held:[903,927],hellman:[20,21,926],help:[21,37,885,890,902,918,920,923,929,937],helpdesk:14,henc:12,her:[39,923,936],here:[0,15,19,20,21,23,28,35,41,43,46,882,890,907,922,923],hereaft:903,herebi:903,hesiod:[21,890,903],heurist:[21,154,230,904,930,935],hexadecim:[6,902],hhmmss:882,hidden:[46,349,854],hide:[3,23,926],hierarch:[4,21,902],hierarchi:23,high:[14,16,24],higher:[43,881,892,902],highest:[3,6,14,15,21,308,313,410],highli:[889,902],himself:923,hin:889,hint:[3,20,23,149],his:[19,23,923,930,936],hist_kvno:6,histor:[28,33,880],histori:[6,890,902],hit:[48,930],hmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],hold:[3,43,78,170,187,192,193,394,395,881],holder:903,hole:[32,34,39,898],home:[5,21,23,28,922,930,934,935,936],honor:[41,902,923],hook:[48,849,850,902,910],hope:903,hopefulli:35,host01:937,host:[3,4,7,8,12,14,15,16,20,21,23,24,25,29,30,31,33,36,37,38,39,43,46,48,194,223,230,326,328,385,386,410,637,639,885,888,890,902,910,915,922,923,926,927,930,934,935,936,937],host_based_servic:[20,39],host_realm:909,hostaccount:28,hostnam:[3,12,15,20,21,23,33,34,37,38,41,43,48,326,385,386,890,902,909,932,935,937],hostrealm:[28,902,910],hostrealm_plugin:909,hotp:3,hour:[5,19,20,23,33,882,922,923,930,937],houston:39,how:[14,20,21,23,26,28,32,34,37,39,43,224,412,889,890,900,904,910,917,918,922,926],howev:[3,6,14,17,20,21,23,25,32,33,35,37,39,888,903,923,937],html:[0,22,42,889,892,902],html_subst:892,htmlsrc:892,http:[21,22,25,30,38,39,42,888,889,892,902,903,920],http_anchor:[21,29],hudson:937,human:[169,882,902],hundr:24,hwauth:20,hxx:903,iakerb:902,icr:43,idea:38,ideal:[15,23,34,46,888],ident:[3,15,20,22,23,43,48,358,724,864,865,881,902,906,922,923,926,928],identif:[902,903],identifi:[4,10,21,28,166,265,313,315,717,810,816,831,902,903,932],iec:889,ietf:902,ignor:[3,15,19,20,21,26,28,43,48,235,260,264,267,269,278,282,339,342,347,356,385,528,693,696,849,885,888,890,894,902,907,935,937],ignore_acceptor_hostnam:[21,38,43],illinoi:42,illumin:937,imap:[38,890,935],immedi:[6,14,21,23,39,902,915],impact:35,impend:46,imperson:902,impl:890,implement:[0,14,20,21,23,24,28,29,36,39,40,43,44,46,51,113,119,151,294,379,380,881,888,890,894,896,898,902,903,904,905,906,907,908,909,911,912,913,915,916,917,918,919,920,923,930,937],impli:903,implicit:20,implicitli:21,impos:912,imposs:[23,35],improv:[0,14,20,21,35,902,920],in_authdat:173,in_cr:[224,225,226,327,372],in_data:[326,327,372],in_length:[131,409],in_tkt_servic:[235,260,264,267],inaccess:39,inaccur:21,inaddr:172,inadequ:41,inauthdat1:319,inauthdat2:319,inbuf:[353,354,355,356,357],inc:[903,923,937],incc:134,incident:903,includ:[6,9,15,16,19,20,21,24,32,33,34,37,38,39,43,48,99,104,122,144,287,309,322,323,327,328,337,338,340,341,356,403,672,797,810,817,830,844,880,881,885,887,890,891,892,894,895,898,902,903,906,907,908,912,914,915,918,922,926,930,937],include_pac:844,includedir:[21,890],inclus:903,incom:[20,38,908],incompat:[888,890,911],incomplet:21,inconsist:24,incorpor:[0,20,24,902],incorrect:[35,39,719,720,922,923],incorrectli:923,incr:177,increas:[20,24,40,100,103,288,290,910],increment:[4,8,9,14,19,20,24,31,35,39,48,87,89,322,323,328,899,902,903],indata:178,inde:923,independ:[21,26,138,163,245,305,890],index:[6,22,29,42,366,889,899],indic:[3,6,14,19,20,21,23,26,28,30,36,37,39,41,43,46,154,245,324,712,713,714,715,719,720,721,722,821,881,882,884,885,894,895,896,898,899,902,903,905,906,907,915,923,926,937],indirect:903,individu:[9,20,903,923,937],inetd:[8,12,34,41],infd:62,influenc:38,info2:902,info:[20,34,229,644,646,650,659,810,816,872,902],inform:[3,4,6,7,9,11,20,22,26,28,33,34,38,39,41,43,46,169,185,229,250,251,282,322,324,330,339,361,383,384,412,645,647,724,808,809,847,854,859,873,881,889,890,893,894,895,898,902,906,907,910,911,915,918,920,926,937],infrastructur:[21,40,887,888,902],infrequ:902,inherit:[922,930],ini:21,init:[4,10,904,905,906,909,912,913,914,915,916,917],init_cr:46,initi:[3,5,12,14,15,21,22,23,25,26,34,35,40,45,48,99,102,115,124,229,269,287,289,398,501,861,868,881,884,890,894,902,903,906,907,922,923,926,927,929,930,937],initiator_cred_handl:43,inittab:34,initvt:907,inject:25,inop:14,inout:[98,99,100,102,103,114,287,288,289,290,295,326,327,356,358,360,361,372,403],inprinc:182,inptr:[186,190],input:[23,43,48,49,99,100,102,103,107,113,117,119,124,144,194,195,224,287,288,289,290,294,296,349,372,373,400,904,916,919],input_assoc_buff:43,input_ccach:926,input_message_buff:43,input_name_buff:908,input_name_typ:908,input_payload_buff:43,inputlen:104,inquir:[3,15,19,23],inquiri:19,ins:32,insecur:[14,32,39,43,230],insensit:[39,347,691,882],insert:[25,809,816],insid:[15,26,195,895,902],insist:930,inspect:[16,377,378,849,850,912,914],inst:50,instal:[12,14,15,17,21,28,30,32,39,886,889,892,911,925,929],instanc:[19,21,23,28,33,35,43,49,50,637,638,885,894,902,907,937],instead:[3,4,6,8,14,20,21,23,24,34,37,38,46,239,246,278,307,339,341,413,415,850,890,902,903,908,915,925,927,930,936],institut:[893,903,937],instruct:[22,23,34,37,890,920],insuffici:[223,231,300,320,322,890],int16_t:827,int32_t:828,int_max:771,intact:903,integ:[3,15,20,21,23,36,37,880,894,895,898,908],integr:[26,33,43,46,323,328,353,357,887,889,901,902,903,923],intel:903,intend:[3,10,23,41,43,46,349,930],interact:[2,3,21,23,39,365,890],intercept:[28,908],interest:[21,35,885,891],interfac:[3,11,14,19,20,23,28,34,46,881,885,887,890,902,907,910],interface_modname_initvt:907,interface_module_initvt:907,interface_plugin:907,interfer:888,intermedi:[20,21,23,43,224,894,895,902,923],intern:[24,36,41,107,715,831,904,905,906,910,912,913,914,915,917,919,937],internet:38,interoper:[37,379,380,881,908],interpos:[28,910],interpret:[3,36,43,46,152,245,908,926,930,932],interprocess_token:908,interrupt:[14,260,903],intersect:26,interv:[3,8,23,34,35,880,882],interven:23,intervent:14,introduc:[3,20,21,905,909,913,914,916],intrud:923,invalid:[14,21,23,50,136,139,156,260,313,923,926,927],invers:898,investig:890,invis:25,invoc:[6,41,43],invok:[4,8,9,11,12,21,23,24,46,80,136,245,383,908,915,916,917,926,928,930],involv:[21,915],iov:[48,100,103,288,290,811,902],iov_count:43,iprop:[4,8,20,902,903],iprop_en:[4,8,20,23],iprop_hdr:903,iprop_listen:20,iprop_logfil:[20,23],iprop_master_ulogs:[20,23],iprop_port:[20,23],iprop_replica_pol:[8,20,23],iprop_resync_timeout:[20,23],iprop_slave_pol:20,ipropd_svc:903,ipv4:38,ipv6:[21,38,902],iran:903,is_last_req:[245,822],is_skei:[153,733,810,894],isi:930,isn:[20,23,330,885,888,903],iso:889,isol:39,issu:[2,3,14,20,21,23,26,29,32,35,36,37,39,43,46,318,408,868,890,902,906,915,923,926],issuanc:[3,23],issuer:[21,37,318,408],issueraltnam:37,item:[253,715,907,915],iter:[3,20,23,24,48,164,356,801,904,918],iterator_cr:918,iterator_fre:918,its:[3,4,8,10,14,15,17,20,21,23,24,26,28,29,32,33,34,35,37,38,39,40,41,43,46,48,87,89,92,107,117,228,269,296,353,356,357,378,408,882,893,894,903,904,905,906,907,908,915,919,925,926,927,935],itself:[3,4,8,10,14,15,20,21,23,28,43,46,198,199,200,201,202,203,206,207,208,209,212,215,216,221,331,720,810,881,884,886,908,915,923],ivec:[186,190],jan:23,januari:[23,880,882],jellinghau:903,jennif:[3,23,922,923,937],jeremi:903,jimi:12,job:[8,17,34,39],joeadmin:[19,23,32,936],joeuser:937,johndo:21,jqpublic:930,json:[3,36,46,365,368,722,724,894],jul:882,juli:882,just:[6,14,15,20,21,23,33,34,43,323,635,881,888,891,906,923,930,936],k5_gic_opt:[235,260],k5_random_kei:[115,124],k5_vic_opt:[411,412],k5ident:[21,28,921,934],k5login:[21,28,921,922,930,934],k5login_authorit:[21,28,936],k5login_directori:[21,28],k5srvutil:[1,14,884],k5user:930,k5wiki:[888,902,920],kadm5:[3,4,6,18,20,21,23,24,34,887,901,902,903,910,912],kadm5_auth:[19,902,910],kadm5_auth_modinfo:912,kadm5_auth_plugin:912,kadm5_auth_restrict:912,kadm5_hook:[902,910],kadm5_hook_modinfo:913,kadm5_hook_plugin:913,kadm5_pass_q_:919,kadm:929,kadmin:[1,2,4,5,6,10,11,12,14,15,16,19,20,21,22,24,25,26,32,34,35,37,39,40,166,245,379,881,882,884,887,902,903,910,913,928,929,937],kadmind:[1,3,5,9,19,20,21,22,23,24,26,28,34,39,122,886,902,910,928,937],kadmind_listen:20,kadmind_port:[4,20,34],kaduk:14,kbd5_util:23,kbuild:887,kcm:[21,881,902,903,937],kcm_mach_servic:21,kcm_socket:21,kdb5_err:903,kdb5_ldap_util:[1,3,4,10,20,22,23,24],kdb5_util:[1,4,7,8,10,11,14,20,22,23,24,34,882,887,901,902,937],kdb5_util_path:4,kdb5_util_prog:8,kdb:[4,22,23,24,35,887,902,903,910,914,926,929],kdb_convert:903,kdb_log:903,kdc1:39,kdc2:39,kdc:[3,4,5,6,8,9,10,11,15,16,17,18,19,21,22,23,24,25,26,29,31,32,33,36,40,43,46,48,101,107,119,166,224,230,235,241,245,247,258,260,269,330,337,338,339,340,410,538,540,557,648,722,816,829,830,849,850,868,881,884,886,887,890,891,894,896,897,902,905,906,909,910,911,917,919,923,926,937],kdc_cert:37,kdc_default_opt:21,kdc_err_more_preauth_data_requir:902,kdc_listen:[20,34],kdc_max_dgram_reply_s:20,kdc_opt_allow_postd:773,kdc_opt_canonic:773,kdc_opt_cname_in_addl_tkt:773,kdc_opt_disable_transited_check:773,kdc_opt_enc_tkt_in_skei:773,kdc_opt_forward:773,kdc_opt_postd:773,kdc_opt_proxi:773,kdc_opt_renew:773,kdc_opt_renewable_ok:[21,773],kdc_opt_request_anonym:773,kdc_opt_valid:773,kdc_option:830,kdc_port:20,kdc_princ_nam:37,kdc_princip:37,kdc_principal_seq:37,kdc_tcp_listen:[20,34,37],kdc_tcp_listen_backlog:20,kdc_tcp_port:20,kdc_timesync:21,kdc_tkt_common_mask:773,kdcdefault:[10,34,37,40],kdcissu:48,kdckei:37,kdclist:34,kdcpolici:[902,910],kdcpolicy_plugin:914,kdcpreauth:[902,910],kdcpreauth_mymech_initvt:907,kdcpreauth_plugin:915,kdcproxi:29,kdestroi:[33,881,902,921,924,926,927,931,932,937],keep:[3,9,15,23,35,885,888,889,922],keepkvno:3,keepold:[3,14,23,902],kei:[2,3,5,6,9,10,11,12,15,16,19,20,21,25,28,32,34,36,37,38,40,41,43,46,48,73,77,87,89,100,103,105,106,108,113,114,117,119,129,130,141,153,155,181,216,224,229,234,258,276,277,280,292,293,305,306,311,318,322,327,337,338,339,340,348,351,356,360,361,408,410,435,436,658,724,734,740,797,809,810,816,817,818,831,832,834,884,885,886,887,890,891,894,895,896,901,902,906,908,915,923,926,927,932,937],kept:[3,17,20,23,32],kerber:[14,33,34,930],kerbero:[2,3,4,5,6,7,8,9,10,11,12,14,18,19,20,21,24,25,26,27,28,30,31,32,33,36,37,38,42,43,45,46,47,48,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,120,121,122,124,125,126,129,130,133,134,135,141,142,145,147,148,149,150,151,152,153,155,156,157,158,159,161,162,163,164,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,303,304,306,308,309,312,313,314,315,316,319,320,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,341,342,344,349,351,352,353,354,355,356,357,358,360,361,371,372,373,374,375,379,380,381,382,386,393,394,395,397,398,399,400,401,402,403,404,405,406,410,881,882,885,886,887,888,890,891,893,894,910,913,916,918,920,921,922,925,926,927,928,929,930,931,932,933,934,935,936],kerboro:18,kern:20,kernel:[881,887,902],key_data:[286,293],key_exp:816,key_stash_fil:[6,20,23,34],keyagr:37,keyblock:[48,70,75,90,101,107,115,117,215,216,224,280,281,328,350,356,390,810,894],keyboard:[4,6,10,23,48],keybyt:112,keydata:6,keyencipher:[21,37],keyexchang:107,keyfil:[6,20,22,23],keyfilenam:21,keyid:37,keyindex:6,keyinfo:6,keylength:112,keylist:[11,15],keyprocarg:313,keyr:[881,890,902,937],keysalt:[2,3,15,23,901],keyspac:14,keytab:[2,3,7,8,11,12,14,17,21,23,28,31,41,43,46,48,302,308,309,310,312,315,316,356,360,361,412,881,883,885,886,890,891,894,897,901,902,926,927,929,930,937],keytab_fil:926,keytab_nam:927,keytab_out:301,keytabl:834,keytabnam:890,keytyp:10,keyusag:37,keyutil:890,keyword:[21,882],kfw:902,kile:671,kill:34,kind:[38,43,105,881,903,906,908,915],kinit:[3,12,15,16,21,22,23,28,29,33,34,35,37,41,46,881,882,906,921,924,925,927,930,931,932,933,937],kiprop:[4,8,23],kkdcp:[29,39,902,903],klau:903,kldap:[20,22],klein:903,klist:[14,15,33,881,884,921,924,925,926,930,931,937],klmdb:20,know:[21,33,35,37,885,890,908,923],knowledg:[0,14,17,410,906,915],known:[6,20,23,26,38,46,48,152,231,315,641,642,891,902,935],korea:903,kpasswd:[3,4,14,15,20,21,23,29,33,902,921,922,924,937],kpasswd_listen:20,kpasswd_port:20,kpasswd_serv:[21,29,39],kpclientauth:20,kpkdc:21,kprop:[1,4,6,8,15,23,24,34,35,887,901,903,937],kprop_path:4,kprop_port:[4,901,937],kpropd:[1,4,7,9,23,34,41,887,901,902],kpropd_rpc:903,kproplog:[1,8,903],kpserverauth:[21,37],krb4:902,krb524:21,krb524_convert_creds_kdc:773,krb524_init_et:773,krb524_krb4_disabl:51,krb5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,22,23,24,25,26,27,28,29,30,31,32,33,35,36,37,38,39,40,41,42,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,270,271,272,273,274,275,276,277,278,279,280,281,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,774,775,776,777,778,779,780,781,782,783,784,785,786,787,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,930,931,932,933,934,935,936,937],krb5_425_conv_princip:48,krb5_524_conv_princip:48,krb5_524_convert_cr:[48,774],krb5_address:[52,53,54,64,82,84,172,198,232,233,234,240,329,788,808,809,810,816,817,824,830],krb5_address_compar:48,krb5_address_ord:48,krb5_address_search:48,krb5_addrtyp:[788,789],krb5_allow_weak_crypto:48,krb5_altauth_att_challenge_respons:773,krb5_aname_to_localnam:[48,902,916],krb5_anonymous_princip:48,krb5_anonymous_princstr:[57,773],krb5_anonymous_realm:48,krb5_anonymous_realmstr:[58,773],krb5_ap_rep:[773,788],krb5_ap_rep_enc_part:[48,354,372,788],krb5_ap_req:[773,788],krb5_appdefault_boolean:[48,60],krb5_appdefault_str:[48,59],krb5_as_rep:[773,829],krb5_as_req:[773,830],krb5_auth_con_fre:[48,78],krb5_auth_con_genaddr:[48,82,84],krb5_auth_con_get_checksum_func:48,krb5_auth_con_getaddr:[44,48],krb5_auth_con_getauthent:48,krb5_auth_con_getflag:48,krb5_auth_con_getkei:48,krb5_auth_con_getkey_k:48,krb5_auth_con_getlocalseqnumb:48,krb5_auth_con_getlocalsubkei:48,krb5_auth_con_getrcach:48,krb5_auth_con_getrecvsubkei:[48,75],krb5_auth_con_getrecvsubkey_k:48,krb5_auth_con_getremoteseqnumb:48,krb5_auth_con_getremotesubkei:48,krb5_auth_con_getsendsubkei:[48,70],krb5_auth_con_getsendsubkey_k:48,krb5_auth_con_init:[48,61],krb5_auth_con_initivector:48,krb5_auth_con_set_checksum_func:48,krb5_auth_con_set_req_cksumtyp:48,krb5_auth_con_setaddr:[44,48],krb5_auth_con_setflag:[48,78],krb5_auth_con_setport:[44,48],krb5_auth_con_setrcach:48,krb5_auth_con_setrecvsubkei:[44,48],krb5_auth_con_setrecvsubkey_k:48,krb5_auth_con_setsendsubkei:[44,48],krb5_auth_con_setsendsubkey_k:48,krb5_auth_con_setuseruserkei:[48,356],krb5_auth_context:[48,62,63,64,65,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,84,85,86,87,88,89,90,223,320,322,323,324,325,326,327,328,351,353,354,355,356,357,360,361,372,788,840],krb5_auth_context_do_sequ:[66,69,74,83,322,323,324,328,353,357,773],krb5_auth_context_do_tim:[66,78,83,322,323,328,353,357,773],krb5_auth_context_generate_local_addr:[62,773],krb5_auth_context_generate_local_full_addr:[62,773],krb5_auth_context_generate_remote_addr:[62,773],krb5_auth_context_generate_remote_full_addr:[62,773],krb5_auth_context_permit_al:773,krb5_auth_context_ret_sequ:[66,83,322,323,324,328,351,353,357,773],krb5_auth_context_ret_tim:[66,83,322,323,328,351,353,357,773],krb5_auth_context_use_subkei:773,krb5_authdata:[173,184,189,195,200,318,319,408,788,797,810,817,830],krb5_authdata_and_or:773,krb5_authdata_auth_ind:773,krb5_authdata_cammac:773,krb5_authdata_etype_negoti:773,krb5_authdata_fx_armor:773,krb5_authdata_if_relev:773,krb5_authdata_initial_verified_ca:773,krb5_authdata_kdc_issu:773,krb5_authdata_mandatory_for_kdc:773,krb5_authdata_osf_dc:773,krb5_authdata_sesam:773,krb5_authdata_signticket:773,krb5_authdata_win2k_pac:773,krb5_authdatatyp:[184,189,195,788,795],krb5_authent:[48,65,788,870],krb5_bad_enctyp:[116,286],krb5_boolean:[52,54,55,105,109,110,127,128,129,130,160,192,253,283,284,285,298,299,317,338,340,345,346,347,359,385,788,810,822,844],krb5_build_princip:[46,47,48,92],krb5_build_principal_alloc_va:[47,48,91,94],krb5_build_principal_ext:[47,48],krb5_build_principal_va:48,krb5_c_:[123,186,188,190,191,196,197,281,348,350,407],krb5_c_block_siz:48,krb5_c_checksum_length:[48,168],krb5_c_crypto_length:48,krb5_c_crypto_length_iov:48,krb5_c_decrypt:[48,287],krb5_c_decrypt_iov:[48,103,288],krb5_c_derive_prfplu:[48,902],krb5_c_encrypt:48,krb5_c_encrypt_iov:[48,290],krb5_c_encrypt_length:[48,102,289],krb5_c_enctype_compar:48,krb5_c_free_stat:48,krb5_c_fx_cf2_simpl:48,krb5_c_init_st:48,krb5_c_is_coll_proof_cksum:48,krb5_c_is_keyed_cksum:48,krb5_c_keyed_checksum_typ:48,krb5_c_keylength:[48,124],krb5_c_make_checksum:[48,131,294],krb5_c_make_checksum_iov:[48,130,295],krb5_c_make_random_kei:48,krb5_c_padding_length:48,krb5_c_prf:[48,119,296],krb5_c_prf_length:[48,117],krb5_c_prfplu:[48,902],krb5_c_random_add_entropi:48,krb5_c_random_make_octet:48,krb5_c_random_os_entropi:48,krb5_c_random_se:48,krb5_c_random_to_kei:48,krb5_c_string_to_kei:[48,126,390],krb5_c_string_to_key_with_param:48,krb5_c_valid_cksumtyp:48,krb5_c_valid_enctyp:48,krb5_c_verify_checksum:[48,113,294,298,409],krb5_c_verify_checksum_iov:[48,114,299],krb5_calculate_checksum:48,krb5_cc_badnam:223,krb5_cc_cache_match:48,krb5_cc_close:[48,132,154,164],krb5_cc_copy_cr:48,krb5_cc_cursor:[139,150,158,788],krb5_cc_default:48,krb5_cc_default_nam:[48,135,156],krb5_cc_destroi:48,krb5_cc_dup:48,krb5_cc_end_seq_get:[48,158],krb5_cc_gen_new:48,krb5_cc_get_config:48,krb5_cc_get_flag:48,krb5_cc_get_full_nam:48,krb5_cc_get_nam:48,krb5_cc_get_princip:[47,48],krb5_cc_get_typ:48,krb5_cc_initi:[48,145],krb5_cc_move:48,krb5_cc_new_uniqu:48,krb5_cc_next_cr:[48,139,158],krb5_cc_nosupp:151,krb5_cc_notfound:[132,154,165],krb5_cc_remove_cr:[48,902],krb5_cc_resolv:[48,144],krb5_cc_retrieve_cr:[48,151],krb5_cc_select:48,krb5_cc_set_config:[44,48,283],krb5_cc_set_default_nam:[48,136],krb5_cc_set_flag:48,krb5_cc_start_seq_get:[48,139,150],krb5_cc_store_cr:48,krb5_cc_support_switch:48,krb5_cc_switch:48,krb5_ccach:[132,133,134,135,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,157,158,159,161,164,223,224,225,226,232,233,234,246,250,251,264,267,326,372,380,400,410,788],krb5_ccache_conf_data:894,krb5_cccol:904,krb5_cccol_cursor:[162,163,164,788],krb5_cccol_cursor_fre:[48,163,164],krb5_cccol_cursor_new:[48,162,164],krb5_cccol_cursor_next:[48,162,163],krb5_cccol_have_cont:48,krb5_cccol_last_change_tim:44,krb5_ccselect_moddata:904,krb5_ccselect_vt:907,krb5_change_password:[48,169],krb5_check_clockskew:48,krb5_checksum:[48,113,129,131,294,298,409,788,797,845],krb5_checksum_s:48,krb5_chpw_fail:260,krb5_chpw_messag:48,krb5_chpw_pwdnull:260,krb5_cksumtyp:[81,96,109,110,111,113,114,127,130,131,168,170,204,294,295,299,387,409,788,802],krb5_cksumtype_to_str:48,krb5_clear_error_messag:48,krb5_client_ktnam:[15,884,901,937],krb5_clpreauth_moddata:906,krb5_clpreauth_modreq:906,krb5_config:[8,21,34,901,902,937],krb5_config_cantopen:50,krb5_config_notenufspac:[56,304],krb5_const:773,krb5_const_point:[131,186,190,409,788],krb5_const_princip:[50,56,57,141,155,182,283,308,318,337,338,339,340,344,345,346,347,356,359,385,402,403,404,405,788],krb5_context:[46,48,49,50,51,52,53,54,55,56,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,171,172,173,174,175,177,178,179,180,181,182,183,184,186,188,189,190,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,372,373,374,376,377,378,379,380,381,383,384,385,386,390,393,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,413,414,415,416,788,822,840,849,850,856,861,872,907],krb5_copy_address:48,krb5_copy_authdata:48,krb5_copy_authent:48,krb5_copy_checksum:48,krb5_copy_context:48,krb5_copy_cr:48,krb5_copy_data:[48,849,850],krb5_copy_error_messag:48,krb5_copy_keyblock:48,krb5_copy_keyblock_cont:48,krb5_copy_princip:[47,48],krb5_copy_ticket:48,krb5_cred:[46,48,51,150,151,153,159,166,220,224,225,226,232,233,234,235,260,264,267,272,320,322,327,351,372,379,398,400,410,773,788],krb5_cred_enc_part:[788,807],krb5_cred_info:[788,808],krb5_crypto_iov:[98,100,103,114,130,288,290,295,299,788],krb5_crypto_typ:[97,811],krb5_crypto_type_checksum:[114,130,295,299,773],krb5_crypto_type_data:[114,130,295,299,773],krb5_crypto_type_empti:773,krb5_crypto_type_head:773,krb5_crypto_type_pad:773,krb5_crypto_type_sign_onli:[98,114,130,295,299,773],krb5_crypto_type_stream:773,krb5_crypto_type_trail:773,krb5_cryptotyp:[97,788,811],krb5_cybersafe_secureid:773,krb5_data:[48,58,59,60,99,100,101,102,103,106,108,113,117,119,120,121,123,124,125,126,129,141,155,166,169,185,223,229,230,258,265,279,284,287,288,289,290,294,296,298,320,321,322,323,324,325,326,327,328,330,332,337,338,344,351,352,353,354,355,356,357,361,372,379,380,390,401,788,805,810,811,815,820,824,840,845,849,850,852,853,854,866,874,879],krb5_db_entri:905,krb5_decode_authdata_contain:[48,189],krb5_decode_ticket:48,krb5_decrypt:48,krb5_deltat:[187,235,256,259,260,275,388,788,824],krb5_deltat_badformat:388,krb5_deltat_to_str:48,krb5_domain_x500_compress:773,krb5_eblock_enctyp:48,krb5_enc_data:[99,102,287,289,788,791,793,807,829,830,867],krb5_enc_kdc_rep_part:[788,829],krb5_enc_tkt_part:[788,867],krb5_encode_authdata_contain:[48,184],krb5_encpadata_req_enc_pa_rep:773,krb5_encrypt:48,krb5_encrypt_block:[186,188,190,196,197,281,348,350,390,407,788],krb5_encrypt_s:48,krb5_enctyp:[95,97,98,101,104,105,111,112,115,116,118,124,125,126,128,188,191,192,193,211,229,232,233,234,244,261,280,292,308,313,375,389,407,788,815,818,824,830,832],krb5_enctype_to_nam:48,krb5_enctype_to_str:48,krb5_end_seq_get:150,krb5_error:[212,273,321,352,372,773,788],krb5_error_cod:[46,49,50,55,56,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,137,138,139,140,141,142,143,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,165,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,186,187,189,190,192,193,194,195,196,197,214,217,223,224,225,226,227,228,229,230,231,232,233,234,235,236,238,245,246,247,248,250,251,252,253,257,260,261,262,264,265,266,267,268,269,271,272,273,274,275,276,277,278,279,280,281,282,286,287,288,289,290,293,294,295,296,298,299,300,301,302,303,304,305,306,307,308,309,311,312,313,314,315,316,318,319,320,321,322,323,324,325,326,327,328,329,330,332,333,334,335,336,337,338,339,340,341,342,343,344,348,349,350,351,352,353,354,355,356,357,358,360,361,365,366,368,369,370,371,372,373,374,375,376,379,380,381,382,383,384,386,387,388,389,390,391,392,393,394,395,397,398,399,400,401,402,403,404,405,406,407,408,409,410,413,414,415,416,788,839,840,849,850,856,861,907],krb5_euid:885,krb5_expand_hostnam:48,krb5_expire_callback_func:[245,788],krb5_fast_requir:[248,773],krb5_fcc_intern:135,krb5_fences_vt:907,krb5_fences_vtable_v2:907,krb5_find_authdata:48,krb5_finish_kei:48,krb5_finish_random_kei:48,krb5_flag:[142,151,153,157,224,225,226,232,233,234,238,248,269,326,327,356,372,400,788,793,809,810,816,817,824,830,863,870,878],krb5_free_address:[48,172,329],krb5_free_ap_rep_enc_part:[48,354,372],krb5_free_authdata:[48,173,195,319],krb5_free_authent:[48,65,174],krb5_free_checksum:[48,175],krb5_free_checksum_cont:[48,113,294],krb5_free_cksumtyp:[48,111],krb5_free_context:[48,136,176,268,282],krb5_free_cr:[48,177,224,372],krb5_free_cred_cont:[46,48,150,153,272,398],krb5_free_data:[48,178],krb5_free_data_cont:[48,141,229,321,322,323,324,325,326,327,328,332,337,353,357],krb5_free_default_realm:[48,227],krb5_free_enctyp:[48,261],krb5_free_error:[48,352,372],krb5_free_error_messag:[48,228],krb5_free_host_realm:[48,230,231],krb5_free_keyblock:[48,67,72,76,180,280,313],krb5_free_keyblock_cont:[48,115,125,126,181],krb5_free_keytab_entry_cont:[48,307,308],krb5_free_princip:[46,47,48,49,91,92,93,145,154,182,341,342,386],krb5_free_str:[48,143,169,194],krb5_free_tgt_cr:[48,351],krb5_free_ticket:[48,183,356,360],krb5_free_unparsed_nam:[48,402,404],krb5_fwd_tgt_cred:48,krb5_gc:400,krb5_gc_cach:[224,773],krb5_gc_canonic:773,krb5_gc_constrained_deleg:773,krb5_gc_forward:773,krb5_gc_no_stor:773,krb5_gc_no_transit_check:773,krb5_gc_user_us:[224,773],krb5_generate_seq_numb:324,krb5_get_credenti:[48,372,377,378,400],krb5_get_credentials_renew:48,krb5_get_credentials_valid:48,krb5_get_default_realm:48,krb5_get_error_messag:[48,821],krb5_get_etype_info:[48,902],krb5_get_fallback_host_realm:48,krb5_get_host_realm:[48,386],krb5_get_in_tkt_with_keytab:48,krb5_get_in_tkt_with_password:48,krb5_get_in_tkt_with_skei:48,krb5_get_init_cr:[234,250,251],krb5_get_init_creds_keytab:[48,232],krb5_get_init_creds_opt:[46,229,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,275,788],krb5_get_init_creds_opt_address_list:773,krb5_get_init_creds_opt_alloc:[46,48,237,239],krb5_get_init_creds_opt_anonym:773,krb5_get_init_creds_opt_canonic:773,krb5_get_init_creds_opt_chg_pwd_prmpt:773,krb5_get_init_creds_opt_etype_list:773,krb5_get_init_creds_opt_forward:773,krb5_get_init_creds_opt_fre:[46,48,236],krb5_get_init_creds_opt_get_fast_flag:48,krb5_get_init_creds_opt_init:48,krb5_get_init_creds_opt_preauth_list:773,krb5_get_init_creds_opt_proxi:773,krb5_get_init_creds_opt_renew_lif:773,krb5_get_init_creds_opt_salt:773,krb5_get_init_creds_opt_set_address_list:48,krb5_get_init_creds_opt_set_anonym:[46,48],krb5_get_init_creds_opt_set_canonic:48,krb5_get_init_creds_opt_set_change_password_prompt:48,krb5_get_init_creds_opt_set_etype_list:[48,229],krb5_get_init_creds_opt_set_expire_callback:48,krb5_get_init_creds_opt_set_fast_ccach:48,krb5_get_init_creds_opt_set_fast_ccache_nam:[48,229,246],krb5_get_init_creds_opt_set_fast_flag:[48,247],krb5_get_init_creds_opt_set_forward:48,krb5_get_init_creds_opt_set_in_ccach:48,krb5_get_init_creds_opt_set_out_ccach:48,krb5_get_init_creds_opt_set_pa:[48,254],krb5_get_init_creds_opt_set_pac_request:48,krb5_get_init_creds_opt_set_preauth_list:48,krb5_get_init_creds_opt_set_proxi:48,krb5_get_init_creds_opt_set_renew_lif:48,krb5_get_init_creds_opt_set_respond:[46,48],krb5_get_init_creds_opt_set_salt:[48,254],krb5_get_init_creds_opt_set_tkt_lif:[46,48],krb5_get_init_creds_opt_tkt_lif:773,krb5_get_init_creds_password:[46,48,233,243,245,349],krb5_get_permitted_enctyp:48,krb5_get_profil:48,krb5_get_prompt_typ:[46,48],krb5_get_renewed_cr:[48,225],krb5_get_server_rcach:48,krb5_get_time_offset:48,krb5_get_validated_cr:[48,226],krb5_gic_opt_pa_data:788,krb5_init_context:[48,205],krb5_init_context_kdc:[269,773],krb5_init_context_profil:48,krb5_init_context_secur:[269,773],krb5_init_creds_context:[270,271,272,273,274,275,276,277,278,279,788],krb5_init_creds_fre:[48,275],krb5_init_creds_get:[48,272,274,275],krb5_init_creds_get_cr:[48,271],krb5_init_creds_get_error:48,krb5_init_creds_get_tim:48,krb5_init_creds_init:[48,270,271,279,349],krb5_init_creds_set_keytab:48,krb5_init_creds_set_password:48,krb5_init_creds_set_servic:48,krb5_init_creds_step:[48,272,274,275],krb5_init_creds_step_flag_continu:[279,773],krb5_init_keyblock:48,krb5_init_random_kei:48,krb5_init_secure_context:[48,205,268,902],krb5_int16:788,krb5_int16_max:[561,773],krb5_int16_min:773,krb5_int32:[66,69,74,83,266,360,361,371,382,386,391,406,788,790,792,796,797,803,805,808,812,814,816,819,820,821,823,830,835,838,851,852,853,855,859,863,865,866,869,875],krb5_int32_max:[563,773],krb5_int32_min:773,krb5_invalid_princip:50,krb5_is_config_princip:[47,48],krb5_is_referral_realm:48,krb5_is_thread_saf:48,krb5_k:831,krb5_k_create_kei:48,krb5_k_decrypt:48,krb5_k_decrypt_iov:[48,290],krb5_k_encrypt:48,krb5_k_encrypt_iov:[48,288],krb5_k_free_kei:[48,68,73,77,286],krb5_k_key_enctyp:48,krb5_k_key_keyblock:48,krb5_k_make_checksum:[48,113],krb5_k_make_checksum_iov:[48,114,299],krb5_k_prf:48,krb5_k_reference_kei:48,krb5_k_verify_checksum:[48,129],krb5_k_verify_checksum_iov:[48,130,295],krb5_kdc_profil:[8,10,20,34,901,902,937],krb5_kdc_rep:[232,233,234,788],krb5_kdc_req:788,krb5_kdc_unreach:260,krb5_kdcpolicy_moddata:914,krb5_kdcpreauth_moddata:915,krb5_kdcpreauth_modreq:915,krb5_kdcrep_modifi:267,krb5_kdcrep_skew:267,krb5_kei:[48,68,73,77,87,89,287,288,289,290,291,294,295,296,297,298,299,788],krb5_key_st:831,krb5_keyblock:[48,67,70,72,75,76,86,88,90,99,100,101,102,103,106,107,108,113,114,115,117,119,124,125,126,129,130,180,181,234,281,286,293,313,318,337,338,339,340,348,350,390,408,788,792,797,809,810,816,817,818,834],krb5_keytab:[232,235,276,300,301,302,303,305,306,308,309,310,311,312,314,315,316,356,360,361,373,410,788],krb5_keytab_entri:[217,300,307,308,312,314,788],krb5_keytab_entry_st:834,krb5_keyusag:[99,100,102,103,108,113,114,129,130,287,288,289,290,294,295,298,299,788],krb5_keyusage_ad_it:773,krb5_keyusage_ad_kdcissued_cksum:773,krb5_keyusage_ad_mt:773,krb5_keyusage_ad_signedpath:773,krb5_keyusage_ap_rep_encpart:773,krb5_keyusage_ap_req_auth:773,krb5_keyusage_ap_req_auth_cksum:773,krb5_keyusage_app_data_cksum:773,krb5_keyusage_app_data_encrypt:773,krb5_keyusage_as_rep_encpart:773,krb5_keyusage_as_req:773,krb5_keyusage_as_req_pa_enc_t:773,krb5_keyusage_cammac:773,krb5_keyusage_enc_challenge_cli:773,krb5_keyusage_enc_challenge_kdc:773,krb5_keyusage_fast_enc:773,krb5_keyusage_fast_finish:773,krb5_keyusage_fast_rep:773,krb5_keyusage_fast_req_chksum:773,krb5_keyusage_gss_tok_m:773,krb5_keyusage_gss_tok_wrap_integ:773,krb5_keyusage_gss_tok_wrap_priv:773,krb5_keyusage_iakerb_finish:773,krb5_keyusage_kdc_rep_ticket:773,krb5_keyusage_krb_cred_encpart:773,krb5_keyusage_krb_error_cksum:773,krb5_keyusage_krb_priv_encpart:773,krb5_keyusage_krb_safe_cksum:773,krb5_keyusage_pa_as_fresh:773,krb5_keyusage_pa_fx_cooki:773,krb5_keyusage_pa_otp_request:773,krb5_keyusage_pa_pkinit_kx:773,krb5_keyusage_pa_s4u_x509_user_repli:[600,773],krb5_keyusage_pa_s4u_x509_user_request:[599,773],krb5_keyusage_pa_sam_challenge_cksum:773,krb5_keyusage_pa_sam_challenge_trackid:[597,773],krb5_keyusage_pa_sam_respons:[596,773],krb5_keyusage_spak:773,krb5_keyusage_tgs_rep_encpart_sesskei:773,krb5_keyusage_tgs_rep_encpart_subkei:773,krb5_keyusage_tgs_req_ad_sesskei:773,krb5_keyusage_tgs_req_ad_subkei:773,krb5_keyusage_tgs_req_auth:773,krb5_keyusage_tgs_req_auth_cksum:773,krb5_kpasswd_accessdeni:773,krb5_kpasswd_autherror:[166,773],krb5_kpasswd_bad_vers:773,krb5_kpasswd_harderror:[166,773],krb5_kpasswd_initial_flag_need:773,krb5_kpasswd_malform:[166,773],krb5_kpasswd_softerror:[166,773],krb5_kpasswd_success:[166,379,773],krb5_kt_add_entri:48,krb5_kt_client_default:48,krb5_kt_close:[48,315],krb5_kt_cursor:[306,312,316,788],krb5_kt_default:48,krb5_kt_default_nam:48,krb5_kt_dup:48,krb5_kt_end:312,krb5_kt_end_seq_get:[48,316],krb5_kt_free_entri:[48,312],krb5_kt_get_entri:48,krb5_kt_get_nam:48,krb5_kt_get_typ:48,krb5_kt_have_cont:48,krb5_kt_name_toolong:309,krb5_kt_next_entri:48,krb5_kt_notfound:311,krb5_kt_nowrit:[300,314],krb5_kt_read_service_kei:48,krb5_kt_remove_entri:48,krb5_kt_resolv:48,krb5_kt_start_seq_get:[48,306],krb5_ktname:[43,884,901,937],krb5_kuserok:[47,48,902,916],krb5_kvno:[308,313,788,815,834],krb5_last_req_entri:[788,816],krb5_libos_badpwdmatch:[260,358],krb5_libos_pwdintr:260,krb5_lname_no_tran:916,krb5_lname_notran:56,krb5_lrq_all_acct_exptim:773,krb5_lrq_all_last_initi:773,krb5_lrq_all_last_renew:773,krb5_lrq_all_last_req:773,krb5_lrq_all_last_tgt:773,krb5_lrq_all_last_tgt_issu:773,krb5_lrq_all_pw_exptim:773,krb5_lrq_none:773,krb5_lrq_one_acct_exptim:773,krb5_lrq_one_last_initi:773,krb5_lrq_one_last_renew:773,krb5_lrq_one_last_req:773,krb5_lrq_one_last_tgt:773,krb5_lrq_one_last_tgt_issu:773,krb5_lrq_one_pw_exptim:773,krb5_magic:[788,789,791,792,793,795,797,802,805,807,808,809,810,813,815,816,817,818,820,829,830,832,834,838,843,852,853,857,866,867,870,874,875,879],krb5_make_authdata_kdc_issu:48,krb5_merge_authdata:48,krb5_mk_1cred:48,krb5_mk_error:48,krb5_mk_ncred:[48,320],krb5_mk_priv:[48,79],krb5_mk_rep:48,krb5_mk_rep_dc:48,krb5_mk_req:[48,80,81,327],krb5_mk_req_checksum_func:[63,80,788],krb5_mk_req_extend:[48,326],krb5_mk_safe:[48,323],krb5_msgtype:[498,499,500,501,525,537,702,725,743,744,788,816,829,830],krb5_no_2nd_tkt:267,krb5_no_tkt_suppli:[223,267],krb5_nt_ent_principal_and_id:773,krb5_nt_enterprise_princip:773,krb5_nt_ms_princip:773,krb5_nt_ms_principal_and_id:773,krb5_nt_princip:773,krb5_nt_smtp_name:773,krb5_nt_srv_hst:[223,386,773],krb5_nt_srv_inst:773,krb5_nt_srv_xhst:773,krb5_nt_uid:773,krb5_nt_unknown:[386,773],krb5_nt_wellknown:773,krb5_nt_x500_princip:773,krb5_octet:[788,789,795,802,832,843,866,874,875],krb5_os_localaddr:48,krb5_pa_data:[788,816,829,830],krb5_pa_pac_req:788,krb5_pa_server_referral_data:788,krb5_pa_svr_referral_data:788,krb5_pac:[330,331,332,333,334,335,336,337,338,339,340,788],krb5_pac_add_buff:48,krb5_pac_client_info:[330,773],krb5_pac_credentials_info:[330,773],krb5_pac_data:847,krb5_pac_delegation_info:[330,773],krb5_pac_fre:[48,335,336],krb5_pac_get_buff:48,krb5_pac_get_client_info:[48,902],krb5_pac_get_typ:48,krb5_pac_init:48,krb5_pac_logon_info:[330,773],krb5_pac_pars:48,krb5_pac_privsvr_checksum:[330,773],krb5_pac_server_checksum:[330,773],krb5_pac_sign:[48,338],krb5_pac_sign_ext:48,krb5_pac_upn_dns_info:[330,773],krb5_pac_verifi:[48,340],krb5_pac_verify_ext:48,krb5_padata_afs3_salt:773,krb5_padata_ap_req:[689,773],krb5_padata_as_checksum:773,krb5_padata_as_fresh:773,krb5_padata_enc_sandia_securid:773,krb5_padata_enc_timestamp:773,krb5_padata_enc_unix_tim:773,krb5_padata_encrypted_challeng:773,krb5_padata_etype_info2:773,krb5_padata_etype_info:773,krb5_padata_for_us:773,krb5_padata_fx_cooki:773,krb5_padata_fx_error:773,krb5_padata_fx_fast:773,krb5_padata_get_from_typed_data:773,krb5_padata_non:773,krb5_padata_osf_dc:773,krb5_padata_otp_challeng:773,krb5_padata_otp_pin_chang:773,krb5_padata_otp_request:773,krb5_padata_pac_opt:773,krb5_padata_pac_request:773,krb5_padata_pk_as_rep:773,krb5_padata_pk_as_rep_old:773,krb5_padata_pk_as_req:773,krb5_padata_pk_as_req_old:773,krb5_padata_pkinit_kx:773,krb5_padata_pw_salt:773,krb5_padata_referr:773,krb5_padata_s4u_x509_us:773,krb5_padata_sam_challeng:773,krb5_padata_sam_challenge_2:773,krb5_padata_sam_redirect:773,krb5_padata_sam_respons:773,krb5_padata_sam_response_2:773,krb5_padata_sesam:773,krb5_padata_spak:773,krb5_padata_svr_referral_info:773,krb5_padata_tgs_req:773,krb5_padata_use_specified_kvno:773,krb5_parse_nam:[46,47,48,342,402],krb5_parse_name_flag:[47,48],krb5_plugin_no_handl:[909,912,916,917],krb5_plugin_ver_notsupp:907,krb5_plugin_vt:907,krb5_pointer:[186,190,197,281,313,350,360,361,372,788,799,836],krb5_post_recv_fn:[377,788],krb5_pre_send_fn:[378,788],krb5_preauth_fail:260,krb5_preauthtyp:[232,233,234,254,788,824,843],krb5_prepend_error_messag:[48,413,902],krb5_princ_compon:773,krb5_princ_nam:773,krb5_princ_nomatch:[223,267],krb5_princ_realm:773,krb5_princ_set_realm:773,krb5_princ_set_realm_data:773,krb5_princ_set_realm_length:773,krb5_princ_siz:[773,777],krb5_princ_typ:773,krb5_princip:[46,47,48,49,91,92,93,94,132,145,147,154,182,218,223,229,235,260,264,267,275,313,317,360,361,372,379,380,381,386,408,410,788,797,809,810,816,817,820,829,830,834,845,846,867],krb5_principal2salt:48,krb5_principal_compar:[47,48,346,347,385],krb5_principal_compare_any_realm:[47,48],krb5_principal_compare_casefold:[347,773],krb5_principal_compare_enterpris:[347,773],krb5_principal_compare_flag:[47,48],krb5_principal_compare_ignore_realm:[347,773],krb5_principal_compare_utf8:[347,773],krb5_principal_data:[47,788,805,852],krb5_principal_parse_enterpris:[342,773],krb5_principal_parse_ignore_realm:[342,773],krb5_principal_parse_no_realm:[342,773],krb5_principal_parse_require_realm:[342,773],krb5_principal_unparse_displai:[404,773],krb5_principal_unparse_no_realm:[404,773],krb5_principal_unparse_short:[404,773],krb5_priv:773,krb5_process_kei:48,krb5_prog_etype_nosupp:375,krb5_prompt:[349,788,856],krb5_prompt_typ:[263,788],krb5_prompt_type_new_password:[263,773],krb5_prompt_type_new_password_again:[263,773],krb5_prompt_type_password:[263,773],krb5_prompt_type_preauth:[263,773],krb5_prompter_fct:[260,275,788],krb5_prompter_posix:[46,48],krb5_prop:[15,34,41],krb5_pvno:773,krb5_pwd_data:788,krb5_pwqual_moddata:919,krb5_random_kei:48,krb5_randsourc:120,krb5_rc_close:265,krb5_rc_requir:[320,322],krb5_rc_st:858,krb5_rcach:[71,85,265,788],krb5_rd_cred:[48,322],krb5_rd_error:48,krb5_rd_priv:[48,79,859],krb5_rd_rep:48,krb5_rd_rep_dc:48,krb5_rd_req:48,krb5_rd_safe:[48,859],krb5_read_error:48,krb5_read_password:48,krb5_realm_branch_char:773,krb5_realm_cant_resolv:260,krb5_realm_compar:[47,48],krb5_recvauth:[48,361,372],krb5_recvauth_badauthv:773,krb5_recvauth_skip_vers:773,krb5_recvauth_vers:48,krb5_referral_realm:[48,773],krb5_replay_data:[320,322,323,328,351,353,357,788],krb5_responder_context:[46,362,363,364,365,366,367,368,369,370,788,861],krb5_responder_context_st:860,krb5_responder_fn:[257,788,860],krb5_responder_get_challeng:[46,48,363,860],krb5_responder_list_quest:[46,48,860],krb5_responder_otp_challeng:[46,364,365,788],krb5_responder_otp_challenge_fre:[46,48,365],krb5_responder_otp_flags_collect_pin:[715,773],krb5_responder_otp_flags_collect_token:773,krb5_responder_otp_flags_nextotp:773,krb5_responder_otp_flags_separate_pin:773,krb5_responder_otp_format_alphanumer:773,krb5_responder_otp_format_decim:773,krb5_responder_otp_format_hexadecim:773,krb5_responder_otp_get_challeng:[46,48],krb5_responder_otp_set_answ:[46,48],krb5_responder_otp_tokeninfo:[788,862],krb5_responder_pkinit_challeng:[46,367,368,788],krb5_responder_pkinit_challenge_fre:[48,368],krb5_responder_pkinit_flags_token_:724,krb5_responder_pkinit_flags_token_user_pin_count_low:773,krb5_responder_pkinit_flags_token_user_pin_final_tri:773,krb5_responder_pkinit_flags_token_user_pin_lock:773,krb5_responder_pkinit_get_challeng:[46,48],krb5_responder_pkinit_ident:[788,864],krb5_responder_pkinit_set_answ:[46,48],krb5_responder_question_otp:[46,48,773],krb5_responder_question_password:[46,773],krb5_responder_question_pkinit:[46,48,773],krb5_responder_set_answ:[46,48,363,860],krb5_respons:788,krb5_roundup:773,krb5_safe:773,krb5_salttype_to_str:48,krb5_sam_must_pk_encrypt_sad:773,krb5_sam_send_encrypted_sad:773,krb5_sam_use_sad_as_kei:773,krb5_sendauth:[48,360],krb5_server_decrypt_ticket_keytab:48,krb5_set_default_realm:[44,48],krb5_set_default_tgs_enctyp:[48,261],krb5_set_error_messag:48,krb5_set_kdc_recv_hook:48,krb5_set_kdc_send_hook:48,krb5_set_password:[47,48,169],krb5_set_password_using_ccach:[47,48],krb5_set_principal_realm:[47,48],krb5_set_real_tim:48,krb5_set_trace_callback:48,krb5_set_trace_filenam:48,krb5_sname_match:[47,48,356],krb5_sname_to_princip:[47,48],krb5_string_to_cksumtyp:48,krb5_string_to_deltat:48,krb5_string_to_enctyp:48,krb5_string_to_kei:48,krb5_string_to_salttyp:48,krb5_string_to_timestamp:48,krb5_tc_match_2nd_tkt:[153,773],krb5_tc_match_authdata:[153,773],krb5_tc_match_flag:[153,773],krb5_tc_match_flags_exact:[153,773],krb5_tc_match_is_skei:[153,773],krb5_tc_match_ktyp:[153,773],krb5_tc_match_srv_nameonli:[153,773],krb5_tc_match_tim:[153,773],krb5_tc_match_times_exact:[153,773],krb5_tc_noticket:773,krb5_tc_openclos:773,krb5_tc_supported_ktyp:[153,773],krb5_tgs_name:773,krb5_tgs_name_s:773,krb5_tgs_rep:773,krb5_tgs_req:[773,830],krb5_ticket:[48,185,221,356,360,361,373,788,793,807,829,830,870],krb5_ticket_tim:[274,399,788,809,810,816,817],krb5_timeofdai:48,krb5_timestamp:[45,167,266,333,337,338,339,340,382,392,393,394,395,406,788,792,797,808,816,820,822,830,834,838,845,859,866,868],krb5_timestamp_to_sfstr:48,krb5_timestamp_to_str:48,krb5_tkt_authent:788,krb5_tkt_creds_context:[396,397,398,399,400,401,788],krb5_tkt_creds_fre:[48,400],krb5_tkt_creds_get:[48,398,399,400],krb5_tkt_creds_get_cr:[48,397],krb5_tkt_creds_get_tim:48,krb5_tkt_creds_init:[48,397],krb5_tkt_creds_step:[48,398,399,400],krb5_tkt_creds_step_flag_continu:[401,773],krb5_trace:[41,383,384,937],krb5_trace_callback:[383,788,873],krb5_trace_info:[383,788,872],krb5_trace_nosupp:[383,384],krb5_transit:[788,817],krb5_typed_data:788,krb5_ui_2:788,krb5_ui_4:[330,332,334,355,788,792,797,820,859],krb5_unparse_nam:[47,48,403,404],krb5_unparse_name_ext:48,krb5_unparse_name_flag:[47,48],krb5_unparse_name_flags_ext:48,krb5_us_timeofdai:48,krb5_use_enctyp:48,krb5_verify_authdata_kdc_issu:48,krb5_verify_checksum:48,krb5_verify_init_cr:[46,48,412],krb5_verify_init_creds_opt:[46,410,411,412,788],krb5_verify_init_creds_opt_ap_req_nofail:773,krb5_verify_init_creds_opt_init:[46,48,410],krb5_verify_init_creds_opt_set_ap_req_nofail:[46,48,410],krb5_vprepend_error_messag:48,krb5_vset_error_messag:48,krb5_vwrap_error_messag:48,krb5_wellknown_namestr:773,krb5_wrap_error_messag:[48,415,902],krb5_x:773,krb5_xc:773,krb5cc_1984:930,krb5cc_320:923,krb5cc_:[901,930,937],krb5cc_p11795:923,krb5cc_ttypa:923,krb5ccname:[15,136,881,925,926,927,930,937],krb5kdc:[0,1,2,3,4,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],krb5kdc_err_key_exp:260,krb5kdc_err_more_preauth_data_requir:915,krb5krb_ap_err_skew:167,krb5krb_err_response_too_big:[279,401],krb5lib:34,krb5plugin_service_locate_ft:917,krb5rcachedir:[885,901,937],krb5rcachenam:[885,937],krb5rcachetyp:[885,937],krb5srv:39,krb:[48,902,903],krb_ap_rep:48,krb_ap_req:48,krb_error:[48,372],krbadmin:[20,22],krbcanonicalnam:22,krbcontain:[20,22],krbcore:920,krbdev:920,krbprincipalnam:22,krbtest:[16,23,35,41,895,896,935],krbtgt:[3,19,37,41,43,278,638,741,894,895,896,902,923,932],kreen:903,ksu:[903,921,924,937],ksu_opt:930,kswitch:[881,921,924,937],ktadd:[14,32,34,884],kth:903,ktid:315,ktutil:[1,2,884,887,902],ktype:[128,232,233,234,261,830],kungliga:903,kv5m_context:[135,156],kvno:[3,6,11,14,15,16,23,26,29,32,34,41,308,410,815,867,895,921,924],lab:[5,23,903],label:[21,903],laboratori:903,lack:[37,375,902],lag:930,larg:[20,23,24,34,36,39,46,100,103,119,288,290,888,902],larger:[24,32,37,880,898,902],largest:35,last:[3,6,9,20,23,24,35,44,48,173,198,200,220,245,312,319,383,719,838,881,882,905,914],last_fail:6,last_req:816,last_success:6,lastpwd:6,latenc:24,later:[3,19,20,21,23,26,33,37,38,39,41,43,136,247,724,880,895,898,902,903,909,916],latest:[34,224,868,888,902,923],latter:[385,881],launchpad:42,law:903,lawsuit:903,lawyer:903,layer:[902,908,911],layout:[43,901],lcom_err:929,lcurs:890,ldap:[3,4,5,6,10,20,22,35,890,902,903],ldap_conns_per_serv:20,ldap_kadmind_dn:[5,20,22,23],ldap_kadmind_sasl_authcid:[5,20,23],ldap_kadmind_sasl_authzid:20,ldap_kadmind_sasl_mech:20,ldap_kadmind_sasl_realm:20,ldap_kdc_dn:[5,20,22,23],ldap_kdc_sasl_authcid:[5,20,23],ldap_kdc_sasl_authzid:20,ldap_kdc_sasl_mech:[20,22],ldap_kdc_sasl_realm:20,ldap_kerberos_container_dn:[20,22],ldap_serv:[20,22],ldap_service_password_fil:[20,22],ldapadd:22,ldapi:[20,22,24],ldapuri:[3,5,23],ldb:890,ldflag:890,ldif:22,ldname:890,ldopt:890,lead:[20,930],learn:15,least:[15,23,32,34,39,99,102,153,287,289,403,719,736,898,912,916],leav:[3,14,23,24,28,32,33,39],left:[20,21,280,896,907],leg:902,legaci:[46,869],legal:[280,930],legitim:[25,46,885,930],lehman:903,lehmann:903,len:[12,118,334,336],length:[3,20,23,33,43,46,48,91,92,99,100,102,103,116,117,119,124,191,244,254,260,280,284,287,288,289,290,309,336,358,394,722,782,783,789,795,802,805,813,832,843,852,853,863,875,894,895,898,899,908,928],lengthi:902,less:[3,15,20,25,881,888,898,899,902],let:[99,287,917,936],letter:[34,39,923],level:[3,5,10,23,25,37,39,43,888,892,918],liabil:903,liabl:903,lib:[37,888,890,901,903,929],libc:38,libdefault:[15,20,26,28,33,34,38,39,40,41,43,44,881,884,885,918],libdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],libedit:890,libev:903,libkdb5:905,libkdb_ldap:22,libkeyutil:890,libkrb5:[21,28,43,880,902],libpam:42,librari:[3,15,18,20,21,24,26,29,38,41,43,46,48,49,50,52,53,54,55,56,59,60,61,62,63,64,65,66,67,68,69,71,72,73,74,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,124,125,126,129,130,132,133,134,135,136,137,138,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,169,171,172,173,174,175,176,177,178,179,180,181,182,183,184,189,194,195,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,227,228,229,230,231,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,262,263,264,265,266,267,270,271,272,273,274,275,276,277,278,279,280,283,286,287,288,289,290,294,295,296,298,299,300,301,302,303,304,305,306,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,334,335,336,337,338,339,340,341,342,343,344,345,346,347,349,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,393,396,397,398,399,400,401,402,403,404,405,406,408,410,413,414,415,416,849,850,880,881,887,888,890,901,902,903,904,905,906,908,909,910,916,917,918,929,937],libtool:907,libverto:[890,915],licens:[889,890,893,902],life:[3,5,19,23,926],lifetim:[3,6,14,21,23,48,153,362,363,736,810,816,881,902,905,914,923,926,930,937],lightn:902,lightweight:887,like:[3,6,8,12,14,15,19,21,23,32,33,34,37,38,39,41,43,192,881,885,886,888,890,892,903,907,911,923],likewis:930,limit:[20,23,24,25,34,39,903,930,937],line:[0,3,8,10,12,15,19,20,21,23,28,34,35,37,349,889,890,902,903,922,930,932,935,936,937],link:[0,23,30,34,885,888,889,890,892,905,908,929],linkdn:[3,23],linker:890,linux:[881,890,902],list:[0,2,3,4,6,10,14,15,19,21,26,28,32,34,36,39,40,43,46,48,93,153,164,184,189,195,214,230,231,318,375,408,413,414,415,817,860,881,890,891,901,903,905,906,909,915,918,922,923,927,930,935,936],list_mkei:23,list_princip:15,listen:[4,8,10,20,34,39,902],listinfo:920,listpol:[3,23],listprinc:[3,23],liter:907,littl:908,live:[6,15,907],lk5crypto:929,lkrb5:929,lmdb:[20,24,890,902],lname:[56,930],lndir:[887,889],lnsize_in:56,lnsl:890,load:[8,14,17,20,23,24,34,38,40,890,908,918],load_dump:[6,23],loadabl:[20,21,908],loader:890,local0:20,local7:20,local:[3,5,8,12,14,15,20,21,22,23,28,32,34,36,39,43,46,48,62,64,80,230,231,322,323,324,326,328,341,353,356,357,386,395,404,517,518,701,882,885,886,887,890,892,894,895,896,901,902,909,910,922,923,926,927,929,930,932,937],local_addr:[44,64,82],local_appdata:21,local_port:84,local_realm:930,localauth:[902,910],localauth_plugin:916,localedir:890,localfr:28,localhost:15,localhostnam:43,localstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],locat:[4,7,8,10,15,19,20,21,22,24,25,29,34,39,41,43,48,881,885,888,890,891,899,901,902,903,910,918,923,925,926,927,929,930,931,932,937],locate_plugin:917,lock:[6,20,23,24,34,35,720,721,899,902,923],lockdown_kei:[3,19,23,902],lockit:3,lockout:[3,20,23,24,25,30],lockout_polici:35,lockoutdur:[3,23,35],lockouttim:[3,23],log:[8,9,23,24,28,33,34,37,39,46,48,721,881,902,910,922,923,925,930,936,937],log_:20,log_daemon:20,logic:39,login:[20,21,33,38,41,46,923,930,937],logon:[20,330,647],logout:[923,925],longer:[11,19,23,25,33,39,43,49,65,67,68,72,73,76,77,78,91,92,93,111,113,115,125,126,132,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,229,230,231,236,261,265,268,272,275,280,282,286,294,308,313,315,316,319,321,322,323,324,325,326,327,328,329,332,335,336,337,341,342,351,352,353,354,356,357,360,372,386,398,400,402,404,890,902,923,926],look:[0,8,12,15,20,21,23,28,37,38,39,43,386,888,890,907,923,926,930],lookasid:890,lookup:[21,22,33,38,39,194,799,890,902,917],lose:[6,23],loss:[23,903],lost:[17,888,903],lot:39,lower:[3,19,21,23,43,230,918,928,935],lowercas:[23,885],lowest:21,lpr:20,lr_type:838,lr_type_interpretation_mask:773,lr_type_this_server_onli:773,lrealm:[210,227,374],lsocket:890,lss:890,ltd:903,luke:39,luser:317,lxml:892,mac:887,mach:[21,903],machin:[4,8,12,14,15,17,18,21,31,32,34,37,38,39,881,886,890,922,923,936,937],maco:[21,339,881,887,902,903],macro:[417,873,930],made:[8,21,23,34,41,136,253,269,375,881,902,903,911,913,931,937],magic:[135,156,789,791,792,793,795,797,802,805,807,808,809,810,813,815,816,817,818,820,829,830,832,834,838,843,852,853,857,866,867,870,874,875,879],mai:[3,6,8,10,11,14,15,19,20,21,22,23,24,25,26,28,33,34,35,36,37,38,39,40,41,43,46,99,107,120,122,126,158,195,224,228,229,241,245,258,262,287,327,356,372,377,378,385,386,410,715,831,849,861,873,882,885,888,890,891,894,895,898,899,902,903,906,908,909,911,912,913,914,915,918,920,922,923,925,926,930,935,937],mail:[20,881,923,930,935],mailbox:885,mailman:920,main:[365,368,920],maintain:[0,9,15,20,23,888,890,937],mainten:[3,6,23],maj_ver:907,major:[43,889,907],make:[0,3,6,12,14,15,17,20,21,22,23,25,26,28,32,33,34,35,37,39,41,43,48,112,236,241,250,365,368,400,880,888,889,890,892,894,902,903,908,922,926,931],makedepend:887,makefil:[888,890,892],malform:[166,223,613,894],malici:[3,23,46],malloc:918,man:[0,3,21,885,890,902],manag:[5,19,23,33,902,918,921,937],mandatori:[113,114,129,130,294,295,298,299,896],mandir:890,mani:[3,17,21,23,28,35,39,41,911,923,937],manipul:[22,23,45,811,884],manner:[5,23,903],manual:[0,6,10,15,23,33,34,888,890,902],manual_test:888,map:[21,28,33,34,43,890,902,908,909,916,930,935],mapsiz:[20,24],marc:903,mark:[3,6,20,21,23,34,339,903],marker:[894,902],marko:903,markup:[0,892],marshal:[894,895,902],masachusett:937,mask:[66,83,142,153,157],masquerad:[17,922,923],massachusett:[893,903],master:[3,4,5,6,7,8,9,10,17,20,21,31,35,39,41,886,887,891,901,902],master_kdc:[21,39],master_key_nam:[5,6,20,23],master_key_typ:[5,6,14,20,23,34],match:[0,2,3,6,15,19,20,21,23,28,29,33,37,38,43,48,59,60,119,151,153,195,223,224,267,308,356,360,372,400,729,730,731,732,733,734,735,737,740,830,881,885,899,901,902,918,932,935,937],materi:[14,46,903,907],matt:903,matter:[17,21],max_keytab_name_len:773,max_lif:[6,20,34],max_read:[20,24],max_renew_lif:6,max_renewable_lif:[20,34],max_renewable_ticket_lif:[5,23],max_ticket_lif:[5,23],maxfailur:[3,23,35],maximum:[3,5,6,10,14,15,20,21,23,24,33,39,46,309,358,880,915,923,926],maxlif:[3,19,23],maxnumb:[3,23],maxpathlen:750,maxrenewlif:[3,5,19,23],maxtktlif:[5,23],mcred:153,md4:[26,903],md5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],mdb:24,mean:[3,12,14,20,21,23,33,34,37,46,886,888,891,903,923,930,937],meaning:[3,23],meant:923,measur:[25,880],mech:[28,901,902,937],mech_typ:908,mechan:[3,16,20,21,22,23,36,37,39,40,43,46,154,250,885,894,895,901,902,906,907,910,915,917,926,937],mechglu:[903,908],media:[5,21,23],medvinski:930,meet:935,megabyt:[20,24,889],mellon:903,member:20,membership:46,memori:[15,41,43,48,93,142,223,231,300,320,322,323,328,353,354,357,410,811,881,884,890,902,907,909,916],memset:46,mention:[20,22,903],merchant:903,merg:[18,20,48,903],messag:[3,8,20,21,24,34,41,48,78,360,372,378,525,532,702,725,791,816,820,829,830,849,850,867,873,885,887,895,902,903,907,922,923,929,930,932,937],message_out:169,message_typ:866,met:[903,930],metadata:6,method:[21,25,39,230,894,904,905,906,907,909,912,913,914,915,916,917,918,919,926],mexico:903,mgluep:903,mic:[526,902],mic_token:43,michigan:903,microsecond:[266,382,406,792,808,859,894],microsoft:[20,21,26,29,42,43,379,448,902,908],microsystem:903,middl:885,might:[14,17,23,28,29,34,35,38,39,43,888,890,894,903,907,922,937],migrat:[14,23,41,902],miller:[903,937],min:[3,19,23,882],min_ver:907,minclass:[3,23],minim:[6,14,23,24],minimum:[3,20,23,33],minlength:[3,23],minlif:[3,23],minor:[14,43,889,902,907,908,917],minor_statu:[43,908],minu:[20,899],minut:[5,20,21,23,882,885,922,923,937],mismatch:[43,260,339,922],miss:[267,892],mission:930,mistak:922,mistakenli:171,mit1:895,mit:[3,5,12,14,15,17,19,20,21,24,28,30,31,32,34,38,39,41,43,45,46,880,881,887,889,890,892,893,894,895,896,906,908,910,911,915,918,920,922,923,926,937],mitig:[25,46,885,902],mitiys4k5:34,mix:923,mk_cmd:890,mk_req:840,mkdir:888,mkei:[3,6,23],mkey_convert:[6,23],mkey_fil:[6,23],mkeynam:[5,6,10,23],mkeytyp:[5,6,23],mkeyvno:[5,6,23],mkvno:6,modbi:6,mode:[3,6,8,14,20,23,41,462,474,714,890,902,926,930],modern:[14,15,23,38],modestli:40,modif:[6,9,19,21,34,903],modifi:[3,6,9,15,18,19,25,28,32,34,40,43,100,103,114,136,144,146,158,288,290,295,310,337,362,363,850,890,902,903,913,918,926],modnam:[21,28],modpol:[3,23],modprinc:[3,23,35,37,40,912],modtim:6,modul:[3,4,6,20,21,23,35,252,268,890,892,900,902,904,905,906,909,911,912,913,914,915,916,917,918,919,926,937],modular:902,module_nam:21,modulenam:21,modulepath:21,modulo:899,moira:903,mon:[3,23,35],monitor:25,month:[882,902],more:[6,14,15,19,20,21,22,23,25,29,32,34,35,37,38,39,41,43,46,262,279,341,401,559,722,724,745,873,881,884,885,887,890,891,895,902,909,915,920,922,937],more_preauth_data_requir:906,morn:33,most:[2,6,17,20,21,23,24,25,26,28,33,34,37,39,40,41,43,48,154,881,884,885,887,902,906,907,908,923,925,937],mostli:890,move:[20,27,34,48],msdn:902,msec_dirbit:773,msec_val_mask:773,msg:213,msg_type:[816,829,830],mslsa:881,mssclogin:21,much:[14,25,38,153,922],multi:[35,37,902],multihom:21,multipl:[3,10,14,15,16,20,21,22,23,24,28,34,35,36,37,39,43,46,831,881,885,888,902,907,908,915,926,935,937],multipli:35,multithread:48,muse:903,must:[2,3,7,8,11,14,15,19,20,21,22,23,24,28,29,32,33,34,35,36,37,39,43,46,57,58,69,74,78,99,100,102,103,113,117,119,121,125,126,136,146,152,153,158,173,176,195,198,200,220,224,228,241,247,268,270,271,274,275,279,282,287,288,289,290,294,296,310,312,315,319,323,328,342,356,365,368,370,372,399,403,712,713,715,722,724,726,729,730,731,732,733,734,735,736,737,740,811,831,854,881,888,889,890,894,895,896,898,899,902,903,905,907,908,909,912,914,915,916,918,922,923,928,930,932,937],mutabl:831,mutex:831,mutual:[34,327,372,433,498,791,930],my_cach:930,my_proxi:21,my_respond:46,mydir:881,mydomain:20,mymodul:28,mypreauth:28,myrealm:46,myremotetokentyp:20,name:[2,3,4,5,6,8,10,12,14,15,16,19,20,21,22,23,24,28,29,30,32,33,34,36,37,40,46,48,49,50,59,60,141,147,153,155,159,214,222,223,227,230,235,246,247,252,260,264,267,278,308,313,315,317,318,326,330,337,338,339,340,347,349,356,359,362,374,379,381,402,403,404,405,408,410,496,632,634,635,636,637,641,644,650,724,735,797,817,846,856,860,867,882,884,889,892,894,895,898,901,902,903,904,907,909,916,917,918,919,923,925,926,927,928,929,930,932,937],name_s:304,name_str:37,name_typ:37,namelen:309,nat:[21,23],nation:903,nativ:[33,365,368,880,890,894,898,901,902],natur:38,naval:903,ncsa:42,nctx_out:176,ndnhnmn:882,nearli:3,necessari:[3,14,21,22,23,24,33,34,37,39,43,260,338,340,384,403,906,907,911,922,923],necessarili:14,need:[4,6,12,14,15,19,20,21,23,32,33,34,35,37,39,40,41,43,46,49,64,65,67,68,72,73,76,77,78,91,92,93,99,100,102,103,111,113,115,125,126,132,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,229,230,231,236,258,261,265,268,272,275,279,280,282,286,287,288,289,290,294,308,313,315,316,319,320,321,322,323,324,325,326,327,328,329,332,335,336,337,341,342,351,352,353,354,356,357,360,361,372,386,398,400,401,402,404,559,723,724,745,881,882,887,888,889,890,892,895,902,908,909,911,916,918,920,922,923,926,929],needchang:[3,5,23],neg:[28,869,898],neglig:903,negoex:[902,910],negoti:[894,902,908],neither:[3,23,322,903,927,930],nersc:21,net:[21,42,903,920],netbio:54,netbsd:[902,903],netlib:890,netlogon:448,network:[3,15,17,21,23,25,29,32,34,38,39,40,43,46,260,372,517,518,519,520,887,890,922,923,936,937],neuman:937,never:[3,14,15,17,19,20,23,24,35,100,103,228,288,290,899,922,923],new_message_out:850,new_mkey_fil:[6,23],new_princip:3,new_reply_out:[849,850],new_stat:108,newer:[6,14,20,23,38,890],newest:23,newli:[3,6,23,37,107,113,125,126,176,294,326,327,356,360,361,372,881,888,902],newlin:[341,349],newprinc:[3,23],newpw:[166,379,380],next:[3,6,17,23,34,35,48,99,100,102,103,120,287,288,289,290,714,888,894,895,899,902,906,915,923,930],nfs:38,nii:930,nippon:903,nist:[21,40],nitem:907,nktype:830,nlgilman:12,nls:902,no_auth_data_requir:[3,23],no_host_referr:[20,39],noaddress:21,nofail:46,nofork:4,nokei:[3,23,37],non:[2,3,14,19,21,23,26,33,37,43,44,99,100,102,103,113,122,129,130,155,224,241,245,250,269,287,288,289,290,294,298,299,313,327,339,356,372,379,380,385,849,894,898,902,926,929,930],nonc:[355,808,816,830,902],none:[3,20,21,22,23,26,36,37,57,58,132,273,285,302,366,369,885,895,930,937],nonexist:902,noninfring:903,nonrepudi:37,nonzero:[21,224,932],noout:37,nopw:[3,23],nor:[903,927,930],norandkei:[3,15],norealm:[14,20],normal:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],north:903,nosync:[20,24],notabl:23,note:[3,5,6,14,20,21,23,26,32,34,154,241,245,596,597,599,600,882,888,915,923,926,930,936,937],noth:[8,885],notic:[17,24,903],notifi:920,novel:903,now:[8,14,34,37,39,235,260,275,714,902,923],nowait:[8,12,34],nrl:903,nss:903,nt_wellknown:747,ntlm:902,ntt:903,num:9,num_data:[98,100,103,114,130,288,290,295,299],num_prompt:[349,856],number:[2,3,4,5,6,8,9,10,11,12,14,15,19,20,21,23,24,35,36,37,39,46,48,66,78,80,83,100,103,112,135,156,288,290,308,313,322,323,324,328,334,349,353,355,356,357,515,522,707,722,724,792,811,830,834,859,869,880,882,884,888,890,892,894,895,896,898,902,903,906,915,927,928,929,930,932],numer:[6,34,166,379,380,882,902,927],numwork:10,object:[3,5,6,20,21,22,24,25,28,35,36,43,48,262,269,724,888,890,894,903,904,905,906,907,908,909,912,913,914,915,916,917,918,919],observ:[25,29,35],obtain:[2,3,15,16,17,20,21,23,25,26,33,34,37,38,46,48,80,135,230,258,271,274,326,327,356,372,399,400,410,436,612,821,881,884,890,899,902,903,918,919,921,922,926,930,932],obvious:32,occasion:34,occur:[3,6,9,23,78,339,383,902],occurr:171,octet:48,odd:923,oeap:476,off:[15,21,24,25,28,33,35,39,349,358],offer:[21,24,40,890],offlin:[14,25,926],offset:[10,48,406,894,899],often:[20,22,23,28,33,38,39,884,888,911,937],oid:[28,43,902,908],oid_op:903,ok_as_deleg:[3,23],ok_to_auth_as_deleg:[3,23],okai:[3,23,923,927],old:[2,3,6,14,15,20,21,23,34,37,243,343,416,902,922],old_cod:[415,416],old_princip:3,oldcc:903,older:[14,23,902,915],oldest_kvno_to_keep:3,om_uint32:[43,908],omit:[11,22,28,404,700,701,894,898,918],onc:[3,6,14,15,21,23,34,43,46,78,358,719,881,885,888,913,917,922,937],one:[2,3,5,6,8,9,15,16,17,19,20,21,23,24,25,26,28,32,34,35,36,37,39,40,41,43,46,48,153,243,263,264,270,271,275,279,327,330,341,353,357,386,724,881,882,884,885,888,890,891,892,894,895,899,902,904,906,907,909,912,915,916,922,923,926,928,930,931],ones:[21,25,34,888,907,923],onli:[3,4,6,8,9,10,14,15,18,19,20,21,22,23,26,28,32,33,34,35,39,41,43,46,48,54,114,153,224,228,241,245,295,322,358,362,363,539,715,735,846,873,880,881,886,888,890,894,899,902,903,908,909,915,916,918,922,923,926,930,932,935,937],onlin:[14,25],onlyrealm:[14,20],onto:[17,21,32,34,890,908,923],opaqu:[48,286,831,902],open:[6,21,23,24,46,48,50,303,313,315,339,384,739,755,885,899,902,903,919,926],openldap:[3,5,23,24,30,890,903],openldap_ldapconf:20,opensc:21,openssh:[28,38],openssl:[21,37,890,902],openvis:[3,903],oper:[2,3,5,9,10,14,15,19,20,21,22,24,28,33,34,35,37,38,41,43,48,62,119,120,121,122,136,156,158,379,380,383,739,821,831,881,887,888,889,890,895,899,901,902,903,912,916,926,930,937],oppos:37,opt:[46,229,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,929],optim:890,optimist:[20,40,48,254],option1:21,option2:21,option:[2,11,12,15,19,22,24,28,29,34,35,36,37,39,48,59,60,224,225,226,229,232,233,234,235,253,260,269,275,322,323,326,327,328,341,372,400,410,412,540,722,792,793,797,808,809,816,820,824,825,830,868,884,888,889,902,905,906,907,909,912,914,916,923,937],oracl:[42,903],order:[3,4,6,14,16,17,19,20,21,22,23,32,33,34,35,37,43,46,48,245,722,881,884,885,889,890,894,898,903,904,908,918,937],ordinari:[14,888,902,937],ordinarili:[2,15,245],org:[5,21,22,23,42,888,889,892,902,903,920,936,937],organ:[889,903],orig_hostnam:194,origin:[3,14,21,23,39,43,46,890,903,908],osconf:889,osf:667,other:[3,4,6,10,14,15,19,20,21,23,24,26,28,34,35,37,38,39,43,46,154,279,308,356,401,638,724,821,880,881,884,887,888,889,890,894,895,898,902,903,906,908,912,913,914,916,917,918,920,922,923,928,930,935,936],othernam:37,otherrealm:21,otherwis:[3,6,14,15,20,21,23,29,33,34,36,37,39,43,49,52,54,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,95,96,97,98,99,100,102,103,104,105,106,107,108,110,111,112,113,114,115,116,117,118,120,121,122,124,125,126,129,130,134,142,150,153,157,158,162,163,164,166,170,172,173,174,175,177,178,180,181,182,183,184,185,187,189,192,193,195,217,224,235,236,238,248,260,261,264,265,266,267,271,272,273,274,275,276,277,278,279,280,283,284,285,286,287,288,289,290,294,295,296,298,299,317,319,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,342,344,345,346,347,351,352,353,354,355,356,357,358,359,360,361,371,372,373,382,385,387,388,389,391,392,394,395,397,398,399,400,401,410,881,890,895,903,907,914,923,926,927,928,930],otp:[3,16,25,30,46,365,681,683,684,706,722,901,902],our:[20,36,887,888,903],out:[3,8,12,21,23,24,33,35,36,37,41,43,49,50,56,59,60,63,64,65,66,67,68,69,71,72,73,74,76,77,78,89,91,92,93,95,96,97,99,101,102,104,105,107,108,111,112,113,115,116,117,118,119,121,122,124,125,126,129,130,132,134,135,138,141,142,143,145,149,150,152,153,154,158,163,164,166,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,194,195,223,224,227,229,230,231,235,236,238,251,260,261,262,264,265,266,267,268,269,272,273,274,275,279,280,282,286,287,289,294,296,298,299,301,303,304,305,306,308,309,312,313,315,316,318,319,320,321,322,323,324,325,326,327,328,329,332,334,335,336,337,338,341,342,344,351,352,353,354,355,356,357,358,360,361,365,368,371,372,379,380,386,387,388,389,391,392,393,394,395,398,399,400,401,402,404,405,406,408,526,527,529,530,533,881,890,903,922,925,932],out_cr:[224,225,226,372],out_flag:238,outaddr:172,outag:[20,39],outauthdat:319,outbuf:[223,324,325,326,327],outcc:134,outcksum:131,outcr:177,outdata:178,outfil:6,outgo:[15,908],outlin:[0,29],outprinc:182,outptr:[186,190],output:[3,6,9,15,20,23,34,41,43,48,99,100,101,102,103,107,117,119,120,166,181,224,279,287,288,289,290,296,349,356,358,361,401,850,859,881,892,902,904,905,907,926,927,929,932,937],output_cr:43,output_message_buff:43,output_nam:908,output_payload_buff:43,outreach:14,outsid:[15,881,937],over:[0,10,14,15,20,21,23,24,28,32,34,36,38,39,43,46,48,107,113,114,117,155,164,294,295,296,322,360,372,801,902,904,910,918,922,923],overrid:[3,6,10,14,20,21,23,36,48,375,377,378,383,384,849,890,898,902,926],overridden:[2,10,11,19,21,885,902],overview:887,overwrit:[6,23,381,925],overwritten:[20,811],own:[0,3,15,20,21,23,24,25,34,38,378,905,907,908,919,922,923,930,936],owner:903,ownership:885,p27:42,pa_as_fresh:896,pa_config_data:894,pa_hardwar:915,pa_real:906,pa_replaces_kei:915,pa_typ:[843,894],pa_type_list:[906,915],pac:[3,20,23,48,333,672,844,847,902],pac_client_info:[338,340],packag:[29,34,888,903],packet:[20,25,36,327,902,915],pad:[43,48,99,100,103,104,287,288,290,530,899],padata:[829,830,906,915],padl:903,page:[0,3,21,889,890,902],pair:[6,20,21,26,825],pam:33,parallel:[10,39,888,902],param:[49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416],paramet:[5,6,10,20,23,28,35,36,43,46,48,169,229,320,322,338,340,890,891,894,901,902,908,912,915,930],parent:[21,39,881,901],pars:[3,15,28,43,45,46,48,235,260,264,267,278,353,357,365,368,887,894],part:[14,21,23,26,32,38,41,199,264,267,278,283,341,356,381,807,817,829,867,881,886,894,895,899,903,907,908,918,930,937],parti:[28,36,43,902,903,937],partial:[14,19,46,899],particip:[21,34],particular:[2,11,14,16,17,19,20,21,37,43,46,315,888,890,903,922,923],particularli:[14,17,25,39,922,929],partit:39,pass:[14,20,21,28,36,43,99,100,102,103,228,250,270,271,275,279,280,282,287,288,289,290,322,365,368,377,378,379,383,384,873,888,890,908,917,926,930],passcod:656,passiv:25,passwd:[5,23,33,879,903,930],passwd_phrase_el:[788,857],password:[3,4,5,6,9,10,11,14,15,16,17,19,20,21,22,24,25,26,28,29,32,33,34,35,36,37,39,40,48,233,245,258,612,614,703,704,705,723,724,881,886,901,902,906,910,921,923,928,930,936,937],password_changing_servic:[3,23],password_expir:[245,822],past:[3,23,920],pasword:25,patch:23,path:[4,5,8,20,21,22,23,25,28,29,34,39,356,888,890,892,902,930,937],pathnam:[4,8,21,23,24,28,29,37,884,888,891,937],pattern:[6,21,28,935],pdf:0,pem:[16,21,29,37,932],peopl:20,pepper1:107,pepper2:107,pepper:48,per:[3,6,9,10,14,18,20,21,23,26,28,36,39,43,46,881,904,906,909,912,913,915,916,917,918,919],perfect:885,perform:[3,4,5,6,12,14,19,20,21,22,23,24,25,34,37,39,43,46,62,91,250,254,258,356,360,372,379,380,383,412,433,831,881,902,903,912,913,914,923],perhap:[3,14,20,23,24],period:[6,8,14,17,20,21,23,24,35,923,926],permiss:[3,15,18,19,20,23,34,43,137,147,159,881,902,903,923],permit:[3,19,21,23,26,36,48,194,251,353,357,901,902,903,926,936],permitted_enctyp:[21,26,902],persist:[21,881],person:[17,34,903,922,923],pertain:[10,903],pgp:[889,920],phase:930,phrase:879,physic:[32,39],pick:[20,25,37,888],pid:[4,8,10,902],pid_fil:[4,8,10],piec:[35,265],pin:[366,369,712,715,719,720,721,722,854],pipermail:920,pkc:[21,724],pkcs11:[21,902,903],pkcs12:21,pkinit:[3,16,23,25,30,40,41,107,643,674,675,676,677,724,890,897,902,903,910,926],pkinit_allow_upn:[20,21],pkinit_anchor:[3,20,21,23,37,926],pkinit_cert_match:[3,21,37,902],pkinit_dh_min_bit:[20,21],pkinit_eku:21,pkinit_eku_check:[20,21,37],pkinit_ident:[20,21,37],pkinit_ind:[16,20],pkinit_kdc_hostnam:[21,37],pkinit_pool:[20,21],pkinit_require_crl_check:[20,21],pkinit_require_fresh:[20,37],pkinit_revok:[20,21],pkinit_san:21,place:[2,8,14,15,21,26,28,32,33,37,39,43,44,46,48,107,117,229,264,267,279,296,361,373,401,811,850,890,892,899,905,913,925,930,936],placehold:[887,889],plain:895,plaintext:[116,527],plan:23,platform:[24,869,880,881,888,889,890,902],pleas:[0,15,20,722,920],plu:[20,923,930],plug:903,pluggabl:[21,28,902,907,910,913,918],plugin:[3,20,22,887,890,900,901,902,903,918],plugin_base_dir:21,pnl:21,point:[3,14,15,21,23,32,34,43,327,403,410,811,881,886,890,902,920],pointer:[24,43,44,46,91,135,136,173,198,200,213,217,220,230,231,256,262,263,319,320,327,329,354,362,363,383,392,403,809,811,816,856,867,904,905,906,907,912,913,915,917,919],pol:[3,19,23],polici:[3,4,5,6,16,19,20,21,24,25,34,35,169,356,902,910,911,912,919,923,927,928],policy_nam:[5,23],poll:[4,8,20,23,902],pool:14,pop:32,popul:[14,24,44,148,899],popular:34,port:[3,4,7,8,10,12,15,20,21,23,34,36,41,44,48,62,328,518,520,901,937],portabl:881,portiion:903,portion:[21,36,153,266,315,382,406,735,792,797,808,820,859,903],portmapp:23,portnum:10,pose:14,posit:[6,19,28,35,869,898],posix:[6,869,880,895,896,899],possess:[37,923],possibl:[3,5,6,14,15,17,20,21,22,23,24,25,26,32,34,35,37,38,39,43,46,48,93,166,224,724,884,885,890,903,906,907,915,920,923,935],post:[48,881,920],postdat:[3,19,20,23,267,923,926,927],potenti:[14,32,34,46,886],power:[20,24,25,39,902],practic:[14,21,46,99,287,902],pre:[0,16,20,22,43,48,91,260,326,327,356,360,361,372,377,843,892,895,902,903,913,926],pre_auth_typ:[232,233,234],preauth:[20,659,825,894,902,903,906,915],preauth_list:[254,824],preauth_list_length:[254,824],preauth_plugin:[906,915],preauth_requir:[906,915],preauthent:[3,16,20,21,23,25,28,30,37,41,46,48,250,706,816,829,830,843,860,894,902,907,910,923,926,927],prebuilt:888,preced:[10,14,21,39,898,930,937],precis:33,precomput:48,predefin:39,prefer:[3,21,23,38,43,236,884,885,902,909],preferred_preauth_typ:21,prefix:[20,21,39,48,341,888,890,902,908,929,930],preiniti:[117,119,121,296],prepar:[48,79,316,400],prepend:[39,343,416,890],preprocessor:890,prerequisit:[888,892],preselect:926,presenc:[21,894],present:[8,14,16,20,21,22,23,28,34,36,37,43,46,245,322,330,342,351,362,363,370,385,612,696,697,698,868,884,885,888,898,899,918,923,927,937],preserv:[6,903],presid:903,pressvr:14,presum:885,prevent:[2,3,19,20,21,23,25,26,29,38,40,327,515,516,885,902,903,913,922,926],previou:[0,3,21,23,34,37,42,44,156,250,261,279,381,401,415,416,894],previous:[3,6,23,43,48,888,902],prf:[48,118,895,902],primari:[3,23,24,48,145,881,904,913,917,919,920,925,926,931,935,937],primarili:[24,55,933],princ1:[37,345,346,347,359],princ2:[37,345,346,347,359],princ:[3,6,15,21,49,50,91,92,93,94,385,777,778,779,780,781,782,783,784,895],princ_flag:6,princ_lockout:6,princ_look_ahead:930,princ_meta:6,princ_nam:[37,925],princ_out:154,princ_stringattr:6,princ_tktpolici:6,princip:[2,3,4,5,6,7,8,9,10,11,12,14,16,17,19,20,21,22,24,25,26,28,29,30,31,32,33,36,37,40,41,43,45,46,48,78,141,147,148,153,155,159,166,223,229,235,242,260,264,267,275,308,313,318,326,330,337,338,339,340,356,360,361,372,400,402,403,404,405,408,410,496,635,642,650,692,694,735,747,809,810,816,820,829,830,834,846,881,882,884,885,891,895,896,898,901,902,904,905,911,912,914,915,916,919,922,923,926,927,928,930,931,932,935,936,937],principal_databas:8,principal_nam:37,principal_out:[341,342],principal_seq:37,principalnam:902,principl:695,princnam:[25,35,40,46,881],princname_out:333,print:[3,6,7,8,23,358,902,929,930,932],printabl:[362,370],prior:[6,8,14,20,23,41,43,136,265,903,907],priorit:39,prioriti:[14,20,39,230,881,885,904],priv:[48,902],privat:[21,37,702,890,895,896,902,920],privileg:[3,15,19,34,43,48,253,922,936,937],privsvr:[339,340],privsvr_kei:[337,338],prng:[120,121,122,890,902,903],probabl:[6,12,14,23,34,888],problem:[14,23,38,327,885,902,920],proce:930,procedur:[6,32,34,887,888],proceed:23,process:[3,4,6,8,9,10,14,15,20,21,23,24,25,34,43,46,48,136,154,169,352,410,881,884,885,902,905,906,909,912,913,914,915,917,919,926,937],procur:[37,903],produc:[6,21,23,46,104,124,889,899,906,909,915,927,929],product:[34,903],prof_no_rel:918,profil:[15,18,20,21,48,136,385,881,884,885,887,891,902,903,910],profile_module_init:918,profile_module_init_fn:918,profile_releas:262,profile_tcl:903,profile_vt:918,profit:903,program:[2,3,4,6,8,12,15,20,21,23,26,28,30,32,33,34,37,38,39,41,43,46,56,268,375,885,887,888,889,892,894,901,902,903,923,929,930,937],programm:929,programmat:46,progress:[14,20],prohibit:[3,23,903],project:[0,686,890,902,903,907,937],promot:[14,903],prompt2:358,prompt:[2,3,5,6,23,34,46,48,260,358,703,704,705,706,854,856,886,902,906,922,923,928,930],prompter:[245,260,263,275,349,854,856,861],prone:902,proof:[48,923],propag:[4,6,7,8,14,17,19,20,21,24,31,35,887,902,903,922],proper:[12,23,37,356,888],properli:[29,34,37,41,880,890],properti:[21,903,921],proponli:[4,23],proprietari:36,protect:[6,15,25,26,32,35,37,40,43,78,247,323,328,724,831,885,902],protocol:[2,3,14,21,23,29,39,43,48,247,661,680,707,816,820,829,830,885,887,900,902,912,923,926,932,937],prototyp:[887,907],prove:[46,896,906,915],provid:[0,3,4,10,15,21,22,23,24,26,28,29,32,34,37,38,39,41,43,46,98,122,229,356,369,410,880,881,888,890,902,903,905,908,911,914,918,922,930,937],provis:903,proxi:[20,21,25,30,36,39,43,902,923,927],proxiabl:[3,20,21,23,48,824,923,926,927,930],proxy_imperson:894,pseudo:[48,887],pto:183,ptr:[38,43,197,281,336,350,786,787,816,817,867],pty:[887,903],publish:[38,903],punctuat:[3,21,23,34,928],purg:[3,6,14,902],purge_mkei:23,purgekei:[14,23,37],purpos:[10,15,21,26,28,34,890,903,926,933],put:[4,10,34,341,792],pw_expir:6,pwchang:20,pwd:888,pwexpdat:[3,23],pwexpir:[3,19,23],pwqual:[28,902,910],pwqual_plugin:919,pwservic:20,python:[29,892,902],qop_req:43,qop_stat:43,qualif:21,qualifi:[3,15,19,21,23,937],qualify_shortnam:[21,902],qualiti:[21,28,902,910,921],queri:[3,21,23,39,43,46,902],question:[0,20,39,48,365,368,722,723,724,860,861,920],queue:[20,903],quietli:925,quit:[6,32],quot:[3,6,23,341,402,404,882],quux:21,r13:[6,23],r18:[6,23],r_address:808,rabbit:39,radiu:[20,36,902],randkei:[3,14,23,34,37,902],random:[3,6,14,15,20,21,23,25,34,48,895,899,902],random_data:124,randomli:[2,26],randsourc:120,rang:926,rapidli:15,rare:[24,37,882,884],rassen:903,rather:[3,4,5,6,10,15,20,21,23,32,38,39,56,279,401,881,888,895,908,926],raw:[20,888],rc2:474,rc4:[20,902],rcach:[71,85,265,320,322,885],rcache2:[885,902],rcmd:21,rcommand:637,rcptr:265,rctmpdir:891,rctx:[46,362,363,364,365,366,367,368,369,370,861],rdata_out:[320,322,323,328,351,353,357],rdn:[15,21,33,38,43],reach:[20,21,24,164,312,899],react:243,read:[3,5,6,9,11,20,21,22,23,34,35,37,46,48,250,260,262,316,349,368,410,890,898,915,918,922,927,937],readabl:[15,21,32,169,882,884,886,902],reader:[21,24],readi:[6,34],readlin:890,readm:[887,889],real:[21,347,382,692,930],realiti:0,realloc:44,realm1:10,realm2:10,realm3:10,realm:[3,4,5,6,7,8,10,12,14,15,16,19,22,24,25,26,29,30,33,34,36,37,38,40,43,44,46,48,49,50,59,60,91,92,93,94,122,153,214,230,235,251,260,264,267,278,279,284,339,341,342,347,356,385,386,400,401,404,497,693,696,697,698,700,701,711,779,780,781,782,797,805,809,817,820,829,830,846,849,850,852,853,867,881,890,891,894,895,896,898,901,902,910,917,919,922,923,926,930,935,936,937],realm_try_domain:21,realmlist:214,realmnam:[37,46],realmsp:[230,231],reason:[14,17,21,24,28,33,39,339,880,894,903,922,923,930],reboot:[20,34,886],rebuild:[890,892],receiv:[3,4,8,9,14,20,21,23,37,39,41,43,48,223,245,273,322,323,327,328,351,353,357,360,371,372,860,905,906,915,916,919,923,937],recent:[2,6,17,20,25,26,37,48,885,896,902,923],recipi:[808,903],recogn:[3,20,21,37,41,926,935],recognit:[902,903],recommend:[5,6,15,17,20,21,23,32,34,39,40,43,888,889,890,920,923,925],recomput:136,reconf:887,record:[6,10,21,23,33,34,38,39,885,895,898,899,902],recov:[6,23,902,906],recurs:[6,23,24,902],recv_hook:377,recvauth:[360,372],red:[903,937],redhat:902,redirect:[21,34],redistribut:903,reduc:[14,21,33,100,103,288,290,888,890],redwood:903,ref:[5,23],refcount:902,refer:[3,5,15,19,20,22,23,39,43,45,48,87,89,138,286,305,846,902,903,911,916,930],referenc:[22,894,903],referr:[20,21,39,230,231,338,340,386,679,688,711,902,909,923],referral_valid_until:845,referred_realm:845,reflect:[23,34,100,103,136,158,262,288,290,322,323,328,353,357,895,896],reforward:923,refrain:908,refresh:[15,43,894],refresh_tim:894,refus:[12,14,34],regard:903,regardless:[6,19,21,43],regener:892,regent:903,regexp:21,region:[43,114,130,295,299,811],regist:[4,21,23,28,39,903,910,937],registr:21,regress:888,regul:903,regular:[14,21,34,37,43,930],regularli:[17,39],reiniti:148,reject:[12,15,16,20,21,34,166,614,923],reject_bad_transit:20,rekei:14,rel:[20,21,48,882,888,894,930],relai:10,relat:[4,6,20,21,22,28,29,35,37,39,169,810,902,903],relationship:[21,916],releas:[0,3,4,6,8,14,15,16,19,20,21,23,24,25,26,33,35,37,38,40,41,43,46,48,68,73,77,82,84,113,125,126,154,163,176,214,230,231,265,268,282,294,312,316,880,881,885,895,896,898,899,902,905,906,907,908,909,911,912,913,914,915,916,926,937],relev:[34,38,78,195,895],reli:[15,34,890],reliabl:24,relianc:21,relinquish:85,reload:23,remain:[3,4,6,14,20,23,43,44,245,639,880,881,898,899,903,913,915,930],rememb:[34,37,894],remot:[3,4,7,15,20,23,33,38,43,48,62,64,169,223,322,323,328,353,356,357,379,380,519,520,887,902,922,923,930,936,937],remote_addr:[44,64,82,356],remote_port:84,remotehost:933,remov:[2,3,6,20,23,26,28,37,48,155,888,902,913,922],renam:[3,23,890,902,913],rename_sect:918,render:[14,888],renew:[3,5,6,20,21,23,48,830,868,902,914,923,926,927,930,937],renew_lif:[256,824],renew_lifetim:21,renew_til:[809,817,868,894],renewable_lif:926,renprinc:3,rep:[185,199,324,325,354,355,791,816,829,844],rep_cksum:845,rep_result:372,repeat:[6,20,21,34,831,894,908],repl:354,replac:[3,5,21,23,28,34,70,75,94,123,186,188,190,191,196,197,225,226,232,233,234,281,348,350,407,890,898,903,906,926],replai:[21,43,48,78,320,322,323,328,351,353,356,357,515,516,859,881,883,891,897,901,902,937],repli:[12,26,46,107,245,258,267,279,349,354,355,377,378,401,714,829,849,850,854,895,906,915,926],replic:[8,34],replica:[4,6,7,8,9,14,15,17,20,21,23,31,32,35,41,887,902],replica_datatran:[7,34,901],replica_datatrans_hostnam:23,replica_dumpfil:8,replica_host:7,replicahostnam:8,reply_out:850,report:[6,38,887,902,920,926,932],repositori:892,repres:[3,21,34,43,158,869,880,884,895],represent:[21,43,48,341,342,395,403,404,797,816,829,830,867,880,894,898,903],representaton:791,reproduc:903,req:[21,26,37,245,326,327,356,499,830],req_pac:253,request:[3,4,6,8,9,10,14,15,16,19,20,21,22,23,24,25,28,33,35,36,37,40,43,46,48,153,166,195,223,224,229,235,241,253,260,267,276,277,327,356,375,400,498,500,501,613,661,680,736,743,744,791,793,816,830,838,882,884,885,894,895,896,902,905,906,908,914,915,920,923,926,930,932,937],request_fini:906,request_init:906,request_tim:866,requested_principal_nam:845,requir:[3,4,6,8,9,12,14,15,16,20,21,22,23,24,25,26,28,32,34,35,36,37,38,39,40,43,46,48,98,112,116,117,120,236,241,247,248,320,322,323,328,351,353,357,538,722,846,861,880,881,888,889,890,892,895,902,903,905,908,915,918,923,928,936,937],require_auth:[3,16,902],requires_hwauth:[3,23,915],requires_preauth:[3,5,14,23,25,35,37,40],requires_pwchang:[5,23],requisit:892,research:903,resembl:724,reserv:[893,903],reset:[3,9,23,35,46,157,383,902],resid:[15,39,46,886,903,935,936],residu:[21,39,152,315,881,885,916,918,937],resiz:403,resolut:[15,33,38,43,230,902,930],resolv:[15,33,48,260,315,881,890,902,927,930],resourc:[43,46,888,900],respect:[3,34,82,84,224,341,882,903,908,922],respond:[4,48,364,365,366,367,368,369,715,722,723,724,860,861,902,915],respons:[3,4,23,37,40,46,85,166,229,245,279,354,401,498,500,537,559,723,743,745,791,830,866,902,903,906,909,915,926,933,937],rest:[28,890],restart:[12,14,19,20,23,24,34,37,41],restor:[6,17,902],restrict:[3,5,14,19,21,23,48,224,903,912,914,926,930],restrict_anonymous_to_tgt:[20,37],restructuredtext:0,resubmit:926,result:[0,14,15,21,23,37,39,40,41,43,46,48,99,102,107,117,124,144,156,158,189,195,228,287,289,296,318,372,373,400,402,403,416,890,894,895,899,902,903,904,909,914,915,916,923,930,932],result_cod:[166,379,380],result_code_str:[166,379,380],result_str:[166,169,379,380],resum:23,resync:[4,9,23,902],resynchron:9,ret:[46,344],ret_as_repli:[232,233,234],ret_princ:386,ret_valu:[59,60],retain:[2,3,14,20,23,903,912,914,936],retir:[13,23,902],retransmit:890,retri:[20,36,39],retriev:[3,6,24,41,43,44,46,48,158,271,308,363,372,397,400,860,902,903],return_padata:915,return_pwd:358,retval:[49,50,51,53,55,56,61,62,63,64,65,66,67,68,69,71,72,73,74,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,120,121,122,124,125,126,129,130,132,133,134,135,137,139,141,142,145,147,148,149,150,151,152,153,155,156,157,158,159,160,161,162,163,164,165,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,285,286,287,288,289,290,294,295,296,298,299,300,301,302,303,304,306,308,309,311,312,313,314,315,316,317,319,320,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,341,342,344,345,346,347,349,351,352,353,354,355,356,357,358,359,360,361,370,371,372,373,374,375,379,380,381,382,384,386,387,388,389,391,392,393,394,395,397,398,399,400,401,402,403,404,405,406,410,907],reus:23,rev:[6,23,24],revers:[6,15,21,23,33,43,903,927],review:889,revis:[902,903],revoc:[20,21],revok:[20,21,35],rfc4120:29,rfc:[14,20,21,39,43,48,318,379,380,408,438,439,442,443,444,446,447,454,455,456,457,458,459,460,461,505,534,536,594,651,654,655,656,657,658,659,660,662,663,664,665,667,668,669,670,673,674,676,678,683,686,688,690,722,885,894,895,896,899,902,906,908],rhost:223,ricciardi:42,richard:903,ride:20,right:[5,19,20,23,100,103,288,290,811,893,899,903],risk:[14,26,30,46],rkt:11,rlen:[91,92,93,94],rlogin:930,roam:21,robbi:937,robin:15,robust:902,rock:[906,915],roll:23,rollback:14,rollov:[6,23],root:[8,12,14,15,17,19,20,21,32,34,886,890,922,930,935,936,937],rotat:38,round:[40,902,915],rout:34,routin:[21,854],royal:903,rpath:[888,890,929],rpc:[20,21,23,43,48,610,887,902,903],rpcbind:23,rsa:[37,472,475,476,477,903,926],rst:892,rtime:830,rule:[3,15,19,21,23,28,39,43,154,930,932,935,936],run:[3,4,6,8,9,10,12,14,15,20,21,23,24,26,28,32,33,34,37,39,41,881,888,889,890,892,901,902,925,927,930,937],runstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],runtim:901,s2kparam:48,s2kparams_out:229,s4u2proxi:[43,894],s4u2self:[43,338,340,902,932],s4u:902,s4uself:20,s_address:808,safe:[28,48,725,880,902],safer:922,safest:923,sai:885,sake:930,sale:903,salt:[2,3,6,11,15,20,23,25,48,125,126,390,824,902],salt_out:229,salt_type_afs_length:773,salt_type_no_length:773,salttyp:[6,20,26,371],salttypep:391,sam:[681,683,684,902],samba:[28,902],same:[3,4,5,10,12,15,19,20,21,23,24,28,36,39,43,52,53,91,101,105,107,136,138,151,155,171,180,228,250,270,271,275,279,305,345,346,347,359,385,831,881,885,890,902,907,908,922,926,930,932],sampl:[12,15,22,34,887,903,922,923,930,933],san:[20,21,902],sandia:903,sasl:[3,5,20,22,23,43,902],sasl_authcid:3,sasl_authzid:3,sasl_mech:3,sasl_realm:3,satisfactori:25,satisfi:888,save:[37,40,66,83,522,523,895,902,915],sbin:[8,12,34,890,901],sbindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],scalar:895,scenario:[14,902],schedul:[14,23],schema:[22,24],scheme:39,schneier:902,sclient:[12,921,924],sclogin:20,scope:[5,23],screen:923,screensav:923,script:[3,4,10,23,34,887,888,890,902],search:[5,20,21,23,48,151,153,195,224,313,881,888,899,902,925,931],search_scop:[5,23],searchscop:[5,23],sec:[48,797,820,882],second:[3,10,20,21,23,28,36,37,39,43,44,52,53,105,153,223,228,266,267,319,345,346,347,358,359,382,383,385,406,729,792,808,810,830,859,869,880,882,885,894,895,898,899,907,908,923,926,930,937],second_ticket:[810,830,894],secondari:34,secret:[3,20,21,36,43,46,834,922],section:[3,10,19,22,23,28,33,34,35,37,39,41,43,48,119,318,408,594,668,669,670,885,888,889,894,895,899,902,918,919,930,935],sector:[6,23],secur:[3,7,14,15,20,21,23,25,30,31,34,37,39,41,43,46,250,322,558,886,887,902,903,920,923,937],securecooki:895,securid:[656,902],sed:890,see:[14,15,17,22,23,24,26,28,32,34,35,36,39,43,46,97,99,100,102,103,108,113,114,120,130,131,168,229,262,287,288,289,290,294,295,299,318,356,390,400,408,409,410,594,722,881,882,885,886,887,888,890,892,893,894,902,903,904,905,906,907,909,910,911,912,913,914,915,916,917,918,919,920,922,923],seed:[122,131,328,409,899],seed_length:[131,409],seen:885,segment:39,select:[6,14,21,23,28,43,46,48,117,296,356,366,881,890,902,908,910,926,930,935],self:21,sell:903,semant:46,semfiajf42:20,send:[0,4,15,20,21,23,25,26,32,34,41,48,229,245,322,360,372,377,885,887,890,902,920,922,926,937],send_hook:378,sendauth:[12,34,48],sender:[322,323,328,353,357,808],sensit:250,sent:[6,20,23,25,36,37,41,43,322,372,378,850,885,888,895,902,915,923],sentenc:34,separ:[0,3,5,6,10,16,19,20,21,22,23,24,25,28,39,50,341,343,416,715,889,890,895,902,908,918,922,937],seq:859,seq_numb:[792,797],seqnumb:[69,74],sequenc:[25,37,48,66,78,80,83,322,323,324,328,353,355,356,357,515,522,792,797,859,886,894,895,898,908],sequence_count:857,sequenti:[48,312,799],seri:[38,48,899],serial:[9,43,902],serv:[4,10,21,23,902],server1:[5,23],server:[2,3,4,5,6,7,8,9,10,12,16,18,20,21,22,23,24,25,28,29,30,31,34,36,37,38,39,43,46,48,159,166,223,224,264,267,330,337,338,339,340,356,372,379,380,410,499,611,649,714,744,791,809,810,816,820,830,867,881,884,885,887,891,894,901,902,903,904,910,911,923,929,930,932,933,935],server_kei:[337,338],server_port:12,server_str:169,serverauth:21,servic:[2,3,5,8,10,12,15,16,19,20,21,22,24,28,29,31,32,33,34,43,48,166,224,235,245,260,264,267,326,327,360,379,410,637,638,639,722,862,881,885,887,894,902,903,904,909,917,923,926,932,935,937],service1:932,service2:932,service_loc:917,service_nam:926,service_passwd:[5,23],sesam:[46,686],session:[3,14,15,21,23,33,34,43,46,48,224,318,322,327,351,408,435,436,797,809,810,816,817,881,885,923,927,932,937],session_enctyp:[3,23],set:[0,3,4,5,6,14,15,16,18,19,20,21,22,23,24,25,26,28,29,31,32,33,34,35,37,38,39,40,41,43,44,46,48,62,68,69,73,74,77,78,98,102,122,145,153,154,161,164,224,229,253,279,280,286,289,303,315,322,323,328,349,351,353,356,357,358,366,370,374,384,401,403,404,405,416,540,715,731,849,850,860,881,882,885,890,902,908,915,916,922,923,925,926,927,930,936,937],set_cooki:[902,915],set_str:[23,26,36,37],setstr:[3,16],setuid:[41,902,937],setup:[23,34,122,888,902],sever:[3,15,16,20,21,23,24,37,39,881,887,888,890,894,907,937],sfu:671,sha1:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],sha256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],sha2:[20,902],sha384:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],sha:[14,20,902],shall:903,share:[0,14,21,23,28,46,327,890,907,908,918,922],sharealik:903,sharp:19,she:[923,936],shell:[3,5,23,34,41,902,922,923,929,935],shorter:21,shortest:192,shortli:[33,922],shortnam:21,should:[0,2,3,4,5,6,10,12,14,15,17,20,21,22,23,24,25,26,28,29,32,33,34,37,38,39,43,46,71,85,144,152,223,245,249,255,269,279,306,315,322,324,327,339,356,358,362,363,401,724,844,849,850,869,880,881,882,886,888,890,894,896,902,903,904,906,907,908,912,913,914,915,917,918,919,922,923,926,930,932,937],show:[2,6,20,41,854,881,892,901,923,927],shown:[20,21,881],shrubberi:42,shutdown:24,sick:903,sid:[21,632,633],side:[23,43,360,372,885],sighup:[10,41],sign1:43,sign2:43,sign:[3,19,20,21,23,32,37,41,43,48,880,889,896,898,926,937],sign_onli:43,signal:10,signatur:[408,471,472,477,889,908,918],signedpath:[3,20,23],signific:[25,35],silent:927,similar:[6,21,22,29,43,92,105,113,114,126,129,130,246,294,295,296,298,299,323,326,338,340,342,346,361,403,404,413,415,902,907,917,923,930],similarli:[15,341,724,923],simpl:[5,12,17,23,107,417,881,885],simplest:[28,43,881,888],simpli:[28,36,37,40,43,46,723,888,908,922,923],simplifi:[251,902],simul:930,simultan:831,sinc:[3,12,14,15,17,21,22,23,37,48,327,719,869,880,894,908,915,936,937],singl:[0,3,14,15,20,21,23,24,26,28,32,34,37,39,40,43,46,48,189,318,342,405,695,881,890,902,908,915,930],siphash:899,site:[15,23,34,39,902,923,926,936],situat:[14,20,24,28,39,932],size:[9,20,21,23,24,37,41,48,97,98,100,103,114,116,130,186,190,288,290,295,299,358,403,405,811,890,898,899],size_return:358,size_t:[95,96,98,100,103,104,112,114,116,118,130,131,168,170,186,187,190,191,192,193,280,288,290,295,299,334,336,366,371,394,395,409],sizeof:[43,46,918],skei:[20,810],skew:[48,267,353,357,915,926],skip:[22,23,37,410,412,890],slack:39,slash:[341,937],slat:907,slightli:890,slot:[11,21,899],slotid:21,slower:[14,24],small:56,smaller:[21,898],smard:21,smart:[20,21,902],sms:19,smtp:636,sname:[386,932],sni:902,sock_dgram:917,sock_stream:917,socket:[20,21,36,48,372,901,917],soft:902,softwar:[14,15,21,24,25,28,42,46,890,903,920],solari:[31,888,890,902],solaris9ab:42,sole:[21,28],solut:34,some:[2,3,6,14,20,21,23,24,28,29,31,34,37,38,39,41,46,48,99,122,151,154,287,386,750,881,882,885,887,888,889,890,891,899,901,902,907,908,911,918,920,922,923,926,935,937],someon:[17,21,34,922,923],someth:[12,14,20,38,885],sometim:[23,25,38,926],somewhat:[37,885],song:903,soon:8,sophist:46,sort:38,sourc:[0,10,22,23,28,34,39,42,43,120,122,888,889,890,900,903,907,911,918,920,930],source_cache_nam:930,source_us:930,southern:903,space:[3,16,20,24,37,38,56,99,102,117,119,121,287,289,296,304,343,358,403,416,882,889],spake:[20,21,25,30,902,903],spake_preauth_group:[20,21,40],spake_preauth_ind:20,spake_preauth_kdc_challeng:[20,40],sparc:902,spars:899,spawn:4,special:[20,23,28,35,43,404,642,699,881,902,903,908,926],specif:[3,4,6,10,14,18,19,20,21,23,24,26,34,39,43,48,49,56,155,313,315,360,361,406,724,881,882,884,890,892,899,902,903,907,912,917,923],specifi:[3,4,5,6,7,8,9,10,11,14,15,16,18,19,20,22,23,28,29,34,36,37,39,43,46,48,92,93,99,100,102,103,113,125,129,224,227,229,235,260,264,267,287,288,289,290,294,298,308,313,316,322,323,328,341,342,353,356,357,372,380,410,736,881,885,890,895,896,902,908,915,923,925,926,927,928,929,930,931,932,937],speed:[22,25],sphinx:892,sphinx_arg:892,spi:908,split:[3,39,902],spnego:[902,903,908],spnego_mech:903,spoof:[21,25,39],sprecif:889,spuriou:902,sqlite3:6,sqlite:6,squar:[20,21,28],src:[22,148,888,890,892,903],src_ctx:179,src_name:43,srcdir:892,srv:[21,33,34,39,902],srvtab:11,ss_lib:890,sscope:[5,23],sserver:[1,933],ssh:[15,33,923,936,937],sshd:21,sshing:937,ssl:[29,37],sspi:902,stabl:[902,912,913,914,919],stage:[14,895,913],stai:[3,15],stale:[0,21,26],stamp:[6,9],stand:34,standalon:[8,41,902],standard:[3,6,9,14,20,23,37,41,43,884,902,903,929],start:[0,3,4,6,8,10,14,15,19,20,21,23,24,26,31,37,41,48,809,817,830,868,881,886,888,896,902,923,930],start_tim:[235,260,275,926],starttim:[868,894],startup:[34,902],stash:[3,5,10,14,20,22,34,41,883,901],stash_fil:[6,23],stashfilenam:[5,6,23],stashsrvpw:[3,20,22,23],state:[6,9,14,20,34,46,48,78,99,100,102,103,287,288,289,290,831,895,901,902,903,904,906,907,909,912,913,915,916,917,918,919],statement:[903,932],statu:[3,821,902,903,905,908,927,930,932],stderr:[20,937],stdin:349,stdlib:918,stdout:[41,349],stduser:23,step:[6,14,15,22,23,34,37,930],steve:937,still:[3,4,6,10,14,20,21,23,32,33,34,35,39,148,269,888,902,926,930,932],stime:820,stockholm:903,stolen:923,stop:[4,10,24,907],storag:[46,48,57,58,82,84,159,170,187,192,193,280,358,371,395,881],store:[2,3,4,5,6,8,14,15,17,20,21,22,23,24,26,34,37,43,46,48,80,99,100,102,103,224,235,250,287,288,289,290,322,323,327,328,353,356,357,358,403,410,543,715,824,881,884,885,888,891,894,899,902,919,923,926,927,930],str:43,strategi:35,strcmp:918,strdup:918,stream:[8,12,20,34,36,43],strength:902,strengthen:14,strict:903,strictli:34,string2kei:14,string:[3,5,6,15,16,19,20,21,23,25,26,28,34,36,37,39,43,46,48,101,166,169,192,228,229,258,264,267,278,343,362,370,376,379,380,413,414,415,416,722,723,724,805,810,821,852,853,873,881,882,885,890,902,903,905,907,908,915,916,918,926,930],strip_realm:[20,36],strlcpy:903,strlen:[43,46],strong:[16,122],stronger:[14,16,21,26],strongest:[26,122],strptime:903,struct:[43,48,51,262,269,789,791,792,793,794,795,797,800,801,802,806,807,808,809,810,811,813,815,816,817,818,820,824,825,826,829,830,831,832,833,834,838,843,844,845,846,847,853,854,857,858,859,860,862,863,864,865,866,867,868,870,871,873,874,875,878,879,912,918],structur:[43,46,47,48,92,100,103,135,156,169,173,182,212,221,237,240,241,242,243,244,245,249,252,253,254,255,257,258,259,269,275,280,282,288,290,319,321,331,342,352,353,362,365,368,372,386,410,412,417,532,789,795,807,810,811,820,847,867,874,880,906,907,912,914,915,917],studio:902,style:[3,21,23,39,413,414,415,632,634],sub:[5,21,23,887],subcommand:14,subdirectori:[21,28,887,892,901],subdomain:[39,935],subject:[0,20,21,23,37,903],subjectalternativenam:21,subjectaltnam:37,subjectkeyidentifi:37,subkei:[48,80,322,351,356,792,797],sublicens:903,submit:[26,43],subprocess:10,subregion:43,subschema:22,subscrib:920,subsect:[16,20,21,22,24,25,28,29,35,37,40],subsequ:[9,10,14,24,136,275,279,401,903],subsess:[26,327,436],subset:[39,887,890],substanti:903,substhtml:892,substitut:[21,34,37,903],subsystem:890,subtag:21,subtre:[3,5,20,22,23],subtree_dn_list:[5,23],succe:[20,21,34,43,46,410],succeed:[12,34],success:[3,6,8,20,23,24,25,35,46,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,124,125,126,129,130,132,133,134,135,137,141,142,144,145,147,148,149,150,152,153,155,156,157,158,159,161,162,163,164,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,286,287,288,289,290,294,295,296,298,299,300,301,303,304,306,308,309,312,313,314,315,316,319,320,321,322,323,324,325,326,327,328,329,330,332,334,335,336,339,341,342,344,349,351,352,353,354,355,356,357,358,360,361,371,372,373,374,375,379,380,381,382,386,387,388,389,391,392,393,394,395,397,398,399,400,401,402,403,404,405,406,410,412,615,821,885,906,909,919,930,932],successfulli:[3,6,12,23,35,43,46,245,412,849,850],sudan:903,sudden:20,suffici:[3,5,14,23,24,890],suffix:[21,28,43,890,902,937],suggest:[0,245],suit:[34,887,888,890,902],suitabl:[6,888,890,902,903,923],summar:927,summari:[8,9],sun:903,suncc:890,sunw_dbprop_en:23,sunw_dbprop_master_ulogs:23,sunw_dbprop_slave_pol:23,sunwaadm:42,supersed:[10,14],supervisor:10,supplement:20,suppli:[3,11,43,46,48,223,245,258,262,267,276,277,278,328,339,369,370,383,719,720,860,890,906,907,915],support:[3,4,6,10,11,20,21,22,23,24,25,26,37,39,40,43,46,48,153,161,247,253,375,383,384,538,740,881,883,887,888,889,890,894,895,899,902,903,906,907,908,915,920,926],supported_enctyp:[14,20,26,34,902],suppos:[923,936],suppress:[3,6,20,23,890,902,925,930,932],sure:[3,5,12,14,15,22,23,33,41,922,923,926],surpris:14,surround:28,surviv:[20,881],susec:820,swap:[34,39],sweden:903,swig:903,symbol:[6,341,885,888,889,892,901,907,908],symmetri:20,synchron:[9,14,15,21,24,34,41,48,271,400,714,902,915],syntact:21,syntax:[20,21,37,902],synthes:[378,849],synthet:[377,894],syria:903,sysadv6:42,sysconfdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937],syslog:[20,21,34,907],system:[3,6,14,15,19,20,21,23,24,29,32,33,34,35,36,37,38,41,43,46,48,56,122,136,147,169,282,379,380,382,393,679,682,685,860,881,886,887,888,889,902,903,907,916,920,922,923,925,926,936,937],systest:[3,23],t_mddriver:903,tab:[3,6,23,341,902],tabdump:902,tabl:[3,6,23,48,276,305,306,311,356,360,410,834,884,887,889,890,892,899,901,902,927],tabular:[6,902],tag:[20,21,34,894,899],tail:34,take:[10,14,19,20,21,23,25,26,28,32,39,41,43,46,91,124,126,322,373,715,811,882,899,902,904,913,922,923,930],taken:[6,14,39,245,885,899],talk:885,tamper:43,tape:32,tar:[888,889],target:[19,21,34,43,881,894,902],target_nam:43,target_princip:19,target_principal_nam:930,target_us:930,target_user_login_nam:930,task:[14,46,91],tcl:[888,890],tclpath:890,tcp:[8,10,12,15,20,21,23,29,34,37,39,279,401,902,917],team:920,teardown:888,technet:42,techniqu:[40,46],technolog:[893,903,937],tekniska:903,telegraph:903,telephon:903,tell:[4,10,888,922,923,929],telnet:[21,637,930],temp:21,templat:887,temporari:[3,21,23,34,37,884,885,901,902,937],temporarili:3,ten:[33,923],tend:15,term:[3,14,23,25,26,37,41,723,881,884,902,903,906,915,932],termin:[4,10,48,173,195,220,230,231,240,261,322,349,351,358,363,403,887,918,930],ters:[3,23],test1:[3,23,882],test2:[3,23,882],test3:[3,23,882],test4:882,test:[3,9,10,12,14,21,23,37,48,887,890,892,902,903,926,933],test_html:892,testdir:41,testus:[3,23],texinfo:0,text:[6,23,28,36,37,46,169,362,811,820,854,895,929],tgt:[3,14,20,23,26,37,46,48,220,339,340,894,895,902,923,930],than:[3,4,5,6,10,12,14,15,19,20,21,23,24,25,26,28,32,35,37,38,39,43,56,230,279,372,401,881,885,888,895,898,899,902,906,908,922,926],thei:[3,6,9,14,15,20,21,23,28,33,34,37,38,39,41,43,46,229,322,372,715,831,880,881,884,888,890,894,902,915,922,923,934,937],them:[3,14,15,20,22,23,24,25,29,32,34,37,38,39,41,46,82,84,253,327,341,400,715,881,888,890,902,903,907,908,918,923,925,937],themselv:[6,23],theodor:903,theori:903,therebi:936,therefor:[22,23,25,39,894,915],thereof:903,thi:[0,2,3,4,5,6,8,9,10,11,12,14,15,17,19,20,21,22,23,24,25,26,27,28,32,33,34,35,36,37,38,39,40,41,43,46,48,49,50,55,57,58,59,60,61,62,67,68,69,71,72,73,74,76,77,78,81,82,84,85,86,87,88,89,92,93,98,99,100,101,102,103,104,105,107,113,114,116,117,119,120,122,124,125,126,129,130,133,136,137,139,141,144,148,150,151,153,156,157,158,159,167,169,171,172,173,174,175,177,178,180,181,182,183,192,194,195,198,199,200,201,202,203,205,206,207,208,209,212,215,216,221,228,235,236,241,243,245,246,252,253,254,258,260,261,262,264,265,266,267,270,271,272,275,276,277,278,279,287,288,289,290,294,295,296,298,299,306,315,318,320,321,322,323,324,326,327,328,330,331,337,338,339,340,342,349,352,353,354,355,356,357,358,360,361,365,368,370,372,373,375,377,379,380,382,383,384,386,393,397,398,400,401,403,404,406,408,410,412,413,415,712,713,714,715,719,720,721,723,816,834,868,869,880,881,885,886,887,888,889,890,894,895,899,900,901,902,903,904,906,908,910,912,913,914,915,916,918,919,920,922,923,925,926,927,929,930,932,936,937],think:[38,907,922],third:[21,28,36,37,894,902,903,937],thorough:39,those:[3,6,14,15,19,21,23,25,34,39,43,46,890,892,898,902,903,906,908,911,912,915,932,936,937],though:[14,888,923],thousand:24,thread:[24,831,881,890,902],threadsaf:285,three:[14,24,26,35,39,40,372,894,902,923,937],threeparamopen:773,through:[15,16,20,21,23,24,28,29,33,34,35,39,46,230,282,383,384,412,894,899,902,913,922,923],throughput:[20,24],thu:[23,885,890,930],ticket:[2,3,5,6,12,14,15,16,19,20,21,22,26,28,33,34,35,36,37,39,41,43,46,48,153,159,183,195,223,229,235,247,260,264,267,319,327,330,339,356,360,361,372,539,542,545,644,729,744,793,797,807,809,810,816,817,829,830,867,868,870,881,882,894,902,905,906,914,915,920,921,922,925,926,927,930,932,933,936,937],ticket_authdata:195,ticket_flag:[5,23,810,894],ticket_info:808,ticket_lifetim:[21,33],tied:913,tightli:[14,28,32,886],till:830,time:[0,2,3,5,6,9,10,14,15,19,20,21,22,23,24,28,34,35,36,37,39,41,43,44,48,136,158,224,228,235,245,260,275,353,356,357,395,719,736,737,792,808,809,810,816,817,830,834,868,880,881,883,885,886,890,891,894,895,899,901,902,903,908,914,922,923,926,927,930,937],time_offset:10,time_rec:[43,902],time_req:43,time_t:[6,869,880],timeofdai:406,timeout:[14,20,36],timeret:393,timestamp:[6,14,21,25,37,40,48,66,83,322,323,328,337,338,339,340,353,357,393,516,523,658,808,834,838,859,869,880,884,885,894,895,896,898,899,902,915,927],timestampp:392,titl:[887,903],tkt:810,tkt_flg_anonym:773,tkt_flg_enc_pa_rep:773,tkt_flg_forward:773,tkt_flg_hw_auth:773,tkt_flg_initi:773,tkt_flg_invalid:773,tkt_flg_may_postd:773,tkt_flg_ok_as_deleg:773,tkt_flg_postdat:773,tkt_flg_pre_auth:773,tkt_flg_proxi:773,tkt_flg_proxiabl:773,tkt_flg_renew:773,tkt_flg_transit_policy_check:773,tkt_life:[259,824],tktpolici:[3,5,23],tls:22,tlyu:[3,23],tmp:[3,15,21,34,885,891,901,923,930,937],tmpbuild:888,tmpdir:[885,937],tmppolici:[5,23],todd:903,todo:922,togeth:15,token:[16,20,21,46,365,592,713,714,715,717,720,721,897,902,908,915,926],token_flag:865,token_id:863,token_len:43,tokenid:722,tokeninfo:[366,722,862],toler:21,tom:3,too:[3,23,56,100,103,119,267,288,290,304],tool:[6,23,887,889,902,907],toolkit:887,top:[10,39,881,888,889,892],top_srcdir:892,topic:[0,30,34],topolog:4,tort:903,tortiou:903,total:[20,25,899,926,930],toward:[0,23],tr_content:874,tr_type:874,trace:[48,873,902,937],trace_log:41,track:[3,6,9,23,35,885,920],trademark:903,tradit:[6,35],traffic:29,trail:[20,930],trailer:[43,48,532],transact:[24,937],transcript:895,transfer:[4,37],transform:890,transit:[20,21,24,356,535,544,661,680,817,874,902,923,926,927,932],transitori:14,translat:[21,56,902],transmiss:17,transmit:[23,43,279,401,902,915],transpar:937,transport:[23,39,279,401],travers:[6,23],treat:[3,21,36,43,54,339,347,694,869,894,926,932],treatment:39,tree:[0,22,23,24,34,889,890,892,908,911,918],tri:[20,21,25,44,356,410,902,909],trigger:885,trillium:[15,32,923],trim:[99,287],trip:[40,902,915],tripl:[14,20,902],trivial:[25,902],troubl:42,troubleshoot:[30,34],true_principal_nam:845,truncat:[899,923],trust:[20,21,29,37,43,268,926],tryagain:906,tty04:20,tty:[5,23],tune:[22,39],tupl:[3,23],turn:[8,15,21,24,33,35,40,349,358,890,930],twice:[3,23,24,34,894,913,922,928],two:[3,18,20,21,23,24,26,28,34,35,37,38,48,53,358,882,894,895,898,902,904,908,916,923,926,930],txt:[6,34,39],type:[2,3,5,6,10,15,16,21,23,25,28,30,32,34,38,39,46,48,95,98,99,100,102,103,104,108,112,113,114,115,116,120,124,125,126,129,130,151,152,153,161,163,184,189,195,223,224,229,280,287,288,289,290,294,295,298,299,308,309,313,315,328,330,332,386,417,495,535,641,665,734,740,784,797,805,811,816,838,840,843,852,853,867,869,874,875,880,884,888,891,894,895,896,898,899,902,904,906,907,908,911,912,913,914,915,916,917,918,919,922,923,926,927,930,936,937],typedef:[43,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879],typic:[4,15,20,21,26,33,38,39,43,46,98,253,892,901,904,906,907,912,913,915,919,932],u2u:932,ubuntu:[42,902],ucb:930,udp:[10,15,20,21,29,39,279,401,902,917],udp_preference_limit:21,uid:[21,43,881,885,901,930,936,937],uid_t:43,uidnumb:881,uint16_t:876,uint32_t:[869,877,880],uint8_t:842,uint_max:[753,754,772],ulog:[20,23],umich:903,unabl:[17,21,23],unalloc:280,unam:28,unambigu:245,unansw:861,unauthent:32,unavail:[23,34,39],unchang:[3,14,15,930],unclean:24,uncommon:885,uncondition:[228,890],unconfigur:[39,892],undefin:930,under:[3,5,6,10,20,21,22,23,38,155,159,885,888,899,902,903],underli:43,underneath:22,underscor:[21,903],understand:46,undertaken:0,unenc_authdata:830,unencapsul:902,unencrypt:[32,353,797,807,829,830],unescap:6,unfinish:915,unicod:903,unifi:0,unimpl:907,unimport:894,uninterrupt:14,uniqu:[3,15,48,265,410,638,640,881,908],unit:[882,890,903,923],univers:903,unix:[6,15,20,21,28,31,36,43,907,908,918],unkei:46,unknown:[12,41,610,894],unless:[2,3,6,11,14,19,20,21,23,26,28,32,34,39,43,313,383,410,412,885,886,902,916,930,934],unlik:[14,40,881,885,902,923],unlimit:903,unlink:[6,23],unlock:[23,35,902],unlockit:[3,20,23,24],unmodifi:[903,930],unnecessari:23,unpack:889,unpars:[43,48,403,405],unpleas:14,unport:903,unprint:[3,23],unqualifi:33,unquot:6,unrecogn:890,unrestrict:[32,886],unser:43,unset:[43,48,171,937],unsign:[91,92,93,94,97,111,116,120,279,309,358,401,403,405,789,795,798,802,813,832,837,841,843,875,880],unspecifi:[21,39,937],unstabl:913,unsuccess:37,unsupport:[37,890],unswapp:881,untest:890,until:[3,6,14,21,23,43,880,881,885,890,899,902,923],untrust:[43,937],unus:[149,265,349,372,902],unusu:[28,37],unwrap:[43,48],updat:[2,4,6,8,9,14,20,21,22,24,34,35,99,100,102,103,224,287,288,289,290,682,685,890,895,902,911,920],update_princ_encrypt:[14,23],update_rel:918,upgrad:[21,23,26,34,39],upn:[20,21,347,631,633,692,902],upon:[6,8,23,890,930],upper:[3,19,23,39,928],uppercas:[21,916,937],upstream:[23,890,902],upstreamhostnam:23,uri:[3,5,20,21,23,33,34,39,902],url:[20,24,29,39],usa:903,usabl:48,usag:[20,21,37,43,99,100,102,103,108,113,114,129,130,287,288,289,290,294,295,298,299,831,880,895,896,929,930,932],usc:930,use:[0,3,4,5,6,7,8,14,15,16,20,21,22,23,24,25,26,28,29,33,34,35,36,37,38,39,40,41,43,46,48,55,78,105,122,223,236,268,275,313,326,341,356,372,386,400,403,410,849,850,868,880,885,887,888,889,890,892,894,898,901,902,903,904,905,906,907,908,911,915,918,919,920,922,923,926,929,930,932,936,937],use_mkei:[14,23],usec:[797,808,820,859],used:[2,3,4,5,6,7,8,9,10,11,12,14,15,16,18,19,20,21,22,23,24,25,28,34,36,37,38,39,40,41,43,46,56,81,98,100,103,120,121,129,144,223,224,227,228,229,235,241,247,248,254,258,260,264,267,277,288,290,298,313,322,323,324,326,327,328,341,342,349,353,356,357,372,400,410,412,724,809,831,840,850,854,869,880,881,884,885,886,887,888,894,895,898,899,901,902,903,905,906,907,908,909,915,918,920,923,925,926,927,928,929,930,932,934,935,937],useful:[8,9,25,26,33,39,69,74,881,885,890,903,920,929,932,933,937],useless:14,user:[0,3,5,6,8,14,15,16,19,20,21,22,23,25,33,34,35,36,37,38,39,41,43,48,56,90,136,169,224,227,323,327,328,330,358,545,635,650,714,721,854,881,882,885,887,888,890,892,900,901,902,903,906,919,920,922,923,925,926,928,930,932,935,936,937],user_dn:[5,23],userconfig:21,userdata:[323,328],userdata_out:[353,357],userid:[21,890],usernam:[3,12,21,23,34,36,37,43,317,661,923,926],userok:916,userpolici:[5,23],userprincipalnam:20,uses:[2,3,4,8,14,15,18,19,20,21,22,23,24,26,28,35,36,37,39,40,43,45,101,122,246,326,379,380,402,413,415,869,881,885,894,895,896,898,902,918,928,929,937],using:[3,6,11,12,14,15,16,18,19,20,21,22,23,24,25,28,29,33,34,36,37,38,39,40,41,43,46,48,113,117,125,129,156,228,247,250,267,279,294,298,322,324,328,337,341,351,356,363,372,375,401,612,860,881,884,889,890,892,894,896,899,902,903,907,908,909,915,916,922,923,926,927,930,932,933,935,936,937],usr:[5,8,12,20,21,23,34,890,892,901,929,930],usual:[3,10,12,20,21,23,25,35,37,39,46,99,287,881,884,890,894,907,923,932,937],utc:23,utf:[46,347,362,370,694,902,903],util:[22,23,34,39,47,888,890,903,925,937],uucp:20,v4_instance_convert:21,v4_realm:21,v4cred:51,v5cred:51,va_list:[48,92,94],vagu:890,val:[198,199,200,201,202,203,204,206,207,208,209,211,212,215,218,219,221,222],valid:[20,21,23,39,43,48,66,83,109,124,129,153,160,224,235,248,260,269,275,298,327,330,339,340,342,347,356,362,363,404,410,868,881,882,887,894,898,902,914,923,926,932,936,937],valid_int_bit:773,valid_uint_bit:773,valu:[3,5,6,10,14,15,16,19,20,21,22,23,24,25,26,28,33,34,36,37,39,43,46,48,66,83,117,125,126,136,151,153,156,166,224,245,248,252,263,265,269,296,330,365,366,368,372,383,385,394,706,712,713,715,717,722,724,780,781,782,821,825,838,849,850,869,880,881,882,884,885,890,891,892,894,895,896,898,899,902,906,908,915,916,918,923,925,926,927,929,930,935,937],valuabl:[46,903],vaniti:38,vararg:91,vari:[15,33,889,901,925,926],variabl:[2,3,4,5,6,7,8,9,10,11,12,15,16,19,20,21,23,24,25,28,30,34,35,37,39,40,41,43,48,93,136,141,155,269,282,383,384,881,884,885,891,902,918,919,925,926,927,928,930,931,932,933],variad:[91,413,415],variant:[23,890,902,908],varieti:26,variou:[14,30,43,356,887,891,902,923],vendor:[722,863,929],verbatim:903,verbos:[3,6,15,23,888,902,926],veri:[14,20,21,23,918],verif:[20,21,34,46,48,410,881,921,923],verifi:[5,20,21,23,34,37,43,48,241,353,354,355,356,357,358,885,889,906,915,922,923,930],verifier_cred_handl:908,verify_ap_req_nofail:21,versa:[37,902],version:[0,2,3,5,6,9,10,14,15,20,23,24,29,38,42,43,44,48,155,228,247,308,313,360,372,610,707,805,807,829,834,867,880,884,888,889,890,892,894,896,898,899,902,903,907,913,917,927,929,930,932,933,937],verto:[890,903],veto:914,via:[0,3,6,8,20,21,23,34,35,46,48,274,383,399,810,902,908,910,930,936],vice:[37,902],view:[8,23,34,921],view_polici:23,viola:15,virtual:[15,21],visibl:[14,23,25,902],visit:923,vista:[26,902],visual:902,vnder:14,vno:[3,14,23,308,313,834],volum:902,vopt:46,vpath:[888,889],vprintf:[413,414,415],vtabl:[906,907,915,918],vulner:[14,23,32,46,902,920],wai:[21,23,28,39,43,46,126,236,250,372,880,881,882,884,890,892,902,903,911,916,922,923,935],wait:[8,20,23,39],wake:15,walk:[6,23,922],want:[3,23,28,34,539,545,888,917,922,923,930],warn:[3,23,245,892,902,903],warranti:903,wasn:44,weak:[14,20,21,26,41],web:[34,881,902],week:[5,23],weight:39,well:[14,21,23,34,38,43,46,338,340,642,887,890,902,909],wellknown:[37,46,497,747],went:923,were:[14,15,21,34,43,410,612,881,902,903,923],what:[6,14,19,20,21,23,26,38,43,885,906,907,915,919,922,923,929],whatev:39,whatsoev:903,when:[3,4,6,8,9,10,12,14,15,16,17,20,21,22,23,26,28,29,33,34,36,37,38,39,40,41,43,46,49,65,67,68,72,73,76,77,78,79,85,91,92,93,111,113,115,125,126,132,136,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,228,229,230,231,235,236,250,254,258,260,261,265,268,272,275,280,282,286,294,308,313,315,316,319,321,322,323,324,325,326,327,328,329,332,335,336,337,341,342,349,351,352,353,354,356,357,358,360,372,386,398,400,402,404,722,723,724,881,884,890,892,894,899,901,902,904,908,909,913,916,918,919,920,922,923,925,926,927,929,930,932,935,937],whenev:46,where:[3,4,6,7,8,14,15,17,20,21,23,25,28,39,43,46,315,386,880,881,884,885,888,889,890,895,902,907,923,926,930,937],whether:[4,6,8,10,14,20,21,28,35,36,43,46,48,105,223,241,242,243,245,249,253,255,317,403,889,895,902,903,905,912,919,923,930],which:[3,4,5,6,7,8,9,10,11,12,14,15,19,20,21,22,23,24,25,28,29,33,34,35,36,37,38,39,40,41,43,46,126,173,195,229,230,245,250,280,308,327,356,363,365,368,369,868,869,880,881,884,885,887,888,889,890,891,894,895,896,898,899,901,902,903,904,906,907,908,911,912,913,914,915,917,918,919,923,929,930,932,935,936,937],whichev:15,whitespac:[3,20,21,23],who:[0,5,16,20,23,25,34,37,922,923],whoami:907,whole:[23,37,141,155,339],whom:[903,922],whose:[3,5,10,15,17,19,21,23,34,38,40,43,46,132,217,229,894,898,923,936],wicker:907,wicker_appear:907,wicker_brac:907,wicker_construct:907,wicker_foot:907,wicker_materi:907,wicker_slat:907,wide:[21,29,36],wiki:[42,888,902],wild:[3,23],wildcard:[19,20,902,935],willi:14,willing:[20,21,26],win:903,winbind:28,winbind_krb5_loc:28,window:[21,26,28,29,42,379,380,631,633,672,688,881,885,887,899,902,907,908,918,923],wish:[16,21,34,39,43,250,888,889,890,891,903,908,919,922,923,937],with_realm:[338,340],within:[3,15,20,21,23,24,34,35,39,43,48,132,154,252,261,353,357,362,370,383,831,881,896,902,903,908,926,935,937],without:[3,8,14,19,20,21,23,24,28,32,34,35,36,37,43,133,365,368,532,850,881,885,888,890,899,902,903,922,923,930,937],wkt:11,won:[21,37,923],worcest:903,word:[21,34,923],work:[2,3,4,6,21,23,34,35,36,39,40,43,881,890,902,903,915,916,920,922,923,937],workaround:38,workdai:33,worker:[10,24],workflow:14,workstat:46,worri:[22,888,937],wors:21,worst:14,worth:32,would:[5,6,14,16,17,20,21,23,25,28,32,34,37,38,39,40,43,46,886,902,908,922,923,929,936,937],wrap:[23,48,318,908],wrapper:[873,895,896],wrfile:14,writabl:[15,34,314,918],write:[0,6,8,10,11,20,21,22,23,24,28,34,35,251,349,384,881,899,902,907,918,937],writeabl:300,writer:0,written:[3,4,155,834,884,899,903],wrong:[35,37,903,923,930],wsgi:29,www:[22,42,892,902],x11r6:888,x509:[37,902,926],x509_anchor:[21,926],x509_proxi:21,x509_proxy_ca:21,x509_user_ident:[16,21,926],x86:[890,902],x86_64:[890,902],xconsortium:888,xml:892,xore:[21,356],xvm:14,xyz:937,yacc:890,yarrow:902,year:[45,882,902],yes:[3,5,23,890,926],yet:[6,21,23,34,37,38,881,890,911,923],yflag:890,yield:915,you:[0,3,5,12,15,16,17,20,21,22,23,24,28,32,33,34,35,37,39,40,41,721,882,886,888,889,890,891,892,903,920,922,923,925,930,937],your:[0,12,17,20,21,23,26,32,33,34,37,39,888,889,890,903,911,921,923,925,934,937],your_princnam:37,your_realmnam:37,yourdir:34,yourself:[923,937],yymmddhhmmss:882,yyyi:882,yyyymmddhhmmss:882,zanarotti:46,zephyr:[14,903],zero:[3,21,24,39,43,44,48,122,129,130,241,245,260,261,284,298,299,308,724,726,849,894,895,898,899,902,907],zone:[14,39,882],zonetest:14},titles:["Contributing to the MIT Kerberos Documentation","Administration programs","k5srvutil","kadmin","kadmind","kdb5_ldap_util","kdb5_util","kprop","kpropd","kproplog","krb5kdc","ktutil","sserver","Advanced topics","Retiring DES","Application servers","Authentication indicators","Backups of secure hosts","Configuration Files","kadm5.acl","kdc.conf","krb5.conf","Configuring Kerberos with OpenLDAP back-end","Database administration","Database types","Addressing dictionary attack risks","Encryption types","Environment variables","Host configuration","HTTPS proxy configuration","For administrators","Installation guide","UNIX Application Servers","Installing and configuring UNIX client machines","Installing KDCs","Account lockout","OTP Preauthentication","PKINIT configuration","Principal names and DNS","Realm configuration decisions","SPAKE Preauthentication","Troubleshooting","Various links","Developing with GSSAPI","Differences between Heimdal and MIT Kerberos API","For application developers","Initial credentials","Principal manipulation and parsing","krb5 API","krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.","krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.","krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.","krb5_address_compare - Compare two Kerberos addresses.","krb5_address_order - Return an ordering of the specified addresses.","krb5_address_search - Search a list of addresses for a specified address.","krb5_allow_weak_crypto - Allow the application to override the profile\u2019s allow_weak_crypto setting.","krb5_aname_to_localname - Convert a principal name to a local name.","krb5_anonymous_principal - Build an anonymous principal.","krb5_anonymous_realm - Return an anonymous realm data.","krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.","krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf.","krb5_auth_con_free - Free a krb5_auth_context structure.","krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket.","krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context.","krb5_auth_con_getaddrs - Retrieve address fields from an auth context.","krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context.","krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.","krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock.","krb5_auth_con_getkey_k - Retrieve the session key from an auth context.","krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context.","krb5_auth_con_getlocalsubkey","krb5_auth_con_getrcache - Retrieve the replay cache from an auth context.","krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context.","krb5_auth_con_getremotesubkey","krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.","krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.","krb5_auth_con_init - Create and initialize an authentication context.","krb5_auth_con_initivector - Cause an auth context to use cipher state.","krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.","krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.","krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context.","krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.","krb5_auth_con_setports - Set local and remote port fields in an auth context.","krb5_auth_con_setrcache - Set the replay cache in an auth context.","krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.","krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context.","krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock.","krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context.","krb5_auth_con_setuseruserkey - Set the session key in an auth context.","krb5_build_principal - Build a principal name using null-terminated strings.","krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list.","krb5_build_principal_ext - Build a principal name using length-counted strings.","krb5_build_principal_va","krb5_c_block_size - Return cipher block size.","krb5_c_checksum_length - Return the length of checksums for a checksum type.","krb5_c_crypto_length - Return a length of a message field specific to the encryption type.","krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array.","krb5_c_decrypt - Decrypt data using a key (operates on keyblock).","krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock).","krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+).","krb5_c_encrypt - Encrypt data using a key (operates on keyblock).","krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).","krb5_c_encrypt_length - Compute encrypted data length.","krb5_c_enctype_compare - Compare two encryption types.","krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state() .","krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.","krb5_c_init_state - Initialize a new cipher state.","krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof.","krb5_c_is_keyed_cksum - Test whether a checksum type is keyed.","krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type.","krb5_c_keylengths - Return length of the specified key in bytes.","krb5_c_make_checksum - Compute a checksum (operates on keyblock).","krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock)","krb5_c_make_random_key - Generate an enctype-specific random encryption key.","krb5_c_padding_length - Return a number of padding octets.","krb5_c_prf - Generate enctype-specific pseudo-random bytes.","krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type.","krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+.","krb5_c_random_add_entropy - Add entropy to the pseudo-random number generator.","krb5_c_random_make_octets - Generate pseudo-random bytes.","krb5_c_random_os_entropy - Collect entropy from the OS if possible.","krb5_c_random_seed","krb5_c_random_to_key - Generate an enctype-specific key from random data.","krb5_c_string_to_key - Convert a string (such a password) to a key.","krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters.","krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type.","krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type.","krb5_c_verify_checksum - Verify a checksum (operates on keyblock).","krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock).","krb5_calculate_checksum","krb5_cc_cache_match - Find a credential cache with a specified client principal.","krb5_cc_close - Close a credential cache handle.","krb5_cc_copy_creds - Copy a credential cache.","krb5_cc_default - Resolve the default credential cache name.","krb5_cc_default_name - Return the name of the default credential cache.","krb5_cc_destroy - Destroy a credential cache.","krb5_cc_dup - Duplicate ccache handle.","krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries.","krb5_cc_gen_new","krb5_cc_get_config - Get a configuration value from a credential cache.","krb5_cc_get_flags - Retrieve flags from a credential cache structure.","krb5_cc_get_full_name - Retrieve the full name of a credential cache.","krb5_cc_get_name - Retrieve the name, but not type of a credential cache.","krb5_cc_get_principal - Get the default principal of a credential cache.","krb5_cc_get_type - Retrieve the type of a credential cache.","krb5_cc_initialize - Initialize a credential cache.","krb5_cc_move - Move a credential cache.","krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name.","krb5_cc_next_cred - Retrieve the next entry from the credential cache.","krb5_cc_remove_cred - Remove credentials from a credential cache.","krb5_cc_resolve - Resolve a credential cache name.","krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache.","krb5_cc_select - Select a credential cache to use with a server principal.","krb5_cc_set_config - Store a configuration value in a credential cache.","krb5_cc_set_default_name - Set the default credential cache name.","krb5_cc_set_flags - Set options flags on a credential cache.","krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache.","krb5_cc_store_cred - Store credentials in a credential cache.","krb5_cc_support_switch - Determine whether a credential cache type supports switching.","krb5_cc_switch - Make a credential cache the primary cache for its collection.","krb5_cccol_cursor_free - Free a credential cache collection cursor.","krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.","krb5_cccol_cursor_next - Get the next credential cache in the collection.","krb5_cccol_have_content - Check if the credential cache collection contains any credentials.","krb5_change_password - Change a password for an existing Kerberos account.","krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.","krb5_checksum_size","krb5_chpw_message - Get a result message for changing or setting a password.","krb5_cksumtype_to_string - Convert a checksum type to a string.","krb5_clear_error_message - Clear the extended error message in a context.","krb5_copy_addresses - Copy an array of addresses.","krb5_copy_authdata - Copy an authorization data list.","krb5_copy_authenticator - Copy a krb5_authenticator structure.","krb5_copy_checksum - Copy a krb5_checksum structure.","krb5_copy_context - Copy a krb5_context structure.","krb5_copy_creds - Copy a krb5_creds structure.","krb5_copy_data - Copy a krb5_data object.","krb5_copy_error_message - Copy the most recent extended error message from one context to another.","krb5_copy_keyblock - Copy a keyblock.","krb5_copy_keyblock_contents - Copy the contents of a keyblock.","krb5_copy_principal - Copy a principal.","krb5_copy_ticket - Copy a krb5_ticket structure.","krb5_decode_authdata_container - Unwrap authorization data.","krb5_decode_ticket - Decode an ASN.1-formatted ticket.","krb5_decrypt","krb5_deltat_to_string - Convert a relative time value to a string.","krb5_eblock_enctype","krb5_encode_authdata_container - Wrap authorization data in a container.","krb5_encrypt","krb5_encrypt_size","krb5_enctype_to_name - Convert an encryption type to a name or alias.","krb5_enctype_to_string - Convert an encryption type to a string.","krb5_expand_hostname - Canonicalize a hostname, possibly using name service.","krb5_find_authdata - Find authorization data elements.","krb5_finish_key","krb5_finish_random_key","krb5_free_addresses - Free the data stored in array of addresses.","krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure.","krb5_free_authdata - Free the storage assigned to array of authentication data.","krb5_free_authenticator - Free a krb5_authenticator structure.","krb5_free_checksum - Free a krb5_checksum structure.","krb5_free_checksum_contents - Free the contents of a krb5_checksum structure.","krb5_free_cksumtypes - Free an array of checksum types.","krb5_free_context - Free a krb5 library context.","krb5_free_cred_contents - Free the contents of a krb5_creds structure.","krb5_free_creds - Free a krb5_creds structure.","krb5_free_data - Free a krb5_data structure.","krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.","krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .","krb5_free_enctypes - Free an array of encryption types.","krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() .","krb5_free_error_message - Free an error message generated by krb5_get_error_message() .","krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() .","krb5_free_keyblock - Free a krb5_keyblock structure.","krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure.","krb5_free_keytab_entry_contents - Free the contents of a key table entry.","krb5_free_principal - Free the storage assigned to a principal.","krb5_free_string - Free a string allocated by a krb5 function.","krb5_free_tgt_creds - Free an array of credential structures.","krb5_free_ticket - Free a ticket.","krb5_free_unparsed_name - Free a string representation of a principal.","krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.","krb5_get_credentials - Get an additional ticket.","krb5_get_credentials_renew","krb5_get_credentials_validate","krb5_get_default_realm - Retrieve the default realm.","krb5_get_error_message - Get the (possibly extended) error message for a code.","krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC.","krb5_get_fallback_host_realm","krb5_get_host_realm - Get the Kerberos realm names for a host.","krb5_get_in_tkt_with_keytab","krb5_get_in_tkt_with_password","krb5_get_in_tkt_with_skey","krb5_get_init_creds_keytab - Get initial credentials using a key table.","krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure.","krb5_get_init_creds_opt_free - Free initial credential options.","krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options.","krb5_get_init_creds_opt_init","krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options.","krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options.","krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options.","krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options.","krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options.","krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options.","krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options.","krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options.","krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options.","krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options.","krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options.","krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket.","krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options.","krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options.","krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options.","krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options.","krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options.","krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options.","krb5_get_init_creds_password - Get initial credentials using a password.","krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys.","krb5_get_profile - Retrieve configuration profile from the context.","krb5_get_prompt_types - Get prompt types array from a context.","krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential.","krb5_get_server_rcache - Generate a replay cache object for server use and open it.","krb5_get_time_offsets - Return the time offsets from the os context.","krb5_get_validated_creds - Get validated credentials from the KDC.","krb5_init_context - Create a krb5 library context.","krb5_init_context_profile - Create a krb5 library context using a specified profile.","krb5_init_creds_free - Free an initial credentials context.","krb5_init_creds_get - Acquire credentials using an initial credentials context.","krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context.","krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context.","krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context.","krb5_init_creds_init - Create a context for acquiring initial credentials.","krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials.","krb5_init_creds_set_password - Set a password for acquiring initial credentials.","krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials.","krb5_init_creds_step - Get the next KDC request for acquiring initial credentials.","krb5_init_keyblock - Initialize an empty krb5_keyblock .","krb5_init_random_key","krb5_init_secure_context - Create a krb5 library context using only configuration files.","krb5_is_config_principal - Test whether a principal is a configuration principal.","krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM.","krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support.","krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock.","krb5_k_decrypt - Decrypt data using a key (operates on opaque key).","krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key).","krb5_k_encrypt - Encrypt data using a key (operates on opaque key).","krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key).","krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero.","krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure.","krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure.","krb5_k_make_checksum - Compute a checksum (operates on opaque key).","krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key)","krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).","krb5_k_reference_key - Increment the reference count on a key.","krb5_k_verify_checksum - Verify a checksum (operates on opaque key).","krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key).","krb5_kt_add_entry - Add a new entry to a key table.","krb5_kt_client_default - Resolve the default client key table.","krb5_kt_close - Close a key table handle.","krb5_kt_default - Resolve the default key table.","krb5_kt_default_name - Get the default key table name.","krb5_kt_dup - Duplicate keytab handle.","krb5_kt_end_seq_get - Release a keytab cursor.","krb5_kt_free_entry","krb5_kt_get_entry - Get an entry from a key table.","krb5_kt_get_name - Get a key table name.","krb5_kt_get_type - Return the type of a key table.","krb5_kt_have_content - Check if a keytab exists and contains entries.","krb5_kt_next_entry - Retrieve the next entry from the key table.","krb5_kt_read_service_key - Retrieve a service key from a key table.","krb5_kt_remove_entry - Remove an entry from a key table.","krb5_kt_resolve - Get a handle for a key table.","krb5_kt_start_seq_get - Start a sequential retrieval of key table entries.","krb5_kuserok - Determine if a principal is authorized to log in as a local user.","krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data.","krb5_merge_authdata - Merge two authorization data lists into a new list.","krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.","krb5_mk_error - Format and encode a KRB_ERROR message.","krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.","krb5_mk_priv - Format a KRB-PRIV message.","krb5_mk_rep - Format and encrypt a KRB_AP_REP message.","krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC.","krb5_mk_req - Create a KRB_AP_REQ message.","krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.","krb5_mk_safe - Format a KRB-SAFE message.","krb5_os_localaddr - Return all interface addresses for this host.","krb5_pac_add_buffer - Add a buffer to a PAC handle.","krb5_pac_free - Free a PAC handle.","krb5_pac_get_buffer - Retrieve a buffer value from a PAC.","krb5_pac_get_client_info","krb5_pac_get_types - Return an array of buffer types in a PAC handle.","krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle.","krb5_pac_parse - Unparse an encoded PAC into a new handle.","krb5_pac_sign - Sign a PAC.","krb5_pac_sign_ext - Sign a PAC, possibly with a specified realm.","krb5_pac_verify - Verify a PAC.","krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.","krb5_parse_name - Convert a string principal name to a krb5_principal structure.","krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags.","krb5_prepend_error_message - Add a prefix to the message for an error code.","krb5_principal2salt - Convert a principal name into the default salt for that principal.","krb5_principal_compare - Compare two principals.","krb5_principal_compare_any_realm - Compare two principals ignoring realm components.","krb5_principal_compare_flags - Compare two principals with additional flags.","krb5_process_key","krb5_prompter_posix - Prompt user for password.","krb5_random_key","krb5_rd_cred - Read and validate a KRB-CRED message.","krb5_rd_error - Decode a KRB-ERROR message.","krb5_rd_priv - Process a KRB-PRIV message.","krb5_rd_rep - Parse and decrypt a KRB_AP_REP message.","krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC.","krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.","krb5_rd_safe - Process KRB-SAFE message.","krb5_read_password - Read a password from keyboard input.","krb5_realm_compare - Compare the realms of two principals.","krb5_recvauth - Server function for sendauth protocol.","krb5_recvauth_version - Server function for sendauth protocol with version parameter.","krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context.","krb5_responder_list_questions - List the question names contained in the responder context.","krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge() .","krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct.","krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question.","krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge() .","krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct.","krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity.","krb5_responder_set_answer - Answer a named question in the responder context.","krb5_salttype_to_string - Convert a salt type to a string.","krb5_sendauth - Client function for sendauth protocol.","krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table.","krb5_set_default_realm - Override the default realm for the specified context.","krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure.","krb5_set_error_message - Set an extended error message for an error code.","krb5_set_kdc_recv_hook - Set a KDC post-receive hook function.","krb5_set_kdc_send_hook - Set a KDC pre-send hook function.","krb5_set_password - Set a password for a principal using specified credentials.","krb5_set_password_using_ccache - Set a password for a principal using cached credentials.","krb5_set_principal_realm - Set the realm field of a principal.","krb5_set_real_time - Set time offset field in a krb5_context structure.","krb5_set_trace_callback - Specify a callback function for trace events.","krb5_set_trace_filename - Specify a file name for directing trace events.","krb5_sname_match - Test whether a principal matches a matching principal.","krb5_sname_to_principal - Generate a full principal name from a service name.","krb5_string_to_cksumtype - Convert a string to a checksum type.","krb5_string_to_deltat - Convert a string to a delta time value.","krb5_string_to_enctype - Convert a string to an encryption type.","krb5_string_to_key","krb5_string_to_salttype - Convert a string to a salt type.","krb5_string_to_timestamp - Convert a string to a timestamp.","krb5_timeofday - Retrieve the current time with context specific time offset adjustment.","krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding.","krb5_timestamp_to_string - Convert a timestamp to a string.","krb5_tkt_creds_free - Free a TGS request context.","krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context.","krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context.","krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context.","krb5_tkt_creds_init - Create a context to get credentials from a KDC\u2019s Ticket Granting Service.","krb5_tkt_creds_step - Get the next KDC request in a TGS exchange.","krb5_unparse_name - Convert a krb5_principal structure to a string representation.","krb5_unparse_name_ext - Convert krb5_principal structure to string and length.","krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags.","krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags.","krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.","krb5_use_enctype","krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data.","krb5_verify_checksum","krb5_verify_init_creds - Verify initial credentials against a keytab.","krb5_verify_init_creds_opt_init - Initialize a credential verification options structure.","krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required.","krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list.","krb5_vset_error_message - Set an extended error message for an error code using a va_list.","krb5_vwrap_error_message - Add a prefix to a different error code\u2019s message using a va_list.","krb5_wrap_error_message - Add a prefix to a different error code\u2019s message.","Complete reference - API and datatypes","ADDRTYPE_ADDRPORT","ADDRTYPE_CHAOS","ADDRTYPE_DDP","ADDRTYPE_INET","ADDRTYPE_INET6","ADDRTYPE_IPPORT","ADDRTYPE_ISO","ADDRTYPE_IS_LOCAL","ADDRTYPE_NETBIOS","ADDRTYPE_XNS","AD_TYPE_EXTERNAL","AD_TYPE_FIELD_TYPE_MASK","AD_TYPE_REGISTERED","AD_TYPE_RESERVED","AP_OPTS_ETYPE_NEGOTIATION","AP_OPTS_MUTUAL_REQUIRED","AP_OPTS_RESERVED","AP_OPTS_USE_SESSION_KEY","AP_OPTS_USE_SUBKEY","AP_OPTS_WIRE_MASK","CKSUMTYPE_CMAC_CAMELLIA128","CKSUMTYPE_CMAC_CAMELLIA256","CKSUMTYPE_CRC32","CKSUMTYPE_DESCBC","CKSUMTYPE_HMAC_MD5_ARCFOUR","CKSUMTYPE_HMAC_SHA1_96_AES128","CKSUMTYPE_HMAC_SHA1_96_AES256","CKSUMTYPE_HMAC_SHA1_DES3","CKSUMTYPE_HMAC_SHA256_128_AES128","CKSUMTYPE_HMAC_SHA384_192_AES256","CKSUMTYPE_MD5_HMAC_ARCFOUR","CKSUMTYPE_NIST_SHA","CKSUMTYPE_RSA_MD4","CKSUMTYPE_RSA_MD4_DES","CKSUMTYPE_RSA_MD5","CKSUMTYPE_RSA_MD5_DES","ENCTYPE_AES128_CTS_HMAC_SHA1_96","ENCTYPE_AES128_CTS_HMAC_SHA256_128","ENCTYPE_AES256_CTS_HMAC_SHA1_96","ENCTYPE_AES256_CTS_HMAC_SHA384_192","ENCTYPE_ARCFOUR_HMAC","ENCTYPE_ARCFOUR_HMAC_EXP","ENCTYPE_CAMELLIA128_CTS_CMAC","ENCTYPE_CAMELLIA256_CTS_CMAC","ENCTYPE_DES3_CBC_ENV","ENCTYPE_DES3_CBC_RAW","ENCTYPE_DES3_CBC_SHA","ENCTYPE_DES3_CBC_SHA1","ENCTYPE_DES_CBC_CRC","ENCTYPE_DES_CBC_MD4","ENCTYPE_DES_CBC_MD5","ENCTYPE_DES_CBC_RAW","ENCTYPE_DES_HMAC_SHA1","ENCTYPE_DSA_SHA1_CMS","ENCTYPE_MD5_RSA_CMS","ENCTYPE_NULL","ENCTYPE_RC2_CBC_ENV","ENCTYPE_RSA_ENV","ENCTYPE_RSA_ES_OAEP_ENV","ENCTYPE_SHA1_RSA_CMS","ENCTYPE_UNKNOWN","KDC_OPT_ALLOW_POSTDATE","KDC_OPT_CANONICALIZE","KDC_OPT_CNAME_IN_ADDL_TKT","KDC_OPT_DISABLE_TRANSITED_CHECK","KDC_OPT_ENC_TKT_IN_SKEY","KDC_OPT_FORWARDABLE","KDC_OPT_FORWARDED","KDC_OPT_POSTDATED","KDC_OPT_PROXIABLE","KDC_OPT_PROXY","KDC_OPT_RENEW","KDC_OPT_RENEWABLE","KDC_OPT_RENEWABLE_OK","KDC_OPT_REQUEST_ANONYMOUS","KDC_OPT_VALIDATE","KDC_TKT_COMMON_MASK","KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","KRB5_ANONYMOUS_PRINCSTR","KRB5_ANONYMOUS_REALMSTR","KRB5_AP_REP","KRB5_AP_REQ","KRB5_AS_REP","KRB5_AS_REQ","KRB5_AUTHDATA_AND_OR","KRB5_AUTHDATA_AUTH_INDICATOR","KRB5_AUTHDATA_CAMMAC","KRB5_AUTHDATA_ETYPE_NEGOTIATION","KRB5_AUTHDATA_FX_ARMOR","KRB5_AUTHDATA_IF_RELEVANT","KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","KRB5_AUTHDATA_KDC_ISSUED","KRB5_AUTHDATA_MANDATORY_FOR_KDC","KRB5_AUTHDATA_OSF_DCE","KRB5_AUTHDATA_SESAME","KRB5_AUTHDATA_SIGNTICKET","KRB5_AUTHDATA_WIN2K_PAC","KRB5_AUTH_CONTEXT_DO_SEQUENCE","KRB5_AUTH_CONTEXT_DO_TIME","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","KRB5_AUTH_CONTEXT_PERMIT_ALL","KRB5_AUTH_CONTEXT_RET_SEQUENCE","KRB5_AUTH_CONTEXT_RET_TIME","KRB5_AUTH_CONTEXT_USE_SUBKEY","KRB5_CRED","KRB5_CRYPTO_TYPE_CHECKSUM","KRB5_CRYPTO_TYPE_DATA","KRB5_CRYPTO_TYPE_EMPTY","KRB5_CRYPTO_TYPE_HEADER","KRB5_CRYPTO_TYPE_PADDING","KRB5_CRYPTO_TYPE_SIGN_ONLY","KRB5_CRYPTO_TYPE_STREAM","KRB5_CRYPTO_TYPE_TRAILER","KRB5_CYBERSAFE_SECUREID","KRB5_DOMAIN_X500_COMPRESS","KRB5_ENCPADATA_REQ_ENC_PA_REP","KRB5_ERROR","KRB5_FAST_REQUIRED","KRB5_GC_CACHED","KRB5_GC_CANONICALIZE","KRB5_GC_CONSTRAINED_DELEGATION","KRB5_GC_FORWARDABLE","KRB5_GC_NO_STORE","KRB5_GC_NO_TRANSIT_CHECK","KRB5_GC_USER_USER","KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","KRB5_GET_INIT_CREDS_OPT_PROXIABLE","KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","KRB5_GET_INIT_CREDS_OPT_SALT","KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","KRB5_INIT_CONTEXT_KDC","KRB5_INIT_CONTEXT_SECURE","KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","KRB5_INT16_MAX","KRB5_INT16_MIN","KRB5_INT32_MAX","KRB5_INT32_MIN","KRB5_KEYUSAGE_AD_ITE","KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","KRB5_KEYUSAGE_AD_MTE","KRB5_KEYUSAGE_AD_SIGNEDPATH","KRB5_KEYUSAGE_APP_DATA_CKSUM","KRB5_KEYUSAGE_APP_DATA_ENCRYPT","KRB5_KEYUSAGE_AP_REP_ENCPART","KRB5_KEYUSAGE_AP_REQ_AUTH","KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","KRB5_KEYUSAGE_AS_REP_ENCPART","KRB5_KEYUSAGE_AS_REQ","KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","KRB5_KEYUSAGE_CAMMAC","KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","KRB5_KEYUSAGE_FAST_ENC","KRB5_KEYUSAGE_FAST_FINISHED","KRB5_KEYUSAGE_FAST_REP","KRB5_KEYUSAGE_FAST_REQ_CHKSUM","KRB5_KEYUSAGE_GSS_TOK_MIC","KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","KRB5_KEYUSAGE_IAKERB_FINISHED","KRB5_KEYUSAGE_KDC_REP_TICKET","KRB5_KEYUSAGE_KRB_CRED_ENCPART","KRB5_KEYUSAGE_KRB_ERROR_CKSUM","KRB5_KEYUSAGE_KRB_PRIV_ENCPART","KRB5_KEYUSAGE_KRB_SAFE_CKSUM","KRB5_KEYUSAGE_PA_AS_FRESHNESS","KRB5_KEYUSAGE_PA_FX_COOKIE","KRB5_KEYUSAGE_PA_OTP_REQUEST","KRB5_KEYUSAGE_PA_PKINIT_KX","KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","KRB5_KEYUSAGE_PA_SAM_RESPONSE","KRB5_KEYUSAGE_SPAKE","KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AUTH","KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","KRB5_KPASSWD_ACCESSDENIED","KRB5_KPASSWD_AUTHERROR","KRB5_KPASSWD_BAD_VERSION","KRB5_KPASSWD_HARDERROR","KRB5_KPASSWD_INITIAL_FLAG_NEEDED","KRB5_KPASSWD_MALFORMED","KRB5_KPASSWD_SOFTERROR","KRB5_KPASSWD_SUCCESS","KRB5_LRQ_ALL_ACCT_EXPTIME","KRB5_LRQ_ALL_LAST_INITIAL","KRB5_LRQ_ALL_LAST_RENEWAL","KRB5_LRQ_ALL_LAST_REQ","KRB5_LRQ_ALL_LAST_TGT","KRB5_LRQ_ALL_LAST_TGT_ISSUED","KRB5_LRQ_ALL_PW_EXPTIME","KRB5_LRQ_NONE","KRB5_LRQ_ONE_ACCT_EXPTIME","KRB5_LRQ_ONE_LAST_INITIAL","KRB5_LRQ_ONE_LAST_RENEWAL","KRB5_LRQ_ONE_LAST_REQ","KRB5_LRQ_ONE_LAST_TGT","KRB5_LRQ_ONE_LAST_TGT_ISSUED","KRB5_LRQ_ONE_PW_EXPTIME","KRB5_NT_ENTERPRISE_PRINCIPAL","KRB5_NT_ENT_PRINCIPAL_AND_ID","KRB5_NT_MS_PRINCIPAL","KRB5_NT_MS_PRINCIPAL_AND_ID","KRB5_NT_PRINCIPAL","KRB5_NT_SMTP_NAME","KRB5_NT_SRV_HST","KRB5_NT_SRV_INST","KRB5_NT_SRV_XHST","KRB5_NT_UID","KRB5_NT_UNKNOWN","KRB5_NT_WELLKNOWN","KRB5_NT_X500_PRINCIPAL","KRB5_PAC_CLIENT_INFO","KRB5_PAC_CREDENTIALS_INFO","KRB5_PAC_DELEGATION_INFO","KRB5_PAC_LOGON_INFO","KRB5_PAC_PRIVSVR_CHECKSUM","KRB5_PAC_SERVER_CHECKSUM","KRB5_PAC_UPN_DNS_INFO","KRB5_PADATA_AFS3_SALT","KRB5_PADATA_AP_REQ","KRB5_PADATA_AS_CHECKSUM","KRB5_PADATA_AS_FRESHNESS","KRB5_PADATA_ENCRYPTED_CHALLENGE","KRB5_PADATA_ENC_SANDIA_SECURID","KRB5_PADATA_ENC_TIMESTAMP","KRB5_PADATA_ENC_UNIX_TIME","KRB5_PADATA_ETYPE_INFO","KRB5_PADATA_ETYPE_INFO2","KRB5_PADATA_FOR_USER","KRB5_PADATA_FX_COOKIE","KRB5_PADATA_FX_ERROR","KRB5_PADATA_FX_FAST","KRB5_PADATA_GET_FROM_TYPED_DATA","KRB5_PADATA_NONE","KRB5_PADATA_OSF_DCE","KRB5_PADATA_OTP_CHALLENGE","KRB5_PADATA_OTP_PIN_CHANGE","KRB5_PADATA_OTP_REQUEST","KRB5_PADATA_PAC_OPTIONS","KRB5_PADATA_PAC_REQUEST","KRB5_PADATA_PKINIT_KX","KRB5_PADATA_PK_AS_REP","KRB5_PADATA_PK_AS_REP_OLD","KRB5_PADATA_PK_AS_REQ","KRB5_PADATA_PK_AS_REQ_OLD","KRB5_PADATA_PW_SALT","KRB5_PADATA_REFERRAL","KRB5_PADATA_S4U_X509_USER","KRB5_PADATA_SAM_CHALLENGE","KRB5_PADATA_SAM_CHALLENGE_2","KRB5_PADATA_SAM_REDIRECT","KRB5_PADATA_SAM_RESPONSE","KRB5_PADATA_SAM_RESPONSE_2","KRB5_PADATA_SESAME","KRB5_PADATA_SPAKE","KRB5_PADATA_SVR_REFERRAL_INFO","KRB5_PADATA_TGS_REQ","KRB5_PADATA_USE_SPECIFIED_KVNO","KRB5_PRINCIPAL_COMPARE_CASEFOLD","KRB5_PRINCIPAL_COMPARE_ENTERPRISE","KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","KRB5_PRINCIPAL_COMPARE_UTF8","KRB5_PRINCIPAL_PARSE_ENTERPRISE","KRB5_PRINCIPAL_PARSE_IGNORE_REALM","KRB5_PRINCIPAL_PARSE_NO_REALM","KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","KRB5_PRINCIPAL_UNPARSE_DISPLAY","KRB5_PRINCIPAL_UNPARSE_NO_REALM","KRB5_PRINCIPAL_UNPARSE_SHORT","KRB5_PRIV","KRB5_PROMPT_TYPE_NEW_PASSWORD","KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","KRB5_PROMPT_TYPE_PASSWORD","KRB5_PROMPT_TYPE_PREAUTH","KRB5_PVNO","KRB5_REALM_BRANCH_CHAR","KRB5_RECVAUTH_BADAUTHVERS","KRB5_RECVAUTH_SKIP_VERSION","KRB5_REFERRAL_REALM","KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","KRB5_RESPONDER_OTP_FORMAT_DECIMAL","KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","KRB5_RESPONDER_QUESTION_OTP","KRB5_RESPONDER_QUESTION_PASSWORD","KRB5_RESPONDER_QUESTION_PKINIT","KRB5_SAFE","KRB5_SAM_MUST_PK_ENCRYPT_SAD","KRB5_SAM_SEND_ENCRYPTED_SAD","KRB5_SAM_USE_SAD_AS_KEY","KRB5_TC_MATCH_2ND_TKT","KRB5_TC_MATCH_AUTHDATA","KRB5_TC_MATCH_FLAGS","KRB5_TC_MATCH_FLAGS_EXACT","KRB5_TC_MATCH_IS_SKEY","KRB5_TC_MATCH_KTYPE","KRB5_TC_MATCH_SRV_NAMEONLY","KRB5_TC_MATCH_TIMES","KRB5_TC_MATCH_TIMES_EXACT","KRB5_TC_NOTICKET","KRB5_TC_OPENCLOSE","KRB5_TC_SUPPORTED_KTYPES","KRB5_TGS_NAME","KRB5_TGS_NAME_SIZE","KRB5_TGS_REP","KRB5_TGS_REQ","KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","KRB5_WELLKNOWN_NAMESTR","LR_TYPE_INTERPRETATION_MASK","LR_TYPE_THIS_SERVER_ONLY","MAX_KEYTAB_NAME_LEN","MSEC_DIRBIT","MSEC_VAL_MASK","SALT_TYPE_AFS_LENGTH","SALT_TYPE_NO_LENGTH","THREEPARAMOPEN","TKT_FLG_ANONYMOUS","TKT_FLG_ENC_PA_REP","TKT_FLG_FORWARDABLE","TKT_FLG_FORWARDED","TKT_FLG_HW_AUTH","TKT_FLG_INITIAL","TKT_FLG_INVALID","TKT_FLG_MAY_POSTDATE","TKT_FLG_OK_AS_DELEGATE","TKT_FLG_POSTDATED","TKT_FLG_PRE_AUTH","TKT_FLG_PROXIABLE","TKT_FLG_PROXY","TKT_FLG_RENEWABLE","TKT_FLG_TRANSIT_POLICY_CHECKED","VALID_INT_BITS","VALID_UINT_BITS","krb5 simple macros","krb524_convert_creds_kdc","krb524_init_ets","krb5_const","krb5_princ_component","krb5_princ_name","krb5_princ_realm","krb5_princ_set_realm","krb5_princ_set_realm_data","krb5_princ_set_realm_length","krb5_princ_size","krb5_princ_type","krb5_roundup","krb5_x","krb5_xc","krb5 types and structures","krb5_address","krb5_addrtype","krb5_ap_rep","krb5_ap_rep_enc_part","krb5_ap_req","krb5_auth_context","krb5_authdata","krb5_authdatatype","krb5_authenticator","krb5_boolean","krb5_cc_cursor","krb5_ccache","krb5_cccol_cursor","krb5_checksum","krb5_cksumtype","krb5_const_pointer","krb5_const_principal","krb5_context","krb5_cred","krb5_cred_enc_part","krb5_cred_info","krb5_creds","krb5_crypto_iov","krb5_cryptotype","krb5_data","krb5_deltat","krb5_enc_data","krb5_enc_kdc_rep_part","krb5_enc_tkt_part","krb5_encrypt_block","krb5_enctype","krb5_error","krb5_error_code","krb5_expire_callback_func","krb5_flags","krb5_get_init_creds_opt","krb5_gic_opt_pa_data","krb5_init_creds_context","krb5_int16","krb5_int32","krb5_kdc_rep","krb5_kdc_req","krb5_key","krb5_keyblock","krb5_keytab","krb5_keytab_entry","krb5_keyusage","krb5_kt_cursor","krb5_kvno","krb5_last_req_entry","krb5_magic","krb5_mk_req_checksum_func","krb5_msgtype","krb5_octet","krb5_pa_data","krb5_pa_pac_req","krb5_pa_server_referral_data","krb5_pa_svr_referral_data","krb5_pac","krb5_pointer","krb5_post_recv_fn","krb5_pre_send_fn","krb5_preauthtype","krb5_principal","krb5_principal_data","krb5_prompt","krb5_prompt_type","krb5_prompter_fct","krb5_pwd_data","krb5_rcache","krb5_replay_data","krb5_responder_context","krb5_responder_fn","krb5_responder_otp_challenge","krb5_responder_otp_tokeninfo","krb5_responder_pkinit_challenge","krb5_responder_pkinit_identity","krb5_response","krb5_ticket","krb5_ticket_times","krb5_timestamp","krb5_tkt_authent","krb5_tkt_creds_context","krb5_trace_callback","krb5_trace_info","krb5_transited","krb5_typed_data","krb5_ui_2","krb5_ui_4","krb5_verify_init_creds_opt","passwd_phrase_element","Year 2038 considerations for uses of krb5_timestamp","Credential cache","Supported date and time formats","Kerberos V5 concepts","keytab","replay cache","stash file","Organization of the source directory","Doing the build","Building Kerberos V5","Options to <em>configure</em>","osconf.hin","How to build this documentation from the source","Copyright","Credential cache file format","KDC cookie format","PKINIT freshness tokens","Protocols and file formats","Keytab file format","Replay cache file format","MIT Kerberos Documentation (1.18.2)","MIT Kerberos defaults","MIT Kerberos features","MIT Kerberos License information","Credential cache selection interface (ccselect)","PKINIT certificate authorization interface (certauth)","Client preauthentication interface (clpreauth)","General plugin concepts","GSSAPI mechanism interface","Host-to-realm interface (hostrealm)","For plugin module developers","Internal pluggable interfaces","kadmin authorization interface (kadm5_auth)","KADM5 hook interface (kadm5_hook)","KDC policy interface (kdcpolicy)","KDC preauthentication interface (kdcpreauth)","Local authorization interface (localauth)","Server location interface (locate)","Configuration interface (profile)","Password quality interface (pwqual)","Resources","For users","Password management","Ticket management","User commands","kdestroy","kinit","klist","kpasswd","krb5-config","ksu","kswitch","kvno","sclient","User config files",".k5identity",".k5login","kerberos"],titleterms:{"boolean":59,"byte":[112,117,119,121,296],"default":[14,28,36,135,136,145,156,210,227,301,303,304,344,374,375,881,884,885,901],"export":43,"function":[118,219,257,360,361,372,377,378,383],"import":43,"new":[108,149,236,300,319,336,930],"null":91,"public":[48,773,788],"return":[53,58,95,96,97,111,112,116,136,210,261,266,310,329,334,364,367],"switch":[34,160],"while":41,Adding:[14,15,23],DES:14,DNS:[15,38],Doing:888,For:[30,45,910,921],One:46,TGS:[375,396,397,398,399,401],THE:930,The:[14,32,36],Using:[15,888],abbrevi:882,about:[23,32],absolut:882,acceptor:43,access:922,account:[35,166,922],acl:[19,34],acquir:[15,271,272,275,276,277,278,279,398],ad_type_extern:428,ad_type_field_type_mask:429,ad_type_regist:430,ad_type_reserv:431,add:[34,120,300,330,343,413,415,416],add_entri:11,add_mkei:6,add_polici:[3,23],add_princip:[3,23],addit:[31,126,224,347],address:[25,52,53,54,62,64,82,172,198,240,329],addrtype_addrport:418,addrtype_chao:419,addrtype_ddp:420,addrtype_inet6:422,addrtype_inet:421,addrtype_ipport:423,addrtype_is_loc:425,addrtype_iso:424,addrtype_netbio:426,addrtype_xn:427,adjust:393,admin:[39,41],administr:[1,23,30,34],advanc:13,advic:[32,38],aead:[43,100,103,288,290],against:410,alia:192,all:329,alloc:[106,212,214,219,236],allow:[55,167,244],allow_weak_crypto:55,also:[2,3,4,5,6,7,8,9,10,11,12,19,20,21,925,926,927,928,929,930,931,932,933,935,936,937],alter:881,ani:165,anonym:[37,46,57,58,241],anoth:179,answer:[366,369,370],ap_opts_etype_negoti:432,ap_opts_mutual_requir:433,ap_opts_reserv:434,ap_opts_use_session_kei:435,ap_opts_use_subkei:436,ap_opts_wire_mask:437,api:[44,48,417,892],appdefault:[21,59,60],applic:[14,15,32,38,45,55],archiv:920,argument:92,ark:6,armor:[246,247],arrai:[98,114,130,172,198,200,204,211,220,263,295,299,322,334],ask:253,asn:185,assign:[200,218],attack:25,attribut:[43,335],auth:[62,63,64,65,67,68,69,71,72,73,74,76,77,79,80,81,82,84,85,86,87,88,89,90],authdata:911,authent:[16,23,41,65,78,200,930],author:[28,37,173,184,189,195,317,318,319,408,905,911,912,916,930,937],autoconf:888,avail:23,back:[17,22],background:[0,885],backup:17,behavior:[19,38],berkelei:24,between:44,binari:888,block:95,buffer:[330,332,334],bug:937,build:[57,91,92,93,888,889,892],built:285,cach:[71,85,132,133,134,135,136,137,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,246,250,251,265,380,881,885,894,899,904],call:48,callback:[46,63,80,245,383],cannot:41,canonic:[38,194,242],capath:21,caus:79,ccach:[138,247,881],ccselect:[21,904],cert:41,certauth:[21,905],certif:[37,41,335,905],cf2:107,chain:41,challeng:362,chang:[23,166,169,243,922],change_password:[3,23],channel:920,check:[165,167,284,311],checksum:[63,80,81,96,109,110,111,113,114,127,129,130,170,204,294,295,298,299,387],choos:26,cipher:[79,95,106,108],cksumtype_cmac_camellia128:438,cksumtype_cmac_camellia256:439,cksumtype_crc32:440,cksumtype_descbc:441,cksumtype_hmac_md5_arcfour:442,cksumtype_hmac_sha1_96_aes128:443,cksumtype_hmac_sha1_96_aes256:444,cksumtype_hmac_sha1_des3:445,cksumtype_hmac_sha256_128_aes128:446,cksumtype_hmac_sha384_192_aes256:447,cksumtype_md5_hmac_arcfour:448,cksumtype_nist_sha:449,cksumtype_rsa_md4:450,cksumtype_rsa_md4_d:451,cksumtype_rsa_md5:452,cksumtype_rsa_md5_d:453,clean:888,clear:171,clear_list:11,client:[15,29,33,37,132,301,372,884,906],clock:[15,167],close:[133,302],clpreauth:[21,906],code:[228,343,376,413,414,415,416],collect:[122,161,162,163,164,165,881],collis:109,combin:107,command:[3,5,6,11,924],common:12,commonli:890,compar:[52,105,345,346,347,359],compat:26,complet:417,compon:346,comput:[104,107,113,294],concept:[883,907],conf:[20,21,34,59,60],config:[929,934],configur:[15,18,22,26,28,29,33,34,35,36,37,39,141,155,262,282,283,890,894,918],connect:[41,62],consider:[36,880],constrain:43,contain:[165,189,311,363],content:[18,31,181,203,206,209,216,217,889,910],context:[62,63,64,65,67,68,69,71,72,73,74,76,77,78,79,80,81,82,84,85,86,87,88,89,90,171,179,205,262,263,266,268,269,270,271,272,273,274,275,282,362,363,370,374,393,396,397,398,399,400,930],contribut:0,conveni:48,convert:[49,50,51,56,125,126,170,187,192,193,341,342,344,371,387,388,389,391,392,394,395,402,403,404,405],cooki:895,copi:[134,172,173,174,175,176,177,178,179,180,181,182,183,293],copyright:893,correct:15,count:[93,291,297],creat:[5,6,23,34,37,41,78,149,268,269,275,282,286,326,327,335,400,930],create_polici:5,cred:[223,320,322,351],credenti:[15,41,43,46,51,132,133,134,135,136,137,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,220,235,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,260,264,267,270,271,272,273,274,275,276,277,278,279,320,322,327,379,380,397,398,400,410,411,412,881,894,904],cross:23,current:[167,393],cursor:[162,306],daemon:34,dai:406,data:[58,99,100,101,102,103,104,124,173,184,189,195,198,200,209,286,287,288,289,290,318,319,362,408,911],databas:[3,14,17,23,24,34,39,911],datatyp:417,date:[23,882],db2:24,dbdefault:20,dbmodul:20,dce:[325,355],decis:39,declar:[789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879],decod:[185,352,365,368],decrement:291,decrypt:[99,100,287,288,354,355,356,373],defin:36,del_str:3,deleg:43,delet:23,delete_entri:11,delete_polici:[3,23],delete_princip:[3,23],delta:388,deprec:[48,773],deriv:101,descript:[2,3,4,5,6,7,8,9,10,11,12,19,925,926,927,928,929,930,931,932,933,935,936,937],destroi:[5,6,23,137,923],destroy_polici:5,determin:[160,317],develop:[43,45,910],dictionari:25,differ:[23,44,415,416],direct:384,directli:48,directori:[887,888,890],discoveri:39,document:[0,882,892,900],domain_realm:21,dump:[6,23],duplic:[138,305],durat:882,dure:41,each:34,edit:34,effect:930,element:[114,130,195,295,299],empti:[280,335],encod:[318,321,336],encrypt:[20,26,41,97,102,103,104,105,111,115,118,128,192,193,211,244,261,289,290,324,325,375,389],enctyp:[26,115,117,124,229,286,292,296],enctype_aes128_cts_hmac_sha1_96:454,enctype_aes128_cts_hmac_sha256_128:455,enctype_aes256_cts_hmac_sha1_96:456,enctype_aes256_cts_hmac_sha384_192:457,enctype_arcfour_hmac:458,enctype_arcfour_hmac_exp:459,enctype_camellia128_cts_cmac:460,enctype_camellia256_cts_cmac:461,enctype_des3_cbc_env:462,enctype_des3_cbc_raw:463,enctype_des3_cbc_sha1:465,enctype_des3_cbc_sha:464,enctype_des_cbc_crc:466,enctype_des_cbc_md4:467,enctype_des_cbc_md5:468,enctype_des_cbc_raw:469,enctype_des_hmac_sha1:470,enctype_dsa_sha1_cm:471,enctype_md5_rsa_cm:472,enctype_nul:473,enctype_rc2_cbc_env:474,enctype_rsa_env:475,enctype_rsa_es_oaep_env:476,enctype_sha1_rsa_cm:477,enctype_unknown:478,end:22,entri:[139,150,217,300,308,311,312,314,316,894,898],entropi:[120,122],environ:[2,3,4,5,6,7,8,9,10,11,12,27,890,925,926,927,928,930,931,932,933,937],epoch:406,error:[12,41,171,179,212,213,228,273,343,352,376,413,414,415,416],event:[383,384],everi:158,exampl:[10,11,15,19,23,46,890,929,935,936],exchang:[41,401],execut:930,exist:[166,264,311],expans:21,expir:[41,245],extend:[171,179,228,376,414],fact:902,fail:[34,41],fast:[238,246,247,248],featur:[890,902],field:[64,83,84,97,209,381,382],file:[8,18,20,21,23,32,33,34,282,384,886,894,897,898,899,925,926,927,931,932,934],fill:[98,114,295],find:[132,195],fine:890,finish:139,firewal:15,flag:[66,83,142,157,238,241,242,243,248,249,255,342,347,404,405],format:[23,185,223,320,321,322,323,324,325,328,405,882,894,895,897,898,899],forward:[223,249],free:[61,106,162,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,237,270,291,331,364,367,396],frequent:[41,48],fresh:[37,896],from:[14,15,23,59,60,62,63,64,65,66,67,68,69,71,72,73,74,76,77,122,124,141,142,150,151,153,179,229,238,262,263,264,266,267,272,273,274,286,293,308,312,313,314,332,340,358,386,398,399,400,892,907],full:[143,386],gener:[37,62,115,117,119,120,121,124,213,265,296,386,901,907],get:[15,41,46,63,118,141,145,164,169,223,224,228,231,235,260,263,264,267,273,279,304,308,309,315,400,401],get_init_cr:46,get_polici:[3,23],get_princip:[3,23],get_str:3,getdat:882,given:362,grant:[400,922],gssapi:[28,43,908],guid:31,handl:[133,138,302,305,315,330,331,334,335,336],has:41,header:[98,894],heimdal:44,hin:891,histori:[3,14,23,937],hit:291,hook:[377,378,913],host:[17,28,32,34,41,231,329,909],hostnam:[39,194],hostrealm:[21,909],how:892,http:29,ident:[21,369],ignor:346,includ:253,increment:[23,34,297],indic:16,inform:[15,21,23,885,903],initi:[41,43,46,78,108,147,235,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,260,270,271,272,273,274,275,276,277,278,279,280,410,411],input:[101,250,358],instal:[31,33,34,888,890,930],instanc:36,instruct:930,interact:46,interfac:[21,48,329,904,905,906,908,909,911,912,913,914,915,916,917,918,919],intern:[788,911],interoper:902,interpos:908,iov:[43,98,114,130,295,299],irc:920,iter:163,its:161,k5ident:935,k5login:936,k5srvutil:2,kadm5:[19,913],kadm5_auth:[21,912],kadm5_hook:[21,913],kadmin:[3,23,912],kadmind:[4,907],kdb5_ldap_util:5,kdb5_util:6,kdb:911,kdc:[14,20,28,34,35,37,39,41,229,253,264,267,273,279,377,378,400,401,895,901,907,914,915],kdc_opt_allow_postd:479,kdc_opt_canonic:480,kdc_opt_cname_in_addl_tkt:481,kdc_opt_disable_transited_check:482,kdc_opt_enc_tkt_in_skei:483,kdc_opt_forward:[484,485],kdc_opt_postd:486,kdc_opt_proxi:[487,488],kdc_opt_renew:[489,490],kdc_opt_renewable_ok:491,kdc_opt_request_anonym:492,kdc_opt_valid:493,kdc_tkt_common_mask:494,kdcdefault:20,kdcissu:[318,408],kdcpolici:914,kdcpreauth:[21,915],kdestroi:[923,925],kei:[14,23,26,67,68,90,99,101,102,107,110,111,112,115,124,125,126,217,235,261,286,287,288,289,290,291,294,295,296,297,298,299,300,301,302,303,304,308,309,310,312,313,314,315,316,373,898],kerbero:[0,15,17,22,23,34,39,44,49,50,51,52,127,128,166,231,285,883,889,900,901,902,903,911,923,937],keyblock:[67,72,73,76,86,88,99,100,102,103,113,114,129,130,180,181,286,293],keyboard:358,keysalt:20,keytab:[15,32,34,38,276,305,306,311,410,884,898],kinit:[923,926],kldap:24,klist:[923,927],klmdb:24,known:163,kpasswd:928,kprop:[7,41],kpropd:8,kproplog:9,krb524_convert_creds_kdc:774,krb524_init_et:775,krb5:[21,34,48,59,60,205,219,268,269,282,773,788,929],krb5_425_conv_princip:49,krb5_524_conv_princip:50,krb5_524_convert_cr:51,krb5_address:789,krb5_address_compar:52,krb5_address_ord:53,krb5_address_search:54,krb5_addrtyp:790,krb5_allow_weak_crypto:55,krb5_altauth_att_challenge_respons:495,krb5_aname_to_localnam:56,krb5_anonymous_princip:57,krb5_anonymous_princstr:496,krb5_anonymous_realm:58,krb5_anonymous_realmstr:497,krb5_ap_rep:[498,791],krb5_ap_rep_enc_part:[199,792],krb5_ap_req:[499,793],krb5_appdefault_boolean:59,krb5_appdefault_str:60,krb5_as_rep:500,krb5_as_req:501,krb5_auth_con_fre:61,krb5_auth_con_genaddr:62,krb5_auth_con_get_checksum_func:63,krb5_auth_con_getaddr:64,krb5_auth_con_getauthent:65,krb5_auth_con_getflag:66,krb5_auth_con_getkei:67,krb5_auth_con_getkey_k:68,krb5_auth_con_getlocalseqnumb:69,krb5_auth_con_getlocalsubkei:70,krb5_auth_con_getrcach:71,krb5_auth_con_getrecvsubkei:72,krb5_auth_con_getrecvsubkey_k:73,krb5_auth_con_getremoteseqnumb:74,krb5_auth_con_getremotesubkei:75,krb5_auth_con_getsendsubkei:76,krb5_auth_con_getsendsubkey_k:77,krb5_auth_con_init:78,krb5_auth_con_initivector:79,krb5_auth_con_set_checksum_func:80,krb5_auth_con_set_req_cksumtyp:81,krb5_auth_con_setaddr:82,krb5_auth_con_setflag:83,krb5_auth_con_setport:84,krb5_auth_con_setrcach:85,krb5_auth_con_setrecvsubkei:86,krb5_auth_con_setrecvsubkey_k:87,krb5_auth_con_setsendsubkei:88,krb5_auth_con_setsendsubkey_k:89,krb5_auth_con_setuseruserkei:90,krb5_auth_context:[61,66,83,794],krb5_auth_context_do_sequ:515,krb5_auth_context_do_tim:516,krb5_auth_context_generate_local_addr:517,krb5_auth_context_generate_local_full_addr:518,krb5_auth_context_generate_remote_addr:519,krb5_auth_context_generate_remote_full_addr:520,krb5_auth_context_permit_al:521,krb5_auth_context_ret_sequ:522,krb5_auth_context_ret_tim:523,krb5_auth_context_use_subkei:524,krb5_authdata:795,krb5_authdata_and_or:502,krb5_authdata_auth_ind:503,krb5_authdata_cammac:504,krb5_authdata_etype_negoti:505,krb5_authdata_fx_armor:506,krb5_authdata_if_relev:507,krb5_authdata_initial_verified_ca:508,krb5_authdata_kdc_issu:509,krb5_authdata_mandatory_for_kdc:510,krb5_authdata_osf_dc:511,krb5_authdata_sesam:512,krb5_authdata_signticket:513,krb5_authdata_win2k_pac:514,krb5_authdatatyp:796,krb5_authent:[174,201,797],krb5_boolean:798,krb5_build_princip:91,krb5_build_principal_alloc_va:92,krb5_build_principal_ext:93,krb5_build_principal_va:94,krb5_c_block_siz:95,krb5_c_checksum_length:96,krb5_c_crypto_length:97,krb5_c_crypto_length_iov:98,krb5_c_decrypt:99,krb5_c_decrypt_iov:100,krb5_c_derive_prfplu:101,krb5_c_encrypt:102,krb5_c_encrypt_iov:103,krb5_c_encrypt_length:104,krb5_c_enctype_compar:105,krb5_c_free_stat:106,krb5_c_fx_cf2_simpl:107,krb5_c_init_st:[106,108],krb5_c_is_coll_proof_cksum:109,krb5_c_is_keyed_cksum:110,krb5_c_keyed_checksum_typ:111,krb5_c_keylength:112,krb5_c_make_checksum:113,krb5_c_make_checksum_iov:114,krb5_c_make_random_kei:115,krb5_c_padding_length:116,krb5_c_prf:117,krb5_c_prf_length:118,krb5_c_prfplu:119,krb5_c_random_add_entropi:120,krb5_c_random_make_octet:121,krb5_c_random_os_entropi:122,krb5_c_random_se:123,krb5_c_random_to_kei:124,krb5_c_string_to_kei:125,krb5_c_string_to_key_with_param:126,krb5_c_valid_cksumtyp:127,krb5_c_valid_enctyp:128,krb5_c_verify_checksum:129,krb5_c_verify_checksum_iov:130,krb5_calculate_checksum:131,krb5_cc_cache_match:132,krb5_cc_close:133,krb5_cc_copy_cr:134,krb5_cc_cursor:799,krb5_cc_default:135,krb5_cc_default_nam:136,krb5_cc_destroi:137,krb5_cc_dup:138,krb5_cc_end_seq_get:139,krb5_cc_gen_new:140,krb5_cc_get_config:141,krb5_cc_get_flag:142,krb5_cc_get_full_nam:143,krb5_cc_get_nam:144,krb5_cc_get_princip:145,krb5_cc_get_typ:146,krb5_cc_initi:147,krb5_cc_move:148,krb5_cc_new_uniqu:149,krb5_cc_next_cr:150,krb5_cc_remove_cr:151,krb5_cc_resolv:152,krb5_cc_retrieve_cr:153,krb5_cc_select:154,krb5_cc_set_config:155,krb5_cc_set_default_nam:156,krb5_cc_set_flag:157,krb5_cc_start_seq_get:158,krb5_cc_store_cr:159,krb5_cc_support_switch:160,krb5_cc_switch:161,krb5_ccach:800,krb5_cccol_cursor:801,krb5_cccol_cursor_fre:162,krb5_cccol_cursor_new:163,krb5_cccol_cursor_next:164,krb5_cccol_have_cont:165,krb5_change_password:166,krb5_check_clockskew:167,krb5_checksum:[175,202,203,802],krb5_checksum_s:168,krb5_chpw_messag:169,krb5_cksumtyp:803,krb5_cksumtype_to_str:170,krb5_clear_error_messag:171,krb5_const:776,krb5_const_point:804,krb5_const_princip:805,krb5_context:[176,375,382,806],krb5_copy_address:172,krb5_copy_authdata:173,krb5_copy_authent:174,krb5_copy_checksum:175,krb5_copy_context:176,krb5_copy_cr:177,krb5_copy_data:178,krb5_copy_error_messag:179,krb5_copy_keyblock:180,krb5_copy_keyblock_cont:181,krb5_copy_princip:182,krb5_copy_ticket:183,krb5_cred:[177,206,207,525,807,810],krb5_cred_enc_part:808,krb5_cred_info:809,krb5_crypto_iov:811,krb5_crypto_type_checksum:526,krb5_crypto_type_data:527,krb5_crypto_type_empti:528,krb5_crypto_type_head:529,krb5_crypto_type_pad:530,krb5_crypto_type_sign_onli:531,krb5_crypto_type_stream:532,krb5_crypto_type_trail:533,krb5_cryptotyp:812,krb5_cybersafe_secureid:534,krb5_data:[178,208,209,813],krb5_decode_authdata_contain:184,krb5_decode_ticket:185,krb5_decrypt:186,krb5_deltat:814,krb5_deltat_to_str:187,krb5_domain_x500_compress:535,krb5_eblock_enctyp:188,krb5_enc_data:815,krb5_enc_kdc_rep_part:816,krb5_enc_tkt_part:817,krb5_encode_authdata_contain:189,krb5_encpadata_req_enc_pa_rep:536,krb5_encrypt:190,krb5_encrypt_block:818,krb5_encrypt_s:191,krb5_enctyp:819,krb5_enctype_to_nam:192,krb5_enctype_to_str:193,krb5_error:[537,820],krb5_error_cod:821,krb5_expand_hostnam:194,krb5_expire_callback_func:822,krb5_fast_requir:538,krb5_find_authdata:195,krb5_finish_kei:196,krb5_finish_random_kei:197,krb5_flag:823,krb5_free_address:198,krb5_free_ap_rep_enc_part:199,krb5_free_authdata:200,krb5_free_authent:201,krb5_free_checksum:202,krb5_free_checksum_cont:203,krb5_free_cksumtyp:204,krb5_free_context:205,krb5_free_cr:207,krb5_free_cred_cont:206,krb5_free_data:208,krb5_free_data_cont:209,krb5_free_default_realm:210,krb5_free_enctyp:211,krb5_free_error:212,krb5_free_error_messag:213,krb5_free_host_realm:214,krb5_free_keyblock:215,krb5_free_keyblock_cont:216,krb5_free_keytab_entry_cont:217,krb5_free_princip:218,krb5_free_str:219,krb5_free_tgt_cr:220,krb5_free_ticket:221,krb5_free_unparsed_nam:222,krb5_fwd_tgt_cred:223,krb5_gc_cach:539,krb5_gc_canonic:540,krb5_gc_constrained_deleg:541,krb5_gc_forward:542,krb5_gc_no_stor:543,krb5_gc_no_transit_check:544,krb5_gc_user_us:545,krb5_get_credenti:224,krb5_get_credentials_renew:225,krb5_get_credentials_valid:226,krb5_get_default_realm:[210,227],krb5_get_error_messag:[213,228],krb5_get_etype_info:229,krb5_get_fallback_host_realm:230,krb5_get_host_realm:[214,231],krb5_get_in_tkt_with_keytab:232,krb5_get_in_tkt_with_password:233,krb5_get_in_tkt_with_skei:234,krb5_get_init_creds_keytab:235,krb5_get_init_creds_opt:824,krb5_get_init_creds_opt_address_list:546,krb5_get_init_creds_opt_alloc:236,krb5_get_init_creds_opt_anonym:547,krb5_get_init_creds_opt_canonic:548,krb5_get_init_creds_opt_chg_pwd_prmpt:549,krb5_get_init_creds_opt_etype_list:550,krb5_get_init_creds_opt_forward:551,krb5_get_init_creds_opt_fre:237,krb5_get_init_creds_opt_get_fast_flag:238,krb5_get_init_creds_opt_init:239,krb5_get_init_creds_opt_preauth_list:552,krb5_get_init_creds_opt_proxi:553,krb5_get_init_creds_opt_renew_lif:554,krb5_get_init_creds_opt_salt:555,krb5_get_init_creds_opt_set_address_list:240,krb5_get_init_creds_opt_set_anonym:241,krb5_get_init_creds_opt_set_canonic:242,krb5_get_init_creds_opt_set_change_password_prompt:243,krb5_get_init_creds_opt_set_etype_list:244,krb5_get_init_creds_opt_set_expire_callback:245,krb5_get_init_creds_opt_set_fast_ccach:246,krb5_get_init_creds_opt_set_fast_ccache_nam:247,krb5_get_init_creds_opt_set_fast_flag:248,krb5_get_init_creds_opt_set_forward:249,krb5_get_init_creds_opt_set_in_ccach:250,krb5_get_init_creds_opt_set_out_ccach:251,krb5_get_init_creds_opt_set_pa:252,krb5_get_init_creds_opt_set_pac_request:253,krb5_get_init_creds_opt_set_preauth_list:254,krb5_get_init_creds_opt_set_proxi:255,krb5_get_init_creds_opt_set_renew_lif:256,krb5_get_init_creds_opt_set_respond:257,krb5_get_init_creds_opt_set_salt:258,krb5_get_init_creds_opt_set_tkt_lif:259,krb5_get_init_creds_opt_tkt_lif:556,krb5_get_init_creds_password:260,krb5_get_permitted_enctyp:261,krb5_get_profil:262,krb5_get_prompt_typ:263,krb5_get_renewed_cr:264,krb5_get_server_rcach:265,krb5_get_time_offset:266,krb5_get_validated_cr:267,krb5_gic_opt_pa_data:825,krb5_init_context:268,krb5_init_context_kdc:557,krb5_init_context_profil:269,krb5_init_context_secur:558,krb5_init_creds_context:826,krb5_init_creds_fre:270,krb5_init_creds_get:271,krb5_init_creds_get_cr:272,krb5_init_creds_get_error:273,krb5_init_creds_get_tim:274,krb5_init_creds_init:275,krb5_init_creds_set_keytab:276,krb5_init_creds_set_password:277,krb5_init_creds_set_servic:278,krb5_init_creds_step:279,krb5_init_creds_step_flag_continu:559,krb5_init_keyblock:280,krb5_init_random_kei:281,krb5_init_secure_context:282,krb5_int16:827,krb5_int16_max:560,krb5_int16_min:561,krb5_int32:828,krb5_int32_max:562,krb5_int32_min:563,krb5_is_config_princip:283,krb5_is_referral_realm:284,krb5_is_thread_saf:285,krb5_k_create_kei:286,krb5_k_decrypt:287,krb5_k_decrypt_iov:288,krb5_k_encrypt:289,krb5_k_encrypt_iov:290,krb5_k_free_kei:291,krb5_k_key_enctyp:292,krb5_k_key_keyblock:293,krb5_k_make_checksum:294,krb5_k_make_checksum_iov:295,krb5_k_prf:296,krb5_k_reference_kei:297,krb5_k_verify_checksum:298,krb5_k_verify_checksum_iov:299,krb5_kdc_rep:829,krb5_kdc_req:830,krb5_kei:[286,292,293,831],krb5_keyblock:[215,216,280,832],krb5_keytab:833,krb5_keytab_entri:834,krb5_keyusag:835,krb5_keyusage_ad_it:564,krb5_keyusage_ad_kdcissued_cksum:565,krb5_keyusage_ad_mt:566,krb5_keyusage_ad_signedpath:567,krb5_keyusage_ap_rep_encpart:570,krb5_keyusage_ap_req_auth:571,krb5_keyusage_ap_req_auth_cksum:572,krb5_keyusage_app_data_cksum:568,krb5_keyusage_app_data_encrypt:569,krb5_keyusage_as_rep_encpart:573,krb5_keyusage_as_req:574,krb5_keyusage_as_req_pa_enc_t:575,krb5_keyusage_cammac:576,krb5_keyusage_enc_challenge_cli:577,krb5_keyusage_enc_challenge_kdc:578,krb5_keyusage_fast_enc:579,krb5_keyusage_fast_finish:580,krb5_keyusage_fast_rep:581,krb5_keyusage_fast_req_chksum:582,krb5_keyusage_gss_tok_m:583,krb5_keyusage_gss_tok_wrap_integ:584,krb5_keyusage_gss_tok_wrap_priv:585,krb5_keyusage_iakerb_finish:586,krb5_keyusage_kdc_rep_ticket:587,krb5_keyusage_krb_cred_encpart:588,krb5_keyusage_krb_error_cksum:589,krb5_keyusage_krb_priv_encpart:590,krb5_keyusage_krb_safe_cksum:591,krb5_keyusage_pa_as_fresh:592,krb5_keyusage_pa_fx_cooki:593,krb5_keyusage_pa_otp_request:594,krb5_keyusage_pa_pkinit_kx:595,krb5_keyusage_pa_s4u_x509_user_repli:596,krb5_keyusage_pa_s4u_x509_user_request:597,krb5_keyusage_pa_sam_challenge_cksum:598,krb5_keyusage_pa_sam_challenge_trackid:599,krb5_keyusage_pa_sam_respons:600,krb5_keyusage_spak:601,krb5_keyusage_tgs_rep_encpart_sesskei:602,krb5_keyusage_tgs_rep_encpart_subkei:603,krb5_keyusage_tgs_req_ad_sesskei:604,krb5_keyusage_tgs_req_ad_subkei:605,krb5_keyusage_tgs_req_auth:606,krb5_keyusage_tgs_req_auth_cksum:607,krb5_kpasswd_accessdeni:608,krb5_kpasswd_autherror:609,krb5_kpasswd_bad_vers:610,krb5_kpasswd_harderror:611,krb5_kpasswd_initial_flag_need:612,krb5_kpasswd_malform:613,krb5_kpasswd_softerror:614,krb5_kpasswd_success:615,krb5_kt_add_entri:300,krb5_kt_client_default:301,krb5_kt_close:302,krb5_kt_cursor:836,krb5_kt_default:303,krb5_kt_default_nam:304,krb5_kt_dup:305,krb5_kt_end_seq_get:306,krb5_kt_free_entri:307,krb5_kt_get_entri:308,krb5_kt_get_nam:309,krb5_kt_get_typ:310,krb5_kt_have_cont:311,krb5_kt_next_entri:312,krb5_kt_read_service_kei:313,krb5_kt_remove_entri:314,krb5_kt_resolv:315,krb5_kt_start_seq_get:316,krb5_kuserok:317,krb5_kvno:837,krb5_last_req_entri:838,krb5_lrq_all_acct_exptim:616,krb5_lrq_all_last_initi:617,krb5_lrq_all_last_renew:618,krb5_lrq_all_last_req:619,krb5_lrq_all_last_tgt:620,krb5_lrq_all_last_tgt_issu:621,krb5_lrq_all_pw_exptim:622,krb5_lrq_none:623,krb5_lrq_one_acct_exptim:624,krb5_lrq_one_last_initi:625,krb5_lrq_one_last_renew:626,krb5_lrq_one_last_req:627,krb5_lrq_one_last_tgt:628,krb5_lrq_one_last_tgt_issu:629,krb5_lrq_one_pw_exptim:630,krb5_magic:839,krb5_make_authdata_kdc_issu:318,krb5_merge_authdata:319,krb5_mk_1cred:320,krb5_mk_error:321,krb5_mk_ncred:322,krb5_mk_priv:323,krb5_mk_rep:324,krb5_mk_rep_dc:325,krb5_mk_req:326,krb5_mk_req_checksum_func:840,krb5_mk_req_extend:327,krb5_mk_safe:328,krb5_msgtype:841,krb5_nt_ent_principal_and_id:632,krb5_nt_enterprise_princip:631,krb5_nt_ms_princip:633,krb5_nt_ms_principal_and_id:634,krb5_nt_princip:635,krb5_nt_smtp_name:636,krb5_nt_srv_hst:637,krb5_nt_srv_inst:638,krb5_nt_srv_xhst:639,krb5_nt_uid:640,krb5_nt_unknown:641,krb5_nt_wellknown:642,krb5_nt_x500_princip:643,krb5_octet:842,krb5_os_localaddr:329,krb5_pa_data:843,krb5_pa_pac_req:844,krb5_pa_server_referral_data:845,krb5_pa_svr_referral_data:846,krb5_pac:847,krb5_pac_add_buff:330,krb5_pac_client_info:644,krb5_pac_credentials_info:645,krb5_pac_delegation_info:646,krb5_pac_fre:331,krb5_pac_get_buff:332,krb5_pac_get_client_info:333,krb5_pac_get_typ:334,krb5_pac_init:335,krb5_pac_logon_info:647,krb5_pac_pars:336,krb5_pac_privsvr_checksum:648,krb5_pac_server_checksum:649,krb5_pac_sign:337,krb5_pac_sign_ext:338,krb5_pac_upn_dns_info:650,krb5_pac_verifi:339,krb5_pac_verify_ext:340,krb5_padata_afs3_salt:651,krb5_padata_ap_req:652,krb5_padata_as_checksum:653,krb5_padata_as_fresh:654,krb5_padata_enc_sandia_securid:656,krb5_padata_enc_timestamp:657,krb5_padata_enc_unix_tim:658,krb5_padata_encrypted_challeng:655,krb5_padata_etype_info2:660,krb5_padata_etype_info:659,krb5_padata_for_us:661,krb5_padata_fx_cooki:662,krb5_padata_fx_error:663,krb5_padata_fx_fast:664,krb5_padata_get_from_typed_data:665,krb5_padata_non:666,krb5_padata_osf_dc:667,krb5_padata_otp_challeng:668,krb5_padata_otp_pin_chang:669,krb5_padata_otp_request:670,krb5_padata_pac_opt:671,krb5_padata_pac_request:672,krb5_padata_pk_as_rep:674,krb5_padata_pk_as_rep_old:675,krb5_padata_pk_as_req:676,krb5_padata_pk_as_req_old:677,krb5_padata_pkinit_kx:673,krb5_padata_pw_salt:678,krb5_padata_referr:679,krb5_padata_s4u_x509_us:680,krb5_padata_sam_challeng:681,krb5_padata_sam_challenge_2:682,krb5_padata_sam_redirect:683,krb5_padata_sam_respons:684,krb5_padata_sam_response_2:685,krb5_padata_sesam:686,krb5_padata_spak:687,krb5_padata_svr_referral_info:688,krb5_padata_tgs_req:689,krb5_padata_use_specified_kvno:690,krb5_parse_nam:341,krb5_parse_name_flag:342,krb5_pointer:848,krb5_post_recv_fn:849,krb5_pre_send_fn:850,krb5_preauthtyp:851,krb5_prepend_error_messag:343,krb5_princ_compon:777,krb5_princ_nam:778,krb5_princ_realm:779,krb5_princ_set_realm:780,krb5_princ_set_realm_data:781,krb5_princ_set_realm_length:782,krb5_princ_siz:783,krb5_princ_typ:784,krb5_princip:[341,342,402,403,404,405,852],krb5_principal2salt:344,krb5_principal_compar:345,krb5_principal_compare_any_realm:346,krb5_principal_compare_casefold:691,krb5_principal_compare_enterpris:692,krb5_principal_compare_flag:347,krb5_principal_compare_ignore_realm:693,krb5_principal_compare_utf8:694,krb5_principal_data:853,krb5_principal_parse_enterpris:695,krb5_principal_parse_ignore_realm:696,krb5_principal_parse_no_realm:697,krb5_principal_parse_require_realm:698,krb5_principal_unparse_displai:699,krb5_principal_unparse_no_realm:700,krb5_principal_unparse_short:701,krb5_priv:702,krb5_process_kei:348,krb5_prompt:854,krb5_prompt_typ:855,krb5_prompt_type_new_password:703,krb5_prompt_type_new_password_again:704,krb5_prompt_type_password:705,krb5_prompt_type_preauth:706,krb5_prompter_fct:856,krb5_prompter_posix:349,krb5_pvno:707,krb5_pwd_data:857,krb5_random_kei:350,krb5_rcach:858,krb5_rd_cred:351,krb5_rd_error:352,krb5_rd_priv:353,krb5_rd_rep:354,krb5_rd_rep_dc:355,krb5_rd_req:356,krb5_rd_safe:357,krb5_read_error:212,krb5_read_password:358,krb5_realm_branch_char:708,krb5_realm_compar:359,krb5_recvauth:360,krb5_recvauth_badauthv:709,krb5_recvauth_skip_vers:710,krb5_recvauth_vers:361,krb5_referral_realm:[284,711],krb5_replay_data:859,krb5_responder_context:860,krb5_responder_fn:861,krb5_responder_get_challeng:362,krb5_responder_list_quest:363,krb5_responder_otp_challeng:862,krb5_responder_otp_challenge_fre:364,krb5_responder_otp_flags_collect_pin:712,krb5_responder_otp_flags_collect_token:713,krb5_responder_otp_flags_nextotp:714,krb5_responder_otp_flags_separate_pin:715,krb5_responder_otp_format_alphanumer:716,krb5_responder_otp_format_decim:717,krb5_responder_otp_format_hexadecim:718,krb5_responder_otp_get_challeng:[364,365],krb5_responder_otp_set_answ:366,krb5_responder_otp_tokeninfo:863,krb5_responder_pkinit_challeng:864,krb5_responder_pkinit_challenge_fre:367,krb5_responder_pkinit_flags_token_user_pin_count_low:719,krb5_responder_pkinit_flags_token_user_pin_final_tri:720,krb5_responder_pkinit_flags_token_user_pin_lock:721,krb5_responder_pkinit_get_challeng:[367,368],krb5_responder_pkinit_ident:865,krb5_responder_pkinit_set_answ:369,krb5_responder_question_otp:[365,366,722],krb5_responder_question_password:723,krb5_responder_question_pkinit:[368,369,724],krb5_responder_set_answ:370,krb5_respons:866,krb5_roundup:785,krb5_safe:725,krb5_salttype_to_str:371,krb5_sam_must_pk_encrypt_sad:726,krb5_sam_send_encrypted_sad:727,krb5_sam_use_sad_as_kei:728,krb5_sendauth:[212,372],krb5_server_decrypt_ticket_keytab:373,krb5_set_default_realm:374,krb5_set_default_tgs_enctyp:375,krb5_set_error_messag:376,krb5_set_kdc_recv_hook:377,krb5_set_kdc_send_hook:378,krb5_set_password:379,krb5_set_password_using_ccach:380,krb5_set_principal_realm:381,krb5_set_real_tim:382,krb5_set_trace_callback:383,krb5_set_trace_filenam:384,krb5_sname_match:385,krb5_sname_to_princip:386,krb5_string_to_cksumtyp:387,krb5_string_to_deltat:388,krb5_string_to_enctyp:389,krb5_string_to_kei:390,krb5_string_to_salttyp:391,krb5_string_to_timestamp:392,krb5_tc_match_2nd_tkt:729,krb5_tc_match_authdata:730,krb5_tc_match_flag:731,krb5_tc_match_flags_exact:732,krb5_tc_match_is_skei:733,krb5_tc_match_ktyp:734,krb5_tc_match_srv_nameonli:735,krb5_tc_match_tim:736,krb5_tc_match_times_exact:737,krb5_tc_noticket:738,krb5_tc_openclos:739,krb5_tc_supported_ktyp:740,krb5_tgs_name:741,krb5_tgs_name_s:742,krb5_tgs_rep:743,krb5_tgs_req:744,krb5_ticket:[183,867],krb5_ticket_tim:868,krb5_timeofdai:393,krb5_timestamp:[869,880],krb5_timestamp_to_sfstr:394,krb5_timestamp_to_str:395,krb5_tkt_authent:870,krb5_tkt_creds_context:871,krb5_tkt_creds_fre:396,krb5_tkt_creds_get:397,krb5_tkt_creds_get_cr:398,krb5_tkt_creds_get_tim:399,krb5_tkt_creds_init:400,krb5_tkt_creds_step:401,krb5_tkt_creds_step_flag_continu:745,krb5_trace_callback:872,krb5_trace_info:873,krb5_transit:874,krb5_typed_data:875,krb5_ui_2:876,krb5_ui_4:877,krb5_unparse_nam:402,krb5_unparse_name_ext:403,krb5_unparse_name_flag:404,krb5_unparse_name_flags_ext:405,krb5_us_timeofdai:406,krb5_use_enctyp:407,krb5_verify_authdata_kdc_issu:408,krb5_verify_checksum:409,krb5_verify_init_cr:410,krb5_verify_init_creds_opt:878,krb5_verify_init_creds_opt_ap_req_nofail:746,krb5_verify_init_creds_opt_init:411,krb5_verify_init_creds_opt_set_ap_req_nofail:412,krb5_vprepend_error_messag:413,krb5_vset_error_messag:414,krb5_vwrap_error_messag:415,krb5_wellknown_namestr:747,krb5_wrap_error_messag:416,krb5_x:786,krb5_xc:787,krb5kdc:10,krb:[107,223,320,322,323,328,351,352,353,357],krb_ap_rep:[324,325,354,355],krb_ap_req:[326,327,356],krb_error:321,krbtgt:[14,23],ksu:930,kswitch:931,ktadd:[3,15],ktremov:[3,15],ktutil:11,kvno:932,last:273,ldap:[23,24],legaci:[14,48],length:[93,96,97,98,104,112,118,403],lib:887,libdefault:21,librari:[205,268,269,282,285],licens:903,lifetim:[256,259],lightn:24,like:901,line:[5,6],link:42,list:[5,11,20,23,41,54,92,111,173,261,319,363,902,920],list_mkei:6,list_polici:[3,5,23],list_princip:[3,23],list_request:[3,11],lndir:888,load:6,local:[56,69,82,84,317,916],localauth:[21,916],locat:[28,247,917],lock:3,lockout:35,log:[20,41,317,907],login:28,lr_type_interpretation_mask:748,lr_type_this_server_onli:749,machin:33,macro:773,mail:920,make:161,man:892,manag:[922,923],manipul:47,map:[24,39],master:[14,23,34],match:[284,385],max_keytab_name_len:750,mechan:[28,908],member:[789,791,792,793,795,797,802,805,807,808,809,810,811,813,815,816,817,818,820,824,825,829,830,832,834,838,843,844,845,846,852,853,854,857,859,862,863,864,865,866,867,868,870,873,874,875,878,879],memori:[24,214],merg:319,messag:[12,43,97,169,171,179,213,223,228,320,321,322,323,324,325,326,327,328,343,351,352,353,354,355,356,357,376,413,414,415,416],mic:43,mismatch:38,mit:[0,23,44,900,901,902,903],modifi:[5,23],modify_polici:[3,5,23],modify_princip:[3,23],modul:[19,24,28,907,908,910],most:[179,890],move:148,msec_dirbit:751,msec_val_mask:752,multithread:285,name:[38,39,43,56,91,92,93,135,136,143,144,149,152,156,192,194,231,304,309,341,342,344,363,370,384,386,881,885,890],negoex:908,next:[150,164,279,312,401],note:925,number:[69,74,116,120],object:[23,178,265],obtain:[397,889,923],octet:116,offset:[266,382,393],one:[179,369],onli:282,onto:39,opaqu:[287,288,289,290,294,295,296,298,299],open:265,openldap:22,oper:[23,99,100,102,103,113,114,129,130,287,288,289,290,294,295,296,298,299],optimist:258,option:[3,4,5,6,7,8,9,10,20,21,23,46,157,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,394,411,890,925,926,927,928,929,930,931,932],order:53,organ:887,osconf:891,other:36,otp:[20,36],output:[118,251,394],over:163,overrid:[38,55,374],overview:23,pac:[253,330,331,332,334,335,336,337,338,339,340],packag:[890,892],pad:[98,116,394],page:[892,920],paramet:[21,126,361],pars:[47,354,355,356],passwd_phrase_el:879,password:[23,46,125,126,166,169,243,260,277,349,358,379,380,919,922],path:901,pepper:107,perform:35,permit:261,pin:46,pkinit:[20,21,37,46,896,905],place:[100,103,288,290],pluggabl:911,plugin:[21,28,907,910],polici:[23,914],port:[39,84],possibl:[122,194,228,338,340],post:377,pre:378,preauthent:[36,40,252,254,258,906,915],precomput:92,prefix:[343,413,415,416],prepar:[158,163],prerequisit:889,previous:106,prf:[101,119],primari:161,princip:[15,23,34,35,38,47,49,50,56,57,91,92,93,132,145,154,182,218,222,278,283,317,341,342,344,345,346,347,359,379,380,381,385,386,894],priv:[323,353],privileg:[23,335],procedur:14,process:[139,353,357],profil:[28,55,262,269,918],program:[1,890],prompt:[243,263,349],prompter:46,proof:109,propag:[23,34,39,901],properti:923,protocol:[360,361,372,897],provis:38,proxi:29,proxiabl:255,pseudo:[117,118,119,120,121,296],purge_mkei:6,purgekei:3,pwqual:[21,919],qualiti:[919,922],question:[46,362,363,366,369,370],quick:902,quit:[3,11],random:[115,117,118,119,120,121,124,296],rare:48,read:[158,351,358],read_kt:11,realm:[20,21,23,28,39,58,210,227,231,338,340,346,359,374,381,909],receiv:[72,73,86,87,377],recent:179,refer:[31,291,297,417,892],refus:41,reject:41,rel:187,releas:[306,892],remot:[74,82,84],remov:[14,15,151,314],rename_princip:3,renew:[256,264],replai:[71,85,265,885,899],replic:35,replica:[34,39,901],represent:[222,402],request:[26,279,396,397,398,399,401],requir:[412,930],resolv:[135,152,301,303],resourc:920,respond:[46,257,362,363,370],restor:23,restrict:[240,937],result:169,retir:14,retriev:[23,59,60,64,65,66,67,68,69,71,72,73,74,76,77,142,143,144,146,150,153,227,229,238,262,272,274,292,293,312,313,316,332,362,393,398,399,406],revers:38,rfc:[101,119],risk:25,rout:41,rpc:[325,355],s2kparam:229,s4u:43,safe:[328,357],salt:[229,258,344,371,391],salt_type_afs_length:753,salt_type_no_length:754,sampl:[20,21],sclient:933,search:54,sec:406,section:[20,21,59,60],secur:[17,32,38,895,930],see:[2,3,4,5,6,7,8,9,10,11,12,19,20,21,925,926,927,928,929,930,931,932,933,935,936,937],seen:41,select:[26,154,904],send:[76,77,88,89,378],sendauth:[41,360,361,372],separ:888,sequenc:[69,74],sequenti:[139,158,316],seri:139,server:[14,15,32,41,154,265,360,361,917],servic:[14,23,26,38,39,194,278,313,386,400],session:[26,67,68,90,261],set:[55,80,81,82,83,84,85,86,87,88,89,90,156,157,169,240,241,242,243,244,245,246,247,248,249,250,251,254,255,256,257,258,259,277,320,375,376,377,378,379,380,381,382,412,414],set_str:3,setup:35,shell:[38,930],should:48,side:930,sign:[318,337,338],simpl:[773,892],sinc:406,singl:[320,888],site:892,size:95,skew:[15,167],socket:62,softwar:889,some:[32,101],sourc:[887,892],spake:[40,895],specif:[38,97,115,117,124,296,393],specifi:[21,53,54,112,127,128,132,149,153,269,276,278,338,340,373,374,379,383,384],sserver:12,ssh:38,start:[34,316],stash:[6,23,886],stashsrvpw:5,state:[35,79,106,108],storag:[200,218],store:[155,159,198],string:[60,91,93,107,125,126,170,187,193,210,219,222,341,342,371,387,388,389,391,392,394,395,402,403,404,405],strong:14,struct:[365,368],structur:[20,21,61,66,83,142,174,175,176,177,183,199,201,202,203,206,207,208,209,215,216,220,236,292,293,341,375,382,402,403,404,405,411,788],subkei:[72,73,76,77,86,87,88,89],sun:23,suppli:[252,327],support:[14,41,100,103,160,285,288,290,882],synchron:397,synopsi:[2,3,4,5,6,7,8,9,10,11,12,925,926,927,928,929,930,931,932,933],syntax:19,system:[406,890,901],tabdump:6,tabl:[217,235,300,301,302,303,304,308,309,310,312,313,314,315,316,373],tarbal:892,target:930,termin:91,test:[35,109,110,283,285,385,888],tgt:223,thi:[329,882,892],threeparamopen:755,ticket:[23,185,221,224,253,256,259,274,373,399,400,923],time:[46,167,187,266,274,382,388,393,399,406,882],timestamp:[167,392,394,395],tkt_flg_anonym:756,tkt_flg_enc_pa_rep:757,tkt_flg_forward:[758,759],tkt_flg_hw_auth:760,tkt_flg_initi:761,tkt_flg_invalid:762,tkt_flg_may_postd:763,tkt_flg_ok_as_deleg:764,tkt_flg_postdat:765,tkt_flg_pre_auth:766,tkt_flg_proxi:768,tkt_flg_proxiabl:767,tkt_flg_renew:769,tkt_flg_transit_policy_check:770,token:[36,37,43,896],tool:881,topic:13,trace:[41,383,384],trailer:98,tree:888,trivial:895,troubleshoot:[41,42],tune:890,tutori:42,two:[52,105,107,319,345,346,347,359],type:[14,20,24,26,36,41,43,81,96,97,105,109,110,111,118,127,128,144,146,149,160,170,192,193,204,211,244,254,261,263,310,334,371,375,387,389,391,788,881,885,890],uniqu:149,unix:[32,33,901],unlock:3,unpars:336,unset:[241,242,243,249,255],unwrap:[184,408],updat:[23,892],update_princ_encrypt:6,upgrad:14,usabl:111,usag:14,use:[79,154,265,276,881],use_mkei:6,used:[48,882,890],user:[46,317,349,921,924,934],uses:880,using:[91,92,93,99,101,102,119,194,235,260,264,269,271,282,287,289,327,373,379,380,397,413,414,415,888],util:887,va_list:[413,414,415],valid:[127,128,130,267,299,351],valid_int_bit:771,valid_uint_bit:772,valu:[59,60,141,155,187,332,364,367,388],variabl:[26,27,92,890,937],variou:42,verif:[41,411,412,922],verifi:[46,127,128,129,298,339,340,408,410],version:[361,895],via:101,view:[5,923],view_polici:5,web:[892,920],whether:[109,110,160,283,285,385,412],whitepap:42,wiki:920,within:[167,888],without:892,work:15,wrap:[43,189],write_kt:11,year:880,your:[15,922],zero:[209,291]}})⏎

+6

-6

doc/html/user/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

26	26	<link rel="search" title="Search" href="../search.html" />
27	27	<link rel="copyright" title="Copyright" href="../copyright.html" />
28	28	<link rel="next" title="Password management" href="pwd_mgmt.html" />
29		<link rel="prev" title="MIT Kerberos Documentation (1.17)" href="../index.html" />
	29	<link rel="prev" title="MIT Kerberos Documentation (1.18.2)" href="../index.html" />
30	30	</head>
31	31	<body>
32	32	<div class="header-wrapper">

39	39
40	40	<a href="../index.html" title="Full Table of Contents"
41	41	accesskey="C">Contents</a> \|
42		<a href="../index.html" title="MIT Kerberos Documentation (1.17)"
	42	<a href="../index.html" title="MIT Kerberos Documentation (1.18.2)"
43	43	accesskey="P">previous</a> \|
44	44	<a href="pwd_mgmt.html" title="Password management"
45	45	accesskey="N">next</a> \|

148	148
149	149	<div class="footer-wrapper">
150	150	<div class="footer" >
151		<div class="right" ><i>Release: 1.17</i><br />
152		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	151	<div class="right" ><i>Release: 1.18.2</i><br />
	152	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
153	153	</div>
154	154	<div class="left">
155	155
156	156	<a href="../index.html" title="Full Table of Contents"
157	157	>Contents</a> \|
158		<a href="../index.html" title="MIT Kerberos Documentation (1.17)"
	158	<a href="../index.html" title="MIT Kerberos Documentation (1.18.2)"
159	159	>previous</a> \|
160	160	<a href="pwd_mgmt.html" title="Password management"
161	161	>next</a> \|

+3

-3

doc/html/user/pwd_mgmt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

210	210
211	211	<div class="footer-wrapper">
212	212	<div class="footer" >
213		<div class="right" ><i>Release: 1.17</i><br />
214		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	213	<div class="right" ><i>Release: 1.18.2</i><br />
	214	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
215	215	</div>
216	216	<div class="left">
217	217

+3

-3

doc/html/user/tkt_mgmt.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

430	430
431	431	<div class="footer-wrapper">
432	432	<div class="footer" >
433		<div class="right" ><i>Release: 1.17</i><br />
434		© <a href="../copyright.html">Copyright</a> 1985-2019, MIT.
	433	<div class="right" ><i>Release: 1.18.2</i><br />
	434	© <a href="../copyright.html">Copyright</a> 1985-2020, MIT.
435	435	</div>
436	436	<div class="left">
437	437

+3

-3

doc/html/user/user_commands/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

137	137
138	138	<div class="footer-wrapper">
139	139	<div class="footer" >
140		<div class="right" ><i>Release: 1.17</i><br />
141		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	140	<div class="right" ><i>Release: 1.18.2</i><br />
	141	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
142	142	</div>
143	143	<div class="left">
144	144

+3

-3

doc/html/user/user_commands/kdestroy.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

193	193
194	194	<div class="footer-wrapper">
195	195	<div class="footer" >
196		<div class="right" ><i>Release: 1.17</i><br />
197		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	196	<div class="right" ><i>Release: 1.18.2</i><br />
	197	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
198	198	</div>
199	199	<div class="left">
200	200

+4

-5

doc/html/user/user_commands/kinit.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

135	135	KDC to reply with a different client principal from the one
136	136	requested.</dd>
137	137	<dt><strong>-E</strong></dt>
138		<dd>treats the principal name as an enterprise name (implies the
139		<strong>-C</strong> option).</dd>
	138	<dd>treats the principal name as an enterprise name.</dd>
140	139	<dt><strong>-v</strong></dt>
141	140	<dd>requests that the ticket-granting ticket in the cache (with the
142	141	<strong>invalid</strong> flag set) be passed to the KDC for validation. If the

321	320
322	321	<div class="footer-wrapper">
323	322	<div class="footer" >
324		<div class="right" ><i>Release: 1.17</i><br />
325		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	323	<div class="right" ><i>Release: 1.18.2</i><br />
	324	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
326	325	</div>
327	326	<div class="left">
328	327

+3

-3

doc/html/user/user_commands/klist.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

233	233
234	234	<div class="footer-wrapper">
235	235	<div class="footer" >
236		<div class="right" ><i>Release: 1.17</i><br />
237		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	236	<div class="right" ><i>Release: 1.18.2</i><br />
	237	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
238	238	</div>
239	239	<div class="left">
240	240

+3

-3

doc/html/user/user_commands/kpasswd.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

165	165
166	166	<div class="footer-wrapper">
167	167	<div class="footer" >
168		<div class="right" ><i>Release: 1.17</i><br />
169		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	168	<div class="right" ><i>Release: 1.18.2</i><br />
	169	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
170	170	</div>
171	171	<div class="left">
172	172

+3

-3

doc/html/user/user_commands/krb5-config.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

211	211
212	212	<div class="footer-wrapper">
213	213	<div class="footer" >
214		<div class="right" ><i>Release: 1.17</i><br />
215		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	214	<div class="right" ><i>Release: 1.18.2</i><br />
	215	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
216	216	</div>
217	217	<div class="left">
218	218

+14

-5

doc/html/user/user_commands/ksu.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

70	70	[ <strong>-c</strong> <em>source_cache_name</em> ]
71	71	[ <strong>-k</strong> ]
72	72	[ <strong>-r</strong> time ]
73		[ <strong>-pf</strong> ]
	73	[ <strong>-p</strong> \| <strong>-P</strong>]
	74	[ <strong>-f</strong> \| <strong>-F</strong>]
74	75	[ <strong>-l</strong> <em>lifetime</em> ]
75	76	[ <strong>-z \| Z</strong> ]
76	77	[ <strong>-q</strong> ]

285	286	</dl>
286	287	<p>Ticket granting ticket options:</p>
287	288	<dl class="docutils">
288		<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-pf</strong></dt>
	289	<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-p</strong> <strong>-P</strong> <strong>-f</strong> <strong>-F</strong></dt>
289	290	<dd>The ticket granting ticket options only apply to the case where
290	291	there are no appropriate tickets in the cache to authenticate the
291	292	source user. In this case if ksu is configured to prompt users

303	304	<dt><strong>-p</strong></dt>
304	305	<dd>specifies that the <strong>proxiable</strong> option should be requested for
305	306	the ticket.</dd>
	307	<dt><strong>-P</strong></dt>
	308	<dd>specifies that the <strong>proxiable</strong> option should not be requested
	309	for the ticket, even if the default configuration is to ask for
	310	proxiable tickets.</dd>
306	311	<dt><strong>-f</strong></dt>
307	312	<dd>option specifies that the <strong>forwardable</strong> option should be
308	313	requested for the ticket.</dd>
	314	<dt><strong>-F</strong></dt>
	315	<dd>option specifies that the <strong>forwardable</strong> option should not be
	316	requested for the ticket, even if the default configuration is to
	317	ask for forwardable tickets.</dd>
309	318	<dt><strong>-e</strong> <em>command</em> [<em>args</em> …]</dt>
310	319	<dd><p class="first">ksu proceeds exactly the same as if it was invoked without the
311	320	<strong>-e</strong> option, except instead of executing the target shell, ksu

491	500
492	501	<div class="footer-wrapper">
493	502	<div class="footer" >
494		<div class="right" ><i>Release: 1.17</i><br />
495		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	503	<div class="right" ><i>Release: 1.18.2</i><br />
	504	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
496	505	</div>
497	506	<div class="left">
498	507

+3

-3

doc/html/user/user_commands/kswitch.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

170	170
171	171	<div class="footer-wrapper">
172	172	<div class="footer" >
173		<div class="right" ><i>Release: 1.17</i><br />
174		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	173	<div class="right" ><i>Release: 1.18.2</i><br />
	174	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
175	175	</div>
176	176	<div class="left">
177	177

+12

-4

doc/html/user/user_commands/kvno.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

71	71	[<strong>-h</strong>]
72	72	[<strong>-P</strong>]
73	73	[<strong>-S</strong> <em>sname</em>]
	74	[<strong>-I</strong> <em>for_user</em>]
74	75	[<strong>-U</strong> <em>for_user</em>]
	76	[<strong>-F</strong> <em>cert_file</em>]
75	77	[<strong>–u2u</strong> <em>ccache</em>]
76	78	<em>service1 service2</em> …</p>
77	79	</div>

107	109	constructed from those hostnames and the service name <em>sname</em>.
108	110	The service hostnames will be canonicalized according to the usual
109	111	rules for constructing service principals.</dd>
110		<dt><strong>-U</strong> <em>for_user</em></dt>
	112	<dt><strong>-I</strong> <em>for_user</em></dt>
111	113	<dd>Specifies that protocol transition (S4U2Self) is to be used to
112	114	acquire a ticket on behalf of <em>for_user</em>. If constrained
113	115	delegation is not requested, the service name must match the
114	116	credentials cache client principal.</dd>
	117	<dt><strong>-U</strong> <em>for_user</em></dt>
	118	<dd>Same as -I, but treats <em>for_user</em> as an enterprise name.</dd>
	119	<dt><strong>-F</strong> <em>cert_file</em></dt>
	120	<dd>Specifies that protocol transition is to be used, identifying the
	121	client principal with the X.509 certificate in <em>cert_file</em>. The
	122	certificate file must be in PEM format.</dd>
115	123	<dt><strong>–u2u</strong> <em>ccache</em></dt>
116	124	<dd>Requests a user-to-user ticket. <em>ccache</em> must contain a local
117	125	krbtgt ticket for the server principal. The reported version

205	213
206	214	<div class="footer-wrapper">
207	215	<div class="footer" >
208		<div class="right" ><i>Release: 1.17</i><br />
209		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	216	<div class="right" ><i>Release: 1.18.2</i><br />
	217	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
210	218	</div>
211	219	<div class="left">
212	220

+3

-3

doc/html/user/user_commands/sclient.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

150	150
151	151	<div class="footer-wrapper">
152	152	<div class="footer" >
153		<div class="right" ><i>Release: 1.17</i><br />
154		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	153	<div class="right" ><i>Release: 1.18.2</i><br />
	154	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
155	155	</div>
156	156	<div class="left">
157	157

+3

-3

doc/html/user/user_config/index.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

128	128
129	129	<div class="footer-wrapper">
130	130	<div class="footer" >
131		<div class="right" ><i>Release: 1.17</i><br />
132		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	131	<div class="right" ><i>Release: 1.18.2</i><br />
	132	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
133	133	</div>
134	134	<div class="left">
135	135

+3

-3

doc/html/user/user_config/k5identity.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

176	176
177	177	<div class="footer-wrapper">
178	178	<div class="footer" >
179		<div class="right" ><i>Release: 1.17</i><br />
180		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	179	<div class="right" ><i>Release: 1.18.2</i><br />
	180	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
181	181	</div>
182	182	<div class="left">
183	183

+3

-3

doc/html/user/user_config/k5login.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

167	167
168	168	<div class="footer-wrapper">
169	169	<div class="footer" >
170		<div class="right" ><i>Release: 1.17</i><br />
171		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	170	<div class="right" ><i>Release: 1.18.2</i><br />
	171	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
172	172	</div>
173	173	<div class="left">
174	174

+20

-7

doc/html/user/user_config/kerberos.html less more

11	11	<script type="text/javascript">
12	12	var DOCUMENTATION_OPTIONS = {
13	13	URL_ROOT: '../../',
14		VERSION: '1.17',
	14	VERSION: '1.18.2',
15	15	COLLAPSE_INDEX: false,
16	16	FILE_SUFFIX: '.html',
17	17	HAS_SOURCE: true,

152	152	contains additional configuration directives for the Key
153	153	Distribution Center daemon and associated programs. The default
154	154	is <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kdc.conf</span></code>.</dd>
	155	<dt><strong>KRB5RCACHENAME</strong></dt>
	156	<dd>(New in release 1.18) Specifies the location of the default replay
	157	cache, in the form <em>type</em>:<em>residual</em>. The <code class="docutils literal"><span class="pre">file2</span></code> type with a
	158	pathname residual specifies a replay cache file in the version-2
	159	format in the specified location. The <code class="docutils literal"><span class="pre">none</span></code> type (residual is
	160	ignored) disables the replay cache. The <code class="docutils literal"><span class="pre">dfl</span></code> type (residual is
	161	ignored) indicates the default, which uses a file2 replay cache in
	162	a temporary directory. The default is <code class="docutils literal"><span class="pre">dfl:</span></code>.</dd>
155	163	<dt><strong>KRB5RCACHETYPE</strong></dt>
156		<dd>Specifies the default type of replay cache to use for servers.
157		Valid types include <code class="docutils literal"><span class="pre">dfl</span></code> for the normal file type and <code class="docutils literal"><span class="pre">none</span></code>
158		for no replay cache. The default is <code class="docutils literal"><span class="pre">dfl</span></code>.</dd>
	164	<dd>Specifies the type of the default replay cache, if
	165	<strong>KRB5RCACHENAME</strong> is unspecified. No residual can be specified,
	166	so <code class="docutils literal"><span class="pre">none</span></code> and <code class="docutils literal"><span class="pre">dfl</span></code> are the only useful types.</dd>
159	167	<dt><strong>KRB5RCACHEDIR</strong></dt>
160		<dd>Specifies the default directory for replay caches used by servers.
	168	<dd>Specifies the directory used by the <code class="docutils literal"><span class="pre">dfl</span></code> replay cache type.
161	169	The default is the value of the <strong>TMPDIR</strong> environment variable,
162	170	or <code class="docutils literal"><span class="pre">/var/tmp</span></code> if <strong>TMPDIR</strong> is not set.</dd>
163	171	<dt><strong>KRB5_TRACE</strong></dt>

172	180	used).</dd>
173	181	<dt><strong>KPROP_PORT</strong></dt>
174	182	<dd><a class="reference internal" href="../../admin/admin_commands/kprop.html#kprop-8"><span class="std std-ref">kprop</span></a> port to use. Defaults to 754.</dd>
	183	<dt><strong>GSS_MECH_CONFIG</strong></dt>
	184	<dd>Specifies a filename containing GSSAPI mechanism module
	185	configuration. The default is to read <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech</span></code>
	186	and files with a <code class="docutils literal"><span class="pre">.conf</span></code> suffix within the directory
	187	<a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal"><span class="pre">/gss/mech.d</span></code>.</dd>
175	188	</dl>
176	189	<p>Most environment variables are disabled for certain programs, such as
177	190	login system programs and setuid programs, which are designed to be

272	285
273	286	<div class="footer-wrapper">
274	287	<div class="footer" >
275		<div class="right" ><i>Release: 1.17</i><br />
276		© <a href="../../copyright.html">Copyright</a> 1985-2019, MIT.
	288	<div class="right" ><i>Release: 1.18.2</i><br />
	289	© <a href="../../copyright.html">Copyright</a> 1985-2020, MIT.
277	290	</div>
278	291	<div class="left">
279	292

+1

-1

doc/iprop-notes.txt less more

89	89
90	90	Overflow checks for ulogentries times block size?
91	91
92		If file can't be made the size indicated by ulogentries, shoud we
	92	If file can't be made the size indicated by ulogentries, should we
93	93	truncate or error out? If we error out, this could blow out when
94	94	resizing the log because of a too-large log entry.
95	95

+5

-4

doc/kadm5/adb-unit-test.tex less more

0		\documentstyle[times,fullpage,rcsid]{article}
	0	% This document is included for historical purposes only, and does not
	1	% apply to krb5 today.
1	2
2		\rcs$Id$
	3	\documentstyle[times,fullpage]{article}
3	4
4	5	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5	6	%% Make _ actually generate an _, and allow line-breaking after it.

38	39	%\newcommand{\Priority}[1]{}
39	40
40	41	\title{OpenV*Secure Admin Database API\\
41		Unit Test Description\footnote{\rcsId}}
	42	Unit Test Description}
42	43	\author{Jonathan I. Kamens}
43	44
44	45	\begin{document}

51	52
52	53	The following is a description of a black-box unit test of the
53	54	OpenV*Secure Admin Database API (osa_adb). Each API function is
54		listed, followed by the tests that shoud be performed on it.
	55	listed, followed by the tests that should be performed on it.
55	56
56	57	The tests described here are based on the ``OV*Secure Admin Server
57	58	Implementation Design'' revision 1.14.

+12

-11

doc/kadm5/api-funcspec.tex less more

0		\documentstyle[12pt,fullpage,rcsid]{article}
	0	% This document is included for historical purposes only, and does not
	1	% apply to krb5 today.
	2
	3	\documentstyle[12pt,fullpage]{article}
1	4
2	5	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
3	6	%% Make _ actually generate an _, and allow line-breaking after it.

6	9	\def_{\underscore\penalty75\relax}
7	10	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
8	11
9		\rcs$Id$
10
11	12	\setlength{\parskip}{.7\baselineskip}
12	13	\setlength{\parindent}{0pt}
13	14
14	15	\def\v#1{\verb+#1+}
15	16
16	17	\title{Kerberos Administration System \\
17		KADM5 API Functional Specifications\thanks{\rcsId}}
	18	KADM5 API Functional Specifications}
18	19	\author{Barry Jaspan}
19	20
20	21	\begin{document}

520	521	\end{verbatim}
521	522	%
522	523	\begin{description}
523		\item[key_data_ver] The verion number of the structure. Versions 1
	524	\item[key_data_ver] The version number of the structure. Versions 1
524	525	and 2 are currently defined. If key_data_ver is 1 then the key is
525	526	either a random key (not requiring a salt) or the salt is the normal
526	527	v5 salt which is the same as the realm and therefore doesn't need to

639	640	specify the API version number that the program will use by
640	641	\v{\#define}ing USE_KADM5_API_VERSION; for example, define that symbol
641	642	to be 1 to use KADM5_API_VERSION_1. This will ensure that the correct
642		functional protoypes and data structures are defined. If no version
	643	functional prototypes and data structures are defined. If no version
643	644	symbol is defined, the most recent version supported by the header
644	645	files will be used.
645	646

725	726	\item[KADM5_BAD_LENGTH] Invalid password length
726	727	\item[KADM5_BAD_POLICY] Illegal policy name
727	728	\item[KADM5_BAD_PRINCIPAL] Illegal principal name.
728		\item[KADM5_BAD_AUX_ATTR] Invalid auxillary attributes
	729	\item[KADM5_BAD_AUX_ATTR] Invalid auxiliary attributes
729	730	\item[KADM5_BAD_HISTORY] Invalid password history count
730	731	\item[KADM5_BAD_MIN_PASS_LIFE] Password minimum life is greater
731	732	then password maximum life

733	734	\item[KADM5_PASS_Q_CLASS] Password does not contain enough
734	735	character classes
735	736	\item[KADM5_PASS_Q_DICT] Password is in the password dictionary
736		\item[KADM5_PASS_REUSE] Cannot resuse password
	737	\item[KADM5_PASS_REUSE] Cannot reuse password
737	738	\item[KADM5_PASS_TOOSOON] Current password's minimum life has not
738	739	expired
739	740	\item[KADM5_POLICY_REF] Policy is in use

960	961	compatibility. It is identical to kadm5_init_with_password.
961	962
962	963	These three functions open a connection to the kadm5 library and
963		initialize any neccessary state information. They behave differently
	964	initialize any necessary state information. They behave differently
964	965	when called from local and remote clients.
965	966
966	967	In KADM5_API_VERSION_2, these functions take a kadm5_config_params

1442	1443	functionality. If the passwords don't match the string ``New passwords do
1443	1444	not match - password not changed.'' will be copied into msg_ret, and the
1444	1445	error code KRB5_LIBOS_BADPWDMATCH will be returned. For other errors that
1445		ocurr while reading the new password, copy the string ``<com_err message$>$
	1446	occur while reading the new password, copy the string ``<com_err message$>$
1446	1447	occurred while trying to read new password.'' followed by a blank line and
1447	1448	the string specified by CHPASS_UTIL_PASSWORD_NOT_CHANGED into msg_ret and
1448	1449	return the error code returned by krb5_read_password.

1949	1950	\end{verbatim}
1950	1951
1951	1952	Free memory that was allocated by a call to kadm5_get_policy. If
1952		the argument is NULL, the function returns succesfully.
	1953	the argument is NULL, the function returns successfully.
1953	1954
1954	1955	AUTHORIZATION REQUIRED: none (local operation)
1955	1956

+13

-12

doc/kadm5/api-server-design.tex less more

0		\documentstyle[12pt,fullpage,rcsid]{article}
	0	% This document is included for historical purposes only, and does not
	1	% apply to krb5 today.
	2
	3	\documentstyle[12pt,fullpage]{article}
1	4
2	5	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
3	6	%% Make _ actually generate an _, and allow line-breaking after it.

6	9	\def_{\underscore\penalty75\relax}
7	10	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
8	11
9		\rcs$Id$
10
11	12	\setlength{\parskip}{.7\baselineskip}
12	13	\setlength{\parindent}{0pt}
13	14
14	15	\def\v#1{\verb+#1+}
15	16	\def\k#1{K$_#1$}
16	17
17		\title{KADM5 Library and Server \\ Implementation Design\thanks{\rcsId}}
	18	\title{KADM5 Library and Server \\ Implementation Design}
18	19	\author{Barry Jaspan}
19	20
20	21	\begin{document}

185	186
186	187	Any code whose behavior depends on the API version should be written
187	188	so as to be compatible with future, currently unknown API versions on
188		the grounds that any particuarly piece of API behavior will most
	189	the grounds that any particular piece of API behavior will most
189	190	likely not change between versions. For example, in the current
190	191	system, the code is not written as ``if this is VERSION_1, do X, else
191	192	if this is VERSION_2, do Y''; instead, it is written as ``if this is

233	234	Server library functions must know how many and what type of arguments
234	235	to expect, and must operate on those arguments correctly, based on the
235	236	API version with which they are invoked. The API version is contained
236		in the handle that is alwasy passed as their first argument, generated
	237	in the handle that is always passed as their first argument, generated
237	238	by kadm5_init_* (to which the client specified the API version to use
238	239	at run-time).
239	240

420	421	an API handle that contains the API version requested by the client;
421	422	otherwise the function semantics might not be correct. One
422	423	possibility would be for the server to call kadm5_init for each client
423		request, specifing the client's API version number and thus generating
	424	request, specifying the client's API version number and thus generating
424	425	an API handle with the correct version, but that would be
425	426	prohibitively inefficient. Instead, the server dips down in the
426	427	server library's internal abstraction barrier, using the function

485	486	the declarations of both kadm5_get_principal and kadm5_get_policy
486	487	did. Thus, to use the caller's API handle, kadm5_chpass_principal
487	488	will have to have a separate code path for each API version, even
488		though it itself did not change bewteen versions, and duplicate a lot
	489	though it itself did not change between versions, and duplicate a lot
489	490	of logic found elsewhere in the library.
490	491
491	492	Instead, each API handle contains a ``local-use handle,'' or lhandle,

526	527	kadm5 function to perform operations that they client will see and for
527	528	its own benefit, since the semantics of the recursively-called kadm5
528	529	function may depend on the API version specified and the client may be
529		depending on a particular version's behavior. Future implementators
	530	depending on a particular version's behavior. Future implementors
530	531	should avoid creating a situation in which this is possible.
531	532
532	533	\section{Server Main}

708	709	\end{enumerate}
709	710
710	711	Functions which modify the database acquire an exclusive lock, others
711		acqure a shared lock. osa_adb_iter_T acquires an exclusive lock for
	712	acquire a shared lock. osa_adb_iter_T acquires an exclusive lock for
712	713	safety but as stated below consequences of modifying the database in
713	714	the iteration function are undefined.
714	715

879	880	Iterates over every entry in the database. For each entry ent in the
880	881	database db, the function (*func)(data, ent) is called. If func
881	882	returns an error code, osa_adb_iter_T returns an error code. If all
882		invokations of func return OSA_ADB_OK, osa_adb_iter_T returns
	883	invocations of func return OSA_ADB_OK, osa_adb_iter_T returns
883	884	OSA_ADB_OK. The function func is permitted to access the database,
884	885	but the consequences of modifying the database during the iteration
885	886	are undefined.

983	984	\section{Function Details}
984	985
985	986	This section discusses specific design issues for Admin API functions
986		that are not addresed by the functional specifications.
	987	that are not addressed by the functional specifications.
987	988
988	989	\subsection{kadm5_create_principal}
989	990

+20

-19

doc/kadm5/api-unit-test.tex less more

0		\documentstyle[times,fullpage,rcsid]{article}
1
2		\rcs$Id$
	0	% This document is included for historical purposes only, and does not
	1	% apply to krb5 today.
	2
	3	\documentstyle[times,fullpage]{article}
3	4
4	5	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5	6	%% Make _ actually generate an _, and allow line-breaking after it.

40	41	%\newcommand{\Priority}[1]{}
41	42
42	43	\title{KADM5 Admin API\\
43		Unit Test Description\footnote{\rcsId}}
	44	Unit Test Description}
44	45	\author{Jonathan I. Kamens}
45	46
46	47	\begin{document}

52	53	\section{Introduction}
53	54
54	55	The following is a description of a black-box unit test of the KADM5
55		API. Each API function is listed, followed by the tests that shoud be
	56	API. Each API function is listed, followed by the tests that should be
56	57	performed on it.
57	58
58	59	The tests described here are based on the ``Kerberos Administration

442	443
443	444	\numtest{102.5}{
444	445	\Version{KADM5_API_VERSION_2}
445		\Reason{Obeys the admin_server field of the configuratin parameters,
	446	\Reason{Obeys the admin_server field of the configuration parameters,
446	447	if set with a host name and port number.}
447	448	\Conditions{RPC}
448	449	}

554	555	\numtest{116}{
555	556	\Version{KADM5_API_VERSION_2}
556	557	\Reason{Two calls to init with clients having different privileges
557		succeedes, and both clients maintain their correct privileges.}
	558	succeeds, and both clients maintain their correct privileges.}
558	559	\Priority{Bug fix}
559	560	\Conditions{RPC}
560	561	\Status{Implemented}

661	662
662	663	\numtest{10}{
663	664	\Priority{Low}
664		\Reason{Connects to correct server when mutliple handles exist}
	665	\Reason{Connects to correct server when multiple handles exist}
665	666	\Conditions{client}
666	667	}
667	668

930	931
931	932	\numtest{44}{
932	933	\Priority{Low}
933		\Reason{Connects to correct server when mutliple handles exist}
	934	\Reason{Connects to correct server when multiple handles exist}
934	935	\Conditions{RPC}
935	936	}
936	937

1018	1019
1019	1020	\numtest{14}{
1020	1021	\Priority{Low}
1021		\Reason{Connects to correct server when mutliple handles exist}
	1022	\Reason{Connects to correct server when multiple handles exist}
1022	1023	\Conditions{RPC}
1023	1024	}
1024	1025

1307	1308
1308	1309	\numtest{44}{
1309	1310	\Priority{Low}
1310		\Reason{Connects to correct server when mutliple handles exist}
	1311	\Reason{Connects to correct server when multiple handles exist}
1311	1312	\Conditions{RPC}
1312	1313	}
1313	1314

1463	1464
1464	1465	\numtest{17}{
1465	1466	\Priority{Low}
1466		\Reason{Connects to correct server when mutliple handles exist}
	1467	\Reason{Connects to correct server when multiple handles exist}
1467	1468	\Conditions{RPC}
1468	1469	}
1469	1470

1719	1720
1720	1721	\numtest{184}{
1721	1722	\Priority{Low}
1722		\Reason{Connects to correct server when mutliple handles exist}
	1723	\Reason{Connects to correct server when multiple handles exist}
1723	1724	\Conditions{RPC}
1724	1725	}
1725	1726

1899	1900
1900	1901	\numtest{34}{
1901	1902	\Priority{Low}
1902		\Reason{Connects to correct server when mutliple handles exist}
	1903	\Reason{Connects to correct server when multiple handles exist}
1903	1904	\Conditions{RPC}
1904	1905	}
1905	1906

2012	2013
2013	2014	\numtest{16}{
2014	2015	\Priority{Low}
2015		\Reason{Connects to correct server when mutliple handles exist}
	2016	\Reason{Connects to correct server when multiple handles exist}
2016	2017	\Conditions{RPC}
2017	2018	}
2018	2019

2230	2231
2231	2232	\numtest{31}{
2232	2233	\Priority{Low}
2233		\Reason{Connects to correct server when mutliple handles exist}
	2234	\Reason{Connects to correct server when multiple handles exist}
2234	2235	\Conditions{RPC}
2235	2236	}
2236	2237

2310	2311
2311	2312	\numtest{14}{
2312	2313	\Priority{Low}
2313		\Reason{Connects to correct server when mutliple handles exist}
	2314	\Reason{Connects to correct server when multiple handles exist}
2314	2315	\Conditions{RPC}
2315	2316	}
2316	2317

2484	2485
2485	2486	\numtest{31}{
2486	2487	\Priority{Low}
2487		\Reason{Connects to correct server when mutliple handles exist}
	2488	\Reason{Connects to correct server when multiple handles exist}
2488	2489	\Conditions{RPC}
2489	2490	}
2490	2491

2615	2616
2616	2617	\numtest{22}{
2617	2618	\Priority{Low}
2618		\Reason{Connects to correct server when mutliple handles exist}
	2619	\Reason{Connects to correct server when multiple handles exist}
2619	2620	\Conditions{RPC}
2620	2621	}
2621	2622

+0

-5

~~doc/kadm5/rcsid.sty~~ less more

0		\def\rcs$#1: #2${\expandafter\def\csname rcs#1\endcsname{#2}}
1
2		% example usage:
3		% \rcs$Version$
4		% Version \rcsVersion

+1

-0

doc/mitK5defaults.rst less more

13	13	Kerberos config file :ref:`krb5.conf(5)` \|krb5conf\|\ ``:``\ KRB5_CONFIG
14	14	\|sysconfdir\|\ ``/krb5.conf``
15	15	KDC config file :ref:`kdc.conf(5)` \|kdcdir\|\ ``/kdc.conf`` KRB5_KDC_PROFILE
	16	GSS mechanism config file \|sysconfdir\|\ ``/gss/mech`` GSS_MECH_CONFIG
16	17	KDC database path (DB2) \|kdcdir\|\ ``/principal``
17	18	Master key :ref:`stash_definition` \|kdcdir\|\ ``/.k5.``\ realm
18	19	Admin server ACL file :ref:`kadm5.acl(5)` \|kdcdir\|\ ``/kadm5.acl``

+74

-5

doc/mitK5features.rst less more

18	18	License - :ref:`mitK5license`
19	19
20	20	Releases:
21		- Latest stable: https://web.mit.edu/kerberos/krb5-1.17/
22		- Supported: https://web.mit.edu/kerberos/krb5-1.16/
23		- Release cycle: 9 -- 12 months
	21	- Latest stable: https://web.mit.edu/kerberos/krb5-1.18/
	22	- Supported: https://web.mit.edu/kerberos/krb5-1.17/
	23	- Release cycle: approximately 12 months
24	24
25	25	Supported platforms \/ OS distributions:
26	26	- Windows (KfW 4.0): Windows 7, Vista, XP

36	36
37	37	krb4 support: Kerberos 5 release < 1.8
38	38
39		DES support: configurable (See :ref:`retiring-des`)
	39	DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`)
40	40
41	41	Interoperability
42	42	----------------

111	111	- Plugin to test password quality :ref:`pwqual_plugin`
112	112	- Plugin to synchronize password changes :ref:`kadm5_hook_plugin`
113	113	- Parallel KDC
114		- GSS-API extentions for SASL GS2 bridge :rfc:`5801` :rfc:`5587`
	114	- GSS-API extensions for SASL GS2 bridge :rfc:`5801` :rfc:`5587`
115	115	- Purging old keys
116	116	- Naming extensions for delegation chain
117	117	- Password expiration API

470	470	unused Windows-specific code has been removed. Visual Studio 2013
471	471	or later is now required.
472	472
	473	Release 1.18
	474
	475	* Administrator experience:
	476
	477	- Remove support for single-DES encryption types.
	478
	479	- Change the replay cache format to be more efficient and robust.
	480	Replay cache filenames using the new format end with ``.rcache2``
	481	by default.
	482
	483	- setuid programs will automatically ignore environment variables
	484	that normally affect krb5 API functions, even if the caller does
	485	not use krb5_init_secure_context().
	486
	487	- Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable
	488	credential forwarding during GSSAPI authentication unless the KDC
	489	sets the ok-as-delegate bit in the service ticket.
	490
	491	- Use the ``permitted_enctypes`` krb5.conf setting as the default
	492	value for ``default_tkt_enctypes`` and ``default_tgs_enctypes``.
	493
	494	* Developer experience:
	495
	496	- Implement krb5_cc_remove_cred() for all credential cache types.
	497
	498	- Add the krb5_pac_get_client_info() API to get the client account
	499	name from a PAC.
	500
	501	* Protocol evolution:
	502
	503	- Add KDC support for S4U2Self requests where the user is identified
	504	by X.509 certificate. (Requires support for certificate lookup
	505	from a third-party KDB module.)
	506
	507	- Remove support for an old ("draft 9") variant of PKINIT.
	508
	509	- Add support for Microsoft NegoEx. (Requires one or more
	510	third-party GSS modules implementing NegoEx mechanisms.)
	511
	512	- Honor the transited-policy-checked ticket flag on application
	513	servers, eliminating the requirement to configure capaths on
	514	servers in some scenarios.
	515
	516	* User experience:
	517
	518	- Add support for ``dns_canonicalize_hostname=fallback``, causing
	519	host-based principal names to be tried first without DNS
	520	canonicalization, and again with DNS canonicalization if the
	521	un-canonicalized server is not found.
	522
	523	- Expand single-component hostnames in host-based principal names
	524	when DNS canonicalization is not used, adding the system's first
	525	DNS search path as a suffix. Add a ``qualify_shortname``
	526	krb5.conf relation to override this suffix or disable expansion.
	527
	528	* Code quality:
	529
	530	- The libkrb5 serialization code (used to export and import krb5 GSS
	531	security contexts) has been simplified and made type-safe.
	532
	533	- The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
	534	messages has been revised to conform to current coding practices.
	535
	536	- The test suite has been modified to work with macOS System
	537	Integrity Protection enabled.
	538
	539	- The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
	540	support can always be tested.
	541
473	542	`Pre-authentication mechanisms`
474	543
475	544	- PW-SALT :rfc:`4120#section-5.2.7.3`

+1

-1

doc/notice.rst less more

0		Copyright \|copy\| 1985-2019 by the Massachusetts Institute of Technology.
	0	Copyright \|copy\| 1985-2020 by the Massachusetts Institute of Technology.
1	1
2	2	All rights reserved.
3	3

doc/pdf/admin.pdf less more

Binary diff not shown

+351

-772

doc/pdf/admin.tex less more

54	54
55	55	\title{Kerberos Administration Guide}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

331	331
332	332	\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{local}\PYG{p}{:} \PYG{n}{addprinc} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
333	333
334		\PYG{n}{WARNING}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{admin/admin@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
	334	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{admin/admin@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
335	335	\PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}\PYG{o}{.}
336	336	\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Enter} \PYG{n}{a} \PYG{n}{password}\PYG{o}{.}
337	337	\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{it} \PYG{n}{again}\PYG{o}{.}

414	414	\begin{sphinxVerbatim}[commandchars=\\\{\}]
415	415	\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmin}
416	416	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
417		\PYG{n}{NOTICE}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}
	417	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}
418	418	\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.}
419	419
420	420	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
421		\PYG{n}{NOTICE}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos\PYGZhy{}1.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}
	421	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos\PYGZhy{}1.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}
422	422	\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos\PYGZhy{}1.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.}
423	423	\end{sphinxVerbatim}
424	424

441	441	\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption}
442	442	\PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
443	443	\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption}
444		\PYG{n+nb}{type} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
	444	\PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
445	445	\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption}
446	446	\PYG{n+nb}{type} \PYG{n}{arcfour}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
447	447	\end{sphinxVerbatim}

780	780	\fvset{hllines={, ,}}%
781	781	\begin{sphinxVerbatim}[commandchars=\\\{\}]
782	782	\PYG{n}{trillium}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmin}
783		\PYG{n}{kadmin5}\PYG{p}{:} \PYG{n}{ktadd} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
784		\PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
785		\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with}
786		\PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{DES}\PYG{o}{\PYGZhy{}}\PYG{n}{CBC}\PYG{o}{\PYGZhy{}}\PYG{n}{CRC} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab}
787		\PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
788		\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with}
789		\PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{DES}\PYG{o}{\PYGZhy{}}\PYG{n}{CBC}\PYG{o}{\PYGZhy{}}\PYG{n}{CRC} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab}
790		\PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
791		\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with}
792		\PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{DES}\PYG{o}{\PYGZhy{}}\PYG{n}{CBC}\PYG{o}{\PYGZhy{}}\PYG{n}{CRC} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab}
793		\PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
794		\PYG{n}{kadmin5}\PYG{p}{:} \PYG{n}{quit}
	783	\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.}
	784	\PYG{n}{Password} \PYG{k}{for} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:}
	785	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
	786	\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
	787	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
	788	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.}
	789	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{quit}
795	790	\PYG{n}{trillium}\PYG{o}{\PYGZpc{}}
796	791	\end{sphinxVerbatim}
797	792

825	820	Debian: \sphinxhref{http://techpubs.spinlocksolutions.com/dklar/kerberos.html}{Setting up MIT Kerberos 5}
826	821
827	822	\item {}
828		Solaris: \sphinxhref{http://download.oracle.com/docs/cd/E19253-01/816-4557/6maosrjv2/index.html}{Configuring the Kerberos Service}
	823	Solaris: \sphinxhref{https://docs.oracle.com/cd/E19253-01/816-4557/6maosrjv2/index.html}{Configuring the Kerberos Service}
829	824
830	825	\end{enumerate}
831	826

884	879	\PYG{p}{\PYGZcb{}}
885	880	\end{sphinxVerbatim}
886	881
887		Placing a ‘*’ at the end of a line indicates that this is the \sphinxstyleemphasis{final}
888		value for the tag. This means that neither the remainder of this
889		configuration file nor any other configuration file will be checked
890		for any other values for this tag.
891
892		For example, if you have the following lines:
893
894		\fvset{hllines={, ,}}%
895		\begin{sphinxVerbatim}[commandchars=\\\{\}]
896		\PYG{n}{foo} \PYG{o}{=} \PYG{n}{bar}\PYG{o}{*}
897		\PYG{n}{foo} \PYG{o}{=} \PYG{n}{baz}
898		\end{sphinxVerbatim}
899
900		then the second value of \sphinxcode{foo} (\sphinxcode{baz}) would never be read.
	882	Placing a ‘*’ after the closing bracket of a section name indicates
	883	that the section is \sphinxstyleemphasis{final}, meaning that if the same section appears
	884	within a later file specified in \sphinxstylestrong{KRB5\_CONFIG}, it will be ignored.
	885	A subsection can be marked as final by placing a ‘*’ after either the
	886	tag name or the closing brace.
901	887
902	888	The krb5.conf file can include other files using either of the
903	889	following directives at the beginning of a line:

992	978	in {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}) will be filtered
993	979	out of the lists \sphinxstylestrong{default\_tgs\_enctypes},
994	980	\sphinxstylestrong{default\_tkt\_enctypes}, and \sphinxstylestrong{permitted\_enctypes}. The default
995		value for this tag is false, which may cause authentication
996		failures in existing Kerberos infrastructures that do not support
997		strong crypto. Users in affected environments should set this tag
998		to true until their infrastructure adopts stronger ciphers.
999
1000		\item[{\sphinxstylestrong{ap\_req\_checksum\_type}}] \leavevmode
1001		An integer which specifies the type of AP-REQ checksum to use in
1002		authenticators. This variable should be unset so the appropriate
1003		checksum for the encryption key in use will be used. This can be
1004		set if backward compatibility requires a specific checksum type.
1005		See the \sphinxstylestrong{kdc\_req\_checksum\_type} configuration option for the
1006		possible values and their meanings.
	981	value for this tag is false.
1007	982
1008	983	\item[{\sphinxstylestrong{canonicalize}}] \leavevmode
1009	984	If this flag is set to true, initial ticket requests to the KDC

1045	1020	application servers such as sshd. The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}. This
1046	1021	relation is subject to parameter expansion (see below).
1047	1022
	1023	\item[{\sphinxstylestrong{default\_rcache\_name}}] \leavevmode
	1024	This relation specifies the name of the default replay cache.
	1025	The default is \sphinxcode{dfl:}. This relation is subject to parameter
	1026	expansion (see below). New in release 1.18.
	1027
1048	1028	\item[{\sphinxstylestrong{default\_realm}}] \leavevmode
1049	1029	Identifies the default Kerberos realm for the client. Set its
1050	1030	value to your Kerberos realm. If this value is not set, then a

1057	1037	preference from highest to lowest. The list may be delimited with
1058	1038	commas or whitespace. See {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in
1059	1039	{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of the accepted values for this tag.
1060		The default value is \sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4}, but single-DES encryption types
1061		will be implicitly removed from this list if the value of
1062		\sphinxstylestrong{allow\_weak\_crypto} is false.
	1040	Starting in release 1.18, the default value is the value of
	1041	\sphinxstylestrong{permitted\_enctypes}. For previous releases or if
	1042	\sphinxstylestrong{permitted\_enctypes} is not set, the default value is
	1043	\sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac}.
1063	1044
1064	1045	Do not set this unless required for specific backward
1065	1046	compatibility purposes; stale values of this setting can prevent

1070	1051	Identifies the supported list of session key encryption types that
1071	1052	the client should request when making an AS-REQ, in order of
1072	1053	preference from highest to lowest. The format is the same as for
1073		default\_tgs\_enctypes. The default value for this tag is
1074		\sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4}, but single-DES encryption types will be implicitly
1075		removed from this list if the value of \sphinxstylestrong{allow\_weak\_crypto} is
1076		false.
	1054	default\_tgs\_enctypes. Starting in release 1.18, the default
	1055	value is the value of \sphinxstylestrong{permitted\_enctypes}. For previous
	1056	releases or if \sphinxstylestrong{permitted\_enctypes} is not set, the default
	1057	value is \sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac}.
1077	1058
1078	1059	Do not set this unless required for specific backward
1079	1060	compatibility purposes; stale values of this setting can prevent

1086	1067	to false can improve security by reducing reliance on DNS, but
1087	1068	means that short hostnames will not be canonicalized to
1088	1069	fully-qualified hostnames. The default value is true.
	1070
	1071	If this option is set to \sphinxcode{fallback} (new in release 1.18), DNS
	1072	canonicalization will only be performed the server hostname is not
	1073	found with the original name when requesting credentials.
1089	1074
1090	1075	\item[{\sphinxstylestrong{dns\_lookup\_kdc}}] \leavevmode
1091	1076	Indicate whether DNS SRV records should be used to locate the KDCs

1109	1094	krb5.conf information for the realm. SRV records are used as a
1110	1095	fallback if no URI records were found. The default value is true.
1111	1096	New in release 1.15.
	1097
	1098	\item[{\sphinxstylestrong{enforce\_ok\_as\_delegate}}] \leavevmode
	1099	If this flag to true, GSSAPI credential delegation will be
	1100	disabled when the \sphinxcode{ok-as-delegate} flag is not set in the
	1101	service ticket. If this flag is false, the \sphinxcode{ok-as-delegate}
	1102	ticket flag is only enforced when an application specifically
	1103	requests enforcement. The default value is false.
1112	1104
1113	1105	\item[{\sphinxstylestrong{err\_fmt}}] \leavevmode
1114	1106	This relation allows for custom error message formatting. If a

1179	1171	corrective factor is only used by the Kerberos library; it is not
1180	1172	used to change the system clock. The default value is 1.
1181	1173
1182		\item[{\sphinxstylestrong{kdc\_req\_checksum\_type}}] \leavevmode
1183		An integer which specifies the type of checksum to use for the KDC
1184		requests, for compatibility with very old KDC implementations.
1185		This value is only used for DES keys; other keys use the preferred
1186		checksum type for those keys.
1187
1188		The possible values and their meanings are as follows.
1189
1190
1191		\begin{savenotes}\sphinxattablestart
1192		\centering
1193		\begin{tabulary}{\linewidth}[t]{\|T\|T\|}
1194		\hline
1195
1196		1
1197		&
1198		CRC32
1199		\\
1200		\hline
1201		2
1202		&
1203		RSA MD4
1204		\\
1205		\hline
1206		3
1207		&
1208		RSA MD4 DES
1209		\\
1210		\hline
1211		4
1212		&
1213		DES CBC
1214		\\
1215		\hline
1216		7
1217		&
1218		RSA MD5
1219		\\
1220		\hline
1221		8
1222		&
1223		RSA MD5 DES
1224		\\
1225		\hline
1226		9
1227		&
1228		NIST SHA
1229		\\
1230		\hline
1231		12
1232		&
1233		HMAC SHA1 DES3
1234		\\
1235		\hline
1236		-138
1237		&
1238		Microsoft MD5 HMAC checksum type
1239		\\
1240		\hline
1241		\end{tabulary}
1242		\par
1243		\sphinxattableend\end{savenotes}
1244
1245	1174	\item[{\sphinxstylestrong{noaddresses}}] \leavevmode
1246	1175	If this flag is true, requests for initial tickets will not be
1247	1176	made with address restrictions set, allowing the tickets to be
1248	1177	used across NATs. The default value is true.
1249	1178
1250	1179	\item[{\sphinxstylestrong{permitted\_enctypes}}] \leavevmode
1251		Identifies all encryption types that are permitted for use in
1252		session key encryption. The default value for this tag is
1253		\sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4}, but single-DES encryption types will be implicitly
1254		removed from this list if the value of \sphinxstylestrong{allow\_weak\_crypto} is
1255		false.
	1180	Identifies the encryption types that servers will permit for
	1181	session keys and for ticket and authenticator encryption, ordered
	1182	by preference from highest to lowest. Starting in release 1.18,
	1183	this tag also acts as the default value for
	1184	\sphinxstylestrong{default\_tgs\_enctypes} and \sphinxstylestrong{default\_tkt\_enctypes}. The
	1185	default value for this tag is \sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac}.
1256	1186
1257	1187	\item[{\sphinxstylestrong{plugin\_base\_dir}}] \leavevmode
1258	1188	If set, determines the base directory where krb5 plugins are

1269	1199	\item[{\sphinxstylestrong{proxiable}}] \leavevmode
1270	1200	If this flag is true, initial tickets will be proxiable by
1271	1201	default, if allowed by the KDC. The default value is false.
	1202
	1203	\item[{\sphinxstylestrong{qualify\_shortname}}] \leavevmode
	1204	If this string is set, it determines the domain suffix for
	1205	single-component hostnames when DNS canonicalization is not used
	1206	(either because \sphinxstylestrong{dns\_canonicalize\_hostname} is false or because
	1207	forward canonicalization failed). The default value is the first
	1208	search domain of the system’s DNS configuration. To disable
	1209	qualification of shortnames, set this relation to the empty string
	1210	with \sphinxcode{qualify\_shortname = ""}. (New in release 1.18.)
1272	1211
1273	1212	\item[{\sphinxstylestrong{rdns}}] \leavevmode
1274	1213	If this flag is true, reverse name lookup will be used in addition

1289	1228	\item[{\sphinxstylestrong{renew\_lifetime}}] \leavevmode
1290	1229	(\DUrole{xref,std,std-ref}{duration} string.) Sets the default renewable lifetime
1291	1230	for initial ticket requests. The default value is 0.
1292
1293		\item[{\sphinxstylestrong{safe\_checksum\_type}}] \leavevmode
1294		An integer which specifies the type of checksum to use for the
1295		KRB-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
1296		compatibility with applications linked against DCE version 1.1 or
1297		earlier Kerberos libraries, use a value of 3 to use the RSA MD4
1298		DES instead. This field is ignored when its value is incompatible
1299		with the session key type. See the \sphinxstylestrong{kdc\_req\_checksum\_type}
1300		configuration option for the possible values and their meanings.
1301	1231
1302	1232	\item[{\sphinxstylestrong{spake\_preauth\_groups}}] \leavevmode
1303	1233	A whitespace or comma-separated list of words which specifies the

2143	2073	specifies \sphinxstylestrong{X509\_user\_identity} on the command line.
2144	2074
2145	2075	\item[{\sphinxstylestrong{pkinit\_kdc\_hostname}}] \leavevmode
2146		The presense of this option indicates that the client is willing
	2076	The presence of this option indicates that the client is willing
2147	2077	to accept a KDC certificate with a dNSName SAN (Subject
2148	2078	Alternative Name) rather than requiring the id-pkinit-san as
2149	2079	defined in \index{RFC!RFC 4556}\sphinxhref{https://tools.ietf.org/html/rfc4556.html}{\sphinxstylestrong{RFC 4556}}. This option may be specified multiple

2749	2679	listed in \sphinxstylestrong{host\_based\_services}. \sphinxcode{no\_host\_referral = *} will
2750	2680	disable referral processing altogether.
2751	2681
2752		\item[{\sphinxstylestrong{des\_crc\_session\_supported}}] \leavevmode
2753		(Boolean value). If set to true, the KDC will assume that service
2754		principals support des-cbc-crc for session key enctype negotiation
2755		purposes. If \sphinxstylestrong{allow\_weak\_crypto} in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} is
2756		false, or if des-cbc-crc is not a permitted enctype, then this
2757		variable has no effect. Defaults to true. New in release 1.11.
2758
2759	2682	\item[{\sphinxstylestrong{reject\_bad\_transit}}] \leavevmode
2760	2683	(Boolean value.) If set to true, the KDC will check the list of
2761	2684	transited realms for cross-realm tickets against the transit path

2795	2718	(List of \sphinxstyleemphasis{key}:\sphinxstyleemphasis{salt} strings.) Specifies the default key/salt
2796	2719	combinations of principals for this realm. Any principals created
2797	2720	through {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} will have keys of these types. The
2798		default value for this tag is \sphinxcode{aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal}. For lists of
	2721	default value for this tag is \sphinxcode{aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal}. For lists of
2799	2722	possible values, see {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}}.
2800	2723
2801	2724	\end{description}

2843	2766
2844	2767	\item {}
2845	2768	\sphinxstylestrong{ldap\_service\_password\_file}
2846
2847		\item {}
2848		\sphinxstylestrong{ldap\_servers}
2849	2769
2850	2770	\item {}
2851	2771	\sphinxstylestrong{ldap\_conns\_per\_server}

3051	2971	\end{description}
3052	2972
3053	2973	In the following example, the logging messages from the KDC will go to
3054		the console and to the system log under the facility LOG\_DAEMON with
3055		default severity of LOG\_INFO; and the logging messages from the
3056		administrative server will be appended to the file
3057		\sphinxcode{/var/adm/kadmin.log} and sent to the device \sphinxcode{/dev/tty04}.
	2974	the console and to the system log under the facility LOG\_DAEMON, and
	2975	the logging messages from the administrative server will be appended
	2976	to the file \sphinxcode{/var/adm/kadmin.log} and sent to the device
	2977	\sphinxcode{/dev/tty04}.
3058	2978
3059	2979	\fvset{hllines={, ,}}%
3060	2980	\begin{sphinxVerbatim}[commandchars=\\\{\}]

3064	2984	\PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{adm}\PYG{o}{/}\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{log}
3065	2985	\PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{DEVICE}\PYG{o}{=}\PYG{o}{/}\PYG{n}{dev}\PYG{o}{/}\PYG{n}{tty04}
3066	2986	\end{sphinxVerbatim}
	2987
	2988	If no logging specification is given, the default is to use syslog.
	2989	To disable logging entirely, specify \sphinxcode{default = DEVICE=/dev/null}.
3067	2990
3068	2991
3069	2992	\paragraph{{[}otp{]}}

3275	3198	\begin{tabulary}{\linewidth}[t]{\|T\|T\|}
3276	3199	\hline
3277	3200
3278		des-cbc-crc
3279		&
3280		DES cbc mode with CRC-32 (weak)
3281		\\
3282		\hline
3283		des-cbc-md4
3284		&
3285		DES cbc mode with RSA-MD4 (weak)
3286		\\
3287		\hline
3288		des-cbc-md5
3289		&
3290		DES cbc mode with RSA-MD5 (weak)
3291		\\
3292		\hline
3293		des-cbc-raw
3294		&
3295		DES cbc mode raw (weak)
3296		\\
3297		\hline
3298	3201	des3-cbc-raw
3299	3202	&
3300	3203	Triple DES cbc mode raw (weak)

3305	3208	Triple DES cbc mode with HMAC/sha1
3306	3209	\\
3307	3210	\hline
3308		des-hmac-sha1
3309		&
3310		DES with HMAC/sha1 (weak)
3311		\\
3312		\hline
3313	3211	aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1
3314	3212	&
3315	3213	AES-256 CTS mode with 96-bit SHA-1 HMAC

3348	3246	camellia128-cts-cmac camellia128-cts
3349	3247	&
3350	3248	Camellia-128 CTS mode with CMAC
3351		\\
3352		\hline
3353		des
3354		&
3355		The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
3356	3249	\\
3357	3250	\hline
3358	3251	des3

3384	3277	from the current list by prefixing them with a minus sign (“-“).
3385	3278	Types or families can be prefixed with a plus sign (“+”) for symmetry;
3386	3279	it has the same meaning as just listing the type or family. For
3387		example, “\sphinxcode{DEFAULT -des}” would be the default set of encryption
3388		types with DES types removed, and “\sphinxcode{des3 DEFAULT}” would be the
	3280	example, “\sphinxcode{DEFAULT -rc4}” would be the default set of encryption
	3281	types with RC4 types removed, and “\sphinxcode{des3 DEFAULT}” would be the
3389	3282	default set of encryption types with triple DES types moved to the
3390	3283	front.
3391	3284

3435	3328	default for Kerberos Version 5
3436	3329	\\
3437	3330	\hline
3438		v4
3439		&
3440		the only type used by Kerberos Version 4 (no salt)
3441		\\
3442		\hline
3443	3331	norealm
3444	3332	&
3445	3333	same as the default, without using realm information

3448	3336	onlyrealm
3449	3337	&
3450	3338	uses only realm information as the salt
3451		\\
3452		\hline
3453		afs3
3454		&
3455		AFS version 3, only used for compatibility with Kerberos 4 in AFS
3456	3339	\\
3457	3340	\hline
3458	3341	special

4421	4304	\fvset{hllines={, ,}}%
4422	4305	\begin{sphinxVerbatim}[commandchars=\\\{\}]
4423	4306	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{n}{jennifer}
4424		\PYG{n}{WARNING}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
	4307	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
4425	4308	\PYG{n}{defaulting} \PYG{n}{to} \PYG{n}{no} \PYG{n}{policy}\PYG{o}{.}
4426	4309	\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:}
4427	4310	\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:}

4477	4360	\fvset{hllines={, ,}}%
4478	4361	\begin{sphinxVerbatim}[commandchars=\\\{\}]
4479	4362	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{x} \PYG{n}{dn}\PYG{o}{=}\PYG{n}{cn}\PYG{o}{=}\PYG{n}{jennifer}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{n}{jennifer}
4480		\PYG{n}{WARNING}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
	4363	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
4481	4364	\PYG{n}{defaulting} \PYG{n}{to} \PYG{n}{no} \PYG{n}{policy}\PYG{o}{.}
4482	4365	\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{password}\PYG{o}{.}
4483	4366	\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=}\PYG{n}{Type} \PYG{n}{it} \PYG{n}{again}\PYG{o}{.}

4491	4374	\fvset{hllines={, ,}}%
4492	4375	\begin{sphinxVerbatim}[commandchars=\\\{\}]
4493	4376	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{x} \PYG{n}{containerdn}\PYG{o}{=}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{x} \PYG{n}{linkdn}\PYG{o}{=}\PYG{n}{cn}\PYG{o}{=}\PYG{n}{david}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{n}{david}
4494		\PYG{n}{WARNING}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{david@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
	4377	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{david@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
4495	4378	\PYG{n}{defaulting} \PYG{n}{to} \PYG{n}{no} \PYG{n}{policy}\PYG{o}{.}
4496	4379	\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{david}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{password}\PYG{o}{.}
4497	4380	\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{david}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=}\PYG{n}{Type} \PYG{n}{it} \PYG{n}{again}\PYG{o}{.}

4569	4452	\PYG{n}{Principal}\PYG{p}{:} \PYG{n}{tlyu}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}
4570	4453	\PYG{n}{Expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
4571	4454	\PYG{n}{Last} \PYG{n}{password} \PYG{n}{change}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996}
4572		\PYG{n}{Password} \PYG{n}{expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{none}\PYG{p}{]}
	4455	\PYG{n}{Password} \PYG{n}{expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
4573	4456	\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{10}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}
4574	4457	\PYG{n}{Maximum} \PYG{n}{renewable} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{7} \PYG{n}{days} \PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}
4575	4458	\PYG{n}{Last} \PYG{n}{modified}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996} \PYG{p}{(}\PYG{n}{bjaspan}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{)}
4576	4459	\PYG{n}{Last} \PYG{n}{successful} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
4577	4460	\PYG{n}{Last} \PYG{n}{failed} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
4578	4461	\PYG{n}{Failed} \PYG{n}{password} \PYG{n}{attempts}\PYG{p}{:} \PYG{l+m+mi}{0}
4579		\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{2}
4580		\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}
4581		\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{v4}
	4462	\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1}
	4463	\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192}
	4464	\PYG{n}{MKey}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}
4582	4465	\PYG{n}{Attributes}\PYG{p}{:}
4583	4466	\PYG{n}{Policy}\PYG{p}{:} \PYG{p}{[}\PYG{n}{none}\PYG{p}{]}
4584	4467

5021	4904	\sphinxstylestrong{dump} command on one of the KDCs.
5022	4905	\begin{quote}
5023	4906
5024		\sphinxstylestrong{dump} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-ov}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]}
	4907	\sphinxstylestrong{dump} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]}
5025	4908	{[}\sphinxstylestrong{-verbose}{]} {[}\sphinxstylestrong{-mkey\_convert}{]} {[}\sphinxstylestrong{-new\_mkey\_file}
5026	4909	\sphinxstyleemphasis{mkey\_file}{]} {[}\sphinxstylestrong{-rev}{]} {[}\sphinxstylestrong{-recurse}{]} {[}\sphinxstyleemphasis{filename}
5027	4910	{[}\sphinxstyleemphasis{principals}…{]}{]}

5037	4920	load\_dump version 4”). This was the dump format produced on
5038	4921	releases prior to 1.2.2.
5039	4922
5040		\item[{\sphinxstylestrong{-ov}}] \leavevmode
5041		causes the dump to be in “ovsec\_adm\_export” format.
5042
5043	4923	\item[{\sphinxstylestrong{-r13}}] \leavevmode
5044	4924	causes the dump to be in the Kerberos 5 1.3 format (“kdb5\_util
5045	4925	load\_dump version 5”). This was the dump format produced on

5130	5010	{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} \sphinxstylestrong{load} command on one of the KDCs.
5131	5011	\begin{quote}
5132	5012
5133		\sphinxstylestrong{load} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-ov}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]} {[}\sphinxstylestrong{-hash}{]}
	5013	\sphinxstylestrong{load} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]} {[}\sphinxstylestrong{-hash}{]}
5134	5014	{[}\sphinxstylestrong{-verbose}{]} {[}\sphinxstylestrong{-update}{]} \sphinxstyleemphasis{filename}
5135	5015	\end{quote}
5136	5016

5149	5029	(“kdb5\_util load\_dump version 4”). This was the dump format
5150	5030	produced on releases prior to 1.2.2.
5151	5031
5152		\item[{\sphinxstylestrong{-ov}}] \leavevmode
5153		requires the database to be in “ovsec\_adm\_import” format. Must be
5154		used with the \sphinxstylestrong{-update} option.
5155
5156	5032	\item[{\sphinxstylestrong{-r13}}] \leavevmode
5157	5033	requires the database to be in Kerberos 5 1.3 format (“kdb5\_util
5158	5034	load\_dump version 5”). This was the dump format produced on

5200	5076	If the database file exists, and the \sphinxstyleemphasis{-update} flag was not
5201	5077	given, \sphinxstyleemphasis{kdb5\_util} will overwrite the existing database.
5202	5078	\end{sphinxadmonition}
5203
5204		Using kdb5\_util to upgrade a master KDC from krb5 1.1.x:
5205
5206		\fvset{hllines={, ,}}%
5207		\begin{sphinxVerbatim}[commandchars=\\\{\}]
5208		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{dump} \PYG{n}{old}\PYG{o}{\PYGZhy{}}\PYG{n}{kdb}\PYG{o}{\PYGZhy{}}\PYG{n}{dump}
5209		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{dump} \PYG{o}{\PYGZhy{}}\PYG{n}{ov} \PYG{n}{old}\PYG{o}{\PYGZhy{}}\PYG{n}{kdb}\PYG{o}{\PYGZhy{}}\PYG{n}{dump}\PYG{o}{.}\PYG{n}{ov}
5210		\PYG{p}{[}\PYG{n}{Create} \PYG{n}{a} \PYG{n}{new} \PYG{n}{KDC} \PYG{n}{installation}\PYG{p}{,} \PYG{n}{using} \PYG{n}{the} \PYG{n}{old} \PYG{n}{stash} \PYG{n}{file}\PYG{o}{/}\PYG{n}{master} \PYG{n}{password}\PYG{p}{]}
5211		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{load} \PYG{n}{old}\PYG{o}{\PYGZhy{}}\PYG{n}{kdb}\PYG{o}{\PYGZhy{}}\PYG{n}{dump}
5212		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{load} \PYG{o}{\PYGZhy{}}\PYG{n}{update} \PYG{n}{old}\PYG{o}{\PYGZhy{}}\PYG{n}{kdb}\PYG{o}{\PYGZhy{}}\PYG{n}{dump}\PYG{o}{.}\PYG{n}{ov}
5213		\end{sphinxVerbatim}
5214
5215		The use of old-kdb-dump.ov for an extra dump and load is necessary
5216		to preserve per-principal policy information, which is not included in
5217		the default dump format of krb5 1.1.x.
5218	5079
5219	5080	\begin{sphinxadmonition}{note}{Note:}
5220	5081	Using kdb5\_util to dump and reload the principal database is

5318	5179	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5319	5180	\PYGZdl{} kdb5\PYGZus{}util list\PYGZus{}mkeys
5320	5181	Master keys for Principal: K/M@KRBTEST.COM
5321		KVNO: 1, Enctype: des\PYGZhy{}cbc\PYGZhy{}crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
	5182	KVNO: 1, Enctype: aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
5322	5183	\end{sphinxVerbatim}
5323	5184
5324	5185	\item {}

5389	5250
5390	5251	\sphinxstylestrong{OPTIONS}
5391	5252	\begin{description}
	5253	\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
	5254	Specifies the realm to be operated on.
	5255
5392	5256	\item[{\sphinxstylestrong{-D} \sphinxstyleemphasis{user\_dn}}] \leavevmode
5393	5257	Specifies the Distinguished Name (DN) of the user who has
5394	5258	sufficient rights to perform the operation on the LDAP server.

5398	5262	recommended.
5399	5263
5400	5264	\item[{\sphinxstylestrong{-H} \sphinxstyleemphasis{ldapuri}}] \leavevmode
5401		Specifies the URI of the LDAP server. It is recommended to use
5402		\sphinxcode{ldapi://} or \sphinxcode{ldaps://} to connect to the LDAP server.
	5265	Specifies the URI of the LDAP server.
5403	5266
5404	5267	\end{description}
	5268
	5269	By default, kdb5\_ldap\_util operates on the default realm (as specified
	5270	in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}) and connects and authenticates to the LDAP
	5271	server in the same manner as :ref:kadmind(8){}` would given the
	5272	parameters in {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbdefaults{]}}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}.
5405	5273
5406	5274
5407	5275	\subsection{Creating a Kerberos realm}

5416	5284	{[}\sphinxstylestrong{-containerref} \sphinxstyleemphasis{container\_reference\_dn}{]}
5417	5285	{[}\sphinxstylestrong{-k} \sphinxstyleemphasis{mkeytype}{]}
5418	5286	{[}\sphinxstylestrong{-kv} \sphinxstyleemphasis{mkeyVNO}{]}
	5287	{[}\sphinxstylestrong{-M} \sphinxstyleemphasis{mkeyname}{]}
5419	5288	{[}\sphinxstylestrong{-m\textbar{}-P} \sphinxstyleemphasis{password}\textbar{}\sphinxstylestrong{-sf} \sphinxstyleemphasis{stashfilename}{]}
5420	5289	{[}\sphinxstylestrong{-s}{]}
5421		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5422	5290	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
5423	5291	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
5424	5292	{[}\sphinxstyleemphasis{ticket\_flags}{]}

5451	5319	Specifies the version number of the master key in the database;
5452	5320	the default is 1. Note that 0 is not allowed.
5453	5321
	5322	\item[{\sphinxstylestrong{-M} \sphinxstyleemphasis{mkeyname}}] \leavevmode
	5323	Specifies the principal name for the master key in the database.
	5324	If not specified, the name is determined by the
	5325	\sphinxstylestrong{master\_key\_name} variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}.
	5326
5454	5327	\item[{\sphinxstylestrong{-m}}] \leavevmode
5455	5328	Specifies that the master database password should be read from
5456	5329	the TTY rather than fetched from a file on the disk.

5458	5331	\item[{\sphinxstylestrong{-P} \sphinxstyleemphasis{password}}] \leavevmode
5459	5332	Specifies the master database password. This option is not
5460	5333	recommended.
5461
5462		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5463		Specifies the Kerberos realm of the database.
5464	5334
5465	5335	\item[{\sphinxstylestrong{-sf} \sphinxstyleemphasis{stashfilename}}] \leavevmode
5466	5336	Specifies the stash file of the master database password.

5488	5358	\fvset{hllines={, ,}}%
5489	5359	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5490	5360	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
5491		\PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{sscope} \PYG{n}{SUB} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	5361	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{sscope} \PYG{n}{SUB}
5492	5362	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
5493	5363	\PYG{n}{Initializing} \PYG{n}{database} \PYG{k}{for} \PYG{n}{realm} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{ATHENA.MIT.EDU}\PYG{l+s+s1}{\PYGZsq{}}
5494	5364	\PYG{n}{You} \PYG{n}{will} \PYG{n}{be} \PYG{n}{prompted} \PYG{k}{for} \PYG{n}{the} \PYG{n}{database} \PYG{n}{Master} \PYG{n}{Password}\PYG{o}{.}

5508	5378	{[}\sphinxstylestrong{-subtrees} \sphinxstyleemphasis{subtree\_dn\_list}{]}
5509	5379	{[}\sphinxstylestrong{-sscope} \sphinxstyleemphasis{search\_scope}{]}
5510	5380	{[}\sphinxstylestrong{-containerref} \sphinxstyleemphasis{container\_reference\_dn}{]}
5511		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5512	5381	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
5513	5382	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
5514	5383	{[}\sphinxstyleemphasis{ticket\_flags}{]}

5530	5399	container object in which the principals of a realm will be
5531	5400	created.
5532	5401
5533		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5534		Specifies the Kerberos realm of the database.
5535
5536	5402	\item[{\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode
5537	5403	(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for
5538	5404	principals in this realm.

5552	5418
5553	5419	\fvset{hllines={, ,}}%
5554	5420	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5555		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
5556		\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{r}
5557		\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	5421	\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
	5422	\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth}
5558	5423	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
5559	5424	\PYG{n}{shell}\PYG{o}{\PYGZpc{}}
5560	5425	\end{sphinxVerbatim}

5566	5431	{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}} \sphinxstylestrong{destroy} command as follows.
5567	5432	\begin{quote}
5568	5433
5569		\sphinxstylestrong{destroy} {[}\sphinxstylestrong{-f}{]} {[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
	5434	\sphinxstylestrong{destroy} {[}\sphinxstylestrong{-f}{]}
5570	5435	\end{quote}
5571	5436
5572	5437	Destroys an existing realm. Options:

5574	5439	\item[{\sphinxstylestrong{-f}}] \leavevmode
5575	5440	If specified, will not prompt the user for confirmation.
5576	5441
5577		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5578		Specifies the Kerberos realm of the database.
5579
5580	5442	\end{description}
5581	5443
5582	5444	Example:
5583	5445
5584	5446	\fvset{hllines={, ,}}%
5585	5447	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5586		shell\PYGZpc{} kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}D cn=admin,o=org \PYGZhy{}H
5587		ldaps://ldap\PYGZhy{}server1.mit.edu destroy \PYGZhy{}r ATHENA.MIT.EDU
	5448	shell\PYGZpc{} kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}r ATHENA.MIT.EDU \PYGZhy{}D cn=admin,o=org \PYGZhy{}H
	5449	ldaps://ldap\PYGZhy{}server1.mit.edu destroy
5588	5450	Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}:
5589	5451	Deleting KDC database of \PYGZsq{}ATHENA.MIT.EDU\PYGZsq{}, are you sure?
5590	5452	(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes

5599	5461	{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}} \sphinxstylestrong{view} command as follows.
5600	5462	\begin{quote}
5601	5463
5602		\sphinxstylestrong{view} {[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
	5464	\sphinxstylestrong{view}
5603	5465	\end{quote}
5604	5466
5605		Displays the attributes of a realm. Options:
5606		\begin{description}
5607		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5608		Specifies the Kerberos realm of the database.
5609
5610		\end{description}
	5467	Displays the attributes of a realm.
5611	5468
5612	5469	Example:
5613	5470
5614	5471	\fvset{hllines={, ,}}%
5615	5472	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5616	5473	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
5617		\PYG{n}{view} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	5474	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view}
5618	5475	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
5619	5476	\PYG{n}{Realm} \PYG{n}{Name}\PYG{p}{:} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
5620	5477	\PYG{n}{Subtree}\PYG{p}{:} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{users}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org}

5635	5492	\sphinxstylestrong{list}
5636	5493	\end{quote}
5637	5494
5638		Lists the name of realms.
	5495	Lists the names of realms under the container.
5639	5496
5640	5497	Example:
5641	5498

5706	5563	\begin{quote}
5707	5564
5708	5565	\sphinxstylestrong{create\_policy}
5709		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5710	5566	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
5711	5567	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
5712	5568	{[}\sphinxstyleemphasis{ticket\_flags}{]}

5715	5571
5716	5572	Creates a ticket policy in the directory. Options:
5717	5573	\begin{description}
5718		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5719		Specifies the Kerberos realm of the database.
5720
5721	5574	\item[{\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode
5722	5575	(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for
5723	5576	principals.

5742	5595	\fvset{hllines={, ,}}%
5743	5596	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5744	5597	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
5745		\PYG{n}{create\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 day}\PYG{l+s+s2}{\PYGZdq{}}
	5598	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 day}\PYG{l+s+s2}{\PYGZdq{}}
5746	5599	\PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 week}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{+}\PYG{n}{needchange}
5747	5600	\PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}forwardable} \PYG{n}{tktpolicy}
5748	5601	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}

5756	5609	\begin{quote}
5757	5610
5758	5611	\sphinxstylestrong{modify\_policy}
5759		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5760	5612	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
5761	5613	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
5762	5614	{[}\sphinxstyleemphasis{ticket\_flags}{]}

5771	5623	\fvset{hllines={, ,}}%
5772	5624	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5773	5625	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
5774		\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	5626	\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{modify\PYGZus{}policy}
5775	5627	\PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{60 minutes}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{10 hours}\PYG{l+s+s2}{\PYGZdq{}}
5776	5628	\PYG{o}{+}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{\PYGZhy{}}\PYG{n}{requires\PYGZus{}preauth} \PYG{n}{tktpolicy}
5777	5629	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}

5785	5637	\begin{quote}
5786	5638
5787	5639	\sphinxstylestrong{view\_policy}
5788		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5789	5640	\sphinxstyleemphasis{policy\_name}
5790	5641	\end{quote}
5791	5642
5792		Displays the attributes of a ticket policy. Options:
5793		\begin{description}
5794		\item[{\sphinxstyleemphasis{policy\_name}}] \leavevmode
5795		Specifies the name of the ticket policy.
5796
5797		\end{description}
	5643	Displays the attributes of the named ticket policy.
5798	5644
5799	5645	Example:
5800	5646
5801	5647	\fvset{hllines={, ,}}%
5802	5648	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5803	5649	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
5804		\PYG{n}{view\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{tktpolicy}
	5650	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view\PYGZus{}policy} \PYG{n}{tktpolicy}
5805	5651	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
5806	5652	\PYG{n}{Ticket} \PYG{n}{policy}\PYG{p}{:} \PYG{n}{tktpolicy}
5807	5653	\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{01}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}

5817	5663	\begin{quote}
5818	5664
5819	5665	\sphinxstylestrong{destroy\_policy}
5820		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5821	5666	{[}\sphinxstylestrong{-force}{]}
5822	5667	\sphinxstyleemphasis{policy\_name}
5823	5668	\end{quote}
5824	5669
5825	5670	Destroys an existing ticket policy. Options:
5826	5671	\begin{description}
5827		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5828		Specifies the Kerberos realm of the database.
5829
5830	5672	\item[{\sphinxstylestrong{-force}}] \leavevmode
5831	5673	Forces the deletion of the policy object. If not specified, the
5832	5674	user will be prompted for confirmation before deleting the policy.

5841	5683	\fvset{hllines={, ,}}%
5842	5684	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5843	5685	kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}D cn=admin,o=org \PYGZhy{}H ldaps://ldap\PYGZhy{}server1.mit.edu
5844		destroy\PYGZus{}policy \PYGZhy{}r ATHENA.MIT.EDU tktpolicy
	5686	\PYGZhy{}r ATHENA.MIT.EDU destroy\PYGZus{}policy tktpolicy
5845	5687	Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}:
5846	5688	This will delete the policy object \PYGZsq{}tktpolicy\PYGZsq{}, are you sure?
5847	5689	(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes

5856	5698	\begin{quote}
5857	5699
5858	5700	\sphinxstylestrong{list\_policy}
5859		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
5860	5701	\end{quote}
5861	5702
5862		Lists the ticket policies in realm if specified or in the default
5863		realm. Options:
5864		\begin{description}
5865		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
5866		Specifies the Kerberos realm of the database.
5867
5868		\end{description}
	5703	Lists ticket policies.
5869	5704
5870	5705	Example:
5871	5706
5872	5707	\fvset{hllines={, ,}}%
5873	5708	\begin{sphinxVerbatim}[commandchars=\\\{\}]
5874	5709	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
5875		\PYG{n}{list\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	5710	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{list\PYGZus{}policy}
5876	5711	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
5877	5712	\PYG{n}{tktpolicy}
5878	5713	\PYG{n}{tmppolicy}

5959	5794	types supported by the krbtgt service (see
5960	5795	{\hyperref[\detokenize{admin/enctypes:session-key-selection}]{\sphinxcrossref{\DUrole{std,std-ref}{Session key selection}}}}). Because non-MIT Kerberos clients
5961	5796	sometimes send a limited set of encryption types when making AS
5962		requests, it can be important to for the krbtgt service to support
	5797	requests, it can be important for the krbtgt service to support
5963	5798	multiple encryption types. This can be accomplished by giving the
5964	5799	krbtgt principal multiple keys, which is usually as simple as not
5965	5800	specifying any \sphinxstylestrong{-e} option when changing the krbtgt key, or by

5988	5823	size. A process on each replica KDC connects to a service on the
5989	5824	master KDC (currently implemented in the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} server) and
5990	5825	periodically requests the changes that have been made since the last
5991		check. By default, this check is done every two minutes. If the
5992		database has just been modified in the previous several seconds
5993		(currently the threshold is hard-coded at 10 seconds), the replica
5994		will not retrieve updates, but instead will pause and try again soon
5995		after. This reduces the likelihood that incremental update queries
5996		will cause delays for an administrator trying to make a bunch of
5997		changes to the database at the same time.
	5826	check. By default, this check is done every two minutes.
5998	5827
5999	5828	Incremental propagation uses the following entries in the per-realm
6000	5829	data in the KDC config file (See {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}):

6480	6309	\chapter{Configuring Kerberos with OpenLDAP back-end}
6481	6310	\label{\detokenize{admin/conf_ldap:conf-ldap}}\label{\detokenize{admin/conf_ldap::doc}}\label{\detokenize{admin/conf_ldap:configuring-kerberos-with-openldap-back-end}}\begin{enumerate}
6482	6311	\item {}
6483		Set up SSL on the OpenLDAP server and client to ensure secure
6484		communication when the KDC service and LDAP server are on different
6485		machines. \sphinxcode{ldapi://} can be used if the LDAP server and KDC
6486		service are running on the same machine.
6487		\begin{enumerate}
6488		\item {}
6489		Setting up SSL on the OpenLDAP server:
6490
6491		\end{enumerate}
6492		\begin{enumerate}
6493		\item {}
6494		Get a CA certificate using OpenSSL tools
6495
6496		\item {}
6497		Configure OpenLDAP server for using SSL/TLS
6498
6499		For the latter, you need to specify the location of CA
6500		certificate location in \sphinxstyleemphasis{slapd.conf} file.
6501
6502		Refer to the following link for more information:
6503		\sphinxurl{https://www.openldap.org/doc/admin23/tls.html}
6504
6505		\end{enumerate}
6506		\begin{enumerate}
6507		\setcounter{enumi}{1}
6508		\item {}
6509		Setting up SSL on OpenLDAP client:
6510		\begin{enumerate}
6511		\item {}
6512		For the KDC and Admin Server, you need to do the client-side
6513		configuration in ldap.conf. For example:
6514
6515		\fvset{hllines={, ,}}%
6516		\begin{sphinxVerbatim}[commandchars=\\\{\}]
6517		\PYG{n}{TLS\PYGZus{}CACERT} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{openldap}\PYG{o}{/}\PYG{n}{certs}\PYG{o}{/}\PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem}
6518		\end{sphinxVerbatim}
6519
6520		\end{enumerate}
6521
6522		\end{enumerate}
6523
6524		\item {}
6525		Include the Kerberos schema file (kerberos.schema) in the
6526		configuration file (slapd.conf) on the LDAP Server, by providing
6527		the location where it is stored:
6528
6529		\fvset{hllines={, ,}}%
6530		\begin{sphinxVerbatim}[commandchars=\\\{\}]
6531		\PYG{n}{include} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{openldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{schema}
	6312	Make sure the LDAP server is using local authentication
	6313	(\sphinxcode{ldapi://}) or TLS (\sphinxcode{ldaps}). See
	6314	\sphinxurl{https://www.openldap.org/doc/admin24/tls.html} for instructions on
	6315	configuring TLS support in OpenLDAP.
	6316
	6317	\item {}
	6318	Add the Kerberos schema file to the LDAP Server using the OpenLDAP
	6319	LDIF file from the krb5 source directory
	6320	(\sphinxcode{src/plugins/kdb/ldap/libkdb\_ldap/kerberos.openldap.ldif}).
	6321	The following example uses local authentication:
	6322
	6323	\fvset{hllines={, ,}}%
	6324	\begin{sphinxVerbatim}[commandchars=\\\{\}]
	6325	\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{openldap}\PYG{o}{.}\PYG{n}{ldif}
6532	6326	\end{sphinxVerbatim}
6533	6327
6534	6328	\item {}
6535	6329	Choose DNs for the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} and {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} servers
6536		to bind to the LDAP server, and create them if necessary. These DNs
6537		will be specified with the \sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn}
6538		directives in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}; their passwords can be stashed
6539		with “\sphinxcode{kdb5\_ldap\_util stashsrvpw}” and the resulting file
6540		specified with the \sphinxstylestrong{ldap\_service\_password\_file} directive.
	6330	to bind to the LDAP server, and create them if necessary. Specify
	6331	these DNs with the \sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn}
	6332	directives in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. The kadmind DN will also be
	6333	used for administrative commands such as {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}.
	6334
	6335	Alternatively, you may configure krb5kdc and kadmind to use SASL
	6336	authentication to access the LDAP server; see the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}}
	6337	relations \sphinxstylestrong{ldap\_kdc\_sasl\_mech} and similar.
	6338
	6339	\item {}
	6340	Specify a location for the LDAP service password file by setting
	6341	\sphinxstylestrong{ldap\_service\_password\_file}. Use \sphinxcode{kdb5\_ldap\_util stashsrvpw}
	6342	to stash passwords for the KDC and kadmind DNs chosen above. For
	6343	example:
	6344
	6345	\fvset{hllines={, ,}}%
	6346	\begin{sphinxVerbatim}[commandchars=\\\{\}]
	6347	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{n}{stashsrvpw} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{service}\PYG{o}{.}\PYG{n}{keyfile} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{krbadmin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
	6348	\end{sphinxVerbatim}
	6349
	6350	Skip this step if you are using SASL authentication and the
	6351	mechanism does not require a password.
6541	6352
6542	6353	\item {}
6543	6354	Choose a DN for the global Kerberos container entry (but do not
6544		create the entry at this time). This DN will be specified with the
	6355	create the entry at this time). Specify this DN with the
6545	6356	\sphinxstylestrong{ldap\_kerberos\_container\_dn} directive in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}.
6546	6357	Realm container entries will be created underneath this DN.
6547	6358	Principal entries may exist either underneath the realm container

6565	6376	\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{base}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=Subschema}\PYG{l+s+s2}{\PYGZdq{}}
6566	6377	\PYG{n}{by} \PYG{o}{*} \PYG{n}{read}
6567	6378
6568		\PYG{n}{access} \PYG{n}{to} \PYG{n}{attrs}\PYG{o}{=}\PYG{n}{userPassword}\PYG{p}{,}\PYG{n}{userPKCS12}
6569		\PYG{n}{by} \PYG{n+nb+bp}{self} \PYG{n}{write}
6570		\PYG{n}{by} \PYG{o}{*} \PYG{n}{auth}
6571
6572		\PYG{n}{access} \PYG{n}{to} \PYG{n}{attrs}\PYG{o}{=}\PYG{n}{shadowLastChange}
6573		\PYG{n}{by} \PYG{n+nb+bp}{self} \PYG{n}{write}
6574		\PYG{n}{by} \PYG{o}{*} \PYG{n}{read}
6575
6576		\PYG{c+c1}{\PYGZsh{} Providing access to realm container}
	6379	\PYG{c+c1}{\PYGZsh{} Provide access to the realm container.}
6577	6380	\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{subtree}\PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}}
6578	6381	\PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=kdc\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write}
6579	6382	\PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=adm\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write}
6580	6383	\PYG{n}{by} \PYG{o}{*} \PYG{n}{none}
6581	6384
6582		\PYG{c+c1}{\PYGZsh{} Providing access to principals, if not underneath realm container}
	6385	\PYG{c+c1}{\PYGZsh{} Provide access to principals, if not underneath the realm container.}
6583	6386	\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{subtree}\PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{ou=users,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}}
6584	6387	\PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=kdc\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write}
6585	6388	\PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=adm\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write}

6589	6392	\PYG{n}{by} \PYG{o}{*} \PYG{n}{read}
6590	6393	\end{sphinxVerbatim}
6591	6394
6592		If the locations of the container and principals or the DNs of
6593		the service objects for a realm are changed then this
6594		information should be updated.
6595
6596		\item {}
6597		Start the LDAP server as follows:
6598
6599		\fvset{hllines={, ,}}%
6600		\begin{sphinxVerbatim}[commandchars=\\\{\}]
6601		\PYG{n}{slapd} \PYG{o}{\PYGZhy{}}\PYG{n}{h} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{ldapi:/// ldaps:///}\PYG{l+s+s2}{\PYGZdq{}}
6602		\end{sphinxVerbatim}
6603
6604		\item {}
6605		Modify the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file to include LDAP specific items
6606		listed below:
6607
6608		\fvset{hllines={, ,}}%
6609		\begin{sphinxVerbatim}[commandchars=\\\{\}]
6610		\PYG{n}{realms}
6611		\PYG{n}{database\PYGZus{}module}
6612
6613		\PYG{n}{dbmodules}
6614		\PYG{n}{db\PYGZus{}library}
6615		\PYG{n}{db\PYGZus{}module\PYGZus{}dir}
6616		\PYG{n}{ldap\PYGZus{}kdc\PYGZus{}dn}
6617		\PYG{n}{ldap\PYGZus{}kadmind\PYGZus{}dn}
6618		\PYG{n}{ldap\PYGZus{}service\PYGZus{}password\PYGZus{}file}
6619		\PYG{n}{ldap\PYGZus{}servers}
6620		\PYG{n}{ldap\PYGZus{}conns\PYGZus{}per\PYGZus{}server}
	6395	If the locations of the container and principals or the DNs of the
	6396	service objects for a realm are changed then this information
	6397	should be updated.
	6398
	6399	\item {}
	6400	In {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, make sure the following relations are set
	6401	in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} subsection for the realm:
	6402
	6403	\fvset{hllines={, ,}}%
	6404	\begin{sphinxVerbatim}[commandchars=\\\{\}]
	6405	db\PYGZus{}library (set to {}`{}`kldap{}`{}`)
	6406	ldap\PYGZus{}kerberos\PYGZus{}container\PYGZus{}dn
	6407	ldap\PYGZus{}kdc\PYGZus{}dn
	6408	ldap\PYGZus{}kadmind\PYGZus{}dn
	6409	ldap\PYGZus{}service\PYGZus{}password\PYGZus{}file
	6410	ldap\PYGZus{}servers
6621	6411	\end{sphinxVerbatim}
6622	6412
6623	6413	\item {}

6626	6416
6627	6417	\fvset{hllines={, ,}}%
6628	6418	\begin{sphinxVerbatim}[commandchars=\\\{\}]
6629		\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{users}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{\PYGZhy{}}\PYG{n}{s}
	6419	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{users}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{s}
6630	6420	\end{sphinxVerbatim}
6631	6421
6632	6422	Use the \sphinxstylestrong{-subtrees} option if the principals are to exist in a

6639	6429	For more information, refer to the section {\hyperref[\detokenize{admin/database:ops-on-ldap}]{\sphinxcrossref{\DUrole{std,std-ref}{Operations on the LDAP database}}}}.
6640	6430
6641	6431	The realm object is created under the
6642		\sphinxstylestrong{ldap\_kerberos\_container\_dn} specified in the configuration file.
6643		This operation will also create the Kerberos container, if not
6644		present already. This will be used to store information related to
6645		all realms.
6646
6647		\item {}
6648		Stash the password of the service object used by the KDC and
6649		Administration service to bind to the LDAP server using the
6650		{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}} \sphinxstylestrong{stashsrvpw} command (see
6651		{\hyperref[\detokenize{admin/database:stash-ldap}]{\sphinxcrossref{\DUrole{std,std-ref}{Stashing service object’s password}}}}). The object DN should be the same as
6652		\sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn} values specified in the
6653		{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file:
6654
6655		\fvset{hllines={, ,}}%
6656		\begin{sphinxVerbatim}[commandchars=\\\{\}]
6657		\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{n}{stashsrvpw} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{/}\PYG{n}{service}\PYG{o}{.}\PYG{n}{keyfile} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{krbadmin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
6658		\end{sphinxVerbatim}
6659
6660		\item {}
6661		Add \sphinxcode{krbPrincipalName} to the indexes in slapd.conf to speed up
6662		the access.
	6432	\sphinxstylestrong{ldap\_kerberos\_container\_dn} specified in the configuration
	6433	file. This operation will also create the Kerberos container, if
	6434	not present already. This container can be used to store
	6435	information related to multiple realms.
	6436
	6437	\item {}
	6438	Add an \sphinxcode{eq} index for \sphinxcode{krbPrincipalName} to speed up principal
	6439	lookup operations. See
	6440	\sphinxurl{https://www.openldap.org/doc/admin24/tuning.html\#Indexes} for
	6441	details.
6663	6442
6664	6443	\end{enumerate}
6665	6444
6666	6445	With the LDAP back end it is possible to provide aliases for principal
6667		entries. Currently we provide no mechanism provided for creating
6668		aliases, so it must be done by direct manipulation of the LDAP
6669		entries.
	6446	entries. Currently we provide no administrative utilities for
	6447	creating aliases, so it must be done by direct manipulation of the
	6448	LDAP entries.
6670	6449
6671	6450	An entry with aliases contains multiple values of the
6672	6451	\sphinxstyleemphasis{krbPrincipalName} attribute. Since LDAP attribute values are not

6682	6461	service principals; for client principals, an explicit flag is often
6683	6462	required (e.g., \sphinxcode{kinit -C}) and canonicalization is only performed
6684	6463	for initial ticket requests.
6685
6686
6687		\sphinxstrong{See also:}
6688
6689
6690		{\hyperref[\detokenize{admin/advanced/ldapbackend:ldap-be-ubuntu}]{\sphinxcrossref{\DUrole{std,std-ref}{LDAP backend on Ubuntu 10.4 (lucid)}}}}
6691
6692
6693	6464
6694	6465
6695	6466	\chapter{Application servers}

6831	6602	\PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}
6832	6603	\PYG{n}{kadmin}\PYG{p}{:}
6833	6604	\end{sphinxVerbatim}
	6605
	6606
	6607	\subsection{Using a keytab to acquire client credentials}
	6608	\label{\detokenize{admin/appl_servers:using-a-keytab-to-acquire-client-credentials}}
	6609	While keytabs are ordinarily used to accept credentials from clients,
	6610	they can also be used to acquire initial credentials, allowing one
	6611	service to authenticate to another.
	6612
	6613	To manually obtain credentials using a keytab, use the \DUrole{xref,std,std-ref}{kinit(1)}
	6614	\sphinxstylestrong{-k} option, together with the \sphinxstylestrong{-t} option if the keytab is not in
	6615	the default location.
	6616
	6617	Beginning with release 1.11, GSSAPI applications can be configured to
	6618	automatically obtain initial credentials from a keytab as needed. The
	6619	recommended configuration is as follows:
	6620	\begin{enumerate}
	6621	\item {}
	6622	Create a keytab containing a single entry for the desired client
	6623	identity.
	6624
	6625	\item {}
	6626	Place the keytab in a location readable by the service, and set the
	6627	\sphinxstylestrong{KRB5\_CLIENT\_KTNAME} environment variable to its filename.
	6628	Alternatively, use the \sphinxstylestrong{default\_client\_keytab\_name} profile
	6629	variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}, or use the default location of
	6630	{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFCKTNAME}}}}.
	6631
	6632	\item {}
	6633	Set \sphinxstylestrong{KRB5CCNAME} to a filename writable by the service, which
	6634	will not be used for any other purpose. Do not manually obtain
	6635	credentials at this location. (Another credential cache type
	6636	besides \sphinxstylestrong{FILE} can be used if desired, as long the cache will not
	6637	conflict with another use. A \sphinxstylestrong{MEMORY} cache can be used if the
	6638	service runs as a long-lived process. See \DUrole{xref,std,std-ref}{ccache\_definition}
	6639	for details.)
	6640
	6641	\item {}
	6642	Start the service. When it authenticates using GSSAPI, it will
	6643	automatically obtain credentials from the client keytab into the
	6644	specified credential cache, and refresh them before they expire.
	6645
	6646	\end{enumerate}
6834	6647
6835	6648
6836	6649	\section{Clock Skew}

7025	6838	\PYGZsh{} only principals in OTHER.REALM are matched.
7026	6839	\PYGZsh{}
7027	6840	\PYGZsh{} s/@OTHER\PYGZbs{}.REALM\PYGZdl{}// removes the realm name, leaving behind the
7028		\PYGZsh{} principal name as the acount name.
	6841	\PYGZsh{} principal name as the account name.
7029	6842	auth\PYGZus{}to\PYGZus{}local = RULE:[1:\PYGZdl{}1@\PYGZdl{}0](.*@OTHER\PYGZbs{}.REALM)s/@OTHER\PYGZbs{}.REALM\PYGZdl{}//
7030	6843
7031	6844	\PYGZsh{} Also allow principals from the default realm. Omit this line

7138	6951	\subsection{GSSAPI mechanism modules}
7139	6952	\label{\detokenize{admin/host_config:gssapi-plugin-config}}\label{\detokenize{admin/host_config:gssapi-mechanism-modules}}
7140	6953	GSSAPI mechanism modules are registered using the file
7141		\sphinxcode{/etc/gss/mech} or configuration files in the \sphinxcode{/etc/gss/mech.d/}
7142		directory. Only files with a \sphinxcode{.conf} suffix will be read from the
7143		\sphinxcode{/etc/gss/mech.d/} directory. Each line in these files has the
7144		form:
7145
7146		\fvset{hllines={, ,}}%
7147		\begin{sphinxVerbatim}[commandchars=\\\{\}]
7148		\PYG{n}{oid} \PYG{n}{pathname} \PYG{p}{[}\PYG{n}{options}\PYG{p}{]} \PYG{o}{\PYGZlt{}}\PYG{n+nb}{type}\PYG{o}{\PYGZgt{}}
7149		\end{sphinxVerbatim}
7150
7151		Only the oid and pathname are required. \sphinxstyleemphasis{oid} is the object
7152		identifier of the GSSAPI mechanism to be registered. \sphinxstyleemphasis{pathname} is a
7153		path to the module shared object or DLL. \sphinxstyleemphasis{options} (if present) are
7154		options provided to the plugin module, surrounded in square brackets.
7155		\sphinxstyleemphasis{type} (if present) can be used to indicate a special type of module.
7156		Currently the only special module type is “interposer”, for a module
7157		designed to intercept calls to other mechanisms.
	6954	{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{/gss/mech} or configuration files in the
	6955	{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{/gss/mech.d} directory with a \sphinxcode{.conf}
	6956	suffix. Each line in these files has the form:
	6957
	6958	\fvset{hllines={, ,}}%
	6959	\begin{sphinxVerbatim}[commandchars=\\\{\}]
	6960	\PYG{n}{name} \PYG{n}{oid} \PYG{n}{pathname} \PYG{p}{[}\PYG{n}{options}\PYG{p}{]} \PYG{o}{\PYGZlt{}}\PYG{n+nb}{type}\PYG{o}{\PYGZgt{}}
	6961	\end{sphinxVerbatim}
	6962
	6963	Only the name, oid, and pathname are required. \sphinxstyleemphasis{name} is the
	6964	mechanism name, which may be used for debugging or logging purposes.
	6965	\sphinxstyleemphasis{oid} is the object identifier of the GSSAPI mechanism to be
	6966	registered. \sphinxstyleemphasis{pathname} is a path to the module shared object or DLL.
	6967	\sphinxstyleemphasis{options} (if present) are options provided to the plugin module,
	6968	surrounded in square brackets. \sphinxstyleemphasis{type} (if present) can be used to
	6969	indicate a special type of module. Currently the only special module
	6970	type is “interposer”, for a module designed to intercept calls to
	6971	other mechanisms.
	6972
	6973	If the environment variable \sphinxstylestrong{GSS\_MECH\_CONFIG} is set, its value is
	6974	used as the sole mechanism configuration filename.
7158	6975
7159	6976
7160	6977	\subsection{Configuration profile modules}

7253	7070	The result of these commands will be two files, cakey.pem and
7254	7071	cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which
7255	7072	must be carefully protected. cacert.pem will contain the CA
7256		certificate, which must be placed in the filesytems of the KDC and
	7073	certificate, which must be placed in the filesystems of the KDC and
7257	7074	each client host. cakey.pem will be required to create KDC and client
7258	7075	certificates.
7259	7076

7280	7097	principal\PYGZus{}name=EXP:1,SEQUENCE:kdc\PYGZus{}principal\PYGZus{}seq
7281	7098
7282	7099	[kdc\PYGZus{}principal\PYGZus{}seq]
7283		name\PYGZus{}type=EXP:0,INTEGER:1
	7100	name\PYGZus{}type=EXP:0,INTEGER:2
7284	7101	name\PYGZus{}string=EXP:1,SEQUENCE:kdc\PYGZus{}principals
7285	7102
7286	7103	[kdc\PYGZus{}principals]

7745	7562
7746	7563	\fvset{hllines={, ,}}%
7747	7564	\begin{sphinxVerbatim}[commandchars=\\\{\}]
7748		\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}srv} \PYG{n}{PRINCNAME}
	7565	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}svr} \PYG{n}{PRINCNAME}
7749	7566	\end{sphinxVerbatim}
7750	7567
7751	7568	Clients which do not implement SPAKE preauthentication will fall back

8034	7851	The KDC chooses the session key enctype by taking the intersection of
8035	7852	its \sphinxstylestrong{permitted\_enctypes} list, the list of long-term keys for the
8036	7853	most recent kvno of the service, and the client’s requested list of
8037		enctypes. If \sphinxstylestrong{allow\_weak\_crypto} is true, all services are assumed
8038		to support des-cbc-crc.
8039
8040		Starting in krb5-1.11, \sphinxstylestrong{des\_crc\_session\_supported} in
8041		{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} allows additional control over whether the KDC
8042		issues des-cbc-crc session keys.
8043
8044		Also starting in krb5-1.11, it is possible to set a string attribute
8045		on a service principal to control what session key enctypes the KDC
8046		may issue for service tickets for that principal. See
8047		{\hyperref[\detokenize{admin/admin_commands/kadmin_local:set-string}]{\sphinxcrossref{\DUrole{std,std-ref}{set\_string}}}} in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for details.
	7854	enctypes.
	7855
	7856	Starting in krb5-1.11, it is possible to set a string attribute on a
	7857	service principal to control what session key enctypes the KDC may
	7858	issue for service tickets for that principal. See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:set-string}]{\sphinxcrossref{\DUrole{std,std-ref}{set\_string}}}}
	7859	in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for details.
8048	7860
8049	7861
8050	7862	\section{Choosing enctypes for a service}

8070	7882	\begin{description}
8071	7883	\item[{\sphinxstylestrong{allow\_weak\_crypto}}] \leavevmode
8072	7884	defaults to \sphinxstyleemphasis{false} starting with krb5-1.8. When \sphinxstyleemphasis{false}, removes
8073		single-DES enctypes (and other weak enctypes) from
8074		\sphinxstylestrong{permitted\_enctypes}, \sphinxstylestrong{default\_tkt\_enctypes}, and
8075		\sphinxstylestrong{default\_tgs\_enctypes}. Do not set this to \sphinxstyleemphasis{true} unless the
8076		use of weak enctypes is an acceptable risk for your environment
8077		and the weak enctypes are required for backward compatibility.
	7885	weak enctypes from \sphinxstylestrong{permitted\_enctypes},
	7886	\sphinxstylestrong{default\_tkt\_enctypes}, and \sphinxstylestrong{default\_tgs\_enctypes}. Do not
	7887	set this to \sphinxstyleemphasis{true} unless the use of weak enctypes is an
	7888	acceptable risk for your environment and the weak enctypes are
	7889	required for backward compatibility.
8078	7890
8079	7891	\item[{\sphinxstylestrong{permitted\_enctypes}}] \leavevmode
8080		controls the set of enctypes that a service will accept as session
8081		keys.
	7892	controls the set of enctypes that a service will permit for
	7893	session keys and for ticket and authenticator encryption. The KDC
	7894	and other programs that access the Kerberos database will ignore
	7895	keys of non-permitted enctypes. Starting in release 1.18, this
	7896	setting also acts as the default for \sphinxstylestrong{default\_tkt\_enctypes} and
	7897	\sphinxstylestrong{defaut\_tgs\_enctypes}.
8082	7898
8083	7899	\item[{\sphinxstylestrong{default\_tkt\_enctypes}}] \leavevmode
8084	7900	controls the default set of enctypes that the Kerberos client

8130	7946	&
8131	7947	weak
8132	7948	&
8133		all
	7949	\textless{}1.18
8134	7950	&
8135	7951	\textgreater{}=2000
8136	7952	\\

8139	7955	&
8140	7956	weak
8141	7957	&
8142		all
	7958	\textless{}1.18
8143	7959	&
8144	7960	?
8145	7961	\\

8148	7964	&
8149	7965	weak
8150	7966	&
8151		all
	7967	\textless{}1.18
8152	7968	&
8153	7969	\textgreater{}=2000
8154	7970	\\

8222	8038	\par
8223	8039	\sphinxattableend\end{savenotes}
8224	8040
8225		krb5 releases 1.8 and later disable the single-DES enctypes by
8226		default. Microsoft Windows releases Windows 7 and later disable
8227		single-DES enctypes by default.
	8041	krb5 releases 1.18 and later do not support single-DES. krb5 releases
	8042	1.8 and later disable the single-DES enctypes by default. Microsoft
	8043	Windows releases Windows 7 and later disable single-DES enctypes by
	8044	default.
8228	8045
8229	8046
8230	8047	\chapter{HTTPS proxy configuration}

8787	8604	\fvset{hllines={, ,}}%
8788	8605	\begin{sphinxVerbatim}[commandchars=\\\{\}]
8789	8606	\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{n}{jennifer}
8790		\PYG{n}{WARNING}\PYG{p}{:} \PYG{n}{no} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
	8607	\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
8791	8608	\PYG{n}{defaulting} \PYG{n}{to} \PYG{n}{no} \PYG{n}{policy}\PYG{o}{.}
8792	8609	\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:}
8793	8610	\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:}

8938	8755	\PYG{n}{Principal}\PYG{p}{:} \PYG{n}{tlyu}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}
8939	8756	\PYG{n}{Expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
8940	8757	\PYG{n}{Last} \PYG{n}{password} \PYG{n}{change}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996}
8941		\PYG{n}{Password} \PYG{n}{expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{none}\PYG{p}{]}
	8758	\PYG{n}{Password} \PYG{n}{expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
8942	8759	\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{10}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}
8943	8760	\PYG{n}{Maximum} \PYG{n}{renewable} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{7} \PYG{n}{days} \PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}
8944	8761	\PYG{n}{Last} \PYG{n}{modified}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996} \PYG{p}{(}\PYG{n}{bjaspan}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{)}
8945	8762	\PYG{n}{Last} \PYG{n}{successful} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
8946	8763	\PYG{n}{Last} \PYG{n}{failed} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]}
8947	8764	\PYG{n}{Failed} \PYG{n}{password} \PYG{n}{attempts}\PYG{p}{:} \PYG{l+m+mi}{0}
8948		\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{2}
8949		\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}
8950		\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{v4}
	8765	\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1}
	8766	\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192}
	8767	\PYG{n}{MKey}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}
8951	8768	\PYG{n}{Attributes}\PYG{p}{:}
8952	8769	\PYG{n}{Policy}\PYG{p}{:} \PYG{p}{[}\PYG{n}{none}\PYG{p}{]}
8953	8770

9467	9284
9468	9285	\item[{\sphinxstylestrong{-nofork}}] \leavevmode
9469	9286	causes the server to remain in the foreground and remain
9470		associated to the terminal. In normal operation, you should allow
9471		the server to place itself in the background.
	9287	associated to the terminal.
9472	9288
9473	9289	\item[{\sphinxstylestrong{-proponly}}] \leavevmode
9474	9290	causes the server to only listen and respond to Kerberos replica

9642	9458	\subsubsection{dump}
9643	9459	\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-stash-end}}\label{\detokenize{admin/admin_commands/kdb5_util:dump}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-dump}}\begin{quote}
9644	9460
9645		\sphinxstylestrong{dump} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-ov}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]}
	9461	\sphinxstylestrong{dump} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]}
9646	9462	{[}\sphinxstylestrong{-verbose}{]} {[}\sphinxstylestrong{-mkey\_convert}{]} {[}\sphinxstylestrong{-new\_mkey\_file}
9647	9463	\sphinxstyleemphasis{mkey\_file}{]} {[}\sphinxstylestrong{-rev}{]} {[}\sphinxstylestrong{-recurse}{]} {[}\sphinxstyleemphasis{filename}
9648	9464	{[}\sphinxstyleemphasis{principals}…{]}{]}

9658	9474	load\_dump version 4”). This was the dump format produced on
9659	9475	releases prior to 1.2.2.
9660	9476
9661		\item[{\sphinxstylestrong{-ov}}] \leavevmode
9662		causes the dump to be in “ovsec\_adm\_export” format.
9663
9664	9477	\item[{\sphinxstylestrong{-r13}}] \leavevmode
9665	9478	causes the dump to be in the Kerberos 5 1.3 format (“kdb5\_util
9666	9479	load\_dump version 5”). This was the dump format produced on

9708	9521	\subsubsection{load}
9709	9522	\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-dump-end}}\label{\detokenize{admin/admin_commands/kdb5_util:load}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-load}}\begin{quote}
9710	9523
9711		\sphinxstylestrong{load} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-ov}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]} {[}\sphinxstylestrong{-hash}{]}
	9524	\sphinxstylestrong{load} {[}\sphinxstylestrong{-b7}\textbar{}\sphinxstylestrong{-r13}\textbar{}\sphinxstylestrong{-r18}{]} {[}\sphinxstylestrong{-hash}{]}
9712	9525	{[}\sphinxstylestrong{-verbose}{]} {[}\sphinxstylestrong{-update}{]} \sphinxstyleemphasis{filename}
9713	9526	\end{quote}
9714	9527

9726	9539	requires the database to be in the Kerberos 5 Beta 7 format
9727	9540	(“kdb5\_util load\_dump version 4”). This was the dump format
9728	9541	produced on releases prior to 1.2.2.
9729
9730		\item[{\sphinxstylestrong{-ov}}] \leavevmode
9731		requires the database to be in “ovsec\_adm\_import” format. Must be
9732		used with the \sphinxstylestrong{-update} option.
9733	9542
9734	9543	\item[{\sphinxstylestrong{-r13}}] \leavevmode
9735	9544	requires the database to be in Kerberos 5 1.3 format (“kdb5\_util

10045	9854	\PYGZdl{} kdb5\PYGZus{}util tabdump \PYGZhy{}o keyinfo.txt keyinfo
10046	9855	\PYGZdl{} cat keyinfo.txt
10047	9856	name keyindex kvno enctype salttype salt
	9857	K/M@EXAMPLE.COM 0 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1
10048	9858	foo@EXAMPLE.COM 0 1 aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 normal \PYGZhy{}1
10049	9859	bar@EXAMPLE.COM 0 1 aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 normal \PYGZhy{}1
10050		bar@EXAMPLE.COM 1 1 des\PYGZhy{}cbc\PYGZhy{}crc normal \PYGZhy{}1
10051	9860	\PYGZdl{} sqlite3
10052	9861	sqlite\PYGZgt{} .mode tabs
10053	9862	sqlite\PYGZgt{} .import keyinfo.txt keyinfo
10054		sqlite\PYGZgt{} select * from keyinfo where enctype like \PYGZsq{}des\PYGZhy{}cbc\PYGZhy{}\PYGZpc{}\PYGZsq{};
10055		bar@EXAMPLE.COM 1 1 des\PYGZhy{}cbc\PYGZhy{}crc normal \PYGZhy{}1
	9863	sqlite\PYGZgt{} select * from keyinfo where enctype like \PYGZsq{}aes256\PYGZhy{}\PYGZpc{}\PYGZsq{};
	9864	K/M@EXAMPLE.COM 1 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1
10056	9865	sqlite\PYGZgt{} .quit
10057		\PYGZdl{} awk \PYGZhy{}F\PYGZsq{}\PYGZbs{}t\PYGZsq{} \PYGZsq{}\PYGZdl{}4 \PYGZti{} /des\PYGZhy{}cbc\PYGZhy{}/ \PYGZob{} print \PYGZcb{}\PYGZsq{} keyinfo.txt
10058		bar@EXAMPLE.COM 1 1 des\PYGZhy{}cbc\PYGZhy{}crc normal \PYGZhy{}1
	9866	\PYGZdl{} awk \PYGZhy{}F\PYGZsq{}\PYGZbs{}t\PYGZsq{} \PYGZsq{}\PYGZdl{}4 \PYGZti{} /aes256\PYGZhy{}/ \PYGZob{} print \PYGZcb{}\PYGZsq{} keyinfo.txt
	9867	K/M@EXAMPLE.COM 1 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1
10059	9868	\end{sphinxVerbatim}
10060	9869
10061	9870

10090	9899
10091	9900	\subsection{COMMAND-LINE OPTIONS}
10092	9901	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:command-line-options}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-options}}\begin{description}
	9902	\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
	9903	Specifies the realm to be operated on.
	9904
10093	9905	\item[{\sphinxstylestrong{-D} \sphinxstyleemphasis{user\_dn}}] \leavevmode
10094	9906	Specifies the Distinguished Name (DN) of the user who has
10095	9907	sufficient rights to perform the operation on the LDAP server.

10099	9911	recommended.
10100	9912
10101	9913	\item[{\sphinxstylestrong{-H} \sphinxstyleemphasis{ldapuri}}] \leavevmode
10102		Specifies the URI of the LDAP server. It is recommended to use
10103		\sphinxcode{ldapi://} or \sphinxcode{ldaps://} to connect to the LDAP server.
	9914	Specifies the URI of the LDAP server.
10104	9915
10105	9916	\end{description}
	9917
	9918	By default, kdb5\_ldap\_util operates on the default realm (as specified
	9919	in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}) and connects and authenticates to the LDAP
	9920	server in the same manner as :ref:kadmind(8){}` would given the
	9921	parameters in {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbdefaults{]}}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}.
10106	9922
10107	9923
10108	9924	\subsection{COMMANDS}

10117	9933	{[}\sphinxstylestrong{-containerref} \sphinxstyleemphasis{container\_reference\_dn}{]}
10118	9934	{[}\sphinxstylestrong{-k} \sphinxstyleemphasis{mkeytype}{]}
10119	9935	{[}\sphinxstylestrong{-kv} \sphinxstyleemphasis{mkeyVNO}{]}
	9936	{[}\sphinxstylestrong{-M} \sphinxstyleemphasis{mkeyname}{]}
10120	9937	{[}\sphinxstylestrong{-m\textbar{}-P} \sphinxstyleemphasis{password}\textbar{}\sphinxstylestrong{-sf} \sphinxstyleemphasis{stashfilename}{]}
10121	9938	{[}\sphinxstylestrong{-s}{]}
10122		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10123	9939	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
10124	9940	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
10125	9941	{[}\sphinxstyleemphasis{ticket\_flags}{]}

10152	9968	Specifies the version number of the master key in the database;
10153	9969	the default is 1. Note that 0 is not allowed.
10154	9970
	9971	\item[{\sphinxstylestrong{-M} \sphinxstyleemphasis{mkeyname}}] \leavevmode
	9972	Specifies the principal name for the master key in the database.
	9973	If not specified, the name is determined by the
	9974	\sphinxstylestrong{master\_key\_name} variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}.
	9975
10155	9976	\item[{\sphinxstylestrong{-m}}] \leavevmode
10156	9977	Specifies that the master database password should be read from
10157	9978	the TTY rather than fetched from a file on the disk.

10159	9980	\item[{\sphinxstylestrong{-P} \sphinxstyleemphasis{password}}] \leavevmode
10160	9981	Specifies the master database password. This option is not
10161	9982	recommended.
10162
10163		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10164		Specifies the Kerberos realm of the database.
10165	9983
10166	9984	\item[{\sphinxstylestrong{-sf} \sphinxstyleemphasis{stashfilename}}] \leavevmode
10167	9985	Specifies the stash file of the master database password.

10189	10007	\fvset{hllines={, ,}}%
10190	10008	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10191	10009	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
10192		\PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{sscope} \PYG{n}{SUB} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	10010	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{sscope} \PYG{n}{SUB}
10193	10011	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
10194	10012	\PYG{n}{Initializing} \PYG{n}{database} \PYG{k}{for} \PYG{n}{realm} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{ATHENA.MIT.EDU}\PYG{l+s+s1}{\PYGZsq{}}
10195	10013	\PYG{n}{You} \PYG{n}{will} \PYG{n}{be} \PYG{n}{prompted} \PYG{k}{for} \PYG{n}{the} \PYG{n}{database} \PYG{n}{Master} \PYG{n}{Password}\PYG{o}{.}

10206	10024	{[}\sphinxstylestrong{-subtrees} \sphinxstyleemphasis{subtree\_dn\_list}{]}
10207	10025	{[}\sphinxstylestrong{-sscope} \sphinxstyleemphasis{search\_scope}{]}
10208	10026	{[}\sphinxstylestrong{-containerref} \sphinxstyleemphasis{container\_reference\_dn}{]}
10209		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10210	10027	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
10211	10028	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
10212	10029	{[}\sphinxstyleemphasis{ticket\_flags}{]}

10228	10045	container object in which the principals of a realm will be
10229	10046	created.
10230	10047
10231		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10232		Specifies the Kerberos realm of the database.
10233
10234	10048	\item[{\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode
10235	10049	(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for
10236	10050	principals in this realm.

10250	10064
10251	10065	\fvset{hllines={, ,}}%
10252	10066	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10253		\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
10254		\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{r}
10255		\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	10067	\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
	10068	\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth}
10256	10069	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
10257	10070	\PYG{n}{shell}\PYG{o}{\PYGZpc{}}
10258	10071	\end{sphinxVerbatim}

10261	10074	\subsubsection{view}
10262	10075	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-end}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:view}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view}}\begin{quote}
10263	10076
10264		\sphinxstylestrong{view} {[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
	10077	\sphinxstylestrong{view}
10265	10078	\end{quote}
10266	10079
10267		Displays the attributes of a realm. Options:
10268		\begin{description}
10269		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10270		Specifies the Kerberos realm of the database.
10271
10272		\end{description}
	10080	Displays the attributes of a realm.
10273	10081
10274	10082	Example:
10275	10083
10276	10084	\fvset{hllines={, ,}}%
10277	10085	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10278	10086	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
10279		\PYG{n}{view} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	10087	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view}
10280	10088	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
10281	10089	\PYG{n}{Realm} \PYG{n}{Name}\PYG{p}{:} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
10282	10090	\PYG{n}{Subtree}\PYG{p}{:} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{users}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org}

10291	10099	\subsubsection{destroy}
10292	10100	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:destroy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy}}\begin{quote}
10293	10101
10294		\sphinxstylestrong{destroy} {[}\sphinxstylestrong{-f}{]} {[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
	10102	\sphinxstylestrong{destroy} {[}\sphinxstylestrong{-f}{]}
10295	10103	\end{quote}
10296	10104
10297	10105	Destroys an existing realm. Options:

10299	10107	\item[{\sphinxstylestrong{-f}}] \leavevmode
10300	10108	If specified, will not prompt the user for confirmation.
10301	10109
10302		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10303		Specifies the Kerberos realm of the database.
10304
10305	10110	\end{description}
10306	10111
10307	10112	Example:
10308	10113
10309	10114	\fvset{hllines={, ,}}%
10310	10115	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10311		shell\PYGZpc{} kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}D cn=admin,o=org \PYGZhy{}H
10312		ldaps://ldap\PYGZhy{}server1.mit.edu destroy \PYGZhy{}r ATHENA.MIT.EDU
	10116	shell\PYGZpc{} kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}r ATHENA.MIT.EDU \PYGZhy{}D cn=admin,o=org \PYGZhy{}H
	10117	ldaps://ldap\PYGZhy{}server1.mit.edu destroy
10313	10118	Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}:
10314	10119	Deleting KDC database of \PYGZsq{}ATHENA.MIT.EDU\PYGZsq{}, are you sure?
10315	10120	(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes

10324	10129	\sphinxstylestrong{list}
10325	10130	\end{quote}
10326	10131
10327		Lists the name of realms.
	10132	Lists the names of realms under the container.
10328	10133
10329	10134	Example:
10330	10135

10383	10188	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:create-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-stashsrvpw-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create-policy}}\begin{quote}
10384	10189
10385	10190	\sphinxstylestrong{create\_policy}
10386		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10387	10191	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
10388	10192	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
10389	10193	{[}\sphinxstyleemphasis{ticket\_flags}{]}

10392	10196
10393	10197	Creates a ticket policy in the directory. Options:
10394	10198	\begin{description}
10395		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10396		Specifies the Kerberos realm of the database.
10397
10398	10199	\item[{\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode
10399	10200	(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for
10400	10201	principals.

10419	10220	\fvset{hllines={, ,}}%
10420	10221	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10421	10222	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
10422		\PYG{n}{create\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 day}\PYG{l+s+s2}{\PYGZdq{}}
	10223	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 day}\PYG{l+s+s2}{\PYGZdq{}}
10423	10224	\PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 week}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{+}\PYG{n}{needchange}
10424	10225	\PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}forwardable} \PYG{n}{tktpolicy}
10425	10226	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}

10430	10231	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:modify-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-policy}}\begin{quote}
10431	10232
10432	10233	\sphinxstylestrong{modify\_policy}
10433		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10434	10234	{[}\sphinxstylestrong{-maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]}
10435	10235	{[}\sphinxstylestrong{-maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]}
10436	10236	{[}\sphinxstyleemphasis{ticket\_flags}{]}

10445	10245	\fvset{hllines={, ,}}%
10446	10246	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10447	10247	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H}
10448		\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	10248	\PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{modify\PYGZus{}policy}
10449	10249	\PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{60 minutes}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{10 hours}\PYG{l+s+s2}{\PYGZdq{}}
10450	10250	\PYG{o}{+}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{\PYGZhy{}}\PYG{n}{requires\PYGZus{}preauth} \PYG{n}{tktpolicy}
10451	10251	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}

10456	10256	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:view-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-policy}}\begin{quote}
10457	10257
10458	10258	\sphinxstylestrong{view\_policy}
10459		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10460	10259	\sphinxstyleemphasis{policy\_name}
10461	10260	\end{quote}
10462	10261
10463		Displays the attributes of a ticket policy. Options:
10464		\begin{description}
10465		\item[{\sphinxstyleemphasis{policy\_name}}] \leavevmode
10466		Specifies the name of the ticket policy.
10467
10468		\end{description}
	10262	Displays the attributes of the named ticket policy.
10469	10263
10470	10264	Example:
10471	10265
10472	10266	\fvset{hllines={, ,}}%
10473	10267	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10474	10268	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
10475		\PYG{n}{view\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{tktpolicy}
	10269	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view\PYGZus{}policy} \PYG{n}{tktpolicy}
10476	10270	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
10477	10271	\PYG{n}{Ticket} \PYG{n}{policy}\PYG{p}{:} \PYG{n}{tktpolicy}
10478	10272	\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{01}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}

10485	10279	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:destroy-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy-policy}}\begin{quote}
10486	10280
10487	10281	\sphinxstylestrong{destroy\_policy}
10488		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10489	10282	{[}\sphinxstylestrong{-force}{]}
10490	10283	\sphinxstyleemphasis{policy\_name}
10491	10284	\end{quote}
10492	10285
10493	10286	Destroys an existing ticket policy. Options:
10494	10287	\begin{description}
10495		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10496		Specifies the Kerberos realm of the database.
10497
10498	10288	\item[{\sphinxstylestrong{-force}}] \leavevmode
10499	10289	Forces the deletion of the policy object. If not specified, the
10500	10290	user will be prompted for confirmation before deleting the policy.

10509	10299	\fvset{hllines={, ,}}%
10510	10300	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10511	10301	kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}D cn=admin,o=org \PYGZhy{}H ldaps://ldap\PYGZhy{}server1.mit.edu
10512		destroy\PYGZus{}policy \PYGZhy{}r ATHENA.MIT.EDU tktpolicy
	10302	\PYGZhy{}r ATHENA.MIT.EDU destroy\PYGZus{}policy tktpolicy
10513	10303	Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}:
10514	10304	This will delete the policy object \PYGZsq{}tktpolicy\PYGZsq{}, are you sure?
10515	10305	(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes

10521	10311	\label{\detokenize{admin/admin_commands/kdb5_ldap_util:list-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-list-policy}}\begin{quote}
10522	10312
10523	10313	\sphinxstylestrong{list\_policy}
10524		{[}\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}{]}
10525	10314	\end{quote}
10526	10315
10527		Lists the ticket policies in realm if specified or in the default
10528		realm. Options:
10529		\begin{description}
10530		\item[{\sphinxstylestrong{-r} \sphinxstyleemphasis{realm}}] \leavevmode
10531		Specifies the Kerberos realm of the database.
10532
10533		\end{description}
	10316	Lists ticket policies.
10534	10317
10535	10318	Example:
10536	10319
10537	10320	\fvset{hllines={, ,}}%
10538	10321	\begin{sphinxVerbatim}[commandchars=\\\{\}]
10539	10322	\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}
10540		\PYG{n}{list\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}
	10323	\PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{list\PYGZus{}policy}
10541	10324	\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:}
10542	10325	\PYG{n}{tktpolicy}
10543	10326	\PYG{n}{tmppolicy}

10584	10367	\subsection{OPTIONS}
10585	10368	\label{\detokenize{admin/admin_commands/krb5kdc:options}}
10586	10369	The \sphinxstylestrong{-r} \sphinxstyleemphasis{realm} option specifies the realm for which the server
10587		should provide service.
	10370	should provide service. This option may be specified multiple times
	10371	to serve multiple realms. If no \sphinxstylestrong{-r} option is given, the default
	10372	realm (as specified in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}) will be served.
10588	10373
10589	10374	The \sphinxstylestrong{-d} \sphinxstyleemphasis{dbname} option specifies the name under which the
10590	10375	principal database can be found. This option does not apply to the

10592	10377
10593	10378	The \sphinxstylestrong{-k} \sphinxstyleemphasis{keytype} option specifies the key type of the master key
10594	10379	to be entered manually as a password when \sphinxstylestrong{-m} is given; the default
10595		is \sphinxcode{des-cbc-crc}.
	10380	is \sphinxcode{aes256-cts-hmac-sha1-96}.
10596	10381
10597	10382	The \sphinxstylestrong{-M} \sphinxstyleemphasis{mkeyname} option specifies the principal name for the
10598	10383	master key in the database (usually \sphinxcode{K/M} in the KDC’s realm).

10601	10386	be fetched from the keyboard rather than from a stash file.
10602	10387
10603	10388	The \sphinxstylestrong{-n} option specifies that the KDC does not put itself in the
10604		background and does not disassociate itself from the terminal. In
10605		normal operation, you should always allow the KDC to place itself in
10606		the background.
	10389	background and does not disassociate itself from the terminal.
10607	10390
10608	10391	The \sphinxstylestrong{-P} \sphinxstyleemphasis{pid\_file} option tells the KDC to write its PID into
10609	10392	\sphinxstyleemphasis{pid\_file} after it starts up. This can be used to identify whether

10968	10751	\subsection{DESCRIPTION}
10969	10752	\label{\detokenize{admin/admin_commands/ktutil:description}}
10970	10753	The ktutil command invokes a command interface from which an
10971		administrator can read, write, or edit entries in a keytab or Kerberos
10972		V4 srvtab file.
	10754	administrator can read, write, or edit entries in a keytab. (Kerberos
	10755	V4 srvtab files are no longer supported.)
10973	10756
10974	10757
10975	10758	\subsection{COMMANDS}

10997	10780	Alias: \sphinxstylestrong{rkt}
10998	10781
10999	10782
11000		\subsubsection{read\_st}
11001		\label{\detokenize{admin/admin_commands/ktutil:read-st}}\begin{quote}
11002
11003		\sphinxstylestrong{read\_st} \sphinxstyleemphasis{srvtab}
11004		\end{quote}
11005
11006		Read the Kerberos V4 srvtab file \sphinxstyleemphasis{srvtab} into the current keylist.
11007
11008		Alias: \sphinxstylestrong{rst}
11009
11010
11011	10783	\subsubsection{write\_kt}
11012	10784	\label{\detokenize{admin/admin_commands/ktutil:write-kt}}\begin{quote}
11013	10785

11017	10789	Write the current keylist into the Kerberos V5 keytab file \sphinxstyleemphasis{keytab}.
11018	10790
11019	10791	Alias: \sphinxstylestrong{wkt}
11020
11021
11022		\subsubsection{write\_st}
11023		\label{\detokenize{admin/admin_commands/ktutil:write-st}}\begin{quote}
11024
11025		\sphinxstylestrong{write\_st} \sphinxstyleemphasis{srvtab}
11026		\end{quote}
11027
11028		Write the current keylist into the Kerberos V4 srvtab file \sphinxstyleemphasis{srvtab}.
11029
11030		Alias: \sphinxstylestrong{wst}
11031	10792
11032	10793
11033	10794	\subsubsection{clear\_list}

11371	11132	\sphinxstylestrong{KRB5\_KDC\_PROFILE}
11372	11133	\\
11373	11134	\hline
	11135	GSS mechanism config file
	11136	&
	11137	{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{/gss/mech}
	11138	&
	11139	\sphinxstylestrong{GSS\_MECH\_CONFIG}
	11140	\\
	11141	\hline
11374	11142	KDC database path (DB2)
11375	11143	&
11376	11144	{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{/krb5kdc}\sphinxcode{/principal}

11410	11178	\hline
11411	11179	Default {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{keysalt list}}}}
11412	11180	&
11413		\sphinxcode{aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal}
	11181	\sphinxcode{aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal}
11414	11182	&\\
11415	11183	\hline
11416	11184	Permitted enctypes
11417	11185	&
11418		\sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4}
	11186	\sphinxcode{aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac}
11419	11187	&\\
11420	11188	\hline
11421	11189	KDC default port

11739	11507
11740	11508	\chapter{Advanced topics}
11741	11509	\label{\detokenize{admin/advanced/index:advanced-topics}}\label{\detokenize{admin/advanced/index::doc}}
11742
11743		\section{LDAP backend on Ubuntu 10.4 (lucid)}
11744		\label{\detokenize{admin/advanced/ldapbackend:ldap-backend-on-ubuntu-10-4-lucid}}\label{\detokenize{admin/advanced/ldapbackend::doc}}\label{\detokenize{admin/advanced/ldapbackend:ldap-be-ubuntu}}
11745		Setting up Kerberos v1.9 with LDAP backend on Ubuntu 10.4 (Lucid Lynx)
11746
11747
11748		\subsection{Prerequisites}
11749		\label{\detokenize{admin/advanced/ldapbackend:prerequisites}}
11750		Install the following packages: \sphinxstyleemphasis{slapd, ldap-utils} and \sphinxstyleemphasis{libldap2-dev}
11751
11752		You can install the necessary packages with these commands:
11753
11754		\fvset{hllines={, ,}}%
11755		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11756		\PYG{n}{sudo} \PYG{n}{apt}\PYG{o}{\PYGZhy{}}\PYG{n}{get} \PYG{n}{install} \PYG{n}{slapd}
11757		\PYG{n}{sudo} \PYG{n}{apt}\PYG{o}{\PYGZhy{}}\PYG{n}{get} \PYG{n}{install} \PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{utils}
11758		\PYG{n}{sudo} \PYG{n}{apt}\PYG{o}{\PYGZhy{}}\PYG{n}{get} \PYG{n}{install} \PYG{n}{libldap2}\PYG{o}{\PYGZhy{}}\PYG{n}{dev}
11759		\end{sphinxVerbatim}
11760
11761		Extend the user schema using schemas from standart OpenLDAP
11762		distribution: \sphinxstyleemphasis{cosine, mics, nis, inetcomperson}
11763
11764		\fvset{hllines={, ,}}%
11765		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11766		\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{cosine}\PYG{o}{.}\PYG{n}{ldif}
11767		\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{mics}\PYG{o}{.}\PYG{n}{ldif}
11768		\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{nis}\PYG{o}{.}\PYG{n}{ldif}
11769		\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{inetcomperson}\PYG{o}{.}\PYG{n}{ldif}
11770		\end{sphinxVerbatim}
11771
11772
11773		\subsection{Building Kerberos from source}
11774		\label{\detokenize{admin/advanced/ldapbackend:building-kerberos-from-source}}
11775		\fvset{hllines={, ,}}%
11776		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11777		\PYG{o}{.}\PYG{o}{/}\PYG{n}{configure} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{k}{with}\PYG{o}{\PYGZhy{}}\PYG{n}{ldap}
11778		\PYG{n}{make}
11779		\PYG{n}{sudo} \PYG{n}{make} \PYG{n}{install}
11780		\end{sphinxVerbatim}
11781
11782
11783		\subsection{Setting up Kerberos}
11784		\label{\detokenize{admin/advanced/ldapbackend:setting-up-kerberos}}
11785
11786		\subsubsection{Configuration}
11787		\label{\detokenize{admin/advanced/ldapbackend:configuration}}
11788		Update kdc.conf with the LDAP back-end information:
11789
11790		\fvset{hllines={, ,}}%
11791		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11792		\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]}
11793		\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{p}{\PYGZob{}}
11794		\PYG{n}{database\PYGZus{}module} \PYG{o}{=} \PYG{n}{LDAP}
11795		\PYG{p}{\PYGZcb{}}
11796
11797		\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]}
11798		\PYG{n}{LDAP} \PYG{o}{=} \PYG{p}{\PYGZob{}}
11799		\PYG{n}{db\PYGZus{}library} \PYG{o}{=} \PYG{n}{kldap}
11800		\PYG{n}{ldap\PYGZus{}kerberos\PYGZus{}container\PYGZus{}dn} \PYG{o}{=} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{krbContainer}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
11801		\PYG{n}{ldap\PYGZus{}kdc\PYGZus{}dn} \PYG{o}{=} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
11802		\PYG{n}{ldap\PYGZus{}kadmind\PYGZus{}dn} \PYG{o}{=} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
11803		\PYG{n}{ldap\PYGZus{}service\PYGZus{}password\PYGZus{}file} \PYG{o}{=} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{admin}\PYG{o}{.}\PYG{n}{stash}
11804		\PYG{n}{ldap\PYGZus{}servers} \PYG{o}{=} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/}
11805		\PYG{p}{\PYGZcb{}}
11806		\end{sphinxVerbatim}
11807
11808
11809		\subsubsection{Schema}
11810		\label{\detokenize{admin/advanced/ldapbackend:schema}}
11811		From the source tree copy
11812		\sphinxcode{src/plugins/kdb/ldap/libkdb\_ldap/kerberos.schema} into
11813		\sphinxcode{/etc/ldap/schema}
11814
11815		Warning: this step should be done after slapd is installed to avoid
11816		problems with slapd installation.
11817
11818		To convert kerberos.schema to run-time configuration (\sphinxcode{cn=config})
11819		do the following:
11820		\begin{enumerate}
11821		\item {}
11822		Create a temporary file \sphinxcode{/tmp/schema\_convert.conf} with the
11823		following content:
11824
11825		\fvset{hllines={, ,}}%
11826		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11827		\PYG{n}{include} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{/}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{schema}
11828		\end{sphinxVerbatim}
11829
11830		\item {}
11831		Create a temporary directory \sphinxcode{/tmp/krb5\_ldif}.
11832
11833		\item {}
11834		Run:
11835
11836		\fvset{hllines={, ,}}%
11837		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11838		\PYG{n}{slaptest} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{schema\PYGZus{}convert}\PYG{o}{.}\PYG{n}{conf} \PYG{o}{\PYGZhy{}}\PYG{n}{F} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5\PYGZus{}ldif}
11839		\end{sphinxVerbatim}
11840
11841		This should in a new file named
11842		\sphinxcode{/tmp/krb5\_ldif/cn=config/cn=schema/cn=\{0\}kerberos.ldif}.
11843
11844		\item {}
11845		Edit \sphinxcode{/tmp/krb5\_ldif/cn=config/cn=schema/cn=\{0\}kerberos.ldif} by
11846		replacing the lines:
11847
11848		\fvset{hllines={, ,}}%
11849		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11850		\PYG{n}{dn}\PYG{p}{:} \PYG{n}{cn}\PYG{o}{=}\PYG{p}{\PYGZob{}}\PYG{l+m+mi}{0}\PYG{p}{\PYGZcb{}}\PYG{n}{kerberos}
11851		\PYG{n}{cn}\PYG{p}{:} \PYG{p}{\PYGZob{}}\PYG{l+m+mi}{0}\PYG{p}{\PYGZcb{}}\PYG{n}{kerberos}
11852		\end{sphinxVerbatim}
11853
11854		with
11855		\begin{quote}
11856
11857		dn: cn=kerberos,cn=schema,cn=config
11858		cn: kerberos
11859		\end{quote}
11860
11861		Also, remove following attribute-value pairs:
11862
11863		\fvset{hllines={, ,}}%
11864		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11865		\PYG{n}{structuralObjectClass}\PYG{p}{:} \PYG{n}{olcSchemaConfig}
11866		\PYG{n}{entryUUID}\PYG{p}{:} \PYG{o}{.}\PYG{o}{.}\PYG{o}{.}
11867		\PYG{n}{creatorsName}\PYG{p}{:} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{config}
11868		\PYG{n}{createTimestamp}\PYG{p}{:} \PYG{o}{.}\PYG{o}{.}\PYG{o}{.}
11869		\PYG{n}{entryCSN}\PYG{p}{:} \PYG{o}{.}\PYG{o}{.}\PYG{o}{.}
11870		\PYG{n}{modifiersName}\PYG{p}{:} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{config}
11871		\PYG{n}{modifyTimestamp}\PYG{p}{:} \PYG{o}{.}\PYG{o}{.}\PYG{o}{.}
11872		\end{sphinxVerbatim}
11873
11874		\item {}
11875		Load the new schema with ldapadd (with the proper authentication):
11876
11877		\fvset{hllines={, ,}}%
11878		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11879		\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5\PYGZus{}ldif}\PYG{o}{/}\PYG{n}{cn}\PYG{o}{=}\PYG{n}{config}\PYG{o}{/}\PYG{n}{cn}\PYG{o}{=}\PYG{n}{schema}\PYG{o}{/}\PYG{n}{cn}\PYG{o}{=}\PYG{p}{\PYGZob{}}\PYG{l+m+mi}{0}\PYG{p}{\PYGZcb{}}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{ldif}
11880		\end{sphinxVerbatim}
11881
11882		which should result the message \sphinxcode{adding new entry
11883		"cn=kerberos,cn=schema,cn=config"}.
11884
11885		\end{enumerate}
11886
11887
11888		\subsection{Create Kerberos database}
11889		\label{\detokenize{admin/advanced/ldapbackend:create-kerberos-database}}
11890		Using LDAP administrator credentials, create Kerberos database and
11891		master key stash:
11892
11893		\fvset{hllines={, ,}}%
11894		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11895		\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{s}
11896		\end{sphinxVerbatim}
11897
11898		Stash the LDAP administrative passwords:
11899
11900		\fvset{hllines={, ,}}%
11901		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11902		\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{n}{stashsrvpw} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com}
11903		\end{sphinxVerbatim}
11904
11905		Start {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}:
11906
11907		\fvset{hllines={, ,}}%
11908		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11909		\PYG{n}{krb5kdc}
11910		\end{sphinxVerbatim}
11911
11912		To destroy database run:
11913
11914		\fvset{hllines={, ,}}%
11915		\begin{sphinxVerbatim}[commandchars=\\\{\}]
11916		\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{n}{destroy} \PYG{o}{\PYGZhy{}}\PYG{n}{f}
11917		\end{sphinxVerbatim}
11918
11919
11920		\subsection{Useful references}
11921		\label{\detokenize{admin/advanced/ldapbackend:useful-references}}\begin{itemize}
11922		\item {}
11923		\sphinxhref{https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html}{Kerberos and LDAP}
11924
11925		\end{itemize}
11926
11927	11510
11928	11511	\section{Retiring DES}
11929	11512	\label{\detokenize{admin/advanced/retiring-des:retiring-des}}\label{\detokenize{admin/advanced/retiring-des::doc}}\label{\detokenize{admin/advanced/retiring-des:id1}}

11945	11528	However, deployments of krb5 using Kerberos databases created with older
11946	11529	versions of krb5 will not necessarily start using strong crypto for
11947	11530	ordinary operation without administrator intervention.
	11531
	11532	MIT krb5 began flagging deprecated encryption types with release 1.17,
	11533	and removed DES (single-DES) support in release 1.18. As a
	11534	consequence, a release prior to 1.18 is required to perform these
	11535	migrations.
11948	11536
11949	11537
11950	11538	\subsection{Types of keys}

12370	11958	\section{Whitepapers}
12371	11959	\label{\detokenize{admin/various_envs:whitepapers}}\begin{enumerate}
12372	11960	\item {}
12373		\sphinxurl{http://kerberos.org/software/whitepapers.html}
	11961	\sphinxurl{https://kerberos.org/software/whitepapers.html}
12374	11962
12375	11963	\end{enumerate}
12376	11964

12378	11966	\section{Tutorials}
12379	11967	\label{\detokenize{admin/various_envs:tutorials}}\begin{enumerate}
12380	11968	\item {}
12381		Fulvio Ricciardi \textless{}\sphinxurl{http://www.kerberos.org/software/tutorial.html}\textgreater{}\_
	11969	Fulvio Ricciardi \textless{}\sphinxurl{https://www.kerberos.org/software/tutorial.html}\textgreater{}\_
12382	11970
12383	11971	\end{enumerate}
12384	11972

12386	11974	\section{Troubleshooting}
12387	11975	\label{\detokenize{admin/various_envs:troubleshooting}}\begin{enumerate}
12388	11976	\item {}
12389		\sphinxurl{http://www.ncsa.illinois.edu/UserInfo/Resources/Software/kerberos/troubleshooting.html}
12390
12391		\item {}
12392		\sphinxurl{http://nfsv4.bullopensource.org/doc/kerberosnfs/krbnfs\_howto\_v3.pdf}
12393
12394		\item {}
12395		\sphinxurl{http://sysdoc.doors.ch/HP/T1417-90005.pdf}
12396
12397		\item {}
12398		\sphinxurl{http://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html}
12399
12400		\item {}
12401		\sphinxurl{http://download.oracle.com/docs/cd/E19253-01/816-4557/trouble-1/index.html}
12402
12403		\item {}
12404		\sphinxurl{http://technet.microsoft.com/en-us/library/bb463167.aspx\#EBAA}
	11977	\sphinxurl{https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting}
	11978
	11979	\item {}
	11980	\sphinxurl{https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html}
	11981
	11982	\item {}
	11983	\sphinxurl{https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html}
	11984
	11985	\item {}
	11986	\sphinxurl{https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10})\#EBAA
12405	11987
12406	11988	\item {}
12407	11989	\sphinxurl{https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528}
12408
12409		\item {}
12410		\sphinxurl{http://h71000.www7.hp.com/doc/83final/ba548\_90007/ch06s05.html}
12411	11990
12412	11991	\end{enumerate}
12413	11992

doc/pdf/appdev.pdf less more

Binary diff not shown

+159

-289

doc/pdf/appdev.tex less more

54	54
55	55	\title{Kerberos Application Developer Guide}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

336	336
337	337	To perform a constrained delegation operation, the intermediate
338	338	service must submit to the KDC an “evidence ticket” from the client to
339		the intermediate service with the forwardable bit set. An evidence
340		ticket can be acquired when the client authenticates to the
341		intermediate service with Kerberos, or with an S4U2Self request if the
342		KDC allows it. The MIT krb5 GSSAPI library represents an evidence
343		ticket using a “proxy credential”, which is a special kind of
344		gss\_cred\_id\_t object whose underlying credential cache contains the
345		evidence ticket and a krbtgt ticket for the intermediate service.
	339	the intermediate service. An evidence ticket can be acquired when the
	340	client authenticates to the intermediate service with Kerberos, or
	341	with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI
	342	library represents an evidence ticket using a “proxy credential”,
	343	which is a special kind of gss\_cred\_id\_t object whose underlying
	344	credential cache contains the evidence ticket and a krbtgt ticket for
	345	the intermediate service.
346	346
347	347	To acquire a proxy credential during client authentication, the
348	348	service should first create an acceptor credential using the

351	351	and also pass a \sphinxstyleemphasis{delegated\_cred\_handle} output parameter to receive a
352	352	proxy credential containing the evidence ticket. The output value of
353	353	\sphinxstyleemphasis{delegated\_cred\_handle} may be a delegated ticket-granting ticket if
354		the client sent one, or a proxy credential if the client authenticated
355		with a forwardable service ticket, or \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} if
356		neither is the case.
	354	the client sent one, or a proxy credential if not. If the library can
	355	determine that the client’s ticket is not a valid evidence ticket, it
	356	will place \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} in \sphinxstyleemphasis{delegated\_cred\_handle}.
357	357
358	358	To acquire a proxy credential using an S4U2Self request, the service
359	359	can use the following GSSAPI extension:

377	377	intermediate service. Both \sphinxstyleemphasis{icred} and \sphinxstyleemphasis{desired\_name} are required
378	378	for this function; passing \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} or
379	379	\sphinxstylestrong{GSS\_C\_NO\_NAME} will cause the call to fail. \sphinxstyleemphasis{icred} must contain a
380		krbtgt ticket for the intermediate service. If the KDC returns a
381		forwardable ticket, the result of this operation is a proxy
382		credential; if it is not forwardable, the result is a regular
383		credential for \sphinxstyleemphasis{desired\_name}.
384
385		A recent KDC will usually allow any service to acquire a ticket from a
386		client to itself with an S4U2Self request, but the ticket will only be
387		forwardable if the service has a specific privilege. In the MIT krb5
388		KDC, this privilege is determined by the \sphinxstylestrong{ok\_to\_auth\_as\_delegate}
389		bit on the intermediate service’s principal entry, which can be
390		configured with \DUrole{xref,std,std-ref}{kadmin(1)}.
	380	krbtgt ticket for the intermediate service. The result of this
	381	operation is a proxy credential. (Prior to release 1.18, the result
	382	of this operation may be a regular credential for \sphinxstyleemphasis{desired\_name}, if
	383	the KDC issues a non-forwardable ticket.)
391	384
392	385	Once the intermediate service has a proxy credential, it can simply
393	386	pass it to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} as the \sphinxstyleemphasis{initiator\_cred\_handle}

734	727	\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{message}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;}
735	728	\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{l+m+mi}{7}\PYG{p}{;}
736	729
737		\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,}
738		\PYG{n}{NULL}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;}
	730	\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;}
739	731	\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)}
740	732	\PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;}
741	733	\PYG{k}{if} \PYG{p}{(}\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{\PYGZgt{}} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{data}\PYG{p}{)}\PYG{p}{)}
742	734	\PYG{n}{handle\PYGZus{}out\PYGZus{}of\PYGZus{}space\PYGZus{}error}\PYG{p}{(}\PYG{p}{)}\PYG{p}{;}
743	735	\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{data}\PYG{p}{;}
744	736
745		\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,}
746		\PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;}
	737	\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;}
747	738	\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)}
748	739	\PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;}
749	740	\end{sphinxVerbatim}

826	817	the last argument \sphinxstyleemphasis{data} is ALWAYS non-zero.
827	818	\\
828	819	\hline
829		{\hyperref[\detokenize{appdev/refs/api/krb5_cccol_last_change_time:c.krb5_cccol_last_change_time}]{\sphinxcrossref{\sphinxcode{krb5\_cccol\_last\_change\_time()}}}}
830		&
831		H5l takes 3 arguments: krb5\_context context,
832		const char type, krb5\_timestamp change\_time
833		MIT takes two arguments: krb5\_context context,
834		krb5\_timestamp *change\_time
	820	\sphinxcode{krb5\_cccol\_last\_change\_time()}
	821	&
	822	MIT: not implemented
835	823	\\
836	824	\hline
837	825	{\hyperref[\detokenize{appdev/refs/api/krb5_set_default_realm:c.krb5_set_default_realm}]{\sphinxcrossref{\sphinxcode{krb5\_set\_default\_realm()}}}}

4456	4444	\end{sphinxadmonition}
4457	4445
4458	4446
4459		\subsubsection{krb5\_allow\_weak\_crypto - Allow the appplication to override the profile’s allow\_weak\_crypto setting.}
4460		\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto::doc}}\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto:krb5-allow-weak-crypto-allow-the-appplication-to-override-the-profile-s-allow-weak-crypto-setting}}\index{krb5\_allow\_weak\_crypto (C function)}
	4447	\subsubsection{krb5\_allow\_weak\_crypto - Allow the application to override the profile’s allow\_weak\_crypto setting.}
	4448	\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto::doc}}\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto:krb5-allow-weak-crypto-allow-the-application-to-override-the-profile-s-allow-weak-crypto-setting}}\index{krb5\_allow\_weak\_crypto (C function)}
4461	4449
4462	4450	\begin{fulllineitems}
4463	4451	\phantomsection\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto:c.krb5_allow_weak_crypto}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_allow\_weak\_crypto}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{krb5\_boolean}}}\sphinxstyleemphasis{ enable}}{}

5318	5306
5319	5307	\end{description}\end{quote}
5320	5308
5321		This function sets the replay cache in \sphinxstyleemphasis{auth\_context} to \sphinxstyleemphasis{rcache} . \sphinxstyleemphasis{rcache} will be closed when \sphinxstyleemphasis{auth\_context} is freed, so the caller should relinguish that responsibility.
	5309	This function sets the replay cache in \sphinxstyleemphasis{auth\_context} to \sphinxstyleemphasis{rcache} . \sphinxstyleemphasis{rcache} will be closed when \sphinxstyleemphasis{auth\_context} is freed, so the caller should relinquish that responsibility.
5322	5310
5323	5311
5324	5312	\subsubsection{krb5\_auth\_con\_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.}

5656	5644	\end{sphinxadmonition}
5657	5645
5658	5646
5659		\subsubsection{krb5\_cc\_last\_change\_time - Return a timestamp of the last modification to a credential cache.}
5660		\label{\detokenize{appdev/refs/api/krb5_cc_last_change_time:krb5-cc-last-change-time-return-a-timestamp-of-the-last-modification-to-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_last_change_time::doc}}\index{krb5\_cc\_last\_change\_time (C function)}
5661
5662		\begin{fulllineitems}
5663		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_last_change_time:c.krb5_cc_last_change_time}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cc\_last\_change\_time}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{krb5\_ccache}}}\sphinxstyleemphasis{ ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{krb5\_timestamp}}} *\sphinxstyleemphasis{ change\_time}}{}
5664		\end{fulllineitems}
5665
5666		\begin{quote}\begin{description}
5667		\item[{param}] \leavevmode
5668		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
5669
5670		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} - Credential cache handle
5671
5672		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{change\_time} - The last change time of \sphinxstyleemphasis{ccache}
5673
5674		\end{description}\end{quote}
5675
5676		If an error occurs, \sphinxstyleemphasis{change\_time} is set to 0.
5677
5678
5679		\subsubsection{krb5\_cc\_lock - Lock a credential cache.}
5680		\label{\detokenize{appdev/refs/api/krb5_cc_lock:krb5-cc-lock-lock-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_lock::doc}}\index{krb5\_cc\_lock (C function)}
5681
5682		\begin{fulllineitems}
5683		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_lock:c.krb5_cc_lock}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cc\_lock}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{krb5\_ccache}}}\sphinxstyleemphasis{ ccache}}{}
5684		\end{fulllineitems}
5685
5686		\begin{quote}\begin{description}
5687		\item[{param}] \leavevmode
5688		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
5689
5690		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} - Credential cache handle
5691
5692		\end{description}\end{quote}
5693		\begin{quote}\begin{description}
5694		\item[{retval}] \leavevmode\begin{itemize}
5695		\item {}
5696		0 Success; otherwise - Kerberos error codes
5697
5698		\end{itemize}
5699
5700		\end{description}\end{quote}
5701
5702		Use {\hyperref[\detokenize{appdev/refs/api/krb5_cc_unlock:c.krb5_cc_unlock}]{\sphinxcrossref{\sphinxcode{krb5\_cc\_unlock()}}}} to unlock the lock.
5703
5704
5705	5647	\subsubsection{krb5\_cc\_move - Move a credential cache.}
5706	5648	\label{\detokenize{appdev/refs/api/krb5_cc_move:krb5-cc-move-move-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_move::doc}}\index{krb5\_cc\_move (C function)}
5707	5649

6067	6009	\end{quote}
6068	6010
6069	6011	\begin{sphinxadmonition}{note}{Note:}
6070		If \sphinxstyleemphasis{cache} is modified between the time of the call to this function and the time of the final {\hyperref[\detokenize{appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get}]{\sphinxcrossref{\sphinxcode{krb5\_cc\_end\_seq\_get()}}}} , the results are undefined.
	6012	If the cache represented by \sphinxstyleemphasis{cache} is modified between the time of the call to this function and the time of the final {\hyperref[\detokenize{appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get}]{\sphinxcrossref{\sphinxcode{krb5\_cc\_end\_seq\_get()}}}} , these changes may not be reflected in the results of {\hyperref[\detokenize{appdev/refs/api/krb5_cc_next_cred:c.krb5_cc_next_cred}]{\sphinxcrossref{\sphinxcode{krb5\_cc\_next\_cred()}}}} calls.
6071	6013	\end{sphinxadmonition}
6072	6014
6073	6015

6168	6110	If the type of \sphinxstyleemphasis{cache} supports it, set \sphinxstyleemphasis{cache} to be the primary credential cache for the collection it belongs to.
6169	6111
6170	6112
6171		\subsubsection{krb5\_cc\_unlock - Unlock a credential cache.}
6172		\label{\detokenize{appdev/refs/api/krb5_cc_unlock:krb5-cc-unlock-unlock-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_unlock::doc}}\index{krb5\_cc\_unlock (C function)}
6173
6174		\begin{fulllineitems}
6175		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_unlock:c.krb5_cc_unlock}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cc\_unlock}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{krb5\_ccache}}}\sphinxstyleemphasis{ ccache}}{}
6176		\end{fulllineitems}
6177
6178		\begin{quote}\begin{description}
6179		\item[{param}] \leavevmode
6180		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
6181
6182		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} - Credential cache handle
6183
6184		\end{description}\end{quote}
6185		\begin{quote}\begin{description}
6186		\item[{retval}] \leavevmode\begin{itemize}
6187		\item {}
6188		0 Success; otherwise - Kerberos error codes
6189
6190		\end{itemize}
6191
6192		\end{description}\end{quote}
6193
6194		This function unlocks the \sphinxstyleemphasis{ccache} locked by {\hyperref[\detokenize{appdev/refs/api/krb5_cc_lock:c.krb5_cc_lock}]{\sphinxcrossref{\sphinxcode{krb5\_cc\_lock()}}}} .
6195
6196
6197	6113	\subsubsection{krb5\_cccol\_cursor\_free - Free a credential cache collection cursor.}
6198	6114	\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_free::doc}}\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_free:krb5-cccol-cursor-free-free-a-credential-cache-collection-cursor}}\index{krb5\_cccol\_cursor\_free (C function)}
6199	6115

6331	6247	\end{sphinxadmonition}
6332	6248
6333	6249
6334		\subsubsection{krb5\_cccol\_last\_change\_time - Return a timestamp of the last modification of any known credential cache.}
6335		\label{\detokenize{appdev/refs/api/krb5_cccol_last_change_time:krb5-cccol-last-change-time-return-a-timestamp-of-the-last-modification-of-any-known-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cccol_last_change_time::doc}}\index{krb5\_cccol\_last\_change\_time (C function)}
6336
6337		\begin{fulllineitems}
6338		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_last_change_time:c.krb5_cccol_last_change_time}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cccol\_last\_change\_time}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{krb5\_timestamp}}} *\sphinxstyleemphasis{ change\_time}}{}
6339		\end{fulllineitems}
6340
6341		\begin{quote}\begin{description}
6342		\item[{param}] \leavevmode
6343		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
6344
6345		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{change\_time} - Last modification timestamp
6346
6347		\end{description}\end{quote}
6348		\begin{quote}\begin{description}
6349		\item[{retval}] \leavevmode\begin{itemize}
6350		\item {}
6351		0 Success; otherwise - Kerberos error codes
6352
6353		\end{itemize}
6354
6355		\end{description}\end{quote}
6356
6357		This function returns the most recent modification time of any known credential cache, ignoring any caches which cannot supply a last modification time.
6358
6359		If there are no known credential caches, \sphinxstyleemphasis{change\_time} is set to 0.
6360
6361
6362		\subsubsection{krb5\_cccol\_lock - Acquire a global lock for credential caches.}
6363		\label{\detokenize{appdev/refs/api/krb5_cccol_lock::doc}}\label{\detokenize{appdev/refs/api/krb5_cccol_lock:krb5-cccol-lock-acquire-a-global-lock-for-credential-caches}}\index{krb5\_cccol\_lock (C function)}
6364
6365		\begin{fulllineitems}
6366		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_lock:c.krb5_cccol_lock}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cccol\_lock}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}}{}
6367		\end{fulllineitems}
6368
6369		\begin{quote}\begin{description}
6370		\item[{param}] \leavevmode
6371		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
6372
6373		\end{description}\end{quote}
6374		\begin{quote}\begin{description}
6375		\item[{retval}] \leavevmode\begin{itemize}
6376		\item {}
6377		0 Success; otherwise - Kerberos error codes
6378
6379		\end{itemize}
6380
6381		\end{description}\end{quote}
6382
6383		This function locks the global credential cache collection, ensuring that no ccaches are added to or removed from it until the collection lock is released.
6384
6385		Use {\hyperref[\detokenize{appdev/refs/api/krb5_cccol_unlock:c.krb5_cccol_unlock}]{\sphinxcrossref{\sphinxcode{krb5\_cccol\_unlock()}}}} to unlock the lock.
6386
6387
6388		\subsubsection{krb5\_cccol\_unlock - Release a global lock for credential caches.}
6389		\label{\detokenize{appdev/refs/api/krb5_cccol_unlock:krb5-cccol-unlock-release-a-global-lock-for-credential-caches}}\label{\detokenize{appdev/refs/api/krb5_cccol_unlock::doc}}\index{krb5\_cccol\_unlock (C function)}
6390
6391		\begin{fulllineitems}
6392		\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_unlock:c.krb5_cccol_unlock}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_cccol\_unlock}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}}{}
6393		\end{fulllineitems}
6394
6395		\begin{quote}\begin{description}
6396		\item[{param}] \leavevmode
6397		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
6398
6399		\end{description}\end{quote}
6400		\begin{quote}\begin{description}
6401		\item[{retval}] \leavevmode\begin{itemize}
6402		\item {}
6403		0 Success; otherwise - Kerberos error codes
6404
6405		\end{itemize}
6406
6407		\end{description}\end{quote}
6408
6409		This function unlocks the lock from {\hyperref[\detokenize{appdev/refs/api/krb5_cccol_lock:c.krb5_cccol_lock}]{\sphinxcrossref{\sphinxcode{krb5\_cccol\_lock()}}}} .
6410
6411
6412	6250	\subsubsection{krb5\_clear\_error\_message - Clear the extended error message in a context.}
6413	6251	\label{\detokenize{appdev/refs/api/krb5_clear_error_message:krb5-clear-error-message-clear-the-extended-error-message-in-a-context}}\label{\detokenize{appdev/refs/api/krb5_clear_error_message::doc}}\index{krb5\_clear\_error\_message (C function)}
6414	6252

6970	6808	This function frees the contents of \sphinxstyleemphasis{val} , but not the structure itself.
6971	6809
6972	6810
6973		\subsubsection{krb5\_free\_default\_realm - Free a defaultrealm string returned by krb5\_get\_default\_realm() .}
6974		\label{\detokenize{appdev/refs/api/krb5_free_default_realm:krb5-free-default-realm-free-a-defaultrealm-string-returned-by-krb5-get-default-realm}}\label{\detokenize{appdev/refs/api/krb5_free_default_realm::doc}}\index{krb5\_free\_default\_realm (C function)}
	6811	\subsubsection{krb5\_free\_default\_realm - Free a default realm string returned by krb5\_get\_default\_realm() .}
	6812	\label{\detokenize{appdev/refs/api/krb5_free_default_realm:krb5-free-default-realm-free-a-default-realm-string-returned-by-krb5-get-default-realm}}\label{\detokenize{appdev/refs/api/krb5_free_default_realm::doc}}\index{krb5\_free\_default\_realm (C function)}
6975	6813
6976	6814	\begin{fulllineitems}
6977	6815	\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_default_realm:c.krb5_free_default_realm}}\pysiglinewithargsret{void \sphinxbfcode{krb5\_free\_default\_realm}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, char *\sphinxstyleemphasis{ lrealm}}{}

7261	7099	\item[{param}] \leavevmode
7262	7100	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} - Library context
7263	7101
7264		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{piece} - Unique identifier for replay cache
	7102	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{piece} - Unused (replay cache identifier)
7265	7103
7266	7104	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rcptr} - Handle to an open rcache
7267	7105

7275	7113
7276	7114	\end{description}\end{quote}
7277	7115
7278		This function generates a replay cache name based on \sphinxstyleemphasis{piece} and opens a handle to it. Typically \sphinxstyleemphasis{piece} is the first component of the service principal name. Use krb5\_rc\_close() to close \sphinxstyleemphasis{rcptr} when it is no longer needed.
	7116	This function creates a handle to the default replay cache. Use krb5\_rc\_close() to close \sphinxstyleemphasis{rcptr} when it is no longer needed.
	7117
	7118	\begin{sphinxadmonition}{note}{Note:}
	7119	Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of \sphinxstyleemphasis{piece} .
	7120	\end{sphinxadmonition}
7279	7121
7280	7122
7281	7123	\subsubsection{krb5\_get\_time\_offsets - Return the time offsets from the os context.}

8046	7888	\label{\detokenize{appdev/refs/api/krb5_mk_1cred:krb5-mk-1cred-format-a-krb-cred-message-for-a-single-set-of-credentials}}\label{\detokenize{appdev/refs/api/krb5_mk_1cred::doc}}\index{krb5\_mk\_1cred (C function)}
8047	7889
8048	7890	\begin{fulllineitems}
8049		\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_1cred:c.krb5_mk_1cred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_1cred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} \sphinxstyleemphasis{ pcreds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ ppdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} \sphinxstyleemphasis{ outdata}}{}
	7891	\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_1cred:c.krb5_mk_1cred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_1cred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} \sphinxstyleemphasis{ creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} \sphinxstyleemphasis{ rdata\_out}}{}
8050	7892	\end{fulllineitems}
8051	7893
8052	7894	\begin{quote}\begin{description}

8055	7897
8056	7898	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} - Authentication context
8057	7899
8058		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pcreds} - Pointer to credentials
8059
8060		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ppdata} - Encoded credentials
8061
8062		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay cache data (NULL if not needed)
	7900	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} - Pointer to credentials
	7901
	7902	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} - Encoded credentials
	7903
	7904	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay cache data (NULL if not needed)
8063	7905
8064	7906	\end{description}\end{quote}
8065	7907	\begin{quote}\begin{description}

8118	7960	\label{\detokenize{appdev/refs/api/krb5_mk_ncred::doc}}\label{\detokenize{appdev/refs/api/krb5_mk_ncred:krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials}}\index{krb5\_mk\_ncred (C function)}
8119	7961
8120	7962	\begin{fulllineitems}
8121		\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_ncred:c.krb5_mk_ncred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_ncred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} \sphinxstyleemphasis{ ppcreds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ ppdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ outdata}}{}
	7963	\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_ncred:c.krb5_mk_ncred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_ncred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} \sphinxstyleemphasis{ creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ rdata\_out}}{}
8122	7964	\end{fulllineitems}
8123	7965
8124	7966	\begin{quote}\begin{description}

8127	7969
8128	7970	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} - Authentication context
8129	7971
8130		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ppcreds} - Null-terminated array of credentials
8131
8132		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ppdata} - Encoded credentials
8133
8134		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay cache information (NULL if not needed)
	7972	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} - Null-terminated array of credentials
	7973
	7974	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} - Encoded credentials
	7975
	7976	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay cache information (NULL if not needed)
8135	7977
8136	7978	\end{description}\end{quote}
8137	7979	\begin{quote}\begin{description}

8155	7997
8156	7998	\end{description}\end{quote}
8157	7999
8158		This function takes an array of credentials \sphinxstyleemphasis{ppcreds} and formats a \sphinxstylestrong{KRB-CRED} message \sphinxstyleemphasis{ppdata} to pass to {\hyperref[\detokenize{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}]{\sphinxcrossref{\sphinxcode{krb5\_rd\_cred()}}}} .
8159
8160		The message will be encrypted using the send subkey of \sphinxstyleemphasis{auth\_context} if it is present, or the session key otherwise.
	8000	This function takes an array of credentials \sphinxstyleemphasis{creds} and formats a \sphinxstylestrong{KRB-CRED} message \sphinxstyleemphasis{der\_out} to pass to {\hyperref[\detokenize{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}]{\sphinxcrossref{\sphinxcode{krb5\_rd\_cred()}}}} .
	8001
	8002	The local and remote addresses in \sphinxstyleemphasis{auth\_context} are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.
	8003
	8004	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} is not set, no replay cache is used. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} is set in \sphinxstyleemphasis{auth\_context} , the timestamp used for the KRB-CRED message is stored in \sphinxstyleemphasis{rdata\_out} .
	8005
	8006	If either {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB-CRED message and then incremented. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} .
	8007
	8008	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{der\_out} when it is no longer needed.
	8009
	8010	The message will be encrypted using the send subkey of \sphinxstyleemphasis{auth\_context} if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.
8161	8011
8162	8012	\begin{sphinxadmonition}{note}{Note:}
8163		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , \sphinxstyleemphasis{outdata} is required.
	8013	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .
8164	8014	\end{sphinxadmonition}
8165	8015
8166	8016

8168	8018	\label{\detokenize{appdev/refs/api/krb5_mk_priv:krb5-mk-priv-format-a-krb-priv-message}}\label{\detokenize{appdev/refs/api/krb5_mk_priv::doc}}\index{krb5\_mk\_priv (C function)}
8169	8019
8170	8020	\begin{fulllineitems}
8171		\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_priv:c.krb5_mk_priv}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_priv}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ outbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ outdata}}{}
	8021	\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_priv:c.krb5_mk_priv}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_priv}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ rdata\_out}}{}
8172	8022	\end{fulllineitems}
8173	8023
8174	8024	\begin{quote}\begin{description}

8179	8029
8180	8030	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{userdata} - User data for \sphinxstylestrong{KRB-PRIV} message
8181	8031
8182		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} - Formatted \sphinxstylestrong{KRB-PRIV} message
8183
8184		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay cache handle (NULL if not needed)
	8032	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} - Formatted \sphinxstylestrong{KRB-PRIV} message
	8033
	8034	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay data (NULL if not needed)
8185	8035
8186	8036	\end{description}\end{quote}
8187	8037	\begin{quote}\begin{description}

8195	8045
8196	8046	This function is similar to {\hyperref[\detokenize{appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe}]{\sphinxcrossref{\sphinxcode{krb5\_mk\_safe()}}}} , but the message is encrypted and integrity-protected, not just integrity-protected.
8197	8047
8198		The local address in \sphinxstyleemphasis{auth\_context} must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.
8199		\begin{itemize}
8200		\item {}
8201		{\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} - Use timestamps in \sphinxstyleemphasis{outdata}
8202
8203		\item {}
8204		{\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} - Copy timestamp to \sphinxstyleemphasis{outdata} .
8205
8206		\item {}
8207		{\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} - Use local sequence numbers from \sphinxstyleemphasis{auth\_context} in replay cache.
8208
8209		\item {}
8210		{\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} - Use local sequence numbers from \sphinxstyleemphasis{auth\_context} as a sequence number in the encrypted message \sphinxstyleemphasis{outbuf} .
8211
8212		\end{itemize}
	8048	The local address in \sphinxstyleemphasis{auth\_context} must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.
	8049
	8050	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} is not set, no replay cache is used. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB-PRIV message and is stored in \sphinxstyleemphasis{rdata\_out} .
	8051
	8052	If either {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB-PRIV message and then incremented. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} .
	8053
	8054	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{der\_out} when it is no longer needed.
8213	8055
8214	8056	\begin{sphinxadmonition}{note}{Note:}
8215		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , the \sphinxstyleemphasis{outdata} is required.
	8057	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .
8216	8058	\end{sphinxadmonition}
8217	8059
8218	8060

8354	8196	{\hyperref[\detokenize{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:AP_OPTS_USE_SESSION_KEY}]{\sphinxcrossref{\sphinxcode{AP\_OPTS\_USE\_SESSION\_KEY}}}} - Use the session key when creating the request used for user to user authentication.
8355	8197
8356	8198	\item {}
8357		{\hyperref[\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED}]{\sphinxcrossref{\sphinxcode{AP\_OPTS\_MUTUAL\_REQUIRED}}}} - Request a mutual authentication packet from the reciever.
	8199	{\hyperref[\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED}]{\sphinxcrossref{\sphinxcode{AP\_OPTS\_MUTUAL\_REQUIRED}}}} - Request a mutual authentication packet from the receiver.
8358	8200
8359	8201	\item {}
8360	8202	{\hyperref[\detokenize{appdev/refs/macros/AP_OPTS_USE_SUBKEY:AP_OPTS_USE_SUBKEY}]{\sphinxcrossref{\sphinxcode{AP\_OPTS\_USE\_SUBKEY}}}} - Generate a subsession key from the current session key obtained from the credentials.

8379	8221	\label{\detokenize{appdev/refs/api/krb5_mk_safe:krb5-mk-safe-format-a-krb-safe-message}}\label{\detokenize{appdev/refs/api/krb5_mk_safe::doc}}\index{krb5\_mk\_safe (C function)}
8380	8222
8381	8223	\begin{fulllineitems}
8382		\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_safe}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ outbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ outdata}}{}
	8224	\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_mk\_safe}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ rdata\_out}}{}
8383	8225	\end{fulllineitems}
8384	8226
8385	8227	\begin{quote}\begin{description}

8390	8232
8391	8233	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{userdata} - User data in the message
8392	8234
8393		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} - Formatted \sphinxstylestrong{KRB-SAFE} buffer
8394
8395		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay data. Specify NULL if not needed
	8235	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} - Formatted \sphinxstylestrong{KRB-SAFE} buffer
	8236
	8237	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay data. Specify NULL if not needed
8396	8238
8397	8239	\end{description}\end{quote}
8398	8240	\begin{quote}\begin{description}

8410	8252
8411	8253	The local address in \sphinxstyleemphasis{auth\_context} must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.
8412	8254
8413		If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in the \sphinxstyleemphasis{auth\_context} , an entry describing the message is entered in the replay cache \sphinxstyleemphasis{auth\_context-\textgreater{}rcache} which enables the caller to detect if this message is reflected by an attacker. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} is not set, the replay cache is not used.
8414
8415		If either {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the \sphinxstyleemphasis{auth\_context} local sequence number will be placed in \sphinxstyleemphasis{outdata} as its sequence number.
8416
8417		Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{outbuf} when it is no longer needed.
	8255	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB-SAFE message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} is not set, no replay cache is used. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB-SAFE message and is stored in \sphinxstyleemphasis{rdata\_out} .
	8256
	8257	If either {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB-SAFE message and then incremented. If {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} .
	8258
	8259	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{der\_out} when it is no longer needed.
8418	8260
8419	8261	\begin{sphinxadmonition}{note}{Note:}
8420		The \sphinxstyleemphasis{outdata} argument is required if {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in the \sphinxstyleemphasis{auth\_context} .
	8262	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .
8421	8263	\end{sphinxadmonition}
8422	8264
8423	8265

8772	8614	\end{sphinxadmonition}
8773	8615
8774	8616
	8617	\subsubsection{krb5\_pac\_get\_client\_info}
	8618	\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info:krb5-pac-get-client-info}}\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info::doc}}\index{krb5\_pac\_get\_client\_info (C function)}
	8619
	8620	\begin{fulllineitems}
	8621	\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info:c.krb5_pac_get_client_info}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_pac\_get\_client\_info}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{krb5\_pac}}}\sphinxstyleemphasis{ pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{krb5\_timestamp}}} \sphinxstyleemphasis{ authtime\_out}, char *\sphinxstyleemphasis{ princname\_out}}{}
	8622	\end{fulllineitems}
	8623
	8624	\begin{quote}\begin{description}
	8625	\item[{param}] \leavevmode
	8626	\sphinxstylestrong{context}
	8627
	8628	\sphinxstylestrong{pac}
	8629
	8630	\sphinxstylestrong{authtime\_out}
	8631
	8632	\sphinxstylestrong{princname\_out}
	8633
	8634	\end{description}\end{quote}
	8635
	8636
8775	8637	\subsubsection{krb5\_prepend\_error\_message - Add a prefix to the message for an error code.}
8776	8638	\label{\detokenize{appdev/refs/api/krb5_prepend_error_message:krb5-prepend-error-message-add-a-prefix-to-the-message-for-an-error-code}}\label{\detokenize{appdev/refs/api/krb5_prepend_error_message::doc}}\index{krb5\_prepend\_error\_message (C function)}
8777	8639

8822	8684	\label{\detokenize{appdev/refs/api/krb5_rd_cred:krb5-rd-cred-read-and-validate-a-krb-cred-message}}\label{\detokenize{appdev/refs/api/krb5_rd_cred::doc}}\index{krb5\_rd\_cred (C function)}
8823	8685
8824	8686	\begin{fulllineitems}
8825		\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_cred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ pcreddata}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} *\sphinxstyleemphasis{ pppcreds}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} \sphinxstyleemphasis{ outdata}}{}
	8687	\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_cred}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ creddata}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{krb5\_creds}}} *\sphinxstyleemphasis{ creds\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} \sphinxstyleemphasis{ rdata\_out}}{}
8826	8688	\end{fulllineitems}
8827	8689
8828	8690	\begin{quote}\begin{description}

8831	8693
8832	8694	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} - Authentication context
8833	8695
8834		\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pcreddata} - \sphinxstylestrong{KRB-CRED} message
8835
8836		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{pppcreds} - Null-terminated array of forwarded credentials
8837
8838		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay data (NULL if not needed)
	8696	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creddata} - \sphinxstylestrong{KRB-CRED} message
	8697
	8698	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds\_out} - Null-terminated array of forwarded credentials
	8699
	8700	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay data (NULL if not needed)
8839	8701
8840	8702	\end{description}\end{quote}
8841	8703	\begin{quote}\begin{description}

8848	8710	\end{description}\end{quote}
8849	8711	\begin{quote}
8850	8712
8851		\sphinxstyleemphasis{pcreddata} will be decrypted using the receiving subkey if it is present in \sphinxstyleemphasis{auth\_context} , or the session key if the receiving subkey is not present or fails to decrypt the message.
	8713	\sphinxstyleemphasis{creddata} will be decrypted using the receiving subkey if it is present in \sphinxstyleemphasis{auth\_context} , or the session key if the receiving subkey is not present or fails to decrypt the message.
8852	8714	\end{quote}
8853	8715
8854		Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_tgt_creds:c.krb5_free_tgt_creds}]{\sphinxcrossref{\sphinxcode{krb5\_free\_tgt\_creds()}}}} to free \sphinxstyleemphasis{pppcreds} when it is no longer needed.
	8716	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_tgt_creds:c.krb5_free_tgt_creds}]{\sphinxcrossref{\sphinxcode{krb5\_free\_tgt\_creds()}}}} to free \sphinxstyleemphasis{creds\_out} when it is no longer needed.
8855	8717
8856	8718	\begin{sphinxadmonition}{note}{Note:}
8857		The \sphinxstyleemphasis{outdata} argument is required if {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in the \sphinxstyleemphasis{auth\_context} .{}`
	8719	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .{}`
8858	8720	\end{sphinxadmonition}
8859	8721
8860	8722

8890	8752	\label{\detokenize{appdev/refs/api/krb5_rd_priv:krb5-rd-priv-process-a-krb-priv-message}}\label{\detokenize{appdev/refs/api/krb5_rd_priv::doc}}\index{krb5\_rd\_priv (C function)}
8891	8753
8892	8754	\begin{fulllineitems}
8893		\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_priv:c.krb5_rd_priv}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_priv}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ outbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ outdata}}{}
	8755	\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_priv:c.krb5_rd_priv}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_priv}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ rdata\_out}}{}
8894	8756	\end{fulllineitems}
8895	8757
8896	8758	\begin{quote}\begin{description}

8901	8763
8902	8764	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} - \sphinxstylestrong{KRB-PRIV} message to be parsed
8903	8765
8904		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} - Data parsed from \sphinxstylestrong{KRB-PRIV} message
8905
8906		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay data. Specify NULL if not needed
	8766	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{userdata\_out} - Data parsed from \sphinxstylestrong{KRB-PRIV} message
	8767
	8768	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay data. Specify NULL if not needed
8907	8769
8908	8770	\end{description}\end{quote}
8909	8771	\begin{quote}\begin{description}

8915	8777
8916	8778	\end{description}\end{quote}
8917	8779
8918		This function parses a \sphinxstylestrong{KRB-PRIV} message, verifies its integrity, and stores its unencrypted data into \sphinxstyleemphasis{outbuf} .
8919
8920		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of \sphinxstyleemphasis{auth\_context} . Otherwise, the sequence number is not used.
8921
8922		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , then two additional checks are performed:
8923		\begin{itemize}
8924		\item {}
8925		The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
8926
8927		\item {}
8928		The message must not be a replayed message field in \sphinxstyleemphasis{auth\_context} .
8929
8930		\end{itemize}
	8780	This function parses a \sphinxstylestrong{KRB-PRIV} message, verifies its integrity, and stores its unencrypted data into \sphinxstyleemphasis{userdata\_out} .
	8781
	8782	If \sphinxstyleemphasis{auth\_context} has a remote address set, the address will be used to verify the sender address in the KRB-PRIV message. If \sphinxstyleemphasis{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one.
	8783
	8784	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , the sequence number of the KRB-PRIV message is checked against the remote sequence number field of \sphinxstyleemphasis{auth\_context} . Otherwise, the sequence number is not used.
	8785
	8786	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.
	8787
	8788	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{userdata\_out} when it is no longer needed.
8931	8789
8932	8790	\begin{sphinxadmonition}{note}{Note:}
8933		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , \sphinxstyleemphasis{outdata} is required.
	8791	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .
8934	8792	\end{sphinxadmonition}
8935	8793
8936	8794

9063	8921	\label{\detokenize{appdev/refs/api/krb5_rd_safe:krb5-rd-safe-process-krb-safe-message}}\label{\detokenize{appdev/refs/api/krb5_rd_safe::doc}}\index{krb5\_rd\_safe (C function)}
9064	8922
9065	8923	\begin{fulllineitems}
9066		\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_safe:c.krb5_rd_safe}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_safe}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ outbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ outdata}}{}
	8924	\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_safe:c.krb5_rd_safe}}\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{krb5\_error\_code}}} \sphinxbfcode{krb5\_rd\_safe}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{krb5\_context}}}\sphinxstyleemphasis{ context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{krb5\_auth\_context}}}\sphinxstyleemphasis{ auth\_context}, const {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{krb5\_data}}} \sphinxstyleemphasis{ userdata\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{krb5\_replay\_data}}} *\sphinxstyleemphasis{ rdata\_out}}{}
9067	8925	\end{fulllineitems}
9068	8926
9069	8927	\begin{quote}\begin{description}

9074	8932
9075	8933	\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} - \sphinxstylestrong{KRB-SAFE} message to be parsed
9076	8934
9077		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} - Data parsed from \sphinxstylestrong{KRB-SAFE} message
9078
9079		\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} - Replay data. Specify NULL if not needed
	8935	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{userdata\_out} - Data parsed from \sphinxstylestrong{KRB-SAFE} message
	8936
	8937	\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} - Replay data. Specify NULL if not needed
9080	8938
9081	8939	\end{description}\end{quote}
9082	8940	\begin{quote}\begin{description}

9088	8946
9089	8947	\end{description}\end{quote}
9090	8948
9091		This function parses a \sphinxstylestrong{KRB-SAFE} message, verifies its integrity, and stores its data into \sphinxstyleemphasis{outbuf} .
	8949	This function parses a \sphinxstylestrong{KRB-SAFE} message, verifies its integrity, and stores its data into \sphinxstyleemphasis{userdata\_out} .
	8950
	8951	If \sphinxstyleemphasis{auth\_context} has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If \sphinxstyleemphasis{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one.
9092	8952
9093	8953	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of \sphinxstyleemphasis{auth\_context} . Otherwise, the sequence number is not used.
9094	8954
9095		If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , then two additional checks are performed:
9096		\begin{quote}
9097		\begin{itemize}
9098		\item {}
9099		The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
9100
9101		\item {}
9102		The message must not be a replayed message field in \sphinxstyleemphasis{auth\_context} .
9103
9104		\end{itemize}
9105
9106		Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{outbuf} when it is no longer needed.
9107		\end{quote}
	8955	If the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}}} flag is set in \sphinxstyleemphasis{auth\_context} , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.
	8956
	8957	Use {\hyperref[\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}]{\sphinxcrossref{\sphinxcode{krb5\_free\_data\_contents()}}}} to free \sphinxstyleemphasis{userdata\_out} when it is no longer needed.
9108	8958
9109	8959	\begin{sphinxadmonition}{note}{Note:}
9110		The \sphinxstyleemphasis{outdata} argument is required if {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in the \sphinxstyleemphasis{auth\_context} .
	8960	The \sphinxstyleemphasis{rdata\_out} argument is required if the {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}}} or {\hyperref[\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}]{\sphinxcrossref{\sphinxcode{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}}} flag is set in \sphinxstyleemphasis{auth\_context} .
9111	8961	\end{sphinxadmonition}
9112	8962
9113	8963

16943	16793	\end{fulllineitems}
16944	16794
16945	16795
16946		DES cbc mode with CRC-32.
16947
16948	16796
16949	16797	\begin{savenotes}\sphinxattablestart
16950	16798	\centering

16969	16817	\end{fulllineitems}
16970	16818
16971	16819
16972		DES cbc mode with RSA-MD4.
16973
16974	16820
16975	16821	\begin{savenotes}\sphinxattablestart
16976	16822	\centering

16995	16841	\end{fulllineitems}
16996	16842
16997	16843
16998		DES cbc mode with RSA-MD5.
16999
17000	16844
17001	16845	\begin{savenotes}\sphinxattablestart
17002	16846	\centering

22068	21912	\sphinxcode{KRB5\_PADATA\_OTP\_REQUEST}
22069	21913	&
22070	21914	\sphinxcode{142}
	21915	\\
	21916	\hline
	21917	\end{tabulary}
	21918	\par
	21919	\sphinxattableend\end{savenotes}
	21920
	21921
	21922	\subsubsection{KRB5\_PADATA\_PAC\_OPTIONS}
	21923	\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS::doc}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:krb5-padata-pac-options}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:krb5-padata-pac-options-data}}\index{KRB5\_PADATA\_PAC\_OPTIONS (built-in variable)}
	21924
	21925	\begin{fulllineitems}
	21926	\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:KRB5_PADATA_PAC_OPTIONS}}\pysigline{\sphinxbfcode{KRB5\_PADATA\_PAC\_OPTIONS}}
	21927	\end{fulllineitems}
	21928
	21929
	21930	MS-KILE and MS-SFU.
	21931
	21932
	21933	\begin{savenotes}\sphinxattablestart
	21934	\centering
	21935	\begin{tabulary}{\linewidth}[t]{\|T\|T\|}
	21936	\hline
	21937
	21938	\sphinxcode{KRB5\_PADATA\_PAC\_OPTIONS}
	21939	&
	21940	\sphinxcode{167}
22071	21941	\\
22072	21942	\hline
22073	21943	\end{tabulary}

doc/pdf/basic.pdf less more

Binary diff not shown

+78

-45

doc/pdf/basic.tex less more

54	54
55	55	\title{Kerberos Concepts}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

119	119	requirement is for parent directory to exist and the current
120	120	process must have permissions to create the directory if it does
121	121	not exist. See {\hyperref[\detokenize{basic/ccache_def:col-ccache}]{\sphinxcrossref{\DUrole{std,std-ref}{Collections of caches}}}} for details. New in release 1.10.
	122	The following residual forms are supported:
	123	\begin{itemize}
	124	\item {}
	125	DIR:dirname
	126
	127	\item {}
	128	DIR::dirpath/filename - a single cache within the directory
	129
	130	\end{itemize}
	131
	132	Switching to a ccache of the latter type causes it to become the
	133	primary for the directory.
122	134
123	135	\item {}
124	136	\sphinxstylestrong{FILE} caches are the simplest and most portable. A simple flat

266	278
267	279	Keytabs are named using the format \sphinxstyleemphasis{type}\sphinxcode{:}\sphinxstyleemphasis{value}. Usually
268	280	\sphinxstyleemphasis{type} is \sphinxcode{FILE} and \sphinxstyleemphasis{value} is the absolute pathname of the file.
269		Other possible values for \sphinxstyleemphasis{type} are \sphinxcode{SRVTAB}, which indicates a
270		file in the deprecated Kerberos 4 srvtab format, and \sphinxcode{MEMORY}, which
271		indicates a temporary keytab stored in the memory of the current
272		process.
	281	The other possible value for \sphinxstyleemphasis{type} is \sphinxcode{MEMORY}, which indicates a
	282	temporary keytab stored in the memory of the current process.
273	283
274	284	A keytab contains one or more entries, where each entry consists of a
275	285	timestamp (indicating when the entry was written to the keytab), a

331	341	the application program.
332	342
333	343	The replay cache interface, like the credential cache and
334		{\hyperref[\detokenize{basic/keytab_def:keytab-definition}]{\sphinxcrossref{\DUrole{std,std-ref}{keytab}}}} interfaces, uses \sphinxtitleref{type:value} strings to
	344	{\hyperref[\detokenize{basic/keytab_def:keytab-definition}]{\sphinxcrossref{\DUrole{std,std-ref}{keytab}}}} interfaces, uses \sphinxtitleref{type:residual} strings to
335	345	indicate the type of replay cache and any associated cache naming
336	346	data to use.
337	347

380	390	attacked.
381	391
382	392
383		\section{Default rcache type}
384		\label{\detokenize{basic/rcache_def:default-rcache-type}}
385		There is currently only one implemented kind of replay cache, called
386		\sphinxstylestrong{dfl}. It stores replay data in one file, occasionally rewriting it
387		to purge old, expired entries.
388
389		The default type can be overridden by the \sphinxstylestrong{KRB5RCACHETYPE}
390		environment variable.
391
392		The placement of the replay cache file is determined by the following:
	393	\section{Replay cache types}
	394	\label{\detokenize{basic/rcache_def:replay-cache-types}}
	395	Unlike the credential cache and keytab interfaces, replay cache types
	396	are in lowercase. The following types are defined:
393	397	\begin{enumerate}
394	398	\item {}
395		The \sphinxstylestrong{KRB5RCACHEDIR} environment variable;
396
397		\item {}
398		If KRB5RCACHEDIR is unspecified, on UNIX, the library
399		will fall back to the environment variable \sphinxstylestrong{TMPDIR}, and then to
400		a temporary directory determined at configuration time such as
401		\sphinxstyleemphasis{/tmp} or \sphinxstyleemphasis{/var/tmp}; on Windows, it will check the environment
402		variables \sphinxstyleemphasis{TEMP} and \sphinxstyleemphasis{TMP}, and fall back to the directory C:.
	399	\sphinxstylestrong{none} disables the replay cache. The residual value is ignored.
	400
	401	\item {}
	402	\sphinxstylestrong{file2} (new in release 1.18) uses a hash-based format to store
	403	replay records. The file may grow to accommodate hash collisions.
	404	The residual value is the filename.
	405
	406	\item {}
	407	\sphinxstylestrong{dfl} is the default type if no environment variable or
	408	configuration specifies a different type. It stores replay data in
	409	a file2 replay cache with a filename based on the effective uid.
	410	The residual value is ignored.
403	411
404	412	\end{enumerate}
405	413
406
407		\section{Performance issues}
408		\label{\detokenize{basic/rcache_def:performance-issues}}
409		Several known minor performance issues that may occur when replay
410		cache is enabled on the Kerberos system include: delays due to writing
411		the authenticator data to disk slowing down response time for very
412		heavily loaded servers, and delays during the rewrite that may be
413		unacceptable to high-performance services.
414
415		For use cases where replays are adequately defended against for all
416		protocols using a given service principal name, or where performance
417		or other considerations outweigh the risk of replays, the special
418		replay cache type “none” can be specified:
419
420		\fvset{hllines={, ,}}%
421		\begin{sphinxVerbatim}[commandchars=\\\{\}]
422		\PYG{n}{KRB5RCACHETYPE}\PYG{o}{=}\PYG{n}{none}
423		\end{sphinxVerbatim}
424
425		It doesn’t record any information about authenticators, and reports
426		that any authenticator seen is not a replay.
	414	For the dfl type, the location of the replay cache file is determined
	415	as follows:
	416	\begin{enumerate}
	417	\item {}
	418	The directory is taken from the \sphinxstylestrong{KRB5RCACHEDIR} environment
	419	variable, or the \sphinxstylestrong{TMPDIR} environment variable, or a temporary
	420	directory determined at configuration time such as \sphinxcode{/var/tmp}, in
	421	descending order of preference.
	422
	423	\item {}
	424	The filename is \sphinxcode{krb5\_EUID.rcache2} where EUID is the effective
	425	uid of the process.
	426
	427	\item {}
	428	The file is opened without following symbolic links, and ownership
	429	of the file is verified to match the effective uid.
	430
	431	\end{enumerate}
	432
	433	On Windows, the directory for the dfl type is the local appdata
	434	directory, unless overridden by the \sphinxstylestrong{KRB5RCACHEDIR} environment
	435	variable. The filename on Windows is \sphinxcode{krb5.rcache2}, and the file
	436	is opened normally.
	437
	438
	439	\section{Default replay cache name}
	440	\label{\detokenize{basic/rcache_def:default-replay-cache-name}}
	441	The default replay cache name is determined by the following, in
	442	descending order of priority:
	443	\begin{enumerate}
	444	\item {}
	445	The \sphinxstylestrong{KRB5RCACHENAME} environment variable (new in release 1.18).
	446
	447	\item {}
	448	The \sphinxstylestrong{KRB5RCACHETYPE} environment variable. If this variable is
	449	set, the residual value is empty.
	450
	451	\item {}
	452	The \sphinxstylestrong{default\_rcache\_name} profile variable in \DUrole{xref,std,std-ref}{libdefaults}
	453	(new in release 1.18).
	454
	455	\item {}
	456	If none of the above are set, the default replay cache name is
	457	\sphinxcode{dfl:}.
	458
	459	\end{enumerate}
427	460
428	461
429	462	\chapter{stash file}

doc/pdf/build.pdf less more

Binary diff not shown

+5

-1

doc/pdf/build.tex less more

54	54
55	55	\title{Building MIT Kerberos}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

884	884	\sphinxcode{-{-}without-krb5-config} to disable the use of krb5-config and
885	885	use the usual built-in defaults.
886	886
	887	\item[{\sphinxstylestrong{-}\sphinxstylestrong{-without-keyutils}}] \leavevmode
	888	Build without libkeyutils support. This disables the KEYRING
	889	credential cache type.
	890
887	891	\end{description}
888	892
889	893

doc/pdf/plugindev.pdf less more

Binary diff not shown

+34

-7

doc/pdf/plugindev.tex less more

54	54
55	55	\title{Kerberos Plugin Module Developer Guide}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

670	670
671	671	A mechanism module is a Unix shared object or Windows DLL, built
672	672	separately from the krb5 tree. Modules are loaded according to the
673		\sphinxcode{/etc/gss/mech} or \sphinxcode{/etc/gss/mech.d/*.conf} config files, as
674		described in \DUrole{xref,std,std-ref}{gssapi\_plugin\_config}.
	673	GSS mechanism config files described in \DUrole{xref,std,std-ref}{gssapi\_plugin\_config}.
675	674
676	675	For the most part, a GSSAPI mechanism module exports the same
677	676	functions as would a GSSAPI implementation itself, with the same

693	692	back again when \sphinxstylestrong{gss\_display\_status} is called.
694	693
695	694
	695	\subsection{NegoEx modules}
	696	\label{\detokenize{plugindev/gssapi:negoex-modules}}
	697	Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft
	698	extension to SPNEGO called NegoEx. Beginning with release 1.18,
	699	mechanism modules can support NegoEx as follows:
	700	\begin{itemize}
	701	\item {}
	702	Implement the gssspi\_query\_meta\_data(), gssspi\_exchange\_meta\_data(),
	703	and gssspi\_query\_mechanism\_info() SPIs declared in
	704	\sphinxcode{\textless{}gssapi/gssapi\_ext.h\textgreater{}}.
	705
	706	\item {}
	707	Implement gss\_inquire\_sec\_context\_by\_oid() and answer the
	708	\sphinxstylestrong{GSS\_C\_INQ\_NEGOEX\_KEY} and \sphinxstylestrong{GSS\_C\_INQ\_NEGOEX\_VERIFY\_KEY} OIDs
	709	to provide the checksum keys for outgoing and incoming checksums,
	710	respectively. The answer must be in two buffers: the first buffer
	711	contains the key contents, and the second buffer contains the key
	712	encryption type as a four-byte little-endian integer.
	713
	714	\end{itemize}
	715
	716	By default, NegoEx mechanisms will not be directly negotiated via
	717	SPNEGO. If direct SPNEGO negotiation is required for
	718	interoperability, implement gss\_inquire\_attrs\_for\_mech() and assert
	719	the GSS\_C\_MA\_NEGOEX\_AND\_SPNEGO attribute (along with any applicable
	720	RFC 5587 attributes).
	721
	722
696	723	\subsection{Interposer modules}
697	724	\label{\detokenize{plugindev/gssapi:interposer-modules}}
698	725	The mechglue also supports a kind of loadable module, called an

708	735	\end{sphinxVerbatim}
709	736
710	737	This function is invoked with the OID of the interposer mechanism as
711		specified in \sphinxcode{/etc/gss/mech} or in a \sphinxcode{/etc/gss/mech.d/*.conf}
712		file, and returns a set of mechanism OIDs to be interposed. The
713		returned OID set must have been created using the mechglue’s
714		gss\_create\_empty\_oid\_set and gss\_add\_oid\_set\_member functions.
	738	specified in the mechanism config file, and returns a set of mechanism
	739	OIDs to be interposed. The returned OID set must have been created
	740	using the mechglue’s gss\_create\_empty\_oid\_set and
	741	gss\_add\_oid\_set\_member functions.
715	742
716	743	An interposer module must use the prefix \sphinxcode{gssi\_} for the GSSAPI
717	744	functions it exports, instead of the prefix \sphinxcode{gss\_}.

doc/pdf/user.pdf less more

Binary diff not shown

+45

-10

doc/pdf/user.tex less more

54	54
55	55	\title{Kerberos User Guide}
56	56	\date{ }
57		\release{1.17}
	57	\release{1.18.2}
58	58	\author{MIT}
59	59	\newcommand{\sphinxlogo}{\vbox{}}
60	60	\renewcommand{\releasename}{Release}

710	710	Distribution Center daemon and associated programs. The default
711	711	is \DUrole{xref,std,std-ref}{LOCALSTATEDIR}\sphinxcode{/krb5kdc}\sphinxcode{/kdc.conf}.
712	712
	713	\item[{\sphinxstylestrong{KRB5RCACHENAME}}] \leavevmode
	714	(New in release 1.18) Specifies the location of the default replay
	715	cache, in the form \sphinxstyleemphasis{type}:\sphinxstyleemphasis{residual}. The \sphinxcode{file2} type with a
	716	pathname residual specifies a replay cache file in the version-2
	717	format in the specified location. The \sphinxcode{none} type (residual is
	718	ignored) disables the replay cache. The \sphinxcode{dfl} type (residual is
	719	ignored) indicates the default, which uses a file2 replay cache in
	720	a temporary directory. The default is \sphinxcode{dfl:}.
	721
713	722	\item[{\sphinxstylestrong{KRB5RCACHETYPE}}] \leavevmode
714		Specifies the default type of replay cache to use for servers.
715		Valid types include \sphinxcode{dfl} for the normal file type and \sphinxcode{none}
716		for no replay cache. The default is \sphinxcode{dfl}.
	723	Specifies the type of the default replay cache, if
	724	\sphinxstylestrong{KRB5RCACHENAME} is unspecified. No residual can be specified,
	725	so \sphinxcode{none} and \sphinxcode{dfl} are the only useful types.
717	726
718	727	\item[{\sphinxstylestrong{KRB5RCACHEDIR}}] \leavevmode
719		Specifies the default directory for replay caches used by servers.
	728	Specifies the directory used by the \sphinxcode{dfl} replay cache type.
720	729	The default is the value of the \sphinxstylestrong{TMPDIR} environment variable,
721	730	or \sphinxcode{/var/tmp} if \sphinxstylestrong{TMPDIR} is not set.
722	731

734	743
735	744	\item[{\sphinxstylestrong{KPROP\_PORT}}] \leavevmode
736	745	\DUrole{xref,std,std-ref}{kprop(8)} port to use. Defaults to 754.
	746
	747	\item[{\sphinxstylestrong{GSS\_MECH\_CONFIG}}] \leavevmode
	748	Specifies a filename containing GSSAPI mechanism module
	749	configuration. The default is to read \DUrole{xref,std,std-ref}{SYSCONFDIR}\sphinxcode{/gss/mech}
	750	and files with a \sphinxcode{.conf} suffix within the directory
	751	\DUrole{xref,std,std-ref}{SYSCONFDIR}\sphinxcode{/gss/mech.d}.
737	752
738	753	\end{description}
739	754

1066	1081	requested.
1067	1082
1068	1083	\item[{\sphinxstylestrong{-E}}] \leavevmode
1069		treats the principal name as an enterprise name (implies the
1070		\sphinxstylestrong{-C} option).
	1084	treats the principal name as an enterprise name.
1071	1085
1072	1086	\item[{\sphinxstylestrong{-v}}] \leavevmode
1073	1087	requests that the ticket-granting ticket in the cache (with the

1496	1510	{[} \sphinxstylestrong{-c} \sphinxstyleemphasis{source\_cache\_name} {]}
1497	1511	{[} \sphinxstylestrong{-k} {]}
1498	1512	{[} \sphinxstylestrong{-r} time {]}
1499		{[} \sphinxstylestrong{-pf} {]}
	1513	{[} \sphinxstylestrong{-p} \textbar{} \sphinxstylestrong{-P}{]}
	1514	{[} \sphinxstylestrong{-f} \textbar{} \sphinxstylestrong{-F}{]}
1500	1515	{[} \sphinxstylestrong{-l} \sphinxstyleemphasis{lifetime} {]}
1501	1516	{[} \sphinxstylestrong{-z \textbar{} Z} {]}
1502	1517	{[} \sphinxstylestrong{-q} {]}

1748	1763
1749	1764	Ticket granting ticket options:
1750	1765	\begin{description}
1751		\item[{\sphinxstylestrong{-l} \sphinxstyleemphasis{lifetime} \sphinxstylestrong{-r} \sphinxstyleemphasis{time} \sphinxstylestrong{-pf}}] \leavevmode
	1766	\item[{\sphinxstylestrong{-l} \sphinxstyleemphasis{lifetime} \sphinxstylestrong{-r} \sphinxstyleemphasis{time} \sphinxstylestrong{-p} \sphinxstylestrong{-P} \sphinxstylestrong{-f} \sphinxstylestrong{-F}}] \leavevmode
1752	1767	The ticket granting ticket options only apply to the case where
1753	1768	there are no appropriate tickets in the cache to authenticate the
1754	1769	source user. In this case if ksu is configured to prompt users

1770	1785	specifies that the \sphinxstylestrong{proxiable} option should be requested for
1771	1786	the ticket.
1772	1787
	1788	\item[{\sphinxstylestrong{-P}}] \leavevmode
	1789	specifies that the \sphinxstylestrong{proxiable} option should not be requested
	1790	for the ticket, even if the default configuration is to ask for
	1791	proxiable tickets.
	1792
1773	1793	\item[{\sphinxstylestrong{-f}}] \leavevmode
1774	1794	option specifies that the \sphinxstylestrong{forwardable} option should be
1775	1795	requested for the ticket.
	1796
	1797	\item[{\sphinxstylestrong{-F}}] \leavevmode
	1798	option specifies that the \sphinxstylestrong{forwardable} option should not be
	1799	requested for the ticket, even if the default configuration is to
	1800	ask for forwardable tickets.
1776	1801
1777	1802	\item[{\sphinxstylestrong{-e} \sphinxstyleemphasis{command} {[}\sphinxstyleemphasis{args} …{]}}] \leavevmode
1778	1803	ksu proceeds exactly the same as if it was invoked without the

1972	1997	{[}\sphinxstylestrong{-h}{]}
1973	1998	{[}\sphinxstylestrong{-P}{]}
1974	1999	{[}\sphinxstylestrong{-S} \sphinxstyleemphasis{sname}{]}
	2000	{[}\sphinxstylestrong{-I} \sphinxstyleemphasis{for\_user}{]}
1975	2001	{[}\sphinxstylestrong{-U} \sphinxstyleemphasis{for\_user}{]}
	2002	{[}\sphinxstylestrong{-F} \sphinxstyleemphasis{cert\_file}{]}
1976	2003	{[}\sphinxstylestrong{\textendash{}u2u} \sphinxstyleemphasis{ccache}{]}
1977	2004	\sphinxstyleemphasis{service1 service2} …
1978	2005

2015	2042	The service hostnames will be canonicalized according to the usual
2016	2043	rules for constructing service principals.
2017	2044
2018		\item[{\sphinxstylestrong{-U} \sphinxstyleemphasis{for\_user}}] \leavevmode
	2045	\item[{\sphinxstylestrong{-I} \sphinxstyleemphasis{for\_user}}] \leavevmode
2019	2046	Specifies that protocol transition (S4U2Self) is to be used to
2020	2047	acquire a ticket on behalf of \sphinxstyleemphasis{for\_user}. If constrained
2021	2048	delegation is not requested, the service name must match the
2022	2049	credentials cache client principal.
	2050
	2051	\item[{\sphinxstylestrong{-U} \sphinxstyleemphasis{for\_user}}] \leavevmode
	2052	Same as -I, but treats \sphinxstyleemphasis{for\_user} as an enterprise name.
	2053
	2054	\item[{\sphinxstylestrong{-F} \sphinxstyleemphasis{cert\_file}}] \leavevmode
	2055	Specifies that protocol transition is to be used, identifying the
	2056	client principal with the X.509 certificate in \sphinxstyleemphasis{cert\_file}. The
	2057	certificate file must be in PEM format.
2023	2058
2024	2059	\item[{\sphinxstylestrong{\textendash{}u2u} \sphinxstyleemphasis{ccache}}] \leavevmode
2025	2060	Requests a user-to-user ticket. \sphinxstyleemphasis{ccache} must contain a local

+30

-6

doc/plugindev/gssapi.rst less more

8	8
9	9	A mechanism module is a Unix shared object or Windows DLL, built
10	10	separately from the krb5 tree. Modules are loaded according to the
11		``/etc/gss/mech`` or ``/etc/gss/mech.d/*.conf`` config files, as
12		described in :ref:`gssapi_plugin_config`.
	11	GSS mechanism config files described in :ref:`gssapi_plugin_config`.
13	12
14	13	For the most part, a GSSAPI mechanism module exports the same
15	14	functions as would a GSSAPI implementation itself, with the same

31	30	back again when gss_display_status is called.
32	31
33	32
	33	NegoEx modules
	34	--------------
	35
	36	Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft
	37	extension to SPNEGO called NegoEx. Beginning with release 1.18,
	38	mechanism modules can support NegoEx as follows:
	39
	40	* Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(),
	41	and gssspi_query_mechanism_info() SPIs declared in
	42	``<gssapi/gssapi_ext.h>``.
	43
	44	* Implement gss_inquire_sec_context_by_oid() and answer the
	45	GSS_C_INQ_NEGOEX_KEY and GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs
	46	to provide the checksum keys for outgoing and incoming checksums,
	47	respectively. The answer must be in two buffers: the first buffer
	48	contains the key contents, and the second buffer contains the key
	49	encryption type as a four-byte little-endian integer.
	50
	51	By default, NegoEx mechanisms will not be directly negotiated via
	52	SPNEGO. If direct SPNEGO negotiation is required for
	53	interoperability, implement gss_inquire_attrs_for_mech() and assert
	54	the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable
	55	RFC 5587 attributes).
	56
	57
34	58	Interposer modules
35	59	------------------
36	60

44	68	gss_OID_set gss_mech_interposer(gss_OID mech_type);
45	69
46	70	This function is invoked with the OID of the interposer mechanism as
47		specified in ``/etc/gss/mech`` or in a ``/etc/gss/mech.d/*.conf``
48		file, and returns a set of mechanism OIDs to be interposed. The
49		returned OID set must have been created using the mechglue's
50		gss_create_empty_oid_set and gss_add_oid_set_member functions.
	71	specified in the mechanism config file, and returns a set of mechanism
	72	OIDs to be interposed. The returned OID set must have been created
	73	using the mechglue's gss_create_empty_oid_set and
	74	gss_add_oid_set_member functions.
51	75
52	76	An interposer module must use the prefix ``gssi_`` for the GSSAPI
53	77	functions it exports, instead of the prefix ``gss_``.

+7

-7

doc/rpc/design.tex less more

518	518	complex. In the normal course of events, an RPC call comes in, is
519	519	authenticated, and is then dispatched to the appropriate procedure.
520	520	For client- and service-side authentication flavors to communicate
521		indepedent of the server implemented above the RPC layer, the
	521	independent of the server implemented above the RPC layer, the
522	522	service-side flavor must be able to send a reply to the client
523	523	directly and {\it prevent} the call from being dispatched.
524	524

579	579
580	580	\section{GSS-API Authentication Flavor}
581	581
582		The following sections describe the implemetation of the GSS-API
	582	The following sections describe the implementation of the GSS-API
583	583	authentication flavor for Sun RPC.
584	584
585	585	\subsection{Authentication Algorithms}

639	639	since the application server may have registered multiple service
640	640	names and there is no way to determine {\it a priori} which service a
641	641	token is for, _svcauth_gssapi calls gss_accept_sec_context once for
642		each registered credential until one of them succeedes. The code
	642	each registered credential until one of them succeeds. The code
643	643	assumes that GSS_S_FAILURE is the only error that can result from a
644	644	credential mismatch, so any other error terminates the loop
645	645	immediately.

660	660	\subsubsection{RPC Calls}
661	661
662	662	After the GSS-API context is established, both the server and the
663		client posess a client handle and a corresponding sequence number.
	663	client possess a client handle and a corresponding sequence number.
664	664	Each call from the client contains the client handle as the
665	665	``credential'' so that the server can identify which context to apply
666	666	to the call.

703	703	authentication mechanism for the actual server. Any message whose
704	704	auth_msg field is true is processed by the authentication mechanism;
705	705	any message whose auth_msg is false is passed to the application
706		server's dispatch function if authentication suceeds. All messages
	706	server's dispatch function if authentication succeeds. All messages
707	707	must have an auth_msg of true until the context is established, since
708	708	authentication cannot succeed until it is.
709	709

875	875	number is one greater than the previous value sent by
876	876	auth_gssapi_marshall.
877	877
878		Finally, auth_gssapi_unwrap, invokved by the client-side RPC mechanism
	878	Finally, auth_gssapi_unwrap, invoked by the client-side RPC mechanism
879	879	after auth_gssapi_validate succeeds, performs the same operation as
880	880	svc_auth_gssapi_unwrap.
881	881

939	939	the first call.
940	940
941	941	The sequence_number field contains the sequence number that will be
942		used when transmitting RPC calls to the server and verifing the
	942	used when transmitting RPC calls to the server and verifying the
943	943	server's responses after the context is initialized.
944	944
945	945	The def_cred field is true if gss_init_sec_context created a default

doc/tools/__pycache__/docmodel.cpython-36.pyc less more

Binary diff not shown

doc/tools/__pycache__/doxybuilder_funcs.cpython-36.pyc less more

Binary diff not shown

doc/tools/__pycache__/doxybuilder_types.cpython-36.pyc less more

Binary diff not shown

+2

-3

doc/tools/docmodel.py less more

200	200
201	201	def __repr__(self):
202	202	obj = getattr(self,self.category)
203		print type(obj)
204	203	return str(obj)
205	204
206	205	def signature(self):

235	234	self.test_save()
236	235
237	236	def test_print(self):
238		print 'testing'
239		print self
	237	print('testing')
	238	print(self)
240	239
241	240
242	241	def test_save(self):

+2

-2

doc/tools/doxybuilder_funcs.py less more

92	92
93	93	return '\n'.join(result)
94	94
95		class DoxyContenHandler(object, ContentHandler):
	95	class DoxyContenHandler(ContentHandler):
96	96	def __init__(self, builder):
97	97	self.builder = builder
98	98	self.counters = defaultdict(int)

241	241	'description': p_descr}
242	242	parameters.append(param_descr)
243	243	result = Function(**function_descr)
244		print >> self.tmp, result
	244	print(result, file=self.tmp)
245	245
246	246	return function_descr
247	247

+2

-2

doc/tools/doxybuilder_types.py less more

357	357	result = self.run(filename, include=['typedef'])
358	358	target_dir = '%s/types' % (self.target_dir)
359	359	if not os.path.exists(target_dir):
360		os.makedirs(target_dir, 0755)
	360	os.makedirs(target_dir, 0o755)
361	361	for t in result:
362	362	obj = DocModel(**t)
363	363	self.save(obj, self.templates, target_dir)

368	368	result = self.run(filename, include=['define'])
369	369	target_dir = '%s/macros' % (self.target_dir)
370	370	if not os.path.exists(target_dir):
371		os.makedirs(target_dir, 0755)
	371	os.makedirs(target_dir, 0o755)
372	372	for t in result:
373	373	obj = DocModel(**t)
374	374	tmpl = {'composite': 'define_document.tmpl'}

+1

-2

doc/user/user_commands/kinit.rst less more

91	91	requested.
92	92
93	93	-E
94		treats the principal name as an enterprise name (implies the
95		-C option).
	94	treats the principal name as an enterprise name.
96	95
97	96	-v
98	97	requests that the ticket-granting ticket in the cache (with the

+13

-2

doc/user/user_commands/ksu.rst less more

11	11	[ -c source_cache_name ]
12	12	[ -k ]
13	13	[ -r time ]
14		[ -pf ]
	14	[ -p \| -P]
	15	[ -f \| -F]
15	16	[ -l lifetime ]
16	17	[ -z \| Z ]
17	18	[ -q ]

246	247
247	248	Ticket granting ticket options:
248	249
249		-l lifetime -r time -pf
	250	-l lifetime -r time -p -P -f -F
250	251	The ticket granting ticket options only apply to the case where
251	252	there are no appropriate tickets in the cache to authenticate the
252	253	source user. In this case if ksu is configured to prompt users

268	269	specifies that the proxiable option should be requested for
269	270	the ticket.
270	271
	272	-P
	273	specifies that the proxiable option should not be requested
	274	for the ticket, even if the default configuration is to ask for
	275	proxiable tickets.
	276
271	277	-f
272	278	option specifies that the forwardable option should be
273	279	requested for the ticket.
	280
	281	-F
	282	option specifies that the forwardable option should not be
	283	requested for the ticket, even if the default configuration is to
	284	ask for forwardable tickets.
274	285
275	286	-e command [args ...]
276	287	ksu proceeds exactly the same as if it was invoked without the

+11

-1

doc/user/user_commands/kvno.rst less more

12	12	[-h]
13	13	[-P]
14	14	[-S sname]
	15	[-I for_user]
15	16	[-U for_user]
	17	[-F cert_file]
16	18	[--u2u ccache]
17	19	service1 service2 ...
18	20

57	59	The service hostnames will be canonicalized according to the usual
58	60	rules for constructing service principals.
59	61
60		-U for_user
	62	-I for_user
61	63	Specifies that protocol transition (S4U2Self) is to be used to
62	64	acquire a ticket on behalf of for_user. If constrained
63	65	delegation is not requested, the service name must match the
64	66	credentials cache client principal.
	67
	68	-U for_user
	69	Same as -I, but treats for_user as an enterprise name.
	70
	71	-F cert_file
	72	Specifies that protocol transition is to be used, identifying the
	73	client principal with the X.509 certificate in cert_file. The
	74	certificate file must be in PEM format.
65	75
66	76	--u2u ccache
67	77	Requests a user-to-user ticket. ccache must contain a local

+19

-4

doc/user/user_config/kerberos.rst less more

107	107	Distribution Center daemon and associated programs. The default
108	108	is \|kdcdir\|\ ``/kdc.conf``.
109	109
	110	KRB5RCACHENAME
	111	(New in release 1.18) Specifies the location of the default replay
	112	cache, in the form type:residual. The ``file2`` type with a
	113	pathname residual specifies a replay cache file in the version-2
	114	format in the specified location. The ``none`` type (residual is
	115	ignored) disables the replay cache. The ``dfl`` type (residual is
	116	ignored) indicates the default, which uses a file2 replay cache in
	117	a temporary directory. The default is ``dfl:``.
	118
110	119	KRB5RCACHETYPE
111		Specifies the default type of replay cache to use for servers.
112		Valid types include ``dfl`` for the normal file type and ``none``
113		for no replay cache. The default is ``dfl``.
	120	Specifies the type of the default replay cache, if
	121	KRB5RCACHENAME is unspecified. No residual can be specified,
	122	so ``none`` and ``dfl`` are the only useful types.
114	123
115	124	KRB5RCACHEDIR
116		Specifies the default directory for replay caches used by servers.
	125	Specifies the directory used by the ``dfl`` replay cache type.
117	126	The default is the value of the TMPDIR environment variable,
118	127	or ``/var/tmp`` if TMPDIR is not set.
119	128

131	140
132	141	KPROP_PORT
133	142	:ref:`kprop(8)` port to use. Defaults to 754.
	143
	144	GSS_MECH_CONFIG
	145	Specifies a filename containing GSSAPI mechanism module
	146	configuration. The default is to read \|sysconfdir\|\ ``/gss/mech``
	147	and files with a ``.conf`` suffix within the directory
	148	\|sysconfdir\|\ ``/gss/mech.d``.
134	149
135	150	Most environment variables are disabled for certain programs, such as
136	151	login system programs and setuid programs, which are designed to be

+4

-3

src/Makefile.in less more

12	12	@audit_plugin@ \
13	13	plugins/kadm5_hook/test \
14	14	plugins/kadm5_auth/test \
	15	plugins/gssapi/negoextest \
15	16	plugins/hostrealm/test \
16	17	plugins/localauth/test \
17	18	plugins/pwqual/test \

493	494	check-unix: check-lmdb-$(HAVE_LMDB)
494	495	cat $(SKIPTESTS)
495	496
	497	MINPYTHON = @PYTHON_MINVERSION@
496	498	check-pytests-no: check-postrecurse
497		@echo 'Skipped python test scripts: python 2.5 or later required' >> \
	499	@echo 'Skipped python test scripts: python $(MINPYTHON) required' >> \
498	500	$(SKIPTESTS)
499	501
500	502	check-cmocka-no: check-postrecurse

566	568	FIND = find
567	569	XARGS = xargs
568	570	EMACS = emacs
569		PYTHON = python
570	571
571	572	INDENTDIRS = \
572	573	appl \

670	671	check-copyright:
671	672	(cd $(top_srcdir) && \
672	673	$(FIND) . $ -name '.[ch]' -o -name '.hin' $ -print0 \| \
673		$(XARGS) -0 python util/krb5-check-copyright.py)
	674	$(XARGS) -0 $(PYTHON) util/krb5-check-copyright.py)
674	675
675	676	tags: FORCE
676	677	(cd $(top_srcdir) && \

+2

-24

src/aclocal.m4 less more

92	92	KRB5_AC_INITFINI
93	93	KRB5_AC_ENABLE_THREADS
94	94	KRB5_AC_FIND_DLOPEN
95		KRB5_AC_KEYRING_CCACHE
96		KRB5_AC_PERSISTENT_KEYRING
97	95	])dnl
98	96
99	97	dnl Maintainer mode, akin to what automake provides, 'cept we don't

1246	1244	dnl This test exists so that every application developer does not test this in
1247	1245	dnl a different, and subtly broken fashion.
1248	1246	dnl
1249		dnl It has been argued that this test should be broken up into two seperate
	1247	dnl It has been argued that this test should be broken up into two separate
1250	1248	dnl tests, one for the resolver libraries, and one for the libraries necessary
1251	1249	dnl for using Sockets API. Unfortunately, the two are carefully intertwined and
1252	1250	dnl allowing the autoconf user to use them independantly potentially results in
1253		dnl unfortunate ordering dependancies -- as such, such component macros would
	1251	dnl unfortunate ordering dependencies -- as such, such component macros would
1254	1252	dnl have to carefully use indirection and be aware if the other components were
1255	1253	dnl executed. Since other autoconf macros do not go to this trouble, and almost
1256	1254	dnl no applications use sockets without the resolver, this complexity has not

1676	1674	OPENLDAP_PLUGIN=yes
1677	1675	fi
1678	1676	])dnl
1679		dnl
1680		dnl If libkeyutils exists (on Linux) include it and use keyring ccache
1681		AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
1682		AC_CHECK_HEADERS([keyutils.h],
1683		AC_CHECK_LIB(keyutils, add_key,
1684		[dnl Pre-reqs were found
1685		AC_DEFINE(USE_KEYRING_CCACHE, 1, [Define if the keyring ccache should be enabled])
1686		LIBS="-lkeyutils $LIBS"
1687		]))
1688		])dnl
1689		dnl
1690		dnl If libkeyutils supports persistent keyrings, use them
1691		AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
1692		AC_CHECK_HEADERS([keyutils.h],
1693		AC_CHECK_LIB(keyutils, keyctl_get_persistent,
1694		[AC_DEFINE(HAVE_PERSISTENT_KEYRING, 1,
1695		[Define if persistent keyrings are supported])
1696		]))
1697		])dnl
1698		dnl

+1

-1

src/appl/gss-sample/gss-server.c less more

390	390	if (verbose && logfile)
391	391	fprintf(logfile, "Importing context: %7.4f seconds\n",
392	392	timeval_subtract(&tm1, &tm2));
393		free(context_token.value);
	393	(void) gss_release_buffer(&min_stat, &context_token);
394	394	return 0;
395	395	}
396	396

+0

-19

src/appl/simple/client/sim_client.c less more

85	85	krb5_data packet, inbuf;
86	86	krb5_ccache ccdef;
87	87	krb5_address addr, *portlocal_addr;
88		krb5_rcache rcache;
89		krb5_data rcache_name;
90	88
91	89	krb5_context context;
92	90	krb5_auth_context auth_context = NULL;

266	264	exit(1);
267	265	}
268	266
269		rcache_name.length = strlen(cp);
270		rcache_name.data = cp;
271
272		if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) {
273		com_err(progname, retval, "while getting server rcache");
274		exit(1);
275		}
276
277		/* set auth_context rcache */
278		krb5_auth_con_setrcache(context, auth_context, rcache);
279
280	267	/* Make the safe message */
281	268	inbuf.data = message;
282	269	inbuf.length = strlen(message);

309	296	printf("Sent encrypted message: %d bytes\n", i);
310	297	krb5_free_data_contents(context, &packet);
311	298
312		retval = krb5_rc_destroy(context, rcache);
313		if (retval) {
314		com_err(progname, retval, "while deleting replay cache");
315		exit(1);
316		}
317		krb5_auth_con_setrcache(context, auth_context, NULL);
318	299	krb5_auth_con_free(context, auth_context);
319	300	krb5_free_context(context);
320	301

+1

-13

src/appl/simple/server/sim_server.c less more

68	68	int flags = 0; /* for recvfrom() */
69	69	int on = 1;
70	70	struct servent *serv;
71		struct hostent *host;
72	71	struct sockaddr_in s_sock; /* server's address */
73	72	struct sockaddr_in c_sock; /* client's address */
74		char full_hname[MAXHOSTNAMELEN];
75	73	char *cp;
76	74	extern char * optarg;
77	75	int ch;

132	130	/* Set up server address */
133	131	memset(&s_sock, 0, sizeof(s_sock));
134	132	s_sock.sin_family = AF_INET;
	133	s_sock.sin_addr.s_addr = INADDR_ANY;
135	134
136	135	if (port == 0) {
137	136	/* Look up service */

144	143	s_sock.sin_port = htons(port);
145	144	}
146	145
147		if (gethostname(full_hname, sizeof(full_hname)) < 0) {
148		perror("gethostname");
149		exit(1);
150		}
151
152		if ((host = gethostbyname(full_hname)) == (struct hostent *)0) {
153		fprintf(stderr, "%s: host unknown\n", full_hname);
154		exit(1);
155		}
156		memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
157
158	146	/* Open socket */
159	147	if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
160	148	perror("opening datagram socket");

+7

-273

src/ccapi/common/cci_cred_union.c less more

24	24
25	25	#include "cci_common.h"
26	26
27		#ifdef TARGET_OS_MAC
28		#pragma mark -
29		#endif
30
31		/* ------------------------------------------------------------------------ */
32
33		static cc_uint32 cci_credentials_v4_release (cc_credentials_v4_t *io_v4creds)
34		{
35		cc_int32 err = ccNoError;
36
37		if (!io_v4creds) { err = ccErrBadParam; }
38
39		if (!err) {
40		memset (io_v4creds, 0, sizeof (*io_v4creds));
41		free (io_v4creds);
42		}
43
44		return err;
45		}
46
47		/* ------------------------------------------------------------------------ */
48
49		static cc_uint32 cci_credentials_v4_read (cc_credentials_v4_t **out_v4creds,
50		k5_ipc_stream io_stream)
51		{
52		cc_int32 err = ccNoError;
53		cc_credentials_v4_t *v4creds = NULL;
54
55		if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
56		if (!out_v4creds) { err = cci_check_error (ccErrBadParam); }
57
58		if (!err) {
59		v4creds = malloc (sizeof (*v4creds));
60		if (!v4creds) { err = cci_check_error (ccErrNoMem); }
61		}
62
63		if (!err) {
64		err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->version);
65		}
66
67		if (!err) {
68		err = krb5int_ipc_stream_read (io_stream, v4creds->principal, cc_v4_name_size);
69		}
70
71		if (!err) {
72		err = krb5int_ipc_stream_read (io_stream, v4creds->principal_instance, cc_v4_instance_size);
73		}
74
75		if (!err) {
76		err = krb5int_ipc_stream_read (io_stream, v4creds->service, cc_v4_name_size);
77		}
78
79		if (!err) {
80		err = krb5int_ipc_stream_read (io_stream, v4creds->service_instance, cc_v4_instance_size);
81		}
82
83		if (!err) {
84		err = krb5int_ipc_stream_read (io_stream, v4creds->realm, cc_v4_realm_size);
85		}
86
87		if (!err) {
88		err = krb5int_ipc_stream_read (io_stream, v4creds->session_key, cc_v4_key_size);
89		}
90
91		if (!err) {
92		err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->kvno);
93		}
94
95		if (!err) {
96		err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->string_to_key_type);
97		}
98
99		if (!err) {
100		err = krb5int_ipc_stream_read_time (io_stream, &v4creds->issue_date);
101		}
102
103		if (!err) {
104		err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->lifetime);
105		}
106
107		if (!err) {
108		err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->address);
109		}
110
111		if (!err) {
112		err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->ticket_size);
113		}
114
115		if (!err) {
116		err = krb5int_ipc_stream_read (io_stream, v4creds->ticket, cc_v4_ticket_size);
117		}
118
119		if (!err) {
120		*out_v4creds = v4creds;
121		v4creds = NULL;
122		}
123
124		free (v4creds);
125
126		return cci_check_error (err);
127		}
128
129		/* ------------------------------------------------------------------------ */
130
131		static cc_uint32 cci_credentials_v4_write (cc_credentials_v4_t *in_v4creds,
132		k5_ipc_stream io_stream)
133		{
134		cc_int32 err = ccNoError;
135
136		if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
137		if (!in_v4creds) { err = cci_check_error (ccErrBadParam); }
138
139		if (!err) {
140		err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->version);
141		}
142
143		if (!err) {
144		err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal, cc_v4_name_size);
145		}
146
147		if (!err) {
148		err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal_instance, cc_v4_instance_size);
149		}
150
151		if (!err) {
152		err = krb5int_ipc_stream_write (io_stream, in_v4creds->service, cc_v4_name_size);
153		}
154
155		if (!err) {
156		err = krb5int_ipc_stream_write (io_stream, in_v4creds->service_instance, cc_v4_instance_size);
157		}
158
159		if (!err) {
160		err = krb5int_ipc_stream_write (io_stream, in_v4creds->realm, cc_v4_realm_size);
161		}
162
163		if (!err) {
164		err = krb5int_ipc_stream_write (io_stream, in_v4creds->session_key, cc_v4_key_size);
165		}
166
167		if (!err) {
168		err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->kvno);
169		}
170
171		if (!err) {
172		err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->string_to_key_type);
173		}
174
175		if (!err) {
176		err = krb5int_ipc_stream_write_time (io_stream, in_v4creds->issue_date);
177		}
178
179		if (!err) {
180		err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->lifetime);
181		}
182
183		if (!err) {
184		err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->address);
185		}
186
187		if (!err) {
188		err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->ticket_size);
189		}
190
191		if (!err) {
192		err = krb5int_ipc_stream_write (io_stream, in_v4creds->ticket, cc_v4_ticket_size);
193		}
194
195		return cci_check_error (err);
196		}
197
198		#ifdef TARGET_OS_MAC
199		#pragma mark -
200		#endif
201
202	27	/* ------------------------------------------------------------------------ */
203	28
204	29	static cc_uint32 cci_cc_data_contents_release (cc_data *io_ccdata)

599	424	if (!io_cred_union) { err = ccErrBadParam; }
600	425
601	426	if (!err) {
602		if (io_cred_union->version == cc_credentials_v4) {
603		cci_credentials_v4_release (io_cred_union->credentials.credentials_v4);
604		} else if (io_cred_union->version == cc_credentials_v5) {
	427	if (io_cred_union->version == cc_credentials_v5) {
605	428	cci_credentials_v5_release (io_cred_union->credentials.credentials_v5);
606	429	}
607	430	free (io_cred_union);

631	454	}
632	455
633	456	if (!err) {
634		if (credentials_union->version == cc_credentials_v4) {
635		err = cci_credentials_v4_read (&credentials_union->credentials.credentials_v4,
636		io_stream);
637
638		} else if (credentials_union->version == cc_credentials_v5) {
	457	if (credentials_union->version == cc_credentials_v5) {
639	458	err = cci_credentials_v5_read (&credentials_union->credentials.credentials_v5,
640	459	io_stream);
641	460

670	489	}
671	490
672	491	if (!err) {
673		if (in_credentials_union->version == cc_credentials_v4) {
674		err = cci_credentials_v4_write (in_credentials_union->credentials.credentials_v4,
675		io_stream);
676
677		} else if (in_credentials_union->version == cc_credentials_v5) {
	492	if (in_credentials_union->version == cc_credentials_v5) {
678	493	err = cci_credentials_v5_write (in_credentials_union->credentials.credentials_v5,
679	494	io_stream);
680	495

713	528	if (!io_cred_union) { err = ccErrBadParam; }
714	529
715	530	if (!err) {
716		if (io_cred_union->cred_type == CC_CRED_V4) {
717		memset (io_cred_union->cred.pV4Cred, 0, sizeof (cc_credentials_v4_compat));
718		free (io_cred_union->cred.pV4Cred);
719
720		} else if (io_cred_union->cred_type == CC_CRED_V5) {
	531	if (io_cred_union->cred_type == CC_CRED_V5) {
721	532	free (io_cred_union->cred.pV5Cred->client);
722	533	free (io_cred_union->cred.pV5Cred->server);
723	534	cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->keyblock);

828	639	}
829	640
830	641	if (!err) {
831		if (in_credentials_union->version == cc_credentials_v4) {
832		cc_credentials_v4_compat *compat_v4creds = NULL;
833
834		compat_v4creds = malloc (sizeof (*compat_v4creds));
835		if (!compat_v4creds) { err = cci_check_error (ccErrNoMem); }
836
837		if (!err) {
838		cc_credentials_v4_t *v4creds = in_credentials_union->credentials.credentials_v4;
839
840		compat_cred_union->cred_type = CC_CRED_V4;
841		compat_cred_union->cred.pV4Cred = compat_v4creds;
842
843		compat_v4creds->kversion = v4creds->version;
844		strncpy (compat_v4creds->principal, v4creds->principal, KRB_NAME_SZ+1);
845		strncpy (compat_v4creds->principal_instance, v4creds->principal_instance, KRB_INSTANCE_SZ+1);
846		strncpy (compat_v4creds->service, v4creds->service, KRB_NAME_SZ+1);
847		strncpy (compat_v4creds->service_instance, v4creds->service_instance, KRB_INSTANCE_SZ+1);
848		strncpy (compat_v4creds->realm, v4creds->realm, KRB_REALM_SZ+1);
849		memcpy (compat_v4creds->session_key, v4creds->session_key, 8);
850		compat_v4creds->kvno = v4creds->kvno;
851		compat_v4creds->str_to_key = v4creds->string_to_key_type;
852		compat_v4creds->issue_date = v4creds->issue_date;
853		compat_v4creds->lifetime = v4creds->lifetime;
854		compat_v4creds->address = v4creds->address;
855		compat_v4creds->ticket_sz = v4creds->ticket_size;
856		memcpy (compat_v4creds->ticket, v4creds->ticket, MAX_V4_CRED_LEN);
857		compat_v4creds->oops = 0;
858		}
859
860		} else if (in_credentials_union->version == cc_credentials_v5) {
	642	if (in_credentials_union->version == cc_credentials_v5) {
861	643	cc_credentials_v5_t *v5creds = in_credentials_union->credentials.credentials_v5;
862	644	cc_credentials_v5_compat *compat_v5creds = NULL;
863	645

950	732	}
951	733
952	734	if (!err) {
953		if (in_cred_union->cred_type == CC_CRED_V4) {
954		cc_credentials_v4_compat *compat_v4creds = in_cred_union->cred.pV4Cred;
955		cc_credentials_v4_t *v4creds = NULL;
956
957		if (!err) {
958		v4creds = malloc (sizeof (*v4creds));
959		if (!v4creds) { err = cci_check_error (ccErrNoMem); }
960		}
961
962		if (!err) {
963		creds_union->version = cc_credentials_v4;
964		creds_union->credentials.credentials_v4 = v4creds;
965
966		v4creds->version = compat_v4creds->kversion;
967		strncpy (v4creds->principal, compat_v4creds->principal, KRB_NAME_SZ);
968		strncpy (v4creds->principal_instance, compat_v4creds->principal_instance, KRB_INSTANCE_SZ);
969		strncpy (v4creds->service, compat_v4creds->service, KRB_NAME_SZ);
970		strncpy (v4creds->service_instance, compat_v4creds->service_instance, KRB_INSTANCE_SZ);
971		strncpy (v4creds->realm, compat_v4creds->realm, KRB_REALM_SZ);
972		memcpy (v4creds->session_key, compat_v4creds->session_key, 8);
973		v4creds->kvno = compat_v4creds->kvno;
974		v4creds->string_to_key_type = compat_v4creds->str_to_key;
975		v4creds->issue_date = compat_v4creds->issue_date;
976		v4creds->lifetime = compat_v4creds->lifetime;
977		v4creds->address = compat_v4creds->address;
978		v4creds->ticket_size = compat_v4creds->ticket_sz;
979		memcpy (v4creds->ticket, compat_v4creds->ticket, MAX_V4_CRED_LEN);
980		}
981
982		} else if (in_cred_union->cred_type == CC_CRED_V5) {
	735	if (in_cred_union->cred_type == CC_CRED_V5) {
983	736	cc_credentials_v5_compat *compat_v5creds = in_cred_union->cred.pV5Cred;
984	737	cc_credentials_v5_t *v5creds = NULL;
985	738

1071	824	if (!out_equal ) { err = cci_check_error (ccErrBadParam); }
1072	825
1073	826	if (!err) {
1074		if (in_cred_union_compat->cred_type == CC_CRED_V4 &&
1075		in_credentials_union->version == cc_credentials_v4) {
1076		cc_credentials_v4_compat *old_creds_v4 = in_cred_union_compat->cred.pV4Cred;
1077		cc_credentials_v4_t *new_creds_v4 = in_credentials_union->credentials.credentials_v4;
1078
1079		if (old_creds_v4 && new_creds_v4 &&
1080		!strcmp (old_creds_v4->principal,
1081		new_creds_v4->principal) &&
1082		!strcmp (old_creds_v4->principal_instance,
1083		new_creds_v4->principal_instance) &&
1084		!strcmp (old_creds_v4->service,
1085		new_creds_v4->service) &&
1086		!strcmp (old_creds_v4->service_instance,
1087		new_creds_v4->service_instance) &&
1088		!strcmp (old_creds_v4->realm, new_creds_v4->realm) &&
1089		(old_creds_v4->issue_date == (long) new_creds_v4->issue_date)) {
1090		equal = 1;
1091		}
1092
1093		} else if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
	827	if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
1094	828	in_credentials_union->version == cc_credentials_v5) {
1095	829	cc_credentials_v5_compat *old_creds_v5 = in_cred_union_compat->cred.pV5Cred;
1096	830	cc_credentials_v5_t *new_creds_v5 = in_credentials_union->credentials.credentials_v5;

+0

-35

~~src/ccapi/common/mac/cci_os_debugging.c~~ less more

0		/* ccapi/common/mac/cci_os_debugging.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25
26		#include "cci_os_debugging.h"
27		#include <Kerberos/KerberosDebug.h>
28
29		/* ------------------------------------------------------------------------ */
30
31		void cci_os_debug_vprintf (const char *in_format, va_list in_args)
32		{
33		dvprintf (in_format, in_args);
34		}

+0

-78

~~src/ccapi/common/mac/cci_os_identifier.c~~ less more

0		/* ccapi/common/mac/cci_os_identifier.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "cci_common.h"
26		#include "cci_os_identifier.h"
27
28		#include <CoreFoundation/CoreFoundation.h>
29
30		/* ------------------------------------------------------------------------ */
31
32		cc_int32 cci_os_identifier_new_uuid (cci_uuid_string_t *out_uuid_string)
33		{
34		cc_int32 err = ccNoError;
35		cci_uuid_string_t uuid_string = NULL;
36		CFUUIDRef uuid = NULL;
37		CFStringRef uuid_stringref = NULL;
38		CFStringEncoding encoding = kCFStringEncodingUTF8;
39		CFIndex length = 0;
40
41		if (!out_uuid_string) { err = cci_check_error (ccErrBadParam); }
42
43		if (!err) {
44		uuid = CFUUIDCreate (kCFAllocatorDefault);
45		if (!uuid) { err = cci_check_error (ccErrNoMem); }
46		}
47
48		if (!err) {
49		uuid_stringref = CFUUIDCreateString (kCFAllocatorDefault, uuid);
50		if (!uuid_stringref) { err = cci_check_error (ccErrNoMem); }
51		}
52
53		if (!err) {
54		length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (uuid_stringref),
55		encoding) + 1;
56
57		uuid_string = malloc (length);
58		if (!uuid_string) { err = cci_check_error (ccErrNoMem); }
59		}
60
61		if (!err) {
62		if (!CFStringGetCString (uuid_stringref, uuid_string, length, encoding)) {
63		err = cci_check_error (ccErrNoMem);
64		}
65		}
66
67		if (!err) {
68		*out_uuid_string = uuid_string;
69		uuid_string = NULL; /* take ownership */
70		}
71
72		if (uuid_string ) { free (uuid_string); }
73		if (uuid_stringref) { CFRelease (uuid_stringref); }
74		if (uuid ) { CFRelease (uuid); }
75
76		return cci_check_error (err);
77		}

+7

-7

src/ccapi/doc/CCAPI-Windows-Design.html less more

0	0	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1		<html xmlns="http://www.w3.org/1999/xhtml">
	1	<html xmlns="https://www.w3.org/1999/xhtml">
2	2	<head>
3	3	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
4	4	<title>Windows CCAPI RPC design</title>

39	39	<p>The server and each client create an RPC endpoint. The server's endpoint is CCS_<LSID> and the client's endpoint is CCAPI_<UUID>, where each client geta a UUID. </p>
40	40	<p>On Windows, the server's ccs_pipe_t type is a char* and is set to the client UUID.</p>
41	41	<h3>How is the request handled in the server and the reply sent to the client? </h3>
42		<p>One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls <span class="style3">ccs_server_handle_request</span>. Eventually, the server code calls <span class="style3">ccs_os_server_send_reply, </span>which saves the reply somewhere. When the server eventually returns to the request handler, the handler returns the saved reply to the client.</p>
43		<p>But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and <em>not </em>send a reply to B. So this method will not work. </p>
	42	<p>One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls <span class="style3">ccs_server_handle_request</span>. Eventually, the server code calls <span class="style3">ccs_os_server_send_reply,</span> which saves the reply somewhere. When the server eventually returns to the request handler, the handler returns the saved reply to the client.</p>
	43	<p>But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and <em>not</em> send a reply to B. So this method will not work. </p>
44	44	<p>Instead, there are listener and worker threads in Windows-specific code. </p>
45		<p>The client's <span class="style3">cci_os_ipc </span>function waits for <span class="style3">ccs_reply</span>. The client sends the request, including <em>it's UUID, </em>from which the server can construct the endpoint on which to call <span class="style3">ccs_reply</span>. </p>
	45	<p>The client's <span class="style3">cci_os_ipc </span>function waits for <span class="style3">ccs_reply</span>. The client sends the request, including <em>its UUID,</em> from which the server can construct the endpoint on which to call <span class="style3">ccs_reply</span>. </p>
46	46	<p>The server's listener thread listens for RPC requests. The request handler puts each request/<em>reply</em> endpoint in a queue and returns to the client.</p>
47		<p>The server's worker thread removes items from the queue, calls <span class="style3">ccs_server_handle_request</span>. <span class="style3">ccs_server_handle_request</span> takes both the request data and the client UUID . Eventually <span class="style3">ccs_os_server_send_reply</span> is called, with the reply data and client UUID in the reply_pipe. <span class="style3">ccs_os_server_send_reply</span> calls <span class="style3">ccs_reply </span>on the client's endpoint, which sends the reply to the client. </p>
	47	<p>The server's worker thread removes items from the queue, calls <span class="style3">ccs_server_handle_request</span>. <span class="style3">ccs_server_handle_request</span> takes both the request data and the client UUID . Eventually <span class="style3">ccs_os_server_send_reply</span> is called, with the reply data and client UUID in the reply_pipe. <span class="style3">ccs_os_server_send_reply</span> calls <span class="style3">ccs_reply</span> on the client's endpoint, which sends the reply to the client. </p>
48	48	<p>Is there any security issue with the client listening for RPC calls from the server?</p>
49	49	<h3>Connections</h3>
50	50	<p>If the client wants state to be maintained on the server, the client creates a connection. When the connection is closed, the server cleans up any state associated with the connection. </p>

52	52	<h3>Detecting client exit</h3>
53	53	<p>The server must be able to detect when clients disappear, so the server can free any resources that had been held for the client. </p>
54	54	<p>The Windows RPC API does not appear to provide a notification for an endpoint disappearing. It does provide a way to ask if an endpoint is listening. This is useful for polling, but we want a better performing solution than that. </p>
55		<p>The client has an <em>isAlive </em>function on its endpoint. </p>
56		<p>To detect the client disappearing without using polling, the server makes an asynchronous call to the <em>isAlive </em>function on the client's endpoint. The <em>isAlive </em>function never returns. When the client exits for any reason, it's <em></em>endpoint will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used. </p>
	55	<p>The client has an <em>isAlive</em> function on its endpoint. </p>
	56	<p>To detect the client disappearing without using polling, the server makes an asynchronous call to the <em>isAlive</em> function on the client's endpoint. The <em>isAlive</em> function never returns. When the client exits for any reason, its <em>endpoint</em> will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used. </p>
57	57	<p>Windows provides a number of notification methods to signal I/O completion. Among them are I/O completion ports and callback functions. I chose callback functions because they appear to consume fewer resources. </p>
58	58	<h3>RPC Endpoint / Function summary</h3>
59	59	<ul>

+3

-31

src/ccapi/lib/ccapi_v2.c less more

43	43	if (!out_v3_version) { err = cci_check_error (ccErrBadParam); }
44	44
45	45	if (!err) {
46		if (in_v2_version == CC_CRED_V4) {
47		*out_v3_version = cc_credentials_v4;
48
49		} else if (in_v2_version == CC_CRED_V5) {
	46	if (in_v2_version == CC_CRED_V5) {
50	47	*out_v3_version = cc_credentials_v5;
51	48
52	49	} else {

449	446	}
450	447
451	448	if (!err) {
452		if (compat_version == cc_credentials_v4) {
453		*out_version = CC_CRED_V4;
454
455		} else if (compat_version == cc_credentials_v5) {
	449	if (compat_version == cc_credentials_v5) {
456	450	*out_version = CC_CRED_V5;
457	451
458	452	} else {

641	635	if (!out_ccache ) { err = cci_check_error (ccErrBadParam); }
642	636	if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
643	637
644		/* CCache iterators need to return some ccaches twice (when v3 ccache has
645		* two kinds of credentials). To do that, we return such ccaches twice
646		* v4 first, then v5. */
647
648	638	if (!err) {
649	639	err = cci_ccache_iterator_get_saved_ccache_name (iterator,
650	640	&saved_ccache_name);

673	663	}
674	664
675	665	if (!err) {
676		if (version == cc_credentials_v4_v5) {
677		cc_string_t name = NULL;
678
679		err = cci_ccache_set_compat_version (ccache, cc_credentials_v4);
680
681		if (!err) {
682		err = ccapi_ccache_get_name (ccache, &name);
683		}
684
685		if (!err) {
686		err = cci_ccache_iterator_set_saved_ccache_name (iterator,
687		name->data);
688		}
689
690		if (name) { ccapi_string_release (name); }
691
692		} else {
693		err = cci_ccache_set_compat_version (ccache, version);
694		}
	666	err = cci_ccache_set_compat_version (ccache, version);
695	667	}
696	668	}
697	669	}

+0

-50

~~src/ccapi/lib/mac/ccapi_os_ipc.c~~ less more

0		/* ccapi/lib/mac/ccapi_os_ipc.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "ccapi_os_ipc.h"
26
27		#include "k5_mig_client.h"
28
29		#define cci_server_bundle_id "edu.mit.Kerberos.CCacheServer"
30
31		/* ------------------------------------------------------------------------ */
32
33		cc_int32 cci_os_ipc_thread_init (void)
34		{
35		/* k5_ipc_send_request handles all thread data for us */
36		return 0;
37		}
38
39		/* ------------------------------------------------------------------------ */
40
41		cc_int32 cci_os_ipc (cc_int32 in_launch_server,
42		k5_ipc_stream in_request_stream,
43		k5_ipc_stream *out_reply_stream)
44		{
45		return cci_check_error (k5_ipc_send_request (cci_server_bundle_id,
46		in_launch_server,
47		in_request_stream,
48		out_reply_stream));
49		}

+0

-838

~~src/ccapi/lib/mac/ccapi_vector.c~~ less more

0		/* ccapi/lib/mac/ccapi_vector.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "ccapi_vector.h"
26
27		#include "ccapi_context.h"
28		#include "ccapi_string.h"
29		#include "ccapi_ccache.h"
30		#include "ccapi_credentials.h"
31		#include "ccapi_ccache_iterator.h"
32		#include "ccapi_credentials_iterator.h"
33
34		/* ------------------------------------------------------------------------ */
35
36		static void cci_swap_string_functions (cc_string_t io_string)
37		{
38		cc_string_f temp = *(io_string->functions);
39		((cc_string_f )io_string->functions) = *(io_string->vector_functions);
40		((cc_string_f )io_string->vector_functions) = temp;
41		}
42
43		/* ------------------------------------------------------------------------ */
44
45		static void cci_swap_context_functions (cc_context_t io_context)
46		{
47		cc_context_f temp = *(io_context->functions);
48		((cc_context_f )io_context->functions) = *(io_context->vector_functions);
49		((cc_context_f )io_context->vector_functions) = temp;
50		}
51
52		/* ------------------------------------------------------------------------ */
53
54		static void cci_swap_ccache_functions (cc_ccache_t io_ccache)
55		{
56		cc_ccache_f temp = *(io_ccache->functions);
57		((cc_ccache_f )io_ccache->functions) = *(io_ccache->vector_functions);
58		((cc_ccache_f )io_ccache->vector_functions) = temp;
59		}
60
61		/* ------------------------------------------------------------------------ */
62
63		static void cci_swap_credentials_functions (cc_credentials_t io_credentials)
64		{
65		cc_credentials_f temp = *(io_credentials->functions);
66		((cc_credentials_f )io_credentials->functions) = *(io_credentials->otherFunctions);
67		((cc_credentials_f )io_credentials->otherFunctions) = temp;
68		}
69
70		/* ------------------------------------------------------------------------ */
71
72		static void cci_swap_ccache_iterator_functions (cc_ccache_iterator_t io_ccache_iterator)
73		{
74		cc_ccache_iterator_f temp = *(io_ccache_iterator->functions);
75		((cc_ccache_iterator_f )io_ccache_iterator->functions) = *(io_ccache_iterator->vector_functions);
76		((cc_ccache_iterator_f )io_ccache_iterator->vector_functions) = temp;
77		}
78
79		/* ------------------------------------------------------------------------ */
80
81		static void cci_swap_credentials_iterator_functions (cc_credentials_iterator_t io_credentials_iterator)
82		{
83		cc_credentials_iterator_f temp = *(io_credentials_iterator->functions);
84		((cc_credentials_iterator_f )io_credentials_iterator->functions) = *(io_credentials_iterator->vector_functions);
85		((cc_credentials_iterator_f )io_credentials_iterator->vector_functions) = temp;
86		}
87
88		#pragma mark -
89
90		/* ------------------------------------------------------------------------ */
91
92		cc_int32 __cc_initialize_vector (cc_context_t *out_context,
93		cc_int32 in_version,
94		cc_int32 *out_supported_version,
95		char const **out_vendor)
96		{
97		return cc_initialize (out_context, in_version, out_supported_version, out_vendor);
98		}
99
100		#pragma mark -
101
102		/* ------------------------------------------------------------------------ */
103
104		cc_int32 __cc_string_release_vector (cc_string_t in_string)
105		{
106		cci_swap_string_functions (in_string);
107		return ccapi_string_release (in_string);
108		}
109
110		#pragma mark -
111
112		/* ------------------------------------------------------------------------ */
113
114		cc_int32 __cc_context_release_vector (cc_context_t io_context)
115		{
116		cci_swap_context_functions (io_context);
117		return ccapi_context_release (io_context);
118		}
119
120		/* ------------------------------------------------------------------------ */
121
122		cc_int32 __cc_context_get_change_time_vector (cc_context_t in_context,
123		cc_time_t *out_change_time)
124		{
125		cc_int32 err = ccNoError;
126		cci_swap_context_functions (in_context);
127		err = ccapi_context_get_change_time (in_context, out_change_time);
128		cci_swap_context_functions (in_context);
129		return err;
130		}
131
132		/* ------------------------------------------------------------------------ */
133
134		cc_int32 __cc_context_get_default_ccache_name_vector (cc_context_t in_context,
135		cc_string_t *out_name)
136		{
137		cc_int32 err = ccNoError;
138		cci_swap_context_functions (in_context);
139		err = ccapi_context_get_default_ccache_name (in_context, out_name);
140		cci_swap_context_functions (in_context);
141		return err;
142		}
143
144		/* ------------------------------------------------------------------------ */
145
146		cc_int32 __cc_context_open_ccache_vector (cc_context_t in_context,
147		const char *in_name,
148		cc_ccache_t *out_ccache)
149		{
150		cc_int32 err = ccNoError;
151		cci_swap_context_functions (in_context);
152		err = ccapi_context_open_ccache (in_context, in_name, out_ccache);
153		cci_swap_context_functions (in_context);
154		return err;
155		}
156
157		/* ------------------------------------------------------------------------ */
158
159		cc_int32 __cc_context_open_default_ccache_vector (cc_context_t in_context,
160		cc_ccache_t *out_ccache)
161		{
162		cc_int32 err = ccNoError;
163		cci_swap_context_functions (in_context);
164		err = ccapi_context_open_default_ccache (in_context, out_ccache);
165		cci_swap_context_functions (in_context);
166		return err;
167		}
168
169		/* ------------------------------------------------------------------------ */
170
171		cc_int32 __cc_context_create_ccache_vector (cc_context_t in_context,
172		const char *in_name,
173		cc_uint32 in_cred_vers,
174		const char *in_principal,
175		cc_ccache_t *out_ccache)
176		{
177		cc_int32 err = ccNoError;
178		cci_swap_context_functions (in_context);
179		err = ccapi_context_create_ccache (in_context, in_name, in_cred_vers, in_principal, out_ccache);
180		cci_swap_context_functions (in_context);
181		return err;
182		}
183
184
185		/* ------------------------------------------------------------------------ */
186
187		cc_int32 __cc_context_create_default_ccache_vector (cc_context_t in_context,
188		cc_uint32 in_cred_vers,
189		const char *in_principal,
190		cc_ccache_t *out_ccache)
191		{
192		cc_int32 err = ccNoError;
193		cci_swap_context_functions (in_context);
194		err = ccapi_context_create_default_ccache (in_context, in_cred_vers, in_principal, out_ccache);
195		cci_swap_context_functions (in_context);
196		return err;
197		}
198
199		/* ------------------------------------------------------------------------ */
200
201		cc_int32 __cc_context_create_new_ccache_vector (cc_context_t in_context,
202		cc_uint32 in_cred_vers,
203		const char *in_principal,
204		cc_ccache_t *out_ccache)
205		{
206		cc_int32 err = ccNoError;
207		cci_swap_context_functions (in_context);
208		err = ccapi_context_create_new_ccache (in_context, in_cred_vers, in_principal, out_ccache);
209		cci_swap_context_functions (in_context);
210		return err;
211		}
212
213		/* ------------------------------------------------------------------------ */
214
215		cc_int32 __cc_context_new_ccache_iterator_vector (cc_context_t in_context,
216		cc_ccache_iterator_t *out_iterator)
217		{
218		cc_int32 err = ccNoError;
219		cci_swap_context_functions (in_context);
220		err = ccapi_context_new_ccache_iterator (in_context, out_iterator);
221		cci_swap_context_functions (in_context);
222		return err;
223		}
224
225		/* ------------------------------------------------------------------------ */
226
227		cc_int32 __cc_context_lock_vector (cc_context_t in_context,
228		cc_uint32 in_lock_type,
229		cc_uint32 in_block)
230		{
231		cc_int32 err = ccNoError;
232		cci_swap_context_functions (in_context);
233		err = ccapi_context_lock (in_context, in_lock_type, in_block);
234		cci_swap_context_functions (in_context);
235		return err;
236		}
237
238		/* ------------------------------------------------------------------------ */
239
240		cc_int32 __cc_context_unlock_vector (cc_context_t in_context)
241		{
242		cc_int32 err = ccNoError;
243		cci_swap_context_functions (in_context);
244		err = ccapi_context_unlock (in_context);
245		cci_swap_context_functions (in_context);
246		return err;
247		}
248
249		/* ------------------------------------------------------------------------ */
250
251		cc_int32 __cc_context_compare_vector (cc_context_t in_context,
252		cc_context_t in_compare_to_context,
253		cc_uint32 *out_equal)
254		{
255		cc_int32 err = ccNoError;
256		cci_swap_context_functions (in_context);
257		err = ccapi_context_compare (in_context, in_compare_to_context, out_equal);
258		cci_swap_context_functions (in_context);
259		return err;
260		}
261
262		#pragma mark -
263
264		/* ------------------------------------------------------------------------ */
265
266		cc_int32 __cc_ccache_release_vector (cc_ccache_t io_ccache)
267		{
268		cci_swap_ccache_functions (io_ccache);
269		return ccapi_ccache_release (io_ccache);
270		}
271
272		/* ------------------------------------------------------------------------ */
273
274		cc_int32 __cc_ccache_destroy_vector (cc_ccache_t io_ccache)
275		{
276		cci_swap_ccache_functions (io_ccache);
277		return ccapi_ccache_destroy (io_ccache);
278		}
279
280		/* ------------------------------------------------------------------------ */
281
282		cc_int32 __cc_ccache_set_default_vector (cc_ccache_t io_ccache)
283		{
284		cc_int32 err = ccNoError;
285		cci_swap_ccache_functions (io_ccache);
286		err = ccapi_ccache_set_default (io_ccache);
287		cci_swap_ccache_functions (io_ccache);
288		return err;
289		}
290
291		/* ------------------------------------------------------------------------ */
292
293		cc_uint32 __cc_ccache_get_credentials_version_vector (cc_ccache_t in_ccache,
294		cc_uint32 *out_credentials_version)
295		{
296		cc_int32 err = ccNoError;
297		cci_swap_ccache_functions (in_ccache);
298		err = ccapi_ccache_get_credentials_version (in_ccache, out_credentials_version);
299		cci_swap_ccache_functions (in_ccache);
300		return err;
301		}
302
303		/* ------------------------------------------------------------------------ */
304
305		cc_int32 __cc_ccache_get_name_vector (cc_ccache_t in_ccache,
306		cc_string_t *out_name)
307		{
308		cc_int32 err = ccNoError;
309		cci_swap_ccache_functions (in_ccache);
310		err = ccapi_ccache_get_name (in_ccache, out_name);
311		cci_swap_ccache_functions (in_ccache);
312		return err;
313		}
314
315		/* ------------------------------------------------------------------------ */
316
317		cc_int32 __cc_ccache_get_principal_vector (cc_ccache_t in_ccache,
318		cc_uint32 in_credentials_version,
319		cc_string_t *out_principal)
320		{
321		cc_int32 err = ccNoError;
322		cci_swap_ccache_functions (in_ccache);
323		err = ccapi_ccache_get_principal (in_ccache, in_credentials_version, out_principal);
324		cci_swap_ccache_functions (in_ccache);
325		return err;
326		}
327
328		/* ------------------------------------------------------------------------ */
329
330		cc_int32 __cc_ccache_set_principal_vector (cc_ccache_t io_ccache,
331		cc_uint32 in_credentials_version,
332		const char *in_principal)
333		{
334		cc_int32 err = ccNoError;
335		cci_swap_ccache_functions (io_ccache);
336		err = ccapi_ccache_set_principal (io_ccache, in_credentials_version, in_principal);
337		cci_swap_ccache_functions (io_ccache);
338		return err;
339		}
340
341		/* ------------------------------------------------------------------------ */
342
343		cc_int32 __cc_ccache_store_credentials_vector (cc_ccache_t io_ccache,
344		const cc_credentials_union *in_credentials_union)
345		{
346		cc_int32 err = ccNoError;
347		cci_swap_ccache_functions (io_ccache);
348		err = ccapi_ccache_store_credentials (io_ccache, in_credentials_union);
349		cci_swap_ccache_functions (io_ccache);
350		return err;
351		}
352
353		/* ------------------------------------------------------------------------ */
354
355		cc_int32 __cc_ccache_remove_credentials_vector (cc_ccache_t io_ccache,
356		cc_credentials_t in_credentials)
357		{
358		cc_int32 err = ccNoError;
359		cci_swap_ccache_functions (io_ccache);
360		cci_swap_credentials_functions (in_credentials);
361		err = ccapi_ccache_remove_credentials (io_ccache, in_credentials);
362		cci_swap_ccache_functions (io_ccache);
363		cci_swap_credentials_functions (in_credentials);
364		return err;
365		}
366
367		/* ------------------------------------------------------------------------ */
368
369		cc_int32 __cc_ccache_new_credentials_iterator_vector (cc_ccache_t in_ccache,
370		cc_credentials_iterator_t *out_credentials_iterator)
371		{
372		cc_int32 err = ccNoError;
373		cci_swap_ccache_functions (in_ccache);
374		err = ccapi_ccache_new_credentials_iterator (in_ccache, out_credentials_iterator);
375		cci_swap_ccache_functions (in_ccache);
376		return err;
377		}
378
379		/* ------------------------------------------------------------------------ */
380
381		cc_int32 __cc_ccache_move_vector (cc_ccache_t io_source_ccache,
382		cc_ccache_t io_destination_ccache)
383		{
384		cc_int32 err = ccNoError;
385		cci_swap_ccache_functions (io_source_ccache);
386		cci_swap_ccache_functions (io_destination_ccache);
387		err = ccapi_ccache_move (io_source_ccache, io_destination_ccache);
388		cci_swap_ccache_functions (io_source_ccache);
389		cci_swap_ccache_functions (io_destination_ccache);
390		return err;
391		}
392
393		/* ------------------------------------------------------------------------ */
394
395		cc_int32 __cc_ccache_lock_vector (cc_ccache_t io_ccache,
396		cc_uint32 in_lock_type,
397		cc_uint32 in_block)
398		{
399		cc_int32 err = ccNoError;
400		cci_swap_ccache_functions (io_ccache);
401		err = ccapi_ccache_lock (io_ccache, in_lock_type, in_block);
402		cci_swap_ccache_functions (io_ccache);
403		return err;
404		}
405
406		/* ------------------------------------------------------------------------ */
407
408		cc_int32 __cc_ccache_unlock_vector (cc_ccache_t io_ccache)
409		{
410		cc_int32 err = ccNoError;
411		cci_swap_ccache_functions (io_ccache);
412		err = ccapi_ccache_unlock (io_ccache);
413		cci_swap_ccache_functions (io_ccache);
414		return err;
415		}
416
417		/* ------------------------------------------------------------------------ */
418
419		cc_int32 __cc_ccache_get_last_default_time_vector (cc_ccache_t in_ccache,
420		cc_time_t *out_last_default_time)
421		{
422		cc_int32 err = ccNoError;
423		cci_swap_ccache_functions (in_ccache);
424		err = ccapi_ccache_get_last_default_time (in_ccache, out_last_default_time);
425		cci_swap_ccache_functions (in_ccache);
426		return err;
427		}
428
429		/* ------------------------------------------------------------------------ */
430
431		cc_int32 __cc_ccache_get_change_time_vector (cc_ccache_t in_ccache,
432		cc_time_t *out_change_time)
433		{
434		cc_int32 err = ccNoError;
435		cci_swap_ccache_functions (in_ccache);
436		err = ccapi_ccache_get_change_time (in_ccache, out_change_time);
437		cci_swap_ccache_functions (in_ccache);
438		return err;
439		}
440
441		/* ------------------------------------------------------------------------ */
442
443		cc_int32 __cc_ccache_compare_vector (cc_ccache_t in_ccache,
444		cc_ccache_t in_compare_to_ccache,
445		cc_uint32 *out_equal)
446		{
447		cc_int32 err = ccNoError;
448		cci_swap_ccache_functions (in_ccache);
449		cci_swap_ccache_functions (in_compare_to_ccache);
450		err = ccapi_ccache_compare (in_ccache, in_compare_to_ccache, out_equal);
451		cci_swap_ccache_functions (in_ccache);
452		cci_swap_ccache_functions (in_compare_to_ccache);
453		return err;
454		}
455
456		#pragma mark -
457
458		/* ------------------------------------------------------------------------ */
459
460		cc_int32 __cc_credentials_release_vector (cc_credentials_t io_credentials)
461		{
462		cci_swap_credentials_functions (io_credentials);
463		return ccapi_credentials_release (io_credentials);
464		}
465
466		/* ------------------------------------------------------------------------ */
467
468		cc_int32 __cc_credentials_compare_vector (cc_credentials_t in_credentials,
469		cc_credentials_t in_compare_to_credentials,
470		cc_uint32 *out_equal)
471		{
472		cc_int32 err = ccNoError;
473		cci_swap_credentials_functions (in_credentials);
474		cci_swap_credentials_functions (in_compare_to_credentials);
475		err = ccapi_credentials_compare (in_credentials, in_compare_to_credentials, out_equal);
476		cci_swap_credentials_functions (in_credentials);
477		cci_swap_credentials_functions (in_compare_to_credentials);
478		return err;
479		}
480
481		#pragma mark -
482
483		/* ------------------------------------------------------------------------ */
484
485		cc_int32 __cc_ccache_iterator_release_vector (cc_ccache_iterator_t io_ccache_iterator)
486		{
487		cci_swap_ccache_iterator_functions (io_ccache_iterator);
488		return ccapi_ccache_iterator_release (io_ccache_iterator);
489		}
490
491		/* ------------------------------------------------------------------------ */
492
493		cc_int32 __cc_ccache_iterator_next_vector (cc_ccache_iterator_t in_ccache_iterator,
494		cc_ccache_t *out_ccache)
495		{
496		cc_int32 err = ccNoError;
497		cci_swap_ccache_iterator_functions (in_ccache_iterator);
498		err = ccapi_ccache_iterator_next (in_ccache_iterator, out_ccache);
499		cci_swap_ccache_iterator_functions (in_ccache_iterator);
500		return err;
501		}
502
503		#pragma mark -
504
505		/* ------------------------------------------------------------------------ */
506
507		cc_int32 __cc_credentials_iterator_release_vector (cc_credentials_iterator_t io_credentials_iterator)
508		{
509		cci_swap_credentials_iterator_functions (io_credentials_iterator);
510		return ccapi_credentials_iterator_release (io_credentials_iterator);
511		}
512
513		/* ------------------------------------------------------------------------ */
514
515		cc_int32 __cc_credentials_iterator_next_vector (cc_credentials_iterator_t in_credentials_iterator,
516		cc_credentials_t *out_credentials)
517		{
518		cc_int32 err = ccNoError;
519		cci_swap_credentials_iterator_functions (in_credentials_iterator);
520		err = ccapi_credentials_iterator_next (in_credentials_iterator, out_credentials);
521		cci_swap_credentials_iterator_functions (in_credentials_iterator);
522		return err;
523		}
524
525		#pragma mark -
526
527		/* ------------------------------------------------------------------------ */
528
529		cc_int32 __cc_shutdown_vector (apiCB **io_context)
530		{
531		cci_swap_context_functions (*io_context);
532		return cc_shutdown (io_context);
533		}
534
535		/* ------------------------------------------------------------------------ */
536
537		cc_int32 __cc_get_NC_info_vector (apiCB *in_context,
538		infoNC ***out_info)
539		{
540		cc_int32 err = ccNoError;
541		cci_swap_context_functions (in_context);
542		err = cc_get_NC_info (in_context, out_info);
543		cci_swap_context_functions (in_context);
544		return err;
545		}
546
547		/* ------------------------------------------------------------------------ */
548
549		cc_int32 __cc_get_change_time_vector (apiCB *in_context,
550		cc_time_t *out_change_time)
551		{
552		cc_int32 err = ccNoError;
553		cci_swap_context_functions (in_context);
554		err = cc_get_change_time (in_context, out_change_time);
555		cci_swap_context_functions (in_context);
556		return err;
557		}
558
559		/* ------------------------------------------------------------------------ */
560
561		cc_int32 __cc_open_vector (apiCB *in_context,
562		const char *in_name,
563		cc_int32 in_version,
564		cc_uint32 in_flags,
565		ccache_p **out_ccache)
566		{
567		cc_int32 err = ccNoError;
568		cci_swap_context_functions (in_context);
569		err = cc_open (in_context, in_name, in_version, in_flags, out_ccache);
570		cci_swap_context_functions (in_context);
571		return err;
572		}
573
574		/* ------------------------------------------------------------------------ */
575
576		cc_int32 __cc_create_vector (apiCB *in_context,
577		const char *in_name,
578		const char *in_principal,
579		cc_int32 in_version,
580		cc_uint32 in_flags,
581		ccache_p **out_ccache)
582		{
583		cc_int32 err = ccNoError;
584		cci_swap_context_functions (in_context);
585		err = cc_create (in_context, in_name, in_principal, in_version, in_flags, out_ccache);
586		cci_swap_context_functions (in_context);
587		return err;
588		}
589
590		/* ------------------------------------------------------------------------ */
591
592		cc_int32 __cc_close_vector (apiCB *in_context,
593		ccache_p **io_ccache)
594		{
595		cc_int32 err = ccNoError;
596		cci_swap_context_functions (in_context);
597		cci_swap_ccache_functions (*io_ccache);
598		err = cc_close (in_context, io_ccache);
599		cci_swap_context_functions (in_context);
600		return err;
601		}
602
603		/* ------------------------------------------------------------------------ */
604
605		cc_int32 __cc_destroy_vector (apiCB *in_context,
606		ccache_p **io_ccache)
607		{
608		cc_int32 err = ccNoError;
609		cci_swap_context_functions (in_context);
610		cci_swap_ccache_functions (*io_ccache);
611		err = cc_destroy (in_context, io_ccache);
612		cci_swap_context_functions (in_context);
613		return err;
614		}
615
616		/* ------------------------------------------------------------------------ */
617
618		cc_int32 __cc_seq_fetch_NCs_begin_vector (apiCB *in_context,
619		ccache_cit **out_iterator)
620		{
621		cc_int32 err = ccNoError;
622		cci_swap_context_functions (in_context);
623		err = cc_seq_fetch_NCs_begin (in_context, out_iterator);
624		cci_swap_context_functions (in_context);
625		return err;
626		}
627
628
629		/* ------------------------------------------------------------------------ */
630
631		cc_int32 __cc_seq_fetch_NCs_next_vector (apiCB *in_context,
632		ccache_p **out_ccache,
633		ccache_cit *in_iterator)
634		{
635		cc_int32 err = ccNoError;
636		cci_swap_context_functions (in_context);
637		cci_swap_ccache_iterator_functions ((ccache_cit_ccache *)in_iterator);
638		err = cc_seq_fetch_NCs_next (in_context, out_ccache, in_iterator);
639		cci_swap_context_functions (in_context);
640		cci_swap_ccache_iterator_functions ((ccache_cit_ccache *)in_iterator);
641		return err;
642		}
643
644		/* ------------------------------------------------------------------------ */
645
646		cc_int32 __cc_seq_fetch_NCs_end_vector (apiCB *in_context,
647		ccache_cit **io_iterator)
648		{
649		cc_int32 err = ccNoError;
650		cci_swap_context_functions (in_context);
651		cci_swap_ccache_iterator_functions ((ccache_cit_ccache ) io_iterator);
652		err = cc_seq_fetch_NCs_end (in_context, io_iterator);
653		cci_swap_context_functions (in_context);
654		return err;
655		}
656
657		/* ------------------------------------------------------------------------ */
658
659		cc_int32 __cc_get_name_vector (apiCB *in_context,
660		ccache_p *in_ccache,
661		char **out_name)
662		{
663		cc_int32 err = ccNoError;
664		cci_swap_context_functions (in_context);
665		cci_swap_ccache_functions (in_ccache);
666		err = cc_get_name (in_context, in_ccache, out_name);
667		cci_swap_context_functions (in_context);
668		cci_swap_ccache_functions (in_ccache);
669		return err;
670		}
671
672		/* ------------------------------------------------------------------------ */
673
674		cc_int32 __cc_get_cred_version_vector (apiCB *in_context,
675		ccache_p *in_ccache,
676		cc_int32 *out_version)
677		{
678		cc_int32 err = ccNoError;
679		cci_swap_context_functions (in_context);
680		cci_swap_ccache_functions (in_ccache);
681		err = cc_get_cred_version (in_context, in_ccache, out_version);
682		cci_swap_context_functions (in_context);
683		cci_swap_ccache_functions (in_ccache);
684		return err;
685		}
686
687		/* ------------------------------------------------------------------------ */
688
689		cc_int32 __cc_set_principal_vector (apiCB *in_context,
690		ccache_p *io_ccache,
691		cc_int32 in_version,
692		char *in_principal)
693		{
694		cc_int32 err = ccNoError;
695		cci_swap_context_functions (in_context);
696		cci_swap_ccache_functions (io_ccache);
697		err = cc_set_principal (in_context, io_ccache, in_version, in_principal);
698		cci_swap_context_functions (in_context);
699		cci_swap_ccache_functions (io_ccache);
700		return err;
701		}
702
703		/* ------------------------------------------------------------------------ */
704
705		cc_int32 __cc_get_principal_vector (apiCB *in_context,
706		ccache_p *in_ccache,
707		char **out_principal)
708		{
709		cc_int32 err = ccNoError;
710		cci_swap_context_functions (in_context);
711		cci_swap_ccache_functions (in_ccache);
712		err = cc_get_principal (in_context, in_ccache, out_principal);
713		cci_swap_context_functions (in_context);
714		cci_swap_ccache_functions (in_ccache);
715		return err;
716		}
717
718		/* ------------------------------------------------------------------------ */
719
720		cc_int32 __cc_store_vector (apiCB *in_context,
721		ccache_p *io_ccache,
722		cred_union in_credentials)
723		{
724		cc_int32 err = ccNoError;
725		cci_swap_context_functions (in_context);
726		cci_swap_ccache_functions (io_ccache);
727		err = cc_store (in_context, io_ccache, in_credentials);
728		cci_swap_context_functions (in_context);
729		cci_swap_ccache_functions (io_ccache);
730		return err;
731		}
732
733		/* ------------------------------------------------------------------------ */
734
735		cc_int32 __cc_remove_cred_vector (apiCB *in_context,
736		ccache_p *in_ccache,
737		cred_union in_credentials)
738		{
739		cc_int32 err = ccNoError;
740		cci_swap_context_functions (in_context);
741		cci_swap_ccache_functions (in_ccache);
742		err = cc_remove_cred (in_context, in_ccache, in_credentials);
743		cci_swap_context_functions (in_context);
744		cci_swap_ccache_functions (in_ccache);
745		return err;
746		}
747
748		/* ------------------------------------------------------------------------ */
749
750		cc_int32 __cc_seq_fetch_creds_begin_vector (apiCB *in_context,
751		const ccache_p *in_ccache,
752		ccache_cit **out_iterator)
753		{
754		cc_int32 err = ccNoError;
755		cci_swap_context_functions (in_context);
756		cci_swap_ccache_functions ((ccache_p *)in_ccache);
757		err = cc_seq_fetch_creds_begin (in_context, in_ccache, out_iterator);
758		cci_swap_context_functions (in_context);
759		cci_swap_ccache_functions ((ccache_p *)in_ccache);
760		return err;
761		}
762
763		/* ------------------------------------------------------------------------ */
764
765		cc_int32 __cc_seq_fetch_creds_next_vector (apiCB *in_context,
766		cred_union **out_creds,
767		ccache_cit *in_iterator)
768		{
769		cc_int32 err = ccNoError;
770		cci_swap_context_functions (in_context);
771		cci_swap_credentials_iterator_functions ((ccache_cit_creds *)in_iterator);
772		err = cc_seq_fetch_creds_next (in_context, out_creds, in_iterator);
773		cci_swap_context_functions (in_context);
774		cci_swap_credentials_iterator_functions ((ccache_cit_creds *)in_iterator);
775		return err;
776		}
777
778		/* ------------------------------------------------------------------------ */
779
780		cc_int32 __cc_seq_fetch_creds_end_vector (apiCB *in_context,
781		ccache_cit **io_iterator)
782		{
783		cc_int32 err = ccNoError;
784		cci_swap_context_functions (in_context);
785		cci_swap_credentials_iterator_functions ((ccache_cit_creds ) io_iterator);
786		err = cc_seq_fetch_creds_end (in_context, io_iterator);
787		cci_swap_context_functions (in_context);
788		return err;
789		}
790
791		/* ------------------------------------------------------------------------ */
792
793		cc_int32 __cc_free_principal_vector (apiCB *in_context,
794		char **io_principal)
795		{
796		cc_int32 err = ccNoError;
797		cci_swap_context_functions (in_context);
798		err = cc_free_principal (in_context, io_principal);
799		cci_swap_context_functions (in_context);
800		return err;
801		}
802
803		/* ------------------------------------------------------------------------ */
804
805		cc_int32 __cc_free_name_vector (apiCB *in_context,
806		char **io_name)
807		{
808		cc_int32 err = ccNoError;
809		cci_swap_context_functions (in_context);
810		err = cc_free_name (in_context, io_name);
811		cci_swap_context_functions (in_context);
812		return err;
813		}
814
815		/* ------------------------------------------------------------------------ */
816
817		cc_int32 __cc_free_creds_vector (apiCB *in_context,
818		cred_union **io_credentials)
819		{
820		cc_int32 err = ccNoError;
821		cci_swap_context_functions (in_context);
822		err = cc_free_creds (in_context, io_credentials);
823		cci_swap_context_functions (in_context);
824		return err;
825		}
826
827		/* ------------------------------------------------------------------------ */
828
829		cc_int32 __cc_free_NC_info_vector (apiCB *in_context,
830		infoNC ***io_info)
831		{
832		cc_int32 err = ccNoError;
833		cci_swap_context_functions (in_context);
834		err = cc_free_NC_info (in_context, io_info);
835		cci_swap_context_functions (in_context);
836		return err;
837		}

+0

-59

~~src/ccapi/lib/mac/ccapi_vector.exports~~ less more

0		__cc_context_release_vector
1		__cc_context_get_change_time_vector
2		__cc_context_get_default_ccache_name_vector
3		__cc_context_open_ccache_vector
4		__cc_context_open_default_ccache_vector
5		__cc_context_create_ccache_vector
6		__cc_context_create_default_ccache_vector
7		__cc_context_create_new_ccache_vector
8		__cc_context_new_ccache_iterator_vector
9		__cc_context_lock_vector
10		__cc_context_unlock_vector
11		__cc_context_compare_vector
12		__cc_ccache_release_vector
13		__cc_ccache_destroy_vector
14		__cc_ccache_set_default_vector
15		__cc_ccache_get_credentials_version_vector
16		__cc_ccache_get_name_vector
17		__cc_ccache_get_principal_vector
18		__cc_ccache_set_principal_vector
19		__cc_ccache_store_credentials_vector
20		__cc_ccache_remove_credentials_vector
21		__cc_ccache_new_credentials_iterator_vector
22		__cc_ccache_move_vector
23		__cc_ccache_lock_vector
24		__cc_ccache_unlock_vector
25		__cc_ccache_get_last_default_time_vector
26		__cc_ccache_get_change_time_vector
27		__cc_ccache_compare_vector
28		__cc_string_release_vector
29		__cc_credentials_release_vector
30		__cc_credentials_compare_vector
31		__cc_ccache_iterator_release_vector
32		__cc_ccache_iterator_next_vector
33		__cc_credentials_iterator_release_vector
34		__cc_credentials_iterator_next_vector
35		__cc_initialize_vector
36		__cc_shutdown_vector
37		__cc_get_NC_info_vector
38		__cc_get_change_time_vector
39		__cc_open_vector
40		__cc_create_vector
41		__cc_close_vector
42		__cc_destroy_vector
43		__cc_seq_fetch_NCs_begin_vector
44		__cc_seq_fetch_NCs_next_vector
45		__cc_seq_fetch_NCs_end_vector
46		__cc_get_name_vector
47		__cc_get_cred_version_vector
48		__cc_set_principal_vector
49		__cc_get_principal_vector
50		__cc_store_vector
51		__cc_remove_cred_vector
52		__cc_seq_fetch_creds_begin_vector
53		__cc_seq_fetch_creds_next_vector
54		__cc_seq_fetch_creds_end_vector
55		__cc_free_principal_vector
56		__cc_free_name_vector
57		__cc_free_creds_vector
58		__cc_free_NC_info_vector

+0

-227

~~src/ccapi/lib/mac/ccapi_vector.h~~ less more

0		/* ccapi/lib/mac/ccapi_vector.h */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include <CredentialsCache2.h>
26
27
28		cc_int32 __cc_initialize_vector (cc_context_t *out_context,
29		cc_int32 in_version,
30		cc_int32 *out_supported_version,
31		char const **out_vendor);
32
33		cc_int32 __cc_string_release_vector (cc_string_t in_string);
34
35		cc_int32 __cc_context_release_vector (cc_context_t io_context);
36
37		cc_int32 __cc_context_get_change_time_vector (cc_context_t in_context,
38		cc_time_t *out_change_time);
39
40		cc_int32 __cc_context_get_default_ccache_name_vector (cc_context_t in_context,
41		cc_string_t *out_name);
42
43		cc_int32 __cc_context_open_ccache_vector (cc_context_t in_context,
44		const char *in_name,
45		cc_ccache_t *out_ccache);
46
47		cc_int32 __cc_context_open_default_ccache_vector (cc_context_t in_context,
48		cc_ccache_t *out_ccache);
49
50		cc_int32 __cc_context_create_ccache_vector (cc_context_t in_context,
51		const char *in_name,
52		cc_uint32 in_cred_vers,
53		const char *in_principal,
54		cc_ccache_t *out_ccache);
55
56		cc_int32 __cc_context_create_default_ccache_vector (cc_context_t in_context,
57		cc_uint32 in_cred_vers,
58		const char *in_principal,
59		cc_ccache_t *out_ccache);
60
61		cc_int32 __cc_context_create_new_ccache_vector (cc_context_t in_context,
62		cc_uint32 in_cred_vers,
63		const char *in_principal,
64		cc_ccache_t *out_ccache);
65
66		cc_int32 __cc_context_new_ccache_iterator_vector (cc_context_t in_context,
67		cc_ccache_iterator_t *out_iterator);
68
69		cc_int32 __cc_context_lock_vector (cc_context_t in_context,
70		cc_uint32 in_lock_type,
71		cc_uint32 in_block);
72
73		cc_int32 __cc_context_unlock_vector (cc_context_t in_context);
74
75		cc_int32 __cc_context_compare_vector (cc_context_t in_context,
76		cc_context_t in_compare_to_context,
77		cc_uint32 *out_equal);
78
79		cc_int32 __cc_ccache_release_vector (cc_ccache_t io_ccache);
80
81		cc_int32 __cc_ccache_destroy_vector (cc_ccache_t io_ccache);
82
83		cc_int32 __cc_ccache_set_default_vector (cc_ccache_t io_ccache);
84
85		cc_uint32 __cc_ccache_get_credentials_version_vector (cc_ccache_t in_ccache,
86		cc_uint32 *out_credentials_version);
87
88		cc_int32 __cc_ccache_get_name_vector (cc_ccache_t in_ccache,
89		cc_string_t *out_name);
90
91		cc_int32 __cc_ccache_get_principal_vector (cc_ccache_t in_ccache,
92		cc_uint32 in_credentials_version,
93		cc_string_t *out_principal);
94
95		cc_int32 __cc_ccache_set_principal_vector (cc_ccache_t io_ccache,
96		cc_uint32 in_credentials_version,
97		const char *in_principal);
98
99		cc_int32 __cc_ccache_store_credentials_vector (cc_ccache_t io_ccache,
100		const cc_credentials_union *in_credentials_union);
101
102		cc_int32 __cc_ccache_remove_credentials_vector (cc_ccache_t io_ccache,
103		cc_credentials_t in_credentials);
104
105		cc_int32 __cc_ccache_new_credentials_iterator_vector (cc_ccache_t in_ccache,
106		cc_credentials_iterator_t *out_credentials_iterator);
107
108		cc_int32 __cc_ccache_move_vector (cc_ccache_t io_source_ccache,
109		cc_ccache_t io_destination_ccache);
110
111		cc_int32 __cc_ccache_lock_vector (cc_ccache_t io_ccache,
112		cc_uint32 in_lock_type,
113		cc_uint32 in_block);
114
115		cc_int32 __cc_ccache_unlock_vector (cc_ccache_t io_ccache);
116
117		cc_int32 __cc_ccache_get_last_default_time_vector (cc_ccache_t in_ccache,
118		cc_time_t *out_last_default_time);
119
120		cc_int32 __cc_ccache_get_change_time_vector (cc_ccache_t in_ccache,
121		cc_time_t *out_change_time);
122
123		cc_int32 __cc_ccache_compare_vector (cc_ccache_t in_ccache,
124		cc_ccache_t in_compare_to_ccache,
125		cc_uint32 *out_equal);
126
127		cc_int32 __cc_credentials_release_vector (cc_credentials_t io_credentials);
128
129		cc_int32 __cc_credentials_compare_vector (cc_credentials_t in_credentials,
130		cc_credentials_t in_compare_to_credentials,
131		cc_uint32 *out_equal);
132
133		cc_int32 __cc_ccache_iterator_release_vector (cc_ccache_iterator_t io_ccache_iterator);
134
135		cc_int32 __cc_ccache_iterator_next_vector (cc_ccache_iterator_t in_ccache_iterator,
136		cc_ccache_t *out_ccache);
137
138		cc_int32 __cc_credentials_iterator_release_vector (cc_credentials_iterator_t io_credentials_iterator);
139
140		cc_int32 __cc_credentials_iterator_next_vector (cc_credentials_iterator_t in_credentials_iterator,
141		cc_credentials_t *out_credentials);
142
143		cc_int32 __cc_shutdown_vector (apiCB **io_context);
144
145		cc_int32 __cc_get_NC_info_vector (apiCB *in_context,
146		infoNC ***out_info);
147
148		cc_int32 __cc_get_change_time_vector (apiCB *in_context,
149		cc_time_t *out_change_time);
150
151		cc_int32 __cc_open_vector (apiCB *in_context,
152		const char *in_name,
153		cc_int32 in_version,
154		cc_uint32 in_flags,
155		ccache_p **out_ccache);
156
157		cc_int32 __cc_create_vector (apiCB *in_context,
158		const char *in_name,
159		const char *in_principal,
160		cc_int32 in_version,
161		cc_uint32 in_flags,
162		ccache_p **out_ccache);
163
164		cc_int32 __cc_close_vector (apiCB *in_context,
165		ccache_p **io_ccache);
166
167		cc_int32 __cc_destroy_vector (apiCB *in_context,
168		ccache_p **io_ccache);
169
170		cc_int32 __cc_seq_fetch_NCs_begin_vector (apiCB *in_context,
171		ccache_cit **out_iterator);
172
173		cc_int32 __cc_seq_fetch_NCs_next_vector (apiCB *in_context,
174		ccache_p **out_ccache,
175		ccache_cit *in_iterator);
176
177		cc_int32 __cc_seq_fetch_NCs_end_vector (apiCB *in_context,
178		ccache_cit **io_iterator);
179
180		cc_int32 __cc_get_name_vector (apiCB *in_context,
181		ccache_p *in_ccache,
182		char **out_name);
183
184		cc_int32 __cc_get_cred_version_vector (apiCB *in_context,
185		ccache_p *in_ccache,
186		cc_int32 *out_version);
187
188		cc_int32 __cc_set_principal_vector (apiCB *in_context,
189		ccache_p *io_ccache,
190		cc_int32 in_version,
191		char *in_principal);
192
193		cc_int32 __cc_get_principal_vector (apiCB *in_context,
194		ccache_p *in_ccache,
195		char **out_principal);
196
197		cc_int32 __cc_store_vector (apiCB *in_context,
198		ccache_p *io_ccache,
199		cred_union in_credentials);
200
201		cc_int32 __cc_remove_cred_vector (apiCB *in_context,
202		ccache_p *in_ccache,
203		cred_union in_credentials);
204
205		cc_int32 __cc_seq_fetch_creds_begin_vector (apiCB *in_context,
206		const ccache_p *in_ccache,
207		ccache_cit **out_iterator);
208
209		cc_int32 __cc_seq_fetch_creds_next_vector (apiCB *in_context,
210		cred_union **out_creds,
211		ccache_cit *in_iterator);
212
213		cc_int32 __cc_seq_fetch_creds_end_vector (apiCB *in_context,
214		ccache_cit **io_iterator);
215
216		cc_int32 __cc_free_principal_vector (apiCB *in_context,
217		char **io_principal);
218
219		cc_int32 __cc_free_name_vector (apiCB *in_context,
220		char **io_name);
221
222		cc_int32 __cc_free_creds_vector (apiCB *in_context,
223		cred_union **io_credentials);
224
225		cc_int32 __cc_free_NC_info_vector (apiCB *in_context,
226		infoNC ***io_info);

+0

-20

src/ccapi/lib/win/OldCC/ccapi.h less more

79	79	{ KRB_NAME_SZ = 40,
80	80	KRB_INSTANCE_SZ = 40,
81	81	KRB_REALM_SZ = 40,
82		MAX_V4_CRED_LEN = 1250
83	82	} ;
84	83	typedef struct _NC_INFO
85	84	{

93	92	CC_UINT32 length;
94	93	/* [size_is] / NC_INFO info;
95	94	} NC_INFO_LIST;
96
97		typedef struct _V4_CRED
98		{
99		CC_UCHAR kversion;
100		CC_CHAR principal[ 41 ];
101		CC_CHAR principal_instance[ 41 ];
102		CC_CHAR service[ 41 ];
103		CC_CHAR service_instance[ 41 ];
104		CC_CHAR realm[ 41 ];
105		CC_UCHAR session_key[ 8 ];
106		CC_INT32 kvno;
107		CC_INT32 str_to_key;
108		CC_INT32 issue_date;
109		CC_INT32 lifetime;
110		CC_UINT32 address;
111		CC_INT32 ticket_sz;
112		CC_UCHAR ticket[ 1250 ];
113		} V4_CRED;
114	95
115	96	typedef struct _CC_DATA
116	97	{

144	125
145	126	typedef /* [switch_type] */ union _CRED_PTR_UNION
146	127	{
147		/* [case()] / V4_CRED pV4Cred;
148	128	/* [case()] / V5_CRED pV5Cred;
149	129	} CRED_PTR_UNION;
150	130

+9

-62

src/ccapi/server/ccs_ccache.c less more

30	30	ccs_lock_state_t lock_state;
31	31	cc_uint32 creds_version;
32	32	char *name;
33		char *v4_principal;
34	33	char *v5_principal;
35	34	cc_time_t last_default_time;
36	35	cc_time_t last_changed_time;
37		cc_uint32 kdc_time_offset_v4_valid;
38		cc_time_t kdc_time_offset_v4;
39	36	cc_uint32 kdc_time_offset_v5_valid;
40	37	cc_time_t kdc_time_offset_v5;
41	38	ccs_credentials_list_t credentials;
42	39	ccs_callback_array_t change_callbacks;
43	40	};
44	41
45		struct ccs_ccache_d ccs_ccache_initializer = { NULL, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, NULL, NULL };
	42	struct ccs_ccache_d ccs_ccache_initializer = { NULL, NULL, 0, NULL, NULL, 0, 0, 0, 0, NULL, NULL };
46	43
47	44	/* ------------------------------------------------------------------------ */
48	45

87	84	if (!err) {
88	85	ccache->creds_version = in_creds_version;
89	86
90		if (ccache->creds_version == cc_credentials_v4) {
91		ccache->v4_principal = strdup (in_principal);
92		if (!ccache->v4_principal) { err = cci_check_error (ccErrNoMem); }
93
94		} else if (ccache->creds_version == cc_credentials_v5) {
	87	if (ccache->creds_version == cc_credentials_v5) {
95	88	ccache->v5_principal = strdup (in_principal);
96	89	if (!ccache->v5_principal) { err = cci_check_error (ccErrNoMem); }
97	90

146	139	const char *in_principal)
147	140	{
148	141	cc_int32 err = ccNoError;
149		char *v4_principal = NULL;
150	142	char *v5_principal = NULL;
151	143	ccs_credentials_list_t credentials = NULL;
152	144

157	149	if (!err) {
158	150	io_ccache->creds_version = in_creds_version;
159	151
160		if (io_ccache->creds_version == cc_credentials_v4) {
161		v4_principal = strdup (in_principal);
162		if (!v4_principal) { err = cci_check_error (ccErrNoMem); }
163
164		} else if (io_ccache->creds_version == cc_credentials_v5) {
	152	if (io_ccache->creds_version == cc_credentials_v5) {
165	153	v5_principal = strdup (in_principal);
166	154	if (!v5_principal) { err = cci_check_error (ccErrNoMem); }
167	155

175	163	}
176	164
177	165	if (!err) {
178		io_ccache->kdc_time_offset_v4 = 0;
179		io_ccache->kdc_time_offset_v4_valid = 0;
180	166	io_ccache->kdc_time_offset_v5 = 0;
181	167	io_ccache->kdc_time_offset_v5_valid = 0;
182
183		if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
184		io_ccache->v4_principal = v4_principal;
185		v4_principal = NULL; /* take ownership */
186	168
187	169	if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
188	170	io_ccache->v5_principal = v5_principal;

195	177	err = ccs_ccache_changed (io_ccache, io_cache_collection);
196	178	}
197	179
198		free (v4_principal);
199	180	free (v5_principal);
200	181	ccs_credentials_list_release (credentials);
201	182

249	230	cci_identifier_release (io_ccache->identifier);
250	231	ccs_lock_state_release (io_ccache->lock_state);
251	232	free (io_ccache->name);
252		free (io_ccache->v4_principal);
253	233	free (io_ccache->v5_principal);
254	234	ccs_credentials_list_release (io_ccache->credentials);
255	235	ccs_callback_array_release (io_ccache->change_callbacks);

606	586	err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
607	587	}
608	588
609		if (!err && version == cc_credentials_v4_v5) {
610		err = cci_check_error (ccErrBadCredentialsVersion);
611		}
612
613		if (!err) {
614		if (version == cc_credentials_v4) {
615		err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal);
616
617		} else if (version == cc_credentials_v5) {
	589	if (!err) {
	590	if (version == cc_credentials_v5) {
618	591	err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal);
619	592
620	593	} else {

651	624
652	625	if (!err) {
653	626	/* reset KDC time offsets because they are per-KDC */
654		if (version == cc_credentials_v4) {
655		io_ccache->kdc_time_offset_v4 = 0;
656		io_ccache->kdc_time_offset_v4_valid = 0;
657
658		if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
659		io_ccache->v4_principal = principal;
660		principal = NULL; /* take ownership */
661
662
663		} else if (version == cc_credentials_v5) {
	627	if (version == cc_credentials_v5) {
664	628	io_ccache->kdc_time_offset_v5 = 0;
665	629	io_ccache->kdc_time_offset_v5_valid = 0;
666	630

997	961	}
998	962
999	963	if (!err) {
1000		if (cred_vers == cc_credentials_v4) {
1001		if (io_ccache->kdc_time_offset_v4_valid) {
1002		err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v4);
1003		} else {
1004		err = cci_check_error (ccErrTimeOffsetNotSet);
1005		}
1006
1007		} else if (cred_vers == cc_credentials_v5) {
	964	if (cred_vers == cc_credentials_v5) {
1008	965	if (io_ccache->kdc_time_offset_v5_valid) {
1009	966	err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5);
1010	967	} else {

1039	996	}
1040	997
1041	998	if (!err) {
1042		if (cred_vers == cc_credentials_v4) {
1043		err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4);
1044
1045		if (!err) {
1046		io_ccache->kdc_time_offset_v4_valid = 1;
1047		}
1048		} else if (cred_vers == cc_credentials_v5) {
	999	if (cred_vers == cc_credentials_v5) {
1049	1000	err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5);
1050	1001
1051	1002	if (!err) {

1083	1034	}
1084	1035
1085	1036	if (!err) {
1086		if (cred_vers == cc_credentials_v4) {
1087		io_ccache->kdc_time_offset_v4 = 0;
1088		io_ccache->kdc_time_offset_v4_valid = 0;
1089
1090		} else if (cred_vers == cc_credentials_v5) {
	1037	if (cred_vers == cc_credentials_v5) {
1091	1038	io_ccache->kdc_time_offset_v5 = 0;
1092	1039	io_ccache->kdc_time_offset_v5_valid = 0;
1093	1040

+0

-38

~~src/ccapi/server/mac/CCacheServerInfo.plist~~ less more

0		<?xml version="1.0" encoding="UTF-8"?>
1		<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
2		<plist version="1.0">
3		<dict>
4		<key>CFBundleDevelopmentRegion</key>
5		<string>English</string>
6		<key>CFBundleExecutable</key>
7		<string>CCacheServer</string>
8		<key>CFBundleGetInfoString</key>
9		<string>4.1</string>
10		<key>CFBundleIconFile</key>
11		<string></string>
12		<key>CFBundleIdentifier</key>
13		<string>edu.mit.Kerberos.CCacheServer</string>
14		<key>CFBundleInfoDictionaryVersion</key>
15		<string>6.0</string>
16		<key>CFBundleName</key>
17		<string>Kerberos Credentials Cache Server</string>
18		<key>CFBundlePackageType</key>
19		<string>APPL</string>
20		<key>CFBundleSignature</key>
21		<string>CCSa</string>
22		<key>CFBundleVersion</key>
23		<string>0.0.1d1</string>
24		<key>CFBundleShortVersionString</key>
25		<string>5.5</string>
26		<key>CFBundleGetInfoString</key>
27		<string>5.5 Copyright MIT</string>
28		<key>KfMDisplayVersion</key>
29		<string>5.5 Copyright MIT</string>
30		<key>KfMDisplayCopyright</key>
31		<string>Copyright MIT</string>
32		<key>NSHumanReadableCopyright</key>
33		<string>5.5 Copyright MIT</string>
34		<key>LSBackgroundOnly</key>
35		<string>1</string>
36		</dict>
37		</plist>

+0

-79

~~src/ccapi/server/mac/ccs_os_notify.c~~ less more

0		/* ccapi/server/mac/ccs_os_notify.c */
1		/*
2		* Copyright 2006-2008 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "ccs_common.h"
26		#include "ccs_os_notify.h"
27		#include <CoreFoundation/CoreFoundation.h>
28
29		/* ------------------------------------------------------------------------ */
30
31		cc_int32 ccs_os_notify_cache_collection_changed (ccs_cache_collection_t io_cache_collection)
32		{
33		cc_int32 err = ccNoError;
34
35		if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
36
37		if (!err) {
38		CFNotificationCenterRef center = CFNotificationCenterGetDistributedCenter ();
39
40		if (center) {
41		CFNotificationCenterPostNotification (center,
42		kCCAPICacheCollectionChangedNotification,
43		NULL, NULL, TRUE);
44		}
45		}
46
47
48
49		return cci_check_error (err);
50		}
51
52		/* ------------------------------------------------------------------------ */
53
54		cc_int32 ccs_os_notify_ccache_changed (ccs_cache_collection_t io_cache_collection,
55		const char *in_ccache_name)
56		{
57		cc_int32 err = ccNoError;
58
59		if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
60		if (!in_ccache_name ) { err = cci_check_error (ccErrBadParam); }
61
62		if (!err) {
63		CFNotificationCenterRef center = CFNotificationCenterGetDistributedCenter ();
64		CFStringRef name = CFStringCreateWithCString (kCFAllocatorDefault,
65		in_ccache_name,
66		kCFStringEncodingUTF8);
67
68		if (center && name) {
69		CFNotificationCenterPostNotification (center,
70		kCCAPICCacheChangedNotification,
71		name, NULL, TRUE);
72		}
73
74		if (name) { CFRelease (name); }
75		}
76
77		return cci_check_error (err);
78		}

+0

-79

~~src/ccapi/server/mac/ccs_os_pipe.c~~ less more

0		/* ccapi/server/mac/ccs_os_pipe.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "ccs_common.h"
26		#include "ccs_os_pipe.h"
27		#include <mach/port.h>
28
29		/* On macOS ccs_pipe_t is a mach_port_t */
30
31		/* ------------------------------------------------------------------------ */
32
33		cc_int32 ccs_os_pipe_valid (ccs_pipe_t in_pipe)
34		{
35		return MACH_PORT_VALID (in_pipe);
36		}
37
38		/* ------------------------------------------------------------------------ */
39
40		cc_int32 ccs_os_pipe_compare (ccs_pipe_t in_pipe,
41		ccs_pipe_t in_compare_to_pipe,
42		cc_uint32 *out_equal)
43		{
44		cc_int32 err = ccNoError;
45
46		if (!in_pipe ) { err = cci_check_error (ccErrBadParam); }
47		if (!in_compare_to_pipe) { err = cci_check_error (ccErrBadParam); }
48		if (!out_equal ) { err = cci_check_error (ccErrBadParam); }
49
50		if (!err) {
51		*out_equal = (in_pipe == in_compare_to_pipe);
52		}
53
54		return cci_check_error (err);
55		}
56
57		/* ------------------------------------------------------------------------ */
58
59		cc_int32 ccs_os_pipe_copy (ccs_pipe_t *out_pipe,
60		ccs_pipe_t in_pipe)
61		{
62		cc_int32 err = 0;
63
64		*out_pipe = in_pipe;
65
66		return cci_check_error (err);
67		}
68
69		/* ------------------------------------------------------------------------ */
70
71		cc_int32 ccs_os_pipe_release (ccs_pipe_t io_pipe)
72		{
73		cc_int32 err = 0;
74
75		/* Nothing to do here on macOS */
76
77		return cci_check_error (err);
78		}

+0

-97

~~src/ccapi/server/mac/ccs_os_server.c~~ less more

0		/* ccapi/server/mac/ccs_os_server.c */
1		/*
2		* Copyright 2006 Massachusetts Institute of Technology.
3		* All Rights Reserved.
4		*
5		* Export of this software from the United States of America may
6		* require a specific license from the United States Government.
7		* It is the responsibility of any person or organization contemplating
8		* export to obtain such a license before exporting.
9		*
10		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
11		* distribute this software and its documentation for any purpose and
12		* without fee is hereby granted, provided that the above copyright
13		* notice appear in all copies and that both that copyright notice and
14		* this permission notice appear in supporting documentation, and that
15		* the name of M.I.T. not be used in advertising or publicity pertaining
16		* to distribution of the software without specific, written prior
17		* permission. Furthermore if you modify this software you must label
18		* your software as modified software and not distribute it in such a
19		* fashion that it might be confused with the original M.I.T. software.
20		* M.I.T. makes no representations about the suitability of
21		* this software for any purpose. It is provided "as is" without express
22		* or implied warranty.
23		*/
24
25		#include "ccs_common.h"
26
27		#include <syslog.h>
28		#include "k5_mig_server.h"
29		#include "ccs_os_server.h"
30
31		/* ------------------------------------------------------------------------ */
32
33		int32_t k5_ipc_server_add_client (mach_port_t in_client_port)
34		{
35		return cci_check_error (ccs_server_add_client (in_client_port));
36		}
37
38		/* ------------------------------------------------------------------------ */
39
40		int32_t k5_ipc_server_remove_client (mach_port_t in_client_port)
41		{
42		return cci_check_error (ccs_server_remove_client (in_client_port));
43		}
44
45
46		/* ------------------------------------------------------------------------ */
47
48		kern_return_t k5_ipc_server_handle_request (mach_port_t in_connection_port,
49		mach_port_t in_reply_port,
50		k5_ipc_stream in_request_stream)
51		{
52		return cci_check_error (ccs_server_handle_request (in_connection_port,
53		in_reply_port,
54		in_request_stream));
55		}
56
57		#pragma mark -
58
59		/* ------------------------------------------------------------------------ */
60
61		cc_int32 ccs_os_server_initialize (int argc, const char *argv[])
62		{
63		cc_int32 err = 0;
64
65		openlog (argv[0], LOG_CONS \| LOG_PID, LOG_AUTH);
66		syslog (LOG_INFO, "Starting up.");
67
68		return cci_check_error (err);
69		}
70
71		/* ------------------------------------------------------------------------ */
72
73		cc_int32 ccs_os_server_cleanup (int argc, const char *argv[])
74		{
75		cc_int32 err = 0;
76
77		syslog (LOG_NOTICE, "Exiting.");
78
79		return cci_check_error (err);
80		}
81
82		/* ------------------------------------------------------------------------ */
83
84		cc_int32 ccs_os_server_listen_loop (int argc, const char *argv[])
85		{
86		return cci_check_error (k5_ipc_server_listen_loop ());
87		}
88
89		/* ------------------------------------------------------------------------ */
90
91		cc_int32 ccs_os_server_send_reply (ccs_pipe_t in_reply_pipe,
92		k5_ipc_stream in_reply_stream)
93		{
94		return cci_check_error (k5_ipc_server_send_reply (in_reply_pipe,
95		in_reply_stream));
96		}

+0

-35

~~src/ccapi/server/mac/edu.mit.Kerberos.CCacheServer.plist~~ less more

0		<?xml version="1.0" encoding="UTF-8"?>
1		<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
2		<plist version="1.0">
3		<dict>
4		<key>Label</key>
5		<string>edu.mit.Kerberos.CCacheServer</string>
6		<key>LimitLoadToSessionType</key>
7		<string>Background</string>
8		<key>Program</key>
9		<string>/System/Library/CoreServices/CCacheServer.app/Contents/MacOS/CCacheServer</string>
10		<key>MachServices</key>
11		<dict>
12		<key>edu.mit.Kerberos.CCacheServer.ipcLookup</key>
13		<dict>
14		<key>HideUntilCheckIn</key>
15		<true/>
16		<key>ResetAtClose</key>
17		<true/>
18		</dict>
19		<key>edu.mit.Kerberos.CCacheServer.ipcService</key>
20		<true/>
21		</dict>
22		<key>EnableTransactions</key>
23		<true/>
24		<key>OnDemand</key>
25		<true/>
26		<key>ThrottleInterval</key>
27		<integer>0</integer>
28		<key>EnvironmentVariables</key>
29		<dict>
30		<key>CFFIXED_USER_HOME</key>
31		<string>/var/empty</string>
32		</dict>
33		</dict>
34		</plist>

+2

-2

src/ccapi/server/win/ccs_os_server.cpp less more

161	161
162	162	if (err) {
163	163	Init::Cleanup();
164		fprintf( stderr, "An error occured while %s the server (%u)\n",
	164	fprintf( stderr, "An error occurred while %s the server (%u)\n",
165	165	opts.bShutdown ? "shutting down" : "starting/running",
166	166	err);
167	167	exit(cci_check_error (err));

624	624	CCMSG_CONNECT_REPLY, /* Message type */
625	625	(unsigned char)&h, / client's tspdata* */
626	626	(unsigned char*)uuid,
627		getMySST(), /* Server's session number = it's start time */
	627	getMySST(), /* Server's session number = its start time */
628	628	&status ); /* Return code */
629	629	}
630	630	RpcExcept(1) {

+36

-195

src/ccapi/test/test_ccapi_ccache.c less more

302	302	failure_count++;
303	303	}
304	304
305		// try it with added v4 creds
306		if (!err) {
307		err = cc_ccache_set_principal(ccache, cc_credentials_v4, "foo@BAR.ORG");
308		}
309		if (!err) {
310		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v5 with v4 creds added");
311		}
312		else {
313		log_error("cc_ccache_set_principal failed, can't complete test");
314		failure_count++;
315		}
316
317	305	if (ccache) {
318	306	cc_ccache_destroy(ccache);
319	307	ccache = NULL;
320	308	}
321	309
322	310	err = ccNoError;
323
324		// try one created with v4 creds
325		if (!err) {
326		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAR.ORG", &ccache);
327		}
328		if (!err) {
329		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4, ccNoError, "v4 creds");
330		}
331		else {
332		log_error("cc_context_create_new_ccache failed, can't complete test");
333		failure_count++;
334		}
335
336		// try it with added v5 creds
337		if (!err) {
338		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
339		}
340		if (!err) {
341		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v4 with v5 creds added");
342		}
343		else {
344		log_error("cc_ccache_set_principal failed, can't complete test");
345		failure_count++;
346		}
347
348		if (ccache) {
349		cc_ccache_destroy(ccache);
350		ccache = NULL;
351		}
352	311
353	312	if (context) { cc_context_release(context); }
354	313

581	540	log_error("cc_context_create_new_ccache failed, can't complete test");
582	541	failure_count++;
583	542	}
584		if (ccache) {
585		cc_ccache_release(ccache);
586		ccache = NULL;
587		}
588
589		// try with krb4 principal
590		if (!err) {
591		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo.BAR@BAZ.ORG", &ccache);
592		}
593		if (!err) {
594		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4, "foo.BAR@BAZ.ORG", ccNoError, "trying to get krb4 princ for krb4 ccache");
595		}
596		else {
597		log_error("cc_context_create_new_ccache failed, can't complete test");
598		failure_count++;
599		}
600
601		// try with bad param
602		if (!err) {
603		// cc_ccache_t doesn't have any concept of the difference between a v4 and v5 principal
604		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4_v5, "foo.BAR@BAZ.ORG",
605		ccErrBadCredentialsVersion,
606		"passing cc_credentials_v4_v5 (shouldn't be allowed)");
607		check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "passed null out param");
608		}
	543
	544	// try with bad param
	545	if (!err) {
	546	check_once_cc_ccache_get_principal(ccache, cc_credentials_v5,
	547	NULL, ccErrBadParam,
	548	"passed null out param");
	549	}
609	550
610	551	if (ccache) {
611	552	cc_ccache_release(ccache);

642	583	err = destroy_all_ccaches(context);
643	584	}
644	585
645		// bad params
646		if (!err) {
647		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
648		}
649		if (!err) {
650		check_once_cc_ccache_set_principal(ccache, cc_credentials_v4_v5, "foo/BAZ@BAR.ORG", ccErrBadCredentialsVersion, "cc_credentials_v4_v5 (not allowed)");
651		check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL principal");
652		}
653		else {
654		log_error("cc_context_create_new_ccache failed, can't complete test");
655		failure_count++;
656		}
657		if (ccache) {
658		cc_ccache_destroy(ccache);
659		ccache = NULL;
660		}
661
662
663		// empty ccache
664
665		// replace v5 only ccache's principal
666		if (!err) {
667		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
668		}
669		if (!err) {
670		check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "replace v5 only ccache's principal (empty ccache)");
671		}
672		else {
673		log_error("cc_context_create_new_ccache failed, can't complete test");
674		failure_count++;
675		}
676		if (ccache) {
677		cc_ccache_destroy(ccache);
678		ccache = NULL;
679		}
680
681		// add v4 principal to v5 only ccache
682		if (!err) {
683		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
684		}
685		if (!err) {
686		check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "add v4 principal to v5 only ccache (empty ccache)");
687		}
688		else {
689		log_error("cc_context_create_new_ccache failed, can't complete test");
690		failure_count++;
691		}
692		if (ccache) {
693		cc_ccache_destroy(ccache);
694		ccache = NULL;
695		}
696
697		// replace v4 only ccache's principal
698		if (!err) {
699		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
700		}
701		if (!err) {
702		check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "replace v4 only ccache's principal (empty ccache)");
703		}
704		else {
705		log_error("cc_context_create_new_ccache failed, can't complete test");
706		failure_count++;
707		}
708		if (ccache) {
709		cc_ccache_destroy(ccache);
710		ccache = NULL;
711		}
712
713		// add v5 principal to v4 only ccache
714		if (!err) {
715		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
716		}
717		if (!err) {
718		check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "add v5 principal to v4 only ccache (empty ccache)");
719		}
720		else {
721		log_error("cc_context_create_new_ccache failed, can't complete test");
722		failure_count++;
723		}
724		if (ccache) {
725		cc_ccache_destroy(ccache);
726		ccache = NULL;
727		}
728
729		// with credentials
730
731		// replace v5 only ccache's principal
732
733		// add v4 principal to v5 only ccache
734
735		// replace v4 only ccache's principal
736
737		// add v5 principal to v4 only ccache
	586	// replace v5 only ccache's principal
	587	if (!err) {
	588	err = cc_context_create_new_ccache(context, cc_credentials_v5,
	589	"foo@BAZ.ORG", &ccache);
	590	}
	591	if (!err) {
	592	check_once_cc_ccache_set_principal(
	593	ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError,
	594	"replace v5 only ccache's principal (empty ccache)");
	595	}
	596	else {
	597	log_error(
	598	"cc_context_create_new_ccache failed, can't complete test");
	599	failure_count++;
	600	}
	601
	602	// bad params
	603	if (!err) {
	604	check_once_cc_ccache_set_principal(ccache, cc_credentials_v5,
	605	NULL, ccErrBadParam,
	606	"NULL principal");
	607	}
	608
	609	if (ccache) {
	610	cc_ccache_destroy(ccache);
	611	ccache = NULL;
	612	}
738	613
739	614	if (context) {
740	615	err = destroy_all_ccaches(context);

842	717	creds_union.credentials.credentials_v5->client = NULL;
843	718	}
844	719	check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadParam, "invalid creds (NULL client string)");
845		}
846
847		if (&creds_union) { release_v5_creds_union(&creds_union); }
848
849		// bad creds version
850		if (!err) {
851		err = new_v5_creds_union(&creds_union, "BAR.ORG");
852		}
853
854		if (!err) {
855		creds_union.version = cc_credentials_v4_v5;
856		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4_v5 creds (invalid) into a ccache with only v5 princ");
857		creds_union.version = cc_credentials_v4;
858		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4 creds into a ccache with only v5 princ");
859		creds_union.version = cc_credentials_v5;
860	720	}
861	721
862	722	if (&creds_union) { release_v5_creds_union(&creds_union); }

1808	1668	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, time_offset);
1809	1669	}
1810	1670	if (!err) {
1811		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5 but not v4");
1812		}
1813		if (!err) {
1814		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccErrTimeOffsetNotSet, "asking for v4 offset when only v5 is set");
1815		}
1816		if (!err) {
1817		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, time_offset);
1818		}
1819		if (!err) {
1820		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccNoError, "asking for v4 offset when v4 and v5 are set");
1821		}
1822
	1671	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5");
	1672	}
1823	1673
1824	1674	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL time_offset out param");
1825		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4_v5, &time_offset, ccErrBadCredentialsVersion, "v4_v5 creds_vers in param (invalid)");
1826	1675
1827	1676	if (ccache) { cc_ccache_release(ccache); }
1828	1677

1899	1748	}
1900	1749
1901	1750	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0, ccNoError, "first time setting offset (v5)");
1902		check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0, ccNoError, "first time setting offset (v4)");
1903
1904		check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4_v5, 0, ccErrBadCredentialsVersion, "invalid creds_vers (v4_v5)");
1905	1751
1906	1752	if (ccache) { cc_ccache_release(ccache); }
1907	1753

1977	1823	}
1978	1824
1979	1825	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing an offset that was never set (v5)");
1980		check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing an offset that was never set (v4)");
1981	1826
1982	1827	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0);
1983		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0);
1984	1828
1985	1829	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing v5");
1986		check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing v4");
1987
1988		check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4_v5, ccErrBadCredentialsVersion, "bad in param creds vers (v4_v5)");
1989	1830
1990	1831	if (ccache) { cc_ccache_release(ccache); }
1991	1832

+0

-2

src/ccapi/test/test_ccapi_constants.c less more

45	45
46	46	/* Credentials versions */
47	47
48		check_int(cc_credentials_v4, 1);
49	48	check_int(cc_credentials_v5, 2);
50		check_int(cc_credentials_v4_v5, (cc_credentials_v4 \| cc_credentials_v5));
51	49
52	50	/* Lock types */
53	51

+0

-3

src/ccapi/test/test_ccapi_context.c less more

582	582
583	583	// try bad parameters
584	584	err = check_once_cc_context_create_ccache(context, NULL, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccErrBadParam, "NULL name"); // NULL name
585		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
586	585	err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
587	586	err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
588	587	}

680	679	}
681	680
682	681	// try bad parameters
683		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
684	682	err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
685	683	err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
686	684	}

772	770	if (ccache) { cc_ccache_release(ccache); }
773	771
774	772	// try bad parameters
775		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
776	773	err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal"); // NULL principal
777	774	err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache"); // NULL ccache
778	775	}

+0

-89

src/ccapi/test/test_ccapi_v2.c less more

42	42	if (!strcmp(a->cred.pV5Cred->client, b->cred.pV5Cred->client) &&
43	43	!strcmp(a->cred.pV5Cred->server, b->cred.pV5Cred->server) &&
44	44	a->cred.pV5Cred->starttime == b->cred.pV5Cred->starttime) {
45		retval = 0;
46		}
47		} else if (a->cred_type == CC_CRED_V4) {
48		if (!strcmp (a->cred.pV4Cred->principal,
49		b->cred.pV4Cred->principal) &&
50		!strcmp (a->cred.pV4Cred->principal_instance,
51		b->cred.pV4Cred->principal_instance) &&
52		!strcmp (a->cred.pV4Cred->service,
53		b->cred.pV4Cred->service) &&
54		!strcmp (a->cred.pV4Cred->service_instance,
55		b->cred.pV4Cred->service_instance) &&
56		!strcmp (a->cred.pV4Cred->realm,
57		b->cred.pV4Cred->realm) &&
58		a->cred.pV4Cred->issue_date == b->cred.pV4Cred->issue_date) {
59	45	retval = 0;
60	46	}
61	47	}

360	346	err = check_once_cc_open(context, name, CC_CRED_V5, &ccache, CC_NOERROR, NULL);
361	347	}
362	348
363		// check version
364		if (!err) {
365		err = check_once_cc_open(context, name, CC_CRED_V4, &ccache, CC_ERR_CRED_VERSION, NULL);
366		}
367	349	// try bad parameters
368	350	err = check_once_cc_open(context, NULL, CC_CRED_V5, &ccache, CC_BAD_PARM, NULL);
369	351	err = check_once_cc_open(context, name, CC_CRED_V5, NULL, CC_BAD_PARM, NULL);

680	662
681	663	err = CC_NOERROR;
682	664
683		// try one created with v4 creds
684		if (!err) {
685		err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V4, 0, &ccache);
686		}
687		if (!err) {
688		check_once_cc_get_cred_version(context, ccache, CC_CRED_V4, CC_NOERROR, "v4 creds");
689		}
690		else {
691		log_error("cc_context_create_new_ccache failed, can't complete test");
692		failure_count++;
693		}
694	665	if (ccache) {
695	666	cc_destroy(context, &ccache);
696	667	ccache = NULL;

839	810	apiCB *context = NULL;
840	811	ccache_p *ccache = NULL;
841	812	char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
842		char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
843	813
844	814	BEGIN_TEST("cc_get_principal");
845	815

863	833	if (ccache) {
864	834	cc_close(context, &ccache);
865	835	ccache = NULL;
866		}
867
868		// try with krb4 principal
869		if (!err) {
870		err = cc_create(context, name_v4, "foo.BAR@BAZ.ORG", CC_CRED_V4, 0, &ccache);
871		}
872		if (!err) {
873		check_once_cc_get_principal(context, ccache, "foo.BAR@BAZ.ORG", CC_NOERROR, "trying to get krb4 princ for krb4 ccache");
874		}
875		else {
876		log_error("cc_create failed, can't complete test");
877		failure_count++;
878	836	}
879	837
880	838	// try with bad param

944	902	apiCB *context = NULL;
945	903	ccache_p *ccache = NULL;
946	904	char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
947		char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
948	905
949	906	BEGIN_TEST("cc_set_principal");
950	907

971	928	ccache = NULL;
972	929	}
973	930
974		// empty ccache
975
976		// replace v5 ccache's principal
977		if (!err) {
978		err = cc_create(context, name_v5, "foo@BAZ.ORG", CC_CRED_V5, 0, &ccache);
979		}
980		if (!err) {
981		check_once_cc_set_principal(context, ccache, CC_CRED_V5, "foo/BAZ@BAR.ORG", CC_NOERROR, "replace v5 only ccache's principal (empty ccache)");
982		check_once_cc_set_principal(context, ccache, CC_CRED_V4, "foo.BAZ@BAR.ORG", CC_ERR_CRED_VERSION, "replace v5 principal with v4");
983		}
984		else {
985		log_error("cc_create failed, can't complete test");
986		failure_count++;
987		}
988		if (ccache) {
989		cc_destroy(context, &ccache);
990		ccache = NULL;
991		}
992
993		// replace v4 ccache's principal
994		if (!err) {
995		err = cc_create(context, name_v4, "foo@BAZ.ORG", CC_CRED_V4, 0, &ccache);
996		}
997		if (!err) {
998		check_once_cc_set_principal(context, ccache, CC_CRED_V4, "foo.BAZ@BAR.ORG", CC_NOERROR, "replace v4 only ccache's principal (empty ccache)");
999		check_once_cc_set_principal(context, ccache, CC_CRED_V5, "foo/BAZ@BAR.ORG", CC_ERR_CRED_VERSION, "replace v4 principal with v5");
1000		}
1001		else {
1002		log_error("cc_create failed, can't complete test");
1003		failure_count++;
1004		}
1005	931	if (ccache) {
1006	932	cc_destroy(context, &ccache);
1007	933	ccache = NULL;

1096	1022	creds_union.cred.pV5Cred->client = NULL;
1097	1023	}
1098	1024	check_once_cc_store(context, ccache, creds_union, CC_BAD_PARM, "invalid creds (NULL client string)");
1099
1100		release_v5_creds_union_compat(&creds_union);
1101		}
1102		}
1103
1104		// bad creds version
1105		if (!err) {
1106		err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
1107
1108		if (!err) {
1109		creds_union.cred_type = CC_CRED_MAX;
1110		check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "CC_CRED_MAX (invalid) into a ccache with only v5 princ");
1111		creds_union.cred_type = CC_CRED_V4;
1112		check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "v4 creds into a v5 ccache");
1113		creds_union.cred_type = CC_CRED_V5;
1114	1025
1115	1026	release_v5_creds_union_compat(&creds_union);
1116	1027	}

+37

-27

src/clients/klist/klist.c less more

570	570	etype_string(krb5_enctype enctype)
571	571	{
572	572	static char buf[100];
573		krb5_error_code ret;
574
575		ret = krb5_enctype_to_name(enctype, FALSE, buf, sizeof(buf));
576		if (ret)
577		snprintf(buf, sizeof(buf), "etype %d", enctype);
	573	char *bp = buf;
	574	size_t deplen, buflen = sizeof(buf);
	575
	576	if (krb5int_c_deprecated_enctype(enctype)) {
	577	deplen = strlcpy(bp, "DEPRECATED:", buflen);
	578	buflen -= deplen;
	579	bp += deplen;
	580	}
	581
	582	if (krb5_enctype_to_name(enctype, FALSE, bp, buflen))
	583	snprintf(bp, buflen, "etype %d", enctype);
578	584	return buf;
579	585	}
580	586

655	661	show_credential(krb5_creds *cred)
656	662	{
657	663	krb5_error_code ret;
658		krb5_ticket *tkt;
659		char name, sname, *flags;
	664	krb5_ticket *tkt = NULL;
	665	char name = NULL, sname = NULL, tktsname, flags;
660	666	int extra_field = 0, ccol = 0, i;
	667	krb5_boolean is_config = krb5_is_config_principal(context, cred->server);
661	668
662	669	ret = krb5_unparse_name(context, cred->client, &name);
663	670	if (ret) {
664	671	com_err(progname, ret, _("while unparsing client name"));
665		return;
	672	goto cleanup;
666	673	}
667	674	ret = krb5_unparse_name(context, cred->server, &sname);
668	675	if (ret) {
669	676	com_err(progname, ret, _("while unparsing server name"));
670		krb5_free_unparsed_name(context, name);
671		return;
672		}
	677	goto cleanup;
	678	}
	679	if (!is_config)
	680	(void)krb5_decode_ticket(&cred->ticket, &tkt);
673	681	if (!cred->times.starttime)
674	682	cred->times.starttime = cred->times.authtime;
675	683
676		if (!krb5_is_config_principal(context, cred->server)) {
	684	if (!is_config) {
677	685	printtime(cred->times.starttime);
678	686	putchar(' ');
679	687	putchar(' ');

700	708	extra_field++;
701	709	}
702	710
703		if (krb5_is_config_principal(context, cred->server))
	711	if (is_config)
704	712	print_config_data(ccol, &cred->ticket);
705	713
706	714	if (cred->times.renew_till) {

711	719	fputs(_("renew until "), stdout);
712	720	printtime(cred->times.renew_till);
713	721	extra_field += 2;
714		}
715
716		if (extra_field > 3) {
717		fputs("\n", stdout);
718		extra_field = 0;
719	722	}
720	723
721	724	if (show_flags) {

735	738	extra_field = 0;
736	739	}
737	740
738		if (show_etype) {
739		ret = krb5_decode_ticket(&cred->ticket, &tkt);
740		if (ret)
741		goto err_tkt;
742
	741	if (show_etype && tkt != NULL) {
743	742	if (!extra_field)
744	743	fputs("\t",stdout);
745	744	else

748	747	etype_string(cred->keyblock.enctype));
749	748	printf("%s ", etype_string(tkt->enc_part.enctype));
750	749	extra_field++;
751
752		err_tkt:
753		if (tkt != NULL)
754		krb5_free_ticket(context, tkt);
755	750	}
756	751
757	752	if (show_adtype) {

790	785	}
791	786	}
792	787
	788	/* Display the ticket server if it is different from the server name the
	789	* entry was cached under (most commonly for referrals). */
	790	if (tkt != NULL &&
	791	!krb5_principal_compare(context, cred->server, tkt->server)) {
	792	ret = krb5_unparse_name(context, tkt->server, &tktsname);
	793	if (ret) {
	794	com_err(progname, ret, _("while unparsing ticket server name"));
	795	goto cleanup;
	796	}
	797	printf(_("\tTicket server: %s\n"), tktsname);
	798	krb5_free_unparsed_name(context, tktsname);
	799	}
	800
	801	cleanup:
793	802	krb5_free_unparsed_name(context, name);
794	803	krb5_free_unparsed_name(context, sname);
	804	krb5_free_ticket(context, tkt);
795	805	}
796	806
797	807	#include "port-sockets.h"

+1

-1

src/clients/ksu/Makefile.in less more

0	0	mydir=clients$(S)ksu
1	1	BUILDTOP=$(REL)..$(S)..
2		DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
	2	DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
3	3
4	4	KSU_LIBS=@KSU_LIBS@
5	5

+1

-3

src/clients/ksu/krb_auth_su.c less more

182	182	if (code ) {
183	183	com_err(prog_name, code, _("while reading password for '%s'\n"),
184	184	client_name);
185		memset(password, 0, sizeof(password));
186	185	return (FALSE);
187	186	}
188	187
189	188	if ( pwsize == 0) {
190	189	fprintf(stderr, _("No password given\n"));
191	190	*zero_password = TRUE;
192		memset(password, 0, sizeof(password));
193	191	return (FALSE);
194	192	}
195	193
196	194	code = krb5_get_init_creds_password(context, &creds, client, password,
197	195	krb5_prompter_posix, NULL, 0, NULL,
198	196	options);
199		memset(password, 0, sizeof(password));
	197	zap(password, sizeof(password));
200	198
201	199
202	200	if (code) {

+39

-3

src/clients/ksu/main.c less more

47	47	static int set_env_var (char , char );
48	48	static void sweep_up (krb5_context, krb5_ccache);
49	49	static char * ontty (void);
	50	static krb5_error_code init_ksu_context(krb5_context *);
50	51	static krb5_error_code set_ccname_env(krb5_context, krb5_ccache);
51	52	static void print_status( const char *fmt, ...)
52	53	#if __GNUC__ > 2 \|\| (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)

65	66	void usage (){
66	67	fprintf(stderr,
67	68	_("Usage: %s [target user] [-n principal] [-c source cachename] "
68		"[-k] [-r time] [-pf] [-l lifetime] [-zZ] [-q] "
	69	"[-k] [-r time] [-p\|-P] [-f\|-F] [-l lifetime] [-zZ] [-q] "
69	70	"[-e command [args... ] ] [-a [args... ] ]\n"), prog_name);
70	71	}
71	72

128	129
129	130	unsetenv ("KRB5_CONFIG");
130	131
131		retval = krb5_init_secure_context(&ksu_context);
	132	retval = init_ksu_context(&ksu_context);
132	133	if (retval) {
133	134	com_err(argv[0], retval, _("while initializing krb5"));
134	135	exit(1);

188	189	com_err (prog_name, errno, _("while setting euid to source user"));
189	190	exit (1);
190	191	}
191		while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
	192	while (!done &&
	193	(option = getopt(pargc, pargv,"n:c:r:a:zZDfFpPkql:e:")) != -1) {
192	194	switch (option) {
193	195	case 'r':
194	196	if (strlen (optarg) >= 14)

216	218	case 'p':
217	219	krb5_get_init_creds_opt_set_proxiable(options, 1);
218	220	break;
	221	case 'P':
	222	krb5_get_init_creds_opt_set_proxiable(options, 0);
	223	break;
219	224	case 'f':
220	225	krb5_get_init_creds_opt_set_forwardable(options, 1);
	226	break;
	227	case 'F':
	228	krb5_get_init_creds_opt_set_forwardable(options, 0);
221	229	break;
222	230	case 'k':
223	231	keep_target_cache =1;

784	792	exit (1);
785	793	}
786	794	}
	795	}
	796
	797	static krb5_error_code
	798	init_ksu_context(krb5_context *context_out)
	799	{
	800	krb5_error_code retval;
	801	const char *env_ccname;
	802	krb5_context context;
	803
	804	*context_out = NULL;
	805
	806	retval = krb5_init_secure_context(&context);
	807	if (retval)
	808	return retval;
	809
	810	/* We want to obey KRB5CCNAME in this context even though this is a setuid
	811	* program. (It will only be used when operating as the real uid.) */
	812	env_ccname = getenv(KRB5_ENV_CCNAME);
	813	if (env_ccname != NULL) {
	814	retval = krb5_cc_set_default_name(context, env_ccname);
	815	if (retval) {
	816	krb5_free_context(context);
	817	return retval;
	818	}
	819	}
	820
	821	*context_out = context;
	822	return 0;
787	823	}
788	824
789	825	/* Set KRB5CCNAME in the environment to point to ccache. Print an error

+9

-8

src/clients/kvno/deps less more

2	2	#
3	3	$(OUTPRE)kvno.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
4	4	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
5		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
6		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
7		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
8		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
9		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
10		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
11		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
12		$(top_srcdir)/include/socket-utils.h kvno.c
	5	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-base64.h \
	6	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	7	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	8	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	9	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	10	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	11	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	12	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	13	kvno.c

+161

-41

src/clients/kvno/kvno.c less more

25	25	*/
26	26
27	27	#include "k5-platform.h"
	28	#include "k5-buf.h"
	29	#include "k5-base64.h"
28	30	#include <locale.h>
29	31	#ifdef HAVE_UNISTD_H
30	32	#include <unistd.h>
31	33	#endif
32	34	#include <string.h>
	35	#include <ctype.h>
33	36
34	37	static char *prog;
35	38	static int quiet = 0;

38	41	xusage()
39	42	{
40	43	fprintf(stderr, _("usage: %s [-C] [-u] [-c ccache] [-e etype]\n"), prog);
41		fprintf(stderr, _("\t[-k keytab] [-S sname] [-U for_user [-P]]\n"));
	44	fprintf(stderr, _("\t[-k keytab] [-S sname] [{-I \| -U} for_user \| "
	45	"[-F cert_file] [-P]]\n"));
42	46	fprintf(stderr, _("\t[--u2u ccache] service1 service2 ...\n"));
43	47	exit(1);
44	48	}
45	49
46	50	static void do_v5_kvno(int argc, char argv[], char ccachestr, char *etypestr,
47	51	char keytab_name, char sname, int canon, int unknown,
48		char for_user, int proxy, const char u2u_ccname);
	52	char *for_user, int for_user_enterprise,
	53	char *for_user_cert_file, int proxy,
	54	const char *u2u_ccname);
49	55
50	56	#include <com_err.h>
51	57	static void extended_com_err_fn(const char *myprog, errcode_t code,

59	65	{ "u2u", 1, NULL, OPTION_U2U },
60	66	{ NULL, 0, NULL, 0 }
61	67	};
62		const char *shopts = "uCc:e:hk:qPS:U:";
	68	const char *shopts = "uCc:e:hk:qPS:I:U:F:";
63	69	int option;
64	70	char etypestr = NULL, ccachestr = NULL, *keytab_name = NULL;
65	71	char sname = NULL, for_user = NULL, *u2u_ccname = NULL;
66		int canon = 0, unknown = 0, proxy = 0;
	72	char *for_user_cert_file = NULL;
	73	int canon = 0, unknown = 0, proxy = 0, for_user_enterprise = 0;
	74	int impersonate = 0;
67	75
68	76	setlocale(LC_ALL, "");
69	77	set_com_err_hook(extended_com_err_fn);

110	118	xusage();
111	119	}
112	120	break;
	121	case 'I':
	122	impersonate = 1;
	123	for_user = optarg;
	124	break;
113	125	case 'U':
114		for_user = optarg; /* S4U2Self - protocol transition */
	126	impersonate = 1;
	127	for_user_enterprise = 1;
	128	for_user = optarg;
	129	break;
	130	case 'F':
	131	impersonate = 1;
	132	for_user_cert_file = optarg;
115	133	break;
116	134	case OPTION_U2U:
117	135	u2u_ccname = optarg;

122	140	}
123	141	}
124	142
125		if (u2u_ccname != NULL && for_user != NULL) {
126		fprintf(stderr, _("Options --u2u and -P are mutually exclusive\n"));
	143	if (u2u_ccname != NULL && impersonate) {
	144	fprintf(stderr,
	145	_("Options --u2u and -I\|-U\|-F are mutually exclusive\n"));
127	146	xusage();
128	147	}
129	148
130	149	if (proxy) {
131		if (keytab_name == NULL) {
132		fprintf(stderr, _("Option -P (constrained delegation) "
133		"requires keytab to be specified\n"));
134		xusage();
135		} else if (for_user == NULL) {
	150	if (!impersonate) {
136	151	fprintf(stderr, _("Option -P (constrained delegation) requires "
137		"option -U (protocol transition)\n"));
	152	"option -I\|-U\|-F (protocol transition)\n"));
138	153	xusage();
139	154	}
140	155	}

143	158	xusage();
144	159
145	160	do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name,
146		sname, canon, unknown, for_user, proxy, u2u_ccname);
	161	sname, canon, unknown, for_user, for_user_enterprise,
	162	for_user_cert_file, proxy, u2u_ccname);
147	163	return 0;
148	164	}
149	165

161	177	fprintf(stderr, "\n");
162	178	}
163	179
	180	/* Read a line from fp into buf. Trim any trailing whitespace, and return a
	181	* pointer to the first non-whitespace character. */
	182	static const char *
	183	read_line(FILE fp, char buf, size_t bufsize)
	184	{
	185	char end, begin;
	186
	187	if (fgets(buf, bufsize, fp) == NULL)
	188	return NULL;
	189
	190	end = buf + strlen(buf);
	191	while (end > buf && isspace((uint8_t)end[-1]))
	192	*--end = '\0';
	193
	194	begin = buf;
	195	while (isspace((uint8_t)*begin))
	196	begin++;
	197
	198	return begin;
	199	}
	200
	201	/* Read a certificate from file_name in PEM format, placing the DER
	202	* representation of the certificate in der_out. /
	203	static krb5_error_code
	204	read_pem_file(char file_name, krb5_data der_out)
	205	{
	206	krb5_error_code ret = 0;
	207	FILE *fp = NULL;
	208	const char *begin_line = "-----BEGIN CERTIFICATE-----";
	209	const char end_line = "-----END ", line;
	210	char linebuf[256];
	211	struct k5buf buf = EMPTY_K5BUF;
	212	uint8_t *der_cert;
	213	size_t dlen;
	214
	215	*der_out = empty_data();
	216
	217	fp = fopen(file_name, "r");
	218	if (fp == NULL)
	219	return errno;
	220
	221	for (;;) {
	222	line = read_line(fp, linebuf, sizeof(linebuf));
	223	if (line == NULL) {
	224	ret = EINVAL;
	225	k5_setmsg(context, ret, _("No begin line not found"));
	226	goto cleanup;
	227	}
	228	if (strncmp(line, begin_line, strlen(begin_line)) == 0)
	229	break;
	230	}
	231
	232	k5_buf_init_dynamic(&buf);
	233	for (;;) {
	234	line = read_line(fp, linebuf, sizeof(linebuf));
	235	if (line == NULL) {
	236	ret = EINVAL;
	237	k5_setmsg(context, ret, _("No end line found"));
	238	goto cleanup;
	239	}
	240
	241	if (strncmp(line, end_line, strlen(end_line)) == 0)
	242	break;
	243
	244	/* Header lines would be expected for an actual privacy-enhanced mail
	245	* message, but not for a certificate. */
	246	if (*line == '\0' \|\| strchr(line, ':') != NULL) {
	247	ret = EINVAL;
	248	k5_setmsg(context, ret, _("Unexpected header line"));
	249	goto cleanup;
	250	}
	251
	252	k5_buf_add(&buf, line);
	253	}
	254
	255	der_cert = k5_base64_decode(buf.data, &dlen);
	256	if (der_cert == NULL) {
	257	ret = EINVAL;
	258	k5_setmsg(context, ret, _("Invalid base64"));
	259	goto cleanup;
	260	}
	261
	262	*der_out = make_data(der_cert, dlen);
	263
	264	cleanup:
	265	fclose(fp);
	266	k5_buf_free(&buf);
	267	return ret;
	268	}
	269
164	270	/* Request a single service ticket and display its status (unless quiet is
165	271	* set). On failure, display an error message and return non-zero. */
166	272	static krb5_error_code
167	273	kvno(const char *name, krb5_ccache ccache, krb5_principal me,
168	274	krb5_enctype etype, krb5_keytab keytab, const char *sname,
169		krb5_flags options, int unknown, krb5_principal for_user_princ, int proxy,
170		krb5_data *u2u_ticket)
	275	krb5_flags options, int unknown, krb5_principal for_user_princ,
	276	krb5_data for_user_cert, int proxy, krb5_data u2u_ticket)
171	277	{
172	278	krb5_error_code ret;
173	279	krb5_principal server = NULL;

203	309	if (u2u_ticket != NULL)
204	310	in_creds.second_ticket = *u2u_ticket;
205	311
206		if (for_user_princ != NULL) {
	312	if (for_user_princ != NULL \|\| for_user_cert != NULL) {
207	313	if (!proxy && !krb5_principal_compare(context, me, server)) {
208	314	ret = EINVAL;
209	315	com_err(prog, ret,

214	320	in_creds.client = for_user_princ;
215	321	in_creds.server = me;
216	322	ret = krb5_get_credentials_for_user(context, options, ccache,
217		&in_creds, NULL, &out_creds);
	323	&in_creds, for_user_cert,
	324	&out_creds);
218	325	} else {
219	326	in_creds.client = me;
220	327	in_creds.server = server;

248	355	printf(_("%s: kvno = %d, keytab entry valid\n"), princ,
249	356	ticket->enc_part.kvno);
250	357	}
251		if (proxy) {
252		krb5_free_creds(context, out_creds);
253		out_creds = NULL;
254
255		in_creds.client = ticket->enc_part2->client;
256		in_creds.server = server;
257
258		ret = krb5_get_credentials_for_proxy(context, KRB5_GC_CANONICALIZE,
259		ccache, &in_creds, ticket,
260		&out_creds);
261		if (ret) {
262		com_err(prog, ret, _("%s: constrained delegation failed"),
263		princ);
264		goto cleanup;
265		}
266		}
267	358	} else {
268	359	if (!quiet)
269	360	printf(_("%s: kvno = %d\n"), princ, ticket->enc_part.kvno);
	361	}
	362
	363	if (proxy) {
	364	in_creds.client = out_creds->client;
	365	out_creds->client = NULL;
	366	krb5_free_creds(context, out_creds);
	367	out_creds = NULL;
	368	in_creds.server = server;
	369
	370	ret = krb5_get_credentials_for_proxy(context, KRB5_GC_CANONICALIZE,
	371	ccache, &in_creds, ticket,
	372	&out_creds);
	373	krb5_free_principal(context, in_creds.client);
	374	if (ret) {
	375	com_err(prog, ret, _("%s: constrained delegation failed"),
	376	princ);
	377	goto cleanup;
	378	}
270	379	}
271	380
272	381	cleanup:

319	428	static void
320	429	do_v5_kvno(int count, char names[], char ccachestr, char *etypestr,
321	430	char keytab_name, char sname, int canon, int unknown,
322		char for_user, int proxy, const char u2u_ccname)
	431	char *for_user, int for_user_enterprise,
	432	char for_user_cert_file, int proxy, const char u2u_ccname)
323	433	{
324	434	krb5_error_code ret;
325		int i, errors;
	435	int i, errors, flags;
326	436	krb5_enctype etype;
327	437	krb5_ccache ccache;
328	438	krb5_principal me;
329	439	krb5_keytab keytab = NULL;
330	440	krb5_principal for_user_princ = NULL;
331	441	krb5_flags options = canon ? KRB5_GC_CANONICALIZE : 0;
332		krb5_data *u2u_ticket = NULL;
	442	krb5_data cert_data = empty_data(), user_cert = NULL, u2u_ticket = NULL;
333	443
334	444	ret = krb5_init_context(&context);
335	445	if (ret) {

365	475	}
366	476
367	477	if (for_user) {
368		ret = krb5_parse_name_flags(context, for_user,
369		KRB5_PRINCIPAL_PARSE_ENTERPRISE,
370		&for_user_princ);
	478	flags = for_user_enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0;
	479	ret = krb5_parse_name_flags(context, for_user, flags, &for_user_princ);
371	480	if (ret) {
372	481	com_err(prog, ret, _("while parsing principal name %s"), for_user);
373	482	exit(1);
374	483	}
	484	}
	485
	486	if (for_user_cert_file != NULL) {
	487	ret = read_pem_file(for_user_cert_file, &cert_data);
	488	if (ret) {
	489	com_err(prog, ret, _("while reading certificate file %s"),
	490	for_user_cert_file);
	491	exit(1);
	492	}
	493	user_cert = &cert_data;
375	494	}
376	495
377	496	if (u2u_ccname != NULL) {

393	512	errors = 0;
394	513	for (i = 0; i < count; i++) {
395	514	if (kvno(names[i], ccache, me, etype, keytab, sname, options, unknown,
396		for_user_princ, proxy, u2u_ticket) != 0)
	515	for_user_princ, user_cert, proxy, u2u_ticket) != 0)
397	516	errors++;
398	517	}
399	518

403	522	krb5_free_principal(context, for_user_princ);
404	523	krb5_cc_close(context, ccache);
405	524	krb5_free_data(context, u2u_ticket);
	525	krb5_free_data_contents(context, &cert_data);
406	526	krb5_free_context(context);
407	527
408	528	if (errors)

+237

-56

src/config/config.guess less more

0	0	#! /bin/sh
1	1	# Attempt to guess a canonical system name.
2		# Copyright 1992-2018 Free Software Foundation, Inc.
3
4		timestamp='2018-08-29'
	2	# Copyright 1992-2020 Free Software Foundation, Inc.
	3
	4	timestamp='2020-01-01'
5	5
6	6	# This file is free software; you can redistribute it and/or modify it
7	7	# under the terms of the GNU General Public License as published by

49	49	GNU config.guess ($timestamp)
50	50
51	51	Originally written by Per Bothner.
52		Copyright 1992-2018 Free Software Foundation, Inc.
	52	Copyright 1992-2020 Free Software Foundation, Inc.
53	53
54	54	This is free software; see the source for copying conditions. There is NO
55	55	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."

95	95
96	96	tmp=
97	97	# shellcheck disable=SC2172
98		trap 'test -z "$tmp" \|\| rm -fr "$tmp"' 1 2 13 15
99		trap 'exitcode=$?; test -z "$tmp" \|\| rm -fr "$tmp"; exit $exitcode' 0
	98	trap 'test -z "$tmp" \|\| rm -fr "$tmp"' 0 1 2 13 15
100	99
101	100	set_cc_for_build() {
	101	# prevent multiple calls if $tmp is already set
	102	test "$tmp" && return 0
102	103	: "${TMPDIR=/tmp}"
103	104	# shellcheck disable=SC2039
104	105	{ tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } \|\|

262	263	:SolidBSD::*)
263	264	echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
264	265	exit ;;
	266	:OS108::*)
	267	echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE"
	268	exit ;;
265	269	macppc:MirBSD::)
266	270	echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
267	271	exit ;;

271	275	:Sortix::*)
272	276	echo "$UNAME_MACHINE"-unknown-sortix
273	277	exit ;;
	278	:Twizzler::*)
	279	echo "$UNAME_MACHINE"-unknown-twizzler
	280	exit ;;
274	281	:Redox::*)
275	282	echo "$UNAME_MACHINE"-unknown-redox
276	283	exit ;;
277	284	mips:OSF1:.)
278		echo mips-dec-osf1
279		exit ;;
	285	echo mips-dec-osf1
	286	exit ;;
280	287	alpha:OSF1::)
281	288	case $UNAME_RELEASE in
282	289	*4.0)

391	398	echo i386-pc-auroraux"$UNAME_RELEASE"
392	399	exit ;;
393	400	i86pc:SunOS:5.: \| i86xen:SunOS:5.:)
394		UNAME_REL="`echo "$UNAME_RELEASE" \| sed -e 's/[^.]*//'`"
395		case `isainfo -b` in
396		32)
397		echo i386-pc-solaris2"$UNAME_REL"
398		;;
399		64)
400		echo x86_64-pc-solaris2"$UNAME_REL"
401		;;
402		esac
	401	set_cc_for_build
	402	SUN_ARCH=i386
	403	# If there is a compiler, see if it is configured for 64-bit objects.
	404	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
	405	# This test works for both compilers.
	406	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
	407	if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') \| \
	408	(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) \| \
	409	grep IS_64BIT_ARCH >/dev/null
	410	then
	411	SUN_ARCH=x86_64
	412	fi
	413	fi
	414	echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"\|sed -e 's/[^.]*//'`"
403	415	exit ;;
404	416	sun4:SunOS:6:*)
405	417	# According to config.sub, this is the proper way to canonicalize

913	925	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
914	926	exit ;;
915	927	alpha:Linux::)
916		case `sed -n '/^cpu model/s/^.: $.$/\1/p' < /proc/cpuinfo` in
	928	case `sed -n '/^cpu model/s/^.: $.$/\1/p' /proc/cpuinfo 2>/dev/null` in
917	929	EV5) UNAME_MACHINE=alphaev5 ;;
918	930	EV56) UNAME_MACHINE=alphaev56 ;;
919	931	PCA56) UNAME_MACHINE=alphapca56 ;;

980	992	exit ;;
981	993	mips:Linux:: \| mips64:Linux::)
982	994	set_cc_for_build
	995	IS_GLIBC=0
	996	test x"${LIBC}" = xgnu && IS_GLIBC=1
983	997	sed 's/^ //' << EOF > "$dummy.c"
984	998	#undef CPU
985		#undef ${UNAME_MACHINE}
986		#undef ${UNAME_MACHINE}el
	999	#undef mips
	1000	#undef mipsel
	1001	#undef mips64
	1002	#undef mips64el
	1003	#if ${IS_GLIBC} && defined(_ABI64)
	1004	LIBCABI=gnuabi64
	1005	#else
	1006	#if ${IS_GLIBC} && defined(_ABIN32)
	1007	LIBCABI=gnuabin32
	1008	#else
	1009	LIBCABI=${LIBC}
	1010	#endif
	1011	#endif
	1012
	1013	#if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
	1014	CPU=mipsisa64r6
	1015	#else
	1016	#if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
	1017	CPU=mipsisa32r6
	1018	#else
	1019	#if defined(__mips64)
	1020	CPU=mips64
	1021	#else
	1022	CPU=mips
	1023	#endif
	1024	#endif
	1025	#endif
	1026
987	1027	#if defined(__MIPSEL__) \|\| defined(__MIPSEL) \|\| defined(_MIPSEL) \|\| defined(MIPSEL)
988		CPU=${UNAME_MACHINE}el
	1028	MIPS_ENDIAN=el
989	1029	#else
990	1030	#if defined(__MIPSEB__) \|\| defined(__MIPSEB) \|\| defined(_MIPSEB) \|\| defined(MIPSEB)
991		CPU=${UNAME_MACHINE}
	1031	MIPS_ENDIAN=
992	1032	#else
993		CPU=
	1033	MIPS_ENDIAN=
994	1034	#endif
995	1035	#endif
996	1036	EOF
997		eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null \| grep '^CPU'`"
998		test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; }
	1037	eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null \| grep '^CPU\\|^MIPS_ENDIAN\\|^LIBCABI'`"
	1038	test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
999	1039	;;
1000	1040	mips64el:Linux::)
1001	1041	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"

1108	1148	*Pentium) UNAME_MACHINE=i586 ;;
1109	1149	Pent\|*Celeron) UNAME_MACHINE=i686 ;;
1110	1150	esac
1111		echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}"
	1151	echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}"
1112	1152	exit ;;
1113	1153	i86::3.2:*)
1114	1154	if test -f /usr/options/cb.name; then

1292	1332	echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
1293	1333	exit ;;
1294	1334	:Darwin::*)
1295		UNAME_PROCESSOR=`uname -p` \|\| UNAME_PROCESSOR=unknown
1296		set_cc_for_build
1297		if test "$UNAME_PROCESSOR" = unknown ; then
1298		UNAME_PROCESSOR=powerpc
1299		fi
1300		if test "`echo "$UNAME_RELEASE" \| sed -e 's/\..*//'`" -le 10 ; then
1301		if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
1302		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') \| \
1303		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) \| \
1304		grep IS_64BIT_ARCH >/dev/null
1305		then
1306		case $UNAME_PROCESSOR in
1307		i386) UNAME_PROCESSOR=x86_64 ;;
1308		powerpc) UNAME_PROCESSOR=powerpc64 ;;
1309		esac
1310		fi
1311		# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
1312		if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') \| \
1313		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) \| \
1314		grep IS_PPC >/dev/null
1315		then
1316		UNAME_PROCESSOR=powerpc
1317		fi
	1335	UNAME_PROCESSOR=`uname -p`
	1336	case $UNAME_PROCESSOR in
	1337	unknown) UNAME_PROCESSOR=powerpc ;;
	1338	esac
	1339	if command -v xcode-select > /dev/null 2> /dev/null && \
	1340	! xcode-select --print-path > /dev/null 2> /dev/null ; then
	1341	# Avoid executing cc if there is no toolchain installed as
	1342	# cc will be a stub that puts up a graphical alert
	1343	# prompting the user to install developer tools.
	1344	CC_FOR_BUILD=no_compiler_found
	1345	else
	1346	set_cc_for_build
	1347	fi
	1348	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
	1349	if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') \| \
	1350	(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) \| \
	1351	grep IS_64BIT_ARCH >/dev/null
	1352	then
	1353	case $UNAME_PROCESSOR in
	1354	i386) UNAME_PROCESSOR=x86_64 ;;
	1355	powerpc) UNAME_PROCESSOR=powerpc64 ;;
	1356	esac
	1357	fi
	1358	# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
	1359	if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') \| \
	1360	(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) \| \
	1361	grep IS_PPC >/dev/null
	1362	then
	1363	UNAME_PROCESSOR=powerpc
1318	1364	fi
1319	1365	elif test "$UNAME_PROCESSOR" = i386 ; then
1320		# Avoid executing cc on OS X 10.9, as it ships with a stub
1321		# that puts up a graphical alert prompting to install
1322		# developer tools. Any system running Mac OS X 10.7 or
1323		# later (Darwin 11 and later) is required to have a 64-bit
1324		# processor. This is not true of the ARM version of Darwin
1325		# that Apple uses in portable devices.
1326		UNAME_PROCESSOR=x86_64
	1366	# uname -m returns i386 or x86_64
	1367	UNAME_PROCESSOR=$UNAME_MACHINE
1327	1368	fi
1328	1369	echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
1329	1370	exit ;;

1423	1464	amd64:Isilon\ OneFS::)
1424	1465	echo x86_64-unknown-onefs
1425	1466	exit ;;
	1467	:Unleashed::*)
	1468	echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE"
	1469	exit ;;
1426	1470	esac
	1471
	1472	# No uname command or uname output not recognized.
	1473	set_cc_for_build
	1474	cat > "$dummy.c" <<EOF
	1475	#ifdef _SEQUENT_
	1476	#include <sys/types.h>
	1477	#include <sys/utsname.h>
	1478	#endif
	1479	#if defined(ultrix) \|\| defined(_ultrix) \|\| defined(__ultrix) \|\| defined(__ultrix__)
	1480	#if defined (vax) \|\| defined (__vax) \|\| defined (__vax__) \|\| defined(mips) \|\| defined(__mips) \|\| defined(__mips__) \|\| defined(MIPS) \|\| defined(__MIPS__)
	1481	#include <signal.h>
	1482	#if defined(_SIZE_T_) \|\| defined(SIGLOST)
	1483	#include <sys/utsname.h>
	1484	#endif
	1485	#endif
	1486	#endif
	1487	main ()
	1488	{
	1489	#if defined (sony)
	1490	#if defined (MIPSEB)
	1491	/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
	1492	I don't know.... */
	1493	printf ("mips-sony-bsd\n"); exit (0);
	1494	#else
	1495	#include <sys/param.h>
	1496	printf ("m68k-sony-newsos%s\n",
	1497	#ifdef NEWSOS4
	1498	"4"
	1499	#else
	1500	""
	1501	#endif
	1502	); exit (0);
	1503	#endif
	1504	#endif
	1505
	1506	#if defined (NeXT)
	1507	#if !defined (__ARCHITECTURE__)
	1508	#define __ARCHITECTURE__ "m68k"
	1509	#endif
	1510	int version;
	1511	version=`(hostinfo \| sed -n 's/.NeXT Mach $[0-9]$.*/\1/p') 2>/dev/null`;
	1512	if (version < 4)
	1513	printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
	1514	else
	1515	printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
	1516	exit (0);
	1517	#endif
	1518
	1519	#if defined (MULTIMAX) \|\| defined (n16)
	1520	#if defined (UMAXV)
	1521	printf ("ns32k-encore-sysv\n"); exit (0);
	1522	#else
	1523	#if defined (CMU)
	1524	printf ("ns32k-encore-mach\n"); exit (0);
	1525	#else
	1526	printf ("ns32k-encore-bsd\n"); exit (0);
	1527	#endif
	1528	#endif
	1529	#endif
	1530
	1531	#if defined (__386BSD__)
	1532	printf ("i386-pc-bsd\n"); exit (0);
	1533	#endif
	1534
	1535	#if defined (sequent)
	1536	#if defined (i386)
	1537	printf ("i386-sequent-dynix\n"); exit (0);
	1538	#endif
	1539	#if defined (ns32000)
	1540	printf ("ns32k-sequent-dynix\n"); exit (0);
	1541	#endif
	1542	#endif
	1543
	1544	#if defined (_SEQUENT_)
	1545	struct utsname un;
	1546
	1547	uname(&un);
	1548	if (strncmp(un.version, "V2", 2) == 0) {
	1549	printf ("i386-sequent-ptx2\n"); exit (0);
	1550	}
	1551	if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
	1552	printf ("i386-sequent-ptx1\n"); exit (0);
	1553	}
	1554	printf ("i386-sequent-ptx\n"); exit (0);
	1555	#endif
	1556
	1557	#if defined (vax)
	1558	#if !defined (ultrix)
	1559	#include <sys/param.h>
	1560	#if defined (BSD)
	1561	#if BSD == 43
	1562	printf ("vax-dec-bsd4.3\n"); exit (0);
	1563	#else
	1564	#if BSD == 199006
	1565	printf ("vax-dec-bsd4.3reno\n"); exit (0);
	1566	#else
	1567	printf ("vax-dec-bsd\n"); exit (0);
	1568	#endif
	1569	#endif
	1570	#else
	1571	printf ("vax-dec-bsd\n"); exit (0);
	1572	#endif
	1573	#else
	1574	#if defined(_SIZE_T_) \|\| defined(SIGLOST)
	1575	struct utsname un;
	1576	uname (&un);
	1577	printf ("vax-dec-ultrix%s\n", un.release); exit (0);
	1578	#else
	1579	printf ("vax-dec-ultrix\n"); exit (0);
	1580	#endif
	1581	#endif
	1582	#endif
	1583	#if defined(ultrix) \|\| defined(_ultrix) \|\| defined(__ultrix) \|\| defined(__ultrix__)
	1584	#if defined(mips) \|\| defined(__mips) \|\| defined(__mips__) \|\| defined(MIPS) \|\| defined(__MIPS__)
	1585	#if defined(_SIZE_T_) \|\| defined(SIGLOST)
	1586	struct utsname *un;
	1587	uname (&un);
	1588	printf ("mips-dec-ultrix%s\n", un.release); exit (0);
	1589	#else
	1590	printf ("mips-dec-ultrix\n"); exit (0);
	1591	#endif
	1592	#endif
	1593	#endif
	1594
	1595	#if defined (alliant) && defined (i860)
	1596	printf ("i860-alliant-bsd\n"); exit (0);
	1597	#endif
	1598
	1599	exit (1);
	1600	}
	1601	EOF
	1602
	1603	$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` &&
	1604	{ echo "$SYSTEM_NAME"; exit; }
	1605
	1606	# Apollos put the system type in the environment.
	1607	test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
1427	1608
1428	1609	echo "$0: unable to guess system type" >&2
1429	1610

+277

-274

src/config/config.sub less more

0	0	#! /bin/sh
1	1	# Configuration validation subroutine script.
2		# Copyright 1992-2018 Free Software Foundation, Inc.
3
4		timestamp='2018-08-29'
	2	# Copyright 1992-2020 Free Software Foundation, Inc.
	3
	4	timestamp='2020-01-01'
5	5
6	6	# This file is free software; you can redistribute it and/or modify it
7	7	# under the terms of the GNU General Public License as published by

66	66	version="\
67	67	GNU config.sub ($timestamp)
68	68
69		Copyright 1992-2018 Free Software Foundation, Inc.
	69	Copyright 1992-2020 Free Software Foundation, Inc.
70	70
71	71	This is free software; see the source for copying conditions. There is NO
72	72	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."

110	110	esac
111	111
112	112	# Split fields of configuration type
113		IFS="-" read -r field1 field2 field3 field4 <<EOF
	113	# shellcheck disable=SC2162
	114	IFS="-" read field1 field2 field3 field4 <<EOF
114	115	$1
115	116	EOF
116	117

335	336	basic_machine=m88k-harris
336	337	os=sysv3
337	338	;;
338		hp300)
	339	hp300 \| hp300hpux)
339	340	basic_machine=m68k-hp
	341	os=hpux
340	342	;;
341	343	hp300bsd)
342	344	basic_machine=m68k-hp
343	345	os=bsd
344	346	;;
345		hp300hpux)
346		basic_machine=m68k-hp
347		os=hpux
348		;;
349	347	hppaosf)
350	348	basic_machine=hppa1.1-hp
351	349	os=osf

358	356	basic_machine=i386-mach
359	357	os=mach
360	358	;;
	359	isi68 \| isi)
	360	basic_machine=m68k-isi
	361	os=sysv
	362	;;
	363	m68knommu)
	364	basic_machine=m68k-unknown
	365	os=linux
	366	;;
	367	magnum \| m3230)
	368	basic_machine=mips-mips
	369	os=sysv
	370	;;
	371	merlin)
	372	basic_machine=ns32k-utek
	373	os=sysv
	374	;;
	375	mingw64)
	376	basic_machine=x86_64-pc
	377	os=mingw64
	378	;;
	379	mingw32)
	380	basic_machine=i686-pc
	381	os=mingw32
	382	;;
	383	mingw32ce)
	384	basic_machine=arm-unknown
	385	os=mingw32ce
	386	;;
	387	monitor)
	388	basic_machine=m68k-rom68k
	389	os=coff
	390	;;
	391	morphos)
	392	basic_machine=powerpc-unknown
	393	os=morphos
	394	;;
	395	moxiebox)
	396	basic_machine=moxie-unknown
	397	os=moxiebox
	398	;;
	399	msdos)
	400	basic_machine=i386-pc
	401	os=msdos
	402	;;
	403	msys)
	404	basic_machine=i686-pc
	405	os=msys
	406	;;
	407	mvs)
	408	basic_machine=i370-ibm
	409	os=mvs
	410	;;
	411	nacl)
	412	basic_machine=le32-unknown
	413	os=nacl
	414	;;
	415	ncr3000)
	416	basic_machine=i486-ncr
	417	os=sysv4
	418	;;
	419	netbsd386)
	420	basic_machine=i386-pc
	421	os=netbsd
	422	;;
	423	netwinder)
	424	basic_machine=armv4l-rebel
	425	os=linux
	426	;;
	427	news \| news700 \| news800 \| news900)
	428	basic_machine=m68k-sony
	429	os=newsos
	430	;;
	431	news1000)
	432	basic_machine=m68030-sony
	433	os=newsos
	434	;;
	435	necv70)
	436	basic_machine=v70-nec
	437	os=sysv
	438	;;
	439	nh3000)
	440	basic_machine=m68k-harris
	441	os=cxux
	442	;;
	443	nh[45]000)
	444	basic_machine=m88k-harris
	445	os=cxux
	446	;;
	447	nindy960)
	448	basic_machine=i960-intel
	449	os=nindy
	450	;;
	451	mon960)
	452	basic_machine=i960-intel
	453	os=mon960
	454	;;
	455	nonstopux)
	456	basic_machine=mips-compaq
	457	os=nonstopux
	458	;;
	459	os400)
	460	basic_machine=powerpc-ibm
	461	os=os400
	462	;;
	463	OSE68000 \| ose68000)
	464	basic_machine=m68000-ericsson
	465	os=ose
	466	;;
	467	os68k)
	468	basic_machine=m68k-none
	469	os=os68k
	470	;;
	471	paragon)
	472	basic_machine=i860-intel
	473	os=osf
	474	;;
	475	parisc)
	476	basic_machine=hppa-unknown
	477	os=linux
	478	;;
	479	pw32)
	480	basic_machine=i586-unknown
	481	os=pw32
	482	;;
	483	rdos \| rdos64)
	484	basic_machine=x86_64-pc
	485	os=rdos
	486	;;
	487	rdos32)
	488	basic_machine=i386-pc
	489	os=rdos
	490	;;
	491	rom68k)
	492	basic_machine=m68k-rom68k
	493	os=coff
	494	;;
	495	sa29200)
	496	basic_machine=a29k-amd
	497	os=udi
	498	;;
	499	sei)
	500	basic_machine=mips-sei
	501	os=seiux
	502	;;
	503	sequent)
	504	basic_machine=i386-sequent
	505	os=
	506	;;
	507	sps7)
	508	basic_machine=m68k-bull
	509	os=sysv2
	510	;;
	511	st2000)
	512	basic_machine=m68k-tandem
	513	os=
	514	;;
	515	stratus)
	516	basic_machine=i860-stratus
	517	os=sysv4
	518	;;
	519	sun2)
	520	basic_machine=m68000-sun
	521	os=
	522	;;
	523	sun2os3)
	524	basic_machine=m68000-sun
	525	os=sunos3
	526	;;
	527	sun2os4)
	528	basic_machine=m68000-sun
	529	os=sunos4
	530	;;
	531	sun3)
	532	basic_machine=m68k-sun
	533	os=
	534	;;
	535	sun3os3)
	536	basic_machine=m68k-sun
	537	os=sunos3
	538	;;
	539	sun3os4)
	540	basic_machine=m68k-sun
	541	os=sunos4
	542	;;
	543	sun4)
	544	basic_machine=sparc-sun
	545	os=
	546	;;
	547	sun4os3)
	548	basic_machine=sparc-sun
	549	os=sunos3
	550	;;
	551	sun4os4)
	552	basic_machine=sparc-sun
	553	os=sunos4
	554	;;
	555	sun4sol2)
	556	basic_machine=sparc-sun
	557	os=solaris2
	558	;;
	559	sun386 \| sun386i \| roadrunner)
	560	basic_machine=i386-sun
	561	os=
	562	;;
	563	sv1)
	564	basic_machine=sv1-cray
	565	os=unicos
	566	;;
	567	symmetry)
	568	basic_machine=i386-sequent
	569	os=dynix
	570	;;
	571	t3e)
	572	basic_machine=alphaev5-cray
	573	os=unicos
	574	;;
	575	t90)
	576	basic_machine=t90-cray
	577	os=unicos
	578	;;
	579	toad1)
	580	basic_machine=pdp10-xkl
	581	os=tops20
	582	;;
	583	tpf)
	584	basic_machine=s390x-ibm
	585	os=tpf
	586	;;
	587	udi29k)
	588	basic_machine=a29k-amd
	589	os=udi
	590	;;
	591	ultra3)
	592	basic_machine=a29k-nyu
	593	os=sym1
	594	;;
	595	v810 \| necv810)
	596	basic_machine=v810-nec
	597	os=none
	598	;;
	599	vaxv)
	600	basic_machine=vax-dec
	601	os=sysv
	602	;;
	603	vms)
	604	basic_machine=vax-dec
	605	os=vms
	606	;;
361	607	vsta)
362	608	basic_machine=i386-pc
363	609	os=vsta
364		;;
365		isi68 \| isi)
366		basic_machine=m68k-isi
367		os=sysv
368		;;
369		m68knommu)
370		basic_machine=m68k-unknown
371		os=linux
372		;;
373		magnum \| m3230)
374		basic_machine=mips-mips
375		os=sysv
376		;;
377		merlin)
378		basic_machine=ns32k-utek
379		os=sysv
380		;;
381		mingw64)
382		basic_machine=x86_64-pc
383		os=mingw64
384		;;
385		mingw32)
386		basic_machine=i686-pc
387		os=mingw32
388		;;
389		mingw32ce)
390		basic_machine=arm-unknown
391		os=mingw32ce
392		;;
393		monitor)
394		basic_machine=m68k-rom68k
395		os=coff
396		;;
397		morphos)
398		basic_machine=powerpc-unknown
399		os=morphos
400		;;
401		moxiebox)
402		basic_machine=moxie-unknown
403		os=moxiebox
404		;;
405		msdos)
406		basic_machine=i386-pc
407		os=msdos
408		;;
409		msys)
410		basic_machine=i686-pc
411		os=msys
412		;;
413		mvs)
414		basic_machine=i370-ibm
415		os=mvs
416		;;
417		nacl)
418		basic_machine=le32-unknown
419		os=nacl
420		;;
421		ncr3000)
422		basic_machine=i486-ncr
423		os=sysv4
424		;;
425		netbsd386)
426		basic_machine=i386-pc
427		os=netbsd
428		;;
429		netwinder)
430		basic_machine=armv4l-rebel
431		os=linux
432		;;
433		news \| news700 \| news800 \| news900)
434		basic_machine=m68k-sony
435		os=newsos
436		;;
437		news1000)
438		basic_machine=m68030-sony
439		os=newsos
440		;;
441		necv70)
442		basic_machine=v70-nec
443		os=sysv
444		;;
445		nh3000)
446		basic_machine=m68k-harris
447		os=cxux
448		;;
449		nh[45]000)
450		basic_machine=m88k-harris
451		os=cxux
452		;;
453		nindy960)
454		basic_machine=i960-intel
455		os=nindy
456		;;
457		mon960)
458		basic_machine=i960-intel
459		os=mon960
460		;;
461		nonstopux)
462		basic_machine=mips-compaq
463		os=nonstopux
464		;;
465		os400)
466		basic_machine=powerpc-ibm
467		os=os400
468		;;
469		OSE68000 \| ose68000)
470		basic_machine=m68000-ericsson
471		os=ose
472		;;
473		os68k)
474		basic_machine=m68k-none
475		os=os68k
476		;;
477		paragon)
478		basic_machine=i860-intel
479		os=osf
480		;;
481		parisc)
482		basic_machine=hppa-unknown
483		os=linux
484		;;
485		pw32)
486		basic_machine=i586-unknown
487		os=pw32
488		;;
489		rdos \| rdos64)
490		basic_machine=x86_64-pc
491		os=rdos
492		;;
493		rdos32)
494		basic_machine=i386-pc
495		os=rdos
496		;;
497		rom68k)
498		basic_machine=m68k-rom68k
499		os=coff
500		;;
501		sa29200)
502		basic_machine=a29k-amd
503		os=udi
504		;;
505		sei)
506		basic_machine=mips-sei
507		os=seiux
508		;;
509		sequent)
510		basic_machine=i386-sequent
511		os=
512		;;
513		sps7)
514		basic_machine=m68k-bull
515		os=sysv2
516		;;
517		st2000)
518		basic_machine=m68k-tandem
519		os=
520		;;
521		stratus)
522		basic_machine=i860-stratus
523		os=sysv4
524		;;
525		sun2)
526		basic_machine=m68000-sun
527		os=
528		;;
529		sun2os3)
530		basic_machine=m68000-sun
531		os=sunos3
532		;;
533		sun2os4)
534		basic_machine=m68000-sun
535		os=sunos4
536		;;
537		sun3)
538		basic_machine=m68k-sun
539		os=
540		;;
541		sun3os3)
542		basic_machine=m68k-sun
543		os=sunos3
544		;;
545		sun3os4)
546		basic_machine=m68k-sun
547		os=sunos4
548		;;
549		sun4)
550		basic_machine=sparc-sun
551		os=
552		;;
553		sun4os3)
554		basic_machine=sparc-sun
555		os=sunos3
556		;;
557		sun4os4)
558		basic_machine=sparc-sun
559		os=sunos4
560		;;
561		sun4sol2)
562		basic_machine=sparc-sun
563		os=solaris2
564		;;
565		sun386 \| sun386i \| roadrunner)
566		basic_machine=i386-sun
567		os=
568		;;
569		sv1)
570		basic_machine=sv1-cray
571		os=unicos
572		;;
573		symmetry)
574		basic_machine=i386-sequent
575		os=dynix
576		;;
577		t3e)
578		basic_machine=alphaev5-cray
579		os=unicos
580		;;
581		t90)
582		basic_machine=t90-cray
583		os=unicos
584		;;
585		toad1)
586		basic_machine=pdp10-xkl
587		os=tops20
588		;;
589		tpf)
590		basic_machine=s390x-ibm
591		os=tpf
592		;;
593		udi29k)
594		basic_machine=a29k-amd
595		os=udi
596		;;
597		ultra3)
598		basic_machine=a29k-nyu
599		os=sym1
600		;;
601		v810 \| necv810)
602		basic_machine=v810-nec
603		os=none
604		;;
605		vaxv)
606		basic_machine=vax-dec
607		os=sysv
608		;;
609		vms)
610		basic_machine=vax-dec
611		os=vms
612	610	;;
613	611	vxworks960)
614	612	basic_machine=i960-wrs

820	818	cpu=m68k
821	819	vendor=next
822	820	case $os in
823		nextstep* )
	821	openstep*)
	822	;;
	823	nextstep*)
824	824	;;
825	825	ns2*)
826	826	os=nextstep2

917	917	;;
918	918
919	919	-)
920		IFS="-" read -r cpu vendor <<EOF
	920	# shellcheck disable=SC2162
	921	IFS="-" read cpu vendor <<EOF
921	922	$basic_machine
922	923	EOF
923	924	;;

1160	1161	\| alpha64 \| alpha64ev[4-8] \| alpha64ev56 \| alpha64ev6[78] \
1161	1162	\| alphapca5[67] \| alpha64pca5[67] \
1162	1163	\| am33_2.0 \
	1164	\| amdgcn \
1163	1165	\| arc \| arceb \
1164	1166	\| arm \| arm[lb]e \| arme[lb] \| armv* \
1165	1167	\| avr \| avr32 \
1166	1168	\| asmjs \
1167	1169	\| ba \
1168	1170	\| be32 \| be64 \
1169		\| bfin \| bs2000 \
	1171	\| bfin \| bpf \| bs2000 \
1170	1172	\| c[123]* \| c30 \| [cjt]90 \| c4x \
1171	1173	\| c8051 \| clipper \| craynv \| csky \| cydra \
1172	1174	\| d10v \| d30v \| dlx \| dsp16xx \

1181	1183	\| le32 \| le64 \
1182	1184	\| lm32 \
1183	1185	\| m32c \| m32r \| m32rle \
1184		\| m5200 \| m68000 \| m680[012346]0 \| m68360 \| m683?2 \| m68k \| v70 \| w65 \
1185		\| m6811 \| m68hc11 \| m6812 \| m68hc12 \| m68hcs12x \| nvptx \| picochip \
	1186	\| m5200 \| m68000 \| m680[012346]0 \| m68360 \| m683?2 \| m68k \
	1187	\| m6811 \| m68hc11 \| m6812 \| m68hc12 \| m68hcs12x \
1186	1188	\| m88110 \| m88k \| maxq \| mb \| mcore \| mep \| metag \
1187	1189	\| microblaze \| microblazeel \
1188	1190	\| mips \| mipsbe \| mipseb \| mipsel \| mipsle \
1189	1191	\| mips16 \
1190		\| mips64 \| mips64el \
	1192	\| mips64 \| mips64eb \| mips64el \
1191	1193	\| mips64octeon \| mips64octeonel \
1192	1194	\| mips64orion \| mips64orionel \
1193	1195	\| mips64r5900 \| mips64r5900el \

1214	1216	\| nds32 \| nds32le \| nds32be \
1215	1217	\| nfp \
1216	1218	\| nios \| nios2 \| nios2eb \| nios2el \
1217		\| none \| np1 \| ns16k \| ns32k \
	1219	\| none \| np1 \| ns16k \| ns32k \| nvptx \
1218	1220	\| open8 \
1219	1221	\| or1k* \
1220	1222	\| or32 \
1221	1223	\| orion \
	1224	\| picochip \
1222	1225	\| pdp10 \| pdp11 \| pj \| pjl \| pn \| power \
1223	1226	\| powerpc \| powerpc64 \| powerpc64le \| powerpcle \| powerpcspe \
1224	1227	\| pru \

1226	1229	\| riscv \| riscv32 \| riscv64 \
1227	1230	\| rl78 \| romp \| rs6000 \| rx \
1228	1231	\| score \
1229		\| sh \| sh[1234] \| sh[24]a \| sh[24]ae[lb] \| sh[23]e \| she[lb] \| sh[lb]e \
	1232	\| sh \| shl \
	1233	\| sh[1234] \| sh[24]a \| sh[24]ae[lb] \| sh[23]e \| she[lb] \| sh[lb]e \
1230	1234	\| sh[1234]e[lb] \| sh[12345][lb]e \| sh[23]ele \| sh64 \| sh64le \
1231	1235	\| sparc \| sparc64 \| sparc64b \| sparc64v \| sparc86x \| sparclet \
1232	1236	\| sparclite \

1236	1240	\| tic30 \| tic4x \| tic54x \| tic55x \| tic6x \| tic80 \
1237	1241	\| tron \
1238	1242	\| ubicom32 \
1239		\| v850 \| v850e \| v850e1 \| v850es \| v850e2 \| v850e2v3 \
	1243	\| v70 \| v850 \| v850e \| v850e1 \| v850es \| v850e2 \| v850e2v3 \
1240	1244	\| vax \
1241	1245	\| visium \
1242		\| wasm32 \
	1246	\| w65 \
	1247	\| wasm32 \| wasm64 \
1243	1248	\| we32k \
1244	1249	\| x86 \| x86_64 \| xc16x \| xgate \| xps100 \
1245	1250	\| xstormy16 \| xtensa* \

1337	1342	\| hpux* \| unos* \| osf* \| luna* \| dgux* \| auroraux* \| solaris* \
1338	1343	\| sym* \| kopensolaris* \| plan9* \
1339	1344	\| amigaos* \| amigados* \| msdos* \| newsos* \| unicos* \| aof* \
1340		\| aos* \| aros* \| cloudabi* \| sortix* \
	1345	\| aos* \| aros* \| cloudabi* \| sortix* \| twizzler* \
1341	1346	\| nindy* \| vxsim* \| vxworks* \| ebmon* \| hms* \| mvs* \
1342	1347	\| clix* \| riscos* \| uniplus* \| iris* \| isc* \| rtu* \| xenix* \
1343	1348	\| knetbsd* \| mirbsd* \| netbsd* \
1344		\| bitrig* \| openbsd* \| solidbsd* \| libertybsd* \
	1349	\| bitrig* \| openbsd* \| solidbsd* \| libertybsd* \| os108* \
1345	1350	\| ekkobsd* \| kfreebsd* \| freebsd* \| riscix* \| lynxos* \
1346	1351	\| bosx* \| nextstep* \| cxux* \| aout* \| elf* \| oabi* \
1347	1352	\| ptx* \| coff* \| ecoff* \| winnt* \| domain* \| vsta* \

1359	1364	\| powermax* \| dnix* \| nx6 \| nx7 \| sei* \| dragonfly* \
1360	1365	\| skyos* \| haiku* \| rdos* \| toppers* \| drops* \| es* \
1361	1366	\| onefs* \| tirtos* \| phoenix* \| fuchsia* \| redox* \| bme* \
1362		\| midnightbsd*)
	1367	\| midnightbsd* \| amdhsa* \| unleashed* \| emscripten* \| wasi* \
	1368	\| nsk* \| powerunix)
1363	1369	# Remember, each alternative MUST END IN *, to match a version number.
1364	1370	;;
1365	1371	qnx*)

1442	1448	;;
1443	1449	ns2)
1444	1450	os=nextstep2
1445		;;
1446		nsk*)
1447		os=nsk
1448	1451	;;
1449	1452	# Preserve the version number of sinix5.
1450	1453	sinix5.*)

+1

-1

src/config/pkg.m4 less more

180	180
181	181	_PKG_TEXT
182	182
183		To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
	183	To get pkg-config, see <https://www.freedesktop.org/wiki/Software/pkg-config/>.])[]dnl
184	184	])
185	185	else
186	186	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS

+14

-2

src/config/post.in less more

5	5	all:
6	6
7	7	check-windows:
	8
	9	# In a few parts of "make check" we run shell scripts which run
	10	# programs linked against krb5 libraries. On macOS 10.11 and higher,
	11	# DYLD_LIBRARY_PATH is cleared by the shell unless System Integrity
	12	# Protection is turned off, so we need to set runtime linker
	13	# environment variables from within test scripts. A Makefile.in which
	14	# runs shell script tests should make its check rule depend on
	15	# runenv.sh and make each script begin with ". ./runenv.sh".
	16	runenv.sh:
	17	$(RUN_SETUP); for i in $(RUN_VARS); do \
	18	eval echo "$$i=\\\"\$$$$i\\\""; \
	19	echo "export $$i"; done > $@
8	20
9	21	##############################
10	22	# dependency generation

155	167
156	168	clean-unix::
157	169	$(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES)
158		$(RM) et-[ch]-.et et-[ch]-.[ch] testlog testtrace
	170	$(RM) et-[ch]-.et et-[ch]-.[ch] testlog testtrace runenv.sh
159	171	-$(RM) -r testdir
160	172
161	173	clean-windows::

180	192	$(BUILDTOP)/config.status: $(top_srcdir)/configure
181	193	(cd $(BUILDTOP) && $(SHELL) config.status --recheck)
182	194	$(top_srcdir)/configure: @MAINT@ \
183		$(top_srcdir)/configure.in \
	195	$(top_srcdir)/configure.ac \
184	196	$(top_srcdir)/patchlevel.h \
185	197	$(top_srcdir)/aclocal.m4
186	198	(cd $(top_srcdir) && \

+300

-303

src/configure less more

0	0	#! /bin/sh
1	1	# Guess values for system-dependent variables and create Makefiles.
2		# Generated by GNU Autoconf 2.69 for Kerberos 5 1.17.
	2	# Generated by GNU Autoconf 2.69 for Kerberos 5 1.18.2.
3	3	#
4	4	# Report bugs to <krb5-bugs@mit.edu>.
5	5	#

583	583	# Identity of this package.
584	584	PACKAGE_NAME='Kerberos 5'
585	585	PACKAGE_TARNAME='krb5'
586		PACKAGE_VERSION='1.17'
587		PACKAGE_STRING='Kerberos 5 1.17'
	586	PACKAGE_VERSION='1.18.2'
	587	PACKAGE_STRING='Kerberos 5 1.18.2'
588	588	PACKAGE_BUGREPORT='krb5-bugs@mit.edu'
589	589	PACKAGE_URL=''
590	590

653	653	HAVE_CMOCKA
654	654	HAVE_PYTHON
655	655	PYTHON
	656	PYTHON_MINVERSION
656	657	HAVE_RUNTEST
657	658	LIBOBJS
658	659	PKINIT

669	670	PRIOCNTL_HACK
670	671	DO_ALL
671	672	EXPECT
672		PERL_PATH
673	673	S_TOP
674	674	RBUILD
675	675	DO_TEST

715	715	audit_plugin
716	716	AUDIT_IMPL_LIBS
717	717	AWK
	718	SECURE_GETENV_INIT
	719	SECURE_GETENV_ST_OBJ
	720	SECURE_GETENV_OBJ
718	721	PRINTF_ST_OBJ
719	722	PRINTF_OBJ
720	723	FNMATCH_ST_OBJ

900	903	with_crypto_impl
901	904	with_prng_alg
902	905	with_tls_impl
	906	with_keyutils
903	907	with_spake_openssl
904	908	enable_aesni
905	909	enable_kdc_lookaside_cache

1489	1493	# Omit some internal or obsolete options to make the list less imposing.
1490	1494	# This message is too long to be a string in the A/UX 3.1 sh.
1491	1495	cat <<_ACEOF
1492		\`configure' configures Kerberos 5 1.17 to adapt to many kinds of systems.
	1496	\`configure' configures Kerberos 5 1.18.2 to adapt to many kinds of systems.
1493	1497
1494	1498	Usage: $0 [OPTION]... [VAR=VALUE]...
1495	1499

1560	1564
1561	1565	if test -n "$ac_init_help"; then
1562	1566	case $ac_init_help in
1563		short \| recursive ) echo "Configuration of Kerberos 5 1.17:";;
	1567	short \| recursive ) echo "Configuration of Kerberos 5 1.18.2:";;
1564	1568	esac
1565	1569	cat <<\_ACEOF
1566	1570

1605	1609	--with-crypto-impl=IMPL use specified crypto implementation [builtin]
1606	1610	--with-prng-alg=ALG use specified PRNG algorithm. [fortuna]
1607	1611	--with-tls-impl=IMPL use specified TLS implementation [auto]
	1612	--without-keyutils do not link with libkeyutils
1608	1613	--with-spake-openssl use OpenSSL for SPAKE preauth [auto]
1609	1614	--with-lmdb compile LMDB database backend module [auto]
1610	1615	--without-libedit do not compile with libedit

1715	1720	test -n "$ac_init_help" && exit $ac_status
1716	1721	if $ac_init_version; then
1717	1722	cat <<\_ACEOF
1718		Kerberos 5 configure 1.17
	1723	Kerberos 5 configure 1.18.2
1719	1724	generated by GNU Autoconf 2.69
1720	1725
1721	1726	Copyright (C) 2012 Free Software Foundation, Inc.

2466	2471	This file contains any messages produced by compilers while
2467	2472	running configure, to aid debugging if configure makes a mistake.
2468	2473
2469		It was created by Kerberos 5 $as_me 1.17, which was
	2474	It was created by Kerberos 5 $as_me 1.18.2, which was
2470	2475	generated by GNU Autoconf 2.69. Invocation command line was
2471	2476
2472	2477	$ $0 $@

4403	4408	EGREP="$ac_cv_path_EGREP"
4404	4409
4405	4410
4406		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
4407		$as_echo_n "checking for ANSI C header files... " >&6; }
4408		if ${ac_cv_header_stdc+:} false; then :
4409		$as_echo_n "(cached) " >&6
4410		else
4411		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4412		/* end confdefs.h. */
4413		#include <stdlib.h>
4414		#include <stdarg.h>
4415		#include <string.h>
4416		#include <float.h>
4417
4418		int
4419		main ()
4420		{
4421
4422		;
4423		return 0;
4424		}
4425		_ACEOF
4426		if ac_fn_c_try_compile "$LINENO"; then :
4427		ac_cv_header_stdc=yes
4428		else
4429		ac_cv_header_stdc=no
4430		fi
4431		rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4432
4433		if test $ac_cv_header_stdc = yes; then
4434		# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
4435		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4436		/* end confdefs.h. */
4437		#include <string.h>
4438
4439		_ACEOF
4440		if (eval "$ac_cpp conftest.$ac_ext") 2>&5 \|
4441		$EGREP "memchr" >/dev/null 2>&1; then :
4442
4443		else
4444		ac_cv_header_stdc=no
4445		fi
4446		rm -f conftest*
4447
4448		fi
4449
4450		if test $ac_cv_header_stdc = yes; then
4451		# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
4452		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4453		/* end confdefs.h. */
4454		#include <stdlib.h>
4455
4456		_ACEOF
4457		if (eval "$ac_cpp conftest.$ac_ext") 2>&5 \|
4458		$EGREP "free" >/dev/null 2>&1; then :
4459
4460		else
4461		ac_cv_header_stdc=no
4462		fi
4463		rm -f conftest*
4464
4465		fi
4466
4467		if test $ac_cv_header_stdc = yes; then
4468		# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
4469		if test "$cross_compiling" = yes; then :
4470		:
4471		else
4472		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4473		/* end confdefs.h. */
4474		#include <ctype.h>
4475		#include <stdlib.h>
4476		#if ((' ' & 0x0FF) == 0x020)
4477		# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
4478		# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
4479		#else
4480		# define ISLOWER(c) \
4481		(('a' <= (c) && (c) <= 'i') \
4482		\|\| ('j' <= (c) && (c) <= 'r') \
4483		\|\| ('s' <= (c) && (c) <= 'z'))
4484		# define TOUPPER(c) (ISLOWER(c) ? ((c) \| 0x40) : (c))
4485		#endif
4486
4487		#define XOR(e, f) (((e) && !(f)) \|\| (!(e) && (f)))
4488		int
4489		main ()
4490		{
4491		int i;
4492		for (i = 0; i < 256; i++)
4493		if (XOR (islower (i), ISLOWER (i))
4494		\|\| toupper (i) != TOUPPER (i))
4495		return 2;
4496		return 0;
4497		}
4498		_ACEOF
4499		if ac_fn_c_try_run "$LINENO"; then :
4500
4501		else
4502		ac_cv_header_stdc=no
4503		fi
4504		rm -f core .core core.conftest. gmon.out bb.out conftest$ac_exeext \
4505		conftest.$ac_objext conftest.beam conftest.$ac_ext
4506		fi
4507
4508		fi
4509		fi
4510		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
4511		$as_echo "$ac_cv_header_stdc" >&6; }
4512		if test $ac_cv_header_stdc = yes; then
4513
4514		$as_echo "#define STDC_HEADERS 1" >>confdefs.h
4515
4516		fi
4517
4518		# On IRIX 5.3, sys/types and inttypes.h are conflicting.
4519		for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
4520		inttypes.h stdint.h unistd.h
4521		do :
4522		as_ac_Header=`$as_echo "ac_cv_header_$ac_header" \| $as_tr_sh`
4523		ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
4524		"
4525		if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
4526		cat >>confdefs.h <<_ACEOF
4527		#define `$as_echo "HAVE_$ac_header" \| $as_tr_cpp` 1
4528		_ACEOF
4529
4530		fi
4531
4532		done
4533
4534
4535	4411	EXTRA_FILES=""
4536	4412
4537	4413

6993	6869
6994	6870
6995	6871
6996		for ac_header in keyutils.h
6997		do :
6998		ac_fn_c_check_header_mongrel "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default"
6999		if test "x$ac_cv_header_keyutils_h" = xyes; then :
7000		cat >>confdefs.h <<_ACEOF
7001		#define HAVE_KEYUTILS_H 1
7002		_ACEOF
7003		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for add_key in -lkeyutils" >&5
7004		$as_echo_n "checking for add_key in -lkeyutils... " >&6; }
7005		if ${ac_cv_lib_keyutils_add_key+:} false; then :
7006		$as_echo_n "(cached) " >&6
7007		else
7008		ac_check_lib_save_LIBS=$LIBS
7009		LIBS="-lkeyutils $LIBS"
7010		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7011		/* end confdefs.h. */
7012
7013		/* Override any GCC internal prototype to avoid an error.
7014		Use char because int might match the return type of a GCC
7015		builtin and then its argument prototype would still apply. */
7016		#ifdef __cplusplus
7017		extern "C"
7018		#endif
7019		char add_key ();
7020		int
7021		main ()
7022		{
7023		return add_key ();
7024		;
7025		return 0;
7026		}
7027		_ACEOF
7028		if ac_fn_c_try_link "$LINENO"; then :
7029		ac_cv_lib_keyutils_add_key=yes
7030		else
7031		ac_cv_lib_keyutils_add_key=no
7032		fi
7033		rm -f core conftest.err conftest.$ac_objext \
7034		conftest$ac_exeext conftest.$ac_ext
7035		LIBS=$ac_check_lib_save_LIBS
7036		fi
7037		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_add_key" >&5
7038		$as_echo "$ac_cv_lib_keyutils_add_key" >&6; }
7039		if test "x$ac_cv_lib_keyutils_add_key" = xyes; then :
7040
7041		$as_echo "#define USE_KEYRING_CCACHE 1" >>confdefs.h
7042
7043		LIBS="-lkeyutils $LIBS"
7044
7045		fi
7046
7047		fi
7048
7049		done
7050
7051
7052
7053		for ac_header in keyutils.h
7054		do :
7055		ac_fn_c_check_header_mongrel "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default"
7056		if test "x$ac_cv_header_keyutils_h" = xyes; then :
7057		cat >>confdefs.h <<_ACEOF
7058		#define HAVE_KEYUTILS_H 1
7059		_ACEOF
7060		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for keyctl_get_persistent in -lkeyutils" >&5
7061		$as_echo_n "checking for keyctl_get_persistent in -lkeyutils... " >&6; }
7062		if ${ac_cv_lib_keyutils_keyctl_get_persistent+:} false; then :
7063		$as_echo_n "(cached) " >&6
7064		else
7065		ac_check_lib_save_LIBS=$LIBS
7066		LIBS="-lkeyutils $LIBS"
7067		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7068		/* end confdefs.h. */
7069
7070		/* Override any GCC internal prototype to avoid an error.
7071		Use char because int might match the return type of a GCC
7072		builtin and then its argument prototype would still apply. */
7073		#ifdef __cplusplus
7074		extern "C"
7075		#endif
7076		char keyctl_get_persistent ();
7077		int
7078		main ()
7079		{
7080		return keyctl_get_persistent ();
7081		;
7082		return 0;
7083		}
7084		_ACEOF
7085		if ac_fn_c_try_link "$LINENO"; then :
7086		ac_cv_lib_keyutils_keyctl_get_persistent=yes
7087		else
7088		ac_cv_lib_keyutils_keyctl_get_persistent=no
7089		fi
7090		rm -f core conftest.err conftest.$ac_objext \
7091		conftest$ac_exeext conftest.$ac_ext
7092		LIBS=$ac_check_lib_save_LIBS
7093		fi
7094		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_keyctl_get_persistent" >&5
7095		$as_echo "$ac_cv_lib_keyutils_keyctl_get_persistent" >&6; }
7096		if test "x$ac_cv_lib_keyutils_keyctl_get_persistent" = xyes; then :
7097
7098		$as_echo "#define HAVE_PERSISTENT_KEYRING 1" >>confdefs.h
7099
7100
7101		fi
7102
7103		fi
7104
7105		done
7106
7107
7108
7109		KRB5_VERSION=1.17
	6872	KRB5_VERSION=1.18.2
7110	6873
7111	6874
7112	6875

7232	6995	PKG_CONFIG=""
7233	6996	fi
7234	6997	fi
	6998
	6999	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
	7000	$as_echo_n "checking for ANSI C header files... " >&6; }
	7001	if ${ac_cv_header_stdc+:} false; then :
	7002	$as_echo_n "(cached) " >&6
	7003	else
	7004	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	7005	/* end confdefs.h. */
	7006	#include <stdlib.h>
	7007	#include <stdarg.h>
	7008	#include <string.h>
	7009	#include <float.h>
	7010
	7011	int
	7012	main ()
	7013	{
	7014
	7015	;
	7016	return 0;
	7017	}
	7018	_ACEOF
	7019	if ac_fn_c_try_compile "$LINENO"; then :
	7020	ac_cv_header_stdc=yes
	7021	else
	7022	ac_cv_header_stdc=no
	7023	fi
	7024	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
	7025
	7026	if test $ac_cv_header_stdc = yes; then
	7027	# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
	7028	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	7029	/* end confdefs.h. */
	7030	#include <string.h>
	7031
	7032	_ACEOF
	7033	if (eval "$ac_cpp conftest.$ac_ext") 2>&5 \|
	7034	$EGREP "memchr" >/dev/null 2>&1; then :
	7035
	7036	else
	7037	ac_cv_header_stdc=no
	7038	fi
	7039	rm -f conftest*
	7040
	7041	fi
	7042
	7043	if test $ac_cv_header_stdc = yes; then
	7044	# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
	7045	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	7046	/* end confdefs.h. */
	7047	#include <stdlib.h>
	7048
	7049	_ACEOF
	7050	if (eval "$ac_cpp conftest.$ac_ext") 2>&5 \|
	7051	$EGREP "free" >/dev/null 2>&1; then :
	7052
	7053	else
	7054	ac_cv_header_stdc=no
	7055	fi
	7056	rm -f conftest*
	7057
	7058	fi
	7059
	7060	if test $ac_cv_header_stdc = yes; then
	7061	# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
	7062	if test "$cross_compiling" = yes; then :
	7063	:
	7064	else
	7065	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	7066	/* end confdefs.h. */
	7067	#include <ctype.h>
	7068	#include <stdlib.h>
	7069	#if ((' ' & 0x0FF) == 0x020)
	7070	# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
	7071	# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
	7072	#else
	7073	# define ISLOWER(c) \
	7074	(('a' <= (c) && (c) <= 'i') \
	7075	\|\| ('j' <= (c) && (c) <= 'r') \
	7076	\|\| ('s' <= (c) && (c) <= 'z'))
	7077	# define TOUPPER(c) (ISLOWER(c) ? ((c) \| 0x40) : (c))
	7078	#endif
	7079
	7080	#define XOR(e, f) (((e) && !(f)) \|\| (!(e) && (f)))
	7081	int
	7082	main ()
	7083	{
	7084	int i;
	7085	for (i = 0; i < 256; i++)
	7086	if (XOR (islower (i), ISLOWER (i))
	7087	\|\| toupper (i) != TOUPPER (i))
	7088	return 2;
	7089	return 0;
	7090	}
	7091	_ACEOF
	7092	if ac_fn_c_try_run "$LINENO"; then :
	7093
	7094	else
	7095	ac_cv_header_stdc=no
	7096	fi
	7097	rm -f core .core core.conftest. gmon.out bb.out conftest$ac_exeext \
	7098	conftest.$ac_objext conftest.beam conftest.$ac_ext
	7099	fi
	7100
	7101	fi
	7102	fi
	7103	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
	7104	$as_echo "$ac_cv_header_stdc" >&6; }
	7105	if test $ac_cv_header_stdc = yes; then
	7106
	7107	$as_echo "#define STDC_HEADERS 1" >>confdefs.h
	7108
	7109	fi
	7110
	7111	# On IRIX 5.3, sys/types and inttypes.h are conflicting.
	7112	for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
	7113	inttypes.h stdint.h unistd.h
	7114	do :
	7115	as_ac_Header=`$as_echo "ac_cv_header_$ac_header" \| $as_tr_sh`
	7116	ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
	7117	"
	7118	if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
	7119	cat >>confdefs.h <<_ACEOF
	7120	#define `$as_echo "HAVE_$ac_header" \| $as_tr_cpp` 1
	7121	_ACEOF
	7122
	7123	fi
	7124
	7125	done
	7126
7235	7127
7236	7128	ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
7237	7129	if test "x$ac_cv_header_stdint_h" = xyes; then :

8684	8576
8685	8577
8686	8578	if test x"$MSGFMT" != x; then
	8579	ac_config_files="$ac_config_files po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in"
	8580
	8581
	8582
8687	8583	po=po
8688	8584	fi
8689	8585

8710	8606
8711	8607	done
8712	8608
8713		for ac_func in vsprintf vasprintf vsnprintf strlcpy fnmatch
	8609	for ac_func in vsprintf vasprintf vsnprintf strlcpy fnmatch secure_getenv
8714	8610	do :
8715	8611	as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh`
8716	8612	ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

8876	8772	$as_echo "#define NEED_SWAB_PROTO 1" >>confdefs.h
8877	8773
8878	8774	fi
	8775
	8776
	8777
	8778	ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
	8779	if test "x$ac_cv_func_secure_getenv" = xyes; then :
	8780	SECURE_GETENV_ST_OBJ=
	8781	SECURE_GETENV_OBJ=
	8782	SECURE_GETENV_INIT=
	8783	else
	8784	SECURE_GETENV_ST_OBJ=secure_getenv.o
	8785	SECURE_GETENV_OBJ='$(OUTPRE)secure_getenv.$(OBJEXT)'
	8786	SECURE_GETENV_INIT=k5_secure_getenv_init
	8787	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_secure_getenv"
	8788	fi
	8789
	8790
8879	8791
8880	8792
8881	8793

9414	9326
9415	9327
9416	9328
	9329
	9330	# Check whether --with-keyutils was given.
	9331	if test "${with_keyutils+set}" = set; then :
	9332	withval=$with_keyutils;
	9333	else
	9334	with_keyutils=check
	9335	fi
	9336
	9337	if test "$with_keyutils" != no; then
	9338	have_keyutils=false
	9339	for ac_header in keyutils.h
	9340	do :
	9341	ac_fn_c_check_header_mongrel "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default"
	9342	if test "x$ac_cv_header_keyutils_h" = xyes; then :
	9343	cat >>confdefs.h <<_ACEOF
	9344	#define HAVE_KEYUTILS_H 1
	9345	_ACEOF
	9346	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for add_key in -lkeyutils" >&5
	9347	$as_echo_n "checking for add_key in -lkeyutils... " >&6; }
	9348	if ${ac_cv_lib_keyutils_add_key+:} false; then :
	9349	$as_echo_n "(cached) " >&6
	9350	else
	9351	ac_check_lib_save_LIBS=$LIBS
	9352	LIBS="-lkeyutils $LIBS"
	9353	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	9354	/* end confdefs.h. */
	9355
	9356	/* Override any GCC internal prototype to avoid an error.
	9357	Use char because int might match the return type of a GCC
	9358	builtin and then its argument prototype would still apply. */
	9359	#ifdef __cplusplus
	9360	extern "C"
	9361	#endif
	9362	char add_key ();
	9363	int
	9364	main ()
	9365	{
	9366	return add_key ();
	9367	;
	9368	return 0;
	9369	}
	9370	_ACEOF
	9371	if ac_fn_c_try_link "$LINENO"; then :
	9372	ac_cv_lib_keyutils_add_key=yes
	9373	else
	9374	ac_cv_lib_keyutils_add_key=no
	9375	fi
	9376	rm -f core conftest.err conftest.$ac_objext \
	9377	conftest$ac_exeext conftest.$ac_ext
	9378	LIBS=$ac_check_lib_save_LIBS
	9379	fi
	9380	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_add_key" >&5
	9381	$as_echo "$ac_cv_lib_keyutils_add_key" >&6; }
	9382	if test "x$ac_cv_lib_keyutils_add_key" = xyes; then :
	9383	have_keyutils=true
	9384	fi
	9385
	9386	fi
	9387
	9388	done
	9389
	9390	if test "$have_keyutils" = true; then
	9391
	9392	$as_echo "#define USE_KEYRING_CCACHE 1" >>confdefs.h
	9393
	9394	LIBS="-lkeyutils $LIBS"
	9395	# If libkeyutils supports persistent keyrings, use them.
	9396	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for keyctl_get_persistent in -lkeyutils" >&5
	9397	$as_echo_n "checking for keyctl_get_persistent in -lkeyutils... " >&6; }
	9398	if ${ac_cv_lib_keyutils_keyctl_get_persistent+:} false; then :
	9399	$as_echo_n "(cached) " >&6
	9400	else
	9401	ac_check_lib_save_LIBS=$LIBS
	9402	LIBS="-lkeyutils $LIBS"
	9403	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	9404	/* end confdefs.h. */
	9405
	9406	/* Override any GCC internal prototype to avoid an error.
	9407	Use char because int might match the return type of a GCC
	9408	builtin and then its argument prototype would still apply. */
	9409	#ifdef __cplusplus
	9410	extern "C"
	9411	#endif
	9412	char keyctl_get_persistent ();
	9413	int
	9414	main ()
	9415	{
	9416	return keyctl_get_persistent ();
	9417	;
	9418	return 0;
	9419	}
	9420	_ACEOF
	9421	if ac_fn_c_try_link "$LINENO"; then :
	9422	ac_cv_lib_keyutils_keyctl_get_persistent=yes
	9423	else
	9424	ac_cv_lib_keyutils_keyctl_get_persistent=no
	9425	fi
	9426	rm -f core conftest.err conftest.$ac_objext \
	9427	conftest$ac_exeext conftest.$ac_ext
	9428	LIBS=$ac_check_lib_save_LIBS
	9429	fi
	9430	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_keyctl_get_persistent" >&5
	9431	$as_echo "$ac_cv_lib_keyutils_keyctl_get_persistent" >&6; }
	9432	if test "x$ac_cv_lib_keyutils_keyctl_get_persistent" = xyes; then :
	9433
	9434	$as_echo "#define HAVE_PERSISTENT_KEYRING 1" >>confdefs.h
	9435
	9436
	9437	fi
	9438
	9439	elif test "$with_keyutils" = yes; then
	9440	as_fn_error $? "libkeyutils not found" "$LINENO" 5
	9441	fi
	9442	fi
	9443
9417	9444	# The SPAKE preauth plugin currently supports edwards25519 natively,
9418	9445	# and can support three NIST groups using OpenSSL.
9419	9446	HAVE_SPAKE_OPENSSL=no

10144	10171
10145	10172	fi
10146	10173
10147		for ac_func in strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm
	10174	for ac_func in strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm explicit_bzero explicit_memset getresuid getresgid
10148	10175	do :
10149	10176	as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh`
10150	10177	ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

12383	12410
12384	12411
12385	12412	if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
12386		DO_TEST=ok
	12413	DO_TEST=ok
12387	12414	fi
12388	12415
12389	12416

12394	12421	/*) S_TOP=$srcdir ;;
12395	12422	*) S_TOP=`pwd`/$srcdir ;;
12396	12423	esac
12397
12398		# Extract the first word of "perl", so it can be a program name with args.
12399		set dummy perl; ac_word=$2
12400		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
12401		$as_echo_n "checking for $ac_word... " >&6; }
12402		if ${ac_cv_path_PERL_PATH+:} false; then :
12403		$as_echo_n "(cached) " >&6
12404		else
12405		case $PERL_PATH in
12406		[\\/]* \| ?:[\\/]*)
12407		ac_cv_path_PERL_PATH="$PERL_PATH" # Let the user override the test with a path.
12408		;;
12409		*)
12410		as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
12411		for as_dir in $PATH
12412		do
12413		IFS=$as_save_IFS
12414		test -z "$as_dir" && as_dir=.
12415		for ac_exec_ext in '' $ac_executable_extensions; do
12416		if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
12417		ac_cv_path_PERL_PATH="$as_dir/$ac_word$ac_exec_ext"
12418		$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
12419		break 2
12420		fi
12421		done
12422		done
12423		IFS=$as_save_IFS
12424
12425		;;
12426		esac
12427		fi
12428		PERL_PATH=$ac_cv_path_PERL_PATH
12429		if test -n "$PERL_PATH"; then
12430		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL_PATH" >&5
12431		$as_echo "$PERL_PATH" >&6; }
12432		else
12433		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12434		$as_echo "no" >&6; }
12435		fi
12436
12437	12424
12438	12425	# Extract the first word of "expect", so it can be a program name with args.
12439	12426	set dummy expect; ac_word=$2

12967	12954
12968	12955
12969	12956
	12957	ac_config_files="$ac_config_files tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in"
	12958
	12959
	12960
12970	12961	PKINIT=yes
12971	12962	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CMS_get0_content in -lcrypto" >&5
12972	12963	$as_echo_n "checking for CMS_get0_content in -lcrypto... " >&6; }

13046	13037	fi
13047	13038
13048	13039
13049		# For Python tests.
	13040	# For Python tests. Python version 3.2.4 is required as prior
	13041	# versions do not accept string input to subprocess.Popen.communicate
	13042	# when universal_newlines is set.
	13043	PYTHON_MINVERSION=3.2.4
	13044
13050	13045	# Extract the first word of "python3", so it can be a program name with args.
13051	13046	set dummy python3; ac_word=$2
13052	13047	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5

13084	13079	fi
13085	13080
13086	13081
13087		if text x"$PYTHON" = x; then
	13082	if test x"$PYTHON" = x; then
13088	13083	# Extract the first word of "python", so it can be a program name with args.
13089	13084	set dummy python; ac_word=$2
13090	13085	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5

13125	13120	fi
13126	13121	HAVE_PYTHON=no
13127	13122	if test x"$PYTHON" != x; then
13128		wantver="(sys.hexversion >= 0x3000000)"
	13123	wantver="(sys.hexversion >= 0x30204F0)"
13129	13124	if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
13130	13125	HAVE_PYTHON=yes
13131	13126	fi

13750	13745	$as_echo_n "(cached) " >&6
13751	13746	else
13752	13747	ac_check_lib_save_LIBS=$LIBS
13753		LIBS="-lreadline -lncurses $LIBS"
	13748	LIBS="-lreadline $LIBS"
13754	13749	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13755	13750	/* end confdefs.h. */
13756	13751

13786	13781
13787	13782	$as_echo "#define HAVE_READLINE 1" >>confdefs.h
13788	13783
13789		RL_LIBS='-lreadline -lhistory -lncurses'
	13784	RL_LIBS='-lreadline'
13790	13785	else
13791	13786	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Not using any readline support" >&5
13792	13787	$as_echo "Not using any readline support" >&6; }

14083	14078	ac_config_files="$ac_config_files doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in"
14084	14079	ac_config_files="$ac_config_files include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in"
14085	14080	ac_config_files="$ac_config_files plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in"
	14081	ac_config_files="$ac_config_files plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in"
14086	14082	ac_config_files="$ac_config_files plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in"
14087	14083	ac_config_files="$ac_config_files plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in"
14088	14084	ac_config_files="$ac_config_files plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in"

14143	14139	ac_config_files="$ac_config_files tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in"
14144	14140	ac_config_files="$ac_config_files tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in"
14145	14141	ac_config_files="$ac_config_files tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in"
14146		ac_config_files="$ac_config_files po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in"
14147	14142
14148	14143	cat >confcache <<\_ACEOF
14149	14144	# This file is a shell script that caches the results of configure

14651	14646	# report actual input values of CONFIG_FILES etc. instead of their
14652	14647	# values after options handling.
14653	14648	ac_log="
14654		This file was extended by Kerberos 5 $as_me 1.17, which was
	14649	This file was extended by Kerberos 5 $as_me 1.18.2, which was
14655	14650	generated by GNU Autoconf 2.69. Invocation command line was
14656	14651
14657	14652	CONFIG_FILES = $CONFIG_FILES

14717	14712	cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1
14718	14713	ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
14719	14714	ac_cs_version="\\
14720		Kerberos 5 config.status 1.17
	14715	Kerberos 5 config.status 1.18.2
14721	14716	configured by $0, generated by GNU Autoconf 2.69,
14722	14717	with options \\"\$ac_cs_config\\"
14723	14718

14846	14841	for ac_config_target in $ac_config_targets
14847	14842	do
14848	14843	case $ac_config_target in
	14844	"po/Makefile") CONFIG_FILES="$CONFIG_FILES po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in" ;;
14849	14845	"plugins/audit/simple/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in" ;;
14850	14846	"CRYPTO_IMPL") CONFIG_COMMANDS="$CONFIG_COMMANDS CRYPTO_IMPL" ;;
14851	14847	"PRNG_ALG") CONFIG_COMMANDS="$CONFIG_COMMANDS PRNG_ALG" ;;

14853	14849	"kadmin/testing/scripts/env-setup.sh") CONFIG_FILES="$CONFIG_FILES kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin" ;;
14854	14850	"include/gssrpc/types.h") CONFIG_FILES="$CONFIG_FILES include/gssrpc/types.h:include/gssrpc/types.hin" ;;
14855	14851	"plugins/preauth/pkinit/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in" ;;
	14852	"tests/softpkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in" ;;
14856	14853	"util/et/Makefile") CONFIG_FILES="$CONFIG_FILES util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in" ;;
14857	14854	"util/ss/Makefile") CONFIG_FILES="$CONFIG_FILES util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in" ;;
14858	14855	"plugins/kdb/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in" ;;

14920	14917	"doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in" ;;
14921	14918	"include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in" ;;
14922	14919	"plugins/certauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in" ;;
	14920	"plugins/gssapi/negoextest/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in" ;;
14923	14921	"plugins/hostrealm/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in" ;;
14924	14922	"plugins/localauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in" ;;
14925	14923	"plugins/kadm5_hook/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in" ;;

14980	14978	"tests/shlib/Makefile") CONFIG_FILES="$CONFIG_FILES tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in" ;;
14981	14979	"tests/gss-threads/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in" ;;
14982	14980	"tests/misc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in" ;;
14983		"po/Makefile") CONFIG_FILES="$CONFIG_FILES po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in" ;;
14984	14981
14985	14982	*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
14986	14983	esac

+1541

-0

src/configure.ac less more

	0	K5_AC_INIT([aclocal.m4])
	1
	2	# If $runstatedir isn't set by autoconf (<2.70), set it manually.
	3	if test x"$runstatedir" = x; then
	4	runstatedir=$localstatedir/run
	5	fi
	6	AC_SUBST(runstatedir)
	7
	8	# Don't make duplicate profile path entries for /etc/krb5.conf if
	9	# $sysconfdir is /etc
	10	if test "$sysconfdir" = /etc; then
	11	SYSCONFCONF=""
	12	else
	13	SYSCONFCONF=":${sysconfdir}/krb5.conf"
	14	fi
	15	AC_SUBST(SYSCONFCONF)
	16
	17	CONFIG_RULES
	18	KRB5_VERSION=K5_VERSION
	19	AC_SUBST(KRB5_VERSION)
	20
	21
	22	AC_REQUIRE_CPP
	23
	24	PKG_PROG_PKG_CONFIG
	25
	26	AC_CHECK_HEADER([stdint.h], [],
	27	[AC_MSG_ERROR([stdint.h is required])])
	28
	29	AC_CACHE_CHECK([whether integers are two's complement],
	30	[krb5_cv_ints_twos_compl],
	31	[AC_COMPILE_IFELSE(
	32	[AC_LANG_BOOL_COMPILE_TRY(
	33	[#include <limits.h>
	34	],
	35	[/* Basic two's complement check */
	36	~(-1) == 0 && ~(-1L) == 0L &&
	37	/* Check that values with sign bit 1 and value bits 0 are valid */
	38	-(INT_MIN + 1) == INT_MAX && -(LONG_MIN + 1) == LONG_MAX &&
	39	/* Check that unsigned-to-signed conversions preserve bit patterns */
	40	(int)((unsigned int)INT_MAX + 1) == INT_MIN &&
	41	(long)((unsigned long)LONG_MAX + 1) == LONG_MIN])],
	42	[krb5_cv_ints_twos_compl=yes],
	43	[krb5_cv_ints_twos_compl=no])])
	44
	45	if test "$krb5_cv_ints_twos_compl" = "no"; then
	46	AC_MSG_ERROR([integers are not two's complement])
	47	fi
	48
	49	AC_CACHE_CHECK([whether CHAR_BIT is 8],
	50	[krb5_cv_char_bit_8],
	51	[AC_PREPROC_IFELSE([AC_LANG_SOURCE(
	52	[[#include <limits.h>
	53	#if CHAR_BIT != 8
	54	#error CHAR_BIT != 8
	55	#endif
	56	]])],
	57	[krb5_cv_char_bit_8=yes], [krb5_cv_char_bit_8=no])])
	58
	59	if test "$krb5_cv_char_bit_8" = "no"; then
	60	AC_MSG_ERROR([CHAR_BIT is not 8])
	61	fi
	62
	63	AC_CACHE_CHECK(if va_copy is available, krb5_cv_va_copy,
	64	[AC_LINK_IFELSE([AC_LANG_SOURCE([
	65	#include <stdarg.h>
	66	void f(va_list ap) {
	67	va_list ap2;
	68	va_copy(ap2, ap);
	69	va_end(ap2);
	70	}
	71	va_list x;
	72	int main()
	73	{
	74	f(x);
	75	return 0;
	76	}])], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)])
	77	if test "$krb5_cv_va_copy" = yes; then
	78	AC_DEFINE(HAS_VA_COPY,1,[Define if va_copy macro or function is available.])
	79	fi
	80
	81	# Note that this isn't checking if the copied value works, just
	82	# whether the C language constraints permit the copying. If
	83	# va_list is defined as an array type, it can't be assigned.
	84	AC_CACHE_CHECK(if va_list objects can be copied by assignment,
	85	krb5_cv_va_simple_copy,
	86	[AC_COMPILE_IFELSE([
	87	AC_LANG_SOURCE([#include <stdarg.h>
	88	void f(va_list va2) {
	89	va_list va1;
	90	va1 = va2;
	91	}])], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)])
	92	if test "$krb5_cv_va_simple_copy" = yes; then
	93	AC_DEFINE(CAN_COPY_VA_LIST,1,[Define if va_list objects can be simply copied by assignment.])
	94	fi
	95
	96	# The following lines are so that configure --help gives some global
	97	# configuration options.
	98
	99	KRB5_LIB_AUX
	100	AC_KRB5_TCL
	101	AC_ARG_ENABLE([athena],
	102	[ --enable-athena build with MIT Project Athena configuration],,)
	103
	104	# Begin autoconf tests for the Makefiles generated out of the top-level
	105	# configure.in...
	106
	107	KRB5_BUILD_LIBOBJS
	108	KRB5_BUILD_LIBRARY
	109	KRB5_BUILD_PROGRAM
	110	# for kprop
	111	AC_TYPE_MODE_T
	112	AC_PROG_INSTALL
	113	KRB5_AC_NEED_DAEMON
	114	KRB5_GETSOCKNAME_ARGS
	115	KRB5_GETPEERNAME_ARGS
	116	LIBUTIL=
	117	AC_CHECK_LIB(util,main,[AC_DEFINE(HAVE_LIBUTIL,1,[Define if the util library is available])
	118	LIBUTIL=-lutil
	119	])
	120	AC_SUBST(LIBUTIL)
	121
	122	# Determine if NLS is desired and supported.
	123	po=
	124	AC_ARG_ENABLE([nls],
	125	AC_HELP_STRING([--disable-nls], [disable native language support]),
	126	[], [enable_nls=check])
	127	if test "$enable_nls" != no; then
	128	AC_CHECK_HEADER(libintl.h, [
	129	AC_SEARCH_LIBS(dgettext, intl, [
	130	AC_DEFINE(ENABLE_NLS, 1,
	131	[Define if translation functions should be used.])
	132	nls_enabled=yes])])
	133
	134	AC_CHECK_PROG(MSGFMT,msgfmt,msgfmt)
	135	if test x"$MSGFMT" != x; then
	136	K5_GEN_MAKEFILE(po)
	137	po=po
	138	fi
	139
	140	# Error out if --enable-nls was explicitly requested but can't be enabled.
	141	if test "$enable_nls" = yes; then
	142	if test "$nls_enabled" != yes -o "x$po" = x; then
	143	AC_MSG_ERROR([NLS support requested but cannot be built])
	144	fi
	145	fi
	146	fi
	147	AC_SUBST(po)
	148
	149	# for kdc
	150	AC_CHECK_HEADERS(sys/sockio.h ifaddrs.h unistd.h fnmatch.h)
	151	AC_CHECK_FUNCS(vsprintf vasprintf vsnprintf strlcpy fnmatch secure_getenv)
	152
	153	EXTRA_SUPPORT_SYMS=
	154	AC_CHECK_FUNC(strlcpy,
	155	[STRLCPY_ST_OBJ=
	156	STRLCPY_OBJ=],
	157	[STRLCPY_ST_OBJ=strlcpy.o
	158	STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)'
	159	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat"])
	160	AC_SUBST(STRLCPY_OBJ)
	161	AC_SUBST(STRLCPY_ST_OBJ)
	162
	163	AC_CHECK_FUNC(getopt,
	164	[GETOPT_ST_OBJ=
	165	GETOPT_OBJ=
	166	AC_DEFINE(HAVE_GETOPT, 1, [Define if system getopt should be used.])],
	167	[GETOPT_ST_OBJ='getopt.o'
	168	GETOPT_OBJ='$(OUTPRE)getopt.$(OBJEXT)'
	169	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_optind k5_optarg k5_opterr k5_optopt k5_getopt"])
	170	AC_SUBST(GETOPT_OBJ)
	171	AC_SUBST(GETOPT_ST_OBJ)
	172
	173	AC_CHECK_FUNC(getopt_long,
	174	[GETOPT_LONG_ST_OBJ=
	175	GETOPT_LONG_OBJ=
	176	AC_DEFINE(HAVE_GETOPT_LONG, 1, [Define if system getopt_long should be used.])],
	177	[GETOPT_LONG_ST_OBJ='getopt_long.o'
	178	GETOPT_LONG_OBJ='$(OUTPRE)getopt_long.$(OBJEXT)'
	179	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_getopt_long"])
	180	AC_SUBST(GETOPT_LONG_OBJ)
	181	AC_SUBST(GETOPT_LONG_ST_OBJ)
	182
	183	AC_CHECK_FUNC(fnmatch,
	184	[FNMATCH_ST_OBJ=
	185	FNMATCH_OBJ=],
	186	[FNMATCH_ST_OBJ=fnmatch.o
	187	FNMATCH_OBJ='$(OUTPRE)fnmatch.$(OBJEXT)'
	188	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_fnmatch"])
	189	AC_SUBST(FNMATCH_OBJ)
	190	AC_SUBST(FNMATCH_ST_OBJ)
	191
	192	AC_CHECK_FUNC(vasprintf,
	193	[PRINTF_ST_OBJ=
	194	PRINTF_OBJ=],
	195	[PRINTF_ST_OBJ=printf.o
	196	PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)'
	197	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf"])
	198	AC_SUBST(PRINTF_OBJ)
	199	AC_SUBST(PRINTF_ST_OBJ)
	200	KRB5_NEED_PROTO([#include <stdarg.h>
	201	#include <stdio.h>
	202	],vasprintf)
	203	KRB5_NEED_PROTO([#include <string.h>
	204	#ifdef HAVE_UNISTD_H
	205	#include <unistd.h>
	206	#endif
	207	/* Solaris 8 declares swab in stdlib.h. */
	208	#include <stdlib.h>
	209	],swab,1)
	210
	211	AC_CHECK_FUNC(secure_getenv,
	212	[SECURE_GETENV_ST_OBJ=
	213	SECURE_GETENV_OBJ=
	214	SECURE_GETENV_INIT=],
	215	[SECURE_GETENV_ST_OBJ=secure_getenv.o
	216	SECURE_GETENV_OBJ='$(OUTPRE)secure_getenv.$(OBJEXT)'
	217	SECURE_GETENV_INIT=k5_secure_getenv_init
	218	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_secure_getenv"])
	219	AC_SUBST(SECURE_GETENV_OBJ)
	220	AC_SUBST(SECURE_GETENV_ST_OBJ)
	221	AC_SUBST(SECURE_GETENV_INIT)
	222
	223	AC_PROG_AWK
	224	KRB5_AC_INET6
	225	KRB5_SOCKADDR_SA_LEN
	226	CHECK_SIGNALS
	227
	228	# --with-vague-errors disables useful error messages.
	229
	230	AC_ARG_WITH([vague-errors],
	231	AC_HELP_STRING([--with-vague-errors],[Do not @<:@do@:>@ send helpful errors to client]), , withval=no)
	232	if test "$withval" = yes; then
	233	AC_MSG_NOTICE(Supplying vague error messages to KDC clients)
	234	AC_DEFINE(KRBCONF_VAGUE_ERRORS,1,[Define if the KDC should return only vague error codes to clients])
	235	fi
	236
	237	# Check which (if any) audit plugin to build
	238	audit_plugin=""
	239	AC_ARG_ENABLE([audit-plugin],
	240	AC_HELP_STRING([--enable-audit-plugin=IMPL],
	241	[use audit plugin @<:@ do not use audit @:>@]), , enableval=no)
	242	if test "$enableval" != no; then
	243	case "$enableval" in
	244	simple)
	245	# if audit_log_user_message is found, we assume
	246	# that audit_open and audit_close are also defined.
	247	AC_CHECK_LIB(audit, audit_log_user_message,
	248	[AUDIT_IMPL_LIBS=-laudit
	249	K5_GEN_MAKEFILE(plugins/audit/simple)
	250	audit_plugin=plugins/audit/simple ],
	251	AC_MSG_ERROR([libaudit not found or undefined symbol audit_log_user_message]))
	252	;;
	253	*)
	254	AC_MSG_ERROR([Unknown audit plugin implementation $enableval.])
	255	;;
	256	esac
	257	fi
	258	AC_SUBST(AUDIT_IMPL_LIBS)
	259	AC_SUBST(audit_plugin)
	260
	261	# WITH_CRYPTO_IMPL
	262
	263	CRYPTO_IMPL="builtin"
	264	AC_ARG_WITH([crypto-impl],
	265	AC_HELP_STRING([--with-crypto-impl=IMPL], [use specified crypto implementation @<:@builtin@:>@]),
	266	[CRYPTO_IMPL=$withval
	267	AC_MSG_NOTICE(k5crypto will use '$withval')
	268	], withval=builtin)
	269	case "$withval" in
	270	builtin)
	271	;;
	272	openssl)
	273	AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
	274	;;
	275	*)
	276	AC_MSG_ERROR([Unknown crypto implementation $withval])
	277	;;
	278	esac
	279	AC_CONFIG_COMMANDS(CRYPTO_IMPL, , CRYPTO_IMPL=$CRYPTO_IMPL)
	280	AC_SUBST(CRYPTO_IMPL)
	281	AC_SUBST(CRYPTO_IMPL_CFLAGS)
	282	AC_SUBST(CRYPTO_IMPL_LIBS)
	283
	284	AC_ARG_WITH([prng-alg],
	285	AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]),
	286	[PRNG_ALG=$withval
	287	AC_MSG_NOTICE(k5crypto will use '$withval')
	288	], PRNG_ALG=fortuna)
	289	AC_CONFIG_COMMANDS(PRNG_ALG, , PRNG_ALG=$PRNG_ALG)
	290	AC_SUBST(PRNG_ALG)
	291	if test "$PRNG_ALG" = fortuna; then
	292	AC_DEFINE(FORTUNA,1,[Define if Fortuna PRNG is selected])
	293	fi
	294
	295	# WITH_TLS_IMPL
	296
	297	AC_ARG_WITH([tls-impl],
	298	AC_HELP_STRING([--with-tls-impl=IMPL],
	299	[use specified TLS implementation @<:@auto@:>@]),
	300	[TLS_IMPL=$withval],[TLS_IMPL=auto])
	301	case "$TLS_IMPL" in
	302	openssl\|auto)
	303	AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
	304	-lcrypto)
	305	AC_MSG_CHECKING([for OpenSSL])
	306	if test x$have_lib_ssl = xtrue ; then
	307	AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
	308	AC_MSG_RESULT([yes])
	309	TLS_IMPL_LIBS="-lssl -lcrypto"
	310	TLS_IMPL=openssl
	311	AC_MSG_NOTICE([TLS module will use OpenSSL])
	312	else
	313	if test "$TLS_IMPL" = openssl ; then
	314	AC_MSG_ERROR([OpenSSL not found!])
	315	else
	316	AC_MSG_WARN([OpenSSL not found!])
	317	fi
	318	TLS_IMPL=no
	319	AC_MSG_NOTICE(building without TLS support)
	320	fi
	321	;;
	322	no)
	323	AC_MSG_NOTICE(building without TLS support)
	324	;;
	325	*)
	326	AC_MSG_ERROR([Unsupported TLS implementation $withval])
	327	;;
	328	esac
	329
	330	if test "$TLS_IMPL" = no; then
	331	AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
	332	fi
	333
	334	AC_SUBST(TLS_IMPL)
	335	AC_SUBST(TLS_IMPL_CFLAGS)
	336	AC_SUBST(TLS_IMPL_LIBS)
	337
	338	AC_ARG_WITH([keyutils],
	339	AC_HELP_STRING([--without-keyutils],[do not link with libkeyutils]),
	340	[], [with_keyutils=check])
	341	if test "$with_keyutils" != no; then
	342	have_keyutils=false
	343	AC_CHECK_HEADERS([keyutils.h],
	344	AC_CHECK_LIB(keyutils, add_key, [have_keyutils=true]))
	345	if test "$have_keyutils" = true; then
	346	AC_DEFINE(USE_KEYRING_CCACHE, 1,
	347	[Define if the keyring ccache should be enabled])
	348	LIBS="-lkeyutils $LIBS"
	349	# If libkeyutils supports persistent keyrings, use them.
	350	AC_CHECK_LIB(keyutils, keyctl_get_persistent,
	351	[AC_DEFINE(HAVE_PERSISTENT_KEYRING, 1,
	352	[Define if persistent keyrings are supported])
	353	])
	354	elif test "$with_keyutils" = yes; then
	355	AC_MSG_ERROR([libkeyutils not found])
	356	fi
	357	fi
	358
	359	# The SPAKE preauth plugin currently supports edwards25519 natively,
	360	# and can support three NIST groups using OpenSSL.
	361	HAVE_SPAKE_OPENSSL=no
	362	AC_ARG_WITH([spake-openssl],
	363	AC_HELP_STRING([--with-spake-openssl],
	364	[use OpenSSL for SPAKE preauth @<:@auto@:>@]),,[withval=auto])
	365	if test "$withval" = auto -o "$withval" = yes; then
	366	AC_CHECK_LIB([crypto],[EC_POINT_new],[have_crypto=true],[have_crypto=false])
	367	if test "$have_crypto" = true; then
	368	AC_DEFINE(SPAKE_OPENSSL,1,[Define to use OpenSSL for SPAKE preauth])
	369	SPAKE_OPENSSL_LIBS=-lcrypto
	370	HAVE_SPAKE_OPENSSL=yes
	371	elif test "$withval" = yes; then
	372	AC_MSG_ERROR([OpenSSL libcrypto not found])
	373	fi
	374	fi
	375	AC_SUBST(HAVE_SPAKE_OPENSSL)
	376	AC_SUBST(SPAKE_OPENSSL_LIBS)
	377
	378	AC_ARG_ENABLE([aesni],
	379	AC_HELP_STRING([--disable-aesni],[Do not build with AES-NI support]), ,
	380	enable_aesni=check)
	381	if test "$CRYPTO_IMPL" = builtin -a "x$enable_aesni" != xno; then
	382	case "$host" in
	383	i686-*)
	384	aesni_obj=iaesx86.o
	385	aesni_machine=x86
	386	;;
	387	x86_64-*)
	388	aesni_obj=iaesx64.o
	389	aesni_machine=amd64
	390	;;
	391	esac
	392	case "$host" in
	393	--linux* \| --gnu* \| --bsd \| --solaris*)
	394	# All Unix-like platforms need -D__linux__ for iaesx64.s to
	395	# use the System V x86-64 calling convention.
	396	aesni_flags="-D__linux__ -f elf -m $aesni_machine"
	397	;;
	398	esac
	399	if test "x$aesni_obj" != x && test "x$aesni_flags" != x; then
	400	AC_CHECK_PROG(YASM,yasm,yasm)
	401	AC_CHECK_HEADERS(cpuid.h)
	402	if test x"$YASM" != x -a "x$ac_cv_header_cpuid_h" = xyes; then
	403	AESNI_OBJ=$aesni_obj
	404	AESNI_FLAGS=$aesni_flags
	405	AC_DEFINE(AESNI,1,[Define if AES-NI support is enabled])
	406	AC_MSG_NOTICE([Building with AES-NI support])
	407	fi
	408	fi
	409	if test "x$enable_aesni" = xyes -a "x$AESNI_OBJ" = x; then
	410	AC_MSG_ERROR([AES-NI support requested but cannot be built])
	411	fi
	412	fi
	413	AC_SUBST(AESNI_OBJ)
	414	AC_SUBST(AESNI_FLAGS)
	415
	416	AC_ARG_ENABLE([kdc-lookaside-cache],
	417	AC_HELP_STRING([--disable-kdc-lookaside-cache],
	418	[Disable the cache which detects client retransmits]), ,
	419	enableval=yes)
	420	if test "$enableval" = no ; then
	421	AC_DEFINE(NOCACHE,1,[Define if the KDC should use no lookaside cache])
	422	fi
	423	KRB5_RUN_FLAGS
	424
	425	# asan is a gcc and clang facility to instrument the code with memory
	426	# error checking. To use it, we compile C and C++ source files with
	427	# -fsanitize=address, and set ASAN=yes to suppress the undefined
	428	# symbols check when building shared libraries.
	429	AC_ARG_ENABLE([asan],
	430	AC_HELP_STRING([--enable-asan],[Build with asan memory checking]),[],
	431	[enable_asan=no])
	432	if test "$enable_asan" != no; then
	433	if test "$enable_asan" = yes; then
	434	enable_asan=address
	435	fi
	436	ASAN_FLAGS="$DEFS -fsanitize=$enable_asan"
	437	ASAN=yes
	438	UNDEF_CHECK=
	439	else
	440	ASAN_FLAGS=
	441	ASAN=no
	442	fi
	443	AC_SUBST(ASAN_FLAGS)
	444	AC_SUBST(ASAN)
	445
	446	AC_TYPE_SIGNAL
	447
	448	# from old include/configure.in
	449	AH_TEMPLATE([HAVE_STRUCT_SOCKADDR_STORAGE],
	450	[Define if "struct sockaddr_storage" is available.])
	451
	452	AC_CONFIG_HEADERS(include/autoconf.h, [echo timestamp > include/autoconf.stamp])
	453	AC_PROG_LEX
	454	AC_C_CONST
	455	AC_HEADER_DIRENT
	456	AC_FUNC_STRERROR_R
	457	AC_CHECK_FUNCS(strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm explicit_bzero explicit_memset getresuid getresgid)
	458
	459	AC_CHECK_FUNC(mkstemp,
	460	[MKSTEMP_ST_OBJ=
	461	MKSTEMP_OBJ=],
	462	[MKSTEMP_ST_OBJ='mkstemp.o'
	463	MKSTEMP_OBJ='$(OUTPRE)mkstemp.$(OBJEXT)'
	464	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_mkstemp"])
	465	AC_SUBST(MKSTEMP_OBJ)
	466	AC_SUBST(MKSTEMP_ST_OBJ)
	467
	468	AC_CHECK_FUNC(gettimeofday,
	469	[GETTIMEOFDAY_ST_OBJ=
	470	GETTIMEOFDAY_OBJ=
	471	AC_DEFINE(HAVE_GETTIMEOFDAY, 1, [Have the gettimeofday function])
	472	],
	473	[GETTIMEOFDAY_ST_OBJ='gettimeofday.o'
	474	GETTIMEOFDAY_OBJ='$(OUTPRE)gettimeofday.$(OBJEXT)'
	475	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_gettimeofday"])
	476	AC_SUBST(GETTIMEOFDAY_OBJ)
	477	AC_SUBST(GETTIMEOFDAY_ST_OBJ)
	478	AC_SUBST(EXTRA_SUPPORT_SYMS)
	479
	480	DECLARE_SYS_ERRLIST
	481	AC_CHECK_HEADERS(unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h)
	482	AC_CHECK_HEADER(regexp.h, [], [],
	483	[#define INIT char *sp = instring;
	484	#define GETC() (*sp++)
	485	#define PEEKC() (*sp)
	486	#define UNGETC(c) (--sp)
	487	#define RETURN(c) return(c)
	488	#define ERROR(c)
	489	])
	490	AC_CHECK_MEMBERS([struct stat.st_mtimensec,struct stat.st_mtimespec.tv_nsec,struct stat.st_mtim.tv_nsec],,,[#include <sys/types.h>
	491	#include <sys/stat.h>])
	492	KRB5_AC_REGEX_FUNCS
	493	AC_TYPE_OFF_T
	494
	495	# Fancy caching of perror result...
	496	AC_MSG_CHECKING(for perror declaration)
	497	AC_CACHE_VAL(krb5_cv_decl_perror,
	498	[AC_EGREP_HEADER(perror, errno.h,
	499	krb5_cv_decl_perror=yes, krb5_cv_decl_perror=no)])
	500	AC_MSG_RESULT($krb5_cv_decl_perror)
	501	if test $krb5_cv_decl_perror = yes; then
	502	AC_DEFINE(HDR_HAS_PERROR,1,[Define if errno.h declares perror])
	503	fi
	504
	505	KRB5_NEED_PROTO([#include <time.h>],strptime)
	506	CHECK_WAIT_TYPE
	507	CHECK_SIGPROCMASK
	508	AC_TYPE_GETGROUPS
	509	CHECK_SETJMP
	510
	511	# *rpcent return types needed for lib/rpc
	512
	513	AC_MSG_CHECKING([return type of setrpcent])
	514	AC_CACHE_VAL(k5_cv_type_setrpcent,
	515	[AC_TRY_COMPILE([#include <netdb.h>
	516	#ifdef __cplusplus
	517	extern "C"
	518	#endif
	519	extern void setrpcent();],
	520	[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])
	521	AC_MSG_RESULT($k5_cv_type_setrpcent)
	522	AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
	523
	524	AC_MSG_CHECKING([return type of endrpcent])
	525	AC_CACHE_VAL(k5_cv_type_endrpcent,
	526	[AC_TRY_COMPILE([#include <netdb.h>
	527	#ifdef __cplusplus
	528	extern "C"
	529	#endif
	530	extern void endrpcent();],
	531	[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])
	532	AC_MSG_RESULT($k5_cv_type_endrpcent)
	533	AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
	534
	535
	536	# bswap_16 is a macro in byteswap.h under GNU libc
	537	AC_MSG_CHECKING(for bswap_16)
	538	AC_CACHE_VAL(krb5_cv_bswap_16,[
	539	AC_TRY_LINK([#if HAVE_BYTESWAP_H
	540	#include <byteswap.h>
	541	#endif],[bswap_16(37);],krb5_cv_bswap_16=yes,krb5_cv_bswap_16=no)])
	542	AC_MSG_RESULT($krb5_cv_bswap_16)
	543	if test "$krb5_cv_bswap_16" = yes; then
	544	AC_DEFINE(HAVE_BSWAP_16,1,[Define to 1 if bswap_16 is available via byteswap.h])
	545	fi
	546	AC_MSG_CHECKING(for bswap_64)
	547	AC_CACHE_VAL(krb5_cv_bswap_64,[
	548	AC_TRY_LINK([#if HAVE_BYTESWAP_H
	549	#include <byteswap.h>
	550	#endif],[bswap_64(37);],krb5_cv_bswap_64=yes,krb5_cv_bswap_64=no)])
	551	AC_MSG_RESULT($krb5_cv_bswap_64)
	552	if test "$krb5_cv_bswap_64" = yes; then
	553	AC_DEFINE(HAVE_BSWAP_64,1,[Define to 1 if bswap_64 is available via byteswap.h])
	554	fi
	555
	556	# Needed for ksu and some appl stuff.
	557
	558	case $krb5_cv_host in
	559	alpha-dec-osf)
	560	AC_CHECK_LIB(security,setluid,
	561	AC_DEFINE(HAVE_SETLUID,1,[Define if setluid provided in OSF/1 security library])
	562	KSU_LIBS="-lsecurity"
	563	)
	564	;;
	565	esac
	566	AC_SUBST(KSU_LIBS)
	567
	568	if test $ac_cv_func_setenv = no \|\| test $ac_cv_func_unsetenv = no \
	569	\|\| test $ac_cv_func_getenv = no; then
	570	SETENVOBJ=setenv.o
	571	else
	572	SETENVOBJ=
	573	fi
	574	AC_SUBST(SETENVOBJ)
	575
	576	# Check what the return types for gethostbyname_r and getservbyname_r are.
	577
	578	AC_CHECK_FUNC(gethostbyname_r,[
	579	ac_cv_func_gethostbyname_r=yes
	580	if test "$ac_cv_func_gethostbyname_r" = yes; then
	581	AC_MSG_CHECKING([if gethostbyname_r returns an int])
	582	AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_int,
	583	[AC_TRY_COMPILE([#include <netdb.h>
	584	extern int gethostbyname_r ();], [1;],
	585	krb5_cv_gethostbyname_r_returns_int=yes,
	586	krb5_cv_gethostbyname_r_returns_int=no)])
	587	AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_int)
	588
	589	AC_MSG_CHECKING([if gethostbyname_r returns a pointer])
	590	AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_ptr,
	591	[AC_TRY_COMPILE([#include <netdb.h>
	592	extern struct hostent *gethostbyname_r ();], [1;],
	593	krb5_cv_gethostbyname_r_returns_ptr=yes,
	594	krb5_cv_gethostbyname_r_returns_ptr=no)])
	595	AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_ptr)
	596
	597	if test "$krb5_cv_gethostbyname_r_returns_int" = "$krb5_cv_gethostbyname_r_returns_ptr"; then
	598	AC_MSG_WARN(cannot determine return type of gethostbyname_r -- disabling)
	599	ac_cv_func_gethostbyname_r=no
	600	fi
	601	if test "$krb5_cv_gethostbyname_r_returns_int" = yes; then
	602	AC_DEFINE(GETHOSTBYNAME_R_RETURNS_INT, 1, [Define if gethostbyname_r returns int rather than struct hostent * ])
	603	fi
	604	fi
	605	if test "$ac_cv_func_gethostbyname_r" = yes; then
	606	AC_DEFINE(HAVE_GETHOSTBYNAME_R, 1, [Define if gethostbyname_r exists and its return type is known])
	607	AC_CHECK_FUNC(gethostbyaddr_r)
	608	fi
	609	])
	610
	611
	612	# PTHREAD_CFLAGS changes which variant of these functions is declared
	613	# on Solaris 11, so use it for these tests.
	614	old_CFLAGS=$CFLAGS
	615	CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
	616	AC_CHECK_FUNC(getpwnam_r,ac_cv_func_getpwnam_r=yes,ac_cv_func_getpwnam_r=no)
	617	AC_CHECK_FUNC(getpwuid_r,ac_cv_func_getpwuid_r=yes,ac_cv_func_getpwuid_r=no)
	618	if test "$ac_cv_func_getpwnam_r" = yes; then
	619	AC_MSG_CHECKING([return type of getpwnam_r])
	620	AC_CACHE_VAL(krb5_cv_getpwnam_r_return_type,
	621	[AC_TRY_COMPILE([#include <pwd.h>
	622	extern int getpwnam_r();], [1;],
	623	getpwnam_r_returns_int=yes,getpwnam_r_returns_int=no)
	624	AC_TRY_COMPILE([#include <pwd.h>
	625	extern struct passwd *getpwnam_r();], [1;],
	626	getpwnam_r_returns_ptr=yes,getpwnam_r_returns_ptr=no)
	627	case "$getpwnam_r_returns_int/$getpwnam_r_returns_ptr" in
	628	yes/no) krb5_cv_getpwnam_r_return_type=int ;;
	629	no/yes) krb5_cv_getpwnam_r_return_type=ptr ;;
	630	*) krb5_cv_getpwnam_r_return_type=unknown ;;
	631	esac])
	632	AC_MSG_RESULT($krb5_cv_getpwnam_r_return_type)
	633	if test $krb5_cv_getpwnam_r_return_type = int; then
	634	AC_DEFINE(GETPWNAM_R_RETURNS_INT, 1, [Define if getpwnam_r returns an int])
	635	elif test $krb5_cv_getpwnam_r_return_type = unknown; then
	636	AC_MSG_WARN([Cannot determine getpwnam_r return type, disabling getpwnam_r])
	637	ac_cv_func_getpwnam_r=no
	638	fi
	639	fi
	640	if test "$ac_cv_func_getpwnam_r" = yes; then
	641	AC_MSG_CHECKING([number of arguments to getpwnam_r])
	642	AC_CACHE_VAL(krb5_cv_getpwnam_r_args,
	643	[AC_TRY_COMPILE([#include <pwd.h>
	644	struct passwd pwx; char buf[1024];],
	645	[getpwnam_r("", &pwx, buf, sizeof(buf));], args4=yes, args4=no)
	646	AC_TRY_COMPILE([#include <pwd.h>
	647	struct passwd pwx, *p; char buf[1024];],
	648	[getpwnam_r("", &pwx, buf, sizeof(buf), &p);], args5=yes, args5=no)
	649	case $args4/$args5 in
	650	yes/no) krb5_cv_getpwnam_r_args=4 ;;
	651	no/yes) krb5_cv_getpwnam_r_args=5 ;;
	652	*) krb5_cv_getpwnam_r_args=unknown ;;
	653	esac])
	654	AC_MSG_RESULT($krb5_cv_getpwnam_r_args)
	655	if test "$krb5_cv_getpwnam_r_args" = unknown; then
	656	AC_MSG_WARN([Cannot determine number of arguments to getpwnam_r, disabling its use.])
	657	ac_cv_func_getpwnam_r=no
	658	else
	659	AC_DEFINE(HAVE_GETPWNAM_R,1,[Define if getpwnam_r is available and useful.])
	660	if test "$krb5_cv_getpwnam_r_args" = 4; then
	661	AC_DEFINE(GETPWNAM_R_4_ARGS,1,[Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
	662	fi
	663	fi
	664	fi
	665	CFLAGS=$old_CFLAGS
	666
	667	if test "$ac_cv_func_getpwnam_r" = no && test "$ac_cv_func_getpwuid_r" = yes; then
	668	# Actually, we could do this check, and the corresponding checks
	669	# for return type and number of arguments, but I doubt we'll run
	670	# into a system where we'd get to use getpwuid_r but not getpwnam_r.
	671	AC_MSG_NOTICE([getpwnam_r not useful, so disabling getpwuid_r too])
	672	ac_cv_func_getpwuid_r=no
	673	fi
	674	if test "$ac_cv_func_getpwuid_r" = yes; then
	675	AC_DEFINE(HAVE_GETPWUID_R,1,[Define if getpwuid_r is available and useful.])
	676	# Hack: Assume getpwuid_r is the shorter form if getpwnam_r is.
	677	if test "$krb5_cv_getpwnam_r_args" = 4; then
	678	AC_DEFINE(GETPWUID_R_4_ARGS,1,[Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
	679	fi
	680	fi
	681
	682	if test "$ac_cv_func_gmtime_r" = yes; then
	683	AC_MSG_CHECKING([whether gmtime_r returns int])
	684	AC_CACHE_VAL(krb5_cv_gmtime_r_returns_int,
	685	[AC_TRY_COMPILE([#include <time.h>
	686	extern int gmtime_r ();], [1;], return_int=yes, return_int=no)
	687	AC_TRY_COMPILE([#include <time.h>
	688	extern struct tm *gmtime_r ();], [1;], return_ptr=yes, return_ptr=no)
	689	case $return_int/$return_ptr in
	690	yes/no) krb5_cv_gmtime_r_returns_int=yes ;;
	691	no/yes) krb5_cv_gmtime_r_returns_int=no ;;
	692	*) # Can't figure it out, punt the function.
	693	ac_cv_func_gmtime_r=no ;;
	694	esac])
	695	if test "$ac_cv_func_gmtime_r" = no; then
	696	AC_MSG_RESULT(unknown -- ignoring gmtime_r)
	697	else
	698	AC_MSG_RESULT($krb5_cv_gmtime_r_returns_int)
	699	if test "$krb5_cv_gmtime_r_returns_int" = yes; then
	700	AC_DEFINE(GMTIME_R_RETURNS_INT,1,[Define if gmtime_r returns int instead of struct tm pointer, as on old HP-UX systems.])
	701	fi
	702	fi
	703	fi
	704
	705	AC_CHECK_FUNC(getservbyname_r,[
	706	ac_cv_func_getservbyname_r=yes
	707	if test "$ac_cv_func_getservbyname_r" = yes; then
	708	AC_MSG_CHECKING([if getservbyname_r returns an int])
	709	AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_int,
	710	[AC_TRY_COMPILE([#include <netdb.h>
	711	extern int getservbyname_r ();], [1;],
	712	krb5_cv_getservbyname_r_returns_int=yes,
	713	krb5_cv_getservbyname_r_returns_int=no)])
	714	AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_int)
	715
	716	AC_MSG_CHECKING([if getservbyname_r returns a pointer])
	717	AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_ptr,
	718	[AC_TRY_COMPILE([#include <netdb.h>
	719	extern struct servent *getservbyname_r ();], [1;],
	720	krb5_cv_getservbyname_r_returns_ptr=yes,
	721	krb5_cv_getservbyname_r_returns_ptr=no)])
	722	AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_ptr)
	723
	724	if test "$krb5_cv_getservbyname_r_returns_int" = "$krb5_cv_getservbyname_r_returns_ptr"; then
	725	AC_MSG_WARN(cannot determine return type of getservbyname_r -- disabling)
	726	ac_cv_func_getservbyname_r=no
	727	fi
	728	if test "$krb5_cv_getservbyname_r_returns_int" = yes; then
	729	AC_DEFINE(GETSERVBYNAME_R_RETURNS_INT, 1, [Define if getservbyname_r returns int rather than struct servent * ])
	730	fi
	731	fi
	732	if test "$ac_cv_func_getservbyname_r" = yes; then
	733	AC_DEFINE(HAVE_GETSERVBYNAME_R, 1, [Define if getservbyname_r exists and its return type is known])
	734	AC_CHECK_FUNC(getservbyport_r)
	735	fi
	736	])
	737
	738	HAVE_YYLINENO
	739	CHECK_DIRENT
	740	AC_TYPE_UID_T
	741
	742	AC_CHECK_HEADER(termios.h,
	743	[AC_CHECK_FUNC([tcsetattr],
	744	AC_DEFINE(POSIX_TERMIOS,1,[Define if termios.h exists and tcsetattr exists]))])
	745
	746	KRB5_SIGTYPE
	747	AC_CHECK_HEADERS(poll.h stdlib.h string.h stddef.h sys/types.h sys/file.h sys/param.h sys/stat.h sys/time.h netinet/in.h sys/uio.h sys/filio.h sys/select.h time.h paths.h errno.h)
	748
	749	# If compiling with IPv6 support, test if in6addr_any functions.
	750	# Irix 6.5.16 defines it, but lacks support in the C library.
	751	if test $krb5_cv_inet6 = yes \|\| test "$krb5_cv_inet6_with_dinet6" = yes ; then
	752	AC_CACHE_CHECK([for in6addr_any definition in library],
	753	krb5_cv_var_in6addr_any,
	754	[AC_TRY_LINK([
	755	#ifdef HAVE_SYS_TYPES_H
	756	#include <sys/types.h>
	757	#endif
	758	#include <sys/socket.h>
	759	#include <netinet/in.h>
	760	#include <netdb.h>
	761	],[
	762	struct sockaddr_in6 in;
	763	in.sin6_addr = in6addr_any;
	764	printf("%x", &in);
	765	],krb5_cv_var_in6addr_any=yes, krb5_cv_var_in6addr_any=no)])
	766	if test $krb5_cv_var_in6addr_any = no; then
	767	AC_DEFINE(NEED_INSIXADDR_ANY,1,[Define if in6addr_any is not defined in libc])
	768	fi
	769	fi
	770
	771	# then from osconf.h, we have
	772
	773	AC_HEADER_TIME
	774	AC_CHECK_TYPE(time_t, long)
	775	AC_CHECK_SIZEOF(time_t)
	776	SIZEOF_TIME_T=$ac_cv_sizeof_time_t
	777	AC_SUBST(SIZEOF_TIME_T)
	778
	779	# Determine where to put the replay cache.
	780
	781	AC_MSG_CHECKING([for replay cache directory])
	782	AC_CACHE_VAL(krb5_cv_sys_rcdir,
	783	[
	784	if test $cross_compiling = yes; then
	785	krb5_cv_sys_rcdir=/var/tmp
	786	else
	787	for t_dir in /var/tmp /usr/tmp /var/usr/tmp /tmp ; do
	788	test -d $t_dir \|\| continue
	789	krb5_cv_sys_rcdir=$t_dir
	790	break
	791	done
	792	fi])
	793	AC_MSG_RESULT($krb5_cv_sys_rcdir)
	794	KRB5_RCTMPDIR=$krb5_cv_sys_rcdir
	795	AC_SUBST(KRB5_RCTMPDIR)
	796
	797
	798	AC_MSG_CHECKING(for socklen_t)
	799	AC_CACHE_VAL(krb5_cv_has_type_socklen_t,
	800	[AC_TRY_COMPILE(
	801	[#include <sys/types.h>
	802	#include <sys/socket.h>
	803	],[sizeof (socklen_t);],
	804	krb5_cv_has_type_socklen_t=yes,krb5_cv_has_type_socklen_t=no)])
	805	AC_MSG_RESULT($krb5_cv_has_type_socklen_t)
	806	if test $krb5_cv_has_type_socklen_t = yes; then
	807	AC_DEFINE(HAVE_SOCKLEN_T,1,[Define if there is a socklen_t type. If not, probably use size_t])
	808	fi
	809
	810	AC_MSG_CHECKING(for struct lifconf)
	811	AC_CACHE_VAL(krb5_cv_has_struct_lifconf,
	812	[AC_TRY_COMPILE(
	813	[#include <sys/socket.h>
	814	#include <net/if.h>
	815	],[sizeof (struct lifconf);],
	816	krb5_cv_has_struct_lifconf=yes,krb5_cv_has_struct_lifconf=no)])
	817	AC_MSG_RESULT($krb5_cv_has_struct_lifconf)
	818	if test $krb5_cv_has_struct_lifconf = yes; then
	819	AC_DEFINE(HAVE_STRUCT_LIFCONF,1,[Define if there is a struct lifconf.])
	820	fi
	821	# HP-UX 11 uses stuct if_laddrconf
	822	AC_MSG_CHECKING(for struct if_laddrconf)
	823	AC_CACHE_VAL(krb5_cv_has_struct_if_laddrconf,
	824	[AC_TRY_COMPILE(
	825	[#include <sys/socket.h>
	826	#include <net/if.h>
	827	#include <net/if6.h>
	828	],[sizeof (struct if_laddrconf);],
	829	krb5_cv_has_struct_if_laddrconf=yes,krb5_cv_has_struct_if_laddrconf=no)])
	830	AC_MSG_RESULT($krb5_cv_has_struct_if_laddrconf)
	831	if test $krb5_cv_has_struct_if_laddrconf = yes; then
	832	AC_DEFINE(HAVE_STRUCT_IF_LADDRCONF,1,[Define if there is a struct if_laddrconf.])
	833	fi
	834
	835
	836	AC_MSG_CHECKING([for h_errno in netdb.h])
	837	AC_CACHE_VAL(krb5_cv_header_netdb_h_h_errno,
	838	[AC_TRY_COMPILE(
	839	[#include <netdb.h>],
	840	[int x = h_errno;], krb5_cv_header_netdb_h_h_errno=yes,
	841	krb5_cv_header_netdb_h_h_errno=no)])
	842	AC_MSG_RESULT($krb5_cv_header_netdb_h_h_errno)
	843	if test $krb5_cv_header_netdb_h_h_errno = yes; then
	844	AC_DEFINE([HAVE_NETDB_H_H_ERRNO], 1,
	845	[Define if netdb.h declares h_errno])
	846	fi
	847
	848
	849	AC_ARG_ENABLE([athena],
	850	[ --enable-athena build with MIT Project Athena configuration],
	851	AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
	852
	853
	854	AC_C_INLINE
	855	AH_TOP([
	856	#ifndef KRB5_AUTOCONF_H
	857	#define KRB5_AUTOCONF_H
	858	])
	859	AH_BOTTOM([
	860	#if defined(__GNUC__) && !defined(inline)
	861	/* Silence gcc pedantic warnings about ANSI C. */
	862	# define inline __inline__
	863	#endif
	864	#endif /* KRB5_AUTOCONF_H */
	865	])
	866
	867	AC_CHECK_TYPES([struct cmsghdr, struct in_pktinfo, struct in6_pktinfo, struct sockaddr_storage], , , [
	868	#include <sys/types.h>
	869	#include <sys/socket.h>
	870	#include <netinet/in.h>
	871	])
	872	AC_CHECK_TYPES([struct rt_msghdr], , , [
	873	#include <sys/socket.h>
	874	#include <net/if.h>
	875	#include <net/route.h>
	876	])
	877
	878	# Tests for 64-bit edwards25519 code.
	879	AC_CHECK_SIZEOF([size_t])
	880	AC_CHECK_TYPES([__int128_t, __uint128_t])
	881
	882	# stuff for util/profile
	883
	884	# AC_KRB5_TCL already done
	885	DO_TCL=
	886	test "$TCL_LIBS" != "" && DO_TCL=ok
	887	AC_SUBST(DO_TCL)
	888
	889	# types libdb2 wants
	890
	891	AC_CHECK_TYPES([ssize_t, u_char, u_int, u_long, u_int8_t, u_int16_t, u_int32_t, int8_t, int16_t, int32_t])
	892
	893	# Some libdb2 test programs want a shell that supports functions.
	894	FCTSH=false
	895	AC_PATH_PROG(SH,sh,false)
	896	AC_PATH_PROG(SH5,sh5,false)
	897	AC_PATH_PROG(BASH,bash,false)
	898	for prog in $SH $SH5 $BASH; do
	899	AC_MSG_CHECKING(if $prog supports functions)
	900	if $prog -c 'foo() { true; }; foo' >/dev/null 2>&1; then
	901	AC_MSG_RESULT(yes)
	902	FCTSH=$prog
	903	break
	904	else
	905	AC_MSG_RESULT(no)
	906	fi
	907	done
	908	AC_SUBST(FCTSH)
	909
	910	# Test for POSIX 2001 *printf support (X/Open System Interfaces extension
	911	# to ANSI/ISO C 1999 specification). Specifically, positional
	912	# specifications; not checking for other features like %zx at present.
	913	AC_MSG_CHECKING(for POSIX printf positional specification support)
	914	AC_CACHE_VAL(ac_cv_printf_positional,[
	915	AC_TRY_RUN([
	916	#include <stdio.h>
	917	#include <string.h>
	918	const char expected[] = "200 100";
	919	int main () {
	920	char buf[30];
	921	sprintf(buf, "%2\$x %1\$d", 100, 512);
	922	if (strcmp(expected, buf)) {
	923	fprintf(stderr,"bad result: <%s> wanted: <%s>\n", buf, expected);
	924	return 1;
	925	}
	926	return 0;
	927	}],
	928	ac_cv_printf_positional=yes,
	929	ac_cv_printf_positional=no,
	930	AC_MSG_ERROR([Cannot test for printf positional argument support when cross compiling]))])
	931	# Nothing for autoconf.h for now.
	932	AC_MSG_RESULT($ac_cv_printf_positional)
	933
	934
	935	# for t_locate_kdc test
	936
	937	AC_PATH_PROG(DIG, dig, false)
	938	AC_PATH_PROG(NSLOOKUP, nslookup, false)
	939
	940	# for kadmin
	941
	942	AC_PROG_YACC
	943	ath_compat=
	944	AC_ARG_ENABLE([athena],
	945	[ --enable-athena build with MIT Project Athena configuration],
	946	ath_compat=compat,)
	947	# The following are tests for the presence of programs required for
	948	# kadmin testing.
	949	AC_CHECK_PROG(have_RUNTEST,runtest,runtest)
	950	AC_CHECK_PROG(have_PERL,perl,perl)
	951	if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
	952	DO_TEST=ok
	953	fi
	954	AC_SUBST(DO_TEST)
	955
	956	# The following are substituted into kadmin/testing/scripts/env-setup.sh
	957	RBUILD=`pwd`
	958	AC_SUBST(RBUILD)
	959	case "$srcdir" in
	960	/*) S_TOP=$srcdir ;;
	961	*) S_TOP=`pwd`/$srcdir ;;
	962	esac
	963	AC_SUBST(S_TOP)
	964	AC_PATH_PROG(EXPECT,expect)
	965	# For kadmin/testing/util/Makefile.in
	966	if test "$TCL_LIBS" != "" ; then
	967	DO_ALL=tcl
	968	fi
	969	AC_SUBST(DO_ALL)
	970	KRB5_AC_PRIOCNTL_HACK
	971	K5_GEN_FILE(kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin)
	972	# for lib/kadm5
	973	AC_CHECK_PROG(RUNTEST,runtest,runtest)
	974	AC_CHECK_PROG(PERL,perl,perl)
	975
	976	# lib/gssapi
	977	AC_CHECK_HEADER(xom.h,[
	978	include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'], [
	979	include_xom='echo "/* no xom.h */"'])
	980	AC_SUBST(include_xom)
	981
	982
	983	# lib/rpc
	984	### Check where struct rpcent is declared.
	985
	986	# This is necessary to determine:
	987	# 1. If /usr/include/netdb.h declares struct rpcent
	988	# 2. If /usr/include/rpc/netdb.h declares struct rpcent
	989
	990	# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
	991	# rpc/netdb.h, then nastiness could happen.
	992
	993	# Logic: If /usr/include/netdb.h declares struct rpcent, then check
	994	# rpc/netdb.h. If /usr/include/rpc/netdb.h declares struct rpcent,
	995	# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not. If
	996	# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
	997	# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
	998
	999	AC_MSG_CHECKING([where struct rpcent is declared])
	1000	AC_TRY_COMPILE([#include <netdb.h>],
	1001	[struct rpcent e;
	1002	char c = e.r_name[0];
	1003	int i = e.r_number;],
	1004	[AC_TRY_COMPILE([#include <rpc/netdb.h>],
	1005	[struct rpcent e;
	1006	char c = e.r_name[0];
	1007	int i = e.r_number;],
	1008	[AC_MSG_RESULT([rpc/netdb.h])
	1009	rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'],
	1010	[AC_MSG_RESULT([netdb.h])])],
	1011	[AC_MSG_RESULT([nowhere])
	1012	rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'])
	1013	AC_SUBST(rpcent_define)
	1014
	1015	AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
	1016	if test $ac_cv_header_sys_select_h = yes; then
	1017	GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
	1018	else
	1019	GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
	1020	fi
	1021	AC_SUBST(GSSRPC__SYS_SELECT_H)
	1022	if test $ac_cv_header_sys_time_h = yes; then
	1023	GSSRPC__SYS_TIME_H='#include <sys/time.h>'
	1024	else
	1025	GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
	1026	fi
	1027	AC_SUBST(GSSRPC__SYS_TIME_H)
	1028	if test $ac_cv_header_unistd_h = yes; then
	1029	GSSRPC__UNISTD_H='#include <unistd.h>'
	1030	else
	1031	GSSRPC__UNISTD_H='/* #include <unistd.h> */'
	1032	fi
	1033	AC_SUBST(GSSRPC__UNISTD_H)
	1034
	1035	AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
	1036	[krb5_cv_header_sys_param_h_maxhostnamelen],
	1037	[AC_TRY_COMPILE([#include <sys/param.h>],
	1038	[int i = MAXHOSTNAMELEN;],
	1039	[krb5_cv_header_sys_param_h_maxhostnamelen=yes],
	1040	[krb5_cv_header_sys_param_h_maxhostnamelen=no])])
	1041	AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
	1042	[krb5_cv_header_netdb_h_maxhostnamelen],
	1043	[AC_TRY_COMPILE([#include <netdb.h>],
	1044	[int i = MAXHOSTNAMELEN;],
	1045	[krb5_cv_header_netdb_h_maxhostnamelen=yes],
	1046	[krb5_cv_header_netdb_h_maxhostnamelen=no])])
	1047
	1048	GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
	1049	GSSRPC__NETDB_H='/* #include <netdb.h> */'
	1050	if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
	1051	GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
	1052	else
	1053	if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
	1054	GSSRPC__NETDB_H='#include <netdb.h>'
	1055	else
	1056	AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
	1057	fi
	1058	fi
	1059	AC_SUBST(GSSRPC__SYS_PARAM_H)
	1060	AC_SUBST(GSSRPC__NETDB_H)
	1061
	1062	AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
	1063	[AC_TRY_COMPILE(
	1064	[#include <sys/types.h>
	1065	#if HAVE_UNISTD_H
	1066	#include <unistd.h>
	1067	#endif],
	1068	[u_char c;
	1069	u_int i;
	1070	u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
	1071	if test $krb5_cv_type_bsdaliases = yes; then
	1072	GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
	1073	else
	1074	GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
	1075	fi
	1076	AC_SUBST(GSSRPC__BSD_TYPEALIASES)
	1077
	1078	AC_MSG_CHECKING([return type of setrpcent])
	1079	AC_CACHE_VAL(k5_cv_type_setrpcent,
	1080	[AC_TRY_COMPILE([#include <netdb.h>
	1081	#ifdef __cplusplus
	1082	extern "C"
	1083	#endif
	1084	extern void setrpcent();],
	1085	[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])
	1086	AC_MSG_RESULT($k5_cv_type_setrpcent)
	1087	AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
	1088
	1089	AC_MSG_CHECKING([return type of endrpcent])
	1090	AC_CACHE_VAL(k5_cv_type_endrpcent,
	1091	[AC_TRY_COMPILE([#include <netdb.h>
	1092	#ifdef __cplusplus
	1093	extern "C"
	1094	#endif
	1095	extern void endrpcent();],
	1096	[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])
	1097	AC_MSG_RESULT($k5_cv_type_endrpcent)
	1098	AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
	1099	K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
	1100	PASS=tcp
	1101	AC_SUBST(PASS)
	1102
	1103	# for pkinit
	1104	AC_ARG_ENABLE([pkinit],
	1105	[ --disable-pkinit disable PKINIT plugin support],,
	1106	enable_pkinit=try)
	1107	if test "$enable_pkinit" = yes \|\| test "$enable_pkinit" = try; then
	1108	AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay,
	1109	[AC_COMPILE_IFELSE([AC_LANG_SOURCE([#include <openssl/opensslv.h>
	1110	#if OPENSSL_VERSION_NUMBER < 0x10000000L
	1111	# error openssl is too old, need 1.0.0
	1112	#endif
	1113	int i = 1;
	1114	])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)])
	1115	old_LIBS="$LIBS"
	1116	AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
	1117	LIBS="$old_LIBS"
	1118	fi
	1119	if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes \|\| test "$enable_pkinit" = try); then
	1120	K5_GEN_MAKEFILE(plugins/preauth/pkinit)
	1121	K5_GEN_MAKEFILE(tests/softpkcs11)
	1122	PKINIT=yes
	1123	AC_CHECK_LIB(crypto, CMS_get0_content, [AC_DEFINE([HAVE_OPENSSL_CMS], 1, [Define if OpenSSL supports cms.])])
	1124	elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
	1125	AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
	1126	else
	1127	AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
	1128	AC_MSG_NOTICE([Disabling PKINIT support.])
	1129	PKINIT=no
	1130	fi
	1131	AC_SUBST(PKINIT)
	1132
	1133	# for lib/apputils
	1134	AC_REPLACE_FUNCS(daemon)
	1135
	1136	# for tests/
	1137	if test x"$RUNTEST" != x; then
	1138	HAVE_RUNTEST=yes
	1139	else
	1140	HAVE_RUNTEST=no
	1141	fi
	1142	AC_SUBST(HAVE_RUNTEST)
	1143
	1144	# For Python tests. Python version 3.2.4 is required as prior
	1145	# versions do not accept string input to subprocess.Popen.communicate
	1146	# when universal_newlines is set.
	1147	PYTHON_MINVERSION=3.2.4
	1148	AC_SUBST(PYTHON_MINVERSION)
	1149	AC_CHECK_PROG(PYTHON,python3,python3)
	1150	if test x"$PYTHON" = x; then
	1151	AC_CHECK_PROG(PYTHON,python,python)
	1152	fi
	1153	HAVE_PYTHON=no
	1154	if test x"$PYTHON" != x; then
	1155	wantver="(sys.hexversion >= 0x30204F0)"
	1156	if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
	1157	HAVE_PYTHON=yes
	1158	fi
	1159	fi
	1160	AC_SUBST(HAVE_PYTHON)
	1161
	1162	# For cmocka tests.
	1163	CMOCKA_LIBS=
	1164	HAVE_CMOCKA=no
	1165	HAVE_CMOCKA_H=no
	1166	HAVE_CMOCKA_LIB=no
	1167	AC_CHECK_HEADER(cmocka.h, [HAVE_CMOCKA_H=yes], :, [
	1168	#include <stdarg.h>
	1169	#include <stddef.h>
	1170	#include <setjmp.h> ])
	1171	AC_CHECK_LIB(cmocka, _cmocka_run_group_tests, [HAVE_CMOCKA_LIB=yes])
	1172	if test "$HAVE_CMOCKA_LIB" = yes && test "$HAVE_CMOCKA_H" = yes; then
	1173	HAVE_CMOCKA=yes
	1174	CMOCKA_LIBS='-lcmocka'
	1175	AC_DEFINE([HAVE_CMOCKA],1,[Define if cmocka library is available.])
	1176	fi
	1177	AC_SUBST(HAVE_CMOCKA)
	1178	AC_SUBST(CMOCKA_LIBS)
	1179
	1180	# For URI lookup tests. Requires resolv_wrapper >= 1.1.5 for URI
	1181	# support.
	1182	HAVE_RESOLV_WRAPPER=0
	1183	PKG_CHECK_EXISTS([resolv_wrapper >= 1.1.5], [HAVE_RESOLV_WRAPPER=1])
	1184	AC_SUBST(HAVE_RESOLV_WRAPPER)
	1185
	1186	# for plugins/kdb/db2
	1187
	1188	# AIX is unusual in that it wants all symbols resolved at link time
	1189	# Fortunately, it will allow us to link the kdb library now, even if
	1190	# it is linked again later.
	1191	case $krb5_cv_host in
	1192	--aix*)
	1193	DB_EXTRA_LIBS=-ldb
	1194	;;
	1195	*)
	1196	DB_EXTRA_LIBS=
	1197	;;
	1198	esac
	1199	AC_SUBST(DB_EXTRA_LIBS)
	1200
	1201
	1202
	1203	# Check for thread safety issues.
	1204	# (Is there a better place for this?)
	1205	# tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r"
	1206	# Removed getpwnam_r and getpwuid_r because include/configure.in has some
	1207	# more careful checks, and may decide to pretend that they're not found if
	1208	# the function signatures can't be figured out.
	1209	tsfuncs="gethostbyname_r getservbyname_r gmtime_r localtime_r"
	1210	AC_CHECK_FUNCS($tsfuncs)
	1211	if test "$enable_thread_support" = yes; then
	1212	tsmissing=""
	1213	for ts in $tsfuncs; do
	1214	if eval "test \"\${ac_cv_func_$ts}\" != yes"; then
	1215	tsmissing="$tsmissing $ts"
	1216	fi
	1217	done
	1218	if test "$ac_cv_func_res_nsearch/$ac_cv_lib_resolv_res_nsearch" = "no/no"; then
	1219	tsmissing="$tsmissing res_nsearch"
	1220	fi
	1221	if test "$tsmissing" != ""; then
	1222	AC_MSG_WARN([Some functions that are needed for library thread])
	1223	AC_MSG_WARN([safety appear to be missing.])
	1224	for ts in $tsmissing; do
	1225	AC_MSG_WARN([ missing thread-safe function: $ts])
	1226	done
	1227	AC_MSG_WARN([Without these functions, the installed libraries])
	1228	AC_MSG_WARN([may not be thread-safe.])
	1229	fi # tsmissing not empty
	1230	fi # enable_thread_support
	1231
	1232	# Sadly, we seem to have accidentally committed ourselves in 1.4 to
	1233	# an ABI that includes the existence of libkrb5support.0 even
	1234	# though random apps should never use anything from it. And on
	1235	# the Mac, to which that didn't apply, we can't use major version 0.
	1236
	1237	case $krb5_cv_host in
	1238	--darwin* \| --rhapsody*) SUPPORTLIB_MAJOR=1 ;;
	1239	*) SUPPORTLIB_MAJOR=0 ;;
	1240	esac
	1241	AC_SUBST(SUPPORTLIB_MAJOR)
	1242
	1243
	1244	if test "$COM_ERR_VERSION" = k5 ; then
	1245	K5_GEN_MAKEFILE(util/et)
	1246	fi
	1247	if test "$SS_VERSION" = k5 ; then
	1248	K5_GEN_MAKEFILE(util/ss)
	1249	fi
	1250
	1251
	1252	ldap_plugin_dir=""
	1253	ldap_lib=""
	1254	if test -n "$OPENLDAP_PLUGIN"; then
	1255	AC_CHECK_HEADERS(ldap.h lber.h, :, [AC_MSG_ERROR($ac_header not found)])
	1256	AC_CHECK_LIB(ldap, ldap_str2dn, :, [AC_MSG_ERROR(libldap not found or missing ldap_str2dn)])
	1257
	1258	BER_OKAY=0
	1259	AC_CHECK_LIB(ldap, ber_init, [BER_OKAY=1])
	1260	if test "$BER_OKAY" = "1"; then
	1261	LDAP_LIBS='-lldap'
	1262	else
	1263	AC_CHECK_LIB(lber, ber_init, [BER_OKAY=1], [AC_MSG_WARN([libber not found])])
	1264	if test "$BER_OKAY" = "1"; then
	1265	LDAP_LIBS='-lldap -llber'
	1266	else
	1267	AC_ERROR("BER library missing - cannot build LDAP database module")
	1268	fi
	1269	fi
	1270	AC_DEFINE([ENABLE_LDAP], 1, [Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code) should be enabled.])
	1271	AC_SUBST(LDAP_LIBS)
	1272
	1273	AC_CHECK_HEADERS([sasl/sasl.h], [HAVE_SASL=yes], [HAVE_SASL=no])
	1274	AC_SUBST(HAVE_SASL)
	1275	if test "$HAVE_SASL" = no; then
	1276	AC_MSG_WARN([not building LDAP SASL support])
	1277	fi
	1278
	1279	K5_GEN_MAKEFILE(plugins/kdb/ldap)
	1280	K5_GEN_MAKEFILE(plugins/kdb/ldap/ldap_util)
	1281	K5_GEN_MAKEFILE(plugins/kdb/ldap/libkdb_ldap)
	1282	ldap_plugin_dir='plugins/kdb/ldap plugins/kdb/ldap/ldap_util'
	1283	LDAP=yes
	1284	else
	1285	LDAP=no
	1286	fi
	1287	AC_SUBST(ldap_plugin_dir)
	1288	AC_SUBST(LDAP)
	1289	# This check is for plugins/preauth/securid_sam2
	1290	sam2_plugin=""
	1291	old_CFLAGS=$CFLAGS
	1292	CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
	1293	AC_CHECK_LIB(aceclnt, SD_Init, [
	1294	AC_MSG_NOTICE([Enabling RSA securID support])
	1295	K5_GEN_MAKEFILE(plugins/preauth/securid_sam2)
	1296	sam2_plugin=plugins/preauth/securid_sam2
	1297	])
	1298	AC_SUBST(sam2_plugin)
	1299	CFLAGS=$old_CFLAGS
	1300
	1301	lmdb_plugin_dir=""
	1302	HAVE_LMDB=no
	1303	AC_ARG_WITH([lmdb],
	1304	AC_HELP_STRING([--with-lmdb],
	1305	[compile LMDB database backend module @<:@auto@:>@]),,
	1306	[withval=auto])
	1307	if test "$withval" = auto -o "$withval" = yes; then
	1308	AC_CHECK_LIB([lmdb],[mdb_env_create],[have_lmdb=true],[have_lmdb=false])
	1309	if test "$have_lmdb" = true; then
	1310	LMDB_LIBS=-llmdb
	1311	HAVE_LMDB=yes
	1312	lmdb_plugin_dir='plugins/kdb/lmdb'
	1313	K5_GEN_MAKEFILE(plugins/kdb/lmdb)
	1314	elif test "$withval" = yes; then
	1315	AC_MSG_ERROR([liblmdb not found])
	1316	fi
	1317	fi
	1318	AC_SUBST(HAVE_LMDB)
	1319	AC_SUBST(LMDB_LIBS)
	1320	AC_SUBST(lmdb_plugin_dir)
	1321
	1322	# Kludge for simple server --- FIXME is this the best way to do this?
	1323
	1324	if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then
	1325	AC_DEFINE(BROKEN_STREAMS_SOCKETS,1,[Define if socket can't be bound to 0.0.0.0])
	1326	fi
	1327
	1328	# Compile with libedit support in ss by default if available. Compile
	1329	# with readline only if asked, to avoid a default GPL dependency.
	1330	# Building with readline also breaks the dejagnu test suite.
	1331	AC_ARG_WITH([libedit],
	1332	AC_HELP_STRING([--without-libedit], [do not compile with libedit]),
	1333	[], [with_libedit=default])
	1334	AC_ARG_WITH([readline],
	1335	AC_HELP_STRING([--with-readline], [compile with GNU Readline]),
	1336	[], [with_readline=no])
	1337	if test "x$with_readline" = xyes; then
	1338	with_libedit=no
	1339	fi
	1340	RL_CFLAGS=
	1341	RL_LIBS=
	1342	if test "x$with_libedit" != xno; then
	1343	PKG_CHECK_MODULES(LIBEDIT, libedit, [have_libedit=yes], [have_libedit=no])
	1344	if test "x$have_libedit" = xyes; then
	1345	RL_CFLAGS=$LIBEDIT_CFLAGS
	1346	RL_LIBS=$LIBEDIT_LIBS
	1347	AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.])
	1348	AC_MSG_NOTICE([Using libedit for readline support])
	1349	elif test "x$with_libedit" = xyes; then
	1350	# We were explicitly asked for libedit and couldn't find it.
	1351	AC_MSG_ERROR([Could not detect libedit with pkg-config])
	1352	else
	1353	AC_MSG_NOTICE([Not using any readline support])
	1354	fi
	1355	elif test "x$with_readline" = xyes; then
	1356	AC_MSG_NOTICE([Using GNU Readline])
	1357	AC_CHECK_LIB([readline], [main], :,
	1358	AC_MSG_FAILURE([Cannot find readline library.]))
	1359	AC_DEFINE([HAVE_READLINE], 1, [Define if building with GNU Readline.])
	1360	RL_LIBS='-lreadline'
	1361	else
	1362	AC_MSG_RESULT([Not using any readline support])
	1363	fi
	1364	AC_SUBST([RL_CFLAGS])
	1365	AC_SUBST([RL_LIBS])
	1366
	1367	AC_ARG_WITH([system-verto],
	1368	[AC_HELP_STRING([--with-system-verto], [always use system verto library])],
	1369	[], [with_system_verto=default])
	1370	VERTO_VERSION=k5
	1371	if test "x$with_system_verto" != xno; then
	1372	PKG_CHECK_MODULES(VERTO, libverto, [have_sysverto=yes], [have_sysverto=no])
	1373	if test "x$have_sysverto" = xyes; then
	1374	VERTO_VERSION=sys
	1375	elif test "x$with_system_verto" = xyes; then
	1376	AC_MSG_ERROR([cannot detect system libverto])
	1377	fi
	1378	fi
	1379	if test "x$VERTO_VERSION" = xsys; then
	1380	AC_MSG_NOTICE([Using system libverto])
	1381	else
	1382	VERTO_CFLAGS=
	1383	VERTO_LIBS="-lverto"
	1384	AC_MSG_NOTICE([Using built-in libverto])
	1385	fi
	1386	AC_SUBST([VERTO_CFLAGS])
	1387	AC_SUBST([VERTO_LIBS])
	1388	AC_SUBST([VERTO_VERSION])
	1389
	1390	AC_PATH_PROG(GROFF, groff)
	1391
	1392	# Make localedir work in autoconf 2.5x.
	1393	if test "${localedir+set}" != set; then
	1394	localedir='$(datadir)/locale'
	1395	fi
	1396	AC_SUBST(localedir)
	1397
	1398	# For KCM lib/krb5/ccache to build KCM Mach RPC support for macOS only.
	1399	case $host in
	1400	--darwin* \| --rhapsody*) OSX=osx ;;
	1401	*) OSX=no ;;
	1402	esac
	1403	AC_SUBST(OSX)
	1404
	1405	# Build-time default ccache, keytab, and client keytab names. These
	1406	# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
	1407	# DEFCKTNAME. Otherwise, we try to get the OS defaults from
	1408	# krb5-config if we can, or fall back to hardcoded defaults.
	1409	AC_ARG_VAR(DEFCCNAME, [Default ccache name])
	1410	AC_ARG_VAR(DEFKTNAME, [Default keytab name])
	1411	AC_ARG_VAR(DEFCKTNAME, [Default client keytab name])
	1412	AC_ARG_WITH([krb5-config],
	1413	AC_HELP_STRING([--with-krb5-config=PATH],
	1414	[path to existing krb5-config program for defaults]), ,
	1415	[with_krb5_config=krb5-config])
	1416	if test "x$with_krb5_config" != xno; then
	1417	if test "x$with_krb5_config" = xyes; then
	1418	with_krb5_config=krb5-config
	1419	fi
	1420	if $with_krb5_config --help 2>&1 \| grep defccname >/dev/null; then
	1421	AC_MSG_NOTICE([Using $with_krb5_config for build defaults])
	1422	: "${DEFCCNAME=`$with_krb5_config --defccname`}"
	1423	: "${DEFKTNAME=`$with_krb5_config --defktname`}"
	1424	: "${DEFCKTNAME=`$with_krb5_config --defcktname`}"
	1425	fi
	1426	fi
	1427	dnl The outer brackets around the case statement prevent m4 from eating the
	1428	dnl brackets in the glob patterns.
	1429	if test "${DEFCCNAME+set}" != set; then
	1430	[case $host in
	1431	--darwin[0-9].* \| --darwin10.*)
	1432	# Use the normal default for macOS 10.6 (Darwin 10) and prior.
	1433	;;
	1434	--darwin*)
	1435	# For macOS 10.7 (Darwin 11) and later, the native ccache uses
	1436	# the KCM daemon.
	1437	DEFCCNAME=KCM:
	1438	;;
	1439	esac]
	1440	if test "${DEFCCNAME+set}" != set; then
	1441	DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
	1442	fi
	1443	fi
	1444	if test "${DEFKTNAME+set}" != set; then
	1445	DEFKTNAME=FILE:/etc/krb5.keytab
	1446	fi
	1447	if test "${DEFCKTNAME+set}" != set; then
	1448	AX_RECURSIVE_EVAL($localstatedir, exp_localstatedir)
	1449	DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
	1450	fi
	1451	AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
	1452	AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
	1453	AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
	1454	AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name])
	1455	AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name])
	1456	AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
	1457	[Define to default client keytab name])
	1458
	1459	AC_CONFIG_FILES([build-tools/krb5-config], [chmod +x build-tools/krb5-config])
	1460	AC_CONFIG_FILES([build-tools/kadm-server.pc
	1461	build-tools/kadm-client.pc
	1462	build-tools/kdb.pc
	1463	build-tools/krb5.pc
	1464	build-tools/krb5-gssapi.pc
	1465	build-tools/mit-krb5.pc
	1466	build-tools/mit-krb5-gssapi.pc
	1467	build-tools/gssrpc.pc
	1468	])
	1469	V5_AC_OUTPUT_MAKEFILE(.
	1470
	1471	util util/support util/profile util/profile/testmod
	1472	util/verto
	1473
	1474	lib lib/kdb
	1475
	1476	lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL
	1477	lib/crypto/$CRYPTO_IMPL/enc_provider
	1478	lib/crypto/$CRYPTO_IMPL/hash_provider
	1479	lib/crypto/$CRYPTO_IMPL/des
	1480	lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
	1481	lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2
	1482	lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia
	1483	lib/crypto/crypto_tests
	1484
	1485	lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
	1486	lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os
	1487	lib/krb5/unicode
	1488
	1489	lib/gssapi lib/gssapi/generic lib/gssapi/krb5 lib/gssapi/spnego
	1490	lib/gssapi/mechglue
	1491
	1492	lib/rpc lib/rpc/unit-test
	1493
	1494	lib/kadm5 lib/kadm5/clnt lib/kadm5/srv lib/kadm5/unit-test
	1495	lib/krad
	1496	lib/apputils
	1497
	1498	kdc kprop config-files build-tools man doc include
	1499
	1500	plugins/certauth/test
	1501	plugins/gssapi/negoextest
	1502	plugins/hostrealm/test
	1503	plugins/localauth/test
	1504	plugins/kadm5_hook/test
	1505	plugins/kadm5_auth/test
	1506	plugins/pwqual/test
	1507	plugins/audit
	1508	plugins/audit/test
	1509	plugins/kdb/db2
	1510	plugins/kdb/db2/libdb2
	1511	plugins/kdb/db2/libdb2/hash
	1512	plugins/kdb/db2/libdb2/btree
	1513	plugins/kdb/db2/libdb2/db
	1514	plugins/kdb/db2/libdb2/mpool
	1515	plugins/kdb/db2/libdb2/recno
	1516	plugins/kdb/db2/libdb2/test
	1517	plugins/kdb/test
	1518	plugins/kdcpolicy/test
	1519	plugins/preauth/otp
	1520	plugins/preauth/spake
	1521	plugins/preauth/test
	1522	plugins/authdata/greet_client
	1523	plugins/authdata/greet_server
	1524	plugins/tls/k5tls
	1525
	1526	clients clients/klist clients/kinit clients/kvno
	1527	clients/kdestroy clients/kpasswd clients/ksu clients/kswitch
	1528
	1529	kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
	1530	kadmin/testing kadmin/testing/scripts kadmin/testing/util
	1531
	1532	appl
	1533	appl/sample appl/sample/sclient appl/sample/sserver
	1534	appl/simple appl/simple/client appl/simple/server
	1535	appl/gss-sample appl/user_user
	1536
	1537	tests tests/resolve tests/asn.1 tests/create tests/hammer
	1538	tests/verify tests/gssapi tests/dejagnu tests/threads tests/shlib
	1539	tests/gss-threads tests/misc
	1540	)

+0

-1506

~~src/configure.in~~ less more

0		K5_AC_INIT([aclocal.m4])
1
2		# If $runstatedir isn't set by autoconf (<2.70), set it manually.
3		if test x"$runstatedir" = x; then
4		runstatedir=$localstatedir/run
5		fi
6		AC_SUBST(runstatedir)
7
8		# Don't make duplicate profile path entries for /etc/krb5.conf if
9		# $sysconfdir is /etc
10		if test "$sysconfdir" = /etc; then
11		SYSCONFCONF=""
12		else
13		SYSCONFCONF=":${sysconfdir}/krb5.conf"
14		fi
15		AC_SUBST(SYSCONFCONF)
16
17		CONFIG_RULES
18		KRB5_VERSION=K5_VERSION
19		AC_SUBST(KRB5_VERSION)
20
21
22		AC_REQUIRE_CPP
23
24		PKG_PROG_PKG_CONFIG
25
26		AC_CHECK_HEADER([stdint.h], [],
27		[AC_MSG_ERROR([stdint.h is required])])
28
29		AC_CACHE_CHECK([whether integers are two's complement],
30		[krb5_cv_ints_twos_compl],
31		[AC_COMPILE_IFELSE(
32		[AC_LANG_BOOL_COMPILE_TRY(
33		[#include <limits.h>
34		],
35		[/* Basic two's complement check */
36		~(-1) == 0 && ~(-1L) == 0L &&
37		/* Check that values with sign bit 1 and value bits 0 are valid */
38		-(INT_MIN + 1) == INT_MAX && -(LONG_MIN + 1) == LONG_MAX &&
39		/* Check that unsigned-to-signed conversions preserve bit patterns */
40		(int)((unsigned int)INT_MAX + 1) == INT_MIN &&
41		(long)((unsigned long)LONG_MAX + 1) == LONG_MIN])],
42		[krb5_cv_ints_twos_compl=yes],
43		[krb5_cv_ints_twos_compl=no])])
44
45		if test "$krb5_cv_ints_twos_compl" = "no"; then
46		AC_MSG_ERROR([integers are not two's complement])
47		fi
48
49		AC_CACHE_CHECK([whether CHAR_BIT is 8],
50		[krb5_cv_char_bit_8],
51		[AC_PREPROC_IFELSE([AC_LANG_SOURCE(
52		[[#include <limits.h>
53		#if CHAR_BIT != 8
54		#error CHAR_BIT != 8
55		#endif
56		]])],
57		[krb5_cv_char_bit_8=yes], [krb5_cv_char_bit_8=no])])
58
59		if test "$krb5_cv_char_bit_8" = "no"; then
60		AC_MSG_ERROR([CHAR_BIT is not 8])
61		fi
62
63		AC_CACHE_CHECK(if va_copy is available, krb5_cv_va_copy,
64		[AC_LINK_IFELSE([AC_LANG_SOURCE([
65		#include <stdarg.h>
66		void f(va_list ap) {
67		va_list ap2;
68		va_copy(ap2, ap);
69		va_end(ap2);
70		}
71		va_list x;
72		int main()
73		{
74		f(x);
75		return 0;
76		}])], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)])
77		if test "$krb5_cv_va_copy" = yes; then
78		AC_DEFINE(HAS_VA_COPY,1,[Define if va_copy macro or function is available.])
79		fi
80
81		# Note that this isn't checking if the copied value works, just
82		# whether the C language constraints permit the copying. If
83		# va_list is defined as an array type, it can't be assigned.
84		AC_CACHE_CHECK(if va_list objects can be copied by assignment,
85		krb5_cv_va_simple_copy,
86		[AC_COMPILE_IFELSE([
87		AC_LANG_SOURCE([#include <stdarg.h>
88		void f(va_list va2) {
89		va_list va1;
90		va1 = va2;
91		}])], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)])
92		if test "$krb5_cv_va_simple_copy" = yes; then
93		AC_DEFINE(CAN_COPY_VA_LIST,1,[Define if va_list objects can be simply copied by assignment.])
94		fi
95
96		# The following lines are so that configure --help gives some global
97		# configuration options.
98
99		KRB5_LIB_AUX
100		AC_KRB5_TCL
101		AC_ARG_ENABLE([athena],
102		[ --enable-athena build with MIT Project Athena configuration],,)
103
104		# Begin autoconf tests for the Makefiles generated out of the top-level
105		# configure.in...
106
107		KRB5_BUILD_LIBOBJS
108		KRB5_BUILD_LIBRARY
109		KRB5_BUILD_PROGRAM
110		# for kprop
111		AC_TYPE_MODE_T
112		AC_PROG_INSTALL
113		KRB5_AC_NEED_DAEMON
114		KRB5_GETSOCKNAME_ARGS
115		KRB5_GETPEERNAME_ARGS
116		LIBUTIL=
117		AC_CHECK_LIB(util,main,[AC_DEFINE(HAVE_LIBUTIL,1,[Define if the util library is available])
118		LIBUTIL=-lutil
119		])
120		AC_SUBST(LIBUTIL)
121
122		# Determine if NLS is desired and supported.
123		po=
124		AC_ARG_ENABLE([nls],
125		AC_HELP_STRING([--disable-nls], [disable native language support]),
126		[], [enable_nls=check])
127		if test "$enable_nls" != no; then
128		AC_CHECK_HEADER(libintl.h, [
129		AC_SEARCH_LIBS(dgettext, intl, [
130		AC_DEFINE(ENABLE_NLS, 1,
131		[Define if translation functions should be used.])
132		nls_enabled=yes])])
133
134		AC_CHECK_PROG(MSGFMT,msgfmt,msgfmt)
135		if test x"$MSGFMT" != x; then
136		po=po
137		fi
138
139		# Error out if --enable-nls was explicitly requested but can't be enabled.
140		if test "$enable_nls" = yes; then
141		if test "$nls_enabled" != yes -o "x$po" = x; then
142		AC_MSG_ERROR([NLS support requested but cannot be built])
143		fi
144		fi
145		fi
146		AC_SUBST(po)
147
148		# for kdc
149		AC_CHECK_HEADERS(sys/sockio.h ifaddrs.h unistd.h fnmatch.h)
150		AC_CHECK_FUNCS(vsprintf vasprintf vsnprintf strlcpy fnmatch)
151
152		EXTRA_SUPPORT_SYMS=
153		AC_CHECK_FUNC(strlcpy,
154		[STRLCPY_ST_OBJ=
155		STRLCPY_OBJ=],
156		[STRLCPY_ST_OBJ=strlcpy.o
157		STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)'
158		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat"])
159		AC_SUBST(STRLCPY_OBJ)
160		AC_SUBST(STRLCPY_ST_OBJ)
161
162		AC_CHECK_FUNC(getopt,
163		[GETOPT_ST_OBJ=
164		GETOPT_OBJ=
165		AC_DEFINE(HAVE_GETOPT, 1, [Define if system getopt should be used.])],
166		[GETOPT_ST_OBJ='getopt.o'
167		GETOPT_OBJ='$(OUTPRE)getopt.$(OBJEXT)'
168		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_optind k5_optarg k5_opterr k5_optopt k5_getopt"])
169		AC_SUBST(GETOPT_OBJ)
170		AC_SUBST(GETOPT_ST_OBJ)
171
172		AC_CHECK_FUNC(getopt_long,
173		[GETOPT_LONG_ST_OBJ=
174		GETOPT_LONG_OBJ=
175		AC_DEFINE(HAVE_GETOPT_LONG, 1, [Define if system getopt_long should be used.])],
176		[GETOPT_LONG_ST_OBJ='getopt_long.o'
177		GETOPT_LONG_OBJ='$(OUTPRE)getopt_long.$(OBJEXT)'
178		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_getopt_long"])
179		AC_SUBST(GETOPT_LONG_OBJ)
180		AC_SUBST(GETOPT_LONG_ST_OBJ)
181
182		AC_CHECK_FUNC(fnmatch,
183		[FNMATCH_ST_OBJ=
184		FNMATCH_OBJ=],
185		[FNMATCH_ST_OBJ=fnmatch.o
186		FNMATCH_OBJ='$(OUTPRE)fnmatch.$(OBJEXT)'
187		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_fnmatch"])
188		AC_SUBST(FNMATCH_OBJ)
189		AC_SUBST(FNMATCH_ST_OBJ)
190
191		AC_CHECK_FUNC(vasprintf,
192		[PRINTF_ST_OBJ=
193		PRINTF_OBJ=],
194		[PRINTF_ST_OBJ=printf.o
195		PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)'
196		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf"])
197		AC_SUBST(PRINTF_OBJ)
198		AC_SUBST(PRINTF_ST_OBJ)
199		KRB5_NEED_PROTO([#include <stdarg.h>
200		#include <stdio.h>
201		],vasprintf)
202		KRB5_NEED_PROTO([#include <string.h>
203		#ifdef HAVE_UNISTD_H
204		#include <unistd.h>
205		#endif
206		/* Solaris 8 declares swab in stdlib.h. */
207		#include <stdlib.h>
208		],swab,1)
209
210		AC_PROG_AWK
211		KRB5_AC_INET6
212		KRB5_SOCKADDR_SA_LEN
213		CHECK_SIGNALS
214
215		# --with-vague-errors disables useful error messages.
216
217		AC_ARG_WITH([vague-errors],
218		AC_HELP_STRING([--with-vague-errors],[Do not @<:@do@:>@ send helpful errors to client]), , withval=no)
219		if test "$withval" = yes; then
220		AC_MSG_NOTICE(Supplying vague error messages to KDC clients)
221		AC_DEFINE(KRBCONF_VAGUE_ERRORS,1,[Define if the KDC should return only vague error codes to clients])
222		fi
223
224		# Check which (if any) audit plugin to build
225		audit_plugin=""
226		AC_ARG_ENABLE([audit-plugin],
227		AC_HELP_STRING([--enable-audit-plugin=IMPL],
228		[use audit plugin @<:@ do not use audit @:>@]), , enableval=no)
229		if test "$enableval" != no; then
230		case "$enableval" in
231		simple)
232		# if audit_log_user_message is found, we assume
233		# that audit_open and audit_close are also defined.
234		AC_CHECK_LIB(audit, audit_log_user_message,
235		[AUDIT_IMPL_LIBS=-laudit
236		K5_GEN_MAKEFILE(plugins/audit/simple)
237		audit_plugin=plugins/audit/simple ],
238		AC_MSG_ERROR([libaudit not found or undefined symbol audit_log_user_message]))
239		;;
240		*)
241		AC_MSG_ERROR([Unknown audit plugin implementation $enableval.])
242		;;
243		esac
244		fi
245		AC_SUBST(AUDIT_IMPL_LIBS)
246		AC_SUBST(audit_plugin)
247
248		# WITH_CRYPTO_IMPL
249
250		CRYPTO_IMPL="builtin"
251		AC_ARG_WITH([crypto-impl],
252		AC_HELP_STRING([--with-crypto-impl=IMPL], [use specified crypto implementation @<:@builtin@:>@]),
253		[CRYPTO_IMPL=$withval
254		AC_MSG_NOTICE(k5crypto will use '$withval')
255		], withval=builtin)
256		case "$withval" in
257		builtin)
258		;;
259		openssl)
260		AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
261		;;
262		*)
263		AC_MSG_ERROR([Unknown crypto implementation $withval])
264		;;
265		esac
266		AC_CONFIG_COMMANDS(CRYPTO_IMPL, , CRYPTO_IMPL=$CRYPTO_IMPL)
267		AC_SUBST(CRYPTO_IMPL)
268		AC_SUBST(CRYPTO_IMPL_CFLAGS)
269		AC_SUBST(CRYPTO_IMPL_LIBS)
270
271		AC_ARG_WITH([prng-alg],
272		AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]),
273		[PRNG_ALG=$withval
274		AC_MSG_NOTICE(k5crypto will use '$withval')
275		], PRNG_ALG=fortuna)
276		AC_CONFIG_COMMANDS(PRNG_ALG, , PRNG_ALG=$PRNG_ALG)
277		AC_SUBST(PRNG_ALG)
278		if test "$PRNG_ALG" = fortuna; then
279		AC_DEFINE(FORTUNA,1,[Define if Fortuna PRNG is selected])
280		fi
281
282		# WITH_TLS_IMPL
283
284		AC_ARG_WITH([tls-impl],
285		AC_HELP_STRING([--with-tls-impl=IMPL],
286		[use specified TLS implementation @<:@auto@:>@]),
287		[TLS_IMPL=$withval],[TLS_IMPL=auto])
288		case "$TLS_IMPL" in
289		openssl\|auto)
290		AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
291		-lcrypto)
292		AC_MSG_CHECKING([for OpenSSL])
293		if test x$have_lib_ssl = xtrue ; then
294		AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
295		AC_MSG_RESULT([yes])
296		TLS_IMPL_LIBS="-lssl -lcrypto"
297		TLS_IMPL=openssl
298		AC_MSG_NOTICE([TLS module will use OpenSSL])
299		else
300		if test "$TLS_IMPL" = openssl ; then
301		AC_MSG_ERROR([OpenSSL not found!])
302		else
303		AC_MSG_WARN([OpenSSL not found!])
304		fi
305		TLS_IMPL=no
306		AC_MSG_NOTICE(building without TLS support)
307		fi
308		;;
309		no)
310		AC_MSG_NOTICE(building without TLS support)
311		;;
312		*)
313		AC_MSG_ERROR([Unsupported TLS implementation $withval])
314		;;
315		esac
316
317		if test "$TLS_IMPL" = no; then
318		AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
319		fi
320
321		AC_SUBST(TLS_IMPL)
322		AC_SUBST(TLS_IMPL_CFLAGS)
323		AC_SUBST(TLS_IMPL_LIBS)
324
325		# The SPAKE preauth plugin currently supports edwards25519 natively,
326		# and can support three NIST groups using OpenSSL.
327		HAVE_SPAKE_OPENSSL=no
328		AC_ARG_WITH([spake-openssl],
329		AC_HELP_STRING([--with-spake-openssl],
330		[use OpenSSL for SPAKE preauth @<:@auto@:>@]),,[withval=auto])
331		if test "$withval" = auto -o "$withval" = yes; then
332		AC_CHECK_LIB([crypto],[EC_POINT_new],[have_crypto=true],[have_crypto=false])
333		if test "$have_crypto" = true; then
334		AC_DEFINE(SPAKE_OPENSSL,1,[Define to use OpenSSL for SPAKE preauth])
335		SPAKE_OPENSSL_LIBS=-lcrypto
336		HAVE_SPAKE_OPENSSL=yes
337		elif test "$withval" = yes; then
338		AC_MSG_ERROR([OpenSSL libcrypto not found])
339		fi
340		fi
341		AC_SUBST(HAVE_SPAKE_OPENSSL)
342		AC_SUBST(SPAKE_OPENSSL_LIBS)
343
344		AC_ARG_ENABLE([aesni],
345		AC_HELP_STRING([--disable-aesni],[Do not build with AES-NI support]), ,
346		enable_aesni=check)
347		if test "$CRYPTO_IMPL" = builtin -a "x$enable_aesni" != xno; then
348		case "$host" in
349		i686-*)
350		aesni_obj=iaesx86.o
351		aesni_machine=x86
352		;;
353		x86_64-*)
354		aesni_obj=iaesx64.o
355		aesni_machine=amd64
356		;;
357		esac
358		case "$host" in
359		--linux* \| --gnu* \| --bsd \| --solaris*)
360		# All Unix-like platforms need -D__linux__ for iaesx64.s to
361		# use the System V x86-64 calling convention.
362		aesni_flags="-D__linux__ -f elf -m $aesni_machine"
363		;;
364		esac
365		if test "x$aesni_obj" != x && test "x$aesni_flags" != x; then
366		AC_CHECK_PROG(YASM,yasm,yasm)
367		AC_CHECK_HEADERS(cpuid.h)
368		if test x"$YASM" != x -a "x$ac_cv_header_cpuid_h" = xyes; then
369		AESNI_OBJ=$aesni_obj
370		AESNI_FLAGS=$aesni_flags
371		AC_DEFINE(AESNI,1,[Define if AES-NI support is enabled])
372		AC_MSG_NOTICE([Building with AES-NI support])
373		fi
374		fi
375		if test "x$enable_aesni" = xyes -a "x$AESNI_OBJ" = x; then
376		AC_MSG_ERROR([AES-NI support requested but cannot be built])
377		fi
378		fi
379		AC_SUBST(AESNI_OBJ)
380		AC_SUBST(AESNI_FLAGS)
381
382		AC_ARG_ENABLE([kdc-lookaside-cache],
383		AC_HELP_STRING([--disable-kdc-lookaside-cache],
384		[Disable the cache which detects client retransmits]), ,
385		enableval=yes)
386		if test "$enableval" = no ; then
387		AC_DEFINE(NOCACHE,1,[Define if the KDC should use no lookaside cache])
388		fi
389		KRB5_RUN_FLAGS
390
391		# asan is a gcc and clang facility to instrument the code with memory
392		# error checking. To use it, we compile C and C++ source files with
393		# -fsanitize=address, and set ASAN=yes to suppress the undefined
394		# symbols check when building shared libraries.
395		AC_ARG_ENABLE([asan],
396		AC_HELP_STRING([--enable-asan],[Build with asan memory checking]),[],
397		[enable_asan=no])
398		if test "$enable_asan" != no; then
399		if test "$enable_asan" = yes; then
400		enable_asan=address
401		fi
402		ASAN_FLAGS="$DEFS -fsanitize=$enable_asan"
403		ASAN=yes
404		UNDEF_CHECK=
405		else
406		ASAN_FLAGS=
407		ASAN=no
408		fi
409		AC_SUBST(ASAN_FLAGS)
410		AC_SUBST(ASAN)
411
412		AC_TYPE_SIGNAL
413
414		# from old include/configure.in
415		AH_TEMPLATE([HAVE_STRUCT_SOCKADDR_STORAGE],
416		[Define if "struct sockaddr_storage" is available.])
417
418		AC_CONFIG_HEADERS(include/autoconf.h, [echo timestamp > include/autoconf.stamp])
419		AC_PROG_LEX
420		AC_C_CONST
421		AC_HEADER_DIRENT
422		AC_FUNC_STRERROR_R
423		AC_CHECK_FUNCS(strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm)
424
425		AC_CHECK_FUNC(mkstemp,
426		[MKSTEMP_ST_OBJ=
427		MKSTEMP_OBJ=],
428		[MKSTEMP_ST_OBJ='mkstemp.o'
429		MKSTEMP_OBJ='$(OUTPRE)mkstemp.$(OBJEXT)'
430		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_mkstemp"])
431		AC_SUBST(MKSTEMP_OBJ)
432		AC_SUBST(MKSTEMP_ST_OBJ)
433
434		AC_CHECK_FUNC(gettimeofday,
435		[GETTIMEOFDAY_ST_OBJ=
436		GETTIMEOFDAY_OBJ=
437		AC_DEFINE(HAVE_GETTIMEOFDAY, 1, [Have the gettimeofday function])
438		],
439		[GETTIMEOFDAY_ST_OBJ='gettimeofday.o'
440		GETTIMEOFDAY_OBJ='$(OUTPRE)gettimeofday.$(OBJEXT)'
441		EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_gettimeofday"])
442		AC_SUBST(GETTIMEOFDAY_OBJ)
443		AC_SUBST(GETTIMEOFDAY_ST_OBJ)
444		AC_SUBST(EXTRA_SUPPORT_SYMS)
445
446		DECLARE_SYS_ERRLIST
447		AC_CHECK_HEADERS(unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h)
448		AC_CHECK_HEADER(regexp.h, [], [],
449		[#define INIT char *sp = instring;
450		#define GETC() (*sp++)
451		#define PEEKC() (*sp)
452		#define UNGETC(c) (--sp)
453		#define RETURN(c) return(c)
454		#define ERROR(c)
455		])
456		AC_CHECK_MEMBERS([struct stat.st_mtimensec,struct stat.st_mtimespec.tv_nsec,struct stat.st_mtim.tv_nsec],,,[#include <sys/types.h>
457		#include <sys/stat.h>])
458		KRB5_AC_REGEX_FUNCS
459		AC_TYPE_OFF_T
460
461		# Fancy caching of perror result...
462		AC_MSG_CHECKING(for perror declaration)
463		AC_CACHE_VAL(krb5_cv_decl_perror,
464		[AC_EGREP_HEADER(perror, errno.h,
465		krb5_cv_decl_perror=yes, krb5_cv_decl_perror=no)])
466		AC_MSG_RESULT($krb5_cv_decl_perror)
467		if test $krb5_cv_decl_perror = yes; then
468		AC_DEFINE(HDR_HAS_PERROR,1,[Define if errno.h declares perror])
469		fi
470
471		KRB5_NEED_PROTO([#include <time.h>],strptime)
472		CHECK_WAIT_TYPE
473		CHECK_SIGPROCMASK
474		AC_TYPE_GETGROUPS
475		CHECK_SETJMP
476
477		# *rpcent return types needed for lib/rpc
478
479		AC_MSG_CHECKING([return type of setrpcent])
480		AC_CACHE_VAL(k5_cv_type_setrpcent,
481		[AC_TRY_COMPILE([#include <netdb.h>
482		#ifdef __cplusplus
483		extern "C"
484		#endif
485		extern void setrpcent();],
486		[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])
487		AC_MSG_RESULT($k5_cv_type_setrpcent)
488		AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
489
490		AC_MSG_CHECKING([return type of endrpcent])
491		AC_CACHE_VAL(k5_cv_type_endrpcent,
492		[AC_TRY_COMPILE([#include <netdb.h>
493		#ifdef __cplusplus
494		extern "C"
495		#endif
496		extern void endrpcent();],
497		[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])
498		AC_MSG_RESULT($k5_cv_type_endrpcent)
499		AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
500
501
502		# bswap_16 is a macro in byteswap.h under GNU libc
503		AC_MSG_CHECKING(for bswap_16)
504		AC_CACHE_VAL(krb5_cv_bswap_16,[
505		AC_TRY_LINK([#if HAVE_BYTESWAP_H
506		#include <byteswap.h>
507		#endif],[bswap_16(37);],krb5_cv_bswap_16=yes,krb5_cv_bswap_16=no)])
508		AC_MSG_RESULT($krb5_cv_bswap_16)
509		if test "$krb5_cv_bswap_16" = yes; then
510		AC_DEFINE(HAVE_BSWAP_16,1,[Define to 1 if bswap_16 is available via byteswap.h])
511		fi
512		AC_MSG_CHECKING(for bswap_64)
513		AC_CACHE_VAL(krb5_cv_bswap_64,[
514		AC_TRY_LINK([#if HAVE_BYTESWAP_H
515		#include <byteswap.h>
516		#endif],[bswap_64(37);],krb5_cv_bswap_64=yes,krb5_cv_bswap_64=no)])
517		AC_MSG_RESULT($krb5_cv_bswap_64)
518		if test "$krb5_cv_bswap_64" = yes; then
519		AC_DEFINE(HAVE_BSWAP_64,1,[Define to 1 if bswap_64 is available via byteswap.h])
520		fi
521
522		# Needed for ksu and some appl stuff.
523
524		case $krb5_cv_host in
525		alpha-dec-osf)
526		AC_CHECK_LIB(security,setluid,
527		AC_DEFINE(HAVE_SETLUID,1,[Define if setluid provided in OSF/1 security library])
528		KSU_LIBS="-lsecurity"
529		)
530		;;
531		esac
532		AC_SUBST(KSU_LIBS)
533
534		if test $ac_cv_func_setenv = no \|\| test $ac_cv_func_unsetenv = no \
535		\|\| test $ac_cv_func_getenv = no; then
536		SETENVOBJ=setenv.o
537		else
538		SETENVOBJ=
539		fi
540		AC_SUBST(SETENVOBJ)
541
542		# Check what the return types for gethostbyname_r and getservbyname_r are.
543
544		AC_CHECK_FUNC(gethostbyname_r,[
545		ac_cv_func_gethostbyname_r=yes
546		if test "$ac_cv_func_gethostbyname_r" = yes; then
547		AC_MSG_CHECKING([if gethostbyname_r returns an int])
548		AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_int,
549		[AC_TRY_COMPILE([#include <netdb.h>
550		extern int gethostbyname_r ();], [1;],
551		krb5_cv_gethostbyname_r_returns_int=yes,
552		krb5_cv_gethostbyname_r_returns_int=no)])
553		AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_int)
554
555		AC_MSG_CHECKING([if gethostbyname_r returns a pointer])
556		AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_ptr,
557		[AC_TRY_COMPILE([#include <netdb.h>
558		extern struct hostent *gethostbyname_r ();], [1;],
559		krb5_cv_gethostbyname_r_returns_ptr=yes,
560		krb5_cv_gethostbyname_r_returns_ptr=no)])
561		AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_ptr)
562
563		if test "$krb5_cv_gethostbyname_r_returns_int" = "$krb5_cv_gethostbyname_r_returns_ptr"; then
564		AC_MSG_WARN(cannot determine return type of gethostbyname_r -- disabling)
565		ac_cv_func_gethostbyname_r=no
566		fi
567		if test "$krb5_cv_gethostbyname_r_returns_int" = yes; then
568		AC_DEFINE(GETHOSTBYNAME_R_RETURNS_INT, 1, [Define if gethostbyname_r returns int rather than struct hostent * ])
569		fi
570		fi
571		if test "$ac_cv_func_gethostbyname_r" = yes; then
572		AC_DEFINE(HAVE_GETHOSTBYNAME_R, 1, [Define if gethostbyname_r exists and its return type is known])
573		AC_CHECK_FUNC(gethostbyaddr_r)
574		fi
575		])
576
577
578		# PTHREAD_CFLAGS changes which variant of these functions is declared
579		# on Solaris 11, so use it for these tests.
580		old_CFLAGS=$CFLAGS
581		CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
582		AC_CHECK_FUNC(getpwnam_r,ac_cv_func_getpwnam_r=yes,ac_cv_func_getpwnam_r=no)
583		AC_CHECK_FUNC(getpwuid_r,ac_cv_func_getpwuid_r=yes,ac_cv_func_getpwuid_r=no)
584		if test "$ac_cv_func_getpwnam_r" = yes; then
585		AC_MSG_CHECKING([return type of getpwnam_r])
586		AC_CACHE_VAL(krb5_cv_getpwnam_r_return_type,
587		[AC_TRY_COMPILE([#include <pwd.h>
588		extern int getpwnam_r();], [1;],
589		getpwnam_r_returns_int=yes,getpwnam_r_returns_int=no)
590		AC_TRY_COMPILE([#include <pwd.h>
591		extern struct passwd *getpwnam_r();], [1;],
592		getpwnam_r_returns_ptr=yes,getpwnam_r_returns_ptr=no)
593		case "$getpwnam_r_returns_int/$getpwnam_r_returns_ptr" in
594		yes/no) krb5_cv_getpwnam_r_return_type=int ;;
595		no/yes) krb5_cv_getpwnam_r_return_type=ptr ;;
596		*) krb5_cv_getpwnam_r_return_type=unknown ;;
597		esac])
598		AC_MSG_RESULT($krb5_cv_getpwnam_r_return_type)
599		if test $krb5_cv_getpwnam_r_return_type = int; then
600		AC_DEFINE(GETPWNAM_R_RETURNS_INT, 1, [Define if getpwnam_r returns an int])
601		elif test $krb5_cv_getpwnam_r_return_type = unknown; then
602		AC_MSG_WARN([Cannot determine getpwnam_r return type, disabling getpwnam_r])
603		ac_cv_func_getpwnam_r=no
604		fi
605		fi
606		if test "$ac_cv_func_getpwnam_r" = yes; then
607		AC_MSG_CHECKING([number of arguments to getpwnam_r])
608		AC_CACHE_VAL(krb5_cv_getpwnam_r_args,
609		[AC_TRY_COMPILE([#include <pwd.h>
610		struct passwd pwx; char buf[1024];],
611		[getpwnam_r("", &pwx, buf, sizeof(buf));], args4=yes, args4=no)
612		AC_TRY_COMPILE([#include <pwd.h>
613		struct passwd pwx, *p; char buf[1024];],
614		[getpwnam_r("", &pwx, buf, sizeof(buf), &p);], args5=yes, args5=no)
615		case $args4/$args5 in
616		yes/no) krb5_cv_getpwnam_r_args=4 ;;
617		no/yes) krb5_cv_getpwnam_r_args=5 ;;
618		*) krb5_cv_getpwnam_r_args=unknown ;;
619		esac])
620		AC_MSG_RESULT($krb5_cv_getpwnam_r_args)
621		if test "$krb5_cv_getpwnam_r_args" = unknown; then
622		AC_MSG_WARN([Cannot determine number of arguments to getpwnam_r, disabling its use.])
623		ac_cv_func_getpwnam_r=no
624		else
625		AC_DEFINE(HAVE_GETPWNAM_R,1,[Define if getpwnam_r is available and useful.])
626		if test "$krb5_cv_getpwnam_r_args" = 4; then
627		AC_DEFINE(GETPWNAM_R_4_ARGS,1,[Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
628		fi
629		fi
630		fi
631		CFLAGS=$old_CFLAGS
632
633		if test "$ac_cv_func_getpwnam_r" = no && test "$ac_cv_func_getpwuid_r" = yes; then
634		# Actually, we could do this check, and the corresponding checks
635		# for return type and number of arguments, but I doubt we'll run
636		# into a system where we'd get to use getpwuid_r but not getpwnam_r.
637		AC_MSG_NOTICE([getpwnam_r not useful, so disabling getpwuid_r too])
638		ac_cv_func_getpwuid_r=no
639		fi
640		if test "$ac_cv_func_getpwuid_r" = yes; then
641		AC_DEFINE(HAVE_GETPWUID_R,1,[Define if getpwuid_r is available and useful.])
642		# Hack: Assume getpwuid_r is the shorter form if getpwnam_r is.
643		if test "$krb5_cv_getpwnam_r_args" = 4; then
644		AC_DEFINE(GETPWUID_R_4_ARGS,1,[Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
645		fi
646		fi
647
648		if test "$ac_cv_func_gmtime_r" = yes; then
649		AC_MSG_CHECKING([whether gmtime_r returns int])
650		AC_CACHE_VAL(krb5_cv_gmtime_r_returns_int,
651		[AC_TRY_COMPILE([#include <time.h>
652		extern int gmtime_r ();], [1;], return_int=yes, return_int=no)
653		AC_TRY_COMPILE([#include <time.h>
654		extern struct tm *gmtime_r ();], [1;], return_ptr=yes, return_ptr=no)
655		case $return_int/$return_ptr in
656		yes/no) krb5_cv_gmtime_r_returns_int=yes ;;
657		no/yes) krb5_cv_gmtime_r_returns_int=no ;;
658		*) # Can't figure it out, punt the function.
659		ac_cv_func_gmtime_r=no ;;
660		esac])
661		if test "$ac_cv_func_gmtime_r" = no; then
662		AC_MSG_RESULT(unknown -- ignoring gmtime_r)
663		else
664		AC_MSG_RESULT($krb5_cv_gmtime_r_returns_int)
665		if test "$krb5_cv_gmtime_r_returns_int" = yes; then
666		AC_DEFINE(GMTIME_R_RETURNS_INT,1,[Define if gmtime_r returns int instead of struct tm pointer, as on old HP-UX systems.])
667		fi
668		fi
669		fi
670
671		AC_CHECK_FUNC(getservbyname_r,[
672		ac_cv_func_getservbyname_r=yes
673		if test "$ac_cv_func_getservbyname_r" = yes; then
674		AC_MSG_CHECKING([if getservbyname_r returns an int])
675		AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_int,
676		[AC_TRY_COMPILE([#include <netdb.h>
677		extern int getservbyname_r ();], [1;],
678		krb5_cv_getservbyname_r_returns_int=yes,
679		krb5_cv_getservbyname_r_returns_int=no)])
680		AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_int)
681
682		AC_MSG_CHECKING([if getservbyname_r returns a pointer])
683		AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_ptr,
684		[AC_TRY_COMPILE([#include <netdb.h>
685		extern struct servent *getservbyname_r ();], [1;],
686		krb5_cv_getservbyname_r_returns_ptr=yes,
687		krb5_cv_getservbyname_r_returns_ptr=no)])
688		AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_ptr)
689
690		if test "$krb5_cv_getservbyname_r_returns_int" = "$krb5_cv_getservbyname_r_returns_ptr"; then
691		AC_MSG_WARN(cannot determine return type of getservbyname_r -- disabling)
692		ac_cv_func_getservbyname_r=no
693		fi
694		if test "$krb5_cv_getservbyname_r_returns_int" = yes; then
695		AC_DEFINE(GETSERVBYNAME_R_RETURNS_INT, 1, [Define if getservbyname_r returns int rather than struct servent * ])
696		fi
697		fi
698		if test "$ac_cv_func_getservbyname_r" = yes; then
699		AC_DEFINE(HAVE_GETSERVBYNAME_R, 1, [Define if getservbyname_r exists and its return type is known])
700		AC_CHECK_FUNC(getservbyport_r)
701		fi
702		])
703
704		HAVE_YYLINENO
705		CHECK_DIRENT
706		AC_TYPE_UID_T
707
708		AC_CHECK_HEADER(termios.h,
709		[AC_CHECK_FUNC([tcsetattr],
710		AC_DEFINE(POSIX_TERMIOS,1,[Define if termios.h exists and tcsetattr exists]))])
711
712		KRB5_SIGTYPE
713		AC_CHECK_HEADERS(poll.h stdlib.h string.h stddef.h sys/types.h sys/file.h sys/param.h sys/stat.h sys/time.h netinet/in.h sys/uio.h sys/filio.h sys/select.h time.h paths.h errno.h)
714
715		# If compiling with IPv6 support, test if in6addr_any functions.
716		# Irix 6.5.16 defines it, but lacks support in the C library.
717		if test $krb5_cv_inet6 = yes \|\| test "$krb5_cv_inet6_with_dinet6" = yes ; then
718		AC_CACHE_CHECK([for in6addr_any definition in library],
719		krb5_cv_var_in6addr_any,
720		[AC_TRY_LINK([
721		#ifdef HAVE_SYS_TYPES_H
722		#include <sys/types.h>
723		#endif
724		#include <sys/socket.h>
725		#include <netinet/in.h>
726		#include <netdb.h>
727		],[
728		struct sockaddr_in6 in;
729		in.sin6_addr = in6addr_any;
730		printf("%x", &in);
731		],krb5_cv_var_in6addr_any=yes, krb5_cv_var_in6addr_any=no)])
732		if test $krb5_cv_var_in6addr_any = no; then
733		AC_DEFINE(NEED_INSIXADDR_ANY,1,[Define if in6addr_any is not defined in libc])
734		fi
735		fi
736
737		# then from osconf.h, we have
738
739		AC_HEADER_TIME
740		AC_CHECK_TYPE(time_t, long)
741		AC_CHECK_SIZEOF(time_t)
742		SIZEOF_TIME_T=$ac_cv_sizeof_time_t
743		AC_SUBST(SIZEOF_TIME_T)
744
745		# Determine where to put the replay cache.
746
747		AC_MSG_CHECKING([for replay cache directory])
748		AC_CACHE_VAL(krb5_cv_sys_rcdir,
749		[
750		if test $cross_compiling = yes; then
751		krb5_cv_sys_rcdir=/var/tmp
752		else
753		for t_dir in /var/tmp /usr/tmp /var/usr/tmp /tmp ; do
754		test -d $t_dir \|\| continue
755		krb5_cv_sys_rcdir=$t_dir
756		break
757		done
758		fi])
759		AC_MSG_RESULT($krb5_cv_sys_rcdir)
760		KRB5_RCTMPDIR=$krb5_cv_sys_rcdir
761		AC_SUBST(KRB5_RCTMPDIR)
762
763
764		AC_MSG_CHECKING(for socklen_t)
765		AC_CACHE_VAL(krb5_cv_has_type_socklen_t,
766		[AC_TRY_COMPILE(
767		[#include <sys/types.h>
768		#include <sys/socket.h>
769		],[sizeof (socklen_t);],
770		krb5_cv_has_type_socklen_t=yes,krb5_cv_has_type_socklen_t=no)])
771		AC_MSG_RESULT($krb5_cv_has_type_socklen_t)
772		if test $krb5_cv_has_type_socklen_t = yes; then
773		AC_DEFINE(HAVE_SOCKLEN_T,1,[Define if there is a socklen_t type. If not, probably use size_t])
774		fi
775
776		AC_MSG_CHECKING(for struct lifconf)
777		AC_CACHE_VAL(krb5_cv_has_struct_lifconf,
778		[AC_TRY_COMPILE(
779		[#include <sys/socket.h>
780		#include <net/if.h>
781		],[sizeof (struct lifconf);],
782		krb5_cv_has_struct_lifconf=yes,krb5_cv_has_struct_lifconf=no)])
783		AC_MSG_RESULT($krb5_cv_has_struct_lifconf)
784		if test $krb5_cv_has_struct_lifconf = yes; then
785		AC_DEFINE(HAVE_STRUCT_LIFCONF,1,[Define if there is a struct lifconf.])
786		fi
787		# HP-UX 11 uses stuct if_laddrconf
788		AC_MSG_CHECKING(for struct if_laddrconf)
789		AC_CACHE_VAL(krb5_cv_has_struct_if_laddrconf,
790		[AC_TRY_COMPILE(
791		[#include <sys/socket.h>
792		#include <net/if.h>
793		#include <net/if6.h>
794		],[sizeof (struct if_laddrconf);],
795		krb5_cv_has_struct_if_laddrconf=yes,krb5_cv_has_struct_if_laddrconf=no)])
796		AC_MSG_RESULT($krb5_cv_has_struct_if_laddrconf)
797		if test $krb5_cv_has_struct_if_laddrconf = yes; then
798		AC_DEFINE(HAVE_STRUCT_IF_LADDRCONF,1,[Define if there is a struct if_laddrconf.])
799		fi
800
801
802		AC_MSG_CHECKING([for h_errno in netdb.h])
803		AC_CACHE_VAL(krb5_cv_header_netdb_h_h_errno,
804		[AC_TRY_COMPILE(
805		[#include <netdb.h>],
806		[int x = h_errno;], krb5_cv_header_netdb_h_h_errno=yes,
807		krb5_cv_header_netdb_h_h_errno=no)])
808		AC_MSG_RESULT($krb5_cv_header_netdb_h_h_errno)
809		if test $krb5_cv_header_netdb_h_h_errno = yes; then
810		AC_DEFINE([HAVE_NETDB_H_H_ERRNO], 1,
811		[Define if netdb.h declares h_errno])
812		fi
813
814
815		AC_ARG_ENABLE([athena],
816		[ --enable-athena build with MIT Project Athena configuration],
817		AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
818
819
820		AC_C_INLINE
821		AH_TOP([
822		#ifndef KRB5_AUTOCONF_H
823		#define KRB5_AUTOCONF_H
824		])
825		AH_BOTTOM([
826		#if defined(__GNUC__) && !defined(inline)
827		/* Silence gcc pedantic warnings about ANSI C. */
828		# define inline __inline__
829		#endif
830		#endif /* KRB5_AUTOCONF_H */
831		])
832
833		AC_CHECK_TYPES([struct cmsghdr, struct in_pktinfo, struct in6_pktinfo, struct sockaddr_storage], , , [
834		#include <sys/types.h>
835		#include <sys/socket.h>
836		#include <netinet/in.h>
837		])
838		AC_CHECK_TYPES([struct rt_msghdr], , , [
839		#include <sys/socket.h>
840		#include <net/if.h>
841		#include <net/route.h>
842		])
843
844		# Tests for 64-bit edwards25519 code.
845		AC_CHECK_SIZEOF([size_t])
846		AC_CHECK_TYPES([__int128_t, __uint128_t])
847
848		# stuff for util/profile
849
850		# AC_KRB5_TCL already done
851		DO_TCL=
852		test "$TCL_LIBS" != "" && DO_TCL=ok
853		AC_SUBST(DO_TCL)
854
855		# types libdb2 wants
856
857		AC_CHECK_TYPES([ssize_t, u_char, u_int, u_long, u_int8_t, u_int16_t, u_int32_t, int8_t, int16_t, int32_t])
858
859		# Some libdb2 test programs want a shell that supports functions.
860		FCTSH=false
861		AC_PATH_PROG(SH,sh,false)
862		AC_PATH_PROG(SH5,sh5,false)
863		AC_PATH_PROG(BASH,bash,false)
864		for prog in $SH $SH5 $BASH; do
865		AC_MSG_CHECKING(if $prog supports functions)
866		if $prog -c 'foo() { true; }; foo' >/dev/null 2>&1; then
867		AC_MSG_RESULT(yes)
868		FCTSH=$prog
869		break
870		else
871		AC_MSG_RESULT(no)
872		fi
873		done
874		AC_SUBST(FCTSH)
875
876		# Test for POSIX 2001 *printf support (X/Open System Interfaces extension
877		# to ANSI/ISO C 1999 specification). Specifically, positional
878		# specifications; not checking for other features like %zx at present.
879		AC_MSG_CHECKING(for POSIX printf positional specification support)
880		AC_CACHE_VAL(ac_cv_printf_positional,[
881		AC_TRY_RUN([
882		#include <stdio.h>
883		#include <string.h>
884		const char expected[] = "200 100";
885		int main () {
886		char buf[30];
887		sprintf(buf, "%2\$x %1\$d", 100, 512);
888		if (strcmp(expected, buf)) {
889		fprintf(stderr,"bad result: <%s> wanted: <%s>\n", buf, expected);
890		return 1;
891		}
892		return 0;
893		}],
894		ac_cv_printf_positional=yes,
895		ac_cv_printf_positional=no,
896		AC_MSG_ERROR([Cannot test for printf positional argument support when cross compiling]))])
897		# Nothing for autoconf.h for now.
898		AC_MSG_RESULT($ac_cv_printf_positional)
899
900
901		# for t_locate_kdc test
902
903		AC_PATH_PROG(DIG, dig, false)
904		AC_PATH_PROG(NSLOOKUP, nslookup, false)
905
906		# for kadmin
907
908		AC_PROG_YACC
909		ath_compat=
910		AC_ARG_ENABLE([athena],
911		[ --enable-athena build with MIT Project Athena configuration],
912		ath_compat=compat,)
913		# The following are tests for the presence of programs required for
914		# kadmin testing.
915		AC_CHECK_PROG(have_RUNTEST,runtest,runtest)
916		AC_CHECK_PROG(have_PERL,perl,perl)
917		if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
918		DO_TEST=ok
919		fi
920		AC_SUBST(DO_TEST)
921
922		# The following are substituted into kadmin/testing/scripts/env-setup.sh
923		RBUILD=`pwd`
924		AC_SUBST(RBUILD)
925		case "$srcdir" in
926		/*) S_TOP=$srcdir ;;
927		*) S_TOP=`pwd`/$srcdir ;;
928		esac
929		AC_SUBST(S_TOP)
930		AC_PATH_PROG(PERL_PATH,perl)
931		AC_PATH_PROG(EXPECT,expect)
932		# For kadmin/testing/util/Makefile.in
933		if test "$TCL_LIBS" != "" ; then
934		DO_ALL=tcl
935		fi
936		AC_SUBST(DO_ALL)
937		KRB5_AC_PRIOCNTL_HACK
938		K5_GEN_FILE(kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin)
939		# for lib/kadm5
940		AC_CHECK_PROG(RUNTEST,runtest,runtest)
941		AC_CHECK_PROG(PERL,perl,perl)
942
943		# lib/gssapi
944		AC_CHECK_HEADER(xom.h,[
945		include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'], [
946		include_xom='echo "/* no xom.h */"'])
947		AC_SUBST(include_xom)
948
949
950		# lib/rpc
951		### Check where struct rpcent is declared.
952
953		# This is necessary to determine:
954		# 1. If /usr/include/netdb.h declares struct rpcent
955		# 2. If /usr/include/rpc/netdb.h declares struct rpcent
956
957		# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
958		# rpc/netdb.h, then nastiness could happen.
959
960		# Logic: If /usr/include/netdb.h declares struct rpcent, then check
961		# rpc/netdb.h. If /usr/include/rpc/netdb.h declares struct rpcent,
962		# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not. If
963		# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
964		# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
965
966		AC_MSG_CHECKING([where struct rpcent is declared])
967		AC_TRY_COMPILE([#include <netdb.h>],
968		[struct rpcent e;
969		char c = e.r_name[0];
970		int i = e.r_number;],
971		[AC_TRY_COMPILE([#include <rpc/netdb.h>],
972		[struct rpcent e;
973		char c = e.r_name[0];
974		int i = e.r_number;],
975		[AC_MSG_RESULT([rpc/netdb.h])
976		rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'],
977		[AC_MSG_RESULT([netdb.h])])],
978		[AC_MSG_RESULT([nowhere])
979		rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'])
980		AC_SUBST(rpcent_define)
981
982		AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
983		if test $ac_cv_header_sys_select_h = yes; then
984		GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
985		else
986		GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
987		fi
988		AC_SUBST(GSSRPC__SYS_SELECT_H)
989		if test $ac_cv_header_sys_time_h = yes; then
990		GSSRPC__SYS_TIME_H='#include <sys/time.h>'
991		else
992		GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
993		fi
994		AC_SUBST(GSSRPC__SYS_TIME_H)
995		if test $ac_cv_header_unistd_h = yes; then
996		GSSRPC__UNISTD_H='#include <unistd.h>'
997		else
998		GSSRPC__UNISTD_H='/* #include <unistd.h> */'
999		fi
1000		AC_SUBST(GSSRPC__UNISTD_H)
1001
1002		AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
1003		[krb5_cv_header_sys_param_h_maxhostnamelen],
1004		[AC_TRY_COMPILE([#include <sys/param.h>],
1005		[int i = MAXHOSTNAMELEN;],
1006		[krb5_cv_header_sys_param_h_maxhostnamelen=yes],
1007		[krb5_cv_header_sys_param_h_maxhostnamelen=no])])
1008		AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
1009		[krb5_cv_header_netdb_h_maxhostnamelen],
1010		[AC_TRY_COMPILE([#include <netdb.h>],
1011		[int i = MAXHOSTNAMELEN;],
1012		[krb5_cv_header_netdb_h_maxhostnamelen=yes],
1013		[krb5_cv_header_netdb_h_maxhostnamelen=no])])
1014
1015		GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
1016		GSSRPC__NETDB_H='/* #include <netdb.h> */'
1017		if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
1018		GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
1019		else
1020		if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
1021		GSSRPC__NETDB_H='#include <netdb.h>'
1022		else
1023		AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
1024		fi
1025		fi
1026		AC_SUBST(GSSRPC__SYS_PARAM_H)
1027		AC_SUBST(GSSRPC__NETDB_H)
1028
1029		AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
1030		[AC_TRY_COMPILE(
1031		[#include <sys/types.h>
1032		#if HAVE_UNISTD_H
1033		#include <unistd.h>
1034		#endif],
1035		[u_char c;
1036		u_int i;
1037		u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
1038		if test $krb5_cv_type_bsdaliases = yes; then
1039		GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
1040		else
1041		GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
1042		fi
1043		AC_SUBST(GSSRPC__BSD_TYPEALIASES)
1044
1045		AC_MSG_CHECKING([return type of setrpcent])
1046		AC_CACHE_VAL(k5_cv_type_setrpcent,
1047		[AC_TRY_COMPILE([#include <netdb.h>
1048		#ifdef __cplusplus
1049		extern "C"
1050		#endif
1051		extern void setrpcent();],
1052		[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])
1053		AC_MSG_RESULT($k5_cv_type_setrpcent)
1054		AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
1055
1056		AC_MSG_CHECKING([return type of endrpcent])
1057		AC_CACHE_VAL(k5_cv_type_endrpcent,
1058		[AC_TRY_COMPILE([#include <netdb.h>
1059		#ifdef __cplusplus
1060		extern "C"
1061		#endif
1062		extern void endrpcent();],
1063		[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])
1064		AC_MSG_RESULT($k5_cv_type_endrpcent)
1065		AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
1066		K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
1067		PASS=tcp
1068		AC_SUBST(PASS)
1069
1070		# for pkinit
1071		AC_ARG_ENABLE([pkinit],
1072		[ --disable-pkinit disable PKINIT plugin support],,
1073		enable_pkinit=try)
1074		if test "$enable_pkinit" = yes \|\| test "$enable_pkinit" = try; then
1075		AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay,
1076		[AC_COMPILE_IFELSE([AC_LANG_SOURCE([#include <openssl/opensslv.h>
1077		#if OPENSSL_VERSION_NUMBER < 0x10000000L
1078		# error openssl is too old, need 1.0.0
1079		#endif
1080		int i = 1;
1081		])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)])
1082		old_LIBS="$LIBS"
1083		AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
1084		LIBS="$old_LIBS"
1085		fi
1086		if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes \|\| test "$enable_pkinit" = try); then
1087		K5_GEN_MAKEFILE(plugins/preauth/pkinit)
1088		PKINIT=yes
1089		AC_CHECK_LIB(crypto, CMS_get0_content, [AC_DEFINE([HAVE_OPENSSL_CMS], 1, [Define if OpenSSL supports cms.])])
1090		elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
1091		AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
1092		else
1093		AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
1094		AC_MSG_NOTICE([Disabling PKINIT support.])
1095		PKINIT=no
1096		fi
1097		AC_SUBST(PKINIT)
1098
1099		# for lib/apputils
1100		AC_REPLACE_FUNCS(daemon)
1101
1102		# for tests/
1103		if test x"$RUNTEST" != x; then
1104		HAVE_RUNTEST=yes
1105		else
1106		HAVE_RUNTEST=no
1107		fi
1108		AC_SUBST(HAVE_RUNTEST)
1109
1110		# For Python tests.
1111		AC_CHECK_PROG(PYTHON,python3,python3)
1112		if text x"$PYTHON" = x; then
1113		AC_CHECK_PROG(PYTHON,python,python)
1114		fi
1115		HAVE_PYTHON=no
1116		if test x"$PYTHON" != x; then
1117		wantver="(sys.hexversion >= 0x3000000)"
1118		if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
1119		HAVE_PYTHON=yes
1120		fi
1121		fi
1122		AC_SUBST(HAVE_PYTHON)
1123
1124		# For cmocka tests.
1125		CMOCKA_LIBS=
1126		HAVE_CMOCKA=no
1127		HAVE_CMOCKA_H=no
1128		HAVE_CMOCKA_LIB=no
1129		AC_CHECK_HEADER(cmocka.h, [HAVE_CMOCKA_H=yes], :, [
1130		#include <stdarg.h>
1131		#include <stddef.h>
1132		#include <setjmp.h> ])
1133		AC_CHECK_LIB(cmocka, _cmocka_run_group_tests, [HAVE_CMOCKA_LIB=yes])
1134		if test "$HAVE_CMOCKA_LIB" = yes && test "$HAVE_CMOCKA_H" = yes; then
1135		HAVE_CMOCKA=yes
1136		CMOCKA_LIBS='-lcmocka'
1137		AC_DEFINE([HAVE_CMOCKA],1,[Define if cmocka library is available.])
1138		fi
1139		AC_SUBST(HAVE_CMOCKA)
1140		AC_SUBST(CMOCKA_LIBS)
1141
1142		# For URI lookup tests. Requires resolv_wrapper >= 1.1.5 for URI
1143		# support.
1144		HAVE_RESOLV_WRAPPER=0
1145		PKG_CHECK_EXISTS([resolv_wrapper >= 1.1.5], [HAVE_RESOLV_WRAPPER=1])
1146		AC_SUBST(HAVE_RESOLV_WRAPPER)
1147
1148		# for plugins/kdb/db2
1149
1150		# AIX is unusual in that it wants all symbols resolved at link time
1151		# Fortunately, it will allow us to link the kdb library now, even if
1152		# it is linked again later.
1153		case $krb5_cv_host in
1154		--aix*)
1155		DB_EXTRA_LIBS=-ldb
1156		;;
1157		*)
1158		DB_EXTRA_LIBS=
1159		;;
1160		esac
1161		AC_SUBST(DB_EXTRA_LIBS)
1162
1163
1164
1165		# Check for thread safety issues.
1166		# (Is there a better place for this?)
1167		# tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r"
1168		# Removed getpwnam_r and getpwuid_r because include/configure.in has some
1169		# more careful checks, and may decide to pretend that they're not found if
1170		# the function signatures can't be figured out.
1171		tsfuncs="gethostbyname_r getservbyname_r gmtime_r localtime_r"
1172		AC_CHECK_FUNCS($tsfuncs)
1173		if test "$enable_thread_support" = yes; then
1174		tsmissing=""
1175		for ts in $tsfuncs; do
1176		if eval "test \"\${ac_cv_func_$ts}\" != yes"; then
1177		tsmissing="$tsmissing $ts"
1178		fi
1179		done
1180		if test "$ac_cv_func_res_nsearch/$ac_cv_lib_resolv_res_nsearch" = "no/no"; then
1181		tsmissing="$tsmissing res_nsearch"
1182		fi
1183		if test "$tsmissing" != ""; then
1184		AC_MSG_WARN([Some functions that are needed for library thread])
1185		AC_MSG_WARN([safety appear to be missing.])
1186		for ts in $tsmissing; do
1187		AC_MSG_WARN([ missing thread-safe function: $ts])
1188		done
1189		AC_MSG_WARN([Without these functions, the installed libraries])
1190		AC_MSG_WARN([may not be thread-safe.])
1191		fi # tsmissing not empty
1192		fi # enable_thread_support
1193
1194		# Sadly, we seem to have accidentally committed ourselves in 1.4 to
1195		# an ABI that includes the existence of libkrb5support.0 even
1196		# though random apps should never use anything from it. And on
1197		# the Mac, to which that didn't apply, we can't use major version 0.
1198
1199		case $krb5_cv_host in
1200		--darwin* \| --rhapsody*) SUPPORTLIB_MAJOR=1 ;;
1201		*) SUPPORTLIB_MAJOR=0 ;;
1202		esac
1203		AC_SUBST(SUPPORTLIB_MAJOR)
1204
1205
1206		if test "$COM_ERR_VERSION" = k5 ; then
1207		K5_GEN_MAKEFILE(util/et)
1208		fi
1209		if test "$SS_VERSION" = k5 ; then
1210		K5_GEN_MAKEFILE(util/ss)
1211		fi
1212
1213
1214		ldap_plugin_dir=""
1215		ldap_lib=""
1216		if test -n "$OPENLDAP_PLUGIN"; then
1217		AC_CHECK_HEADERS(ldap.h lber.h, :, [AC_MSG_ERROR($ac_header not found)])
1218		AC_CHECK_LIB(ldap, ldap_str2dn, :, [AC_MSG_ERROR(libldap not found or missing ldap_str2dn)])
1219
1220		BER_OKAY=0
1221		AC_CHECK_LIB(ldap, ber_init, [BER_OKAY=1])
1222		if test "$BER_OKAY" = "1"; then
1223		LDAP_LIBS='-lldap'
1224		else
1225		AC_CHECK_LIB(lber, ber_init, [BER_OKAY=1], [AC_MSG_WARN([libber not found])])
1226		if test "$BER_OKAY" = "1"; then
1227		LDAP_LIBS='-lldap -llber'
1228		else
1229		AC_ERROR("BER library missing - cannot build LDAP database module")
1230		fi
1231		fi
1232		AC_DEFINE([ENABLE_LDAP], 1, [Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code) should be enabled.])
1233		AC_SUBST(LDAP_LIBS)
1234
1235		AC_CHECK_HEADERS([sasl/sasl.h], [HAVE_SASL=yes], [HAVE_SASL=no])
1236		AC_SUBST(HAVE_SASL)
1237		if test "$HAVE_SASL" = no; then
1238		AC_MSG_WARN([not building LDAP SASL support])
1239		fi
1240
1241		K5_GEN_MAKEFILE(plugins/kdb/ldap)
1242		K5_GEN_MAKEFILE(plugins/kdb/ldap/ldap_util)
1243		K5_GEN_MAKEFILE(plugins/kdb/ldap/libkdb_ldap)
1244		ldap_plugin_dir='plugins/kdb/ldap plugins/kdb/ldap/ldap_util'
1245		LDAP=yes
1246		else
1247		LDAP=no
1248		fi
1249		AC_SUBST(ldap_plugin_dir)
1250		AC_SUBST(LDAP)
1251		# This check is for plugins/preauth/securid_sam2
1252		sam2_plugin=""
1253		old_CFLAGS=$CFLAGS
1254		CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
1255		AC_CHECK_LIB(aceclnt, SD_Init, [
1256		AC_MSG_NOTICE([Enabling RSA securID support])
1257		K5_GEN_MAKEFILE(plugins/preauth/securid_sam2)
1258		sam2_plugin=plugins/preauth/securid_sam2
1259		])
1260		AC_SUBST(sam2_plugin)
1261		CFLAGS=$old_CFLAGS
1262
1263		lmdb_plugin_dir=""
1264		HAVE_LMDB=no
1265		AC_ARG_WITH([lmdb],
1266		AC_HELP_STRING([--with-lmdb],
1267		[compile LMDB database backend module @<:@auto@:>@]),,
1268		[withval=auto])
1269		if test "$withval" = auto -o "$withval" = yes; then
1270		AC_CHECK_LIB([lmdb],[mdb_env_create],[have_lmdb=true],[have_lmdb=false])
1271		if test "$have_lmdb" = true; then
1272		LMDB_LIBS=-llmdb
1273		HAVE_LMDB=yes
1274		lmdb_plugin_dir='plugins/kdb/lmdb'
1275		K5_GEN_MAKEFILE(plugins/kdb/lmdb)
1276		elif test "$withval" = yes; then
1277		AC_MSG_ERROR([liblmdb not found])
1278		fi
1279		fi
1280		AC_SUBST(HAVE_LMDB)
1281		AC_SUBST(LMDB_LIBS)
1282		AC_SUBST(lmdb_plugin_dir)
1283
1284		# Kludge for simple server --- FIXME is this the best way to do this?
1285
1286		if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then
1287		AC_DEFINE(BROKEN_STREAMS_SOCKETS,1,[Define if socket can't be bound to 0.0.0.0])
1288		fi
1289
1290		# Compile with libedit support in ss by default if available. Compile
1291		# with readline only if asked, to avoid a default GPL dependency.
1292		# Building with readline also breaks the dejagnu test suite.
1293		AC_ARG_WITH([libedit],
1294		AC_HELP_STRING([--without-libedit], [do not compile with libedit]),
1295		[], [with_libedit=default])
1296		AC_ARG_WITH([readline],
1297		AC_HELP_STRING([--with-readline], [compile with GNU Readline]),
1298		[], [with_readline=no])
1299		if test "x$with_readline" = xyes; then
1300		with_libedit=no
1301		fi
1302		RL_CFLAGS=
1303		RL_LIBS=
1304		if test "x$with_libedit" != xno; then
1305		PKG_CHECK_MODULES(LIBEDIT, libedit, [have_libedit=yes], [have_libedit=no])
1306		if test "x$have_libedit" = xyes; then
1307		RL_CFLAGS=$LIBEDIT_CFLAGS
1308		RL_LIBS=$LIBEDIT_LIBS
1309		AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.])
1310		AC_MSG_NOTICE([Using libedit for readline support])
1311		elif test "x$with_libedit" = xyes; then
1312		# We were explicitly asked for libedit and couldn't find it.
1313		AC_MSG_ERROR([Could not detect libedit with pkg-config])
1314		else
1315		AC_MSG_NOTICE([Not using any readline support])
1316		fi
1317		elif test "x$with_readline" = xyes; then
1318		AC_MSG_NOTICE([Using GNU Readline])
1319		AC_CHECK_LIB([readline], [main], :,
1320		AC_MSG_FAILURE([Cannot find readline library.]), [-lncurses])
1321		AC_DEFINE([HAVE_READLINE], 1, [Define if building with GNU Readline.])
1322		RL_LIBS='-lreadline -lhistory -lncurses'
1323		else
1324		AC_MSG_RESULT([Not using any readline support])
1325		fi
1326		AC_SUBST([RL_CFLAGS])
1327		AC_SUBST([RL_LIBS])
1328
1329		AC_ARG_WITH([system-verto],
1330		[AC_HELP_STRING([--with-system-verto], [always use system verto library])],
1331		[], [with_system_verto=default])
1332		VERTO_VERSION=k5
1333		if test "x$with_system_verto" != xno; then
1334		PKG_CHECK_MODULES(VERTO, libverto, [have_sysverto=yes], [have_sysverto=no])
1335		if test "x$have_sysverto" = xyes; then
1336		VERTO_VERSION=sys
1337		elif test "x$with_system_verto" = xyes; then
1338		AC_MSG_ERROR([cannot detect system libverto])
1339		fi
1340		fi
1341		if test "x$VERTO_VERSION" = xsys; then
1342		AC_MSG_NOTICE([Using system libverto])
1343		else
1344		VERTO_CFLAGS=
1345		VERTO_LIBS="-lverto"
1346		AC_MSG_NOTICE([Using built-in libverto])
1347		fi
1348		AC_SUBST([VERTO_CFLAGS])
1349		AC_SUBST([VERTO_LIBS])
1350		AC_SUBST([VERTO_VERSION])
1351
1352		AC_PATH_PROG(GROFF, groff)
1353
1354		# Make localedir work in autoconf 2.5x.
1355		if test "${localedir+set}" != set; then
1356		localedir='$(datadir)/locale'
1357		fi
1358		AC_SUBST(localedir)
1359
1360		# For KCM lib/krb5/ccache to build KCM Mach RPC support for macOS only.
1361		case $host in
1362		--darwin* \| --rhapsody*) OSX=osx ;;
1363		*) OSX=no ;;
1364		esac
1365		AC_SUBST(OSX)
1366
1367		# Build-time default ccache, keytab, and client keytab names. These
1368		# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
1369		# DEFCKTNAME. Otherwise, we try to get the OS defaults from
1370		# krb5-config if we can, or fall back to hardcoded defaults.
1371		AC_ARG_VAR(DEFCCNAME, [Default ccache name])
1372		AC_ARG_VAR(DEFKTNAME, [Default keytab name])
1373		AC_ARG_VAR(DEFCKTNAME, [Default client keytab name])
1374		AC_ARG_WITH([krb5-config],
1375		AC_HELP_STRING([--with-krb5-config=PATH],
1376		[path to existing krb5-config program for defaults]), ,
1377		[with_krb5_config=krb5-config])
1378		if test "x$with_krb5_config" != xno; then
1379		if test "x$with_krb5_config" = xyes; then
1380		with_krb5_config=krb5-config
1381		fi
1382		if $with_krb5_config --help 2>&1 \| grep defccname >/dev/null; then
1383		AC_MSG_NOTICE([Using $with_krb5_config for build defaults])
1384		: "${DEFCCNAME=`$with_krb5_config --defccname`}"
1385		: "${DEFKTNAME=`$with_krb5_config --defktname`}"
1386		: "${DEFCKTNAME=`$with_krb5_config --defcktname`}"
1387		fi
1388		fi
1389		dnl The outer brackets around the case statement prevent m4 from eating the
1390		dnl brackets in the glob patterns.
1391		if test "${DEFCCNAME+set}" != set; then
1392		[case $host in
1393		--darwin[0-9].* \| --darwin10.*)
1394		# Use the normal default for macOS 10.6 (Darwin 10) and prior.
1395		;;
1396		--darwin*)
1397		# For macOS 10.7 (Darwin 11) and later, the native ccache uses
1398		# the KCM daemon.
1399		DEFCCNAME=KCM:
1400		;;
1401		esac]
1402		if test "${DEFCCNAME+set}" != set; then
1403		DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
1404		fi
1405		fi
1406		if test "${DEFKTNAME+set}" != set; then
1407		DEFKTNAME=FILE:/etc/krb5.keytab
1408		fi
1409		if test "${DEFCKTNAME+set}" != set; then
1410		AX_RECURSIVE_EVAL($localstatedir, exp_localstatedir)
1411		DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
1412		fi
1413		AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
1414		AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
1415		AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
1416		AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name])
1417		AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name])
1418		AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
1419		[Define to default client keytab name])
1420
1421		AC_CONFIG_FILES([build-tools/krb5-config], [chmod +x build-tools/krb5-config])
1422		AC_CONFIG_FILES([build-tools/kadm-server.pc
1423		build-tools/kadm-client.pc
1424		build-tools/kdb.pc
1425		build-tools/krb5.pc
1426		build-tools/krb5-gssapi.pc
1427		build-tools/mit-krb5.pc
1428		build-tools/mit-krb5-gssapi.pc
1429		build-tools/gssrpc.pc
1430		])
1431		V5_AC_OUTPUT_MAKEFILE(.
1432
1433		util util/support util/profile util/profile/testmod
1434		util/verto
1435
1436		lib lib/kdb
1437
1438		lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL
1439		lib/crypto/$CRYPTO_IMPL/enc_provider
1440		lib/crypto/$CRYPTO_IMPL/hash_provider
1441		lib/crypto/$CRYPTO_IMPL/des
1442		lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
1443		lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2
1444		lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia
1445		lib/crypto/crypto_tests
1446
1447		lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
1448		dnl lib/krb5/ccache/ccapi
1449		lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os
1450		lib/krb5/unicode
1451
1452		lib/gssapi lib/gssapi/generic lib/gssapi/krb5 lib/gssapi/spnego
1453		lib/gssapi/mechglue
1454
1455		lib/rpc lib/rpc/unit-test
1456
1457		lib/kadm5 lib/kadm5/clnt lib/kadm5/srv lib/kadm5/unit-test
1458		lib/krad
1459		lib/apputils
1460
1461		dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
1462
1463		kdc kprop config-files build-tools man doc include
1464
1465		plugins/certauth/test
1466		plugins/hostrealm/test
1467		plugins/localauth/test
1468		plugins/kadm5_hook/test
1469		plugins/kadm5_auth/test
1470		plugins/pwqual/test
1471		plugins/audit
1472		plugins/audit/test
1473		plugins/kdb/db2
1474		plugins/kdb/db2/libdb2
1475		plugins/kdb/db2/libdb2/hash
1476		plugins/kdb/db2/libdb2/btree
1477		plugins/kdb/db2/libdb2/db
1478		plugins/kdb/db2/libdb2/mpool
1479		plugins/kdb/db2/libdb2/recno
1480		plugins/kdb/db2/libdb2/test
1481		plugins/kdb/test
1482		plugins/kdcpolicy/test
1483		plugins/preauth/otp
1484		plugins/preauth/spake
1485		plugins/preauth/test
1486		plugins/authdata/greet_client
1487		plugins/authdata/greet_server
1488		plugins/tls/k5tls
1489
1490		clients clients/klist clients/kinit clients/kvno
1491		clients/kdestroy clients/kpasswd clients/ksu clients/kswitch
1492
1493		kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
1494		kadmin/testing kadmin/testing/scripts kadmin/testing/util
1495
1496		appl
1497		appl/sample appl/sample/sclient appl/sample/sserver
1498		appl/simple appl/simple/client appl/simple/server
1499		appl/gss-sample appl/user_user
1500
1501		tests tests/resolve tests/asn.1 tests/create tests/hammer
1502		tests/verify tests/gssapi tests/dejagnu tests/threads tests/shlib
1503		tests/gss-threads tests/misc
1504		po
1505		)

+1

-1

src/doc/Makefile.in less more

47	47
48	48	# Dummy target for use in an unconfigured source tree.
49	49	htmlsrc:
50		$(MAKE) -f Makefile.in srcdir=. top_srcdir=.. PYTHON=python html clean
	50	$(MAKE) -f Makefile.in srcdir=. top_srcdir=.. PYTHON=python3 html clean
51	51
52	52	# Create HTML documentation in html_subst suitable for
53	53	# installation by an OS package, with substitutions for configured

+40

-116

src/include/CredentialsCache.h less more

103	103	* \section introduction Introduction
104	104	*
105	105	* This is the specification for an API which provides Credentials Cache
106		* services for both Kerberos v5 and v4. The idea behind this API is that
107		* multiple Kerberos implementations can share a single collection of
108		* credentials caches, mediated by this API specification. On the Mac OS
109		* and Microsoft Windows platforms this will allow single-login, even when
110		* more than one Kerberos shared library is in use on a particular system.
	106	* services for Kerberos v5 (and previously v4). The idea behind this API is
	107	* that multiple Kerberos implementations can share a single collection of
	108	* credentials caches, mediated by this API specification. On the Mac OS and
	109	* Microsoft Windows platforms this will allow single-login, even when more
	110	* than one Kerberos shared library is in use on a particular system.
111	111	*
112	112	* Abstractly, a credentials cache collection contains one or more credentials
113	113	* caches, or ccaches. A ccache is uniquely identified by its name, which is
114	114	* a string internal to the API and not intended to be presented to users.
115	115	* The user presentable identifier of a ccache is its principal.
116	116	*
117		* Unlike the previous versions of the API, version 3 of the API stores both
118		* Kerberos v4 and v5 credentials in the same ccache.
	117	* Unlike the previous versions of the API, version 3 of the API could store
	118	* credentials for multiple Kerberos versions in the same ccache.
119	119	*
120	120	* At any given time, one ccache is the "default" ccache. The exact meaning
121	121	* of a default ccache is OS-specific; refer to implementation requirements

304	304	/*!
305	305	* Credentials versions
306	306	*
307		* These constants are used in several places in the API to discern
308		* between Kerberos v4 and Kerberos v5. Not all values are valid
309		* inputs and outputs for all functions; function specifications
310		* below detail the allowed values.
	307	* These constants are used in several places in the API to discern Kerberos
	308	* versions. Not all values are valid inputs and outputs for all functions;
	309	* function specifications below detail the allowed values.
311	310	*
312	311	* Kerberos version constants will always be a bit-field, and can be
313	312	* tested as such; for example the following test will tell you if

316	315	* if ((ccacheVersion & cc_credentials_v5) != 0)
317	316	*/
318	317	enum cc_credential_versions {
319		cc_credentials_v4 = 1,
	318	/* cc_credentials_v4 = 1, */
320	319	cc_credentials_v5 = 2,
321		cc_credentials_v4_v5 = 3
	320	/* cc_credentials_v4_v5 = 3 */
322	321	};
323	322
324	323	/*!

350	349	enum cc_lock_modes {
351	350	cc_lock_noblock = 0,
352	351	cc_lock_block = 1
353		};
354
355		/*!
356		* Sizes of fields in cc_credentials_v4_t.
357		*/
358		enum {
359		/* Make sure all of these are multiples of four (for alignment sanity) */
360		cc_v4_name_size = 40,
361		cc_v4_instance_size = 40,
362		cc_v4_realm_size = 40,
363		cc_v4_ticket_size = 1254,
364		cc_v4_key_size = 8
365		};
366
367		/*!
368		* String to key type (Kerberos v4 only)
369		*/
370		enum cc_string_to_key_type {
371		cc_v4_stk_afs = 0,
372		cc_v4_stk_des = 1,
373		cc_v4_stk_columbia_special = 2,
374		cc_v4_stk_krb5 = 3,
375		cc_v4_stk_unknown = 4
376	352	};
377	353
378	354	/!@}/

481	457	* \defgroup cc_credentials_reference cc_credentials_t Overview
482	458	* @{
483	459	*
484		* The cc_credentials_t type is used to store a single set of
485		* credentials for either Kerberos v4 or Kerberos v5. In addition
486		* to its only function, release(), it contains a pointer to a
487		* cc_credentials_union structure. A cc_credentials_union
	460	* The cc_credentials_t type is used to store a single set of credentials for
	461	* Kerberos v5. In addition to its only function, release(), it contains a
	462	* pointer to a cc_credentials_union structure. A cc_credentials_union
488	463	* structure contains an integer of the enumerator type
489		* cc_credentials_version, which is either #cc_credentials_v4 or
490		* #cc_credentials_v5, and a pointer union, which contains either a
491		* cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer,
492		* depending on the value in version.
	464	* cc_credentials_version, which is #cc_credentials_v5, and a pointer union,
	465	* which contains a cc_credentials_v5_t pointer, depending on the value in
	466	* version.
493	467	*
494	468	* Variables of the type cc_credentials_t are allocated by the CCAPI
495	469	* implementation, and should be released with their release()

499	473	*
500	474	* For API functions see \ref cc_credentials_f.
501	475	*/
502
503		/*!
504		* If a cc_credentials_t variable is used to store Kerberos v4
505		* credentials, then credentials.credentials_v4 points to a v4
506		* credentials structure. This structure is similar to a
507		* krb4 API CREDENTIALS structure.
508		*/
509		struct cc_credentials_v4_t {
510		cc_uint32 version;
511		/! A properly quoted string representation of the first component of the client principal /
512		char principal [cc_v4_name_size];
513		/! A properly quoted string representation of the second component of the client principal /
514		char principal_instance [cc_v4_instance_size];
515		/! A properly quoted string representation of the first component of the service principal /
516		char service [cc_v4_name_size];
517		/! A properly quoted string representation of the second component of the service principal /
518		char service_instance [cc_v4_instance_size];
519		/! A properly quoted string representation of the realm /
520		char realm [cc_v4_realm_size];
521		/! Ticket session key /
522		unsigned char session_key [cc_v4_key_size];
523		/! Key version number /
524		cc_int32 kvno;
525		/! String to key type used. See cc_string_to_key_type for valid values /
526		cc_int32 string_to_key_type;
527		/! Time when the ticket was issued /
528		cc_time_t issue_date;
529		/! Ticket lifetime in 5 minute units /
530		cc_int32 lifetime;
531		/! IPv4 address of the client the ticket was issued for /
532		cc_uint32 address;
533		/! Ticket size (no greater than cc_v4_ticket_size) /
534		cc_int32 ticket_size;
535		/! Ticket data /
536		unsigned char ticket [cc_v4_ticket_size];
537		};
538		typedef struct cc_credentials_v4_t cc_credentials_v4_t;
539	476
540	477	/*!
541	478	* The CCAPI data structure. This structure is similar to a krb5_data structure.

601	538	cc_uint32 version;
602	539	/! The credentials. /
603	540	union {
604		/! If \a version is #cc_credentials_v4, a pointer to a cc_credentials_v4_t. /
605		cc_credentials_v4_t* credentials_v4;
606	541	/! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. /
607	542	cc_credentials_v5_t* credentials_v5;
608	543	} credentials;

780	715	* \return On success, #ccNoError. On failure, an error code representing the failure.
781	716	* \brief \b cc_context_create_ccache(): Create a new ccache.
782	717	*
783		* Create a new credentials cache. The ccache is uniquely identified by its name.
784		* The principal given is also associated with the ccache and the credentials
785		* version specified. A NULL name is not allowed (and ccErrBadName is returned
786		* if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid
787		* input values for cred_vers. If you want to create a new ccache that will hold
788		* both versions of credentials, call cc_context_create_ccache() with one version,
789		* and then cc_ccache_set_principal() with the other version.
	718	* Create a new credentials cache. The ccache is uniquely identified by
	719	* its name. The principal given is also associated with the ccache and
	720	* the credentials version specified. A NULL name is not allowed (and
	721	* ccErrBadName is returned if one is passed in). Only cc_credentials_v5
	722	* can be an input value for cred_vers.
790	723	*
791	724	* If you want to create a new ccache (with a unique name), you should use
792	725	* cc_context_create_new_ccache() instead. If you want to create or reinitialize

813	746	* cc_context_get_default_ccache_name()); see the description of
814	747	* cc_context_get_default_ccache_name() for details.
815	748	*
816		* The principal should be a C string containing an unparsed Kerberos principal
817		* in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ
818		* \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim
819		* for Kerberos v5.
	749	* The principal should be a C string containing an unparsed Kerberos
	750	* principal in the format of the appropriate Kerberos version,
	751	* i.e. \verbatim foo/bar/@BAZ \endverbatim for Kerberos v5.
820	752	*/
821	753	cc_int32 (*create_ccache) (cc_context_t in_context,
822	754	const char *in_name,

1013	945	* \return On success, #ccNoError. On failure, an error code representing the failure.
1014	946	* \brief \b cc_ccache_get_credentials_version(): Get the credentials version of a ccache.
1015	947	*
1016		* cc_ccache_get_credentials_version() returns one value of the enumerated type
1017		* cc_credentials_vers. The possible return values are #cc_credentials_v4
1018		* (if ccache's v4 principal has been set), #cc_credentials_v5
1019		* (if ccache's v5 principal has been set), or #cc_credentials_v4_v5
1020		* (if both ccache's v4 and v5 principals have been set). A ccache's
1021		* principal is set with one of cc_context_create_ccache(),
1022		* cc_context_create_new_ccache(), cc_context_create_default_ccache(), or
1023		* cc_ccache_set_principal().
	948	* cc_ccache_get_credentials_version() returns one value of the enumerated
	949	* type cc_credentials_vers. The return value is #cc_credentials_v5 (if
	950	* ccache's v5 principal has been set). A ccache's principal is set with
	951	* one of cc_context_create_ccache(), cc_context_create_new_ccache(),
	952	* cc_context_create_default_ccache(), or cc_ccache_set_principal().
1024	953	*/
1025	954	cc_int32 (*get_credentials_version) (cc_ccache_t in_ccache,
1026	955	cc_uint32 *out_credentials_version);

1045	974	*
1046	975	* Return the principal for the ccache that was set via cc_context_create_ccache(),
1047	976	* cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
1048		* cc_ccache_set_principal(). Principals for v4 and v5 are separate, but
1049		* should be kept synchronized for each ccache; they can be retrieved by
1050		* passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing
1051		* cc_credentials_v4_v5 will result in the error ccErrBadCredentialsVersion.
	977	* cc_ccache_set_principal().
1052	978	*/
1053	979	cc_int32 (*get_principal) (cc_ccache_t in_ccache,
1054	980	cc_uint32 in_credentials_version,

1062	988	* \return On success, #ccNoError. On failure, an error code representing the failure.
1063	989	* \brief \b cc_ccache_set_principal(): Set the principal of a ccache.
1064	990	*
1065		* Set the a principal for ccache. The v4 and v5 principals can be set
1066		* independently, but they should always be kept equal, up to differences in
1067		* string representation between v4 and v5. Passing cc_credentials_v4_v5 in
1068		* cred_vers will result in the error ccErrBadCredentialsVersion.
	991	* Set the a principal for ccache.
1069	992	*/
1070	993	cc_int32 (*set_principal) (cc_ccache_t io_ccache,
1071	994	cc_uint32 in_credentials_version,

1082	1005	* See the description of the credentials types for the meaning of
1083	1006	* cc_credentials_union fields.
1084	1007	*
1085		* Before credentials of a specific credential type can be stored in a ccache,
1086		* the corresponding principal version has to be set. For example, before you can
1087		* store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set
1088		* either by cc_context_create_ccache(), cc_context_create_default_ccache(),
1089		* cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for
1090		* Kerberos v5. Otherwise, ccErrBadCredentialsVersion is returned.
	1008	* Before credentials of a specific credential type can be stored in a
	1009	* ccache, the corresponding principal version has to be set. That is,
	1010	* before you can store Kerberos v5 credentials in a ccache, the Kerberos
	1011	* v5 principal has to be set either by cc_context_create_ccache(),
	1012	* cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
	1013	* cc_ccache_set_principal(); otherwise, ccErrBadCredentialsVersion is
	1014	* returned.
1091	1015	*/
1092	1016	cc_int32 (*store_credentials) (cc_ccache_t io_ccache,
1093	1017	const cc_credentials_union *in_credentials_union);

+1

-25

src/include/CredentialsCache2.h less more

85	85	} cc_credentials_v5_compat;
86	86
87	87	enum {
88		MAX_V4_CRED_LEN = 1250
89		};
90
91		enum {
92	88	KRB_NAME_SZ = 40,
93	89	KRB_INSTANCE_SZ = 40,
94	90	KRB_REALM_SZ = 40
95	91	};
96	92
97		typedef struct cc_credentials_v4_compat {
98		unsigned char kversion;
99		char principal[KRB_NAME_SZ+1];
100		char principal_instance[KRB_INSTANCE_SZ+1];
101		char service[KRB_NAME_SZ+1];
102		char service_instance[KRB_INSTANCE_SZ+1];
103		char realm[KRB_REALM_SZ+1];
104		unsigned char session_key[8];
105		cc_int32 kvno;
106		cc_int32 str_to_key;
107		long issue_date;
108		cc_int32 lifetime;
109		cc_uint32 address;
110		cc_int32 ticket_sz;
111		unsigned char ticket[MAX_V4_CRED_LEN];
112		unsigned long oops;
113		} cc_credentials_v4_compat;
114
115	93	typedef union cred_ptr_union_compat {
116		cc_credentials_v4_compat* pV4Cred;
117	94	cc_credentials_v5_compat* pV5Cred;
118	95	} cred_ptr_union_compat;
119	96

134	111
135	112	/* Some old type names */
136	113
137		typedef cc_credentials_v4_compat V4Cred_type;
138	114	typedef cc_credentials_v5_compat cc_creds;
139	115	struct ccache_cit;
140	116	typedef struct ccache_cit ccache_cit;

165	141
166	142	enum {
167	143	CC_CRED_UNKNOWN,
168		CC_CRED_V4,
	144	/* CC_CRED_V4, */
169	145	CC_CRED_V5,
170	146	CC_CRED_MAX
171	147	};

+1

-1

src/include/Makefile.in less more

32	32	all-unix: @MAINT@ verify-calling-conventions-krb5
33	33
34	34	$(srcdir)/autoconf.h.in: @MAINT@ $(srcdir)/autoconf.stmp
35		$(srcdir)/autoconf.stmp: $(top_srcdir)/configure.in $(top_srcdir)/aclocal.m4
	35	$(srcdir)/autoconf.stmp: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4
36	36	(cd $(top_srcdir) && $(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS))
37	37	touch $(srcdir)/autoconf.stmp
38	38

+16

-1

src/include/autoconf.h.in less more

0		/* include/autoconf.h.in. Generated from configure.in by autoheader. */
	0	/* include/autoconf.h.in. Generated from configure.ac by autoheader. */
1	1
2	2
3	3	#ifndef KRB5_AUTOCONF_H

152	152	/* Define to 1 if you have the <errno.h> header file. */
153	153	#undef HAVE_ERRNO_H
154	154
	155	/* Define to 1 if you have the `explicit_bzero' function. */
	156	#undef HAVE_EXPLICIT_BZERO
	157
	158	/* Define to 1 if you have the `explicit_memset' function. */
	159	#undef HAVE_EXPLICIT_MEMSET
	160
155	161	/* Define to 1 if you have the `fchmod' function. */
156	162	#undef HAVE_FCHMOD
157	163

197	203	/* Define if getpwuid_r is available and useful. */
198	204	#undef HAVE_GETPWUID_R
199	205
	206	/* Define to 1 if you have the `getresgid' function. */
	207	#undef HAVE_GETRESGID
	208
	209	/* Define to 1 if you have the `getresuid' function. */
	210	#undef HAVE_GETRESUID
	211
200	212	/* Define if getservbyname_r exists and its return type is known */
201	213	#undef HAVE_GETSERVBYNAME_R
202	214

367	379
368	380	/* Define if struct sockaddr contains sa_len */
369	381	#undef HAVE_SA_LEN
	382
	383	/* Define to 1 if you have the `secure_getenv' function. */
	384	#undef HAVE_SECURE_GETENV
370	385
371	386	/* Define to 1 if you have the `setegid' function. */
372	387	#undef HAVE_SETEGID

+1

-1

src/include/fake-addrinfo.h less more

84	84
85	85	+ Use gethostbyname2, inet_aton and other IPv6 or thread-safe
86	86	functions if available. But, see
87		http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
	87	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
88	88	gethostbyname2 problem on Linux. And besides, if a platform is
89	89	supporting IPv6 at all, they really should be doing getaddrinfo
90	90	by now.

+1

-1

src/include/gssrpc/clnt.h less more

69	69	* callrpc & clnt_create errors
70	70	*/
71	71	RPC_UNKNOWNHOST=13, /* unknown host name */
72		RPC_UNKNOWNPROTO=17, /* unkown protocol */
	72	RPC_UNKNOWNPROTO=17, /* unknown protocol */
73	73
74	74	/*
75	75	* _ create errors

+54

-0

src/include/k5-buf.h less more

107	107	*/
108	108	void k5_buf_free(struct k5buf *buf);
109	109
	110	static inline void
	111	k5_buf_add_uint16_be(struct k5buf *buf, uint16_t val)
	112	{
	113	void *p = k5_buf_get_space(buf, 2);
	114
	115	if (p != NULL)
	116	store_16_be(val, p);
	117	}
	118
	119	static inline void
	120	k5_buf_add_uint16_le(struct k5buf *buf, uint16_t val)
	121	{
	122	void *p = k5_buf_get_space(buf, 2);
	123
	124	if (p != NULL)
	125	store_16_le(val, p);
	126	}
	127
	128	static inline void
	129	k5_buf_add_uint32_be(struct k5buf *buf, uint32_t val)
	130	{
	131	void *p = k5_buf_get_space(buf, 4);
	132
	133	if (p != NULL)
	134	store_32_be(val, p);
	135	}
	136
	137	static inline void
	138	k5_buf_add_uint32_le(struct k5buf *buf, uint32_t val)
	139	{
	140	void *p = k5_buf_get_space(buf, 4);
	141
	142	if (p != NULL)
	143	store_32_le(val, p);
	144	}
	145
	146	static inline void
	147	k5_buf_add_uint64_be(struct k5buf *buf, uint64_t val)
	148	{
	149	void *p = k5_buf_get_space(buf, 8);
	150
	151	if (p != NULL)
	152	store_64_be(val, p);
	153	}
	154
	155	static inline void
	156	k5_buf_add_uint64_le(struct k5buf *buf, uint64_t val)
	157	{
	158	void *p = k5_buf_get_space(buf, 8);
	159
	160	if (p != NULL)
	161	store_64_le(val, p);
	162	}
	163
110	164	#endif /* K5_BUF_H */

+3

-0

src/include/k5-hashtab.h less more

75	75	/* Retrieve a value from a hash table by key. */
76	76	void k5_hashtab_get(struct k5_hashtab ht, const void *key, size_t klen);
77	77
	78	uint64_t k5_siphash24(const uint8_t *data, size_t len,
	79	const uint8_t seed[K5_HASH_SEED_LEN]);
	80
78	81	#endif /* K5_HASH_H */

+0

-74

src/include/k5-int-pkinit.h less more

44	44	krb5_data *freshnessToken;
45	45	} krb5_pk_authenticator;
46	46
47		/* PKAuthenticator draft9 */
48		typedef struct _krb5_pk_authenticator_draft9 {
49		krb5_principal kdcName;
50		krb5_int32 cusec; /* (0..999999) */
51		krb5_timestamp ctime;
52		krb5_int32 nonce; /* (0..4294967295) */
53		} krb5_pk_authenticator_draft9;
54
55	47	/* AlgorithmIdentifier */
56	48	typedef struct _krb5_algorithm_identifier {
57	49	krb5_data algorithm; /* OID */

73	65	krb5_data *supportedKDFs; / OIDs of KDFs; OPTIONAL */
74	66	} krb5_auth_pack;
75	67
76		/* AuthPack draft9 */
77		typedef struct _krb5_auth_pack_draft9 {
78		krb5_pk_authenticator_draft9 pkAuthenticator;
79		krb5_subject_pk_info clientPublicValue; / Optional */
80		} krb5_auth_pack_draft9;
81
82	68	/* ExternalPrincipalIdentifier */
83	69	typedef struct _krb5_external_principal_identifier {
84	70	krb5_data subjectName; /* Optional */

86	72	krb5_data subjectKeyIdentifier; /* Optional */
87	73	} krb5_external_principal_identifier;
88	74
89		/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
90		/* This has four fields, but we only care about the first and third for
91		* encoding, and the only about the first for decoding. */
92		typedef struct _krb5_pa_pk_as_req_draft9 {
93		krb5_data signedAuthPack;
94		krb5_data kdcCert; /* Optional */
95		} krb5_pa_pk_as_req_draft9;
96
97	75	/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
98	76	typedef struct _krb5_pa_pk_as_req {
99	77	krb5_data signedAuthPack;

115	93	krb5_timestamp dhKeyExpiration; /* Optional */
116	94	} krb5_kdc_dh_key_info;
117	95
118		/* KDCDHKeyInfo draft9*/
119		typedef struct _krb5_kdc_dh_key_info_draft9 {
120		krb5_data subjectPublicKey; /* BIT STRING */
121		krb5_int32 nonce; /* (0..4294967295) */
122		} krb5_kdc_dh_key_info_draft9;
123
124	96	/* ReplyKeyPack */
125	97	typedef struct _krb5_reply_key_pack {
126	98	krb5_keyblock replyKey;
127	99	krb5_checksum asChecksum;
128	100	} krb5_reply_key_pack;
129
130		/* ReplyKeyPack */
131		typedef struct _krb5_reply_key_pack_draft9 {
132		krb5_keyblock replyKey;
133		krb5_int32 nonce;
134		} krb5_reply_key_pack_draft9;
135
136		/* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
137		typedef struct _krb5_pa_pk_as_rep_draft9 {
138		enum krb5_pa_pk_as_rep_draft9_selection {
139		choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
140		choice_pa_pk_as_rep_draft9_dhSignedData = 0,
141		choice_pa_pk_as_rep_draft9_encKeyPack = 1
142		} choice;
143		union krb5_pa_pk_as_rep_draft9_choices {
144		krb5_data dhSignedData;
145		krb5_data encKeyPack;
146		} u;
147		} krb5_pa_pk_as_rep_draft9;
148	101
149	102	/* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
150	103	typedef struct _krb5_pa_pk_as_rep {

186	139	encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req rep, krb5_data *code);
187	140
188	141	krb5_error_code
189		encode_krb5_pa_pk_as_req_draft9(const krb5_pa_pk_as_req_draft9 *rep,
190		krb5_data **code);
191
192		krb5_error_code
193	142	encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep rep, krb5_data *code);
194	143
195	144	krb5_error_code
196		encode_krb5_pa_pk_as_rep_draft9(const krb5_pa_pk_as_rep_draft9 *rep,
197		krb5_data **code);
198
199		krb5_error_code
200	145	encode_krb5_auth_pack(const krb5_auth_pack rep, krb5_data *code);
201	146
202	147	krb5_error_code
203		encode_krb5_auth_pack_draft9(const krb5_auth_pack_draft9 *rep,
204		krb5_data **code);
205
206		krb5_error_code
207	148	encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info rep, krb5_data *code);
208	149
209	150	krb5_error_code
210	151	encode_krb5_reply_key_pack(const krb5_reply_key_pack , krb5_data *code);
211
212		krb5_error_code
213		encode_krb5_reply_key_pack_draft9(const krb5_reply_key_pack_draft9 *,
214		krb5_data **code);
215	152
216	153	krb5_error_code
217	154	encode_krb5_td_trusted_certifiers(krb5_external_principal_identifier const ,

237	174	decode_krb5_pa_pk_as_req(const krb5_data , krb5_pa_pk_as_req *);
238	175
239	176	krb5_error_code
240		decode_krb5_pa_pk_as_req_draft9(const krb5_data *,
241		krb5_pa_pk_as_req_draft9 **);
242
243		krb5_error_code
244	177	decode_krb5_pa_pk_as_rep(const krb5_data , krb5_pa_pk_as_rep *);
245	178
246	179	krb5_error_code
247	180	decode_krb5_auth_pack(const krb5_data , krb5_auth_pack *);
248	181
249	182	krb5_error_code
250		decode_krb5_auth_pack_draft9(const krb5_data , krb5_auth_pack_draft9 *);
251
252		krb5_error_code
253	183	decode_krb5_kdc_dh_key_info(const krb5_data , krb5_kdc_dh_key_info *);
254	184
255	185	krb5_error_code

257	187
258	188	krb5_error_code
259	189	decode_krb5_reply_key_pack(const krb5_data , krb5_reply_key_pack *);
260
261		krb5_error_code
262		decode_krb5_reply_key_pack_draft9(const krb5_data *,
263		krb5_reply_key_pack_draft9 **);
264	190
265	191	krb5_error_code
266	192	decode_krb5_td_trusted_certifiers(const krb5_data *,

+174

-156

src/include/k5-int.h less more

180	180	#define KRB5_CONF_ACL_FILE "acl_file"
181	181	#define KRB5_CONF_ADMIN_SERVER "admin_server"
182	182	#define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto"
183		#define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type"
184	183	#define KRB5_CONF_AUTH_TO_LOCAL "auth_to_local"
185	184	#define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names"
186	185	#define KRB5_CONF_CANONICALIZE "canonicalize"

196	195	#define KRB5_CONF_DEFAULT_KEYTAB_NAME "default_keytab_name"
197	196	#define KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION "default_principal_expiration"
198	197	#define KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS "default_principal_flags"
	198	#define KRB5_CONF_DEFAULT_RCACHE_NAME "default_rcache_name"
199	199	#define KRB5_CONF_DEFAULT_REALM "default_realm"
200	200	#define KRB5_CONF_DEFAULT_TGS_ENCTYPES "default_tgs_enctypes"
201	201	#define KRB5_CONF_DEFAULT_TKT_ENCTYPES "default_tkt_enctypes"
202		#define KRB5_CONF_DES_CRC_SESSION_SUPPORTED "des_crc_session_supported"
203	202	#define KRB5_CONF_DICT_FILE "dict_file"
204	203	#define KRB5_CONF_DISABLE "disable"
205	204	#define KRB5_CONF_DISABLE_ENCRYPTED_TIMESTAMP "disable_encrypted_timestamp"

213	212	#define KRB5_CONF_DOMAIN_REALM "domain_realm"
214	213	#define KRB5_CONF_ENABLE_ONLY "enable_only"
215	214	#define KRB5_CONF_ENCRYPTED_CHALLENGE_INDICATOR "encrypted_challenge_indicator"
	215	#define KRB5_CONF_ENFORCE_OK_AS_DELEGATE "enforce_ok_as_delegate"
216	216	#define KRB5_CONF_ERR_FMT "err_fmt"
217	217	#define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses"
218	218	#define KRB5_CONF_FORWARDABLE "forwardable"

239	239	#define KRB5_CONF_KDC_LISTEN "kdc_listen"
240	240	#define KRB5_CONF_KDC_MAX_DGRAM_REPLY_SIZE "kdc_max_dgram_reply_size"
241	241	#define KRB5_CONF_KDC_PORTS "kdc_ports"
242		#define KRB5_CONF_KDC_REQ_CHECKSUM_TYPE "kdc_req_checksum_type"
243	242	#define KRB5_CONF_KDC_TCP_PORTS "kdc_tcp_ports"
244	243	#define KRB5_CONF_KDC_TCP_LISTEN "kdc_tcp_listen"
245	244	#define KRB5_CONF_KDC_TCP_LISTEN_BACKLOG "kdc_tcp_listen_backlog"

281	280	#define KRB5_CONF_PLUGIN_BASE_DIR "plugin_base_dir"
282	281	#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types"
283	282	#define KRB5_CONF_PROXIABLE "proxiable"
	283	#define KRB5_CONF_QUALIFY_SHORTNAME "qualify_shortname"
284	284	#define KRB5_CONF_RDNS "rdns"
285	285	#define KRB5_CONF_REALMS "realms"
286	286	#define KRB5_CONF_REALM_TRY_DOMAINS "realm_try_domains"
287	287	#define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit"
288	288	#define KRB5_CONF_RENEW_LIFETIME "renew_lifetime"
289	289	#define KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT "restrict_anonymous_to_tgt"
290		#define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type"
291	290	#define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes"
292	291	#define KRB5_CONF_SPAKE_PREAUTH_INDICATOR "spake_preauth_indicator"
293	292	#define KRB5_CONF_SPAKE_PREAUTH_KDC_CHALLENGE "spake_preauth_kdc_challenge"

561	560	krb5_pa_data **data;
562	561	} krb5_secure_cookie;
563	562
	563	typedef struct _krb5_pa_pac_options {
	564	krb5_flags options;
	565	} krb5_pa_pac_options;
	566
	567	/* In PAC options, indicates Resource-Based Constrained Delegation support. */
	568	#define KRB5_PA_PAC_OPTIONS_RBCD 0x10000000
	569
564	570	#include <stdlib.h>
565	571	#include <string.h>
566	572

665	671	}
666	672	}
667	673
668		/*
669		* Combine two keys (normally used by the hardware preauth mechanism)
670		*/
671		krb5_error_code
672		krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
673		krb5_keyblock key2, krb5_keyblock outkey);
	674	/* Convenience function: zap and free krb5_data pointer if it is non-NULL. */
	675	static inline void
	676	zapfreedata(krb5_data *data)
	677	{
	678	if (data != NULL) {
	679	zapfree(data->data, data->length);
	680	free(data);
	681	}
	682	}
674	683
675	684	void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key);
676	685	void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *);

850	859	krb5_verifier_mac **other_verifiers;
851	860	} krb5_cammac;
852	861
	862	void krb5_free_etype_info(krb5_context, krb5_etype_info);
	863
853	864	krb5_pa_data *
854	865	krb5int_find_pa_data(krb5_context, krb5_pa_data const , krb5_preauthtype);
855	866	/* Does not return a copy; original padata sequence responsible for freeing*/
856	867
857		void krb5_free_etype_info(krb5_context, krb5_etype_info);
	868	/* Allocate a pa-data object with uninitialized contents of size len. If len
	869	* is 0, set the contents field to NULL. */
	870	krb5_error_code
	871	k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out);
	872
	873	/* Free a single pa-data object. */
	874	void
	875	k5_free_pa_data_element(krb5_pa_data *pa);
	876
	877	/* Without copying, add single element pa to list, reallocating as necessary.
	878	* If list is NULL, allocate a new list. Set pa to NULL on success. */
	879	krb5_error_code
	880	k5_add_pa_data_element(krb5_pa_data *list, krb5_pa_data pa);
	881
	882	/* Without copying, add a pa-data element of type pa_type to *list with the
	883	* contents in data. Set data to empty_data() on success. /
	884	krb5_error_code
	885	k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
	886	krb5_data *data);
	887
	888	/* Add an empty pa-data element of type pa_type to list. /
	889	krb5_error_code
	890	k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type);
858	891
859	892	#endif /* KRB5_PREAUTH__ */
860	893	/*

1157	1190	void
1158	1191	k5_plugin_free_context(krb5_context context);
1159	1192
	1193	enum dns_canonhost {
	1194	CANONHOST_FALSE = 0,
	1195	CANONHOST_TRUE = 1,
	1196	CANONHOST_FALLBACK = 2
	1197	};
	1198
1160	1199	struct _kdb5_dal_handle; /* private, in kdb5.h */
1161	1200	typedef struct _kdb5_dal_handle kdb5_dal_handle;
1162	1201	struct _kdb_log_context;

1173	1212	char *default_realm;
1174	1213	profile_t profile;
1175	1214	kdb5_dal_handle *dal_handle;
1176		int ser_ctx_count;
1177		void *ser_ctx;
1178	1215	/* allowable clock skew */
1179	1216	krb5_deltat clockskew;
1180		krb5_cksumtype kdc_req_sumtype;
1181		krb5_cksumtype default_ap_req_sumtype;
1182		krb5_cksumtype default_safe_sumtype;
1183	1217	krb5_flags kdc_default_options;
1184	1218	krb5_flags library_options;
1185	1219	krb5_boolean profile_secure;

1220	1254
1221	1255	krb5_boolean allow_weak_crypto;
1222	1256	krb5_boolean ignore_acceptor_hostname;
1223		krb5_boolean dns_canonicalize_hostname;
	1257	krb5_boolean enforce_ok_as_delegate;
	1258	enum dns_canonhost dns_canonicalize_hostname;
1224	1259
1225	1260	krb5_trace_callback trace_callback;
1226	1261	void *trace_callback_data;

1508	1543	krb5_error_code
1509	1544	encode_krb5_secure_cookie(const krb5_secure_cookie , krb5_data *);
1510	1545
	1546	krb5_error_code
	1547	encode_krb5_pa_pac_options(const krb5_pa_pac_options , krb5_data *);
	1548
1511	1549	/*************************************************************************
1512	1550	* End of prototypes for krb5_encode.c
1513	1551	*************************************************************************/

1689	1727
1690	1728	krb5_error_code
1691	1729	decode_krb5_secure_cookie(const krb5_data , krb5_secure_cookie *);
	1730
	1731	krb5_error_code
	1732	decode_krb5_pa_pac_options(const krb5_data , krb5_pa_pac_options *);
1692	1733
1693	1734	struct _krb5_key_data; /* kdb.h */
1694	1735

1737	1778	k5_parse_host_string(const char address, int default_port, char *host_out,
1738	1779	int *port_out);
1739	1780
1740		/*
1741		* [De]Serialization Handle and operations.
1742		*/
1743		struct __krb5_serializer {
1744		krb5_magic odtype;
1745		krb5_error_code (*sizer) (krb5_context,
1746		krb5_pointer,
1747		size_t *);
1748		krb5_error_code (*externalizer) (krb5_context,
1749		krb5_pointer,
1750		krb5_octet **,
1751		size_t *);
1752		krb5_error_code (*internalizer) (krb5_context,
1753		krb5_pointer *,
1754		krb5_octet **,
1755		size_t *);
1756		};
1757		typedef const struct __krb5_serializer * krb5_ser_handle;
1758		typedef struct __krb5_serializer krb5_ser_entry;
1759
1760		krb5_ser_handle krb5_find_serializer(krb5_context, krb5_magic);
1761		krb5_error_code krb5_register_serializer(krb5_context, const krb5_ser_entry *);
1762
1763		/* Determine the external size of a particular opaque structure */
1764		krb5_error_code KRB5_CALLCONV
1765		krb5_size_opaque(krb5_context, krb5_magic, krb5_pointer, size_t *);
1766
1767		/* Serialize the structure into a buffer */
1768		krb5_error_code KRB5_CALLCONV
1769		krb5_externalize_opaque(krb5_context, krb5_magic, krb5_pointer, krb5_octet **,
1770		size_t *);
1771
1772		/* Deserialize the structure from a buffer */
1773		krb5_error_code KRB5_CALLCONV
1774		krb5_internalize_opaque(krb5_context, krb5_magic, krb5_pointer *,
1775		krb5_octet *, size_t );
1776
1777		/* Serialize data into a buffer */
1778		krb5_error_code
1779		krb5_externalize_data(krb5_context, krb5_pointer, krb5_octet *, size_t );
	1781	krb5_error_code
	1782	k5_size_authdata_context(krb5_context kcontext, krb5_authdata_context context,
	1783	size_t *sizep);
	1784
	1785	krb5_error_code
	1786	k5_externalize_authdata_context(krb5_context kcontext,
	1787	krb5_authdata_context context,
	1788	krb5_octet *buffer, size_t lenremain);
	1789
	1790	krb5_error_code
	1791	k5_internalize_authdata_context(krb5_context kcontext,
	1792	krb5_authdata_context *ptr,
	1793	krb5_octet *buffer, size_t lenremain);
	1794
	1795	krb5_error_code
	1796	k5_size_auth_context(krb5_auth_context auth_context, size_t *sizep);
	1797
	1798	krb5_error_code
	1799	k5_externalize_auth_context(krb5_auth_context auth_context,
	1800	krb5_octet *buffer, size_t lenremain);
	1801	krb5_error_code
	1802	k5_internalize_auth_context(krb5_auth_context *argp,
	1803	krb5_octet *buffer, size_t lenremain);
	1804
	1805	krb5_error_code
	1806	k5_size_authdata(krb5_authdata authdata, size_t sizep);
	1807
	1808	krb5_error_code
	1809	k5_externalize_authdata(krb5_authdata *authdata,
	1810	krb5_octet *buffer, size_t lenremain);
	1811
	1812	krb5_error_code
	1813	k5_internalize_authdata(krb5_authdata **authdata,
	1814	krb5_octet *buffer, size_t lenremain);
	1815
	1816	krb5_error_code
	1817	k5_size_address(krb5_address address, size_t sizep);
	1818
	1819	krb5_error_code
	1820	k5_externalize_address(krb5_address *address,
	1821	krb5_octet *buffer, size_t lenremain);
	1822
	1823	krb5_error_code
	1824	k5_internalize_address(krb5_address **argp,
	1825	krb5_octet *buffer, size_t lenremain);
	1826
	1827	krb5_error_code
	1828	k5_size_authenticator(krb5_authenticator authenticator, size_t sizep);
	1829
	1830	krb5_error_code
	1831	k5_externalize_authenticator(krb5_authenticator *authenticator,
	1832	krb5_octet *buffer, size_t lenremain);
	1833
	1834	krb5_error_code
	1835	k5_internalize_authenticator(krb5_authenticator **argp,
	1836	krb5_octet *buffer, size_t lenremain);
	1837
	1838	krb5_error_code
	1839	k5_size_checksum(krb5_checksum checksum, size_t sizep);
	1840
	1841	krb5_error_code
	1842	k5_externalize_checksum(krb5_checksum *checksum,
	1843	krb5_octet *buffer, size_t lenremain);
	1844
	1845	krb5_error_code
	1846	k5_internalize_checksum(krb5_checksum **argp,
	1847	krb5_octet *buffer, size_t lenremain);
	1848
	1849	krb5_error_code
	1850	k5_size_context(krb5_context context, size_t *sizep);
	1851
	1852	krb5_error_code
	1853	k5_externalize_context(krb5_context context,
	1854	krb5_octet *buffer, size_t lenremain);
	1855
	1856	krb5_error_code
	1857	k5_internalize_context(krb5_context *argp,
	1858	krb5_octet *buffer, size_t lenremain);
	1859
	1860	krb5_error_code
	1861	k5_size_keyblock(krb5_keyblock keyblock, size_t sizep);
	1862
	1863	krb5_error_code
	1864	k5_externalize_keyblock(krb5_keyblock *keyblock,
	1865	krb5_octet *buffer, size_t lenremain);
	1866
	1867	krb5_error_code
	1868	k5_internalize_keyblock(krb5_keyblock **argp,
	1869	krb5_octet *buffer, size_t lenremain);
	1870
	1871	krb5_error_code
	1872	k5_size_principal(krb5_principal principal, size_t *sizep);
	1873
	1874	krb5_error_code
	1875	k5_externalize_principal(krb5_principal principal,
	1876	krb5_octet *buffer, size_t lenremain);
	1877
	1878	krb5_error_code
	1879	k5_internalize_principal(krb5_principal *argp,
	1880	krb5_octet *buffer, size_t lenremain);
	1881
1780	1882	/*
1781	1883	* Initialization routines.
1782	1884	*/
1783
1784		/* Initialize serialization for krb5_[os_]context */
1785		krb5_error_code KRB5_CALLCONV krb5_ser_context_init(krb5_context);
1786
1787		/* Initialize serialization for krb5_auth_context */
1788		krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init(krb5_context);
1789
1790		/* Initialize serialization for krb5_keytab */
1791		krb5_error_code KRB5_CALLCONV krb5_ser_keytab_init(krb5_context);
1792
1793		/* Initialize serialization for krb5_ccache */
1794		krb5_error_code KRB5_CALLCONV krb5_ser_ccache_init(krb5_context);
1795
1796		/* Initialize serialization for krb5_rcache */
1797		krb5_error_code KRB5_CALLCONV krb5_ser_rcache_init(krb5_context);
1798	1885
1799	1886	/* [De]serialize 4-byte integer */
1800	1887	krb5_error_code KRB5_CALLCONV

1832	1919	/* To keep happy libraries which are (for now) accessing internal stuff */
1833	1920
1834	1921	/* Make sure to increment by one when changing the struct */
1835		#define KRB5INT_ACCESS_STRUCT_VERSION 22
	1922	#define KRB5INT_ACCESS_STRUCT_VERSION 23
1836	1923
1837	1924	typedef struct _krb5int_access {
1838	1925	krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,

1862	1949	(encode_krb5_auth_pack)(const krb5_auth_pack rep, krb5_data **code);
1863	1950
1864	1951	krb5_error_code
1865		(encode_krb5_auth_pack_draft9)(const krb5_auth_pack_draft9 rep,
1866		krb5_data **code);
1867
1868		krb5_error_code
1869	1952	(encode_krb5_kdc_dh_key_info)(const krb5_kdc_dh_key_info rep,
1870	1953	krb5_data **code);
1871	1954

1874	1957	krb5_data **code);
1875	1958
1876	1959	krb5_error_code
1877		(encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 rep,
1878		krb5_data **code);
1879
1880		krb5_error_code
1881	1960	(encode_krb5_pa_pk_as_req)(const krb5_pa_pk_as_req rep,
1882	1961	krb5_data **code);
1883
1884		krb5_error_code
1885		(encode_krb5_pa_pk_as_req_draft9)(const krb5_pa_pk_as_req_draft9 rep,
1886		krb5_data **code);
1887	1962
1888	1963	krb5_error_code
1889	1964	(encode_krb5_reply_key_pack)(const krb5_reply_key_pack ,
1890	1965	krb5_data **code);
1891	1966
1892	1967	krb5_error_code
1893		(encode_krb5_reply_key_pack_draft9)(const krb5_reply_key_pack_draft9 ,
1894		krb5_data **code);
1895
1896		krb5_error_code
1897	1968	(encode_krb5_td_dh_parameters)(krb5_algorithm_identifier const *,
1898	1969	krb5_data **code);
1899	1970

1905	1976	(decode_krb5_auth_pack)(const krb5_data , krb5_auth_pack **);
1906	1977
1907	1978	krb5_error_code
1908		(decode_krb5_auth_pack_draft9)(const krb5_data ,
1909		krb5_auth_pack_draft9 **);
1910
1911		krb5_error_code
1912	1979	(decode_krb5_pa_pk_as_req)(const krb5_data , krb5_pa_pk_as_req **);
1913
1914		krb5_error_code
1915		(decode_krb5_pa_pk_as_req_draft9)(const krb5_data ,
1916		krb5_pa_pk_as_req_draft9 **);
1917	1980
1918	1981	krb5_error_code
1919	1982	(decode_krb5_pa_pk_as_rep)(const krb5_data , krb5_pa_pk_as_rep **);

1926	1989
1927	1990	krb5_error_code
1928	1991	(decode_krb5_reply_key_pack)(const krb5_data , krb5_reply_key_pack **);
1929
1930		krb5_error_code
1931		(decode_krb5_reply_key_pack_draft9)(const krb5_data ,
1932		krb5_reply_key_pack_draft9 **);
1933	1992
1934	1993	krb5_error_code
1935	1994	(decode_krb5_td_dh_parameters)(const krb5_data ,

1956	2015	krb5_error_code KRB5_CALLCONV
1957	2016	krb5int_accessor(krb5int_access*, krb5_int32);
1958	2017
1959		typedef struct _krb5_donot_replay {
1960		krb5_magic magic;
1961		krb5_ui_4 hash;
1962		char server; / null-terminated */
1963		char client; / null-terminated */
1964		char msghash; / null-terminated */
1965		krb5_int32 cusec;
1966		krb5_timestamp ctime;
1967		} krb5_donot_replay;
1968
1969	2018	krb5_error_code KRB5_CALLCONV
1970	2019	krb5int_cc_user_set_default_name(krb5_context context, const char *name);
1971	2020
1972		krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
1973		krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,
1974		const char *);
1975		krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,
1976		const char *);
1977		char *krb5_rc_get_type(krb5_context, krb5_rcache);
1978		char *krb5_rc_default_type(krb5_context);
1979		char *krb5_rc_default_name(krb5_context);
1980		krb5_error_code krb5_auth_to_rep(krb5_context, krb5_tkt_authent *,
1981		krb5_donot_replay *);
1982		krb5_error_code krb5_rc_hash_message(krb5_context context,
1983		const krb5_data message, char *out);
1984
1985		krb5_error_code KRB5_CALLCONV
1986		krb5_rc_initialize(krb5_context, krb5_rcache, krb5_deltat);
1987
1988		krb5_error_code KRB5_CALLCONV
1989		krb5_rc_recover_or_initialize(krb5_context, krb5_rcache,krb5_deltat);
1990
1991		krb5_error_code KRB5_CALLCONV
1992		krb5_rc_recover(krb5_context, krb5_rcache);
1993
1994		krb5_error_code KRB5_CALLCONV
1995		krb5_rc_destroy(krb5_context, krb5_rcache);
1996
1997		krb5_error_code KRB5_CALLCONV
1998		krb5_rc_close(krb5_context, krb5_rcache);
1999
2000		krb5_error_code KRB5_CALLCONV
2001		krb5_rc_store(krb5_context, krb5_rcache, krb5_donot_replay *);
2002
2003		krb5_error_code KRB5_CALLCONV
2004		krb5_rc_expunge(krb5_context, krb5_rcache);
2005
2006		krb5_error_code KRB5_CALLCONV
2007		krb5_rc_get_lifespan(krb5_context, krb5_rcache,krb5_deltat *);
2008
2009		char *KRB5_CALLCONV
2010		krb5_rc_get_name(krb5_context, krb5_rcache);
2011
2012		krb5_error_code KRB5_CALLCONV
2013		krb5_rc_resolve(krb5_context, krb5_rcache, char *);
	2021	krb5_error_code k5_rc_default(krb5_context context, krb5_rcache *rc_out);
	2022	krb5_error_code k5_rc_resolve(krb5_context context, const char *name,
	2023	krb5_rcache *rc_out);
	2024	void k5_rc_close(krb5_context context, krb5_rcache rc);
	2025	krb5_error_code k5_rc_store(krb5_context context, krb5_rcache rc,
	2026	const krb5_enc_data *authenticator);
	2027	const char *k5_rc_get_name(krb5_context context, krb5_rcache rc);
	2028
	2029	/* Set tag_out to the integrity tag of enc. (Does not allocate memory;
	2030	* returned buffer is a subrange of ctext.) /
	2031	krb5_error_code
	2032	k5_rc_tag_from_ciphertext(krb5_context context, const krb5_enc_data *enc,
	2033	krb5_data *tag_out);
2014	2034
2015	2035	/*
2016	2036	* This structure was exposed and used in macros in krb5 1.2, so do not

2041	2061	krb5_keytab_entry *);
2042	2062	krb5_error_code (KRB5_CALLCONV *remove)(krb5_context, krb5_keytab,
2043	2063	krb5_keytab_entry *);
2044
2045		/* Handle for serializer */
2046		const krb5_ser_entry *serializer;
2047	2064	} krb5_kt_ops;
2048	2065
2049	2066	/* Not sure it's ready for exposure just yet. */

2075	2092	krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype);
2076	2093
2077	2094	krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
	2095	krb5_boolean KRB5_CALLCONV krb5int_c_deprecated_enctype(krb5_enctype);
2078	2096	krb5_error_code k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out);
2079	2097
2080	2098	krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *,

+14

-1

src/include/k5-platform.h less more

44	44	* + path manipulation
45	45	* + _, N_, dgettext, bindtextdomain (for localization)
46	46	* + getopt_long
	47	* + secure_getenv
47	48	* + fetching filenames from a directory
48	49	*/
49	50

1022	1023	if (len > 0)
1023	1024	memset_s(ptr, len, 0, len);
1024	1025	}
	1026	#elif defined(HAVE_EXPLICIT_BZERO)
	1027	# define zap(ptr, len) explicit_bzero(ptr, len)
	1028	#elif defined(HAVE_EXPLICIT_MEMSET)
	1029	# define zap(ptr, len) explicit_memset(ptr, 0, len)
1025	1030	#elif defined(__GNUC__) \|\| defined(__clang__)
1026	1031	/*
1027	1032	* Use an asm statement which declares a memory clobber to force the memset to

1031	1036	{
1032	1037	if (len > 0)
1033	1038	memset(ptr, 0, len);
1034		__asm__ __volatile__("" : : "r" (ptr) : "memory");
	1039	__asm__ __volatile__("" : : "g" (ptr) : "memory");
1035	1040	}
1036	1041	#else
1037	1042	/*

1129	1134	#define getopt_long k5_getopt_long
1130	1135	#endif /* HAVE_GETOPT_LONG */
1131	1136
	1137	#if defined(_WIN32)
	1138	/* On Windows there is never a need to ignore the process environment. */
	1139	#define secure_getenv getenv
	1140	#elif !defined(HAVE_SECURE_GETENV)
	1141	#define secure_getenv k5_secure_getenv
	1142	extern char k5_secure_getenv(const char name);
	1143	#endif
	1144
1132	1145	/* Set *fnames_out to a null-terminated list of filenames within dirname,
1133	1146	* sorted according to strcmp(). Return 0 on success, or ENOENT/ENOMEM. */
1134	1147	int k5_dir_filenames(const char dirname, char **fnames_out);

+10

-0

src/include/k5-trace.h less more

190	190	#define TRACE_FAST_REQUIRED(c) \
191	191	TRACE(c, "Using FAST due to KRB5_FAST_REQUIRED flag")
192	192
	193	#define TRACE_GET_CREDS_FALLBACK(c, hostname) \
	194	TRACE(c, "Falling back to canonicalized server hostname {str}", hostname)
	195
193	196	#define TRACE_GIC_PWD_CHANGED(c) \
194	197	TRACE(c, "Getting initial TGT with changed password")
195	198	#define TRACE_GIC_PWD_CHANGEPW(c, tries) \

223	226	#define TRACE_INIT_CREDS_GAK(c, salt, s2kparams) \
224	227	TRACE(c, "Getting AS key, salt \"{data}\", params \"{data}\"", \
225	228	salt, s2kparams)
	229	#define TRACE_INIT_CREDS_IDENTIFIED_REALM(c, realm) \
	230	TRACE(c, "Identified realm of client principal as {data}", realm)
226	231	#define TRACE_INIT_CREDS_KEYTAB_LOOKUP(c, etypes) \
227	232	TRACE(c, "Looked up etypes in keytab: {etypes}", etypes)
228	233	#define TRACE_INIT_CREDS_KEYTAB_LOOKUP_FAILED(c, code) \

287	292	TRACE(c, "PAC checksum verification failed: {kerr}", err)
288	293	#define TRACE_MSPAC_DISCARD_UNVERF(c) \
289	294	TRACE(c, "Filtering out unverified MS PAC")
	295
	296	#define TRACE_NEGOEX_INCOMING(c, seqnum, typestr, info) \
	297	TRACE(c, "NegoEx received [{int}]{str}: {str}", (int)seqnum, typestr, info)
	298	#define TRACE_NEGOEX_OUTGOING(c, seqnum, typestr, info) \
	299	TRACE(c, "NegoEx sending [{int}]{str}: {str}", (int)seqnum, typestr, info)
290	300
291	301	#define TRACE_PREAUTH_CONFLICT(c, name1, name2, patype) \
292	302	TRACE(c, "Preauth module {str} conflicts with module {str} for pa " \

+3

-3

src/include/k5-unicode.h less more

48	48	*
49	49	* A copy of this license is available in file LICENSE in the
50	50	* top-level directory of the distribution or, alternatively, at
51		* <http://www.OpenLDAP.org/license.html>.
	51	* <https://www.OpenLDAP.org/license.html>.
52	52	*/
53	53	/*
54	54	* Copyright (C) 2000 Novell, Inc. All Rights Reserved.

56	56	* THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
57	57	* USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
58	58	* 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
59		* HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
	59	* HTTPS://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
60	60	* TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
61	61	* WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
62	62	* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
63	63	* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
64	64	*/
65	65
66		/* This work is part of OpenLDAP Software <http://www.openldap.org/>. */
	66	/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
67	67
68	68	#ifndef K5_UNICODE_H
69	69	#define K5_UNICODE_H

+3

-3

src/include/k5-utf8.h less more

48	48	*
49	49	* A copy of this license is available in file LICENSE in the
50	50	* top-level directory of the distribution or, alternatively, at
51		* <http://www.OpenLDAP.org/license.html>.
	51	* <https://www.OpenLDAP.org/license.html>.
52	52	*/
53	53	/*
54	54	* Copyright (C) 2000 Novell, Inc. All Rights Reserved.

56	56	* THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
57	57	* USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
58	58	* 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
59		* HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
	59	* HTTPS://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
60	60	* TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
61	61	* WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
62	62	* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
63	63	* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
64	64	*/
65		/* This work is part of OpenLDAP Software <http://www.openldap.org/>. */
	65	/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
66	66
67	67	#ifndef K5_UTF8_H
68	68	#define K5_UTF8_H

+177

-51

src/include/kdb.h less more

68	68
69	69	/* This version will be incremented when incompatible changes are made to the
70	70	* KDB API, and will be kept in sync with the libkdb major version. */
71		#define KRB5_KDB_API_VERSION 9
	71	#define KRB5_KDB_API_VERSION 10
72	72
73	73	/* Salt types */
74	74	#define KRB5_KDB_SALTTYPE_NORMAL 0
75		#define KRB5_KDB_SALTTYPE_V4 1
	75	/* #define KRB5_KDB_SALTTYPE_V4 1 */
76	76	#define KRB5_KDB_SALTTYPE_NOREALM 2
77	77	#define KRB5_KDB_SALTTYPE_ONLYREALM 3
78	78	#define KRB5_KDB_SALTTYPE_SPECIAL 4
79		#define KRB5_KDB_SALTTYPE_AFS3 5
	79	/* #define KRB5_KDB_SALTTYPE_AFS3 5 */
80	80	#define KRB5_KDB_SALTTYPE_CERTHASH 6
81	81
82	82	/* Attributes */

103	103	#define KRB5_KDB_CREATE_BTREE 0x00000001
104	104	#define KRB5_KDB_CREATE_HASH 0x00000002
105	105
106		/* Private flag used to indicate principal is local TGS */
107		#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000
108		/* Private flag used to indicate xrealm relationship is non-transitive */
109		#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000
110
111	106	/* Entry get flags */
112	107	/* Name canonicalization requested */
113	108	#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010

125	120	#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
126	121	/* Cross-realm */
127	122	#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
128		/* Allow in-realm aliases */
129		#define KRB5_KDB_FLAG_ALIAS_OK 0x00002000
	123	/* Issuing referral */
	124	#define KRB5_KDB_FLAG_ISSUING_REFERRAL 0x00004000
	125
130	126
131	127	#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION \| \
132	128	KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )

662	658	krb5_error_code krb5_db_sign_authdata(krb5_context kcontext,
663	659	unsigned int flags,
664	660	krb5_const_principal client_princ,
	661	krb5_const_principal server_princ,
665	662	krb5_db_entry *client,
666	663	krb5_db_entry *server,
667		krb5_db_entry *krbtgt,
	664	krb5_db_entry *header_server,
	665	krb5_db_entry *local_tgt,
668	666	krb5_keyblock *client_key,
669	667	krb5_keyblock *server_key,
670		krb5_keyblock *krbtgt_key,
	668	krb5_keyblock *header_key,
	669	krb5_keyblock *local_tgt_key,
671	670	krb5_keyblock *session_key,
672	671	krb5_timestamp authtime,
673	672	krb5_authdata **tgt_auth_data,
	673	void *ad_info,
	674	krb5_data ***auth_indicators,
674	675	krb5_authdata ***signed_auth_data);
675	676
676	677	krb5_error_code krb5_db_check_transited_realms(krb5_context kcontext,

705	706	krb5_const_principal client,
706	707	const krb5_db_entry *server,
707	708	krb5_const_principal proxy);
	709
	710	krb5_error_code krb5_db_get_s4u_x509_principal(krb5_context kcontext,
	711	const krb5_data *client_cert,
	712	krb5_const_principal in_princ,
	713	unsigned int flags,
	714	krb5_db_entry **entry);
	715
	716	krb5_error_code krb5_db_allowed_to_delegate_from(krb5_context context,
	717	krb5_const_principal client,
	718	krb5_const_principal server,
	719	void *server_ad_info,
	720	const krb5_db_entry *proxy);
	721
	722	krb5_error_code krb5_db_get_authdata_info(krb5_context context,
	723	unsigned int flags,
	724	krb5_authdata **in_authdata,
	725	krb5_const_principal client_princ,
	726	krb5_const_principal server_princ,
	727	krb5_keyblock *server_key,
	728	krb5_keyblock *krbtgt_key,
	729	krb5_db_entry *krbtgt,
	730	krb5_timestamp authtime,
	731	void **ad_info_out,
	732	krb5_principal *client_out);
	733
	734	void krb5_db_free_authdata_info(krb5_context context, void *ad_info);
708	735
709	736	/**
710	737	* Sort an array of @a krb5_key_data keys in descending order by their kvno.

866	893	* This number indicates the date of the last incompatible change to the DAL.
867	894	* The maj_ver field of the module's vtable structure must match this version.
868	895	*/
869		#define KRB5_KDB_DAL_MAJOR_VERSION 7
	896	#define KRB5_KDB_DAL_MAJOR_VERSION 8
870	897
871	898	/*
872	899	* A krb5_context can hold one database object. Modules should use

1008	1035	* client entry during an S4U2Proxy TGS request. Also affects PAC
1009	1036	* generation.
1010	1037	*
1011		* KRB5_KDB_FLAG_CROSS_REALM: Set by the KDC when looking up a client entry
1012		* during a TGS request, if the client principal is not part of the
1013		* realm being served.
1014		*
1015		* KRB5_KDB_FLAG_ALIAS_OK: Set by the KDC for server principal lookups and
1016		* for AS request client principal lookups with canonicalization
1017		* requested; also set by the admin interface. Determines whether the
1018		* module should return in-realm aliases.
1019		*
1020		* A module can return in-realm aliases if KRB5_KDB_FLAG_ALIAS_OK is set,
1021		* or if search_for->type is KRB5_NT_ENTERPRISE_PRINCIPAL. To return an
1022		* in-realm alias, fill in a different value for entries->princ than the
1023		* one requested.
1024		*
1025		* A module can return out-of-realm referrals if KRB5_KDB_FLAG_CANONICALIZE
1026		* is set. For AS request clients (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is
1027		* also set), the module should do so by simply filling in an out-of-realm
1028		* name in entries->princ and setting all other fields to NULL. Otherwise,
1029		* the module should return the entry for the cross-realm TGS of the
1030		* referred-to realm. For TGS referals, the module can also include
1031		* tl-data of type KRB5_TL_SERVER_REFERRAL containing ASN.1-encoded Windows
1032		* referral data as documented in draft-ietf-krb-wg-kerberos-referrals-11
1033		* appendix A; this will be returned to the client as encrypted padata.
	1038	* KRB5_KDB_FLAG_CROSS_REALM: Set by the KDC after looking up a server
	1039	* entry during a TGS request, if the header ticket was issued by a
	1040	* different realm.
	1041	*
	1042	* KRB5_KDB_FLAG_ISSUING_REFERRAL: Set by the KDC after looking up a server
	1043	* entry during a TGS request, if the requested server principal is not
	1044	* part of the realm being served, and a referral or alternate TGT will
	1045	* be issued instead.
	1046	*
	1047	* A module may return an in-realm alias by setting (*entry)->princ to the
	1048	* canonical name. The KDC will decide based on the request whether to use
	1049	* the requested name or the canonical name in the issued ticket.
	1050	*
	1051	* A module can return a referral to another realm if
	1052	* KRB5_KDB_FLAG_CANONICALIZE is set, or if
	1053	* KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is set and search_for->type is
	1054	* KRB5_NT_ENTERPRISE_PRINCIPAL. If KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is
	1055	* set, the module should return a referral by simply filling in an
	1056	* out-of-realm name in (*entry)->princ and setting all other fields to
	1057	* NULL. Otherwise, the module should return the entry for the cross-realm
	1058	* TGS of the referred-to realm. For TGS referals, the module can also
	1059	* include tl-data of type KRB5_TL_SERVER_REFERRAL containing ASN.1-encoded
	1060	* Windows referral data as documented in
	1061	* draft-ietf-krb-wg-kerberos-referrals-11 appendix A; this will be
	1062	* returned to the client as encrypted padata.
1034	1063	*/
1035	1064	krb5_error_code (*get_principal)(krb5_context kcontext,
1036	1065	krb5_const_principal search_for,

1261	1290	* principal requested by the service; for regular TGS requests, the
1262	1291	* possibly-canonicalized client principal.
1263	1292	*
1264		* client: The DB entry of the client. For S4U2Self, this will be the DB
1265		* entry for the client principal requested by the service).
	1293	* server_princ: The server principal in the request.
	1294	*
	1295	* client: The DB entry of the client if it is in the local realm, NULL
	1296	* if not. For S4U2Self and S4U2Proxy TGS requests, this is the DB
	1297	* entry for the client principal requested by the service.
1266	1298	*
1267	1299	* server: The DB entry of the service principal, or of a cross-realm
1268	1300	* krbtgt principal in case of referral.
1269	1301	*
1270		* krbtgt: For TGS requests, the DB entry of the server of the ticket in
1271		* the PA-TGS-REQ padata; this is usually a local or cross-realm krbtgt
1272		* principal, but not always. For AS requests, the DB entry of the
1273		* service principal; this is usually a local krbtgt principal, but not
1274		* always.
	1302	* header_server: For S4U2Proxy requests, the DB entry of the second
	1303	* ticket server. For other TGS requests, the DB entry of the header
	1304	* ticket server. For AS requests, NULL.
	1305	*
	1306	* local_tgt: the DB entry of the local krbtgt principal.
1275	1307	*
1276	1308	* client_key: The reply key for the KDC request, before any FAST armor
1277	1309	* is applied. For AS requests, this may be the client's long-term key

1280	1312	*
1281	1313	* server_key: The server key used to encrypt the returned ticket.
1282	1314	*
1283		* krbtgt_key: For TGS requests, the key used to decrypt the ticket in
1284		* the PA-TGS-REQ padata. For AS requests, the server key used to
1285		* encrypt the returned ticket.
	1315	* header_key: For S4U2Proxy requests, the key used to decrypt the second
	1316	* ticket. For TGS requests, the key used to decrypt the header
	1317	* ticket. For AS requests, NULL.
	1318	*
	1319	* local_tgt_key: The decrypted first key of local_tgt.
1286	1320	*
1287	1321	* session_key: The session key of the ticket being granted to the
1288	1322	* requestor.

1294	1328	*
1295	1329	* tgt_auth_data: For TGS requests, the authorization data present in the
1296	1330	* subject ticket. For AS requests, NULL.
	1331	*
	1332	* ad_info: For TGS requests, the parsed authorization data if obtained
	1333	* by get_authdata_info method from the authorization data present in
	1334	* the subject ticket. Otherwise NULL.
	1335	*
	1336	* auth_indicators: Points to NULL or a null-terminated list of krb5_data
	1337	* pointers, each containing an authentication indicator (RFC 8129).
	1338	* The method may modify this list, or free it and replace
	1339	* *auth_indicators with NULL, to change which auth indicators will be
	1340	* included in the ticket.
1297	1341	*/
1298	1342	krb5_error_code (*sign_authdata)(krb5_context kcontext,
1299	1343	unsigned int flags,
1300	1344	krb5_const_principal client_princ,
	1345	krb5_const_principal server_princ,
1301	1346	krb5_db_entry *client,
1302	1347	krb5_db_entry *server,
1303		krb5_db_entry *krbtgt,
	1348	krb5_db_entry *header_server,
	1349	krb5_db_entry *local_tgt,
1304	1350	krb5_keyblock *client_key,
1305	1351	krb5_keyblock *server_key,
1306		krb5_keyblock *krbtgt_key,
	1352	krb5_keyblock *header_key,
	1353	krb5_keyblock *local_tgt_key,
1307	1354	krb5_keyblock *session_key,
1308	1355	krb5_timestamp authtime,
1309	1356	krb5_authdata **tgt_auth_data,
	1357	void *ad_info,
	1358	krb5_data ***auth_indicators,
1310	1359	krb5_authdata ***signed_auth_data);
1311	1360
1312	1361	/*

1388	1437	const krb5_db_entry *server,
1389	1438	krb5_const_principal proxy);
1390	1439
1391		/* End of minor version 0. */
1392
1393	1440	/*
1394	1441	* Optional: Free the e_data pointer of a database entry. If this method
1395	1442	* is not implemented, the e_data pointer in principal entries will be

1397	1444	*/
1398	1445	void (free_principal_e_data)(krb5_context kcontext, krb5_octet e_data);
1399	1446
1400		/* End of minor version 1 for major version 6. */
	1447	/*
	1448	* Optional: get a principal entry for S4U2Self based on X509 certificate.
	1449	*
	1450	* If flags include KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY, princ->realm
	1451	* indicates the request realm, but the data components should be ignored.
	1452	* The module can return an out-of-realm client referral as it would for
	1453	* get_principal().
	1454	*
	1455	* If flags does not include KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY, princ is
	1456	* from PA-S4U-X509-USER. If it contains data components (and not just a
	1457	* realm), the module should verify that it is the same as the lookup
	1458	* result for client_cert. The module should not return a referral.
	1459	*/
	1460	krb5_error_code (*get_s4u_x509_principal)(krb5_context kcontext,
	1461	const krb5_data *client_cert,
	1462	krb5_const_principal princ,
	1463	unsigned int flags,
	1464	krb5_db_entry **entry_out);
	1465
	1466	/*
	1467	* Optional: Perform a policy check on server being allowed to obtain
	1468	* tickets from client to proxy. This method is similar to
	1469	* check_allowed_to_delegate, but it operates on the target server DB entry
	1470	* (called "proxy" here as in Microsoft's protocol documentation) rather
	1471	* than the intermediate server entry. server_ad_info represents the
	1472	* authdata of the intermediate server, as returned by the
	1473	* get_authdata_info method on the header ticket. Return 0 if policy
	1474	* allows the delegation, or an appropriate error (such as
	1475	* KRB5KDC_ERR_POLICY) if not.
	1476	*
	1477	* This method is called for S4U2Proxy requests and implements the
	1478	* resource-based constrained delegation variant, which can support
	1479	* cross-realm delegation. If this method is not implemented or if it
	1480	* returns a policy error, the KDC will fall back to
	1481	* check_allowed_to_delegate if the intermediate and target servers are in
	1482	* the same realm and the evidence ticket is forwardable.
	1483	*/
	1484	krb5_error_code (*allowed_to_delegate_from)(krb5_context context,
	1485	krb5_const_principal client,
	1486	krb5_const_principal server,
	1487	void *server_ad_info,
	1488	const krb5_db_entry *proxy);
	1489
	1490	/*
	1491	* Optional: Perform verification and policy checks on authorization data,
	1492	* such as a Windows PAC, based on the request client lookup flags. Return
	1493	* 0 if all checks have passed. Optionally return a representation of the
	1494	* authdata in *ad_info_out, to be consumed by allowed_to_delegate_from and
	1495	* sign_authdata. Returning *ad_info_out is required to support
	1496	* resource-based constrained delegation.
	1497	*
	1498	* If the KRB5_KDB_FLAG_CONSTRAINED_DELEGATION bit is set, a PAC must be
	1499	* provided and verified, and an error should be returned if the client is
	1500	* not allowed to delegate. If the KRB5_KDB_FLAG_CROSS_REALM bit is also
	1501	* set, set *client_out to the client name in the PAC; this indicates the
	1502	* requested client principal for a cross-realm S4U2Proxy request.
	1503	*
	1504	* This method is called for TGS requests on the authorization data from
	1505	* the header ticket. For S4U2Proxy requests it is also called on the
	1506	* authorization data from the evidence ticket. If the
	1507	* KRB5_KDB_FLAG_PROTOCOL_TRANSITION bit is set in flags, the authdata is
	1508	* from the header ticket of an S4U2Self referral request, and the supplied
	1509	* client_princ is the requested client.
	1510	*/
	1511	krb5_error_code (*get_authdata_info)(krb5_context context,
	1512	unsigned int flags,
	1513	krb5_authdata **in_authdata,
	1514	krb5_const_principal client_princ,
	1515	krb5_const_principal server_princ,
	1516	krb5_keyblock *server_key,
	1517	krb5_keyblock *krbtgt_key,
	1518	krb5_db_entry *krbtgt,
	1519	krb5_timestamp authtime,
	1520	void **ad_info_out,
	1521	krb5_principal *client_out);
	1522
	1523	void (*free_authdata_info)(krb5_context context,
	1524	void *ad_info);
	1525
	1526	/* End of minor version 0 for major version 8. */
1401	1527	} kdb_vftabl;
1402	1528
1403	1529	#endif /* !defined(_WIN32) */

+187

-212

src/include/krb5/krb5.hin less more

415	415
416	416	/* per Kerberos v5 protocol spec */
417	417	#define ENCTYPE_NULL 0x0000
418		#define ENCTYPE_DES_CBC_CRC 0x0001 /*< DES cbc mode with CRC-32 /
419		#define ENCTYPE_DES_CBC_MD4 0x0002 /*< DES cbc mode with RSA-MD4 /
420		#define ENCTYPE_DES_CBC_MD5 0x0003 /*< DES cbc mode with RSA-MD5 /
421		#define ENCTYPE_DES_CBC_RAW 0x0004 /*< @deprecated DES cbc mode raw /
	418	#define ENCTYPE_DES_CBC_CRC 0x0001 /*< @deprecated no longer supported /
	419	#define ENCTYPE_DES_CBC_MD4 0x0002 /*< @deprecated no longer supported /
	420	#define ENCTYPE_DES_CBC_MD5 0x0003 /*< @deprecated no longer supported /
	421	#define ENCTYPE_DES_CBC_RAW 0x0004 /*< @deprecated no longer supported /
422	422	#define ENCTYPE_DES3_CBC_SHA 0x0005 /*< @deprecated DES-3 cbc with SHA1 /
423	423	#define ENCTYPE_DES3_CBC_RAW 0x0006 /*< @deprecated DES-3 cbc mode raw /
424		#define ENCTYPE_DES_HMAC_SHA1 0x0008 /*< @deprecated /
	424	#define ENCTYPE_DES_HMAC_SHA1 0x0008 /*< @deprecated no longer supported /
425	425	/* PKINIT */
426	426	#define ENCTYPE_DSA_SHA1_CMS 0x0009 /*< DSA with SHA1, CMS signature /
427	427	#define ENCTYPE_MD5_RSA_CMS 0x000a /*< MD5 with RSA, CMS signature /

1684	1684
1685	1685	/*
1686	1686	* Mask of ticket flags in the TGT which should be converted into KDC
1687		* options when using the TGT to get derivitive tickets.
	1687	* options when using the TGT to get derivative tickets.
1688	1688	*
1689	1689	* New mask = KDC_OPT_FORWARDABLE \| KDC_OPT_PROXIABLE \|
1690	1690	* KDC_OPT_ALLOW_POSTDATE \| KDC_OPT_RENEWABLE

1878	1878	#define KRB5_ENCPADATA_REQ_ENC_PA_REP 149 /*< RFC 6806 /
1879	1879	#define KRB5_PADATA_AS_FRESHNESS 150 /*< RFC 8070 /
1880	1880	#define KRB5_PADATA_SPAKE 151
	1881	#define KRB5_PADATA_PAC_OPTIONS 167 /*< MS-KILE and MS-SFU /
1881	1882
1882	1883	#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000
1883	1884	#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000

2484	2485	*
2485	2486	* krb5_cc_end_seq_get() must be called to complete the retrieve operation.
2486	2487	*
2487		* @note If @a cache is modified between the time of the call to this function
2488		* and the time of the final krb5_cc_end_seq_get(), the results are undefined.
	2488	* @note If the cache represented by @a cache is modified between the time of
	2489	* the call to this function and the time of the final krb5_cc_end_seq_get(),
	2490	* these changes may not be reflected in the results of krb5_cc_next_cred()
	2491	* calls.
2489	2492	*
2490	2493	* @retval 0 Success; otherwise - Kerberos error codes
2491	2494	*/

2610	2613	krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst);
2611	2614
2612	2615	/**
2613		* Return a timestamp of the last modification to a credential cache.
2614		*
2615		* @param [in] context Library context
2616		* @param [in] ccache Credential cache handle
2617		* @param [out] change_time The last change time of @a ccache
2618		*
2619		* If an error occurs, @a change_time is set to 0.
2620		*/
2621		krb5_error_code KRB5_CALLCONV
2622		krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache,
2623		krb5_timestamp *change_time);
2624
2625		/**
2626		* Lock a credential cache.
2627		*
2628		* @param [in] context Library context
2629		* @param [in] ccache Credential cache handle
2630		*
2631		* Use krb5_cc_unlock() to unlock the lock.
2632		*
2633		* @retval 0 Success; otherwise - Kerberos error codes
2634		*/
2635		krb5_error_code KRB5_CALLCONV
2636		krb5_cc_lock(krb5_context context, krb5_ccache ccache);
2637
2638		/**
2639		* Unlock a credential cache.
2640		*
2641		* @param [in] context Library context
2642		* @param [in] ccache Credential cache handle
2643		*
2644		* This function unlocks the @a ccache locked by krb5_cc_lock().
2645		*
2646		* @retval 0 Success; otherwise - Kerberos error codes
2647		*/
2648		krb5_error_code KRB5_CALLCONV
2649		krb5_cc_unlock(krb5_context context, krb5_ccache ccache);
2650
2651		/**
2652	2616	* Prepare to iterate over the collection of known credential caches.
2653	2617	*
2654	2618	* @param [in] context Library context

2712	2676	*/
2713	2677	krb5_error_code KRB5_CALLCONV
2714	2678	krb5_cccol_have_content(krb5_context context);
2715
2716		/**
2717		* Return a timestamp of the last modification of any known credential cache.
2718		*
2719		* @param [in] context Library context
2720		* @param [out] change_time Last modification timestamp
2721		*
2722		* This function returns the most recent modification time of any known
2723		* credential cache, ignoring any caches which cannot supply a last
2724		* modification time.
2725		*
2726		* If there are no known credential caches, @a change_time is set to 0.
2727		*
2728		* @retval 0 Success; otherwise - Kerberos error codes
2729		*/
2730		krb5_error_code KRB5_CALLCONV
2731		krb5_cccol_last_change_time(krb5_context context, krb5_timestamp *change_time);
2732
2733		/**
2734		* Acquire a global lock for credential caches.
2735		*
2736		* @param [in] context Library context
2737		*
2738		* This function locks the global credential cache collection, ensuring
2739		* that no ccaches are added to or removed from it until the collection
2740		* lock is released.
2741		*
2742		* Use krb5_cccol_unlock() to unlock the lock.
2743		*
2744		* @retval 0 Success; otherwise - Kerberos error codes
2745		*/
2746
2747		krb5_error_code KRB5_CALLCONV
2748		krb5_cccol_lock(krb5_context context);
2749
2750		/**
2751		* Release a global lock for credential caches.
2752		*
2753		* @param [in] context Library context
2754		*
2755		* This function unlocks the lock from krb5_cccol_lock().
2756		*
2757		* @retval 0 Success; otherwise - Kerberos error codes
2758		*/
2759		krb5_error_code KRB5_CALLCONV
2760		krb5_cccol_unlock(krb5_context context);
2761	2679
2762	2680	/**
2763	2681	* Create a new credential cache of the specified type with a unique name.

3256	3174	* request used for user to user
3257	3175	* authentication.
3258	3176	* @li #AP_OPTS_MUTUAL_REQUIRED - Request a mutual authentication packet from
3259		* the reciever.
	3177	* the receiver.
3260	3178	* @li #AP_OPTS_USE_SUBKEY - Generate a subsession key from the current
3261	3179	* session key obtained from the credentials.
3262	3180	*

3394	3312	* @param [in] context Library context
3395	3313	* @param [in] auth_context Authentication context
3396	3314	* @param [in] inbuf @c KRB-SAFE message to be parsed
3397		* @param [out] outbuf Data parsed from @c KRB-SAFE message
3398		* @param [out] outdata Replay data. Specify NULL if not needed
	3315	* @param [out] userdata_out Data parsed from @c KRB-SAFE message
	3316	* @param [out] rdata_out Replay data. Specify NULL if not needed
3399	3317	*
3400	3318	* This function parses a @c KRB-SAFE message, verifies its integrity, and
3401		* stores its data into @a outbuf.
3402		*
3403		* @note The @a outdata argument is required if #KRB5_AUTH_CONTEXT_RET_TIME or
3404		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in the @a auth_context.
3405		*
3406		* @note @a auth_context must have a remote address set. This address will be
3407		* used to verify the sender address in the KRB-SAFE message. If @a
3408		* auth_context has a local address set, it will be used to verify the
3409		* receiver address in the KRB-SAFE message if the message contains one.
3410		* Both addresses must use type @c ADDRTYPE_ADDRPORT.
	3319	* stores its data into @a userdata_out.
	3320	*
	3321	* @note The @a rdata_out argument is required if the
	3322	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	3323	* in @a auth_context.
	3324	*
	3325	* If @a auth_context has a remote address set, the address will be used to
	3326	* verify the sender address in the KRB-SAFE message. If @a auth_context has a
	3327	* local address set, it will be used to verify the receiver address in the
	3328	* KRB-SAFE message if the message contains one.
3411	3329	*
3412	3330	* If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in @a auth_context, the
3413	3331	* sequence number of the KRB-SAFE message is checked against the remote
3414	3332	* sequence number field of @a auth_context. Otherwise, the sequence number is
3415	3333	* not used.
3416	3334	*
3417		* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context,
3418		* then two additional checks are performed:
3419		* @li The timestamp in the message must be within the permitted clock skew
3420		* (which is usually five minutes).
3421		* @li The message must not be a replayed message field in @a auth_context.
3422		*
3423		* Use krb5_free_data_contents() to free @a outbuf when it is no longer needed.
	3335	* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, then the
	3336	* timestamp in the message is verified to be within the permitted clock skew
	3337	* of the current time, and the message is checked against an in-memory replay
	3338	* cache to detect reflections or replays.
	3339	*
	3340	* Use krb5_free_data_contents() to free @a userdata_out when it is no longer
	3341	* needed.
3424	3342	*
3425	3343	* @retval 0 Success; otherwise - Kerberos error codes
3426	3344	*/
3427	3345	krb5_error_code KRB5_CALLCONV
3428	3346	krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
3429		const krb5_data inbuf, krb5_data outbuf,
3430		krb5_replay_data *outdata);
	3347	const krb5_data inbuf, krb5_data userdata_out,
	3348	krb5_replay_data *rdata_out);
3431	3349
3432	3350	/**
3433	3351	* Process a @c KRB-PRIV message.

3435	3353	* @param [in] context Library context
3436	3354	* @param [in] auth_context Authentication structure
3437	3355	* @param [in] inbuf @c KRB-PRIV message to be parsed
3438		* @param [out] outbuf Data parsed from @c KRB-PRIV message
3439		* @param [out] outdata Replay data. Specify NULL if not needed
	3356	* @param [out] userdata_out Data parsed from @c KRB-PRIV message
	3357	* @param [out] rdata_out Replay data. Specify NULL if not needed
3440	3358	*
3441	3359	* This function parses a @c KRB-PRIV message, verifies its integrity, and
3442		* stores its unencrypted data into @a outbuf.
3443		*
3444		* @note If the #KRB5_AUTH_CONTEXT_RET_TIME or
3445		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in @a auth_context, @a
3446		* outdata is required.
3447		*
3448		* @note @a auth_context must have a remote address set. This address will be
3449		* used to verify the sender address in the KRB-PRIV message. If @a
3450		* auth_context has a local address set, it will be used to verify the
3451		* receiver address in the KRB-PRIV message if the message contains one.
3452		* Both addresses must use type @c ADDRTYPE_ADDRPORT.
	3360	* stores its unencrypted data into @a userdata_out.
	3361	*
	3362	* @note The @a rdata_out argument is required if the
	3363	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	3364	* in @a auth_context.
	3365	*
	3366	* If @a auth_context has a remote address set, the address will be used to
	3367	* verify the sender address in the KRB-PRIV message. If @a auth_context has a
	3368	* local address set, it will be used to verify the receiver address in the
	3369	* KRB-PRIV message if the message contains one.
3453	3370	*
3454	3371	* If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in @a auth_context, the
3455		* sequence number of the KRB-SAFE message is checked against the remote
	3372	* sequence number of the KRB-PRIV message is checked against the remote
3456	3373	* sequence number field of @a auth_context. Otherwise, the sequence number is
3457	3374	* not used.
3458	3375	*
3459		* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context,
3460		* then two additional checks are performed:
3461		* @li The timestamp in the message must be within the permitted clock skew
3462		* (which is usually five minutes).
3463		* @li The message must not be a replayed message field in @a auth_context.
	3376	* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, then the
	3377	* timestamp in the message is verified to be within the permitted clock skew
	3378	* of the current time, and the message is checked against an in-memory replay
	3379	* cache to detect reflections or replays.
	3380	*
	3381	* Use krb5_free_data_contents() to free @a userdata_out when it is no longer
	3382	* needed.
3464	3383	*
3465	3384	* @retval 0 Success; otherwise - Kerberos error codes
3466	3385	*/
3467	3386	krb5_error_code KRB5_CALLCONV
3468	3387	krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
3469		const krb5_data inbuf, krb5_data outbuf,
3470		krb5_replay_data *outdata);
	3388	const krb5_data inbuf, krb5_data userdata_out,
	3389	krb5_replay_data *rdata_out);
3471	3390
3472	3391	/**
3473	3392	* Convert a string principal name to a krb5_principal structure.

4025	3944	* Generate a replay cache object for server use and open it.
4026	3945	*
4027	3946	* @param [in] context Library context
4028		* @param [in] piece Unique identifier for replay cache
	3947	* @param [in] piece Unused (replay cache identifier)
4029	3948	* @param [out] rcptr Handle to an open rcache
4030	3949	*
4031		* This function generates a replay cache name based on @a piece and opens a
4032		* handle to it. Typically @a piece is the first component of the service
4033		* principal name. Use krb5_rc_close() to close @a rcptr when it is no longer
4034		* needed.
	3950	* This function creates a handle to the default replay cache. Use
	3951	* krb5_rc_close() to close @a rcptr when it is no longer needed.
	3952	*
	3953	* @version Prior to release 1.18, this function creates a handle to a
	3954	* different replay cache for each unique value of @a piece.
4035	3955	*
4036	3956	* @retval 0 Success; otherwise - Kerberos error codes
4037	3957	*/

5329	5249	* @param [in] context Library context
5330	5250	* @param [in] auth_context Authentication context
5331	5251	* @param [in] userdata User data in the message
5332		* @param [out] outbuf Formatted @c KRB-SAFE buffer
5333		* @param [out] outdata Replay data. Specify NULL if not needed
	5252	* @param [out] der_out Formatted @c KRB-SAFE buffer
	5253	* @param [out] rdata_out Replay data. Specify NULL if not needed
5334	5254	*
5335	5255	* This function creates an integrity protected @c KRB-SAFE message
5336	5256	* using data supplied by the application.

5344	5264	* optional; if specified, it will be used to form the receiver address used in
5345	5265	* the message.
5346	5266	*
5347		* If #KRB5_AUTH_CONTEXT_DO_TIME flag is set in the @a auth_context, an entry
5348		* describing the message is entered in the replay cache @a
5349		* auth_context->rcache which enables the caller to detect if this message is
5350		* reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, the
5351		* replay cache is not used.
5352		*
5353		* If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or
5354		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the @a auth_context local sequence
5355		* number will be placed in @a outdata as its sequence number.
5356		*
5357		* @note The @a outdata argument is required if #KRB5_AUTH_CONTEXT_RET_TIME or
5358		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in the @a auth_context.
5359		*
5360		* Use krb5_free_data_contents() to free @a outbuf when it is no longer needed.
	5267	* @note The @a rdata_out argument is required if the
	5268	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	5269	* in @a auth_context.
	5270	*
	5271	* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, a
	5272	* timestamp is included in the KRB-SAFE message, and an entry for the message
	5273	* is entered in an in-memory replay cache to detect if the message is
	5274	* reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no
	5275	* replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
	5276	* auth_context, a timestamp is included in the KRB-SAFE message and is stored
	5277	* in @a rdata_out.
	5278	*
	5279	* If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5280	* is set, the @a auth_context local sequence number is included in the
	5281	* KRB-SAFE message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5282	* is set, the sequence number used is stored in @a rdata_out.
	5283	*
	5284	* Use krb5_free_data_contents() to free @a der_out when it is no longer
	5285	* needed.
5361	5286	*
5362	5287	* @retval 0 Success; otherwise - Kerberos error codes
5363	5288	*/
5364	5289	krb5_error_code KRB5_CALLCONV
5365	5290	krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
5366		const krb5_data userdata, krb5_data outbuf,
5367		krb5_replay_data *outdata);
	5291	const krb5_data userdata, krb5_data der_out,
	5292	krb5_replay_data *rdata_out);
5368	5293
5369	5294	/**
5370	5295	* Format a @c KRB-PRIV message.

5372	5297	* @param [in] context Library context
5373	5298	* @param [in] auth_context Authentication context
5374	5299	* @param [in] userdata User data for @c KRB-PRIV message
5375		* @param [out] outbuf Formatted @c KRB-PRIV message
5376		* @param [out] outdata Replay cache handle (NULL if not needed)
	5300	* @param [out] der_out Formatted @c KRB-PRIV message
	5301	* @param [out] rdata_out Replay data (NULL if not needed)
5377	5302	*
5378	5303	* This function is similar to krb5_mk_safe(), but the message is encrypted and
5379	5304	* integrity-protected, not just integrity-protected.
5380	5305	*
5381	5306	* The local address in @a auth_context must be set, and is used to form the
5382		* sender address used in the KRB-SAFE message. The remote address is
	5307	* sender address used in the KRB-PRIV message. The remote address is
5383	5308	* optional; if specified, it will be used to form the receiver address used in
5384	5309	* the message.
5385	5310	*
5386		* @note If the #KRB5_AUTH_CONTEXT_RET_TIME or
5387		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in @a auth_context, the @a
5388		* outdata is required.
5389		*
5390		* @note The flags from @a auth_context specify whether sequence numbers or
5391		* timestamps will be used to identify the message. Valid values are:
5392		*
5393		* @li #KRB5_AUTH_CONTEXT_DO_TIME - Use timestamps in @a outdata
5394		* @li #KRB5_AUTH_CONTEXT_RET_TIME - Copy timestamp to @a outdata.
5395		* @li #KRB5_AUTH_CONTEXT_DO_SEQUENCE - Use local sequence numbers from
5396		* @a auth_context in replay cache.
5397		* @li #KRB5_AUTH_CONTEXT_RET_SEQUENCE - Use local sequence numbers from
5398		* @a auth_context as a sequence number
5399		* in the encrypted message @a outbuf.
	5311	* @note The @a rdata_out argument is required if the
	5312	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	5313	* in @a auth_context.
	5314	*
	5315	* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, a
	5316	* timestamp is included in the KRB-PRIV message, and an entry for the message
	5317	* is entered in an in-memory replay cache to detect if the message is
	5318	* reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no
	5319	* replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
	5320	* auth_context, a timestamp is included in the KRB-PRIV message and is stored
	5321	* in @a rdata_out.
	5322	*
	5323	* If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5324	* is set, the @a auth_context local sequence number is included in the
	5325	* KRB-PRIV message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5326	* is set, the sequence number used is stored in @a rdata_out.
	5327	*
	5328	* Use krb5_free_data_contents() to free @a der_out when it is no longer
	5329	* needed.
5400	5330	*
5401	5331	* @retval 0 Success; otherwise - Kerberos error codes
5402	5332	*/
5403	5333	krb5_error_code KRB5_CALLCONV
5404	5334	krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
5405		const krb5_data userdata, krb5_data outbuf,
5406		krb5_replay_data *outdata);
	5335	const krb5_data userdata, krb5_data der_out,
	5336	krb5_replay_data *rdata_out);
5407	5337
5408	5338	/**
5409	5339	* Client function for @c sendauth protocol.

5521	5451	*
5522	5452	* @param [in] context Library context
5523	5453	* @param [in] auth_context Authentication context
5524		* @param [in] ppcreds Null-terminated array of credentials
5525		* @param [out] ppdata Encoded credentials
5526		* @param [out] outdata Replay cache information (NULL if not needed)
5527		*
5528		* This function takes an array of credentials @a ppcreds and formats
5529		* a @c KRB-CRED message @a ppdata to pass to krb5_rd_cred().
5530		*
5531		* @note If the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
5532		* flag is set in @a auth_context, @a outdata is required.
	5454	* @param [in] creds Null-terminated array of credentials
	5455	* @param [out] der_out Encoded credentials
	5456	* @param [out] rdata_out Replay cache information (NULL if not needed)
	5457	*
	5458	* This function takes an array of credentials @a creds and formats
	5459	* a @c KRB-CRED message @a der_out to pass to krb5_rd_cred().
	5460	*
	5461	* The local and remote addresses in @a auth_context are optional; if either is
	5462	* specified, they are used to form the sender and receiver addresses in the
	5463	* KRB-CRED message.
	5464	*
	5465	* @note The @a rdata_out argument is required if the
	5466	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	5467	* in @a auth_context.
	5468	*
	5469	* If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, an entry
	5470	* for the message is entered in an in-memory replay cache to detect if the
	5471	* message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not
	5472	* set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
	5473	* auth_context, the timestamp used for the KRB-CRED message is stored in @a
	5474	* rdata_out.
	5475	*
	5476	* If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5477	* is set, the @a auth_context local sequence number is included in the
	5478	* KRB-CRED message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
	5479	* is set, the sequence number used is stored in @a rdata_out.
	5480	*
	5481	* Use krb5_free_data_contents() to free @a der_out when it is no longer
	5482	* needed.
5533	5483	*
5534	5484	* The message will be encrypted using the send subkey of @a auth_context if it
5535		* is present, or the session key otherwise.
	5485	* is present, or the session key otherwise. If neither key is present, the
	5486	* credentials will not be encrypted, and the message should only be sent over
	5487	* a secure channel. No replay cache entry is used in this case.
5536	5488	*
5537	5489	* @retval
5538	5490	* 0 Success

5545	5497	*/
5546	5498	krb5_error_code KRB5_CALLCONV
5547	5499	krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
5548		krb5_creds ppcreds, krb5_data ppdata,
5549		krb5_replay_data *outdata);
	5500	krb5_creds creds, krb5_data der_out,
	5501	krb5_replay_data *rdata_out);
5550	5502
5551	5503	/**
5552	5504	* Format a @c KRB-CRED message for a single set of credentials.
5553	5505	*
5554	5506	* @param [in] context Library context
5555	5507	* @param [in] auth_context Authentication context
5556		* @param [in] pcreds Pointer to credentials
5557		* @param [out] ppdata Encoded credentials
5558		* @param [out] outdata Replay cache data (NULL if not needed)
	5508	* @param [in] creds Pointer to credentials
	5509	* @param [out] der_out Encoded credentials
	5510	* @param [out] rdata_out Replay cache data (NULL if not needed)
5559	5511	*
5560	5512	* This is a convenience function that calls krb5_mk_ncred() with a single set
5561	5513	* of credentials.

5571	5523	*/
5572	5524	krb5_error_code KRB5_CALLCONV
5573	5525	krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context,
5574		krb5_creds pcreds, krb5_data *ppdata,
5575		krb5_replay_data *outdata);
	5526	krb5_creds creds, krb5_data *der_out,
	5527	krb5_replay_data *rdata_out);
5576	5528
5577	5529	/**
5578	5530	* Read and validate a @c KRB-CRED message.
5579	5531	*
5580	5532	* @param [in] context Library context
5581	5533	* @param [in] auth_context Authentication context
5582		* @param [in] pcreddata @c KRB-CRED message
5583		* @param [out] pppcreds Null-terminated array of forwarded credentials
5584		* @param [out] outdata Replay data (NULL if not needed)
5585		*
5586		* @note The @a outdata argument is required if #KRB5_AUTH_CONTEXT_RET_TIME or
5587		* #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in the @a auth_context.`
5588		*
5589		* @a pcreddata will be decrypted using the receiving subkey if it is present
5590		* in @a auth_context, or the session key if the receiving subkey is not
5591		* present or fails to decrypt the message.
5592		*
5593		* Use krb5_free_tgt_creds() to free @a pppcreds when it is no longer needed.
	5534	* @param [in] creddata @c KRB-CRED message
	5535	* @param [out] creds_out Null-terminated array of forwarded credentials
	5536	* @param [out] rdata_out Replay data (NULL if not needed)
	5537	*
	5538	* @note The @a rdata_out argument is required if the
	5539	* #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
	5540	* in @a auth_context.`
	5541	*
	5542	* @a creddata will be decrypted using the receiving subkey if it is present in
	5543	* @a auth_context, or the session key if the receiving subkey is not present
	5544	* or fails to decrypt the message.
	5545	*
	5546	* Use krb5_free_tgt_creds() to free @a creds_out when it is no longer needed.
5594	5547	*
5595	5548	* @retval 0 Success; otherwise - Kerberos error codes
5596	5549	*/
5597	5550	krb5_error_code KRB5_CALLCONV
5598	5551	krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
5599		krb5_data pcreddata, krb5_creds **pppcreds,
5600		krb5_replay_data *outdata);
	5552	krb5_data creddata, krb5_creds **creds_out,
	5553	krb5_replay_data *rdata_out);
5601	5554
5602	5555	/**
5603	5556	* Get a forwarded TGT and format a @c KRB-CRED message.

6039	5992	*
6040	5993	* This function sets the replay cache in @a auth_context to @a rcache. @a
6041	5994	* rcache will be closed when @a auth_context is freed, so the caller should
6042		* relinguish that responsibility.
	5995	* relinquish that responsibility.
6043	5996	*
6044	5997	* @retval 0 Success; otherwise - Kerberos error codes
6045	5998	*/

8384	8337	const krb5_keyblock *privsvr_key, krb5_boolean with_realm,
8385	8338	krb5_data *data);
8386	8339
8387		/**
8388		* Allow the appplication to override the profile's allow_weak_crypto setting.
	8340
	8341	/*
	8342	* Read client information from a PAC.
	8343	*
	8344	* @param [in] context Library context
	8345	* @param [in] pac PAC handle
	8346	* @param [out] authtime_out Authentication timestamp (NULL if not needed)
	8347	* @param [out] princname_out Client account name
	8348	*
	8349	* Read the PAC_CLIENT_INFO buffer in @a pac. Place the client account name as
	8350	* a string in @a princname_out. If @a authtime_out is not NULL, place the
	8351	* initial authentication timestamp in @a authtime_out.
	8352	*
	8353	* @retval 0 on success, ENOENT if no PAC_CLIENT_INFO buffer is present in @a
	8354	* pac, ERANGE if the buffer contains invalid lengths.
	8355	*
	8356	* @version New in 1.18
	8357	*/
	8358	krb5_error_code KRB5_CALLCONV
	8359	krb5_pac_get_client_info(krb5_context context, const krb5_pac pac,
	8360	krb5_timestamp authtime_out, char *princname_out);
	8361
	8362	/**
	8363	* Allow the application to override the profile's allow_weak_crypto setting.
8389	8364	*
8390	8365	* @param [in] context Library context
8391	8366	* @param [in] enable Boolean flag

+0

-12

src/include/win-mac.h less more

175	175	#define HAVE_STDLIB_H
176	176	#endif
177	177
178		/* This controls which encryption routines libcrypto will provide */
179		#define PROVIDE_DES_CBC_MD5
180		#define PROVIDE_DES_CBC_CRC
181		#define PROVIDE_DES_CBC_RAW
182		#define PROVIDE_DES_CBC_CKSUM
183		#define PROVIDE_CRC32
184		#define PROVIDE_RSA_MD4
185		#define PROVIDE_RSA_MD5
186		/* #define PROVIDE_DES3_CBC_SHA */
187		/* #define PROVIDE_DES3_CBC_RAW */
188		/* #define PROVIDE_NIST_SHA */
189
190	178	/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o
191	179	* routines directly. Rather, they only export the _<function> version.
192	180	* The following defines works around this problem.

+17

-7

src/kadmin/cli/kadmin.c less more

796	796	char **db_args = NULL;
797	797	int db_args_size = 0;
798	798
799		if (argc < 2) {
	799	if (argc < 1) {
800	800	cpw_usage(NULL);
801	801	return;
802	802	}
803		for (argv++, argc--; argc > 1; argc--, argv++) {
	803	for (argv++, argc--; argc > 0 && **argv == '-'; argc--, argv++) {
804	804	if (!strcmp("-x", *argv)) {
805	805	argc--;
806	806	if (argc < 1) {

840	840	goto cleanup;
841	841	}
842	842	} else {
	843	com_err("change_password", 0, _("unrecognized option %s"), *argv);
843	844	cpw_usage(NULL);
844	845	goto cleanup;
845	846	}
846	847	}
847		if (*argv == NULL) {
848		com_err("change_password", 0, _("missing principal name"));
	848	if (argc != 1) {
	849	if (argc < 1)
	850	com_err("change_password", 0, _("missing principal name"));
	851	else
	852	com_err("change_password", 0, _("too many arguments"));
849	853	cpw_usage(NULL);
850	854	goto cleanup;
851	855	}

1224	1228	/* If the policy "default" exists, assign it. */
1225	1229	if (policy_exists("default")) {
1226	1230	if (!script_mode) {
1227		fprintf(stderr, _("NOTICE: no policy specified for %s; "
	1231	fprintf(stderr, _("No policy specified for %s; "
1228	1232	"assigning \"default\"\n"), canon);
1229	1233	}
1230	1234	princ.policy = "default";
1231	1235	mask \|= KADM5_POLICY;
1232	1236	} else if (!script_mode) {
1233		fprintf(stderr, _("WARNING: no policy specified for %s; "
	1237	fprintf(stderr, _("No policy specified for %s; "
1234	1238	"defaulting to no policy\n"), canon);
1235	1239	}
1236	1240	}

1450	1454	for (i = 0; i < dprinc.n_key_data; i++) {
1451	1455	krb5_key_data *key_data = &dprinc.key_data[i];
1452	1456	char enctype[BUFSIZ], salttype[BUFSIZ];
	1457	char *deprecated = "";
1453	1458
1454	1459	if (krb5_enctype_to_name(key_data->key_data_type[0], FALSE,
1455	1460	enctype, sizeof(enctype)))
1456	1461	snprintf(enctype, sizeof(enctype), _("<Encryption type 0x%x>"),
1457	1462	key_data->key_data_type[0]);
1458		printf("Key: vno %d, %s", key_data->key_data_kvno, enctype);
	1463	if (!krb5_c_valid_enctype(key_data->key_data_type[0]))
	1464	deprecated = "UNSUPPORTED:";
	1465	else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
	1466	deprecated = "DEPRECATED:";
	1467	printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated,
	1468	enctype);
1459	1469	if (key_data->key_data_ver > 1 &&
1460	1470	key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_NORMAL) {
1461	1471	if (krb5_salttype_to_string(key_data->key_data_type[1],

+6

-103

src/kadmin/dbutil/dump.c less more

474	474	fprintf(arg->ofile, "\n");
475	475	}
476	476
477		static void
478		print_key_data(FILE f, krb5_key_data kd)
479		{
480		int c;
481
482		fprintf(f, "%d\t%d\t", kd->key_data_type[0], kd->key_data_length[0]);
483		for (c = 0; c < kd->key_data_length[0]; c++)
484		fprintf(f, "%02x ", kd->key_data_contents[0][c]);
485		}
486
487		/* Output osa_adb_princ_ent data in a printable serialized format, suitable for
488		* ovsec_adm_import consumption. */
489		static krb5_error_code
490		dump_ov_princ(krb5_context context, krb5_db_entry entry, const char name,
491		FILE *fp, krb5_boolean verbose, krb5_boolean omit_nra)
492		{
493		char *princstr;
494		unsigned int x;
495		int y, foundcrc;
496		krb5_tl_data tl_data;
497		osa_princ_ent_rec adb;
498		XDR xdrs;
499		krb5_key_data *key_data;
500
501		tl_data.tl_data_type = KRB5_TL_KADM_DATA;
502		if (krb5_dbe_lookup_tl_data(context, entry, &tl_data) \|\|
503		tl_data.tl_data_length == 0)
504		return 0;
505
506		memset(&adb, 0, sizeof(adb));
507		xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
508		tl_data.tl_data_length, XDR_DECODE);
509		if (!xdr_osa_princ_ent_rec(&xdrs, &adb)) {
510		xdr_destroy(&xdrs);
511		return KADM5_XDR_FAILURE;
512		}
513		xdr_destroy(&xdrs);
514
515		krb5_unparse_name(context, entry->princ, &princstr);
516		fprintf(fp, "princ\t%s\t", princstr);
517		if (adb.policy == NULL)
518		fputc('\t', fp);
519		else
520		fprintf(fp, "%s\t", adb.policy);
521		fprintf(fp, "%lx\t%d\t%d\t%d", adb.aux_attributes, adb.old_key_len,
522		adb.old_key_next, adb.admin_history_kvno);
523
524		for (x = 0; x < adb.old_key_len; x++) {
525		foundcrc = 0;
526		for (y = 0; y < adb.old_keys[x].n_key_data; y++) {
527		key_data = &adb.old_keys[x].key_data[y];
528		if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC)
529		continue;
530		if (foundcrc) {
531		fprintf(stderr, _("Warning! Multiple DES-CBC-CRC keys for "
532		"principal %s; skipping duplicates.\n"),
533		princstr);
534		continue;
535		}
536		foundcrc++;
537
538		fputc('\t', fp);
539		print_key_data(fp, key_data);
540		}
541		if (!foundcrc) {
542		fprintf(stderr, _("Warning! No DES-CBC-CRC key for principal %s, "
543		"cannot generate OV-compatible record; "
544		"skipping\n"), princstr);
545		}
546		}
547
548		fputc('\n', fp);
549		free(princstr);
550		xdr_free(xdr_osa_princ_ent_rec, &adb);
551		return 0;
552		}
553
554	477	static krb5_error_code
555	478	dump_iterator(void ptr, krb5_db_entry entry)
556	479	{

1092	1015	}
1093	1016
1094	1017	static int
1095		process_ov_record(krb5_context context, const char fname, FILE filep,
1096		krb5_boolean verbose, int *linenop)
1097		{
1098		return process_tagged(context, fname, filep, verbose, linenop,
1099		process_ov_principal, process_k5beta7_policy);
1100		}
1101
1102		static int
1103	1018	process_r1_8_record(krb5_context context, const char fname, FILE filep,
1104	1019	krb5_boolean verbose, int *linenop)
1105	1020	{

1124	1039	dump_k5beta7_princ,
1125	1040	dump_k5beta7_policy,
1126	1041	process_k5beta7_record,
1127		};
1128		dump_version ov_version = {
1129		"OpenV*Secure V1.0",
1130		"OpenV*Secure V1.0\t",
1131		1,
1132		0,
1133		0,
1134		dump_ov_princ,
1135		dump_k5beta7_policy,
1136		process_ov_record
1137	1042	};
1138	1043	dump_version r1_3_version = {
1139	1044	"Kerberos version 5 release 1.3",

1257	1162
1258	1163	/*
1259	1164	* usage is:
1260		* dump_db [-b7] [-ov] [-r13] [-r18] [-verbose] [-mkey_convert]
	1165	* dump_db [-b7] [-r13] [-r18] [-verbose] [-mkey_convert]
1261	1166	* [-new_mkey_file mkey_file] [-rev] [-recurse]
1262	1167	* [filename [principals...]]
1263	1168	*/

1292	1197	if (!strcmp(argv[aindex], "-b7")) {
1293	1198	dump = &beta7_version;
1294	1199	} else if (!strcmp(argv[aindex], "-ov")) {
1295		dump = &ov_version;
	1200	fprintf(stderr, _("OV dump format not supported\n"));
	1201	goto error;
1296	1202	} else if (!strcmp(argv[aindex], "-r13")) {
1297	1203	dump = &r1_3_version;
1298	1204	} else if (!strcmp(argv[aindex], "-r18")) {

1505	1411	}
1506	1412
1507	1413	/*
1508		* Usage: load_db [-ov] [-b7] [-r13] [-r18] [-verbose] [-update] [-hash]
1509		* filename
	1414	* Usage: load_db [-b7] [-r13] [-r18] [-verbose] [-update] [-hash] filename
1510	1415	*/
1511	1416	void
1512	1417	load_db(int argc, char **argv)

1530	1435	if (!strcmp(argv[aindex], "-b7")){
1531	1436	load = &beta7_version;
1532	1437	} else if (!strcmp(argv[aindex], "-ov")) {
1533		load = &ov_version;
	1438	fprintf(stderr, _("OV dump format not supported\n"));
	1439	goto error;
1534	1440	} else if (!strcmp(argv[aindex], "-r13")) {
1535	1441	load = &r1_3_version;
1536	1442	} else if (!strcmp(argv[aindex], "-r18")){

1595	1501	load = &r1_8_version;
1596	1502	} else if (strcmp(buf, r1_11_version.header) == 0) {
1597	1503	load = &r1_11_version;
1598		} else if (strncmp(buf, ov_version.header,
1599		strlen(ov_version.header)) == 0) {
1600		load = &ov_version;
1601	1504	} else {
1602	1505	fprintf(stderr, _("%s: dump header bad in %s\n"), progname,
1603	1506	dumpfile);

+1

-11

src/kadmin/dbutil/kdb5_create.c less more

65	65	TGT_KEY /* special handling for tgt key */
66	66	};
67	67
68		krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL };
69
70	68	struct realm_info {
71	69	krb5_deltat max_life;
72	70	krb5_deltat max_rlife;

75	73	krb5_keyblock *key;
76	74	krb5_int32 nkslist;
77	75	krb5_key_salt_tuple *kslist;
78		} rblock = { /* XXX */
79		KRB5_KDB_MAX_LIFE,
80		KRB5_KDB_MAX_RLIFE,
81		KRB5_KDB_EXPIRATION,
82		KRB5_KDB_DEF_FLAGS,
83		(krb5_keyblock *) NULL,
84		1,
85		&def_kslist
86		};
	76	} rblock;
87	77
88	78	struct iterate_args {
89	79	krb5_context ctx;

+0

-2

src/kadmin/dbutil/kdb5_mkey.c less more

1239	1239	if (actkvno_entry == actkvno_list) {
1240	1240	/* remove from head */
1241	1241	actkvno_list = actkvno_entry->next;
1242		prev_actkvno_entry = actkvno_list;
1243	1242	} else if (actkvno_entry->next == NULL) {
1244	1243	/* remove from tail */
1245	1244	prev_actkvno_entry->next = NULL;

1262	1261	if (mkey_aux_entry->mkey_kvno == args.kvnos[j].kvno) {
1263	1262	if (mkey_aux_entry == mkey_aux_list) {
1264	1263	mkey_aux_list = mkey_aux_entry->next;
1265		prev_mkey_aux_entry = mkey_aux_list;
1266	1264	} else if (mkey_aux_entry->next == NULL) {
1267	1265	prev_mkey_aux_entry->next = NULL;
1268	1266	} else {

+6

-9

src/kadmin/dbutil/kdb5_util.c less more

84	84	"\tcreate [-s]\n"
85	85	"\tdestroy [-f]\n"
86	86	"\tstash [-f keyfile]\n"
87		"\tdump [-old\|-ov\|-b6\|-b7\|-r13\|-r18] [-verbose]\n"
	87	"\tdump [-old\|-b6\|-b7\|-r13\|-r18] [-verbose]\n"
88	88	"\t [-mkey_convert] [-new_mkey_file mkey_file]\n"
89	89	"\t [-rev] [-recurse] [filename [princs...]]\n"
90		"\tload [-old\|-ov\|-b6\|-b7\|-r13\|-r18] [-verbose] [-update] "
	90	"\tload [-old\|-b6\|-b7\|-r13\|-r18] [-verbose] [-update] "
91	91	"filename\n"
92	92	"\tark [-e etype_list] principal\n"
93	93	"\tadd_mkey [-e etype] [-s]\n"

221	221	exit(1);
222	222	}
223	223	memset(cmd_argv, 0, sizeof(char )argc);
224		cmd_argc = 1;
	224	cmd_argc = 0;
225	225
226	226	argv++; argc--;
227	227	while (*argv) {

287	287	manual_mkey = TRUE;
288	288	global_params.mkey_from_kbd = 1;
289	289	global_params.mask \|= KADM5_CONFIG_MKEY_FROM_KBD;
290		} else if (cmd_lookup(*argv) != NULL) {
291		if (cmd_argv[0] == NULL)
292		cmd_argv[0] = *argv;
293		else
294		usage();
295	290	} else {
296	291	cmd_argv[cmd_argc++] = *argv;
297	292	}

299	294	}
300	295
301	296	if (cmd_argv[0] == NULL)
	297	usage();
	298	cmd = cmd_lookup(cmd_argv[0]);
	299	if (cmd == NULL)
302	300	usage();
303	301
304	302	if( !util_context->default_realm )

334	332	"while setting up enctype %d", master_keyblock.enctype);
335	333	}
336	334
337		cmd = cmd_lookup(cmd_argv[0]);
338	335	if (cmd->opendb && open_db_and_mkey())
339	336	return exit_status;
340	337

+2

-9

src/kadmin/ktutil/ktutil.c less more

97	97	int argc;
98	98	char *argv[];
99	99	{
100		krb5_error_code retval;
101
102		if (argc != 2) {
103		fprintf(stderr, _("%s: must specify the srvtab to read\n"), argv[0]);
104		return;
105		}
106		retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
107		if (retval)
108		com_err(argv[0], retval, _("while reading srvtab \"%s\""), argv[1]);
	100	fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"),
	101	argv[0]);
109	102	}
110	103
111	104	void ktutil_write_v5(argc, argv)

+0

-4

src/kadmin/ktutil/ktutil.h less more

49	49	krb5_kt_list,
50	50	char *);
51	51
52		krb5_error_code ktutil_read_srvtab (krb5_context,
53		char *,
54		krb5_kt_list *);
55
56	52	void ktutil_add_entry (int, char *[]);
57	53
58	54	void ktutil_clear_list (int, char *[]);

+2

-2

src/kadmin/ktutil/ktutil_ct.ct less more

31	31	request ktutil_read_v5, "Read a krb5 keytab into the current keylist.",
32	32	read_kt, rkt;
33	33
34		request ktutil_read_v4, "Read a krb4 srvtab into the current keylist.",
	34	request ktutil_read_v4, "Deprecated and removed.",
35	35	read_st, rst;
36	36
37	37	request ktutil_write_v5, "Write the current keylist to a krb5 keytab.",
38	38	write_kt, wkt;
39	39
40		request ktutil_write_v4, "Write the current keylist to a krb4 srvtab.",
	40	request ktutil_write_v4, "Deprecated and removed.",
41	41	write_st, wst;
42	42
43	43	request ktutil_add_entry, "Add an entry to the current keylist.",

+0

-19

src/kadmin/ktutil/ktutil_funcs.c less more

367	367	krb5_kt_close(context, kt);
368	368	return retval;
369	369	}
370
371		/*
372		* Read in a named krb4 srvtab and append to list. Allocate new list
373		* if needed.
374		*/
375		krb5_error_code ktutil_read_srvtab(context, name, list)
376		krb5_context context;
377		char *name;
378		krb5_kt_list *list;
379		{
380		char *ktname;
381		krb5_error_code result;
382
383		if (asprintf(&ktname, "SRVTAB:%s", name) < 0)
384		return ENOMEM;
385		result = ktutil_read_keytab(context, ktname, list);
386		free(ktname);
387		return result;
388		}

+0

-4

src/kadmin/server/ipropd_svc.c less more

262	262	int pret, fret;
263	263	FILE *p;
264	264	kadm5_server_handle_t handle = global_server_handle;
265		OM_uint32 min_stat;
266		gss_name_t name = NULL;
267	265	char client_name = NULL, service_name = NULL;
268	266	char *whoami = "iprop_full_resync_1";
269	267

439	437	debprret(whoami, ret.ret, 0);
440	438	free(client_name);
441	439	free(service_name);
442		if (name)
443		gss_release_name(&min_stat, &name);
444	440	free(ubuf);
445	441	return (&ret);
446	442	}

+0

-7

src/kadmin/server/kadm_rpc_svc.c less more

52	52	mpol_arg modify_policy_2_arg;
53	53	gpol_arg get_policy_2_arg;
54	54	setkey_arg setkey_principal_2_arg;
55		setv4key_arg setv4key_principal_2_arg;
56	55	cprinc3_arg create_principal3_2_arg;
57	56	chpass3_arg chpass_principal3_2_arg;
58	57	chrand3_arg chrand_principal3_2_arg;

133	132	local = (bool_t (*)()) chpass_principal_2_svc;
134	133	break;
135	134
136		case SETV4KEY_PRINCIPAL:
137		xdr_argument = xdr_setv4key_arg;
138		xdr_result = xdr_generic_ret;
139		local = (bool_t (*)()) setv4key_principal_2_svc;
140		break;
141
142	135	case SETKEY_PRINCIPAL:
143	136	xdr_argument = xdr_setkey_arg;
144	137	xdr_result = xdr_generic_ret;

+1

-1

src/kadmin/server/ovsec_kadmd.c less more

226	226	{14, "GET_PRINCS"},
227	227	{15, "GET_POLS"},
228	228	{16, "SETKEY_PRINCIPAL"},
229		{17, "SETV4KEY_PRINCIPAL"},
	229	/* 17 was "SETV4KEY_PRINCIPAL" */
230	230	{18, "CREATE_PRINCIPAL3"},
231	231	{19, "CHPASS_PRINCIPAL3"},
232	232	{20, "CHRAND_PRINCIPAL3"},

+0

-50

src/kadmin/server/server_stubs.c less more

893	893	}
894	894
895	895	bool_t
896		setv4key_principal_2_svc(setv4key_arg arg, generic_ret ret,
897		struct svc_req *rqstp)
898		{
899		char *prime_arg = NULL;
900		gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
901		gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
902		kadm5_server_handle_t handle;
903		const char *errmsg = NULL;
904
905		ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
906		&ret->api_version, &client_name, &service_name,
907		&prime_arg);
908		if (ret->code)
909		goto exit_func;
910
911		ret->code = check_lockdown_keys(handle, arg->princ);
912		if (ret->code != KADM5_OK) {
913		if (ret->code == KADM5_PROTECT_KEYS) {
914		log_unauth("kadm5_setv4key_principal", prime_arg, &client_name,
915		&service_name, rqstp);
916		ret->code = KADM5_AUTH_SETKEY;
917		}
918		} else if (!(CHANGEPW_SERVICE(rqstp)) &&
919		stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
920		ret->code = kadm5_setv4key_principal(handle, arg->princ,
921		arg->keyblock);
922		} else {
923		log_unauth("kadm5_setv4key_principal", prime_arg,
924		&client_name, &service_name, rqstp);
925		ret->code = KADM5_AUTH_SETKEY;
926		}
927
928		if (ret->code != KADM5_AUTH_SETKEY) {
929		if (ret->code != 0)
930		errmsg = krb5_get_error_message(handle->context, ret->code);
931
932		log_done("kadm5_setv4key_principal", prime_arg, errmsg,
933		&client_name, &service_name, rqstp);
934
935		if (errmsg != NULL)
936		krb5_free_error_message(handle->context, errmsg);
937		}
938
939		exit_func:
940		stub_cleanup(handle, prime_arg, &client_name, &service_name);
941		return TRUE;
942		}
943
944
945		bool_t
946	896	setkey_principal_2_svc(setkey_arg arg, generic_ret ret,
947	897	struct svc_req *rqstp)
948	898	{

+1

-1

src/kadmin/testing/Makefile.in less more

4	4	all:
5	5
6	6	clean:
7		-$(RM) -r krb5-test-root admin_* init-* kadmin_* kdc_rcache.* ovsec-*
	7	-$(RM) -r krb5-test-root admin_* init-* .rcache2 ovsec-

+1

-1

src/kadmin/testing/proto/kdc.conf.proto less more

11	11	kadmind_port = 1751
12	12	kpasswd_port = 1752
13	13	master_key_type = des3-hmac-sha1
14		supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-md5:normal des-cbc-raw:normal
	14	supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal
15	15	}

+1

-1

src/kadmin/testing/proto/krb5.conf.proto less more

0	0	[libdefaults]
1	1	default_realm = __REALM__
2		default_keytab_name = FILE:__K5ROOT__/v5srvtab
	2	default_keytab_name = FILE:__K5ROOT__/keytab
3	3	dns_fallback = no
4	4	plugin_base_dir = __PLUGIN_DIR__
5	5	allow_weak_crypto = true

+2

-15

src/kadmin/testing/scripts/Makefile.in less more

0	0	mydir=kadmin$(S)testing$(S)scripts
1	1	BUILDTOP=$(REL)..$(S)..$(S)..
2		PERL_PATH=@PERL_PATH@
3	2
4		.SUFFIXES: .plin .pl
5
6		GEN_SCRIPTS = compare_dump.pl make-host-keytab.pl \
7		simple_dump.pl verify_xrunner_report.pl qualname.pl
8
9		all: env-setup.sh $(GEN_SCRIPTS)
	3	all: env-setup.sh runenv.sh $(GEN_SCRIPTS)
10	4
11	5	# Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5
12	6	# makefile post-processing is unconditional and would trash the makefile.

19	13	chmod +x env-setup.sh
20	14	touch env-setup.stamp
21	15
22		.plin.pl:
23		-rm -f $@.tmp
24		echo "#!$(PERL_PATH)" > $@.tmp
25		sed 1d $< >> $@.tmp
26		chmod +x $@.tmp
27		mv $@.tmp $@
28
29	16	clean:
30		-rm -f $(GEN_SCRIPTS) *.tmp env-setup.sh env-setup.stamp
	17	-rm -f env-setup.sh env-setup.stamp

+0

-242

~~src/kadmin/testing/scripts/compare_dump.plin~~ less more

0		#!/usr/local/bin/perl
1
2		#
3		# $Id$
4		#
5
6		# $debug = 1;
7
8		sub usage { die "usage: $0 before after changes\n";}
9
10		sub unique {
11		local(@list) = @_;
12		local(%ary);
13
14		print "unique? ",join(" ",@list),"\n" if $debug;
15
16		foreach (@list) {
17		return(0) if $ary{$_}++;
18		}
19
20		1;
21		}
22
23		$before = shift(@ARGV) \|\| &usage;
24		$debug++ if $before =~ /^-d/;
25		$before = shift(@ARGV) \|\| &usage if $debug;
26		$after = shift(@ARGV) \|\| &usage;
27		$changes = shift(@ARGV) \|\| &usage;
28		@ARGV && &usage;
29
30		%policy =
31		(
32		"FIRST",2,
33		"pw_min_life",2,
34		"pw_max_life",3,
35		"pw_min_length",4,
36		"pw_min_classes",5,
37		"pw_history_num",6,
38		"policy_refcnt",7,
39		"LAST",7,
40		);
41
42		%princ =
43		(
44		"FIRST",2,
45		"kvno",2,
46		"mod_name",3,
47		"max_life",4,
48		"princ_expire_time",5,
49		"expiration",5,
50		"pw_expiration",6,
51		"attributes",7,
52		"policy",8,
53		"aux_attributes",9,
54		"LAST",9,
55		);
56
57		%keytab =
58		(
59		"LAST",-1,
60		);
61
62		sub re { # @_ = ($cnt, $line)
63		local($cnt, $line) = @_;
64		local(@fields) = split(' ',$line);
65
66		@list = ('\S+') x $cnt;
67		for $f (@fields[3..$#fields]) {
68		($f =~ /=/) \|\| die "Bad field: $f in $_";
69		if (!defined($this{$`})) { die "Bad parameter $` in $_"; }
70
71		if (($list[$this{$`}] = $') eq '\S+') {
72		$list[$this{$`}] = '[^\s]+';
73		}
74		}
75
76		join('\s+',@list)."\$";
77		}
78
79		open(CHANGES, $changes) \|\| die "Couldn't open $changes: $!\n";
80
81		while(<CHANGES>) {
82		next if s/^\s\#\#\!\s\#//;
83		next if !s/^\s\#\#\!\s//;
84
85		split;
86
87		if ($_[1] =~ /princ/) {
88		%this = %princ;
89		$this = "princ";
90		} elsif ($_[1] =~ /policy/) {
91		%this = %policy;
92		$this = "policy";
93		} elsif ($_[1] =~ /keytab/) {
94		%this = %keytab;
95		$this = $_[1];
96		} else {
97		die "Bad line: $_";
98		}
99
100		$cnt = $this{"LAST"}+1;
101
102		if ($_[0] =~ /add/) {
103		$diff{"+$this\t$_[2]"} = &re($cnt,$_);
104		} elsif ($_[0] =~ /delete/) {
105		$diff{"-$this\t$_[2]"} = &re($cnt,$_);
106		} elsif ($_[0] =~ /changefrom/) {
107		$diff{"-$this\t$_[2]"} = &re($cnt,$_);
108		} elsif ($_[0] =~ /changeto/) {
109		$ndiff{"-$this\t$_[2]"} = &re($cnt,$_);
110		} else {
111		die "Bad line: $_";
112		}
113		}
114
115		close(CHANGES);
116
117		if ($debug) {
118		for (keys %diff) {
119		print " %diff: \"$_\" /$diff{$_}/\n";
120		}
121
122		for (keys %ndiff) {
123		print "%ndiff: \"$_\" /$ndiff{$_}/\n";
124		}
125
126		print "\n";
127		}
128
129		open(DIFF,"gdiff -u0 $before $after\|") \|\| die "Couldn't diff: $!\n";
130
131		$warnings = 0;
132
133		while(<DIFF>) {
134		next if /^\+{3}/;
135		next if /^\-{3}/;
136		next if /^@@/;
137
138		print "LINE: $_" if $debug;
139
140		split;
141
142		$key = "$_[0]\t$_[1]";
143		$re = $diff{$key};
144
145		delete $diff{$key};
146
147		print "%diff: \"$key\" /$re/\n" if $debug;
148
149		if (!$re) {
150		warn "Unexpected: \"$key\"\n";
151		$warnings++;
152		next;
153		}
154
155		if (!/$re/) {
156		warn "Failed: $key\n";
157		$warnings++;
158		next;
159		}
160
161		if ($new = $ndiff{$key}) {
162		delete $ndiff{$key};
163
164		@new = split(/\\s\+/, $new);
165		for ($i=1;$i<@new;$i++) {
166		print "NEW: $new[$i]\n" if $debug;
167
168		if ($new[$i] ne '\S+') {
169		$_[$i] = $new[$i];
170		}
171		}
172		$_[0] =~ s/^\-//;
173		$key =~ s/^\-/\+/;
174
175		$diff{$key} = join("\t",@_);
176		}
177		}
178
179		close(DIFF);
180
181		open(BEFORE, $before) \|\| die "Couldn't open $before: $!\n";
182
183		while(<BEFORE>) {
184		next if !/^keytab/;
185
186		split;
187
188		if (!$seen{$key = $_[0]." ".$_[1]}++) {
189		$key =~ s/-\d+$//;
190		$ktkeys{$key} .= " ".$_[2];
191		$kttimes{$key} .= " ".$_[3];
192		}
193		}
194
195		close(BEFORE);
196
197		open(AFTER, $after) \|\| die "Couldn't open $after: $!\n";
198
199		while(<AFTER>) {
200		next if !/^keytab/;
201
202		split;
203
204		if (!$seen{$key = $_[0]." ".$_[1]}++) {
205		$key =~ s/-\d+$//;
206		$ktkeys{$key} .= " ".$_[2];
207		$kttimes{$key} .= " ".$_[3];
208		}
209		}
210
211		close(AFTER);
212
213		for (keys %diff) {
214		warn "Unseen: \"$_\" /$diff{$_}/\n";
215		$warnings++;
216		}
217
218		for (keys %ndiff) {
219		warn "Unseen changes: \"$_\" /$ndiff{$_}/\n";
220		$warnings++;
221		}
222
223		for (keys %ktkeys) {
224		if (!&unique(split(' ',$ktkeys{$_}))) {
225		warn "Some keys not unique for $_\n";
226		$warnings++;
227		}
228		}
229
230		for (keys %kttimes) {
231		if (!&unique(split(' ',$kttimes{$_}))) {
232		warn "Some timestamps not unique for $_\n";
233		$warnings++;
234		}
235		}
236
237		if ($warnings) {
238		warn "$warnings warnings.\n";
239		}
240
241		exit($warnings);

+5

-12

src/kadmin/testing/scripts/env-setup.shin less more

64	64
65	65	COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP
66	66	INITDB=$STESTDIR/scripts/init_db; export INITDB
67		MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl; export MAKE_KEYTAB
68		LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl
69		export LOCAL_MAKE_KEYTAB
70	67	SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP
71		QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME
72	68	TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
73	69	BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
74	70	CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
75	71	SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
76	72
	73	QUALNAME=`$BUILDTOP/tests/resolve/resolve -q \| tr '[A-Z]' '[a-z]'`
	74	export QUALNAME
	75
77	76	KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
78	77	KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
79		KRB5_KTNAME=$K5ROOT/ovsec_adm.srvtab; export KRB5_KTNAME
	78	KRB5_KTNAME=$K5ROOT/ovsec_adm.keytab; export KRB5_KTNAME
80	79	KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME
81	80	KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME
	81	GSS_MECH_CONFIG=$K5ROOT/mech.conf; export GSS_MECH_CONFIG
82	82
83	83	# Make sure we don't get confused by translated messages
84	84	# or localized times.
85	85	LC_ALL=C; export LC_ALL
86
87		if [ "$TEST_SERVER" != "" ]; then
88		MAKE_KEYTAB="$MAKE_KEYTAB -server $TEST_SERVER"
89		fi
90		if [ "$TEST_PATH" != "" ]; then
91		MAKE_KEYTAB="$MAKE_KEYTAB -top $TEST_PATH"
92		fi
93	86
94	87	if [ "x$PS_ALL" = "x" ]; then
95	88	if ps auxww >/dev/null 2>&1; then

+0

-18

~~src/kadmin/testing/scripts/find-make.sh~~ less more

0		#!/bin/sh
1
2		POSSIBILITIES='
3		/usr/local/bin/gmake
4		/usr/local/bin/make
5		'
6
7		for file in $POSSIBILITIES; do
8		if [ -f $file ]; then
9		echo $file
10		exit 0
11		fi
12		done
13
14		echo gmake
15		echo '$0 could not find make!' 1>&2
16		exit 1
17

+5

-7

src/kadmin/testing/scripts/init_db less more

30	30	SBIN=$TOP/keytab:$TOP/server
31	31	DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
32	32
	33	. ./runenv.sh
	34
33	35	if [ ! -d $MODDIR ]; then
34	36	echo "+++" 1>&2
35	37	echo "+++ Error! $MODDIR does not exist!" 1>&2

43	45	DUMMY=${STESTDIR=$STOP/testing}
44	46	DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
45	47	DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
46		DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
47	48
48	49	PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH
49	50

76	77	# esac
77	78	# done
78	79
79		qualname=`$QUALNAME`
80
81	80	sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
82		-e "s/__KDCHOST__/$qualname/g" \
83		-e "s/__LOCALHOST__/$qualname/g" \
	81	-e "s/__KDCHOST__/$QUALNAME/g" \
	82	-e "s/__LOCALHOST__/$QUALNAME/g" \
84	83	-e "s#__MODDIR__#$MODDIR#g" \
85	84	< $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
86	85	sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \

217	216
218	217	EOF
219	218
220		eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT
221
222	219	# Create $K5ROOT/setup.csh to make it easy to run other programs against
223	220	# the test db
224	221	cat > $K5ROOT/setup.csh <<EOF

226	223	setenv KRB5_KDC_PROFILE $KRB5_KDC_PROFILE
227	224	setenv KRB5_KTNAME $KRB5_KTNAME
228	225	setenv KRB5_CLIENT_KTNAME $KRB5_CLIENT_KTNAME
	226	setenv GSS_MECH_CONFIG $GSS_MECH_CONFIG
229	227	$KRB5_RUN_ENV_CSH
230	228	EOF
231	229

+0

-144

~~src/kadmin/testing/scripts/make-host-keytab.plin~~ less more

0		#!/usr/local/bin/perl
1
2		$server = undef;
3		@princs = ();
4		$top = undef;
5
6		($whoami = $0) =~ s,.*/,,;
7		$usage = "Usage: $whoami [ -server server ] [ -princ principal ]
8		[ -top dirname ] [ -verbose ] filename
9		Server defaults to the local host.
10		Default principals are host/hostname\@SECURE-TEST.OV.COM and
11		test/hostname\@SECURE-TEST.OV.COM.
12		If any principals are specified, the default principals are
13		not added to the srvtab.
14		The string \"xCANONHOSTx\" in a principal specification will be
15		replaced by the canonical host name of the local host.";
16
17		@ORIG_ARGV = @ARGV;
18
19		while (($_ = $ARGV[0]) && /^-/) {
20		shift;
21		if (/^-server$/) {
22		($server = shift) \|\| die "Missing argument to $_ option.\n$usage\n";
23		}
24		elsif (/^-princ$/) {
25		($princ = shift) \|\| die "Missing argument to $_ option.\n$usage\n";
26		push(@princs, $princ);
27		}
28		elsif (/^-top$/) {
29		($top = shift) \|\| die "Missing argument to $_ option.\n$usage\n";
30		}
31		elsif (/^-verbose$/) {
32		$verbose++;
33		}
34		elsif (/^--$/) {
35		last;
36		}
37		else {
38		die "Unknown option $_.\n$usage\n";
39		}
40		}
41
42		@princs = ("host/xCANONHOSTx\@SECURE-TEST.OV.COM",
43		"test/xCANONHOSTx\@SECURE-TEST.OV.COM")
44		if (! @princs);
45
46		$ktfile = shift(@ARGV) \|\| die "need a keytab file\n";
47
48		$verbose++ if ($ENV{'VERBOSE_TEST'});
49
50		print "In $0 @ORIG_ARGV...\n" if ($verbose);
51
52		chop ($canonhost = `hostname`);
53
54		($canonhost,$aliases,$addrtype,$length,@addrs) = gethostbyname($canonhost);
55		die "couldn't get canonical hostname\n" if !($canonhost && @addrs);
56		($canonhost2) = gethostbyaddr($addrs[0],$addrtype);
57		if ($canonhost2) { $canonhost = $canonhost2; }
58
59		for (@princs) {
60		s/xCANONHOSTx/$canonhost/g;
61		}
62
63		die "Neither \$TOP nor \$TESTDIR is set, and -top not specified.\n"
64		if (! ($top \|\| $ENV{'TOP'} \|\| $ENV{'TESTDIR'}));
65
66		$top = $ENV{'TOP'} if (! $top);
67		$TESTDIR = ($ENV{'TESTDIR'} \|\| "$top/testing");
68		$MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} \|\| "$TESTDIR/scripts/$whoami");
69		$SRVTCL = ($ENV{'SRVTCL'} \|\| "$TESTDIR/util/kadm5_srv_tcl");
70		$TCLUTIL = ($ENV{'TCLUTIL'} \|\| "$TESTDIR/tcl/util.t");
71		# This'll be wrong sometimes
72		$RSH_CMD = ($ENV{'RSH_CMD'} \|\| '/usr/ucb/rsh');
73		$KADMIN = ($ENV{'KADMIN'} \|\| "$top/cli/kadmin.local");
74
75		if ($server) {
76		# XXX Using /usr/ucb/rsh for now.
77
78		# Strip command line options because we're adding our own.
79
80		$MAKE_KEYTAB =~ s/ .*//;
81
82		if ($ENV{'TOP'} && ($top ne $ENV{'TOP'})) {
83		# Replace the old TOP with the new one where necessary
84		for ('TESTDIR', 'SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') {
85		eval "\$$_ =~ s/^\$ENV{'TOP'}/\$top/;";
86		}
87
88		# Make the paths as short as possible so our command line isn't too long.
89		# for ('SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') {
90		# eval "\$$_ =~ s/^\$TESTDIR/\\\\\\\$TESTDIR/;";
91		# }
92		# for ('TESTDIR', 'SRVTCL', 'TCLUTIL', 'MAKE_KEYTAB') {
93		# eval "\$$_ =~ s/^\$top/\\\\\\\$TOP/;";
94		# }
95		}
96
97		$cmd = "cd $top; \\`testing/scripts/find-make.sh\\` execute TOP=$top ";
98		$cmd .= "VERBOSE_TEST=$verbose " if ($verbose);
99		$cmd .= "TESTDIR=$TESTDIR ";
100		$cmd .= "SRVTCL=$SRVTCL ";
101		$cmd .= "TCLUTIL=$TCLUTIL ";
102
103		$cmd .= "CMD='$MAKE_KEYTAB ";
104		for (@princs) {
105		$cmd .= "-princ $_ ";
106		}
107		$cmd .= " /tmp/make-keytab.$canonhost.$$'";#';
108
109		$cmd = "$RSH_CMD $server -l root -n \"$cmd\"";
110
111		$cmd2 = "$RSH_CMD $server -l root -n \"cat /tmp/make-keytab.$canonhost.$$\" > $ktfile";
112
113		$cmd3 = "$RSH_CMD $server -l root -n \"rm /tmp/make-keytab.$canonhost.$$\"";
114
115		for ($cmd, $cmd2, $cmd3) {
116		print "$_\n" if ($verbose);
117
118		system($_) && die "Couldn't run $_: $!.\n";
119		}
120		}
121		else {
122		$redirect = "> /dev/null" if (! $verbose);
123
124		# We can ignore errors here, because the ktadd below will fail if
125		# this fails for any reason other than "principal exists"
126		for (@princs) {
127		next if (/^kadmin/);
128		$cmd = "$KADMIN -q 'ank -randkey $_' $redirect 2>&1";
129		system($cmd);
130		}
131
132		$cmd = "$KADMIN -q 'ktadd -k $ktfile ";
133		$cmd .= " -q " if (! $verbose);
134		$cmd .= "@princs' $redirect";
135		if (system "$cmd") {
136		sleep(1);
137		die "Error in system($cmd)\n";
138		}
139		}
140
141		if (! -f $ktfile) {
142		die "$ktfile not created.\n";
143		}

+0

-19

~~src/kadmin/testing/scripts/qualname.plin~~ less more

0		#!/afs/athena/contrib/perl/p
1
2		if ($#ARGV == -1) {
3		chop($hostname = `hostname`);
4		} else {
5		$hostname = $ARGV[0];
6		}
7
8		if (! (($name,$type,$addr) = (gethostbyname($hostname))[0,2,4])) {
9		print STDERR "No such host: $hostname\n";
10		exit(1);
11		}
12		if (! ($qualname = (gethostbyaddr($addr,$type))[0])) {
13		$qualname = $name;
14		}
15
16		$qualname =~ tr/A-Z/a-z/; # lowercase our name for keytab use.
17		print "$qualname\n";
18

+0

-88

~~src/kadmin/testing/scripts/simple_dump.plin~~ less more

0		#!/usr/local/bin/perl
1
2		#
3		# $Id$
4		#
5
6		## ovsec_adm_export format
7		## [0]"policy" [1]name [2]pw_min_life [3]pw_max_life [4]pw_min_length [5]pw_min_classes [6]pw_history_num [7]policy_refcnt
8		## [0]"princ" [1]name [2]policy [3]aux_attributes [4]old_key_len [5]admin_history_kvno [6..]old_keys
9		$oaevers = "1.0";
10
11		open(SORT, "\|sort") \|\| die "Couldn't open pipe to sort for output: $!\n";
12
13		open(OAE, "$ENV{'TOP'}/install/admin/ovsec_adm_export\|") \|\|
14		die "Couldn't get oae: $!\n";
15
16		$header = <OAE>;
17
18		die "Not ovsec_adm_export output\n"
19		if ($header !~ /^OpenV\*Secure V(\d+\.\d+)/);
20
21		$stdinvers = $1;
22
23		die "Expected oae version $oaevers, got $stdinvers instead.\n"
24		if $stdinvers ne $oaevers;
25
26		while(<OAE>) {
27		if (/^End of Database/) {
28		last;
29		} elsif (/^policy/) {
30		print SORT;
31		} elsif (/^princ/) {
32		split(/\t/);
33
34		$_[2] = "\"\"" if !$_[2];
35
36		$_[3] = hex("0x".$_[3]);
37
38		$princ{$_[1]} = sprintf("%s\t0x%04x",@_[2,3]);
39		}
40		}
41
42		## kdb_edit ddb format
43		## [0]strlen(principal) [1]strlen(mod_name) [2]key.length [3]alt_key.length [4]salt_length [5]alt_salt_length [6]principal [7]key.key_type [8]key.contents [9]kvno [10]max_life [11]max_renewable_life [12]mkvno [13]expiration [14]pw_expiration [15]last_pwd_change [16]last_success [17]last_failed [18]fail_auth_count [19]mod_name [20]mod_date [21]attributes [22]salt_type [23]salt [24]alt_key.contents [25]alt_salt [26..33]expansion*8;
44		$ddbvers = "2.0";
45
46		open(DDB, "$ENV{'TOP'}/install/admin/kdb5_edit -r SECURE-TEST.OV.COM -R ddb\|") \|\|
47		die "Couldn't get ddb: $!\n";
48
49		$header = <DDB>;
50
51		die "Not a kdb5_edit ddb\n"
52		if ($header !~ /^kdb5_edit load_dump version (\d+\.\d+)/);
53
54		$stdinvers = $1;
55
56		die "Expected ddb version $ddbvers, got $stdinvers instead.\n"
57		if $stdinvers ne $ddbvers;
58
59		## [6]principal [9]kvno [19]mod_name [10]max_life [13]expiration [14]pw_expiration [21]attributes // [2]policy [3]aux_attributes
60
61		while(<DDB>) {
62		split;
63
64		print SORT join("\t","princ",(@_)[6,9,19,10,13,14],
65		sprintf("0x%04x",$_[21]),
66		$princ{$_[6]}),"\n";
67		}
68
69		close(DDB);
70
71		for $keytab (@ARGV) {
72		open(KLIST, "$ENV{'TOP'}/install/bin/klist -k -t -K FILE:$keytab\|") \|\|
73		die "Couldn't list $keytab: $!\n";
74
75		$dummy = <KLIST>;
76		$dummy = <KLIST>;
77		$dummy = <KLIST>;
78
79		while(<KLIST>) {
80		s/^\s+//;
81		split;
82		printf(SORT "keytab:FILE:%s\t%s-%s\t%s\t%s,%s\n",$keytab,
83		@_[3,0,4,1,2]);
84		}
85		}
86
87		close(SORT);

+1

-2

src/kadmin/testing/scripts/start_servers less more

34	34	if [ $local = 0 ]; then
35	35
36	36	# Fix up the local krb5.conf to point to the remote
37		localname=`$QUALNAME`
38	37	sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
39	38	-e "s/__KDCHOST__/$hostname/g" \
40		-e "s/__LOCALHOST__/$localname/g" \
	39	-e "s/__LOCALHOST__/$QUALNAME/g" \
41	40	-e "s#__MODDIR__#$TOP/../plugins/kdb#g"\
42	41	-e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\
43	42	< $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf

+4

-8

src/kadmin/testing/scripts/start_servers_local less more

3	3	DUMMY=${STESTDIR=$STOP/testing}
4	4	DUMMY=${INITDB=$STESTDIR/scripts/init_db}
5	5	DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
6		DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
7	6	DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
8	7	DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
	8
	9	. ./runenv.sh
9	10
10	11	if [ -d /usr/tmp ]; then
11	12	usrtmp=/usr/tmp

72	73
73	74	# allow admin to krlogin as root (for cleanup)
74	75	DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
75		hostname=`hostname`
76		QUALNAME=`$TOP/testing/scripts/qualname.pl $hostname`; export QUALNAME
77	76
78	77	cat - > /tmp/start_servers_local$$ <<\EOF
79	78	if { [catch {

97	96	rm /tmp/start_servers_local$$
98	97	if test $x != 0 ; then exit 1 ; fi
99	98
100		# rm -f /etc/v5srvtab
101		# eval $LOCAL_MAKE_KEYTAB -princ host/xCANONHOSTx /etc/v5srvtab $REDIRECT
102
103	99	# run the servers (from the build tree)
104	100
105	101	adm_start_file=/tmp/adm_server_start.$$

113	109
114	110	kdc_args="-R dfl:kdc_rcache.$USER"
115	111
116		(trap "" 2; cd $TOP/../kdc; ./krb5kdc $kdc_args; touch $kdc_start_file) \
	112	(trap "" 2; $TOP/../kdc/krb5kdc $kdc_args; touch $kdc_start_file) \
117	113	< /dev/null > $usrtmp/kdc-log.$USER 2>&1 &
118	114
119	115	s=1

125	121
126	122	rm -f $adm_start_file
127	123
128		(sleep 1; cd $TOP/server; ./kadmind $ovadm_args; \
	124	(sleep 1; $TOP/server/kadmind $ovadm_args; \
129	125	touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 &
130	126
131	127	# wait until they start

+0

-38

~~src/kadmin/testing/scripts/verify_xrunner_report.plin~~ less more

0		#!/usr/local/bin/perl
1
2		sub usage { die "usage: $0 reportfile\n"; }
3
4		$report = shift(@ARGV) \|\| die &usage;
5
6		open(REPORT, $report) \|\| die "Couldn't open $report: $!\n";
7
8		while(<REPORT>) {
9		if (/Process termination:/ && !/\bOK\b/) {
10		warn "Process termination not OK\n";
11		$warnings++;
12		} elsif (/Number of detected mismatches:\s*(\d+)/ && ($1 ne "0")) {
13		warn "Number of detected mismatches = $1\n";
14		$warnings++;
15		} elsif (/Detailed Results Description/) {
16		break;
17		}
18		}
19
20		while(<REPORT>) {
21		next if !/^\d+\s+/;
22
23		split;
24
25		if (($_[2] ne "run") &&
26		($_[2] ne "OK") &&
27		($_[2] ne "end-of-test")) {
28		warn "Unexpected result code $_[2] from test $_[4]\n";
29		$warnings++;
30		}
31		}
32
33		if ($warnings) {
34		warn "$warnings warnings.\n";
35		}
36
37		exit($warnings);

+0

-2

src/kadmin/testing/util/tcl_kadm5.c less more

1513	1513	switch (enctype) {
1514	1514	/* XXX is this right? */
1515	1515	case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
1516		case ENCTYPE_DES_CBC_CRC:
1517		Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
1518	1516	default:
1519	1517	sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
1520	1518	Tcl_DStringAppend(str, buf, -1);

+1

-1

src/kdc/Makefile.in less more

68	68	rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
69	69	$(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
70	70
71		check-unix: rtest
	71	check-unix: rtest runenv.sh
72	72	$(RUN_TEST) $(srcdir)/rtscript > test.out
73	73	cmp test.out $(srcdir)/rtest.good
74	74	$(RM) test.out

+27

-25

src/kdc/cammac.c less more

46	46	}
47	47
48	48	/*
49		* Create a CAMMAC for contents, using enc_tkt and the first key from krbtgt
50		* for the KDC verifier. Set *cammac_out to a single-element authdata list
51		* containing the CAMMAC inside an IF-RELEVANT container.
	49	* Create a CAMMAC for contents, using enc_tkt and tgt_key for the KDC
	50	* verifier. tgt_key must be the decrypted first key data entry in tgt. Set
	51	* *cammac_out to a single-element authdata list containing the CAMMAC inside
	52	* an IF-RELEVANT container.
52	53	*/
53	54	krb5_error_code
54	55	cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt,
55		krb5_keyblock server_key, krb5_db_entry krbtgt,
56		krb5_authdata contents, krb5_authdata *cammac_out)
	56	krb5_keyblock server_key, krb5_db_entry tgt,
	57	krb5_keyblock tgt_key, krb5_authdata *contents,
	58	krb5_authdata ***cammac_out)
57	59	{
58	60	krb5_error_code ret;
59	61	krb5_data der_authdata = NULL, der_enctkt = NULL, *der_cammac = NULL;
60	62	krb5_authdata ad, *list[2];
61	63	krb5_cammac cammac;
62	64	krb5_verifier_mac kdc_verifier, svc_verifier;
63		krb5_key_data *kd;
64	65	krb5_keyblock tgtkey;
65	66	krb5_checksum kdc_cksum, svc_cksum;
66	67

69	70	memset(&kdc_cksum, 0, sizeof(kdc_cksum));
70	71	memset(&svc_cksum, 0, sizeof(svc_cksum));
71	72
72		/* Fetch the first krbtgt key for the KDC verifier. */
73		ret = krb5_dbe_find_enctype(context, krbtgt, -1, -1, 0, &kd);
74		if (ret)
75		goto cleanup;
76		ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL);
77		if (ret)
78		goto cleanup;
79
80	73	/* Checksum the reply with contents as authdata for the KDC verifier. */
81	74	ret = encode_kdcver_encpart(enc_tkt, contents, &der_enctkt);
82	75	if (ret)
83	76	goto cleanup;
84		ret = krb5_c_make_checksum(context, 0, &tgtkey, KRB5_KEYUSAGE_CAMMAC,
	77	ret = krb5_c_make_checksum(context, 0, tgt_key, KRB5_KEYUSAGE_CAMMAC,
85	78	der_enctkt, &kdc_cksum);
86	79	if (ret)
87	80	goto cleanup;
88	81	kdc_verifier.princ = NULL;
89		kdc_verifier.kvno = kd->key_data_kvno;
	82	kdc_verifier.kvno = tgt->key_data[0].key_data_kvno;
90	83	kdc_verifier.enctype = ENCTYPE_NULL;
91	84	kdc_verifier.checksum = kdc_cksum;
92	85

132	125	return ret;
133	126	}
134	127
135		/* Return true if cammac's KDC verifier is valid for enc_tkt, using krbtgt to
136		* retrieve the TGT key indicated by the verifier. */
	128	/*
	129	* Return true if cammac's KDC verifier is valid for enc_tkt, using tgt to
	130	* retrieve the TGT key indicated by the verifier. tgt_key must be the
	131	* decrypted first key data entry in tgt.
	132	*/
137	133	krb5_boolean
138	134	cammac_check_kdcver(krb5_context context, krb5_cammac *cammac,
139		krb5_enc_tkt_part enc_tkt, krb5_db_entry krbtgt)
	135	krb5_enc_tkt_part enc_tkt, krb5_db_entry tgt,
	136	krb5_keyblock *tgt_key)
140	137	{
141	138	krb5_verifier_mac *ver = cammac->kdc_verifier;
142	139	krb5_key_data *kd;
143		krb5_keyblock tgtkey;
	140	krb5_keyblock tgtkey, *key;
144	141	krb5_boolean valid = FALSE;
145	142	krb5_data *der_enctkt = NULL;
146	143

151	148
152	149	/* Fetch the krbtgt key indicated by the KDC verifier. Only allow the
153	150	* first krbtgt key of the specified kvno. */
154		if (krb5_dbe_find_enctype(context, krbtgt, -1, -1, ver->kvno, &kd) != 0)
155		goto cleanup;
156		if (krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL) != 0)
157		goto cleanup;
	151	if (ver->kvno == tgt->key_data[0].key_data_kvno) {
	152	key = tgt_key;
	153	} else {
	154	if (krb5_dbe_find_enctype(context, tgt, -1, -1, ver->kvno, &kd) != 0)
	155	goto cleanup;
	156	if (krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL) != 0)
	157	goto cleanup;
	158	key = &tgtkey;
	159	}
158	160	if (ver->enctype != ENCTYPE_NULL && tgtkey.enctype != ver->enctype)
159	161	goto cleanup;
160	162

162	164	* elements as authdata. */
163	165	if (encode_kdcver_encpart(enc_tkt, cammac->elements, &der_enctkt) != 0)
164	166	goto cleanup;
165		(void)krb5_c_verify_checksum(context, &tgtkey, KRB5_KEYUSAGE_CAMMAC,
	167	(void)krb5_c_verify_checksum(context, key, KRB5_KEYUSAGE_CAMMAC,
166	168	der_enctkt, &ver->checksum, &valid);
167	169
168	170	cleanup:

+62

-68

src/kdc/do_as_req.c less more

75	75
76	76	static krb5_error_code
77	77	prepare_error_as(struct kdc_request_state , krb5_kdc_req , krb5_db_entry *,
78		int, krb5_pa_data **, krb5_boolean, krb5_principal,
79		krb5_data *, const char );
	78	krb5_keyblock , int, krb5_pa_data *, krb5_boolean,
	79	krb5_principal, krb5_data *, const char );
80	80
81	81	/* Determine the key-expiration value according to RFC 4120 section 5.4.2. */
82	82	static krb5_timestamp

129	129	return 0;
130	130	}
131	131
	132	static krb5_error_code
	133	lookup_client(krb5_context context, krb5_kdc_req *req, unsigned int flags,
	134	krb5_db_entry **entry_out)
	135	{
	136	krb5_pa_data *pa;
	137	krb5_data cert;
	138
	139	*entry_out = NULL;
	140	pa = krb5int_find_pa_data(context, req->padata, KRB5_PADATA_S4U_X509_USER);
	141	if (pa != NULL && pa->length != 0 &&
	142	req->client->type == KRB5_NT_X500_PRINCIPAL) {
	143	cert = make_data(pa->contents, pa->length);
	144	return krb5_db_get_s4u_x509_principal(context, &cert, req->client,
	145	flags, entry_out);
	146	} else {
	147	return krb5_db_get_principal(context, req->client, flags, entry_out);
	148	}
	149	}
	150
132	151	struct as_req_state {
133	152	loop_respond_fn respond;
134	153	void *arg;

137	156	krb5_enc_tkt_part enc_tkt_reply;
138	157	krb5_enc_kdc_rep_part reply_encpart;
139	158	krb5_ticket ticket_reply;
	159	krb5_keyblock local_tgt_key;
140	160	krb5_keyblock server_keyblock;
141	161	krb5_keyblock client_keyblock;
142	162	krb5_db_entry *client;

151	171	krb5_boolean typed_e_data;
152	172	krb5_kdc_rep reply;
153	173	krb5_timestamp kdc_time;
154		krb5_timestamp authtime;
155	174	krb5_keyblock session_key;
156	175	unsigned int c_flags;
157	176	krb5_data *req_pkt;

191	210
192	211	au_state->stage = ENCR_REP;
193	212
194		if ((errcode = validate_forwardable(state->request, *state->client,
195		*state->server, state->kdc_time,
196		&state->status))) {
197		errcode += ERROR_TABLE_BASE_krb5;
198		goto egress;
199		}
200
201		errcode = check_indicators(kdc_context, state->server,
202		state->auth_indicators);
203		if (errcode) {
204		state->status = "HIGHER_AUTHENTICATION_REQUIRED";
205		goto egress;
206		}
207
208	213	state->ticket_reply.enc_part2 = &state->enc_tkt_reply;
209	214
210	215	errcode = check_kdcpolicy_as(kdc_context, state->request, state->client,

252	257	state->reply_encpart.key_exp = get_key_exp(state->client);
253	258	state->reply_encpart.flags = state->enc_tkt_reply.flags;
254	259	state->reply_encpart.server = state->ticket_reply.server;
255
256		/* copy the time fields EXCEPT for authtime; it's location
257		* is used for ktime
258		*/
259	260	state->reply_encpart.times = state->enc_tkt_reply.times;
260		state->reply_encpart.times.authtime = state->authtime = state->kdc_time;
261
262	261	state->reply_encpart.caddrs = state->enc_tkt_reply.caddrs;
263	262	state->reply_encpart.enc_padata = NULL;
264	263

281	280	goto egress;
282	281	}
283	282
284		errcode = handle_authdata(kdc_context,
285		state->c_flags,
286		state->client,
287		state->server,
288		NULL,
289		state->local_tgt,
290		&state->client_keyblock,
291		&state->server_keyblock,
292		NULL,
293		state->req_pkt,
294		state->request,
295		NULL, /* for_user_princ */
296		NULL, /* enc_tkt_request */
297		state->auth_indicators,
298		&state->enc_tkt_reply);
	283	errcode = handle_authdata(kdc_context, state->c_flags, state->client,
	284	state->server, NULL, state->local_tgt,
	285	&state->local_tgt_key, &state->client_keyblock,
	286	&state->server_keyblock, NULL, state->req_pkt,
	287	state->request, NULL, NULL, NULL,
	288	&state->auth_indicators, &state->enc_tkt_reply);
299	289	if (errcode) {
300	290	krb5_klog_syslog(LOG_INFO, _("AS_REQ : handle_authdata (%d)"),
301	291	errcode);
302	292	state->status = "HANDLE_AUTHDATA";
	293	goto egress;
	294	}
	295
	296	errcode = check_indicators(kdc_context, state->server,
	297	state->auth_indicators);
	298	if (errcode) {
	299	state->status = "HIGHER_AUTHENTICATION_REQUIRED";
303	300	goto egress;
304	301	}
305	302

356	353
357	354	log_as_req(kdc_context, state->local_addr, state->remote_addr,
358	355	state->request, &state->reply, state->client, state->cname,
359		state->server, state->sname, state->authtime, 0, 0, 0);
	356	state->server, state->sname, state->kdc_time, 0, 0, 0);
360	357	did_log = 1;
361	358
362	359	egress:

378	375	if (state->status) {
379	376	log_as_req(kdc_context, state->local_addr, state->remote_addr,
380	377	state->request, &state->reply, state->client,
381		state->cname, state->server, state->sname, state->authtime,
	378	state->cname, state->server, state->sname, state->kdc_time,
382	379	state->status, errcode, emsg);
383	380	did_log = 1;
384	381	}

392	389	errcode = KRB_ERR_GENERIC;
393	390
394	391	errcode = prepare_error_as(state->rstate, state->request,
395		state->local_tgt, errcode,
396		state->e_data, state->typed_e_data,
	392	state->local_tgt, &state->local_tgt_key,
	393	errcode, state->e_data,
	394	state->typed_e_data,
397	395	((state->client != NULL) ?
398	396	state->client->princ : NULL),
399	397	&response, state->status);

406	404	if (state->enc_tkt_reply.authorization_data != NULL)
407	405	krb5_free_authdata(kdc_context,
408	406	state->enc_tkt_reply.authorization_data);
	407	if (state->local_tgt_key.contents != NULL)
	408	krb5_free_keyblock_contents(kdc_context, &state->local_tgt_key);
409	409	if (state->server_keyblock.contents != NULL)
410	410	krb5_free_keyblock_contents(kdc_context, &state->server_keyblock);
411	411	if (state->client_keyblock.contents != NULL)

538	538	/* Seed the audit trail with the request ID and basic information. */
539	539	kau_as_req(kdc_context, TRUE, au_state);
540	540
	541	errcode = krb5_timeofday(kdc_context, &state->kdc_time);
	542	if (errcode)
	543	goto errout;
	544
541	545	if (fetch_asn1_field((unsigned char *) req_pkt->data,
542	546	1, 4, &encoded_req_body) != 0) {
543	547	errcode = ASN1_BAD_ID;

591	595	* of cross realm TGS entries.
592	596	*/
593	597	setflag(state->c_flags, KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY);
594		/*
595		* Note that according to the referrals draft we should
596		* always canonicalize enterprise principal names.
597		*/
598		if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE) \|\|
599		state->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
	598
	599	if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE)) {
600	600	setflag(state->c_flags, KRB5_KDB_FLAG_CANONICALIZE);
601		setflag(state->c_flags, KRB5_KDB_FLAG_ALIAS_OK);
602	601	}
603	602	if (include_pac_p(kdc_context, state->request)) {
604	603	setflag(state->c_flags, KRB5_KDB_FLAG_INCLUDE_PAC);
605	604	}
606		errcode = krb5_db_get_principal(kdc_context, state->request->client,
607		state->c_flags, &state->client);
	605	errcode = lookup_client(kdc_context, state->request, state->c_flags,
	606	&state->client);
608	607	if (errcode == KRB5_KDB_CANTLOCK_DB)
609	608	errcode = KRB5KDC_ERR_SVC_UNAVAILABLE;
610	609	if (errcode == KRB5_KDB_NOENTRY) {

635	634	au_state->stage = SRVC_PRINC;
636	635
637	636	s_flags = 0;
638		setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK);
639	637	if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE)) {
640	638	setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
641	639	}

654	652
655	653	errcode = get_local_tgt(kdc_context, &state->request->server->realm,
656	654	state->server, &state->local_tgt,
657		&state->local_tgt_storage);
	655	&state->local_tgt_storage, &state->local_tgt_key);
658	656	if (errcode) {
659	657	state->status = "GET_LOCAL_TGT";
660	658	goto errout;

662	660	state->rock.local_tgt = state->local_tgt;
663	661
664	662	au_state->stage = VALIDATE_POL;
665
666		if ((errcode = krb5_timeofday(kdc_context, &state->kdc_time)))
667		goto errout;
668		state->authtime = state->kdc_time; /* for audit_as_request() */
669	663
670	664	if ((errcode = validate_as_request(kdc_active_realm,
671	665	state->request, *state->client,

707	701	}
708	702
709	703	/* Copy options that request the corresponding ticket flags. */
710		state->enc_tkt_reply.flags = OPTS2FLAGS(state->request->kdc_options);
711		state->enc_tkt_reply.times.authtime = state->authtime;
712
713		setflag(state->enc_tkt_reply.flags, TKT_FLG_INITIAL);
714		setflag(state->enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
	704	state->enc_tkt_reply.flags = get_ticket_flags(state->request->kdc_options,
	705	state->client, state->server,
	706	NULL);
	707	state->enc_tkt_reply.times.authtime = state->kdc_time;
715	708
716	709	/*
717	710	* It should be noted that local policy may affect the

731	724	state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
732	725	state->enc_tkt_reply.transited.tr_contents = empty_string;
733	726
734		if (isflagset(state->request->kdc_options, KDC_OPT_POSTDATED)) {
735		setflag(state->enc_tkt_reply.flags, TKT_FLG_INVALID);
	727	if (isflagset(state->request->kdc_options, KDC_OPT_POSTDATED))
736	728	state->enc_tkt_reply.times.starttime = state->request->from;
737		} else
	729	else
738	730	state->enc_tkt_reply.times.starttime = state->kdc_time;
739	731
740	732	kdc_get_ticket_endtime(kdc_active_realm,

791	783	}
792	784
793	785	errcode = kdc_fast_read_cookie(kdc_context, state->rstate, state->request,
794		state->local_tgt);
	786	state->local_tgt, &state->local_tgt_key);
795	787	if (errcode) {
796	788	state->status = "READ_COOKIE";
797	789	goto errout;

815	807
816	808	static krb5_error_code
817	809	prepare_error_as(struct kdc_request_state rstate, krb5_kdc_req request,
818		krb5_db_entry local_tgt, int error, krb5_pa_data *e_data_in,
	810	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
	811	int error, krb5_pa_data **e_data_in,
819	812	krb5_boolean typed_e_data, krb5_principal canon_client,
820	813	krb5_data *response, const char status)
821	814	{

837	830	return ENOMEM;
838	831	memcpy(e_data, e_data_in, count * sizeof(*e_data));
839	832	retval = kdc_fast_make_cookie(kdc_context, rstate, local_tgt,
840		request->client, &cookie);
	833	local_tgt_key, request->client,
	834	&cookie);
841	835	e_data[count] = cookie;
842	836	}
843	837

+99

-116

src/kdc/do_tgs_req.c less more

78	78
79	79	static krb5_error_code
80	80	decrypt_2ndtkt(kdc_realm_t , krb5_kdc_req , krb5_flags, krb5_db_entry **,
81		const char **);
	81	krb5_keyblock , const char );
82	82
83	83	static krb5_error_code
84	84	gen_session_key(kdc_realm_t , krb5_kdc_req , krb5_db_entry *,

103	103	{
104	104	krb5_keyblock * subkey = 0;
105	105	krb5_keyblock *header_key = NULL;
	106	krb5_keyblock *stkt_server_key = NULL;
	107	krb5_keyblock *subject_key;
106	108	krb5_db_entry *server = NULL;
107	109	krb5_db_entry *stkt_server = NULL;
	110	krb5_db_entry *subject_server;
108	111	krb5_kdc_rep reply;
109	112	krb5_enc_kdc_rep_part reply_encpart;
110	113	krb5_ticket ticket_reply, *header_ticket = 0;

114	117	krb5_error_code retval = 0;
115	118	krb5_keyblock server_keyblock, *encrypting_key;
116	119	krb5_timestamp kdc_time, authtime = 0;
117		krb5_keyblock session_key;
	120	krb5_keyblock session_key, local_tgt_key;
118	121	krb5_keyblock *reply_key = NULL;
119	122	krb5_key_data *server_key;
120	123	krb5_principal cprinc = NULL, sprinc = NULL, altcprinc = NULL;
	124	krb5_const_principal authdata_client;
	125	krb5_principal stkt_authdata_client = NULL;
121	126	krb5_last_req_entry *nolrarray[2], nolrentry;
122	127	int errcode;
123	128	const char *status = 0;

137	142	krb5_pa_data **e_data = NULL;
138	143	krb5_audit_state *au_state = NULL;
139	144	krb5_data **auth_indicators = NULL;
	145	void ad_info = NULL, stkt_ad_info = NULL;
140	146
141	147	memset(&reply, 0, sizeof(reply));
142	148	memset(&reply_encpart, 0, sizeof(reply_encpart));
143	149	memset(&ticket_reply, 0, sizeof(ticket_reply));
144	150	memset(&enc_tkt_reply, 0, sizeof(enc_tkt_reply));
145	151	memset(&server_keyblock, 0, sizeof(server_keyblock));
	152	memset(&local_tgt_key, 0, sizeof(local_tgt_key));
146	153	session_key.contents = NULL;
147	154
148	155	/* Save pointer to client-requested service principal, in case of

202	209	}
203	210
204	211	errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server,
205		&local_tgt, &local_tgt_storage);
	212	&local_tgt, &local_tgt_storage, &local_tgt_key);
206	213	if (errcode) {
207	214	status = "GET_LOCAL_TGT";
208	215	goto cleanup;

230	237	/* XXX make sure server here has the proper realm...taken from AP_REQ
231	238	header? */
232	239
233		setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK);
234	240	if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
235	241	setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
236	242	setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);

261	267	goto cleanup;
262	268	}
263	269
264		if (!is_local_principal(kdc_active_realm, header_enc_tkt->client))
	270	if (!is_local_principal(kdc_active_realm, header_ticket->server))
265	271	setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
	272	if (is_referral)
	273	setflag(c_flags, KRB5_KDB_FLAG_ISSUING_REFERRAL);
266	274
267	275	/* Check for protocol transition */
268	276	errcode = kdc_process_s4u2self_req(kdc_active_realm,
269	277	request,
270	278	header_enc_tkt->client,
271		header_ticket->server,
272		is_referral,
	279	c_flags,
273	280	server,
274	281	subkey,
275	282	header_enc_tkt->session,

289	296
290	297	if (errcode)
291	298	goto cleanup;
	299
	300	if (s4u_x509_user != NULL && client == NULL) {
	301	/*
	302	* For an S4U2Self referral request (the requesting service is
	303	* following a referral back to its own realm), the authdata in the
	304	* header ticket should be for the requested client.
	305	*/
	306	setflag(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION);
	307	authdata_client = s4u_x509_user->user_id.user;
	308	} else {
	309	/* Otherwise (including for initial S4U2Self requests), the authdata
	310	* should be for the header ticket client. */
	311	authdata_client = header_enc_tkt->client;
	312	}
	313	errcode = krb5_db_get_authdata_info(kdc_context, c_flags,
	314	header_enc_tkt->authorization_data,
	315	authdata_client, request->server,
	316	header_key, &local_tgt_key, local_tgt,
	317	header_enc_tkt->times.authtime,
	318	&ad_info, NULL);
	319	if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP)
	320	goto cleanup;
	321
	322	/* Flag all S4U2Self requests now that we have checked the authdata. */
292	323	if (s4u_x509_user != NULL)
293	324	setflag(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION);
294	325
295	326	/* Deal with user-to-user and constrained delegation */
296	327	errcode = decrypt_2ndtkt(kdc_active_realm, request, c_flags,
297		&stkt_server, &status);
	328	&stkt_server, &stkt_server_key, &status);
298	329	if (errcode)
299	330	goto cleanup;
300	331
301	332	if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) {
302		/* Do constrained delegation protocol and authorization checks */
303		errcode = kdc_process_s4u2proxy_req(kdc_active_realm,
304		request,
	333	/* Do constrained delegation protocol and authorization checks. */
	334	setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
	335
	336	errcode = kdc_process_s4u2proxy_req(kdc_active_realm, c_flags, request,
305	337	request->second_ticket[st_idx]->enc_part2,
306		stkt_server,
	338	local_tgt, &local_tgt_key,
	339	stkt_server, stkt_server_key,
307	340	header_ticket->enc_part2->client,
308		request->server,
	341	server, request->server, ad_info,
	342	&stkt_ad_info,
	343	&stkt_authdata_client,
309	344	&status);
310	345	if (errcode == KDC_ERR_POLICY \|\| errcode == KDC_ERR_BADOPTION)
311	346	au_state->violation = PROT_CONSTRAINT;

322	357	if (errcode)
323	358	goto cleanup;
324	359
325		setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
326
327	360	assert(krb5_is_tgs_principal(header_ticket->server));
328	361
329		assert(client == NULL); /* assured by kdc_process_s4u2self_req() */
330		client = stkt_server;
331		stkt_server = NULL;
332		} else if (request->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
333		krb5_db_free_principal(kdc_context, stkt_server);
334		stkt_server = NULL;
335		} else
336		assert(stkt_server == NULL);
	362	/* Use the parsed authdata from the second ticket during authdata
	363	* handling. */
	364	krb5_db_free_authdata_info(kdc_context, ad_info);
	365	ad_info = stkt_ad_info;
	366	stkt_ad_info = NULL;
	367	}
337	368
338	369	au_state->stage = ISSUE_TKT;
339	370

349	380	* the others could be forged by a malicious server.
350	381	*/
351	382
352		if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
	383	if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) {
353	384	subject_tkt = request->second_ticket[st_idx]->enc_part2;
354		else
	385	subject_server = stkt_server;
	386	subject_key = stkt_server_key;
	387	} else {
355	388	subject_tkt = header_enc_tkt;
	389	subject_server = header_server;
	390	subject_key = header_key;
	391	}
356	392	authtime = subject_tkt->times.authtime;
357	393
358		/* Extract auth indicators from the subject ticket, except for S4U2Proxy
	394	/* Extract auth indicators from the subject ticket, except for S4U2Self
359	395	* requests (where the client didn't authenticate). */
360	396	if (s4u_x509_user == NULL) {
361	397	errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt,
362		&auth_indicators);
	398	&local_tgt_key, &auth_indicators);
363	399	if (errcode) {
364	400	status = "GET_AUTH_INDICATORS";
365	401	goto cleanup;

377	413	else
378	414	ticket_reply.server = request->server; /* XXX careful for realm... */
379	415
380		enc_tkt_reply.flags = OPTS2FLAGS(request->kdc_options);
381		enc_tkt_reply.flags \|= COPY_TKT_FLAGS(header_enc_tkt->flags);
	416	enc_tkt_reply.flags = get_ticket_flags(request->kdc_options, client,
	417	server, header_enc_tkt);
382	418	enc_tkt_reply.times.starttime = 0;
383	419
384		if (isflagset(server->attributes, KRB5_KDB_OK_AS_DELEGATE))
385		setflag(enc_tkt_reply.flags, TKT_FLG_OK_AS_DELEGATE);
386
387		/* Indicate support for encrypted padata (RFC 6806). */
388		setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
	420	/* OK_TO_AUTH_AS_DELEGATE must be set on the service requesting S4U2Self
	421	* for forwardable tickets to be issued. */
	422	if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
	423	!is_referral &&
	424	!isflagset(server->attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
	425	clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
389	426
390	427	/* don't use new addresses unless forwarded, see below */
391	428

400	437	* realms may refuse to issue renewable tickets
401	438	*/
402	439
403		if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) {
404
405		if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
406		/*
407		* If S4U2Self principal is not forwardable, then mark ticket as
408		* unforwardable. This behaviour matches Windows, but it is
409		* different to the MIT AS-REQ path, which returns an error
410		* (KDC_ERR_POLICY) if forwardable tickets cannot be issued.
411		*
412		* Consider this block the S4U2Self equivalent to
413		* validate_forwardable().
414		*/
415		if (client != NULL &&
416		isflagset(client->attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
417		clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
418		/*
419		* Forwardable flag is propagated along referral path.
420		*/
421		else if (!isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE))
422		clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
423		/*
424		* OK_TO_AUTH_AS_DELEGATE must be set on the service requesting
425		* S4U2Self in order for forwardable tickets to be returned.
426		*/
427		else if (!is_referral &&
428		!isflagset(server->attributes,
429		KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
430		clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
431		}
432		}
433
434	440	if (isflagset(request->kdc_options, KDC_OPT_FORWARDED) \|\|
435	441	isflagset(request->kdc_options, KDC_OPT_PROXY)) {
436	442

439	445	enc_tkt_reply.caddrs = request->addresses;
440	446	reply_encpart.caddrs = request->addresses;
441	447	}
442		/* We don't currently handle issuing anonymous tickets based on
443		* non-anonymous ones, so just ignore the option. */
444		if (isflagset(request->kdc_options, KDC_OPT_REQUEST_ANONYMOUS) &&
445		!isflagset(header_enc_tkt->flags, TKT_FLG_ANONYMOUS))
446		clear(enc_tkt_reply.flags, TKT_FLG_ANONYMOUS);
447
448		if (isflagset(request->kdc_options, KDC_OPT_POSTDATED)) {
449		setflag(enc_tkt_reply.flags, TKT_FLG_INVALID);
	448
	449	if (isflagset(request->kdc_options, KDC_OPT_POSTDATED))
450	450	enc_tkt_reply.times.starttime = request->from;
451		} else
	451	else
452	452	enc_tkt_reply.times.starttime = kdc_time;
453	453
454	454	if (isflagset(request->kdc_options, KDC_OPT_VALIDATE)) {

511	511	if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
512	512	altcprinc = s4u_x509_user->user_id.user;
513	513	} else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) {
514		altcprinc = subject_tkt->client;
	514	/* kdc_process_s4u2proxy_req() only allows cross-realm requests if
	515	* stkt_authdata_client is set. */
	516	altcprinc = isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM) ?
	517	stkt_authdata_client : subject_tkt->client;
515	518	} else {
516	519	altcprinc = NULL;
517	520	}

553	556	clear(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED);
554	557	}
555	558	if (isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED) == 0) {
556		/*
557		* If we are not doing protocol transition/constrained delegation
558		* try to lookup the client principal so plugins can add additional
559		* authorization information.
560		*
561		* Always validate authorization data for constrained delegation
562		* because we must validate the KDC signatures.
563		*/
564		if (!isflagset(c_flags, KRB5_KDB_FLAGS_S4U)) {
	559	/* If we are not doing protocol transition, try to look up the subject
	560	* principal so that KDB modules can add additional authdata. */
	561	if (!isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
565	562	/* Generate authorization data so we can include it in ticket */
566	563	setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC);
567	564	/* Map principals from foreign (possibly non-AD) realms */

574	571	}
575	572	}
576	573
577		if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
578		!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
579		enc_tkt_reply.client = s4u_x509_user->user_id.user;
	574	if (isflagset(c_flags, KRB5_KDB_FLAGS_S4U) && !is_referral)
	575	enc_tkt_reply.client = altcprinc;
580	576	else
581		enc_tkt_reply.client = subject_tkt->client;
	577	enc_tkt_reply.client = header_enc_tkt->client;
582	578
583	579	enc_tkt_reply.session = &session_key;
584	580	enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;

619	615	}
620	616	newtransited = 1;
621	617	}
622		if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) {
623		errcode = validate_transit_path(kdc_context, header_enc_tkt->client,
624		server, header_server);
625		if (errcode) {
626		status = "NON_TRANSITIVE";
627		goto cleanup;
628		}
629		}
630	618	if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
631	619	errcode = kdc_check_transited_list (kdc_active_realm,
632	620	&enc_tkt_reply.transited.tr_contents,

649	637	}
650	638
651	639	errcode = handle_authdata(kdc_context, c_flags, client, server,
652		header_server, local_tgt,
	640	subject_server, local_tgt, &local_tgt_key,
653	641	subkey != NULL ? subkey :
654	642	header_ticket->enc_part2->session,
655		encrypting_key, /* U2U or server key */
656		header_key,
657		pkt,
658		request,
659		s4u_x509_user ?
660		s4u_x509_user->user_id.user : NULL,
661		subject_tkt,
662		auth_indicators,
663		&enc_tkt_reply);
	643	encrypting_key, subject_key, pkt, request,
	644	altcprinc, ad_info, subject_tkt,
	645	&auth_indicators, &enc_tkt_reply);
664	646	if (errcode) {
665	647	krb5_klog_syslog(LOG_INFO, _("TGS_REQ : handle_authdata (%d)"),
666	648	errcode);

794	776	krb5_free_keyblock_contents(kdc_context, &server_keyblock);
795	777	if (reply_key)
796	778	krb5_free_keyblock(kdc_context, reply_key);
	779	if (stkt_server_key)
	780	krb5_free_keyblock(kdc_context, stkt_server_key);
797	781	if (errcode)
798	782	emsg = krb5_get_error_message (kdc_context, errcode);
799	783

841	825	krb5_db_free_principal(kdc_context, header_server);
842	826	krb5_db_free_principal(kdc_context, client);
843	827	krb5_db_free_principal(kdc_context, local_tgt_storage);
	828	if (local_tgt_key.contents != NULL)
	829	krb5_free_keyblock_contents(kdc_context, &local_tgt_key);
844	830	if (session_key.contents != NULL)
845	831	krb5_free_keyblock_contents(kdc_context, &session_key);
846	832	if (newtransited)

861	847	krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
862	848	krb5_free_pa_data(kdc_context, e_data);
863	849	k5_free_data_ptr_list(auth_indicators);
	850	krb5_db_free_authdata_info(kdc_context, ad_info);
	851	krb5_db_free_authdata_info(kdc_context, stkt_ad_info);
	852	krb5_free_principal(kdc_context, stkt_authdata_client);
864	853
865	854	return retval;
866	855	}

942	931	static krb5_error_code
943	932	decrypt_2ndtkt(kdc_realm_t kdc_active_realm, krb5_kdc_req req,
944	933	krb5_flags flags, krb5_db_entry **server_out,
945		const char **status)
	934	krb5_keyblock key_out, const char status)
946	935	{
947	936	krb5_error_code retval;
948	937	krb5_db_entry *server = NULL;
949		krb5_keyblock *key;
950	938	krb5_kvno kvno;
951	939	krb5_ticket *stkt;
952	940

954	942	return 0;
955	943
956	944	stkt = req->second_ticket[0];
957		retval = kdc_get_server_key(kdc_context, stkt,
958		flags,
959		TRUE, /* match_enctype */
960		&server,
961		&key,
962		&kvno);
	945	retval = kdc_get_server_key(kdc_context, stkt, flags, TRUE, &server,
	946	key_out, &kvno);
963	947	if (retval != 0) {
964	948	*status = "2ND_TKT_SERVER";
965	949	goto cleanup;
966	950	}
967		retval = krb5_decrypt_tkt_part(kdc_context, key,
	951	retval = krb5_decrypt_tkt_part(kdc_context, *key_out,
968	952	req->second_ticket[0]);
969		krb5_free_keyblock(kdc_context, key);
970	953	if (retval != 0) {
971	954	*status = "2ND_TKT_DECRYPT";
972	955	goto cleanup;

+58

-45

src/kdc/fast_util.c less more

46	46	if (retval == 0)
47	47	retval = krb5_auth_con_setflags(kdc_context,
48	48	authcontext, 0); /disable replay cache/
49		retval = krb5_rd_req(kdc_context, &authcontext,
50		&armor->armor_value, NULL /server/,
51		kdc_active_realm->realm_keytab, NULL, &ticket);
	49	if (retval == 0)
	50	retval = krb5_rd_req(kdc_context, &authcontext, &armor->armor_value,
	51	NULL /server/, kdc_active_realm->realm_keytab,
	52	NULL, &ticket);
52	53	if (retval != 0) {
53	54	const char * errmsg = krb5_get_error_message(kdc_context, retval);
54	55	k5_setmsg(kdc_context, retval, _("%s while handling ap-request armor"),

131	132	{
132	133	krb5_error_code retval = 0;
133	134	krb5_pa_data *fast_padata;
134		krb5_data scratch, *inner_body = NULL;
	135	krb5_data scratch, plaintext, *inner_body = NULL;
135	136	krb5_fast_req * fast_req = NULL;
136	137	krb5_kdc_req request = requestptr;
137	138	krb5_fast_armored_req *fast_armored_req = NULL;

182	183	}
183	184	}
184	185	if (retval == 0) {
185		krb5_data plaintext;
186	186	plaintext.length = fast_armored_req->enc_part.ciphertext.length;
187		plaintext.data = malloc(plaintext.length);
188		if (plaintext.data == NULL)
189		retval = ENOMEM;
	187	plaintext.data = k5alloc(plaintext.length, &retval);
	188	}
	189	if (retval == 0) {
190	190	retval = krb5_c_decrypt(kdc_context,
191	191	state->armor_key,
192	192	KRB5_KEYUSAGE_FAST_ENC, NULL,

455	455	make_padata(krb5_preauthtype pa_type, const void *contents, size_t len,
456	456	krb5_pa_data **out)
457	457	{
458		if (alloc_pa_data(pa_type, len, out) != 0)
	458	if (k5_alloc_pa_data(pa_type, len, out) != 0)
459	459	return ENOMEM;
460	460	memcpy((*out)->contents, contents, len);
461	461	return 0;
462	462	}
463	463
464	464	/*
465		* Construct the secure cookie encryption key for the given local-realm TGT
466		* entry, kvno, and client principal. The cookie key is derived from the first
467		* TGT key for the given kvno, using the concatenation of "COOKIE" and the
468		* unparsed client principal name as input. If kvno is 0, the highest current
469		* kvno of the TGT is used. If kvno_out is not null, *kvno_out is set to the
470		* kvno used.
	465	* Derive the secure cookie encryption key from tgt_key and client_princ. The
	466	* cookie key is derived with PRF+ using the concatenation of "COOKIE" and the
	467	* unparsed client principal name as input.
471	468	*/
472	469	static krb5_error_code
473		get_cookie_key(krb5_context context, krb5_db_entry *tgt, krb5_kvno kvno,
474		krb5_const_principal client_princ, krb5_keyblock **key_out,
475		krb5_kvno *kvno_out)
	470	derive_cookie_key(krb5_context context, krb5_keyblock *tgt_key,
	471	krb5_const_principal client_princ, krb5_keyblock **key_out)
476	472	{
477	473	krb5_error_code ret;
478		krb5_key_data *kd;
479		krb5_keyblock kb;
480	474	krb5_data d;
481		krb5_int32 start = 0;
482	475	char princstr = NULL, derive_input = NULL;
483	476
484	477	*key_out = NULL;
485		memset(&kb, 0, sizeof(kb));
486
487		/* Find the first krbtgt key with the specified kvno. */
488		ret = krb5_dbe_search_enctype(context, tgt, &start, -1, -1, kvno, &kd);
489		if (ret)
490		goto cleanup;
491
492		/* Decrypt the key. */
493		ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &kb, NULL);
494		if (ret)
495		goto cleanup;
496	478
497	479	/* Construct the input string and derive the cookie key. */
498	480	ret = krb5_unparse_name(context, client_princ, &princstr);

503	485	goto cleanup;
504	486	}
505	487	d = string2data(derive_input);
506		ret = krb5_c_derive_prfplus(context, &kb, &d, ENCTYPE_NULL, key_out);
507
508		if (kvno_out != NULL)
509		*kvno_out = kd->key_data_kvno;
	488	ret = krb5_c_derive_prfplus(context, tgt_key, &d, ENCTYPE_NULL, key_out);
510	489
511	490	cleanup:
512		krb5_free_keyblock_contents(context, &kb);
513	491	krb5_free_unparsed_name(context, princstr);
514	492	free(derive_input);
	493	return ret;
	494	}
	495
	496	/* Derive the cookie key for the specified kvno in tgt. tgt_key must be the
	497	* decrypted first key data entry in tgt. */
	498	static krb5_error_code
	499	get_cookie_key(krb5_context context, krb5_db_entry *tgt,
	500	krb5_keyblock *tgt_key, krb5_kvno kvno,
	501	krb5_const_principal client_princ, krb5_keyblock **key_out)
	502	{
	503	krb5_error_code ret;
	504	krb5_keyblock storage, *key;
	505	krb5_key_data *kd;
	506
	507	*key_out = NULL;
	508	memset(&storage, 0, sizeof(storage));
	509
	510	if (kvno == tgt->key_data[0].key_data_kvno) {
	511	/* Use the already-decrypted first key. */
	512	key = tgt_key;
	513	} else {
	514	/* The cookie used an older TGT key; find and decrypt it. */
	515	ret = krb5_dbe_find_enctype(context, tgt, -1, -1, kvno, &kd);
	516	if (ret)
	517	return ret;
	518	ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &storage, NULL);
	519	if (ret)
	520	return ret;
	521	key = &storage;
	522	}
	523
	524	ret = derive_cookie_key(context, key, client_princ, key_out);
	525	krb5_free_keyblock_contents(context, &storage);
515	526	return ret;
516	527	}
517	528

537	548	*/
538	549	krb5_error_code
539	550	kdc_fast_read_cookie(krb5_context context, struct kdc_request_state *state,
540		krb5_kdc_req req, krb5_db_entry local_tgt)
	551	krb5_kdc_req req, krb5_db_entry local_tgt,
	552	krb5_keyblock *local_tgt_key)
541	553	{
542	554	krb5_error_code ret;
543	555	krb5_secure_cookie *cookie = NULL;

559	571
560	572	/* Extract the kvno and generate the corresponding cookie key. */
561	573	kvno = load_32_be(pa->contents + 4);
562		ret = get_cookie_key(context, local_tgt, kvno, req->client, &key, NULL);
	574	ret = get_cookie_key(context, local_tgt, local_tgt_key, kvno, req->client,
	575	&key);
563	576	if (ret)
564	577	goto cleanup;
565	578

645	658	* trivial "MIT" cookie if no values are set. */
646	659	krb5_error_code
647	660	kdc_fast_make_cookie(krb5_context context, struct kdc_request_state *state,
648		krb5_db_entry *local_tgt,
	661	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
649	662	krb5_const_principal client_princ,
650	663	krb5_pa_data **cookie_out)
651	664	{

656	669	krb5_timestamp now;
657	670	krb5_enc_data enc;
658	671	krb5_data *der_cookie = NULL;
659		krb5_kvno kvno;
660	672	size_t ctlen;
661	673
662	674	*cookie_out = NULL;

664	676
665	677	/* Make a trivial cookie if there are no contents to marshal or we don't
666	678	* have a TGT entry to encrypt them. */
667		if (contents == NULL \|\| *contents == NULL \|\| local_tgt == NULL)
	679	if (contents == NULL \|\| *contents == NULL \|\| local_tgt_key == NULL)
668	680	return make_padata(KRB5_PADATA_FX_COOKIE, "MIT", 3, cookie_out);
669	681
670		ret = get_cookie_key(context, local_tgt, 0, client_princ, &key, &kvno);
	682	ret = derive_cookie_key(context, local_tgt_key, client_princ, &key);
671	683	if (ret)
672	684	goto cleanup;
673	685

695	707	goto cleanup;
696	708
697	709	/* Construct the cookie pa-data entry. */
698		ret = alloc_pa_data(KRB5_PADATA_FX_COOKIE, 8 + enc.ciphertext.length, &pa);
	710	ret = k5_alloc_pa_data(KRB5_PADATA_FX_COOKIE, 8 + enc.ciphertext.length,
	711	&pa);
699	712	memcpy(pa->contents, "MIT1", 4);
700		store_32_be(kvno, pa->contents + 4);
	713	store_32_be(local_tgt->key_data[0].key_data_kvno, pa->contents + 4);
701	714	memcpy(pa->contents + 8, enc.ciphertext.data, enc.ciphertext.length);
702	715	*cookie_out = pa;
703	716

+113

-126

src/kdc/kdc_authdata.c less more

315	315	static krb5_error_code
316	316	fetch_kdb_authdata(krb5_context context, unsigned int flags,
317	317	krb5_db_entry client, krb5_db_entry server,
318		krb5_db_entry header_server, krb5_keyblock client_key,
319		krb5_keyblock server_key, krb5_keyblock header_key,
320		krb5_kdc_req *req, krb5_const_principal for_user_princ,
321		krb5_enc_tkt_part *enc_tkt_req,
322		krb5_enc_tkt_part *enc_tkt_reply)
	318	krb5_db_entry header_server, krb5_db_entry local_tgt,
	319	krb5_keyblock client_key, krb5_keyblock server_key,
	320	krb5_keyblock header_key, krb5_keyblock local_tgt_key,
	321	krb5_kdc_req *req, krb5_const_principal altcprinc,
	322	void ad_info, krb5_enc_tkt_part enc_tkt_req,
	323	krb5_enc_tkt_part *enc_tkt_reply,
	324	krb5_data ***auth_indicators)
323	325	{
324	326	krb5_error_code ret;
325	327	krb5_authdata tgt_authdata, db_authdata = NULL;
326	328	krb5_boolean tgs_req = (req->msg_type == KRB5_TGS_REQ);
327	329	krb5_const_principal actual_client;
328		krb5_db_entry *krbtgt;
329		krb5_keyblock *krbtgt_key;
330	330
331	331	/*
332	332	* Check whether KDC issued authorization data should be included.

354	354	return 0;
355	355	}
356	356
357		/*
358		* We have this special case for protocol transition, because for
359		* cross-realm protocol transition the ticket reply client will
360		* not be changed until the final hop.
361		*/
362		if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
363		actual_client = for_user_princ;
	357	/* S4U referral replies should contain authdata for the requested client,
	358	* even though they use the requesting service as the ticket client. */
	359	if (isflagset(flags, KRB5_KDB_FLAGS_S4U))
	360	actual_client = altcprinc;
364	361	else
365	362	actual_client = enc_tkt_reply->client;
366	363
367		/*
368		* For DAL major version 5, always pass "krbtgt" and "krbtgt_key"
369		* parameters which are usually, but not always, for local or cross-realm
370		* TGT principals. In the future we might rename the parameters and pass
371		* NULL for AS requests.
372		*/
373		krbtgt = (header_server != NULL) ? header_server : server;
374		krbtgt_key = (header_key != NULL) ? header_key : server_key;
375
376	364	tgt_authdata = tgs_req ? enc_tkt_req->authorization_data : NULL;
377		ret = krb5_db_sign_authdata(context, flags, actual_client, client,
378		server, krbtgt, client_key, server_key,
379		krbtgt_key, enc_tkt_reply->session,
	365	ret = krb5_db_sign_authdata(context, flags, actual_client, req->server,
	366	client, server, header_server, local_tgt,
	367	client_key, server_key, header_key,
	368	local_tgt_key, enc_tkt_reply->session,
380	369	enc_tkt_reply->times.authtime, tgt_authdata,
381		&db_authdata);
	370	ad_info, auth_indicators, &db_authdata);
382	371	if (ret)
383	372	return (ret == KRB5_PLUGIN_OP_NOTSUPP) ? 0 : ret;
384	373
385		/* Add the KDB authdata to the ticket, without copying or filtering. */
386		ret = merge_authdata(context, db_authdata,
387		&enc_tkt_reply->authorization_data, FALSE, FALSE);
	374	/* Put the KDB authdata first in the ticket. A successful merge places the
	375	* combined list in db_authdata and releases the old ticket authdata. */
	376	ret = merge_authdata(context, enc_tkt_reply->authorization_data,
	377	&db_authdata, FALSE, FALSE);
388	378	if (ret)
389	379	krb5_free_authdata(context, db_authdata);
	380	else
	381	enc_tkt_reply->authorization_data = db_authdata;
390	382	return ret;
391	383	}
392	384

437	429
438	430	static krb5_error_code
439	431	verify_signedpath_checksum(krb5_context context, krb5_db_entry *local_tgt,
	432	krb5_keyblock *local_tgt_key,
440	433	krb5_enc_tkt_part *enc_tkt_part,
441	434	krb5_principal *deleg_path,
442	435	krb5_pa_data *method_data, krb5_checksum cksum,

463	456	if (ret)
464	457	return ret;
465	458
466		/* There is no kvno in AD-SIGNTICKET, so try the last three versions. */
467		kvno = 0;
468		tries = 3;
469		do {
470		/* Get the first local tgt key of this kvno (highest kvno for the first
471		* iteration). */
472		ret = krb5_dbe_find_enctype(context, local_tgt, -1, -1, kvno, &kd);
473		if (ret) {
474		ret = 0;
475		break;
	459	ret = krb5_c_verify_checksum(context, local_tgt_key,
	460	KRB5_KEYUSAGE_AD_SIGNEDPATH, data, cksum,
	461	&valid);
	462	if (ret \|\| !valid) {
	463	/* There is no kvno in AD-SIGNTICKET, so try two previous versions. */
	464	kvno = local_tgt->key_data[0].key_data_kvno - 1;
	465	for (tries = 2; tries > 0 && kvno > 0; tries--, kvno--) {
	466	/* Get the first local tgt key of this kvno. */
	467	ret = krb5_dbe_find_enctype(context, local_tgt, -1, -1, kvno, &kd);
	468	if (ret) {
	469	ret = 0;
	470	break;
	471	}
	472	ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL);
	473	if (ret)
	474	break;
	475
	476	ret = krb5_c_verify_checksum(context, &tgtkey,
	477	KRB5_KEYUSAGE_AD_SIGNEDPATH, data,
	478	cksum, &valid);
	479	krb5_free_keyblock_contents(context, &tgtkey);
	480	if (!ret && valid)
	481	break;
476	482	}
477		ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL);
478		if (ret)
479		break;
480
481		ret = krb5_c_verify_checksum(context, &tgtkey,
482		KRB5_KEYUSAGE_AD_SIGNEDPATH, data, cksum,
483		&valid);
484		krb5_free_keyblock_contents(context, &tgtkey);
485		if (!ret && valid)
486		break;
487
488		/* Try the next lower kvno on the next iteration. */
489		kvno = kd->key_data_kvno - 1;
490		} while (--tries > 0 && kvno > 0);
	483	}
491	484
492	485	*valid_out = valid;
493	486	krb5_free_data(context, data);

497	490
498	491	static krb5_error_code
499	492	verify_signedpath(krb5_context context, krb5_db_entry *local_tgt,
	493	krb5_keyblock *local_tgt_key,
500	494	krb5_enc_tkt_part *enc_tkt_part,
501	495	krb5_principal *delegated_out, krb5_boolean pathsigned_out)
502	496	{

529	523	goto cleanup;
530	524	}
531	525
532		ret = verify_signedpath_checksum(context, local_tgt, enc_tkt_part,
533		sp->delegated, sp->method_data,
534		&sp->checksum, pathsigned_out);
	526	ret = verify_signedpath_checksum(context, local_tgt, local_tgt_key,
	527	enc_tkt_part, sp->delegated,
	528	sp->method_data, &sp->checksum,
	529	pathsigned_out);
535	530	if (ret)
536	531	goto cleanup;
537	532

549	544	static krb5_error_code
550	545	make_signedpath_checksum(krb5_context context,
551	546	krb5_const_principal for_user_princ,
552		krb5_db_entry *local_tgt,
	547	krb5_keyblock *local_tgt_key,
553	548	krb5_enc_tkt_part *enc_tkt_part,
554	549	krb5_principal *deleg_path,
555	550	krb5_pa_data *method_data, krb5_checksum cksum_out,

558	553	krb5_error_code ret;
559	554	krb5_data *data = NULL;
560	555	krb5_const_principal client;
561		krb5_key_data *kd;
562		krb5_keyblock tgtkey;
563
564		memset(&tgtkey, 0, sizeof(tgtkey));
	556
565	557	memset(cksum_out, 0, sizeof(*cksum_out));
566	558	*enctype_out = ENCTYPE_NULL;
567	559
568	560	client = (for_user_princ != NULL) ? for_user_princ : enc_tkt_part->client;
569
570		/* Get the first local tgt key of the highest kvno. */
571		ret = krb5_dbe_find_enctype(context, local_tgt, -1, -1, 0, &kd);
572		if (ret)
573		goto cleanup;
574		ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL);
575		if (ret)
576		goto cleanup;
577	561
578	562	ret = make_signedpath_data(context, client, enc_tkt_part->times.authtime,
579	563	deleg_path, method_data,
580	564	enc_tkt_part->authorization_data, &data);
581	565	if (ret)
582		goto cleanup;
583
584		ret = krb5_c_make_checksum(context, 0, &tgtkey,
	566	return ret;
	567
	568	ret = krb5_c_make_checksum(context, 0, local_tgt_key,
585	569	KRB5_KEYUSAGE_AD_SIGNEDPATH, data, cksum_out);
586		*enctype_out = tgtkey.enctype;
587
588		cleanup:
589	570	krb5_free_data(context, data);
590		krb5_free_keyblock_contents(context, &tgtkey);
591		return ret;
	571	if (ret)
	572	return ret;
	573
	574	*enctype_out = local_tgt_key->enctype;
	575	return 0;
592	576	}
593	577
594	578	static krb5_error_code
595	579	make_signedpath(krb5_context context, krb5_const_principal for_user_princ,
596		krb5_principal server, krb5_db_entry *local_tgt,
	580	krb5_principal server, krb5_keyblock *local_tgt_key,
597	581	krb5_principal deleg_path, krb5_enc_tkt_part enc_tkt_reply)
598	582	{
599	583	krb5_error_code ret;

619	603	sp.delegated[count] = NULL;
620	604	sp.method_data = NULL;
621	605
622		ret = make_signedpath_checksum(context, for_user_princ, local_tgt,
	606	ret = make_signedpath_checksum(context, for_user_princ, local_tgt_key,
623	607	enc_tkt_reply, sp.delegated, sp.method_data,
624	608	&sp.checksum, &sp.enctype);
625	609	if (ret) {

676	660	free(deleg_path);
677	661	}
678	662
679		/* Return true if the Windows 2000 PAC is the only element in the supplied
680		* authorization data. */
	663	/* Return true if the Windows PAC is present in authorization data. */
681	664	static krb5_boolean
682		only_pac_p(krb5_context context, krb5_authdata **authdata)
683		{
684		return has_kdc_issued_authdata(context, authdata,
685		KRB5_AUTHDATA_WIN2K_PAC) &&
686		authdata[1] == NULL;
	665	has_pac(krb5_context context, krb5_authdata **authdata)
	666	{
	667	return has_kdc_issued_authdata(context, authdata, KRB5_AUTHDATA_WIN2K_PAC);
687	668	}
688	669
689	670	/* Verify AD-SIGNTICKET authdata if we need to, and insert an AD-SIGNEDPATH
690	671	* element if we should. */
691	672	static krb5_error_code
692	673	handle_signticket(krb5_context context, unsigned int flags,
693		krb5_db_entry client, krb5_db_entry server,
694		krb5_db_entry local_tgt, krb5_kdc_req req,
695		krb5_const_principal for_user_princ,
	674	krb5_db_entry subject_server, krb5_db_entry server,
	675	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
	676	krb5_kdc_req *req, krb5_const_principal for_user_princ,
696	677	krb5_enc_tkt_part *enc_tkt_req,
697	678	krb5_enc_tkt_part *enc_tkt_reply)
698	679	{

703	684
704	685	s4u2proxy = isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
705	686
706		/*
707		* The Windows PAC fulfils the same role as the signed path
708		* if it is the only authorization data element.
709		*/
	687	/* For cross-realm the Windows PAC must have been verified, and it
	688	* fulfills the same role as the signed path. */
710	689	if (req->msg_type == KRB5_TGS_REQ &&
711		!only_pac_p(context, enc_tkt_req->authorization_data)) {
712		ret = verify_signedpath(context, local_tgt, enc_tkt_req, &deleg_path,
713		&signed_path);
	690	(!isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM) \|\|
	691	!has_pac(context, enc_tkt_req->authorization_data))) {
	692	ret = verify_signedpath(context, local_tgt, local_tgt_key, enc_tkt_req,
	693	&deleg_path, &signed_path);
714	694	if (ret)
715	695	goto cleanup;
716	696

723	703	/* No point in including signedpath authdata for a cross-realm TGT, since
724	704	* it will be presented to a different KDC. */
725	705	if (!isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED) &&
726		!is_cross_tgs_principal(server->princ) &&
727		!only_pac_p(context, enc_tkt_reply->authorization_data)) {
	706	!is_cross_tgs_principal(server->princ)) {
728	707	ret = make_signedpath(context, for_user_princ,
729		s4u2proxy ? client->princ : NULL, local_tgt,
730		deleg_path, enc_tkt_reply);
	708	s4u2proxy ? subject_server->princ : NULL,
	709	local_tgt_key, deleg_path, enc_tkt_reply);
731	710	if (ret)
732	711	goto cleanup;
733	712	}

742	721	static krb5_error_code
743	722	add_auth_indicators(krb5_context context, krb5_data const auth_indicators,
744	723	krb5_keyblock server_key, krb5_db_entry krbtgt,
	724	krb5_keyblock *krbtgt_key,
745	725	krb5_enc_tkt_part *enc_tkt_reply)
746	726	{
747	727	krb5_error_code ret;

759	739	list[1] = NULL;
760	740
761	741	/* Wrap the list in CAMMAC and IF-RELEVANT containers. */
762		ret = cammac_create(context, enc_tkt_reply, server_key, krbtgt, list,
763		&cammac);
	742	ret = cammac_create(context, enc_tkt_reply, server_key, krbtgt, krbtgt_key,
	743	list, &cammac);
764	744	if (ret)
765	745	goto cleanup;
766	746

781	761	* enc_tkt. */
782	762	krb5_error_code
783	763	get_auth_indicators(krb5_context context, krb5_enc_tkt_part *enc_tkt,
784		krb5_db_entry local_tgt, krb5_data **indicators_out)
	764	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
	765	krb5_data ***indicators_out)
785	766	{
786	767	krb5_error_code ret;
787	768	krb5_authdata cammacs = NULL, adp;

800	781	ret = decode_krb5_cammac(&der_cammac, &cammac);
801	782	if (ret)
802	783	goto cleanup;
803		if (cammac_check_kdcver(context, cammac, enc_tkt, local_tgt)) {
	784	if (cammac_check_kdcver(context, cammac, enc_tkt, local_tgt,
	785	local_tgt_key)) {
804	786	ret = authind_extract(context, cammac->elements, &indicators);
805	787	if (ret)
806	788	goto cleanup;

822	804	krb5_error_code
823	805	handle_authdata(krb5_context context, unsigned int flags,
824	806	krb5_db_entry client, krb5_db_entry server,
825		krb5_db_entry header_server, krb5_db_entry local_tgt,
826		krb5_keyblock client_key, krb5_keyblock server_key,
827		krb5_keyblock header_key, krb5_data req_pkt,
828		krb5_kdc_req *req, krb5_const_principal for_user_princ,
	807	krb5_db_entry subject_server, krb5_db_entry local_tgt,
	808	krb5_keyblock local_tgt_key, krb5_keyblock client_key,
	809	krb5_keyblock server_key, krb5_keyblock subject_key,
	810	krb5_data req_pkt, krb5_kdc_req req,
	811	krb5_const_principal altcprinc, void *ad_info,
829	812	krb5_enc_tkt_part *enc_tkt_req,
830		krb5_data const auth_indicators,
	813	krb5_data ***auth_indicators,
831	814	krb5_enc_tkt_part *enc_tkt_reply)
832	815	{
833	816	kdcauthdata_handle *h;

849	832	for (i = 0; i < n_authdata_modules; i++) {
850	833	h = &authdata_modules[i];
851	834	ret = h->vt.handle(context, h->data, flags, client, server,
852		header_server, client_key, server_key,
853		header_key, req_pkt, req, for_user_princ,
	835	subject_server, client_key, server_key,
	836	subject_key, req_pkt, req, altcprinc,
854	837	enc_tkt_req, enc_tkt_reply);
855	838	if (ret)
856	839	kdc_err(context, ret, "from authdata module %s", h->vt.name);

865	848	return ret;
866	849	}
867	850
	851	if (!isflagset(enc_tkt_reply->flags, TKT_FLG_ANONYMOUS)) {
	852	/* Fetch authdata from the KDB if appropriate. */
	853	ret = fetch_kdb_authdata(context, flags, client, server,
	854	subject_server, local_tgt, client_key,
	855	server_key, subject_key, local_tgt_key,
	856	req, altcprinc, ad_info, enc_tkt_req,
	857	enc_tkt_reply, auth_indicators);
	858	if (ret)
	859	return ret;
	860	}
	861
868	862	/* Add auth indicators if any were given. */
869	863	if (auth_indicators != NULL && *auth_indicators != NULL &&
870	864	!isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED)) {
871		ret = add_auth_indicators(context, auth_indicators, server_key,
872		local_tgt, enc_tkt_reply);
	865	ret = add_auth_indicators(context, *auth_indicators, server_key,
	866	local_tgt, local_tgt_key, enc_tkt_reply);
873	867	if (ret)
874	868	return ret;
875	869	}
876	870
877	871	if (!isflagset(enc_tkt_reply->flags, TKT_FLG_ANONYMOUS)) {
878		/* Fetch authdata from the KDB if appropriate. */
879		ret = fetch_kdb_authdata(context, flags, client, server, header_server,
880		client_key, server_key, header_key, req,
881		for_user_princ, enc_tkt_req, enc_tkt_reply);
	872	/* Validate and insert AD-SIGNTICKET authdata. This must happen last
	873	* since it contains a signature over the other authdata. */
	874	ret = handle_signticket(context, flags, subject_server, server,
	875	local_tgt, local_tgt_key, req, altcprinc,
	876	enc_tkt_req, enc_tkt_reply);
882	877	if (ret)
883	878	return ret;
884
885		/* Validate and insert AD-SIGNTICKET authdata. This must happen last
886		* since it contains a signature over the other authdata. */
887		ret = handle_signticket(context, flags, client, server, local_tgt,
888		req, for_user_princ, enc_tkt_req,
889		enc_tkt_reply);
890		if (ret)
891		return ret;
892	879	}
893	880
894	881	return 0;

+21

-21

src/kdc/kdc_log.c less more

64	64	{
65	65	const char *fromstring = 0;
66	66	char fromstringbuf[70];
67		char ktypestr[128];
	67	char *ktypestr = NULL;
68	68	const char *cname2 = cname ? cname : "<unknown client>";
69	69	const char *sname2 = sname ? sname : "<unknown server>";
70	70

73	73	fromstringbuf, sizeof(fromstringbuf));
74	74	if (!fromstring)
75	75	fromstring = "<unknown>";
76		ktypes2str(ktypestr, sizeof(ktypestr),
77		request->nktypes, request->ktype);
	76
	77	ktypestr = ktypes2str(request->ktype, request->nktypes);
78	78
79	79	if (status == NULL) {
80	80	/* success */
81		char rep_etypestr[128];
82		rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
	81	char *rep_etypestr = rep_etypes2str(reply);
83	82	krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %u, %s, "
84	83	"%s for %s"),
85		ktypestr, fromstring, (unsigned int)authtime,
86		rep_etypestr, cname2, sname2);
	84	ktypestr ? ktypestr : "", fromstring,
	85	(unsigned int)authtime,
	86	rep_etypestr ? rep_etypestr : "", cname2, sname2);
	87	free(rep_etypestr);
87	88	} else {
88	89	/* fail */
89	90	krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"),
90		ktypestr, fromstring, status,
91		cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
	91	ktypestr ? ktypestr : "", fromstring, status, cname2,
	92	sname2, emsg ? ", " : "", emsg ? emsg : "");
92	93	}
93	94	krb5_db_audit_as_req(context, request,
94	95	local_addr->address, remote_addr->address,
95	96	client, server, authtime, errcode);
	97
	98	free(ktypestr);
96	99	}
97	100
98	101	/*

121	124	unsigned int c_flags,
122	125	const char status, krb5_error_code errcode, const char emsg)
123	126	{
124		char ktypestr[128];
	127	char ktypestr = NULL, rep_etypestr = NULL;
125	128	const char *fromstring = 0;
126	129	char fromstringbuf[70];
127		char rep_etypestr[128];
128	130	char cname = NULL, sname = NULL, *altcname = NULL;
129	131	char logcname = NULL, logsname = NULL, *logaltcname = NULL;
130	132

133	135	fromstringbuf, sizeof(fromstringbuf));
134	136	if (!fromstring)
135	137	fromstring = "<unknown>";
136		ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype);
137		if (!errcode)
138		rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
139		else
140		rep_etypestr[0] = 0;
141	138
142	139	unparse_and_limit(ctx, cprinc, &cname);
143	140	logcname = (cname != NULL) ? cname : "<unknown client>";

150	147	name (useful), and doesn't log ktypestr (probably not
151	148	important). */
152	149	if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
	150	ktypestr = ktypes2str(request->ktype, request->nktypes);
	151	rep_etypestr = rep_etypes2str(reply);
153	152	krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %u, %s%s "
154	153	"%s for %s%s%s"),
155		ktypestr, fromstring, status, (unsigned int)authtime,
156		rep_etypestr, !errcode ? "," : "", logcname, logsname,
	154	ktypestr ? ktypestr : "", fromstring, status,
	155	(unsigned int)authtime,
	156	rep_etypestr ? rep_etypestr : "",
	157	!errcode ? "," : "", logcname, logsname,
157	158	errcode ? ", " : "", errcode ? emsg : "");
158	159	if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
159	160	krb5_klog_syslog(LOG_INFO,

170	171	fromstring, status, (unsigned int)authtime,
171	172	logcname, logsname, logaltcname);
172	173
173		/* OpenSolaris: audit_krb5kdc_tgs_req(...) or
174		audit_krb5kdc_tgs_req_2ndtktmm(...) */
175
	174	free(rep_etypestr);
	175	free(ktypestr);
176	176	krb5_free_unparsed_name(ctx, cname);
177	177	krb5_free_unparsed_name(ctx, sname);
178	178	krb5_free_unparsed_name(ctx, altcname);

+54

-98

src/kdc/kdc_preauth.c less more

107	107	static size_t n_preauth_systems;
108	108
109	109	static krb5_error_code
110		make_etype_info(krb5_context context, krb5_preauthtype pa_type,
	110	make_etype_info(krb5_context context, krb5_boolean etype_info2,
111	111	krb5_principal client, krb5_key_data *client_key,
112		krb5_enctype enctype, krb5_pa_data **pa_out);
	112	krb5_enctype enctype, krb5_data **der_out);
113	113
114	114	/* Get all available kdcpreauth vtables and a count of preauth types they
115	115	* support. Return an empty list on failure. */

488	488	krb5_principal_compare(context, princ, client))
489	489	return TRUE;
490	490
491		if (krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_ALIAS_OK, &ent))
	491	if (krb5_db_get_principal(context, princ, 0, &ent))
492	492	return FALSE;
493	493	match = krb5_principal_compare(context, ent->princ, client);
494	494	krb5_db_free_principal(context, ent);

752	752	krb5_pa_data ***pa_list)
753	753	{
754	754	krb5_error_code ret;
755		krb5_pa_data *pa;
	755	krb5_data *der;
756	756
757	757	if (rock->client_key == NULL)
758	758	return 0;
759	759
760	760	if (!requires_info2(rock->request)) {
761	761	/* Include PA-ETYPE-INFO only for old clients. */
762		ret = make_etype_info(context, KRB5_PADATA_ETYPE_INFO,
763		rock->client->princ, rock->client_key,
764		rock->client_keyblock->enctype, &pa);
	762	ret = make_etype_info(context, FALSE, rock->client->princ,
	763	rock->client_key, rock->client_keyblock->enctype,
	764	&der);
765	765	if (ret)
766	766	return ret;
767		/* add_pa_data_element() claims pa on success or failure. */
768		ret = add_pa_data_element(pa_list, pa);
	767	ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_ETYPE_INFO, der);
	768	krb5_free_data(context, der);
769	769	if (ret)
770	770	return ret;
771	771	}
772	772
773	773	/* Always include PA-ETYPE-INFO2. */
774		ret = make_etype_info(context, KRB5_PADATA_ETYPE_INFO2,
775		rock->client->princ, rock->client_key,
776		rock->client_keyblock->enctype, &pa);
	774	ret = make_etype_info(context, TRUE, rock->client->princ, rock->client_key,
	775	rock->client_keyblock->enctype, &der);
777	776	if (ret)
778	777	return ret;
779		/* add_pa_data_element() claims pa on success or failure. */
780		return add_pa_data_element(pa_list, pa);
781		}
782
783		/* Add PW-SALT or AFS3-SALT entries to pa_list as appropriate for the request
784		* and client principal. */
	778	ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_ETYPE_INFO2, der);
	779	krb5_free_data(context, der);
	780	return ret;
	781	}
	782
	783	/* Add PW-SALT entries to pa_list as appropriate for the request and client
	784	* principal. */
785	785	static krb5_error_code
786	786	add_pw_salt(krb5_context context, krb5_kdcpreauth_rock rock,
787	787	krb5_pa_data ***pa_list)
788	788	{
789	789	krb5_error_code ret;
790		krb5_pa_data *pa;
791	790	krb5_data *salt = NULL;
792	791	krb5_int16 salttype;
793	792

800	799	if (ret)
801	800	return 0;
802	801
803		if (salttype == KRB5_KDB_SALTTYPE_AFS3) {
804		ret = alloc_pa_data(KRB5_PADATA_AFS3_SALT, salt->length + 1, &pa);
805		if (ret)
806		goto cleanup;
807		memcpy(pa->contents, salt->data, salt->length);
808		pa->contents[salt->length] = '\0';
809		} else {
810		/* Steal memory from salt to make the pa-data entry. */
811		ret = alloc_pa_data(KRB5_PADATA_PW_SALT, 0, &pa);
812		if (ret)
813		goto cleanup;
814		pa->length = salt->length;
815		pa->contents = (uint8_t *)salt->data;
816		salt->data = NULL;
817		}
818
819		/* add_pa_data_element() claims pa on success or failure. */
820		ret = add_pa_data_element(pa_list, pa);
821
822		cleanup:
	802	ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_PW_SALT, salt);
823	803	krb5_free_data(context, salt);
824	804	return ret;
825	805	}

834	814	krb5_keyblock kb;
835	815	krb5_checksum cksum;
836	816	krb5_data d;
837		krb5_pa_data *pa;
	817	krb5_pa_data *pa = NULL;
838	818	char ckbuf[4];
839	819
840	820	memset(&cksum, 0, sizeof(cksum));

864	844	&d, &cksum);
865	845
866	846	/* Compose a freshness token from the time, krbtgt kvno, and checksum. */
867		ret = alloc_pa_data(KRB5_PADATA_AS_FRESHNESS, 8 + cksum.length, &pa);
	847	ret = k5_alloc_pa_data(KRB5_PADATA_AS_FRESHNESS, 8 + cksum.length, &pa);
868	848	if (ret)
869	849	goto cleanup;
870	850	store_32_be(now, pa->contents);
871	851	store_32_be(kd->key_data_kvno, pa->contents + 4);
872	852	memcpy(pa->contents + 8, cksum.contents, cksum.length);
873	853
874		/* add_pa_data_element() claims pa on success or failure. */
875		ret = add_pa_data_element(pa_list, pa);
	854	ret = k5_add_pa_data_element(pa_list, &pa);
876	855
877	856	cleanup:
878	857	krb5_free_keyblock_contents(context, &kb);
879	858	krb5_free_checksum_contents(context, &cksum);
	859	k5_free_pa_data_element(pa);
880	860	return ret;
881	861	}
882	862

934	914
935	915	if (code == 0) {
936	916	if (pa == NULL) {
937		ret = alloc_pa_data(state->pa_type, 0, &pa);
	917	ret = k5_alloc_pa_data(state->pa_type, 0, &pa);
938	918	if (ret)
939	919	goto error;
940	920	}
941		/* add_pa_data_element() claims pa on success or failure. */
942		ret = add_pa_data_element(&state->pa_data, pa);
	921	ret = k5_add_pa_data_element(&state->pa_data, &pa);
	922	k5_free_pa_data_element(pa);
943	923	if (ret)
944	924	goto error;
945	925	}

988	968	{
989	969	kdc_realm_t *kdc_active_realm = rock->rstate->realm_data;
990	970	struct hint_state *state;
991		krb5_pa_data *pa;
992	971
993	972	*e_data_out = NULL;
994	973

1008	987	state->ap = preauth_systems;
1009	988
1010	989	/* Add an empty PA-FX-FAST element to advertise FAST support. */
1011		if (alloc_pa_data(KRB5_PADATA_FX_FAST, 0, &pa) != 0)
1012		goto error;
1013		/* add_pa_data_element() claims pa on success or failure. */
1014		if (add_pa_data_element(&state->pa_data, pa) != 0)
	990	if (k5_add_empty_pa_data(&state->pa_data, KRB5_PADATA_FX_FAST) != 0)
1015	991	goto error;
1016	992
1017	993	if (add_etype_info(kdc_context, rock, &state->pa_data) != 0)

1158	1134	krb5_error_code ret;
1159	1135	krb5_context context = state->context;
1160	1136	krb5_kdcpreauth_rock rock = state->rock;
1161		krb5_pa_data *pa;
	1137	krb5_data *der;
1162	1138
1163	1139	/* Only add key information when requesting another preauth round trip. */
1164	1140	if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED)

1174	1150	KRB5_PADATA_FX_COOKIE) != NULL)
1175	1151	return 0;
1176	1152
1177		ret = make_etype_info(context, KRB5_PADATA_ETYPE_INFO2,
1178		rock->client->princ, rock->client_key,
1179		rock->client_keyblock->enctype, &pa);
	1153	ret = make_etype_info(context, TRUE, rock->client->princ, rock->client_key,
	1154	rock->client_keyblock->enctype, &der);
1180	1155	if (ret)
1181	1156	return ret;
1182
1183		/* add_pa_data_element() claims pa on success or failure. */
1184		return add_pa_data_element(&state->pa_e_data, pa);
	1157	ret = k5_add_pa_data_from_data(&state->pa_e_data, KRB5_PADATA_ETYPE_INFO2,
	1158	der);
	1159	krb5_free_data(context, der);
	1160	return ret;
1185	1161	}
1186	1162
1187	1163	/* Release state and respond to the AS-REQ processing code with the result of

1475	1451	goto cleanup;
1476	1452
1477	1453	if (send_pa != NULL) {
1478		/* add_pa_data_element() claims send_pa on success or failure. */
1479		retval = add_pa_data_element(&send_pa_list, send_pa);
	1454	retval = k5_add_pa_data_element(&send_pa_list, &send_pa);
	1455	k5_free_pa_data_element(send_pa);
1480	1456	if (retval)
1481	1457	goto cleanup;
1482	1458	}

1544	1520	&salttype, &salt);
1545	1521	if (retval)
1546	1522	goto cleanup;
1547		if (etype_info2 && salttype == KRB5_KDB_SALTTYPE_AFS3) {
1548		switch (etype) {
1549		case ENCTYPE_DES_CBC_CRC:
1550		case ENCTYPE_DES_CBC_MD4:
1551		case ENCTYPE_DES_CBC_MD5:
1552		retval = alloc_data(&entry->s2kparams, 1);
1553		if (retval)
1554		goto cleanup;
1555		entry->s2kparams.data[0] = 1;
1556		break;
1557		default:
1558		break;
1559		}
1560		}
1561	1523
1562	1524	entry->length = salt->length;
1563	1525	entry->salt = (unsigned char *)salt->data;

1573	1535	return retval;
1574	1536	}
1575	1537
1576		/* Create etype-info or etype-info2 padata for client_key with the given
	1538	/* Encode an etype-info or etype-info2 message for client_key with the given
1577	1539	* enctype, using client to compute the salt if necessary. */
1578	1540	static krb5_error_code
1579		make_etype_info(krb5_context context, krb5_preauthtype pa_type,
	1541	make_etype_info(krb5_context context, krb5_boolean etype_info2,
1580	1542	krb5_principal client, krb5_key_data *client_key,
1581		krb5_enctype enctype, krb5_pa_data **pa_out)
	1543	krb5_enctype enctype, krb5_data **der_out)
1582	1544	{
1583	1545	krb5_error_code retval;
1584	1546	krb5_etype_info_entry **entry = NULL;
1585		krb5_data *der_etype_info = NULL;
1586		int etype_info2 = (pa_type == KRB5_PADATA_ETYPE_INFO2);
1587
1588		*pa_out = NULL;
	1547
	1548	*der_out = NULL;
1589	1549
1590	1550	entry = k5calloc(2, sizeof(*entry), &retval);
1591	1551	if (entry == NULL)

1596	1556	goto cleanup;
1597	1557
1598	1558	if (etype_info2)
1599		retval = encode_krb5_etype_info2(entry, &der_etype_info);
	1559	retval = encode_krb5_etype_info2(entry, der_out);
1600	1560	else
1601		retval = encode_krb5_etype_info(entry, &der_etype_info);
1602		if (retval)
1603		goto cleanup;
1604
1605		/* Steal the data from der_etype_info to create a pa-data element. */
1606		retval = alloc_pa_data(pa_type, 0, pa_out);
1607		if (retval)
1608		goto cleanup;
1609		(pa_out)->contents = (uint8_t )der_etype_info->data;
1610		(*pa_out)->length = der_etype_info->length;
1611		der_etype_info->data = NULL;
	1561	retval = encode_krb5_etype_info(entry, der_out);
1612	1562
1613	1563	cleanup:
1614	1564	krb5_free_etype_info(context, entry);
1615		krb5_free_data(context, der_etype_info);
1616	1565	return retval;
1617	1566	}
1618	1567

1664	1613	if (code \|\| tl_data.tl_data_length == 0)
1665	1614	return 0;
1666	1615
1667		code = alloc_pa_data(KRB5_PADATA_SVR_REFERRAL_INFO, tl_data.tl_data_length,
1668		&pa);
	1616	code = k5_alloc_pa_data(KRB5_PADATA_SVR_REFERRAL_INFO,
	1617	tl_data.tl_data_length, &pa);
1669	1618	if (code)
1670	1619	return code;
1671	1620	memcpy(pa->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
1672		/* add_pa_data_element() claims pa on success or failure. */
1673		return add_pa_data_element(&reply->enc_padata, pa);
	1621	code = k5_add_pa_data_element(&reply->enc_padata, &pa);
	1622	k5_free_pa_data_element(pa);
	1623	return code;
1674	1624	}
1675	1625
1676	1626	krb5_error_code

1691	1641	&reply_encpart->enc_padata);
1692	1642	if (code)
1693	1643	goto cleanup;
	1644
	1645	code = kdc_add_pa_pac_options(context, request,
	1646	&reply_encpart->enc_padata);
	1647	if (code)
	1648	goto cleanup;
	1649
1694	1650	/Add potentially other enc_padata providers/
1695	1651	cleanup:
1696	1652	return code;

+402

-296

src/kdc/kdc_util.c less more

192	192	return(0);
193	193	}
194	194
	195	/* Return true if padata contains an entry of either S4U2Self type. */
	196	static inline krb5_boolean
	197	has_s4u2self_padata(krb5_pa_data **padata)
	198	{
	199	if (krb5int_find_pa_data(NULL, padata, KRB5_PADATA_FOR_USER) != NULL)
	200	return TRUE;
	201	if (krb5int_find_pa_data(NULL, padata, KRB5_PADATA_S4U_X509_USER) != NULL)
	202	return TRUE;
	203	return FALSE;
	204	}
	205
195	206	/* If a header ticket is decrypted, ticket_out is filled in even on error. /
196	207	krb5_error_code
197	208	kdc_process_tgs_req(kdc_realm_t *kdc_active_realm,

304	315	}
305	316
306	317	/* make sure the client is of proper lineage (see above) */
307		if (foreign_server &&
308		!krb5int_find_pa_data(kdc_context,
309		request->padata, KRB5_PADATA_FOR_USER)) {
310		if (is_local_principal(kdc_active_realm,
311		ticket->enc_part2->client)) {
312		/* someone in a foreign realm claiming to be local */
313		krb5_klog_syslog(LOG_INFO, _("PROCESS_TGS: failed lineage check"));
314		retval = KRB5KDC_ERR_POLICY;
315		goto cleanup_authenticator;
316		}
	318	if (foreign_server && !has_s4u2self_padata(request->padata) &&
	319	is_local_principal(kdc_active_realm, ticket->enc_part2->client)) {
	320	/* someone in a foreign realm claiming to be local */
	321	krb5_klog_syslog(LOG_INFO, _("PROCESS_TGS: failed lineage check"));
	322	retval = KRB5KDC_ERR_POLICY;
	323	goto cleanup_authenticator;
317	324	}
318	325
319	326	/*

395	402	match_enctype = 0;
396	403	}
397	404
398		retval = kdc_get_server_key(kdc_context, apreq->ticket,
399		KRB5_KDB_FLAG_ALIAS_OK, match_enctype, server,
400		NULL, NULL);
	405	retval = kdc_get_server_key(kdc_context, apreq->ticket, 0, match_enctype,
	406	server, NULL, NULL);
401	407	if (retval)
402	408	return retval;
403	409

542	548	/*
543	549	* If candidate is the local TGT for realm, set *alias_out to candidate and
544	550	* storage_out to NULL. Otherwise, load the local TGT into storage_out and
545		* set alias_out to storage_out.
	551	* set alias_out to storage_out. In either case, set *key_out to the
	552	* decrypted first key of the local TGT.
546	553	*
547	554	* In the future we might generalize this to a small per-request principal
548	555	* cache. For now, it saves a load operation in the common case where the AS

551	558	krb5_error_code
552	559	get_local_tgt(krb5_context context, const krb5_data *realm,
553	560	krb5_db_entry candidate, krb5_db_entry *alias_out,
554		krb5_db_entry **storage_out)
	561	krb5_db_entry *storage_out, krb5_keyblock key_out)
555	562	{
556	563	krb5_error_code ret;
557	564	krb5_principal princ;
558		krb5_db_entry *tgt;
	565	krb5_db_entry storage = NULL, tgt;
	566	krb5_key_data *kd;
559	567
560	568	*alias_out = NULL;
561	569	*storage_out = NULL;
	570	memset(key_out, 0, sizeof(*key_out));
562	571
563	572	ret = krb5_build_principal_ext(context, &princ, realm->length, realm->data,
564	573	KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
565	574	realm->length, realm->data, 0);
566	575	if (ret)
567		return ret;
	576	goto cleanup;
568	577
569	578	if (!krb5_principal_compare(context, candidate->princ, princ)) {
570		ret = krb5_db_get_principal(context, princ, 0, &tgt);
571		if (!ret)
572		storage_out = alias_out = tgt;
	579	ret = krb5_db_get_principal(context, princ, 0, &storage);
	580	if (ret)
	581	goto cleanup;
	582	tgt = storage;
573	583	} else {
574		*alias_out = candidate;
575		}
576
	584	tgt = candidate;
	585	}
	586
	587	/* Find and decrypt the first valid key of the current kvno. */
	588	ret = krb5_dbe_find_enctype(context, tgt, -1, -1, 0, &kd);
	589	if (ret)
	590	goto cleanup;
	591	ret = krb5_dbe_decrypt_key_data(context, NULL, kd, key_out, NULL);
	592	if (ret)
	593	goto cleanup;
	594
	595	*alias_out = tgt;
	596	*storage_out = storage;
	597	storage = NULL;
	598
	599	cleanup:
	600	krb5_db_free_principal(context, storage);
577	601	krb5_free_principal(context, princ);
578	602	return ret;
579	603	}

696	720	return(KDC_ERR_CANNOT_POSTDATE);
697	721	}
698	722
699		/*
700		* A Windows KDC will return KDC_ERR_PREAUTH_REQUIRED instead of
701		* KDC_ERR_POLICY in the following case:
702		*
703		* - KDC_OPT_FORWARDABLE is set in KDCOptions but local
704		* policy has KRB5_KDB_DISALLOW_FORWARDABLE set for the
705		* client, and;
706		* - KRB5_KDB_REQUIRES_PRE_AUTH is set for the client but
707		* preauthentication data is absent in the request.
708		*
709		* Hence, this check most be done after the check for preauth
710		* data, and is now performed by validate_forwardable() (the
711		* contents of which were previously below).
712		*/
713
714		/* Client and server must allow proxiable tickets */
715		if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE) &&
716		(isflagset(client.attributes, KRB5_KDB_DISALLOW_PROXIABLE) \|\|
717		isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE))) {
718		*status = "PROXIABLE NOT ALLOWED";
719		return(KDC_ERR_POLICY);
720		}
721
722	723	/* Check to see if client is locked out */
723	724	if (isflagset(client.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
724	725	*status = "CLIENT LOCKED OUT";

751	752	return 0;
752	753	}
753	754
754		int
755		validate_forwardable(krb5_kdc_req *request, krb5_db_entry client,
756		krb5_db_entry server, krb5_timestamp kdc_time,
757		const char **status)
758		{
759		*status = NULL;
760		if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) &&
761		(isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) \|\|
762		isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))) {
763		*status = "FORWARDABLE NOT ALLOWED";
764		return(KDC_ERR_POLICY);
765		} else
766		return 0;
	755	/*
	756	* Compute ticket flags based on the request, the client and server DB entry
	757	* (which may prohibit forwardable or proxiable tickets), and the header
	758	* ticket. client may be NULL for a TGS request (although it may be set, such
	759	* as for an S4U2Self request). header_enc may be NULL for an AS request.
	760	*/
	761	krb5_flags
	762	get_ticket_flags(krb5_flags reqflags, krb5_db_entry *client,
	763	krb5_db_entry server, krb5_enc_tkt_part header_enc)
	764	{
	765	krb5_flags flags;
	766
	767	/* Indicate support for encrypted padata (RFC 6806), and set flags based on
	768	* request options and the header ticket. */
	769	flags = OPTS2FLAGS(reqflags) \| TKT_FLG_ENC_PA_REP;
	770	if (reqflags & KDC_OPT_POSTDATED)
	771	flags \|= TKT_FLG_INVALID;
	772	if (header_enc != NULL)
	773	flags \|= COPY_TKT_FLAGS(header_enc->flags);
	774	if (header_enc == NULL)
	775	flags \|= TKT_FLG_INITIAL;
	776
	777	/* For TGS requests, indicate if the service is marked ok-as-delegate. */
	778	if (header_enc != NULL && (server->attributes & KRB5_KDB_OK_AS_DELEGATE))
	779	flags \|= TKT_FLG_OK_AS_DELEGATE;
	780
	781	/* Unset PROXIABLE if it is disallowed. */
	782	if (client != NULL && (client->attributes & KRB5_KDB_DISALLOW_PROXIABLE))
	783	flags &= ~TKT_FLG_PROXIABLE;
	784	if (server->attributes & KRB5_KDB_DISALLOW_PROXIABLE)
	785	flags &= ~TKT_FLG_PROXIABLE;
	786	if (header_enc != NULL && !(header_enc->flags & TKT_FLG_PROXIABLE))
	787	flags &= ~TKT_FLG_PROXIABLE;
	788
	789	/* Unset FORWARDABLE if it is disallowed. */
	790	if (client != NULL && (client->attributes & KRB5_KDB_DISALLOW_FORWARDABLE))
	791	flags &= ~TKT_FLG_FORWARDABLE;
	792	if (server->attributes & KRB5_KDB_DISALLOW_FORWARDABLE)
	793	flags &= ~TKT_FLG_FORWARDABLE;
	794	if (header_enc != NULL && !(header_enc->flags & TKT_FLG_FORWARDABLE))
	795	flags &= ~TKT_FLG_FORWARDABLE;
	796
	797	/* We don't currently handle issuing anonymous tickets based on
	798	* non-anonymous ones. */
	799	if (header_enc != NULL && !(header_enc->flags & TKT_FLG_ANONYMOUS))
	800	flags &= ~TKT_FLG_ANONYMOUS;
	801
	802	return flags;
767	803	}
768	804
769	805	/* Return KRB5KDC_ERR_POLICY if indicators does not contain the required auth

978	1014	free(etypes_str);
979	1015	free(etypes);
980	1016
981		/* If configured to, assume every server without a session_enctypes
982		* attribute supports DES_CBC_CRC. */
983		if (kdc_active_realm->realm_assume_des_crc_sess &&
984		enctype == ENCTYPE_DES_CBC_CRC)
985		return TRUE;
986
987		/* Due to an ancient interop problem, assume nothing supports des-cbc-md5
988		* unless there's a session_enctypes explicitly saying that it does. */
989		if (enctype == ENCTYPE_DES_CBC_MD5)
990		return FALSE;
991
992	1017	/* Assume the server supports any enctype it has a long-term key for. */
993	1018	return !krb5_dbe_find_enctype(kdc_context, server, enctype, -1, 0, &datap);
994	1019	}

1042	1067	return;
1043	1068	}
1044	1069
1045		/*
1046		* L10_2 = log10(2**x), rounded up; log10(2) ~= 0.301.
1047		*/
1048		#define L10_2(x) ((int)(((x * 301) + 999) / 1000))
1049
1050		/*
1051		* Max length of sprintf("%ld") for an int of type T; includes leading
1052		* minus sign and terminating NUL.
1053		*/
1054		#define D_LEN(t) (L10_2(sizeof(t) * CHAR_BIT) + 2)
1055
1056		void
1057		ktypes2str(char s, size_t len, int nktypes, krb5_enctype ktype)
1058		{
	1070	/* Wrapper of krb5_enctype_to_name() to include the PKINIT types. */
	1071	static krb5_error_code
	1072	enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
	1073	{
	1074	const char name, prefix = "";
	1075	size_t len;
	1076
	1077	if (buflen == 0)
	1078	return EINVAL;
	1079	buf = '\0'; / ensure these are always valid C-strings */
	1080
	1081	if (!krb5_c_valid_enctype(ktype))
	1082	prefix = "UNSUPPORTED:";
	1083	else if (krb5int_c_deprecated_enctype(ktype))
	1084	prefix = "DEPRECATED:";
	1085	len = strlcpy(buf, prefix, buflen);
	1086	if (len >= buflen)
	1087	return ENOMEM;
	1088	buflen -= len;
	1089	buf += len;
	1090
	1091	/* rfc4556 recommends that clients wishing to indicate support for these
	1092	* pkinit algorithms include them in the etype field of the AS-REQ. */
	1093	if (ktype == ENCTYPE_DSA_SHA1_CMS)
	1094	name = "id-dsa-with-sha1-CmsOID";
	1095	else if (ktype == ENCTYPE_MD5_RSA_CMS)
	1096	name = "md5WithRSAEncryption-CmsOID";
	1097	else if (ktype == ENCTYPE_SHA1_RSA_CMS)
	1098	name = "sha-1WithRSAEncryption-CmsOID";
	1099	else if (ktype == ENCTYPE_RC2_CBC_ENV)
	1100	name = "rc2-cbc-EnvOID";
	1101	else if (ktype == ENCTYPE_RSA_ENV)
	1102	name = "rsaEncryption-EnvOID";
	1103	else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV)
	1104	name = "id-RSAES-OAEP-EnvOID";
	1105	else if (ktype == ENCTYPE_DES3_CBC_ENV)
	1106	name = "des-ede3-cbc-EnvOID";
	1107	else
	1108	return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
	1109
	1110	if (strlcpy(buf, name, buflen) >= buflen)
	1111	return ENOMEM;
	1112	return 0;
	1113	}
	1114
	1115	char *
	1116	ktypes2str(krb5_enctype *ktype, int nktypes)
	1117	{
	1118	struct k5buf buf;
1059	1119	int i;
1060		char stmp[D_LEN(krb5_enctype) + 1];
1061		char *p;
1062
1063		if (nktypes < 0
1064		\|\| len < (sizeof(" etypes {...}") + D_LEN(int))) {
1065		*s = '\0';
1066		return;
1067		}
1068
1069		snprintf(s, len, "%d etypes {", nktypes);
	1120	char name[64];
	1121
	1122	if (nktypes < 0)
	1123	return NULL;
	1124
	1125	k5_buf_init_dynamic(&buf);
	1126	k5_buf_add_fmt(&buf, "%d etypes {", nktypes);
1070	1127	for (i = 0; i < nktypes; i++) {
1071		snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]);
1072		if (strlen(s) + strlen(stmp) + sizeof("}") > len)
1073		break;
1074		strlcat(s, stmp, len);
1075		}
1076		if (i < nktypes) {
1077		/*
1078		* We broke out of the loop. Try to truncate the list.
1079		*/
1080		p = s + strlen(s);
1081		while (p - s + sizeof("...}") > len) {
1082		while (p > s && p != ' ' && p != '{')
1083		*p-- = '\0';
1084		if (p > s && *p == ' ') {
1085		*p-- = '\0';
1086		continue;
1087		}
1088		}
1089		strlcat(s, "...", len);
1090		}
1091		strlcat(s, "}", len);
1092		return;
1093		}
1094
1095		void
1096		rep_etypes2str(char s, size_t len, krb5_kdc_rep rep)
1097		{
1098		char stmp[sizeof("ses=") + D_LEN(krb5_enctype)];
1099
1100		if (len < (3 * D_LEN(krb5_enctype)
1101		+ sizeof("etypes {rep= tkt= ses=}"))) {
1102		*s = '\0';
1103		return;
1104		}
1105
1106		snprintf(s, len, "etypes {rep=%ld", (long)rep->enc_part.enctype);
	1128	enctype_name(ktype[i], name, sizeof(name));
	1129	k5_buf_add_fmt(&buf, "%s%s(%ld)", i ? ", " : "", name, (long)ktype[i]);
	1130	}
	1131	k5_buf_add(&buf, "}");
	1132	return buf.data;
	1133	}
	1134
	1135	char *
	1136	rep_etypes2str(krb5_kdc_rep *rep)
	1137	{
	1138	struct k5buf buf;
	1139	char name[64];
	1140	krb5_enctype etype;
	1141
	1142	k5_buf_init_dynamic(&buf);
	1143	k5_buf_add(&buf, "etypes {rep=");
	1144	enctype_name(rep->enc_part.enctype, name, sizeof(name));
	1145	k5_buf_add_fmt(&buf, "%s(%ld)", name, (long)rep->enc_part.enctype);
1107	1146
1108	1147	if (rep->ticket != NULL) {
1109		snprintf(stmp, sizeof(stmp),
1110		" tkt=%ld", (long)rep->ticket->enc_part.enctype);
1111		strlcat(s, stmp, len);
1112		}
1113
1114		if (rep->ticket != NULL
1115		&& rep->ticket->enc_part2 != NULL
1116		&& rep->ticket->enc_part2->session != NULL) {
1117		snprintf(stmp, sizeof(stmp), " ses=%ld",
1118		(long)rep->ticket->enc_part2->session->enctype);
1119		strlcat(s, stmp, len);
1120		}
1121		strlcat(s, "}", len);
1122		return;
	1148	etype = rep->ticket->enc_part.enctype;
	1149	enctype_name(etype, name, sizeof(name));
	1150	k5_buf_add_fmt(&buf, ", tkt=%s(%ld)", name, (long)etype);
	1151	}
	1152
	1153	if (rep->ticket != NULL && rep->ticket->enc_part2 != NULL &&
	1154	rep->ticket->enc_part2->session != NULL) {
	1155	etype = rep->ticket->enc_part2->session->enctype;
	1156	enctype_name(etype, name, sizeof(name));
	1157	k5_buf_add_fmt(&buf, ", ses=%s(%ld)", name, (long)etype);
	1158	}
	1159
	1160	k5_buf_add(&buf, "}");
	1161	return buf.data;
1123	1162	}
1124	1163
1125	1164	static krb5_error_code

1332	1371	return code;
1333	1372	}
1334	1373
1335		if (krb5_princ_size(context, (*s4u_x509_user)->user_id.user) == 0 \|\|
1336		(*s4u_x509_user)->user_id.subject_cert.length != 0) {
	1374	if (krb5_princ_size(context, (*s4u_x509_user)->user_id.user) == 0 &&
	1375	(*s4u_x509_user)->user_id.subject_cert.length == 0) {
1337	1376	*status = "INVALID_S4U2SELF_REQUEST";
1338	1377	krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
1339	1378	*s4u_x509_user = NULL;

1354	1393	krb5_error_code code;
1355	1394	krb5_data der_user_id = NULL, der_s4u_x509_user = NULL;
1356	1395	krb5_pa_s4u_x509_user rep_s4u_user;
1357		krb5_pa_data *pa;
	1396	krb5_pa_data *pa = NULL;
1358	1397	krb5_enctype enctype;
1359	1398	krb5_keyusage usage;
1360	1399

1384	1423	if (code != 0)
1385	1424	goto cleanup;
1386	1425
1387		/* Add a padata element, stealing memory from der_s4u_x509_user. */
1388		code = alloc_pa_data(KRB5_PADATA_S4U_X509_USER, 0, &pa);
1389		if (code != 0)
1390		goto cleanup;
1391		pa->length = der_s4u_x509_user->length;
1392		pa->contents = (uint8_t *)der_s4u_x509_user->data;
1393		der_s4u_x509_user->data = NULL;
1394		/* add_pa_data_element() claims pa on success or failure. */
1395		code = add_pa_data_element(&reply->padata, pa);
	1426	code = k5_add_pa_data_from_data(&reply->padata, KRB5_PADATA_S4U_X509_USER,
	1427	der_s4u_x509_user);
1396	1428	if (code != 0)
1397	1429	goto cleanup;
1398	1430

1408	1440	*/
1409	1441	if ((req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) &&
1410	1442	enctype_requires_etype_info_2(enctype) == FALSE) {
1411		code = alloc_pa_data(KRB5_PADATA_S4U_X509_USER,
1412		req_s4u_user->cksum.length +
1413		rep_s4u_user.cksum.length, &pa);
	1443	code = k5_alloc_pa_data(KRB5_PADATA_S4U_X509_USER,
	1444	req_s4u_user->cksum.length +
	1445	rep_s4u_user.cksum.length, &pa);
1414	1446	if (code != 0)
1415	1447	goto cleanup;
1416	1448	memcpy(pa->contents,

1418	1450	memcpy(&pa->contents[req_s4u_user->cksum.length],
1419	1451	rep_s4u_user.cksum.contents, rep_s4u_user.cksum.length);
1420	1452
1421		/* add_pa_data_element() claims pa on success or failure. */
1422		code = add_pa_data_element(&reply_encpart->enc_padata, pa);
	1453	code = k5_add_pa_data_element(&reply_encpart->enc_padata, &pa);
1423	1454	if (code != 0)
1424	1455	goto cleanup;
1425	1456	}

1429	1460	krb5_free_checksum_contents(context, &rep_s4u_user.cksum);
1430	1461	krb5_free_data(context, der_user_id);
1431	1462	krb5_free_data(context, der_s4u_x509_user);
1432
	1463	k5_free_pa_data_element(pa);
1433	1464	return code;
1434	1465	}
1435	1466

1440	1471	kdc_process_s4u2self_req(kdc_realm_t *kdc_active_realm,
1441	1472	krb5_kdc_req *request,
1442	1473	krb5_const_principal client_princ,
1443		krb5_const_principal header_srv_princ,
1444		krb5_boolean issuing_referral,
	1474	unsigned int c_flags,
1445	1475	const krb5_db_entry *server,
1446	1476	krb5_keyblock *tgs_subkey,
1447	1477	krb5_keyblock *tgs_session,

1451	1481	const char **status)
1452	1482	{
1453	1483	krb5_error_code code;
1454		krb5_boolean is_local_tgt;
1455	1484	krb5_pa_data *pa_data;
1456	1485	int flags;
1457	1486	krb5_db_entry *princ;
	1487	krb5_s4u_userid *id;
1458	1488
1459	1489	*princ_ptr = NULL;
1460	1490

1484	1514	} else
1485	1515	return 0;
1486	1516	}
	1517	id = &(*s4u_x509_user)->user_id;
1487	1518
1488	1519	/*
1489	1520	* We need to compare the client name in the TGT with the requested

1558	1589	* final cross-realm requests in a multi-realm scenario.
1559	1590	*/
1560	1591
1561		is_local_tgt = !is_cross_tgs_principal(header_srv_princ);
1562		if (is_local_tgt && issuing_referral) {
	1592	if (!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM) &&
	1593	isflagset(c_flags, KRB5_KDB_FLAG_ISSUING_REFERRAL)) {
1563	1594	/* The requesting server appears to no longer exist, and we found
1564	1595	* a referral instead. Treat this as a server lookup failure. */
1565	1596	*status = "LOOKING_UP_SERVER";

1569	1600	/*
1570	1601	* Do not attempt to lookup principals in foreign realms.
1571	1602	*/
1572		if (is_local_principal(kdc_active_realm,
1573		(*s4u_x509_user)->user_id.user)) {
	1603	if (is_local_principal(kdc_active_realm, id->user)) {
1574	1604	krb5_db_entry no_server;
1575	1605	krb5_pa_data **e_data = NULL;
1576	1606
1577		if (!is_local_tgt && !issuing_referral) {
	1607	if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM) &&
	1608	!isflagset(c_flags, KRB5_KDB_FLAG_ISSUING_REFERRAL)) {
1578	1609	/* A local server should not need a cross-realm TGT to impersonate
1579	1610	* a local principal. */
1580	1611	*status = "NOT_CROSS_REALM_REQUEST";
1581	1612	return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; /* match Windows error */
1582	1613	}
1583	1614
1584		code = krb5_db_get_principal(kdc_context,
1585		(*s4u_x509_user)->user_id.user,
1586		KRB5_KDB_FLAG_INCLUDE_PAC, &princ);
	1615	if (id->subject_cert.length != 0) {
	1616	code = krb5_db_get_s4u_x509_principal(kdc_context,
	1617	&id->subject_cert, id->user,
	1618	KRB5_KDB_FLAG_INCLUDE_PAC,
	1619	&princ);
	1620	if (code == 0 && id->user->length == 0) {
	1621	krb5_free_principal(kdc_context, id->user);
	1622	code = krb5_copy_principal(kdc_context, princ->princ,
	1623	&id->user);
	1624	}
	1625	} else {
	1626	code = krb5_db_get_principal(kdc_context, id->user,
	1627	KRB5_KDB_FLAG_INCLUDE_PAC, &princ);
	1628	}
1587	1629	if (code == KRB5_KDB_NOENTRY) {
1588	1630	*status = "UNKNOWN_S4U2SELF_PRINCIPAL";
1589	1631	return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;

1608	1650	}
1609	1651
1610	1652	*princ_ptr = princ;
1611		} else if (is_local_tgt) {
	1653	} else if (!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) {
1612	1654	/*
1613	1655	* The server is asking to impersonate a principal from another realm,
1614	1656	* using a local TGT. It should instead ask that principal's realm and

1616	1658	*/
1617	1659	*status = "S4U2SELF_CLIENT_NOT_OURS";
1618	1660	return KRB5KDC_ERR_POLICY; /* match Windows error */
	1661	} else if (id->user->length == 0) {
	1662	/*
	1663	* Only a KDC in the client realm can handle a certificate-only
	1664	* S4U2Self request. Other KDCs require a principal name and ignore
	1665	* the subject-certificate field.
	1666	*/
	1667	*status = "INVALID_XREALM_S4U2SELF_REQUEST";
	1668	return KRB5KDC_ERR_POLICY; /* match Windows error */
1619	1669	}
1620	1670
1621	1671	return 0;
1622	1672	}
1623	1673
1624		static krb5_error_code
1625		check_allowed_to_delegate_to(krb5_context context, krb5_const_principal client,
1626		const krb5_db_entry *server,
1627		krb5_const_principal proxy)
1628		{
1629		/* Can't get a TGT (otherwise it would be unconstrained delegation) */
1630		if (krb5_is_tgs_principal(proxy))
1631		return KRB5KDC_ERR_POLICY;
1632
1633		/* Must be in same realm */
1634		if (!krb5_realm_compare(context, server->princ, proxy))
1635		return KRB5KDC_ERR_POLICY;
1636
1637		return krb5_db_check_allowed_to_delegate(context, client, server, proxy);
1638		}
1639
1640	1674	krb5_error_code
1641		kdc_process_s4u2proxy_req(kdc_realm_t *kdc_active_realm,
	1675	kdc_process_s4u2proxy_req(kdc_realm_t *kdc_active_realm, unsigned int flags,
1642	1676	krb5_kdc_req *request,
1643	1677	const krb5_enc_tkt_part *t2enc,
	1678	krb5_db_entry krbtgt, krb5_keyblock krbtgt_key,
1644	1679	const krb5_db_entry *server,
	1680	krb5_keyblock *server_key,
1645	1681	krb5_const_principal server_princ,
	1682	const krb5_db_entry *proxy,
1646	1683	krb5_const_principal proxy_princ,
	1684	void ad_info, void *stkt_ad_info,
	1685	krb5_principal *stkt_authdata_client,
1647	1686	const char **status)
1648	1687	{
1649	1688	krb5_error_code errcode;
	1689	krb5_boolean support_rbcd;
	1690	krb5_principal client_princ = t2enc->client;
1650	1691
1651	1692	/*
1652	1693	* Constrained delegation is mutually exclusive with renew/forward/etc.

1658	1699	return KRB5KDC_ERR_BADOPTION;
1659	1700	}
1660	1701
1661		/* Ensure that evidence ticket server matches TGT client */
1662		if (!krb5_principal_compare(kdc_context,
1663		server->princ, /* after canon */
1664		server_princ)) {
	1702	/* Can't get a TGT (otherwise it would be unconstrained delegation). */
	1703	if (krb5_is_tgs_principal(proxy_princ)) {
	1704	*status = "NOT_ALLOWED_TO_DELEGATE";
	1705	return KRB5KDC_ERR_POLICY;
	1706	}
	1707
	1708	/* Check if the client supports resource-based constrained delegation. */
	1709	errcode = kdc_get_pa_pac_rbcd(kdc_context, request->padata, &support_rbcd);
	1710	if (errcode)
	1711	return errcode;
	1712
	1713	errcode = krb5_db_get_authdata_info(kdc_context, flags,
	1714	t2enc->authorization_data,
	1715	t2enc->client, proxy_princ, server_key,
	1716	krbtgt_key, krbtgt,
	1717	t2enc->times.authtime, stkt_ad_info,
	1718	stkt_authdata_client);
	1719	if (errcode != 0 && errcode != KRB5_PLUGIN_OP_NOTSUPP) {
	1720	*status = "NOT_ALLOWED_TO_DELEGATE";
	1721	return errcode;
	1722	}
	1723
	1724	/* For RBCD we require that both client and impersonator's authdata have
	1725	* been verified. */
	1726	if (errcode != 0 \|\| ad_info == NULL)
	1727	support_rbcd = FALSE;
	1728
	1729	/* Ensure that either the evidence ticket server or the client matches the
	1730	* TGT client. */
	1731	if (isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM)) {
	1732	/*
	1733	* Check that the proxy server is local, that the second ticket is a
	1734	* cross-realm TGT for us, and that the second ticket client matches
	1735	* the header ticket client.
	1736	*/
	1737	if (isflagset(flags, KRB5_KDB_FLAG_ISSUING_REFERRAL) \|\|
	1738	!is_cross_tgs_principal(server->princ) \|\|
	1739	!krb5_principal_compare_any_realm(kdc_context, server->princ,
	1740	tgs_server) \|\|
	1741	!krb5_principal_compare(kdc_context, client_princ, server_princ)) {
	1742	*status = "XREALM_EVIDENCE_TICKET_MISMATCH";
	1743	return KRB5KDC_ERR_BADOPTION;
	1744	}
	1745	/* The KDB module must be able to recover the reply ticket client name
	1746	* from the evidence ticket authorization data. */
	1747	if (*stkt_authdata_client == NULL \|\|
	1748	(*stkt_authdata_client)->realm.length == 0) {
	1749	*status = "UNSUPPORTED_S4U2PROXY_REQUEST";
	1750	return KRB5KDC_ERR_BADOPTION;
	1751	}
	1752
	1753	client_princ = *stkt_authdata_client;
	1754	} else if (!krb5_principal_compare(kdc_context,
	1755	server->princ, /* after canon */
	1756	server_princ)) {
1665	1757	*status = "EVIDENCE_TICKET_MISMATCH";
1666	1758	return KRB5KDC_ERR_SERVER_NOMATCH;
1667	1759	}
1668	1760
1669		if (!isflagset(t2enc->flags, TKT_FLG_FORWARDABLE)) {
1670		*status = "EVIDENCE_TKT_NOT_FORWARDABLE";
1671		return KRB5_TKT_NOT_FORWARDABLE;
1672		}
1673
1674		/* Backend policy check */
1675		errcode = check_allowed_to_delegate_to(kdc_context,
1676		t2enc->client,
1677		server,
1678		proxy_princ);
1679		if (errcode) {
	1761	/* If both are in the same realm, try allowed_to_delegate first. */
	1762	if (krb5_realm_compare(kdc_context, server->princ, proxy_princ)) {
	1763
	1764	errcode = krb5_db_check_allowed_to_delegate(kdc_context, client_princ,
	1765	server, proxy_princ);
	1766	if (errcode != 0 && errcode != KRB5KDC_ERR_POLICY &&
	1767	errcode != KRB5_PLUGIN_OP_NOTSUPP)
	1768	return errcode;
	1769
	1770	if (errcode == 0) {
	1771
	1772	/*
	1773	* In legacy constrained-delegation, the evidence ticket must be
	1774	* forwardable. This check deliberately causes an error response
	1775	* even if the delegation is also authorized by resource-based
	1776	* constrained delegation (which does not require a forwardable
	1777	* evidence ticket). Windows KDCs behave the same way.
	1778	*/
	1779	if (!isflagset(t2enc->flags, TKT_FLG_FORWARDABLE)) {
	1780	*status = "EVIDENCE_TKT_NOT_FORWARDABLE";
	1781	return KRB5KDC_ERR_BADOPTION;
	1782	}
	1783
	1784	return 0;
	1785	}
	1786	/* Fall back to resource-based constrained-delegation. */
	1787	}
	1788
	1789	if (!support_rbcd) {
	1790	*status = "UNSUPPORTED_S4U2PROXY_REQUEST";
	1791	return KRB5KDC_ERR_BADOPTION;
	1792	}
	1793
	1794	/* If we are issuing a referral, the KDC in the resource realm will check
	1795	* if delegation is allowed. */
	1796	if (isflagset(flags, KRB5_KDB_FLAG_ISSUING_REFERRAL))
	1797	return 0;
	1798
	1799	errcode = krb5_db_allowed_to_delegate_from(kdc_context, client_princ,
	1800	server_princ, ad_info, proxy);
	1801	if (errcode)
1680	1802	*status = "NOT_ALLOWED_TO_DELEGATE";
1681		return errcode;
1682		}
1683
1684		return 0;
	1803	return errcode;
1685	1804	}
1686	1805
1687	1806	krb5_error_code

1702	1821	return krb5_check_transited_list(kdc_context, trans, realm1, realm2);
1703	1822	}
1704	1823
1705		krb5_error_code
1706		validate_transit_path(krb5_context context,
1707		krb5_const_principal client,
1708		krb5_db_entry *server,
1709		krb5_db_entry *header_srv)
1710		{
1711		/* Incoming */
1712		if (isflagset(server->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE)) {
1713		return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
1714		}
1715
1716		/* Outgoing */
1717		if (isflagset(header_srv->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE) &&
1718		(!krb5_principal_compare(context, server->princ, header_srv->princ) \|\|
1719		!krb5_realm_compare(context, client, header_srv->princ))) {
1720		return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
1721		}
1722
1723		return 0;
1724		}
1725
1726	1824	krb5_boolean
1727	1825	enctype_requires_etype_info_2(krb5_enctype enctype)
1728	1826	{
1729	1827	switch(enctype) {
1730		case ENCTYPE_DES_CBC_CRC:
1731		case ENCTYPE_DES_CBC_MD4:
1732		case ENCTYPE_DES_CBC_MD5:
1733	1828	case ENCTYPE_DES3_CBC_SHA1:
1734	1829	case ENCTYPE_DES3_CBC_RAW:
1735	1830	case ENCTYPE_ARCFOUR_HMAC:

1738	1833	default:
1739	1834	return krb5_c_valid_enctype(enctype);
1740	1835	}
1741		}
1742
1743		/* Allocate a pa-data entry with an uninitialized buffer of size len. */
1744		krb5_error_code
1745		alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out)
1746		{
1747		krb5_pa_data *pa;
1748		uint8_t *buf = NULL;
1749
1750		*out = NULL;
1751		if (len > 0) {
1752		buf = malloc(len);
1753		if (buf == NULL)
1754		return ENOMEM;
1755		}
1756		pa = malloc(sizeof(*pa));
1757		if (pa == NULL) {
1758		free(buf);
1759		return ENOMEM;
1760		}
1761		pa->magic = KV5M_PA_DATA;
1762		pa->pa_type = pa_type;
1763		pa->length = len;
1764		pa->contents = buf;
1765		*out = pa;
1766		return 0;
1767		}
1768
1769		/* Add pa to list, claiming its memory. Free pa on failure. */
1770		krb5_error_code
1771		add_pa_data_element(krb5_pa_data **list, krb5_pa_data pa)
1772		{
1773		size_t count;
1774		krb5_pa_data **newlist;
1775
1776		for (count = 0; list != NULL && (list)[count] != NULL; count++);
1777
1778		newlist = realloc(list, (count + 2) sizeof(*newlist));
1779		if (newlist == NULL) {
1780		free(pa->contents);
1781		free(pa);
1782		return ENOMEM;
1783		}
1784		newlist[count] = pa;
1785		newlist[count + 1] = NULL;
1786		*list = newlist;
1787		return 0;
1788	1836	}
1789	1837
1790	1838	void

1888	1936	krb5_error_code retval = 0;
1889	1937	krb5_checksum checksum;
1890	1938	krb5_data *der_cksum = NULL;
1891		krb5_pa_data pa, pa_in;
	1939	krb5_pa_data *pa_in;
1892	1940
1893	1941	memset(&checksum, 0, sizeof(checksum));
1894	1942

1906	1954	if (retval != 0)
1907	1955	goto cleanup;
1908	1956
1909		/* Add a pa-data element to the list, stealing memory from der_cksum. */
1910		retval = alloc_pa_data(KRB5_ENCPADATA_REQ_ENC_PA_REP, 0, &pa);
	1957	retval = k5_add_pa_data_from_data(out_enc_padata,
	1958	KRB5_ENCPADATA_REQ_ENC_PA_REP,
	1959	der_cksum);
1911	1960	if (retval)
1912	1961	goto cleanup;
1913		pa->length = der_cksum->length;
1914		pa->contents = (uint8_t *)der_cksum->data;
1915		der_cksum->data = NULL;
1916		/* add_pa_data_element() claims pa on success or failure. */
1917		retval = add_pa_data_element(out_enc_padata, pa);
1918		if (retval)
1919		goto cleanup;
1920	1962
1921	1963	/* Add a zero-length PA-FX-FAST element to the list. */
1922		retval = alloc_pa_data(KRB5_PADATA_FX_FAST, 0, &pa);
1923		if (retval)
1924		goto cleanup;
1925		/* add_pa_data_element() claims pa on success or failure. */
1926		retval = add_pa_data_element(out_enc_padata, pa);
	1964	retval = k5_add_empty_pa_data(out_enc_padata, KRB5_PADATA_FX_FAST);
1927	1965
1928	1966	cleanup:
1929	1967	krb5_free_checksum_contents(context, &checksum);
1930	1968	krb5_free_data(context, der_cksum);
1931	1969	return retval;
	1970	}
	1971
	1972	krb5_error_code
	1973	kdc_get_pa_pac_options(krb5_context context, krb5_pa_data **in_padata,
	1974	krb5_pa_pac_options **pac_options_out)
	1975	{
	1976	krb5_pa_data *pa;
	1977	krb5_data der_pac_options;
	1978
	1979	*pac_options_out = NULL;
	1980
	1981	pa = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_PAC_OPTIONS);
	1982	if (pa == NULL)
	1983	return 0;
	1984
	1985	der_pac_options = make_data(pa->contents, pa->length);
	1986	return decode_krb5_pa_pac_options(&der_pac_options, pac_options_out);
	1987	}
	1988
	1989	krb5_error_code
	1990	kdc_add_pa_pac_options(krb5_context context, krb5_kdc_req *request,
	1991	krb5_pa_data ***out_enc_padata)
	1992	{
	1993	krb5_error_code ret;
	1994	krb5_pa_pac_options *pac_options = NULL;
	1995	krb5_data *der_pac_options;
	1996
	1997	ret = kdc_get_pa_pac_options(context, request->padata, &pac_options);
	1998	if (ret \|\| pac_options == NULL)
	1999	return ret;
	2000
	2001	/* Only return supported PAC options (currently only resource-based
	2002	* constrained delegation support). */
	2003	pac_options->options &= KRB5_PA_PAC_OPTIONS_RBCD;
	2004	if (pac_options->options == 0) {
	2005	free(pac_options);
	2006	return 0;
	2007	}
	2008
	2009	ret = encode_krb5_pa_pac_options(pac_options, &der_pac_options);
	2010	free(pac_options);
	2011	if (ret)
	2012	return ret;
	2013
	2014	ret = k5_add_pa_data_from_data(out_enc_padata, KRB5_PADATA_PAC_OPTIONS,
	2015	der_pac_options);
	2016	krb5_free_data(context, der_pac_options);
	2017	return ret;
	2018	}
	2019
	2020	krb5_error_code
	2021	kdc_get_pa_pac_rbcd(krb5_context context, krb5_pa_data **in_padata,
	2022	krb5_boolean *supported)
	2023	{
	2024	krb5_error_code retval;
	2025	krb5_pa_pac_options *pac_options = NULL;
	2026
	2027	*supported = FALSE;
	2028
	2029	retval = kdc_get_pa_pac_options(context, in_padata, &pac_options);
	2030	if (retval \|\| !pac_options)
	2031	return retval;
	2032
	2033	if (pac_options->options & KRB5_PA_PAC_OPTIONS_RBCD)
	2034	*supported = TRUE;
	2035
	2036	free(pac_options);
	2037	return 0;
1932	2038	}
1933	2039
1934	2040	/*

+44

-47

src/kdc/kdc_util.h less more

77	77	krb5_error_code
78	78	get_local_tgt(krb5_context context, const krb5_data *realm,
79	79	krb5_db_entry candidate, krb5_db_entry *alias_out,
80		krb5_db_entry **storage_out);
	80	krb5_db_entry *storage_out, krb5_keyblock kb_out);
81	81
82	82	int
83	83	validate_as_request (kdc_realm_t , krb5_kdc_req , krb5_db_entry,

85	85	const char , krb5_pa_data *);
86	86
87	87	int
88		validate_forwardable(krb5_kdc_req *, krb5_db_entry,
89		krb5_db_entry, krb5_timestamp,
90		const char **);
91
92		int
93	88	validate_tgs_request (kdc_realm_t , krb5_kdc_req , krb5_db_entry,
94	89	krb5_ticket *, krb5_timestamp,
95	90	const char , krb5_pa_data *);
	91
	92	krb5_flags
	93	get_ticket_flags(krb5_flags reqflags, krb5_db_entry *client,
	94	krb5_db_entry server, krb5_enc_tkt_part header_enc);
96	95
97	96	krb5_error_code
98	97	check_indicators(krb5_context context, krb5_db_entry *server,

109	108
110	109	void limit_string (char *name);
111	110
112		void
113		ktypes2str(char s, size_t len, int nktypes, krb5_enctype ktype);
114
115		void
116		rep_etypes2str(char s, size_t len, krb5_kdc_rep rep);
	111	char ktypes2str(krb5_enctype ktype, int nktypes);
	112
	113	char rep_etypes2str(krb5_kdc_rep rep);
117	114
118	115	/* authind.c */
119	116	krb5_boolean

129	126	/* cammac.c */
130	127	krb5_error_code
131	128	cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt_reply,
132		krb5_keyblock server_key, krb5_db_entry krbtgt,
133		krb5_authdata contents, krb5_authdata *cammac_out);
	129	krb5_keyblock server_key, krb5_db_entry tgt,
	130	krb5_keyblock tgt_key, krb5_authdata *contents,
	131	krb5_authdata ***cammac_out);
134	132
135	133	krb5_boolean
136	134	cammac_check_kdcver(krb5_context context, krb5_cammac *cammac,
137		krb5_enc_tkt_part enc_tkt, krb5_db_entry krbtgt);
	135	krb5_enc_tkt_part enc_tkt, krb5_db_entry tgt,
	136	krb5_keyblock *tgt_key);
138	137
139	138	/* do_as_req.c */
140	139	void

200	199	void
201	200	free_padata_context(krb5_context context, void *padata_context);
202	201
203		krb5_error_code
204		alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out);
205
206		krb5_error_code
207		add_pa_data_element(krb5_pa_data **list, krb5_pa_data pa);
208
209	202	/* kdc_preauth_ec.c */
210	203	krb5_error_code
211	204	kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,

224	217
225	218	krb5_error_code
226	219	get_auth_indicators(krb5_context context, krb5_enc_tkt_part *enc_tkt,
227		krb5_db_entry local_tgt, krb5_data **indicators_out);
	220	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
	221	krb5_data ***indicators_out);
228	222
229	223	krb5_error_code
230	224	handle_authdata (krb5_context context,
231	225	unsigned int flags,
232	226	krb5_db_entry *client,
233	227	krb5_db_entry *server,
234		krb5_db_entry *header_server,
	228	krb5_db_entry *subject_server,
235	229	krb5_db_entry *local_tgt,
	230	krb5_keyblock *local_tgt_key,
236	231	krb5_keyblock *client_key,
237	232	krb5_keyblock *server_key,
238	233	krb5_keyblock *header_key,
239	234	krb5_data *req_pkt,
240	235	krb5_kdc_req *request,
241		krb5_const_principal for_user_princ,
	236	krb5_const_principal altcprinc,
	237	void *ad_info,
242	238	krb5_enc_tkt_part *enc_tkt_request,
243		krb5_data const auth_indicators,
	239	krb5_data ***auth_indicators,
244	240	krb5_enc_tkt_part *enc_tkt_reply);
245	241
246	242	/* replay.c */

268	264	kdc_process_s4u2self_req (kdc_realm_t *kdc_active_realm,
269	265	krb5_kdc_req *request,
270	266	krb5_const_principal client_princ,
271		krb5_const_principal header_srv_princ,
272		krb5_boolean issuing_referral,
	267	unsigned int c_flags,
273	268	const krb5_db_entry *server,
274	269	krb5_keyblock *tgs_subkey,
275	270	krb5_keyblock *tgs_session,

288	283
289	284	krb5_error_code
290	285	kdc_process_s4u2proxy_req (kdc_realm_t *kdc_active_realm,
	286	unsigned int flags,
291	287	krb5_kdc_req *request,
292	288	const krb5_enc_tkt_part *t2enc,
	289	krb5_db_entry *krbtgt,
	290	krb5_keyblock *krbtgt_key,
293	291	const krb5_db_entry *server,
	292	krb5_keyblock *server_key,
294	293	krb5_const_principal server_princ,
	294	const krb5_db_entry *proxy,
295	295	krb5_const_principal proxy_princ,
	296	void *ad_info,
	297	void **stkt_ad_info,
	298	krb5_principal *stkt_ad_client,
296	299	const char **status);
297	300
298	301	krb5_error_code

301	304	const krb5_data *realm1,
302	305	const krb5_data *realm2);
303	306
304		krb5_error_code
305		audit_as_request (krb5_kdc_req *request,
306		krb5_db_entry *client,
307		krb5_db_entry *server,
308		krb5_timestamp authtime,
309		krb5_error_code errcode);
310
311		krb5_error_code
312		audit_tgs_request (krb5_kdc_req *request,
313		krb5_const_principal client,
314		krb5_db_entry *server,
315		krb5_timestamp authtime,
316		krb5_error_code errcode);
317
318		krb5_error_code
319		validate_transit_path(krb5_context context,
320		krb5_const_principal client,
321		krb5_db_entry *server,
322		krb5_db_entry *krbtgt);
323	307	void
324	308	kdc_get_ticket_endtime(kdc_realm_t *kdc_active_realm,
325	309	krb5_timestamp now,

407	391
408	392	krb5_error_code
409	393	kdc_fast_read_cookie(krb5_context context, struct kdc_request_state *state,
410		krb5_kdc_req req, krb5_db_entry local_tgt);
	394	krb5_kdc_req req, krb5_db_entry local_tgt,
	395	krb5_keyblock *local_tgt_key);
411	396
412	397	krb5_boolean kdc_fast_search_cookie(struct kdc_request_state *state,
413	398	krb5_preauthtype pa_type, krb5_data *out);

418	403
419	404	krb5_error_code
420	405	kdc_fast_make_cookie(krb5_context context, struct kdc_request_state *state,
421		krb5_db_entry *local_tgt,
	406	krb5_db_entry local_tgt, krb5_keyblock local_tgt_key,
422	407	krb5_const_principal client_princ,
423	408	krb5_pa_data **cookie_out);
	409
	410	krb5_error_code
	411	kdc_add_pa_pac_options(krb5_context context, krb5_kdc_req *request,
	412	krb5_pa_data ***out_enc_padata);
	413
	414	krb5_error_code
	415	kdc_get_pa_pac_options(krb5_context context, krb5_pa_data **in_padata,
	416	krb5_pa_pac_options **pac_options_out);
	417
	418	krb5_error_code
	419	kdc_get_pa_pac_rbcd(krb5_context context, krb5_pa_data **in_padata,
	420	krb5_boolean *supported);
424	421
425	422	/* Information handle for kdcpreauth callbacks. All pointers are aliases. */
426	423	struct krb5_kdcpreauth_rock_st {

+22

-8

src/kdc/main.c less more

209	209	char *svalue = NULL;
210	210	const char *hierarchy[4];
211	211	krb5_kvno mkvno = IGNORE_VNO;
	212	char ename[32];
212	213
213	214	memset(rdp, 0, sizeof(kdc_realm_t));
214	215	if (!realm) {
215	216	kret = EINVAL;
216	217	goto whoops;
217	218	}
	219
	220	if (def_enctype != ENCTYPE_UNKNOWN &&
	221	krb5int_c_deprecated_enctype(def_enctype)) {
	222	if (krb5_enctype_to_name(def_enctype, FALSE, ename, sizeof(ename)))
	223	ename[0] = '\0';
	224	fprintf(stderr,
	225	_("Requested master password enctype %s in %s is "
	226	"DEPRECATED!\n"),
	227	ename, realm);
	228	}
	229
218	230	hierarchy[0] = KRB5_CONF_REALMS;
219	231	hierarchy[1] = realm;
220	232	hierarchy[3] = NULL;

293	305	if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
294	306	&rdp->realm_reject_bad_transit))
295	307	rdp->realm_reject_bad_transit = TRUE;
296
297		/* Handle assume des-cbc-crc is supported for session keys */
298		hierarchy[2] = KRB5_CONF_DES_CRC_SESSION_SUPPORTED;
299		if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
300		&rdp->realm_assume_des_crc_sess))
301		rdp->realm_assume_des_crc_sess = TRUE;
302	308
303	309	/* Handle ticket maximum life */
304	310	hierarchy[2] = KRB5_CONF_MAX_LIFE;

367	373	_("while fetching master key %s for realm %s"),
368	374	rdp->realm_mpname, realm);
369	375	goto whoops;
	376	}
	377
	378	if (krb5int_c_deprecated_enctype(rdp->realm_mkey.enctype)) {
	379	if (krb5_enctype_to_name(rdp->realm_mkey.enctype, FALSE, ename,
	380	sizeof(ename)))
	381	ename[0] = '\0';
	382	fprintf(stderr, _("Stash file %s uses DEPRECATED enctype %s!\n"),
	383	rdp->realm_stash, ename);
370	384	}
371	385
372	386	if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc,

728	742	}
729	743	break;
730	744	case 'd': /* pathname for db */
731		/* now db_name is not a seperate argument.
	745	/* now db_name is not a separate argument.
732	746	* It has to be passed as part of the db_args
733	747	*/
734	748	if( db_name == NULL ) {

757	771	case 'm': /* manual type-in of master key */
758	772	manual = TRUE;
759	773	if (menctype == ENCTYPE_UNKNOWN)
760		menctype = ENCTYPE_DES_CBC_CRC;
	774	menctype = DEFAULT_KDC_ENCTYPE;
761	775	break;
762	776	case 'M': /* master key name in DB */
763	777	mkey_name = optarg;

+2

-2

src/kdc/policy.c less more

105	105	krb5_data const auth_indicators, krb5_timestamp kdc_time,
106	106	krb5_ticket_times times, const char *status)
107	107	{
108		krb5_deltat life, rlife;
	108	krb5_deltat life = 0, rlife = 0;
109	109	krb5_error_code ret;
110	110	kdcpolicy_handle *hp, h;
111	111	char **ais = NULL;

145	145	krb5_data const auth_indicators, krb5_timestamp kdc_time,
146	146	krb5_ticket_times times, const char *status)
147	147	{
148		krb5_deltat life, rlife;
	148	krb5_deltat life = 0, rlife = 0;
149	149	krb5_error_code ret;
150	150	kdcpolicy_handle *hp, h;
151	151	char **ais = NULL;

+0

-1

src/kdc/realm_data.h less more

72	72	krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */
73	73	krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
74	74	krb5_boolean realm_restrict_anon; /* Anon to local TGT only */
75		krb5_boolean realm_assume_des_crc_sess; /* Assume princs support des-cbc-crc for session keys */
76	75	} kdc_realm_t;
77	76
78	77	struct server_handle {

+1

-0

src/kdc/rtscript less more

25	25	#
26	26	# should print out contents of rtest.good
27	27	#
	28	. ./runenv.sh
28	29	./rtest "" ATHENA.MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
29	30	./rtest ATHENA.MIT.EDU MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
30	31	./rtest "MIT.EDU,ATHENA." EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU

+2

-6

src/kdc/tgs_policy.c less more

62	62	};
63	63
64	64	static const struct tgsflagrule tgsflagrules[] = {
65		{ (KDC_OPT_FORWARDED \| KDC_OPT_FORWARDABLE), TKT_FLG_FORWARDABLE,
	65	{ KDC_OPT_FORWARDED, TKT_FLG_FORWARDABLE,
66	66	"TGT NOT FORWARDABLE", KDC_ERR_BADOPTION },
67		{ (KDC_OPT_PROXY \| KDC_OPT_PROXIABLE), TKT_FLG_PROXIABLE,
	67	{ KDC_OPT_PROXY, TKT_FLG_PROXIABLE,
68	68	"TGT NOT PROXIABLE", KDC_ERR_BADOPTION },
69	69	{ (KDC_OPT_ALLOW_POSTDATE \| KDC_OPT_POSTDATED), TKT_FLG_MAY_POSTDATE,
70	70	"TGT NOT POSTDATABLE", KDC_ERR_BADOPTION },

97	97	}
98	98
99	99	static const struct tgsflagrule svcdenyrules[] = {
100		{ KDC_OPT_FORWARDABLE, KRB5_KDB_DISALLOW_FORWARDABLE,
101		"NON-FORWARDABLE TICKET", KDC_ERR_POLICY },
102	100	{ KDC_OPT_RENEWABLE, KRB5_KDB_DISALLOW_RENEWABLE,
103	101	"NON-RENEWABLE TICKET", KDC_ERR_POLICY },
104		{ KDC_OPT_PROXIABLE, KRB5_KDB_DISALLOW_PROXIABLE,
105		"NON-PROXIABLE TICKET", KDC_ERR_POLICY },
106	102	{ KDC_OPT_ALLOW_POSTDATE, KRB5_KDB_DISALLOW_POSTDATED,
107	103	"NON-POSTDATABLE TICKET", KDC_ERR_CANNOT_POSTDATE },
108	104	{ KDC_OPT_ENC_TKT_IN_SKEY, KRB5_KDB_DISALLOW_DUP_SKEY,

+1

-1

src/kprop/deps less more

55	55	$(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
56	56	$(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
57	57	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
58		$(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
	58	$(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
59	59	$(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
60	60	$(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
61	61	$(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \

+5

-5

src/kprop/kprop.c less more

48	48
49	49	static char *progname = NULL;
50	50	static int debug = 0;
51		static char *srvtab = NULL;
	51	static char *keytab_path = NULL;
52	52	static char *replica_host;
53	53	static char *realm = NULL;
54	54	static char *def_realm = NULL;

82	82	static void usage()
83	83	{
84	84	fprintf(stderr, _("\nUsage: %s [-r realm] [-f file] [-d] [-P port] "
85		"[-s srvtab] replica_host\n\n"), progname);
	85	"[-s keytab] replica_host\n\n"), progname);
86	86	exit(1);
87	87	}
88	88

139	139	port = optarg;
140	140	break;
141	141	case 's':
142		srvtab = optarg;
	142	keytab_path = optarg;
143	143	break;
144	144	default:
145	145	usage();

190	190	exit(1);
191	191	}
192	192
193		if (srvtab != NULL) {
194		retval = krb5_kt_resolve(context, srvtab, &keytab);
	193	if (keytab_path != NULL) {
	194	retval = krb5_kt_resolve(context, keytab_path, &keytab);
195	195	if (retval) {
196	196	com_err(progname, retval, _("while resolving keytab"));
197	197	exit(1);

+14

-13

src/kprop/kpropd.c less more

116	116	static char *progname;
117	117	static int debug = 0;
118	118	static int nodaemon = 0;
119		static char *srvtab = NULL;
	119	static char *keytab_path = NULL;
120	120	static int standalone = 0;
121	121	static const char *pid_file = NULL;
122	122

134	134	static char *kerb_database = NULL;
135	135	static char *acl_file_name = KPROPD_ACL_FILE;
136	136
137		static krb5_address *sender_addr;
138	137	static krb5_address *receiver_addr;
139	138	static const char *port = KPROP_SERVICE;
140	139

167	166	usage()
168	167	{
169	168	fprintf(stderr,
170		_("\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n"),
	169	_("\nUsage: %s [-r realm] [-s keytab] [-dS] [-f replica_file]\n"),
171	170	progname);
172	171	fprintf(stderr, _("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"));
173	172	fprintf(stderr, _("\t[-x db_args]* [-P port] [-a acl_file]\n"));

691	690	iprop_svc_princstr);
692	691	}
693	692	retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
694		srvtab,
	693	keytab_path,
695	694	master_svc_princstr,
696	695	&params,
697	696	KADM5_STRUCT_VERSION,

1082	1081	realm = optarg;
1083	1082	break;
1084	1083	case 's':
1085		srvtab = optarg;
	1084	keytab_path = optarg;
1086	1085	break;
1087	1086	case 'D':
1088	1087	nodaemon++;

1189	1188	krb5_keytab keytab = NULL;
1190	1189	char *name, etypebuf[100];
1191	1190
1192		/* Set recv_addr and send_addr. */
1193		sockaddr2krbaddr(context, my_sin->ss_family, (struct sockaddr *)my_sin,
1194		&sender_addr);
1195
1196	1191	sin_length = sizeof(r_sin);
1197	1192	if (getsockname(fd, (struct sockaddr *)&r_sin, &sin_length)) {
1198	1193	com_err(progname, errno, _("while getting local socket address"));

1228	1223	exit(1);
1229	1224	}
1230	1225
	1226	/*
	1227	* Do not set a remote address, to allow replication over a NAT that
	1228	* changes the client address. A reflection attack against kpropd is
	1229	* impossible because kpropd only sends one message at the end.
	1230	*/
1231	1231	retval = krb5_auth_con_setaddrs(context, auth_context, receiver_addr,
1232		sender_addr);
	1232	NULL);
1233	1233	if (retval) {
1234	1234	syslog(LOG_ERR, _("Error in krb5_auth_con_setaddrs: %s"),
1235	1235	error_message(retval));
1236	1236	exit(1);
1237	1237	}
1238	1238
1239		if (srvtab != NULL) {
1240		retval = krb5_kt_resolve(context, srvtab, &keytab);
	1239	if (keytab_path != NULL) {
	1240	retval = krb5_kt_resolve(context, keytab_path, &keytab);
1241	1241	if (retval) {
1242	1242	syslog(LOG_ERR, _("Error in krb5_kt_resolve: %s"),
1243	1243	error_message(retval));

1269	1269	exit(1);
1270	1270	}
1271	1271
1272		retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf));
	1272	retval = krb5_enctype_to_name(*etype, FALSE, etypebuf,
	1273	sizeof(etypebuf));
1273	1274	if (retval) {
1274	1275	com_err(progname, retval, _("while unparsing ticket etype"));
1275	1276	exit(1);

+12

-32

src/kprop/kproplog.c less more

18	18	#include <syslog.h>
19	19	#include <kdb_log.h>
20	20	#include <kadm5/admin.h>
	21	#include <adm_proto.h>
21	22
22	23	static char *progname;
23	24

35	36	static void
36	37	print_flags(unsigned int flags)
37	38	{
38		unsigned int i;
39		static char *prflags[] = {
40		"DISALLOW_POSTDATED", /* 0x00000001 */
41		"DISALLOW_FORWARDABLE", /* 0x00000002 */
42		"DISALLOW_TGT_BASED", /* 0x00000004 */
43		"DISALLOW_RENEWABLE", /* 0x00000008 */
44		"DISALLOW_PROXIABLE", /* 0x00000010 */
45		"DISALLOW_DUP_SKEY", /* 0x00000020 */
46		"DISALLOW_ALL_TIX", /* 0x00000040 */
47		"REQUIRES_PRE_AUTH", /* 0x00000080 */
48		"REQUIRES_HW_AUTH", /* 0x00000100 */
49		"REQUIRES_PWCHANGE", /* 0x00000200 */
50		"UNKNOWN_0x00000400", /* 0x00000400 */
51		"UNKNOWN_0x00000800", /* 0x00000800 */
52		"DISALLOW_SVR", /* 0x00001000 */
53		"PWCHANGE_SERVICE", /* 0x00002000 */
54		"SUPPORT_DESMD5", /* 0x00004000 */
55		"NEW_PRINC", /* 0x00008000 */
56		"UNKNOWN_0x00010000", /* 0x00010000 */
57		"UNKNOWN_0x00020000", /* 0x00020000 */
58		"UNKNOWN_0x00040000", /* 0x00040000 */
59		"UNKNOWN_0x00080000", /* 0x00080000 */
60		"OK_AS_DELEGATE", /* 0x00100000 */
61		"OK_TO_AUTH_AS_DELEGATE", /* 0x00200000 */
62		"NO_AUTH_DATA_REQUIRED", /* 0x00400000 */
63
64		};
65
66		for (i = 0; i < sizeof(prflags) / sizeof(*prflags); i++) {
67		if (flags & (krb5_flags)(1 << i))
68		printf("\t\t\t%s\n", prflags[i]);
69		}
	39	char attrstrs, sp;
	40
	41	if (krb5_flags_to_strings(flags, &attrstrs) != 0) {
	42	printf("\t\t\t(error)\n");
	43	return;
	44	}
	45	for (sp = attrstrs; sp != NULL && *sp != NULL; sp++) {
	46	printf("\t\t\t%s\n", *sp);
	47	free(*sp);
	48	}
	49	free(attrstrs);
70	50	}
71	51
72	52	/* ctime() for uint32_t* */

+11

-1

src/lib/apputils/net-server.c less more

72	72	static int
73	73	setreuseaddr(int sock, int value)
74	74	{
75		return setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value));
	75	int st;
	76
	77	st = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value));
	78	if (st)
	79	return st;
	80	#ifdef SO_REUSEPORT
	81	st = setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value));
	82	if (st)
	83	return st;
	84	#endif
	85	return 0;
76	86	}
77	87
78	88	#if defined(IPV6_V6ONLY)

+3

-0

src/lib/apputils/udppktinfo.c less more

21	21	* this software for any purpose. It is provided "as is" without express
22	22	* or implied warranty.
23	23	*/
	24
	25	/* macOS requires this define for IPV6_PKTINFO. */
	26	#define __APPLE_USE_RFC_3542
24	27
25	28	#include "udppktinfo.h"
26	29

+1

-1

src/lib/crypto/builtin/aes/aes-gen.c less more

0	0	/*
1	1	* To be compiled against the AES code from:
2		* http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
	2	* https://github.com/BrianGladman/AES
3	3	*/
4	4	#include <stdio.h>
5	5	#include <string.h>

+1

-1

src/lib/crypto/builtin/aes/aescrypt.asm less more

26	26	; Issue Date: 15/01/2002
27	27
28	28	; An AES (Rijndael) implementation for the Pentium MMX family using the NASM
29		; assembler <http://www.web-sites.co.uk/nasm/>. This version only implements
	29	; assembler <https://www.nasm.us>. This version only implements
30	30	; the standard AES block length (128 bits, 16 bytes) with the same interface
31	31	; as that used in my C/C++ implementation. This code does not preserve the
32	32	; eax, ecx or edx registers or the artihmetic status flags. However, the ebx,

+1

-1

src/lib/crypto/builtin/aes/aessrc.url less more

0		http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
	0	https://github.com/BrianGladman/AES

+1

-1

src/lib/crypto/builtin/camellia/camellia.c less more

26	26
27	27	/*
28	28	* Algorithm Specification
29		* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
	29	* https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
30	30	*/
31	31
32	32

+0

-1

src/lib/crypto/builtin/des/des_int.h less more

130	130	/* the first byte of the key is already in the keyblock */
131	131
132	132	#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet))
133		#define MIT_DES_CBC_CRC_PAD_MINIMUM CRC32_CKSUM_LENGTH
134	133	/* This used to be 8sizeof(krb5_octet) /
135	134	#define MIT_DES_KEYSIZE 8
136	135

+0

-3

src/lib/crypto/builtin/enc_provider/Makefile.in less more

10	10	##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst
11	11
12	12	STLIBOBJS= \
13		des.o \
14	13	des3.o \
15	14	rc4.o \
16	15	aes.o \
17	16	camellia.o
18	17
19	18	OBJS= \
20		$(OUTPRE)des.$(OBJEXT) \
21	19	$(OUTPRE)des3.$(OBJEXT) \
22	20	$(OUTPRE)aes.$(OBJEXT) \
23	21	$(OUTPRE)camellia.$(OBJEXT) \
24	22	$(OUTPRE)rc4.$(OBJEXT)
25	23
26	24	SRCS= \
27		$(srcdir)/des.c \
28	25	$(srcdir)/des3.c \
29	26	$(srcdir)/aes.c \
30	27	$(srcdir)/camellia.c \

+0

-12

src/lib/crypto/builtin/enc_provider/deps less more

0	0	#
1	1	# Generated makefile dependencies follow.
2	2	#
3		des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
4		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
5		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
6		$(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../des/des_int.h \
7		$(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
8		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
9		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
10		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
11		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
12		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
13		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
14		$(top_srcdir)/include/socket-utils.h des.c
15	3	des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
16	4	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
17	5	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \

+0

-120

~~src/lib/crypto/builtin/enc_provider/des.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/*
2		* Copyright (C) 1998 by the FundsXpress, INC.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require
7		* a specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of FundsXpress. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. FundsXpress makes no representations about the suitability of
19		* this software for any purpose. It is provided "as is" without express
20		* or implied warranty.
21		*
22		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23		* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24		* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25		*/
26
27		#include "crypto_int.h"
28		#include "des_int.h"
29
30		static krb5_error_code
31		validate_and_schedule(krb5_key key, const krb5_data *ivec,
32		const krb5_crypto_iov *data, size_t num_data,
33		mit_des_key_schedule schedule)
34		{
35		if (key->keyblock.length != 8)
36		return KRB5_BAD_KEYSIZE;
37		if (iov_total_length(data, num_data, FALSE) % 8 != 0)
38		return KRB5_BAD_MSIZE;
39		if (ivec != NULL && ivec->length != 8)
40		return KRB5_BAD_MSIZE;
41
42		switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
43		case -1:
44		return(KRB5DES_BAD_KEYPAR);
45		case -2:
46		return(KRB5DES_WEAK_KEY);
47		}
48		return 0;
49		}
50
51		static krb5_error_code
52		des_encrypt(krb5_key key, const krb5_data ivec, krb5_crypto_iov data,
53		size_t num_data)
54		{
55		mit_des_key_schedule schedule;
56		krb5_error_code err;
57
58		err = validate_and_schedule(key, ivec, data, num_data, schedule);
59		if (err)
60		return err;
61
62		krb5int_des_cbc_encrypt(data, num_data, schedule,
63		ivec != NULL ? (unsigned char *) ivec->data :
64		NULL);
65
66		zap(schedule, sizeof(schedule));
67		return 0;
68		}
69
70		static krb5_error_code
71		des_decrypt(krb5_key key, const krb5_data ivec, krb5_crypto_iov data,
72		size_t num_data)
73		{
74		mit_des_key_schedule schedule;
75		krb5_error_code err;
76
77		err = validate_and_schedule(key, ivec, data, num_data, schedule);
78		if (err)
79		return err;
80
81		krb5int_des_cbc_decrypt(data, num_data, schedule,
82		ivec != NULL ? (unsigned char *) ivec->data :
83		NULL);
84
85		zap(schedule, sizeof(schedule));
86		return 0;
87		}
88
89		static krb5_error_code
90		des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
91		const krb5_data ivec, krb5_data output)
92		{
93		mit_des_key_schedule schedule;
94		krb5_error_code err;
95
96		err = validate_and_schedule(key, ivec, data, num_data, schedule);
97		if (err)
98		return err;
99
100		if (output->length != 8)
101		return KRB5_CRYPTO_INTERNAL;
102
103		krb5int_des_cbc_mac(data, num_data, schedule,
104		ivec != NULL ? (unsigned char *) ivec->data : NULL,
105		(unsigned char *) output->data);
106
107		zap(schedule, sizeof(schedule));
108		return 0;
109		}
110
111		const struct krb5_enc_provider krb5int_enc_des = {
112		8,
113		7, 8,
114		des_encrypt,
115		des_decrypt,
116		des_cbc_mac,
117		krb5int_des_init_state,
118		krb5int_default_free_state
119		};

+2

-5

src/lib/crypto/builtin/hash_provider/Makefile.in less more

7	7	##DOS##OBJFILE = ..\..\$(OUTPRE)hash_provider.lst
8	8
9	9	STLIBOBJS= \
10		hash_crc32.o \
11	10	hash_md4.o \
12	11	hash_md5.o \
13	12	hash_sha1.o \
14	13	hash_sha2.o
15	14
16		OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \
17		$(OUTPRE)hash_md4.$(OBJEXT) \
	15	OBJS= $(OUTPRE)hash_md4.$(OBJEXT) \
18	16	$(OUTPRE)hash_md5.$(OBJEXT) \
19	17	$(OUTPRE)hash_sha1.$(OBJEXT) \
20	18	$(OUTPRE)hash_sha2.$(OBJEXT)
21	19
22		SRCS= $(srcdir)/hash_crc32.c \
23		$(srcdir)/hash_md4.c \
	20	SRCS= $(srcdir)/hash_md4.c \
24	21	$(srcdir)/hash_md5.c \
25	22	$(srcdir)/hash_sha1.c \
26	23	$(srcdir)/hash_sha2.c

+0

-13

src/lib/crypto/builtin/hash_provider/deps less more

0	0	#
1	1	# Generated makefile dependencies follow.
2	2	#
3		hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
4		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
5		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
6		$(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \
7		$(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \
8		$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
9		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
10		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
11		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
12		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
13		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
14		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
15		hash_crc32.c
16	3	hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
17	4	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
18	5	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+0

-56

~~src/lib/crypto/builtin/hash_provider/hash_crc32.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/*
2		* Copyright (C) 1998 by the FundsXpress, INC.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require
7		* a specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of FundsXpress. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. FundsXpress makes no representations about the suitability of
19		* this software for any purpose. It is provided "as is" without express
20		* or implied warranty.
21		*
22		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23		* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24		* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25		*/
26
27		#include "crypto_int.h"
28
29		static krb5_error_code
30		k5_crc32_hash(const krb5_crypto_iov data, size_t num_data, krb5_data output)
31		{
32		unsigned long c;
33		unsigned int i;
34
35		if (output->length != CRC32_CKSUM_LENGTH)
36		return KRB5_CRYPTO_INTERNAL;
37
38		c = 0;
39		for (i = 0; i < num_data; i++) {
40		const krb5_crypto_iov *iov = &data[i];
41
42		if (SIGN_IOV(iov))
43		mit_crc32(iov->data.data, iov->data.length, &c);
44		}
45
46		store_32_le(c, output->data);
47		return 0;
48		}
49
50		const struct krb5_hash_provider krb5int_hash_crc32 = {
51		"CRC32",
52		CRC32_CKSUM_LENGTH,
53		1,
54		k5_crc32_hash
55		};

+6

-4

src/lib/crypto/builtin/pbkdf2.c less more

72	72	* Implements the hmac-sha1 PRF. pass has been pre-hashed (if
73	73	* necessary) and converted to a key already; salt has had the block
74	74	* index appended to the original salt.
	75	*
	76	* NetBSD 8 declares an hmac() function in stdlib.h, so avoid that name.
75	77	*/
76	78	static krb5_error_code
77		hmac(const struct krb5_hash_provider hash, krb5_keyblock pass,
78		krb5_data salt, krb5_data out)
	79	k5_hmac(const struct krb5_hash_provider hash, krb5_keyblock pass,
	80	krb5_data salt, krb5_data out)
79	81	{
80	82	krb5_error_code err;
81	83	krb5_crypto_iov iov;

110	112
111	113	out = make_data(u_tmp1, hlen);
112	114
113		err = hmac(hash, pass, &sdata, &out);
	115	err = k5_hmac(hash, pass, &sdata, &out);
114	116	if (err)
115	117	return err;
116	118

120	122	sdata.length = hlen;
121	123	for (j = 2; j <= count; j++) {
122	124	memcpy(u_tmp2, u_tmp1, hlen);
123		err = hmac(hash, pass, &sdata, &out);
	125	err = k5_hmac(hash, pass, &sdata, &out);
124	126	if (err)
125	127	return err;
126	128

+0

-156

~~src/lib/crypto/crypto_tests/CRC.pm~~ less more

0		# Copyright 2002 by the Massachusetts Institute of Technology.
1		# All Rights Reserved.
2		#
3		# Export of this software from the United States of America may
4		# require a specific license from the United States Government.
5		# It is the responsibility of any person or organization contemplating
6		# export to obtain such a license before exporting.
7		#
8		# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
9		# distribute this software and its documentation for any purpose and
10		# without fee is hereby granted, provided that the above copyright
11		# notice appear in all copies and that both that copyright notice and
12		# this permission notice appear in supporting documentation, and that
13		# the name of M.I.T. not be used in advertising or publicity pertaining
14		# to distribution of the software without specific, written prior
15		# permission. Furthermore if you modify this software you must label
16		# your software as modified software and not distribute it in such a
17		# fashion that it might be confused with the original M.I.T. software.
18		# M.I.T. makes no representations about the suitability of
19		# this software for any purpose. It is provided "as is" without express
20		# or implied warranty.
21
22		package CRC;
23
24		# CRC: implement a CRC using the Poly package (yes this is slow)
25		#
26		# message M(x) = m_0 * x^0 + m_1 * x^1 + ... + m_(k-1) * x^(k-1)
27		# generator P(x) = p_0 * x^0 + p_1 * x^1 + ... + p_n * x^n
28		# remainder R(x) = r_0 * x^0 + r_1 * x^1 + ... + r_(n-1) * x^(n-1)
29		#
30		# R(x) = (x^n * M(x)) % P(x)
31		#
32		# Note that if F(x) = x^n * M(x) + R(x), then F(x) = 0 mod P(x) .
33		#
34		# In MIT Kerberos 5, R(x) is taken as the CRC, as opposed to what
35		# ISO 3309 does.
36		#
37		# ISO 3309 adds a precomplement and a postcomplement.
38		#
39		# The ISO 3309 postcomplement is of the form
40		#
41		# A(x) = x^0 + x^1 + ... + x^(n-1) .
42		#
43		# The ISO 3309 precomplement is of the form
44		#
45		# B(x) = x^k * A(x) .
46		#
47		# The ISO 3309 FCS is then
48		#
49		# (x^n * M(x)) % P(x) + B(x) % P(x) + A(x) ,
50		#
51		# which is equivalent to
52		#
53		# (x^n * M(x) + B(x)) % P(x) + A(x) .
54		#
55		# In ISO 3309, the transmitted frame is
56		#
57		# F'(x) = x^n * M(x) + R(x) + R'(x) + A(x) ,
58		#
59		# where
60		#
61		# R'(x) = B(x) % P(x) .
62		#
63		# Note that this means that if a new remainder is computed over the
64		# frame F'(x) (treating F'(x) as the new M(x)), it will be equal to a
65		# constant.
66		#
67		# F'(x) = 0 + R'(x) + A(x) mod P(x) ,
68		#
69		# then
70		#
71		# (F'(x) + x^k * A(x)) * x^n
72		#
73		# = ((R'(x) + A(x)) + x^k * A(x)) * x^n mod P(x)
74		#
75		# = (x^k * A(x) + A(x) + x^k * A(x)) * x^n mod P(x)
76		#
77		# = (0 + A(x)) * x^n mod P(x)
78		#
79		# Note that (A(x) * x^n) % P(x) is a constant, and that this result
80		# depends on B(x) being x^k * A(x).
81
82		use Carp;
83		use Poly;
84
85		sub new {
86		my $self = shift;
87		my $class = ref($self) \|\| $self;
88		my %args = @_;
89		$self = {bitsendian => "little"};
90		bless $self, $class;
91		$self->setpoly($args{"Poly"}) if exists $args{"Poly"};
92		$self->bitsendian($args{"bitsendian"})
93		if exists $args{"bitsendian"};
94		$self->{precomp} = $args{precomp} if exists $args{precomp};
95		$self->{postcomp} = $args{postcomp} if exists $args{postcomp};
96		return $self;
97		}
98
99		sub setpoly {
100		my $self = shift;
101		my($arg) = @_;
102		croak "need a polynomial" if !$arg->isa("Poly");
103		$self->{Poly} = $arg;
104		return $self;
105		}
106
107		sub crc {
108		my $self = shift;
109		my $msg = Poly->new(@_);
110		my($order, $r, $precomp);
111		$order = $self->{Poly}->order;
112		# B(x) = x^k * precomp
113		$precomp = $self->{precomp} ?
114		$self->{precomp} * Poly->powers2poly(scalar(@_)) : Poly->new;
115		# R(x) = (x^n * M(x)) % P(x)
116		$r = ($msg * Poly->powers2poly($order)) % $self->{Poly};
117		# B(x) % P(x)
118		$r += $precomp % $self->{Poly};
119		$r += $self->{postcomp} if exists $self->{postcomp};
120		return $r;
121		}
122
123		# endianness of bits of each octet
124		#
125		# Note that the message is always treated as being sent in big-endian
126		# octet order.
127		#
128		# Usually, the message will be treated as bits being little-endian,
129		# since that is the common case for serial implementations that
130		# present data in octets; e.g., most UARTs shift octets onto the line
131		# in little-endian order, and protocols such as ISO 3309, V.42,
132		# etc. treat individual octets as being sent LSB-first.
133
134		sub bitsendian {
135		my $self = shift;
136		my($arg) = @_;
137		croak "bad bit endianness" if $arg !~ /big\|little/;
138		$self->{bitsendian} = $arg;
139		return $self;
140		}
141
142		sub crcstring {
143		my $self = shift;
144		my($arg) = @_;
145		my($packstr, @m);
146		{
147		$packstr = "B*", last if $self->{bitsendian} =~ /big/;
148		$packstr = "b*", last if $self->{bitsendian} =~ /little/;
149		croak "bad bit endianness";
150		};
151		@m = split //, unpack $packstr, $arg;
152		return $self->crc(@m);
153		}
154
155		1;

+6

-35

src/lib/crypto/crypto_tests/Makefile.in less more

15	15	$(srcdir)/aes-test.c \
16	16	$(srcdir)/camellia-test.c \
17	17	$(srcdir)/t_cf2.c \
18		$(srcdir)/t_cksum.c \
19	18	$(srcdir)/t_cksums.c \
20		$(srcdir)/t_crc.c \
21	19	$(srcdir)/t_mddriver.c \
22	20	$(srcdir)/t_kperf.c \
23	21	$(srcdir)/t_sha2.c \
24	22	$(srcdir)/t_short.c \
25	23	$(srcdir)/t_str2key.c \
26	24	$(srcdir)/t_derive.c \
27		$(srcdir)/t_fork.c \
28		$(srcdir)/t_combine.c
	25	$(srcdir)/t_fork.c
29	26
30	27	##DOS##BUILDTOP = ..\..\..
31	28
32		# NOTE: The t_cksum known checksum values are primarily for regression
33		# testing. They are not derived a priori, but are known to produce
34		# checksums that interoperate.
35	29	check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
36		t_cksum4 t_cksum5 t_cksums \
	30	t_cksums \
37	31	aes-test \
38	32	camellia-test \
39	33	t_mddriver4 t_mddriver \
40		t_crc t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 \
41		t_combine
	34	t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2
42	35	$(RUN_TEST) ./t_nfold
43	36	$(RUN_TEST) ./t_encrypt
44	37	$(RUN_TEST) ./t_decrypt

46	39	$(RUN_TEST) ./t_cmac
47	40	$(RUN_TEST) ./t_hmac
48	41	$(RUN_TEST) ./t_prf
49		$(RUN_TEST) ./t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
50		$(RUN_TEST) ./t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
51	42	$(RUN_TEST) ./t_cksums
52		$(RUN_TEST) ./t_crc
53	43	$(RUN_TEST) ./t_cts
54	44	$(RUN_TEST) ./aes-test -k > vk.txt
55	45	cmp vk.txt $(srcdir)/expect-vk.txt

66	56	$(RUN_TEST) ./t_fork
67	57	$(RUN_TEST) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
68	58	diff t_cf2.output $(srcdir)/t_cf2.expected
69		$(RUN_TEST) ./t_combine
70	59	# $(RUN_TEST) ./t_pkcs5
71	60
72	61	t_nfold$(EXEEXT): t_nfold.$(OBJEXT) $(KRB5_BASE_DEPLIBS)

108	97	$(CC_LINK) -o $@ t_short.$(OBJEXT) \
109	98	$(KRB5_BASE_LIBS)
110	99
111		t_cksum4.o: $(srcdir)/t_cksum.c
112		$(CC) -DMD=4 $(ALL_CFLAGS) -o t_cksum4.o -c $(srcdir)/t_cksum.c
113
114		t_cksum5.o: $(srcdir)/t_cksum.c
115		$(CC) -DMD=5 $(ALL_CFLAGS) -o t_cksum5.o -c $(srcdir)/t_cksum.c
116
117		t_cksum4: t_cksum4.o $(CRYTPO_DEPLIB)
118		$(CC_LINK) -o t_cksum4 t_cksum4.o $(KRB5_BASE_LIBS)
119
120		t_cksum5: t_cksum5.o $(CRYPTO_DEPLIB)
121		$(CC_LINK) -o t_cksum5 t_cksum5.o $(KRB5_BASE_LIBS)
122
123	100	t_cksums: t_cksums.o $(CRYTPO_DEPLIB)
124	101	$(CC_LINK) -o t_cksums t_cksums.o -lkrb5 $(KRB5_BASE_LIBS)
125
126		t_crc: t_crc.o $(KRB5_BASE_DEPLIBS)
127		$(CC_LINK) -o $@ t_crc.o $(KRB5_BASE_LIBS)
128	102
129	103	aes-test: aes-test.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
130	104	$(CC_LINK) -o aes-test aes-test.$(OBJEXT) $(KRB5_BASE_LIBS)

156	130	t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
157	131	$(CC_LINK) -o $@ t_cf2.$(OBJEXT) $(KRB5_BASE_LIBS)
158	132
159		t_combine$(EXEEXT): t_combine.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
160		$(CC_LINK) -o $@ t_combine.$(OBJEXT) $(KRB5_BASE_LIBS)
161
162	133	clean:
163	134	$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \
164	135	t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \
165	136	t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
166	137	aes-test.o aes-test vt.txt vk.txt kresults.out \
167		t_crc.o t_crc t_cts.o t_cts \
	138	t_cts.o t_cts \
168	139	t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \
169		t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o t_cksums t_cksums.o \
	140	t_cksums t_cksums.o \
170	141	t_kperf.o t_kperf t_sha2.o t_sha2 t_short t_short.o t_str2key \
171	142	t_str2key.o t_derive t_derive.o t_fork t_fork.o \
172	143	t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \
173	144	camellia-test camellia-test.o camellia-vt.txt \
174		t_cf2 t_cf2.o t_cf2.output t_combine.o t_combine
	145	t_cf2 t_cf2.o t_cf2.output
175	146
176	147	-$(RM) t_prng.output
177	148	-$(RM) t_prf.output

+0

-111

~~src/lib/crypto/crypto_tests/crc.pl~~ less more

0		# Copyright 2002 by the Massachusetts Institute of Technology.
1		# All Rights Reserved.
2		#
3		# Export of this software from the United States of America may
4		# require a specific license from the United States Government.
5		# It is the responsibility of any person or organization contemplating
6		# export to obtain such a license before exporting.
7		#
8		# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
9		# distribute this software and its documentation for any purpose and
10		# without fee is hereby granted, provided that the above copyright
11		# notice appear in all copies and that both that copyright notice and
12		# this permission notice appear in supporting documentation, and that
13		# the name of M.I.T. not be used in advertising or publicity pertaining
14		# to distribution of the software without specific, written prior
15		# permission. Furthermore if you modify this software you must label
16		# your software as modified software and not distribute it in such a
17		# fashion that it might be confused with the original M.I.T. software.
18		# M.I.T. makes no representations about the suitability of
19		# this software for any purpose. It is provided "as is" without express
20		# or implied warranty.
21
22		use CRC;
23
24		print "* crudely testing polynomial functions *\n";
25
26		$x = Poly->new(1,1,1,1);
27		$y = Poly->new(1,1);
28		print "x = @{[$x->pretty]}\ny = @{[$y->pretty]}\n";
29		$q = $x / $y;
30		$r = $x % $y;
31		print $x->pretty, " = (", $y->pretty , ") * (", $q->pretty,
32		") + ", $r->pretty, "\n";
33		$q = $y / $x;
34		$r = $y % $x;
35		print "y / x = @{[$q->pretty]}\ny % x = @{[$r->pretty]}\n";
36
37		# ISO 3309 32-bit FCS polynomial
38		$fcs32 = Poly->powers2poly(32,26,23,22,16,12,11,10,8,7,5,4,2,1,0);
39		print "fcs32 = ", $fcs32->pretty, "\n";
40
41		$crc = CRC->new(Poly => $fcs32, bitsendian => "little");
42
43		print "\n";
44
45		print "* little endian, no complementation *\n";
46		for ($i = 0; $i < 256; $i++) {
47		$r = $crc->crcstring(pack "C", $i);
48		printf ("%02x: ", $i) if !($i % 8);
49		print ($r->revhex, ($i % 8 == 7) ? "\n" : " ");
50		}
51
52		print "\n";
53
54		print "* little endian, 4 bits, no complementation *\n";
55		for ($i = 0; $i < 16; $i++) {
56		@m = (split //, unpack "b*", pack "C", $i)[0..3];
57		$r = $crc->crc(@m);
58		printf ("%02x: ", $i) if !($i % 8);
59		print ($r->revhex, ($i % 8 == 7) ? "\n" : " ");
60		}
61
62		print "\n";
63
64		print "* test vectors for t_crc.c, little endian *\n";
65		for ($i = 1; $i <= 4; $i *=2) {
66		for ($j = 0; $j < $i * 8; $j++) {
67		@m = split //, unpack "b*", pack "V", 1 << $j;
68		splice @m, $i * 8;
69		$r = $crc->crc(@m);
70		$m = unpack "H", pack "b", join("", @m);
71		print "{HEX, \"$m\", 0x", $r->revhex, "},\n";
72		}
73		}
74		@m = ("foo", "test0123456789",
75		"MASSACHVSETTS INSTITVTE OF TECHNOLOGY");
76		foreach $m (@m) {
77		$r = $crc->crcstring($m);
78		print "{STR, \"$m\", 0x", $r->revhex, "},\n";
79		}
80		__END__
81
82		print "* big endian, no complementation *\n";
83		for ($i = 0; $i < 256; $i++) {
84		$r = $crc->crcstring(pack "C", $i);
85		printf ("%02x: ", $i) if !($i % 8);
86		print ($r->hex, ($i % 8 == 7) ? "\n" : " ");
87		}
88
89		# all ones polynomial of order 31
90		$ones = Poly->new((1) x 32);
91
92		print "*** big endian, ISO-3309 style\n";
93		$crc = CRC->new(Poly => $fcs32,
94		bitsendian => "little",
95		precomp => $ones,
96		postcomp => $ones);
97		for ($i = 0; $i < 256; $i++) {
98		$r = $crc->crcstring(pack "C", $i);
99		print ($r->hex, ($i % 8 == 7) ? "\n" : " ");
100		}
101
102		for ($i = 0; $i < 0; $i++) {
103		$x = Poly->new((1) x 32, (0) x $i);
104		$y = Poly->new((1) x 32);
105		$f = ($x % $fcs32) + $y;
106		$r = (($f + $x) * Poly->powers2poly(32)) % $fcs32;
107		@out = @$r;
108		unshift @out, 0 while @out < 32;
109		print @out, "\n";
110		}

+0

-34

src/lib/crypto/crypto_tests/deps less more

139	139	$(top_srcdir)/include/socket-utils.h camellia-test.c
140	140	$(OUTPRE)t_cf2.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
141	141	$(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_cf2.c
142		$(OUTPRE)t_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
143		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
144		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
145		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
146		$(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
147		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
148		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
149		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
150		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
151		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
152		t_cksum.c
153	142	$(OUTPRE)t_cksums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
154	143	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
155	144	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

160	149	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
161	150	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
162	151	$(top_srcdir)/include/socket-utils.h t_cksums.c
163		$(OUTPRE)t_crc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
164		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
165		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \
166		$(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \
167		$(srcdir)/../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
168		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
169		$(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
170		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
171		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
172		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
173		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
174		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
175		t_crc.c
176	152	$(OUTPRE)t_mddriver.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
177	153	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
178	154	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \

249	225	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
250	226	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
251	227	$(top_srcdir)/include/socket-utils.h t_fork.c
252		$(OUTPRE)t_combine.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
253		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
254		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
255		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
256		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
257		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
258		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
259		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
260		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
261		$(top_srcdir)/include/socket-utils.h t_combine.c

+0

-1

src/lib/crypto/crypto_tests/t_cf2.expected less more

0	0	97df97e4b798b29eb31ed7280287a92a
1	1	4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b
2		43bae3738c9467e6
3	2	e58f9eb643862c13ad38e529313462a7f73e62834fe54a01
4	3	24d7f6b6bae4e5c00d2082c5ebab3672
5	4	edd02a39d2dbde31611c16e610be062c

+0

-5

src/lib/crypto/crypto_tests/t_cf2.in less more

3	3	a
4	4	b
5	5	18
6		key1
7		key2
8		a
9		b
10		1
11	6	key1
12	7	key2
13	8	a

+0

-160

~~src/lib/crypto/crypto_tests/t_cksum.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/crypto_tests/t_cksum.c */
2		/*
3		* Copyright 1995 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/* Test checksum and checksum compatability for rsa-md[4,5]-des. */
27
28		#include "k5-int.h"
29		#include "k5-hex.h"
30
31		#define MD5_K5BETA_COMPAT
32		#define MD4_K5BETA_COMPAT
33
34		#if MD == 4
35		#define CKTYPE CKSUMTYPE_RSA_MD4_DES
36		#endif
37
38		#if MD == 5
39		#define CKTYPE CKSUMTYPE_RSA_MD5_DES
40		#endif
41
42		static void
43		print_checksum(char text, int number, char message, krb5_checksum *checksum)
44		{
45		unsigned int i;
46
47		printf("%s MD%d checksum(\"%s\") = ", text, number, message);
48		for (i=0; i<checksum->length; i++)
49		printf("%02x", (unsigned char) checksum->contents[i]);
50		printf("\n");
51		}
52
53		/*
54		* Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
55		* checksums.
56		*/
57
58		krb5_octet testkey[8] = { 0x45, 0x01, 0x49, 0x61, 0x58, 0x19, 0x1a, 0x3d };
59
60		int
61		main(argc, argv)
62		int argc;
63		char **argv;
64		{
65		int msgindex;
66		size_t len;
67		krb5_boolean valid;
68		krb5_keyblock keyblock;
69		krb5_key key;
70		krb5_error_code kret=0;
71		krb5_data plaintext;
72		krb5_checksum checksum, knowncksum;
73
74		/* this is a terrible seed, but that's ok for the test. */
75
76		plaintext.length = 8;
77		plaintext.data = (char *) testkey;
78
79		krb5_c_random_seed(/* XXX */ 0, &plaintext);
80
81		keyblock.enctype = ENCTYPE_DES_CBC_CRC;
82		keyblock.length = sizeof(testkey);
83		keyblock.contents = testkey;
84
85		krb5_k_create_key(NULL, &keyblock, &key);
86
87		for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
88		plaintext.length = strlen(argv[msgindex]);
89		plaintext.data = argv[msgindex];
90
91		/* Create a checksum. */
92		kret = krb5_k_make_checksum(NULL, CKTYPE, key, 0, &plaintext,
93		&checksum);
94		if (kret != 0) {
95		printf("krb5_calculate_checksum choked with %d\n", kret);
96		break;
97		}
98		print_checksum("correct", MD, argv[msgindex], &checksum);
99
100		/* Verify it. */
101		kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
102		&valid);
103		if (kret != 0) {
104		printf("verify on new checksum choked with %d\n", kret);
105		break;
106		}
107		if (!valid) {
108		printf("verify on new checksum failed\n");
109		kret = 1;
110		break;
111		}
112		printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
113
114		/* Corrupt the checksum and see if it still verifies. */
115		checksum.contents[0]++;
116		kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
117		&valid);
118		if (kret != 0) {
119		printf("verify on new checksum choked with %d\n", kret);
120		break;
121		}
122		if (valid) {
123		printf("verify on new checksum succeeded, but shouldn't have\n");
124		kret = 1;
125		break;
126		}
127		printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
128		free(checksum.contents);
129
130		/* Verify a known-good checksum for this plaintext. */
131		kret = k5_hex_decode(argv[msgindex + 1], &knowncksum.contents, &len);
132		if (kret) {
133		printf("k5_hex_decode failed\n");
134		break;
135		}
136		knowncksum.length = len;
137		knowncksum.checksum_type = CKTYPE;
138		knowncksum.magic = KV5M_CHECKSUM;
139		kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &knowncksum,
140		&valid);
141		if (kret != 0) {
142		printf("verify on known checksum choked with %d\n", kret);
143		break;
144		}
145		if (!valid) {
146		printf("verify on known checksum failed\n");
147		kret = 1;
148		break;
149		}
150		printf("Verify on known checksum succeeded\n");
151		free(knowncksum.contents);
152		}
153		if (!kret)
154		printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
155
156		krb5_k_free_key(NULL, key);
157
158		return(kret);
159		}

+1

-7

src/lib/crypto/crypto_tests/t_cksums.c less more

26	26	/*
27	27	* This harness tests checksum results against known values. With the -v flag,
28	28	* results for all tests are displayed. This harness only works for
29		* deterministic checksums; for rsa-md4-des and rsa-md5-des, see t_cksum.c.
	29	* deterministic checksums.
30	30	*/
31	31
32	32	#include "k5-int.h"

39	39	krb5_data keybits;
40	40	krb5_data cksum;
41	41	} test_cases[] = {
42		{
43		{ KV5M_DATA, 3, "abc" },
44		CKSUMTYPE_CRC32, 0, 0, { KV5M_DATA, 0, "" },
45		{ KV5M_DATA, 4,
46		"\xD0\x98\x65\xCA" }
47		},
48	42	{
49	43	{ KV5M_DATA, 3, "one" },
50	44	CKSUMTYPE_RSA_MD4, 0, 0, { KV5M_DATA, 0, "" },

+0

-80

~~src/lib/crypto/crypto_tests/t_combine.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/crypto_tests/t_combine.c - krb5int_c_combine_keys tests */
2		/*
3		* Copyright (C) 2014 by the Massachusetts Institute of Technology.
4		* All rights reserved.
5		*
6		* Redistribution and use in source and binary forms, with or without
7		* modification, are permitted provided that the following conditions
8		* are met:
9		*
10		* * Redistributions of source code must retain the above copyright
11		* notice, this list of conditions and the following disclaimer.
12		*
13		* * Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in
15		* the documentation and/or other materials provided with the
16		* distribution.
17		*
18		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21		* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22		* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23		* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24		* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25		* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
29		* OF THE POSSIBILITY OF SUCH DAMAGE.
30		*/
31
32		#include "k5-int.h"
33
34		unsigned char des_key1[] = "\x04\x86\xCD\x97\x61\xDF\xD6\x29";
35		unsigned char des_key2[] = "\x1A\x54\x9B\x7F\xDC\x20\x83\x0E";
36		unsigned char des_result[] = "\xC2\x13\x01\x52\x89\x26\xC4\xF7";
37
38		unsigned char des3_key1[] = "\x10\xB6\x75\xD5\x5B\xD9\x6E\x73"
39		"\xFD\x54\xB3\x3D\x37\x52\xC1\x2A\xF7\x43\x91\xFE\x1C\x02\x37\x13";
40		unsigned char des3_key2[] = "\xC8\xDA\x3E\xA7\xB6\x64\xAE\x7A"
41		"\xB5\x70\x2A\x29\xB3\xBF\x9B\xA8\x46\x7C\x5B\xA8\x8A\x46\x70\x10";
42		unsigned char des3_result[] = "\x2F\x79\x97\x3E\x3E\xA4\x73\x1A"
43		"\xB9\x3D\xEF\x5E\x7C\x29\xFB\x2A\x68\x86\x1F\xC1\x85\x0E\x79\x92";
44
45		int
46		main(int argc, char **argv)
47		{
48		krb5_keyblock kb1, kb2, result;
49
50		kb1.enctype = ENCTYPE_DES_CBC_CRC;
51		kb1.contents = des_key1;
52		kb1.length = 8;
53		kb2.enctype = ENCTYPE_DES_CBC_CRC;
54		kb2.contents = des_key2;
55		kb2.length = 8;
56		memset(&result, 0, sizeof(result));
57		if (krb5int_c_combine_keys(NULL, &kb1, &kb2, &result) != 0)
58		abort();
59		if (result.enctype != ENCTYPE_DES_CBC_CRC \|\| result.length != 8 \|\|
60		memcmp(result.contents, des_result, 8) != 0)
61		abort();
62		krb5_free_keyblock_contents(NULL, &result);
63
64		kb1.enctype = ENCTYPE_DES3_CBC_SHA1;
65		kb1.contents = des3_key1;
66		kb1.length = 24;
67		kb2.enctype = ENCTYPE_DES3_CBC_SHA1;
68		kb2.contents = des3_key2;
69		kb2.length = 24;
70		memset(&result, 0, sizeof(result));
71		if (krb5int_c_combine_keys(NULL, &kb1, &kb2, &result) != 0)
72		abort();
73		if (result.enctype != ENCTYPE_DES3_CBC_SHA1 \|\| result.length != 24 \|\|
74		memcmp(result.contents, des3_result, 24) != 0)
75		abort();
76		krb5_free_keyblock_contents(NULL, &result);
77
78		return 0;
79		}

+0

-148

~~src/lib/crypto/crypto_tests/t_crc.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/crypto_tests/t_crc.c */
2		/*
3		* Copyright 2002,2005 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/*
27		* Sanity checks for CRC32.
28		*/
29		#include <sys/times.h>
30		#include <limits.h>
31		#include <stdio.h>
32		#include <stdlib.h>
33		#include <string.h>
34		#include <k5-hex.h>
35		#include "crypto_int.h"
36
37		#define HEX 1
38		#define STR 2
39		struct crc_trial {
40		int type;
41		char *data;
42		unsigned long sum;
43		};
44
45		struct crc_trial trials[] = {
46		{HEX, "01", 0x77073096},
47		{HEX, "02", 0xee0e612c},
48		{HEX, "04", 0x076dc419},
49		{HEX, "08", 0x0edb8832},
50		{HEX, "10", 0x1db71064},
51		{HEX, "20", 0x3b6e20c8},
52		{HEX, "40", 0x76dc4190},
53		{HEX, "80", 0xedb88320},
54		{HEX, "0100", 0x191b3141},
55		{HEX, "0200", 0x32366282},
56		{HEX, "0400", 0x646cc504},
57		{HEX, "0800", 0xc8d98a08},
58		{HEX, "1000", 0x4ac21251},
59		{HEX, "2000", 0x958424a2},
60		{HEX, "4000", 0xf0794f05},
61		{HEX, "8000", 0x3b83984b},
62		{HEX, "0001", 0x77073096},
63		{HEX, "0002", 0xee0e612c},
64		{HEX, "0004", 0x076dc419},
65		{HEX, "0008", 0x0edb8832},
66		{HEX, "0010", 0x1db71064},
67		{HEX, "0020", 0x3b6e20c8},
68		{HEX, "0040", 0x76dc4190},
69		{HEX, "0080", 0xedb88320},
70		{HEX, "01000000", 0xb8bc6765},
71		{HEX, "02000000", 0xaa09c88b},
72		{HEX, "04000000", 0x8f629757},
73		{HEX, "08000000", 0xc5b428ef},
74		{HEX, "10000000", 0x5019579f},
75		{HEX, "20000000", 0xa032af3e},
76		{HEX, "40000000", 0x9b14583d},
77		{HEX, "80000000", 0xed59b63b},
78		{HEX, "00010000", 0x01c26a37},
79		{HEX, "00020000", 0x0384d46e},
80		{HEX, "00040000", 0x0709a8dc},
81		{HEX, "00080000", 0x0e1351b8},
82		{HEX, "00100000", 0x1c26a370},
83		{HEX, "00200000", 0x384d46e0},
84		{HEX, "00400000", 0x709a8dc0},
85		{HEX, "00800000", 0xe1351b80},
86		{HEX, "00000100", 0x191b3141},
87		{HEX, "00000200", 0x32366282},
88		{HEX, "00000400", 0x646cc504},
89		{HEX, "00000800", 0xc8d98a08},
90		{HEX, "00001000", 0x4ac21251},
91		{HEX, "00002000", 0x958424a2},
92		{HEX, "00004000", 0xf0794f05},
93		{HEX, "00008000", 0x3b83984b},
94		{HEX, "00000001", 0x77073096},
95		{HEX, "00000002", 0xee0e612c},
96		{HEX, "00000004", 0x076dc419},
97		{HEX, "00000008", 0x0edb8832},
98		{HEX, "00000010", 0x1db71064},
99		{HEX, "00000020", 0x3b6e20c8},
100		{HEX, "00000040", 0x76dc4190},
101		{HEX, "00000080", 0xedb88320},
102		{STR, "foo", 0x7332bc33},
103		{STR, "test0123456789", 0xb83e88d6},
104		{STR, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 0xe34180f7}
105		};
106
107		#define NTRIALS (sizeof(trials) / sizeof(trials[0]))
108
109
110		int
111		main(void)
112		{
113		unsigned int i;
114		struct crc_trial trial;
115		uint8_t *bytes;
116		size_t len;
117		unsigned long cksum;
118		char *typestr;
119
120		for (i = 0; i < NTRIALS; i++) {
121		trial = trials[i];
122		switch (trial.type) {
123		case STR:
124		len = strlen(trial.data);
125		typestr = "STR";
126		cksum = 0;
127		mit_crc32(trial.data, len, &cksum);
128		break;
129		case HEX:
130		typestr = "HEX";
131		if (k5_hex_decode(trial.data, &bytes, &len) != 0)
132		abort();
133		cksum = 0;
134		mit_crc32(bytes, len, &cksum);
135		free(bytes);
136		break;
137		default:
138		typestr = "BOGUS";
139		fprintf(stderr, "bad trial type %d\n", trial.type);
140		exit(1);
141		}
142		printf("%s: %s \"%s\" = 0x%08lx\n",
143		(trial.sum == cksum) ? "OK" : "*BAD*",
144		typestr, trial.data, cksum);
145		}
146		exit(0);
147		}

+0

-148

src/lib/crypto/crypto_tests/t_decrypt.c less more

39	39	krb5_data ciphertext;
40	40	} test_cases[] = {
41	41	{
42		ENCTYPE_DES_CBC_CRC,
43		{ KV5M_DATA, 0, "" }, 0,
44		{ KV5M_DATA, 8,
45		"\x45\xE6\x08\x7C\xDF\x13\x8F\xB5" },
46		{ KV5M_DATA, 16,
47		"\x28\xF6\xB0\x9A\x01\x2B\xCC\xF7\x2F\xB0\x51\x22\xB2\x83\x9E\x6E" }
48		},
49		{
50		ENCTYPE_DES_CBC_CRC,
51		{ KV5M_DATA, 1, "1" }, 1,
52		{ KV5M_DATA, 8,
53		"\x92\xA7\x15\x58\x10\x58\x6B\x2F" },
54		{ KV5M_DATA, 16,
55		"\xB4\xC8\x71\xC2\xF3\xE7\xBF\x76\x05\xEF\xD6\x2F\x2E\xEE\xC2\x05" }
56		},
57		{
58		ENCTYPE_DES_CBC_CRC,
59		{ KV5M_DATA, 9, "9 bytesss" }, 2,
60		{ KV5M_DATA, 8,
61		"\xA4\xB9\x51\x4A\x61\x64\x64\x23" },
62		{ KV5M_DATA, 24,
63		"\x5F\x14\xC3\x51\x78\xD3\x3D\x7C\xDE\x0E\xC1\x69\xC6\x23\xCC\x83"
64		"\x21\xB7\xB8\xBD\x34\xEA\x7E\xFE" }
65		},
66		{
67		ENCTYPE_DES_CBC_CRC,
68		{ KV5M_DATA, 13, "13 bytes byte", }, 3,
69		{ KV5M_DATA, 8,
70		"\x2F\x16\xA2\xA7\xFD\xB0\x57\x68" },
71		{ KV5M_DATA, 32,
72		"\x0B\x58\x8E\x38\xD9\x71\x43\x3C\x9D\x86\xD8\xBA\xEB\xF6\x3E\x4C"
73		"\x1A\x01\x66\x6E\x76\xD8\xA5\x4A\x32\x93\xF7\x26\x79\xED\x88\xC9" }
74		},
75		{
76		ENCTYPE_DES_CBC_CRC,
77		{ KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
78		{ KV5M_DATA, 8,
79		"\xBC\x8F\x70\xFD\x20\x97\xD6\x7C" },
80		{ KV5M_DATA, 48,
81		"\x38\xD6\x32\xD2\xC2\x0A\x7C\x2E\xA2\x50\xFC\x8E\xCE\x42\x93\x8E"
82		"\x92\xA9\xF5\xD3\x02\x50\x26\x65\xC1\xA3\x37\x29\xC1\x05\x0D\xC2"
83		"\x05\x62\x98\xFB\xFB\x16\x82\xCE\xEB\x65\xE5\x92\x04\xFD\xA7\xDF" }
84		},
85
86		{
87		ENCTYPE_DES_CBC_MD4,
88		{ KV5M_DATA, 0, "", }, 0,
89		{ KV5M_DATA, 8,
90		"\x13\xEF\x45\xD0\xD6\xD9\xA1\x5D" },
91		{ KV5M_DATA, 24,
92		"\x1F\xB2\x02\xBF\x07\xAF\x30\x47\xFB\x78\x01\xE5\x88\x56\x86\x86"
93		"\xBA\x63\xD7\x8B\xE3\xE8\x7D\xC7" }
94		},
95		{
96		ENCTYPE_DES_CBC_MD4,
97		{ KV5M_DATA, 1, "1", }, 1,
98		{ KV5M_DATA, 8,
99		"\x64\x68\x86\x54\xDC\x26\x9E\x67" },
100		{ KV5M_DATA, 32,
101		"\x1F\x6C\xB9\xCE\xCB\x73\xF7\x55\xAB\xFD\xB3\xD5\x65\xBD\x31\xD5"
102		"\xA2\xE6\x4B\xFE\x44\xC4\x91\xE2\x0E\xEB\xE5\xBD\x20\xE4\xD2\xA9" }
103		},
104		{
105		ENCTYPE_DES_CBC_MD4,
106		{ KV5M_DATA, 9, "9 bytesss", }, 2,
107		{ KV5M_DATA, 8,
108		"\x68\x04\xFB\x26\xDF\x8A\x4C\x32" },
109		{ KV5M_DATA, 40,
110		"\x08\xA5\x3D\x62\xFE\xC3\x33\x8A\xD1\xD2\x18\xE6\x0D\xBD\xD3\xB2"
111		"\x12\x94\x06\x79\xD1\x25\xE0\x62\x1B\x3B\xAB\x46\x80\xCE\x03\x67"
112		"\x6A\x2C\x42\x0E\x9B\xE7\x84\xEB" }
113		},
114		{
115		ENCTYPE_DES_CBC_MD4,
116		{ KV5M_DATA, 13, "13 bytes byte", }, 3,
117		{ KV5M_DATA, 8,
118		"\x23\x4A\x43\x6E\xC7\x2F\xA8\x0B" },
119		{ KV5M_DATA, 40,
120		"\x17\xCD\x45\xE1\x4F\xF0\x6B\x28\x40\xA6\x03\x6E\x9A\xA7\xA4\x14"
121		"\x4E\x29\x76\x81\x44\xA0\xC1\x82\x7D\x8C\x4B\xC7\xC9\x90\x6E\x72"
122		"\xCD\x4D\xC3\x28\xF6\x64\x8C\x99" }
123		},
124		{
125		ENCTYPE_DES_CBC_MD4,
126		{ KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
127		{ KV5M_DATA, 8,
128		"\x1F\xD5\xF7\x43\x34\xC4\xFB\x8C" },
129		{ KV5M_DATA, 56,
130		"\x51\x13\x4C\xD8\x95\x1E\x9D\x57\xC0\xA3\x60\x53\xE0\x4C\xE0\x3E"
131		"\xCB\x84\x22\x48\x8F\xDD\xC5\xC0\x74\xC4\xD8\x5E\x60\xA2\xAE\x42"
132		"\x3C\x3C\x70\x12\x01\x31\x4F\x36\x2C\xB0\x74\x48\x09\x16\x79\xC6"
133		"\xA4\x96\xC1\x1D\x7B\x93\xC7\x1B" }
134		},
135
136		{
137		ENCTYPE_DES_CBC_MD5,
138		{ KV5M_DATA, 0, "", }, 0,
139		{ KV5M_DATA, 8,
140		"\x4A\x54\x5E\x0B\xF7\xA2\x26\x31" },
141		{ KV5M_DATA, 24,
142		"\x78\x4C\xD8\x15\x91\xA0\x34\xBE\x82\x55\x6F\x56\xDC\xA3\x22\x4B"
143		"\x62\xD9\x95\x6F\xA9\x0B\x1B\x93" }
144		},
145		{
146		ENCTYPE_DES_CBC_MD5,
147		{ KV5M_DATA, 1, "1", }, 1,
148		{ KV5M_DATA, 8,
149		"\xD5\x80\x4A\x26\x9D\xC4\xE6\x45" },
150		{ KV5M_DATA, 32,
151		"\xFF\xA2\x5C\x7B\xE2\x87\x59\x6B\xFE\x58\x12\x6E\x90\xAA\xA0\xF1"
152		"\x2D\x9A\x82\xA0\xD8\x6D\xF6\xD5\xF9\x07\x4B\x6B\x39\x9E\x7F\xF1" }
153		},
154		{
155		ENCTYPE_DES_CBC_MD5,
156		{ KV5M_DATA, 9, "9 bytesss", }, 2,
157		{ KV5M_DATA, 8,
158		"\xC8\x31\x2F\x7F\x83\xEA\x46\x40" },
159		{ KV5M_DATA, 40,
160		"\xE7\x85\x03\x37\xF2\xCC\x5E\x3F\x35\xCE\x3D\x69\xE2\xC3\x29\x86"
161		"\x38\xA7\xAA\x44\xB8\x78\x03\x1E\x39\x85\x1E\x47\xC1\x5B\x5D\x0E"
162		"\xE7\xE7\xAC\x54\xDE\x11\x1D\x80" }
163		},
164		{
165		ENCTYPE_DES_CBC_MD5,
166		{ KV5M_DATA, 13, "13 bytes byte", }, 3,
167		{ KV5M_DATA, 8,
168		"\x7F\xDA\x3E\x62\xAD\x8A\xF1\x8C" },
169		{ KV5M_DATA, 40,
170		"\xD7\xA8\x03\x2E\x19\x99\x4C\x92\x87\x77\x50\x65\x95\xFB\xDA\x98"
171		"\x83\x15\x8A\x85\x14\x54\x8E\x29\x6E\x91\x1C\x29\xF4\x65\xC6\x72"
172		"\x36\x60\x00\x55\x8B\xFC\x2E\x88" }
173		},
174		{
175		ENCTYPE_DES_CBC_MD5,
176		{ KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
177		{ KV5M_DATA, 8,
178		"\xD3\xD6\x83\x29\x70\xA7\x37\x52" },
179		{ KV5M_DATA, 56,
180		"\x8A\x48\x16\x6A\x4C\x6F\xEA\xE6\x07\xA8\xCF\x68\xB3\x81\xC0\x75"
181		"\x5E\x40\x2B\x19\xDB\xC0\xF8\x1A\x7D\x7C\xA1\x9A\x25\xE0\x52\x23"
182		"\xF6\x06\x44\x09\xBF\x5A\x4F\x50\xAC\xD8\x26\x63\x9F\xFA\x76\x73"
183		"\xFD\x32\x4E\xC1\x9E\x42\x95\x02" }
184		},
185
186		{
187	42	ENCTYPE_DES3_CBC_SHA1,
188	43	{ KV5M_DATA, 0, "", }, 0,
189	44	{ KV5M_DATA, 24,

668	523
669	524	static krb5_enctype
670	525	enctypes[] = {
671		ENCTYPE_DES_CBC_CRC,
672		ENCTYPE_DES_CBC_MD4,
673		ENCTYPE_DES_CBC_MD5,
674	526	ENCTYPE_DES3_CBC_SHA1,
675	527	ENCTYPE_ARCFOUR_HMAC,
676	528	ENCTYPE_ARCFOUR_HMAC_EXP,

+0

-3

src/lib/crypto/crypto_tests/t_encrypt.c less more

36	36
37	37	/* What enctypes should we test?*/
38	38	krb5_enctype interesting_enctypes[] = {
39		ENCTYPE_DES_CBC_CRC,
40		ENCTYPE_DES_CBC_MD4,
41		ENCTYPE_DES_CBC_MD5,
42	39	ENCTYPE_DES3_CBC_SHA1,
43	40	ENCTYPE_ARCFOUR_HMAC,
44	41	ENCTYPE_ARCFOUR_HMAC_EXP,

+1

-1

src/lib/crypto/crypto_tests/t_mdcksum.c less more

23	23	* or implied warranty.
24	24	*/
25	25
26		/* Test checksum and checksum compatability for rsa-md[4,5]-des. */
	26	/* Test checksum and checksum compatibility for rsa-md[4,5]-des. */
27	27
28	28	#ifndef MD
29	29	#define MD 5

+0

-3

src/lib/crypto/crypto_tests/t_short.c less more

33	33	#include "k5-int.h"
34	34
35	35	krb5_enctype interesting_enctypes[] = {
36		ENCTYPE_DES_CBC_CRC,
37		ENCTYPE_DES_CBC_MD4,
38		ENCTYPE_DES_CBC_MD5,
39	36	ENCTYPE_DES3_CBC_SHA1,
40	37	ENCTYPE_ARCFOUR_HMAC,
41	38	ENCTYPE_ARCFOUR_HMAC_EXP,

+0

-274

src/lib/crypto/crypto_tests/t_str2key.c less more

34	34	krb5_error_code expected_err;
35	35	krb5_boolean allow_weak;
36	36	} test_cases[] = {
37		/* AFS string-to-key tests from old t_afss2k.c. */
38		{
39		ENCTYPE_DES_CBC_CRC,
40		"",
41		{ KV5M_DATA, 15, "Sodium Chloride" },
42		{ KV5M_DATA, 1, "\1" },
43		{ KV5M_DATA, 8, "\xA4\xD0\xD0\x9B\x86\x92\xB0\xC2" },
44		0,
45		FALSE
46		},
47		{
48		ENCTYPE_DES_CBC_CRC,
49		"M",
50		{ KV5M_DATA, 15, "Sodium Chloride" },
51		{ KV5M_DATA, 1, "\1" },
52		{ KV5M_DATA, 8, "\xF1\xF2\x9E\xAB\xD0\xEF\xDF\x73" },
53		0,
54		FALSE
55		},
56		{
57		ENCTYPE_DES_CBC_CRC,
58		"My",
59		{ KV5M_DATA, 15, "Sodium Chloride" },
60		{ KV5M_DATA, 1, "\1" },
61		{ KV5M_DATA, 8, "\xD6\x85\x61\xC4\xF2\x94\xF4\xA1" },
62		0,
63		FALSE
64		},
65		{
66		ENCTYPE_DES_CBC_CRC,
67		"My ",
68		{ KV5M_DATA, 15, "Sodium Chloride" },
69		{ KV5M_DATA, 1, "\1" },
70		{ KV5M_DATA, 8, "\xD0\xE3\xA7\x83\x94\x61\xE0\xD0" },
71		0,
72		FALSE
73		},
74		{
75		ENCTYPE_DES_CBC_CRC,
76		"My P",
77		{ KV5M_DATA, 15, "Sodium Chloride" },
78		{ KV5M_DATA, 1, "\1" },
79		{ KV5M_DATA, 8, "\xD5\x62\xCD\x94\x61\xCB\x97\xDF" },
80		0,
81		FALSE
82		},
83		{
84		ENCTYPE_DES_CBC_CRC,
85		"My Pa",
86		{ KV5M_DATA, 15, "Sodium Chloride" },
87		{ KV5M_DATA, 1, "\1" },
88		{ KV5M_DATA, 8, "\x9E\xA2\xA2\xEC\xA8\x8C\x6B\x8F" },
89		0,
90		FALSE
91		},
92		{
93		ENCTYPE_DES_CBC_CRC,
94		"My Pas",
95		{ KV5M_DATA, 15, "Sodium Chloride" },
96		{ KV5M_DATA, 1, "\1" },
97		{ KV5M_DATA, 8, "\xE3\x91\x6D\xD3\x85\xF1\x67\xC4" },
98		0,
99		FALSE
100		},
101		{
102		ENCTYPE_DES_CBC_CRC,
103		"My Pass",
104		{ KV5M_DATA, 15, "Sodium Chloride" },
105		{ KV5M_DATA, 1, "\1" },
106		{ KV5M_DATA, 8, "\xF4\xC4\x73\xC8\x8A\xE9\x94\x6D" },
107		0,
108		FALSE
109		},
110		{
111		ENCTYPE_DES_CBC_CRC,
112		"My Passw",
113		{ KV5M_DATA, 15, "Sodium Chloride" },
114		{ KV5M_DATA, 1, "\1" },
115		{ KV5M_DATA, 8, "\xA1\x9E\xB3\xAD\x6B\xE3\xAB\xD9" },
116		0,
117		FALSE
118		},
119		{
120		ENCTYPE_DES_CBC_CRC,
121		"My Passwo",
122		{ KV5M_DATA, 15, "Sodium Chloride" },
123		{ KV5M_DATA, 1, "\1" },
124		{ KV5M_DATA, 8, "\xAD\xA1\xCE\x10\x37\x83\xA7\x8C" },
125		0,
126		FALSE
127		},
128		{
129		ENCTYPE_DES_CBC_CRC,
130		"My Passwor",
131		{ KV5M_DATA, 15, "Sodium Chloride" },
132		{ KV5M_DATA, 1, "\1" },
133		{ KV5M_DATA, 8, "\xD3\x01\xD0\xF7\x3E\x7A\x49\x0B" },
134		0,
135		FALSE
136		},
137		{
138		ENCTYPE_DES_CBC_CRC,
139		"My Password",
140		{ KV5M_DATA, 15, "Sodium Chloride" },
141		{ KV5M_DATA, 1, "\1" },
142		{ KV5M_DATA, 8, "\xB6\x2A\x4A\xEC\x9D\x4C\x68\xDF" },
143		0,
144		FALSE
145		},
146		{
147		ENCTYPE_DES_CBC_CRC,
148		"",
149		{ KV5M_DATA, 4, "NaCl" },
150		{ KV5M_DATA, 1, "\1" },
151		{ KV5M_DATA, 8, "\x61\xEF\xE6\x83\xE5\x8A\x6B\x98" },
152		0,
153		FALSE
154		},
155		{
156		ENCTYPE_DES_CBC_CRC,
157		"M",
158		{ KV5M_DATA, 4, "NaCl" },
159		{ KV5M_DATA, 1, "\1" },
160		{ KV5M_DATA, 8, "\x68\xCD\x68\xAD\xC4\x86\xCD\xE5" },
161		0,
162		FALSE
163		},
164		{
165		ENCTYPE_DES_CBC_CRC,
166		"My",
167		{ KV5M_DATA, 4, "NaCl" },
168		{ KV5M_DATA, 1, "\1" },
169		{ KV5M_DATA, 8, "\x83\xA1\xC8\x86\x8F\x67\xD0\x62" },
170		0,
171		FALSE
172		},
173		{
174		ENCTYPE_DES_CBC_CRC,
175		"My ",
176		{ KV5M_DATA, 4, "NaCl" },
177		{ KV5M_DATA, 1, "\1" },
178		{ KV5M_DATA, 8, "\x9E\xC7\x8F\xA4\xA4\xB3\xE0\xD5" },
179		0,
180		FALSE
181		},
182		{
183		ENCTYPE_DES_CBC_CRC,
184		"My P",
185		{ KV5M_DATA, 4, "NaCl" },
186		{ KV5M_DATA, 1, "\1" },
187		{ KV5M_DATA, 8, "\xD9\x92\x86\x8F\x9D\x8C\x85\xE6" },
188		0,
189		FALSE
190		},
191		{
192		ENCTYPE_DES_CBC_CRC,
193		"My Pa",
194		{ KV5M_DATA, 4, "NaCl" },
195		{ KV5M_DATA, 1, "\1" },
196		{ KV5M_DATA, 8, "\xDA\xF2\x92\x83\xF4\x9B\xA7\xAD" },
197		0,
198		FALSE
199		},
200		{
201		ENCTYPE_DES_CBC_CRC,
202		"My Pas",
203		{ KV5M_DATA, 4, "NaCl" },
204		{ KV5M_DATA, 1, "\1" },
205		{ KV5M_DATA, 8, "\x91\xCD\xAD\xEF\x86\xDF\xD3\xA2" },
206		0,
207		FALSE
208		},
209		{
210		ENCTYPE_DES_CBC_CRC,
211		"My Pass",
212		{ KV5M_DATA, 4, "NaCl" },
213		{ KV5M_DATA, 1, "\1" },
214		{ KV5M_DATA, 8, "\x73\xD3\x67\x68\x8F\x6E\xE3\x73" },
215		0,
216		FALSE
217		},
218		{
219		ENCTYPE_DES_CBC_CRC,
220		"My Passw",
221		{ KV5M_DATA, 4, "NaCl" },
222		{ KV5M_DATA, 1, "\1" },
223		{ KV5M_DATA, 8, "\xC4\x61\x85\x9D\xAD\xF4\xDC\xB0" },
224		0,
225		FALSE
226		},
227		{
228		ENCTYPE_DES_CBC_CRC,
229		"My Passwo",
230		{ KV5M_DATA, 4, "NaCl" },
231		{ KV5M_DATA, 1, "\1" },
232		{ KV5M_DATA, 8, "\xE9\x02\x83\x16\x2C\xEC\xE0\x08" },
233		0,
234		FALSE
235		},
236		{
237		ENCTYPE_DES_CBC_CRC,
238		"My Passwor",
239		{ KV5M_DATA, 4, "NaCl" },
240		{ KV5M_DATA, 1, "\1" },
241		{ KV5M_DATA, 8, "\x61\xC8\x26\x29\xD9\x73\x6E\xB6" },
242		0,
243		FALSE
244		},
245		{
246		ENCTYPE_DES_CBC_CRC,
247		"My Password",
248		{ KV5M_DATA, 4, "NaCl" },
249		{ KV5M_DATA, 1, "\1" },
250		{ KV5M_DATA, 8, "\x8C\xA8\x9E\xC4\xA8\xDC\x31\x73" },
251		0,
252		FALSE
253		},
254
255		/* Test vectors from RFC 3961 appendix A.2. */
256		{
257		ENCTYPE_DES_CBC_CRC,
258		"password",
259		{ KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
260		{ KV5M_DATA, 1, "\0" },
261		{ KV5M_DATA, 8, "\xCB\xC2\x2F\xAE\x23\x52\x98\xE3" },
262		0,
263		FALSE
264		},
265		{
266		ENCTYPE_DES_CBC_CRC,
267		"potatoe",
268		{ KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" },
269		{ KV5M_DATA, 1, "\0" },
270		{ KV5M_DATA, 8, "\xDF\x3D\x32\xA7\x4F\xD9\x2A\x01" },
271		0,
272		FALSE
273		},
274		{
275		ENCTYPE_DES_CBC_CRC,
276		"\xF0\x9D\x84\x9E",
277		{ KV5M_DATA, 18, "EXAMPLE.COMpianist" },
278		{ KV5M_DATA, 1, "\0" },
279		{ KV5M_DATA, 8, "\x4F\xFB\x26\xBA\xB0\xCD\x94\x13" },
280		0,
281		FALSE
282		},
283		{
284		ENCTYPE_DES_CBC_CRC,
285		"\xC3\x9F",
286		{ KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" },
287		{ KV5M_DATA, 1, "\0" },
288		{ KV5M_DATA, 8, "\x62\xC8\x1A\x52\x32\xB5\xE6\x9D" },
289		0,
290		FALSE
291		},
292		{
293		ENCTYPE_DES_CBC_CRC,
294		"11119999",
295		{ KV5M_DATA, 8, "AAAAAAAA" },
296		{ KV5M_DATA, 1, "\0" },
297		{ KV5M_DATA, 8, "\x98\x40\x54\xd0\xf1\xa7\x3e\x31" },
298		0,
299		FALSE
300		},
301		{
302		ENCTYPE_DES_CBC_CRC,
303		"NNNN6666",
304		{ KV5M_DATA, 8, "FFFFAAAA" },
305		{ KV5M_DATA, 1, "\0" },
306		{ KV5M_DATA, 8, "\xC4\xBF\x6B\x25\xAD\xF7\xA4\xF8" },
307		0,
308		FALSE
309		},
310
311	37	/* Test vectors from RFC 3961 appendix A.4. */
312	38	{
313	39	ENCTYPE_DES3_CBC_SHA1,

+2

-1

src/lib/crypto/crypto_tests/vectors.c less more

29	29	*
30	30	* N.B.: Doesn't compile -- this file uses some routines internal to our
31	31	* crypto library which are declared "static" and thus aren't accessible
32		* without modifying the other sources.
	32	* without modifying the other sources. Additionally, some ciphers have been
	33	* removed.
33	34	*/
34	35
35	36	#include <assert.h>

+0

-18

src/lib/crypto/krb/Makefile.in less more

9	9	aead.o \
10	10	block_size.o \
11	11	cf2.o \
12		checksum_cbc.o \
13		checksum_confounder.o \
14	12	checksum_dk_cmac.o \
15	13	checksum_dk_hmac.o \
16	14	checksum_etm.o \

21	19	cksumtypes.o \
22	20	cmac.o \
23	21	coll_proof_cksum.o \
24		combine_keys.o \
25		crc32.o \
26	22	crypto_length.o \
27	23	crypto_libinit.o \
28	24	default_state.o \

36	32	enc_dk_cmac.o \
37	33	enc_dk_hmac.o \
38	34	enc_etm.o \
39		enc_old.o \
40	35	enc_raw.o \
41	36	enc_rc4.o \
42	37	etypes.o \

60	55	prng.o \
61	56	prng_$(PRNG_ALG).o \
62	57	random_to_key.o \
63		s2k_des.o \
64	58	s2k_pbkdf2.o \
65	59	s2k_rc4.o \
66	60	state.o \

74	68	$(OUTPRE)aead.$(OBJEXT) \
75	69	$(OUTPRE)block_size.$(OBJEXT) \
76	70	$(OUTPRE)cf2.$(OBJEXT) \
77		$(OUTPRE)checksum_cbc.$(OBJEXT) \
78		$(OUTPRE)checksum_confounder.$(OBJEXT) \
79	71	$(OUTPRE)checksum_dk_cmac.$(OBJEXT) \
80	72	$(OUTPRE)checksum_dk_hmac.$(OBJEXT) \
81	73	$(OUTPRE)checksum_etm.$(OBJEXT) \

86	78	$(OUTPRE)cksumtypes.$(OBJEXT) \
87	79	$(OUTPRE)cmac.$(OBJEXT) \
88	80	$(OUTPRE)coll_proof_cksum.$(OBJEXT) \
89		$(OUTPRE)combine_keys.$(OBJEXT) \
90		$(OUTPRE)crc32.$(OBJEXT) \
91	81	$(OUTPRE)crypto_length.$(OBJEXT) \
92	82	$(OUTPRE)crypto_libinit.$(OBJEXT) \
93	83	$(OUTPRE)default_state.$(OBJEXT) \

101	91	$(OUTPRE)enc_dk_cmac.$(OBJEXT) \
102	92	$(OUTPRE)enc_dk_hmac.$(OBJEXT) \
103	93	$(OUTPRE)enc_etm.$(OBJEXT) \
104		$(OUTPRE)enc_old.$(OBJEXT) \
105	94	$(OUTPRE)enc_raw.$(OBJEXT) \
106	95	$(OUTPRE)enc_rc4.$(OBJEXT) \
107	96	$(OUTPRE)etypes.$(OBJEXT) \

125	114	$(OUTPRE)prng.$(OBJEXT) \
126	115	$(OUTPRE)prng_$(PRNG_ALG).$(OBJEXT) \
127	116	$(OUTPRE)random_to_key.$(OBJEXT) \
128		$(OUTPRE)s2k_des.$(OBJEXT) \
129	117	$(OUTPRE)s2k_pbkdf2.$(OBJEXT) \
130	118	$(OUTPRE)s2k_rc4.$(OBJEXT) \
131	119	$(OUTPRE)state.$(OBJEXT) \

139	127	$(srcdir)/aead.c \
140	128	$(srcdir)/block_size.c \
141	129	$(srcdir)/cf2.c \
142		$(srcdir)/checksum_cbc.c \
143		$(srcdir)/checksum_confounder.c \
144	130	$(srcdir)/checksum_dk_cmac.c \
145	131	$(srcdir)/checksum_dk_hmac.c \
146	132	$(srcdir)/checksum_etm.c \

151	137	$(srcdir)/cksumtypes.c \
152	138	$(srcdir)/cmac.c \
153	139	$(srcdir)/coll_proof_cksum.c \
154		$(srcdir)/combine_keys.c \
155		$(srcdir)/crc32.c \
156	140	$(srcdir)/crypto_length.c \
157	141	$(srcdir)/crypto_libinit.c \
158	142	$(srcdir)/default_state.c \

166	150	$(srcdir)/enc_dk_cmac.c \
167	151	$(srcdir)/enc_dk_hmac.c \
168	152	$(srcdir)/enc_etm.c \
169		$(srcdir)/enc_old.c \
170	153	$(srcdir)/enc_raw.c \
171	154	$(srcdir)/enc_rc4.c \
172	155	$(srcdir)/etypes.c \

191	174	$(srcdir)/prng_$(PRNG_ALG).c \
192	175	$(srcdir)/cf2.c \
193	176	$(srcdir)/random_to_key.c \
194		$(srcdir)/s2k_des.c \
195	177	$(srcdir)/s2k_pbkdf2.c \
196	178	$(srcdir)/s2k_rc4.c \
197	179	$(srcdir)/state.c \

+0

-41

~~src/lib/crypto/krb/checksum_cbc.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/krb/checksum_cbc.c */
2		/*
3		* Copyright (C) 2009 by the Massachusetts Institute of Technology.
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/* CBC checksum, which computes the ivec resulting from CBC encryption of the
27		* input. */
28
29		#include "crypto_int.h"
30
31		krb5_error_code
32		krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
33		krb5_key key, krb5_keyusage usage,
34		const krb5_crypto_iov *data, size_t num_data,
35		krb5_data *output)
36		{
37		if (ctp->enc->cbc_mac == NULL)
38		return KRB5_CRYPTO_INTERNAL;
39		return ctp->enc->cbc_mac(key, data, num_data, NULL, output);
40		}

+0

-159

~~src/lib/crypto/krb/checksum_confounder.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/krb/checksum_confounder.c */
2		/*
3		* Copyright (C) 2009 by the Massachusetts Institute of Technology.
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/*
27		* Confounder checksum implementation, using tokens of the form:
28		* enc(xorkey, confounder \| hash(confounder \| data))
29		* where xorkey is the key XOR'd with 0xf0 bytes.
30		*/
31
32		#include "crypto_int.h"
33
34		/* Derive a key by XOR with 0xF0 bytes. */
35		static krb5_error_code
36		mk_xorkey(krb5_key origkey, krb5_key *xorkey)
37		{
38		krb5_error_code retval = 0;
39		unsigned char *xorbytes;
40		krb5_keyblock xorkeyblock;
41		size_t i = 0;
42
43		xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length,
44		&retval);
45		if (xorbytes == NULL)
46		return retval;
47		for (i = 0; i < origkey->keyblock.length; i++)
48		xorbytes[i] ^= 0xf0;
49
50		/* Do a shallow copy here. */
51		xorkeyblock = origkey->keyblock;
52		xorkeyblock.contents = xorbytes;
53
54		retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
55		zapfree(xorbytes, origkey->keyblock.length);
56		return retval;
57		}
58
59		krb5_error_code
60		krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
61		krb5_key key, krb5_keyusage usage,
62		const krb5_crypto_iov *data, size_t num_data,
63		krb5_data *output)
64		{
65		krb5_error_code ret;
66		krb5_data conf, hashval;
67		krb5_key xorkey = NULL;
68		krb5_crypto_iov *hash_iov, iov;
69		size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
70
71		/* Partition the output buffer into confounder and hash. */
72		conf = make_data(output->data, blocksize);
73		hashval = make_data(output->data + blocksize, hashsize);
74
75		/* Create the confounder. */
76		ret = krb5_c_random_make_octets(NULL, &conf);
77		if (ret != 0)
78		return ret;
79
80		ret = mk_xorkey(key, &xorkey);
81		if (ret)
82		return ret;
83
84		/* Hash the confounder, then the input data. */
85		hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
86		if (hash_iov == NULL)
87		goto cleanup;
88		hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
89		hash_iov[0].data = conf;
90		memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
91		ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
92		if (ret != 0)
93		goto cleanup;
94
95		/* Confounder and hash are in output buffer; encrypt them in place. */
96		iov.flags = KRB5_CRYPTO_TYPE_DATA;
97		iov.data = *output;
98		ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1);
99
100		cleanup:
101		free(hash_iov);
102		krb5_k_free_key(NULL, xorkey);
103		return ret;
104		}
105
106		krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
107		krb5_key key, krb5_keyusage usage,
108		const krb5_crypto_iov *data,
109		size_t num_data,
110		const krb5_data *input,
111		krb5_boolean *valid)
112		{
113		krb5_error_code ret;
114		unsigned char *plaintext = NULL;
115		krb5_key xorkey = NULL;
116		krb5_data computed = empty_data();
117		krb5_crypto_iov *hash_iov = NULL, iov;
118		size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
119
120		plaintext = k5memdup(input->data, input->length, &ret);
121		if (plaintext == NULL)
122		return ret;
123
124		ret = mk_xorkey(key, &xorkey);
125		if (ret != 0)
126		goto cleanup;
127
128		/* Decrypt the input checksum. */
129		iov.flags = KRB5_CRYPTO_TYPE_DATA;
130		iov.data = make_data(plaintext, input->length);
131		ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
132		if (ret != 0)
133		goto cleanup;
134
135		/* Hash the confounder, then the input data. */
136		hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
137		if (hash_iov == NULL)
138		goto cleanup;
139		hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
140		hash_iov[0].data = make_data(plaintext, blocksize);
141		memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
142		ret = alloc_data(&computed, hashsize);
143		if (ret != 0)
144		goto cleanup;
145		ret = ctp->hash->hash(hash_iov, num_data + 1, &computed);
146		if (ret != 0)
147		goto cleanup;
148
149		/* Compare the decrypted hash to the computed one. */
150		*valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0);
151
152		cleanup:
153		zapfree(plaintext, input->length);
154		zapfree(computed.data, hashsize);
155		free(hash_iov);
156		krb5_k_free_key(NULL, xorkey);
157		return ret;
158		}

+0

-24

src/lib/crypto/krb/cksumtypes.c less more

27	27	#include "crypto_int.h"
28	28
29	29	const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
30		{ CKSUMTYPE_CRC32,
31		"crc32", { 0 }, "CRC-32",
32		NULL, &krb5int_hash_crc32,
33		krb5int_unkeyed_checksum, NULL,
34		4, 4, CKSUM_UNKEYED \| CKSUM_NOT_COLL_PROOF },
35
36	30	{ CKSUMTYPE_RSA_MD4,
37	31	"md4", { 0 }, "RSA-MD4",
38	32	NULL, &krb5int_hash_md4,
39	33	krb5int_unkeyed_checksum, NULL,
40	34	16, 16, CKSUM_UNKEYED },
41	35
42		{ CKSUMTYPE_RSA_MD4_DES,
43		"md4-des", { 0 }, "RSA-MD4 with DES cbc mode",
44		&krb5int_enc_des, &krb5int_hash_md4,
45		krb5int_confounder_checksum, krb5int_confounder_verify,
46		24, 24, 0 },
47
48		{ CKSUMTYPE_DESCBC,
49		"des-cbc", { 0 }, "DES cbc mode",
50		&krb5int_enc_des, NULL,
51		krb5int_cbc_checksum, NULL,
52		8, 8, 0 },
53
54	36	{ CKSUMTYPE_RSA_MD5,
55	37	"md5", { 0 }, "RSA-MD5",
56	38	NULL, &krb5int_hash_md5,
57	39	krb5int_unkeyed_checksum, NULL,
58	40	16, 16, CKSUM_UNKEYED },
59
60		{ CKSUMTYPE_RSA_MD5_DES,
61		"md5-des", { 0 }, "RSA-MD5 with DES cbc mode",
62		&krb5int_enc_des, &krb5int_hash_md5,
63		krb5int_confounder_checksum, krb5int_confounder_verify,
64		24, 24, 0 },
65	41
66	42	{ CKSUMTYPE_NIST_SHA,
67	43	"sha", { 0 }, "NIST-SHA",

+0

-230

~~src/lib/crypto/krb/combine_keys.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* Copyright (c) 2002 Naval Research Laboratory (NRL/CCS) */
2		/*
3		* Permission to use, copy, modify and distribute this software and its
4		* documentation is hereby granted, provided that both the copyright
5		* notice and this permission notice appear in all copies of the software,
6		* derivative works or modified versions, and any portions thereof.
7		*
8		* NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
9		* DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
10		* RESULTING FROM THE USE OF THIS SOFTWARE.
11		*/
12
13		/*
14		* Key combination function.
15		*
16		* If Key1 and Key2 are two keys to be combined, the algorithm to combine
17		* them is as follows.
18		*
19		* Definitions:
20		*
21		* k-truncate is defined as truncating to the key size the input.
22		*
23		* DR is defined as the generate "random" data from a key
24		* (defined in crypto draft)
25		*
26		* DK is defined as the key derivation function (krb5int_derive_key())
27		*
28		* (note: \| means "concatenate")
29		*
30		* Combine key algorithm:
31		*
32		* R1 = DR(Key1, n-fold(Key2)) [ Output is length of Key1 ]
33		* R2 = DR(Key2, n-fold(Key1)) [ Output is length of Key2 ]
34		*
35		* rnd = n-fold(R1 \| R2) [ Note: output size of nfold must be appropriately
36		* sized for random-to-key function ]
37		* tkey = random-to-key(rnd)
38		* Combine-Key(Key1, Key2) = DK(tkey, CombineConstant)
39		*
40		* CombineConstant is defined as the byte string:
41		*
42		* { 0x63 0x6f 0x6d 0x62 0x69 0x6e 0x65 }, which corresponds to the
43		* ASCII encoding of the string "combine"
44		*/
45
46		#include "crypto_int.h"
47
48		static krb5_error_code dr(const struct krb5_enc_provider *enc,
49		const krb5_keyblock inkey, unsigned char outdata,
50		const krb5_data *in_constant);
51
52		/*
53		* We only support this combine_keys algorithm for des and 3des keys.
54		* Everything else should use the PRF defined in the crypto framework.
55		* We don't implement that yet.
56		*/
57
58		static krb5_boolean
59		enctype_ok(krb5_enctype e)
60		{
61		switch (e) {
62		case ENCTYPE_DES_CBC_CRC:
63		case ENCTYPE_DES_CBC_MD4:
64		case ENCTYPE_DES_CBC_MD5:
65		case ENCTYPE_DES3_CBC_SHA1:
66		return TRUE;
67		default:
68		return FALSE;
69		}
70		}
71
72		krb5_error_code
73		krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
74		krb5_keyblock key2, krb5_keyblock outkey)
75		{
76		unsigned char r1 = NULL, r2 = NULL, combined = NULL, rnd = NULL;
77		unsigned char *output = NULL;
78		size_t keybytes, keylength;
79		const struct krb5_enc_provider *enc;
80		krb5_data input, randbits;
81		krb5_keyblock tkeyblock;
82		krb5_key tkey = NULL;
83		krb5_error_code ret;
84		const struct krb5_keytypes *ktp;
85		krb5_boolean myalloc = FALSE;
86
87		if (!enctype_ok(key1->enctype) \|\| !enctype_ok(key2->enctype))
88		return KRB5_CRYPTO_INTERNAL;
89
90		if (key1->length != key2->length \|\| key1->enctype != key2->enctype)
91		return KRB5_CRYPTO_INTERNAL;
92
93		/* Find our encryption algorithm. */
94		ktp = find_enctype(key1->enctype);
95		if (ktp == NULL)
96		return KRB5_BAD_ENCTYPE;
97		enc = ktp->enc;
98
99		keybytes = enc->keybytes;
100		keylength = enc->keylength;
101
102		/* Allocate and set up buffers. */
103		r1 = k5alloc(keybytes, &ret);
104		if (ret)
105		goto cleanup;
106		r2 = k5alloc(keybytes, &ret);
107		if (ret)
108		goto cleanup;
109		rnd = k5alloc(keybytes, &ret);
110		if (ret)
111		goto cleanup;
112		combined = k5calloc(2, keybytes, &ret);
113		if (ret)
114		goto cleanup;
115		output = k5alloc(keylength, &ret);
116		if (ret)
117		goto cleanup;
118
119		/*
120		* Get R1 and R2 (by running the input keys through the DR algorithm.
121		* Note this is most of derive-key, but not all.
122		*/
123
124		input.length = key2->length;
125		input.data = (char *) key2->contents;
126		ret = dr(enc, key1, r1, &input);
127		if (ret)
128		goto cleanup;
129
130		input.length = key1->length;
131		input.data = (char *) key1->contents;
132		ret = dr(enc, key2, r2, &input);
133		if (ret)
134		goto cleanup;
135
136		/*
137		* Concatenate the two keys together, and then run them through
138		* n-fold to reduce them to a length appropriate for the random-to-key
139		* operation. Note here that krb5int_nfold() takes sizes in bits, hence
140		* the multiply by 8.
141		*/
142
143		memcpy(combined, r1, keybytes);
144		memcpy(combined + keybytes, r2, keybytes);
145
146		krb5int_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
147
148		/*
149		* Run the "random" bits through random-to-key to produce a encryption
150		* key.
151		*/
152
153		randbits.length = keybytes;
154		randbits.data = (char *) rnd;
155		tkeyblock.length = keylength;
156		tkeyblock.contents = output;
157		tkeyblock.enctype = key1->enctype;
158
159		ret = (*ktp->rand2key)(&randbits, &tkeyblock);
160		if (ret)
161		goto cleanup;
162
163		ret = krb5_k_create_key(NULL, &tkeyblock, &tkey);
164		if (ret)
165		goto cleanup;
166
167		/*
168		* Run through derive-key one more time to produce the final key.
169		* Note that the input to derive-key is the ASCII string "combine".
170		*/
171
172		input.length = 7;
173		input.data = "combine";
174
175		/*
176		* Just FYI: _if_ we have space here in the key, then simply use it
177		* without modification. But if the key is blank (no allocated storage)
178		* then allocate some memory for it. This allows programs to use one of
179		* the existing keys as the output key, _or_ pass in a blank keyblock
180		* for us to allocate. It's easier for us to allocate it since we already
181		* know the crypto library internals
182		*/
183
184		if (outkey->length == 0 \|\| outkey->contents == NULL) {
185		outkey->contents = k5alloc(keylength, &ret);
186		if (ret)
187		goto cleanup;
188		outkey->length = keylength;
189		outkey->enctype = key1->enctype;
190		myalloc = TRUE;
191		}
192
193		ret = krb5int_derive_keyblock(enc, NULL, tkey, outkey, &input,
194		DERIVE_RFC3961);
195		if (ret) {
196		if (myalloc) {
197		free(outkey->contents);
198		outkey->contents = NULL;
199		}
200		goto cleanup;
201		}
202
203		cleanup:
204		zapfree(r1, keybytes);
205		zapfree(r2, keybytes);
206		zapfree(rnd, keybytes);
207		zapfree(combined, keybytes * 2);
208		zapfree(output, keylength);
209		krb5_k_free_key(NULL, tkey);
210		return ret;
211		}
212
213		/* Our DR function, a simple wrapper around krb5int_derive_random(). */
214		static krb5_error_code
215		dr(const struct krb5_enc_provider enc, const krb5_keyblock inkey,
216		unsigned char out, const krb5_data in_constant)
217		{
218		krb5_data outdata = make_data(out, enc->keybytes);
219		krb5_key key = NULL;
220		krb5_error_code ret;
221
222		ret = krb5_k_create_key(NULL, inkey, &key);
223		if (ret != 0)
224		return ret;
225		ret = krb5int_derive_random(enc, NULL, key, &outdata, in_constant,
226		DERIVE_RFC3961);
227		krb5_k_free_key(NULL, key);
228		return ret;
229		}

+0

-165

~~src/lib/crypto/krb/crc32.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/krb/crc32.c */
2		/*
3		* Copyright 1990, 2002 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25		/*
26		* Copyright (C) 1986 Gary S. Brown. You may use this program, or
27		* code or tables extracted from it, as desired without restriction.
28		*/
29
30		/*
31		*
32		* CRC-32/AUTODIN-II routines
33		*/
34
35		#include "crypto_int.h"
36
37		/* First, the polynomial itself and its table of feedback terms. The */
38		/* polynomial is */
39		/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */
40		/* Note that we take it "backwards" and put the highest-order term in */
41		/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */
42		/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */
43		/* the MSB being 1. */
44
45		/* Note that the usual hardware shift register implementation, which */
46		/* is what we're using (we're merely optimizing it by doing eight-bit */
47		/* chunks at a time) shifts bits into the lowest-order term. In our */
48		/* implementation, that means shifting towards the right. Why do we */
49		/* do it this way? Because the calculated CRC must be transmitted in */
50		/* order from highest-order term to lowest-order term. UARTs transmit */
51		/* characters in order from LSB to MSB. By storing the CRC this way, */
52		/* we hand it to the UART in the order low-byte to high-byte; the UART */
53		/* sends each low-bit to hight-bit; and the result is transmission bit */
54		/* by bit from highest- to lowest-order term without requiring any bit */
55		/* shuffling on our part. Reception works similarly. */
56
57		/* The feedback terms table consists of 256, 32-bit entries. Notes: */
58		/* */
59		/* 1. The table can be generated at runtime if desired; code to do so */
60		/* is shown later. It might not be obvious, but the feedback */
61		/* terms simply represent the results of eight shift/xor opera- */
62		/* tions for all combinations of data and CRC register values. */
63		/* */
64		/* 2. The CRC accumulation logic is the same for all CRC polynomials, */
65		/* be they sixteen or thirty-two bits wide. You simply choose the */
66		/* appropriate table. Alternatively, because the table can be */
67		/* generated at runtime, you can start by generating the table for */
68		/* the polynomial in question and use exactly the same "updcrc", */
69		/* if your application needn't simultaneously handle two CRC */
70		/* polynomials. (Note, however, that XMODEM is strange.) */
71		/* */
72		/* 3. For 16-bit CRCs, the table entries need be only 16 bits wide; */
73		/* of course, 32-bit entries work OK if the high 16 bits are zero. */
74		/* */
75		/* 4. The values must be right-shifted by eight bits by the "updcrc" */
76		/* logic; the shift must be unsigned (bring in zeroes). On some */
77		/* hardware you could probably optimize the shift in assembler by */
78		/* using byte-swap instructions. */
79
80		static u_long const crc_table[256] = {
81		0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
82		0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
83		0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
84		0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
85		0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
86		0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
87		0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
88		0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
89		0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
90		0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
91		0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
92		0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
93		0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
94		0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
95		0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
96		0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
97		0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
98		0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
99		0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
100		0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
101		0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
102		0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
103		0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
104		0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
105		0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
106		0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
107		0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
108		0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
109		0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
110		0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
111		0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
112		0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
113		0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
114		0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
115		0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
116		0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
117		0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
118		0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
119		0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
120		0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
121		0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
122		0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
123		0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
124		0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
125		0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
126		0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
127		0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
128		0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
129		0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
130		0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
131		0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
132		0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
133		0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
134		0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
135		0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
136		0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
137		0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
138		0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
139		0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
140		0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
141		0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
142		0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
143		0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
144		0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
145		};
146
147		void
148		mit_crc32(krb5_pointer in, size_t in_length, unsigned long *cksum)
149		{
150		u_char *data;
151		u_long c = *cksum;
152		int idx;
153		size_t i;
154
155		data = (u_char *)in;
156		for (i = 0; i < in_length; i++) {
157		idx = (int) (data[i] ^ c);
158		idx &= 0xff;
159		c >>= 8;
160		c ^= crc_table[idx];
161		}
162
163		*cksum = c;
164		}

+8

-33

src/lib/crypto/krb/crypto_int.h less more

113	113	unsigned int ssf;
114	114	};
115	115
116		#define ETYPE_WEAK 1
	116	/*
	117	* "Weak" means the enctype is believed to be vulnerable to practical attacks,
	118	* and will be disabled unless allow_weak_crypto is set to true. "Deprecated"
	119	* means the enctype has been deprecated by the IETF, and affects display and
	120	* logging.
	121	*/
	122	#define ETYPE_WEAK (1 << 0)
	123	#define ETYPE_DEPRECATED (1 << 1)
117	124
118	125	extern const struct krb5_keytypes krb5int_enctypes_list[];
119	126	extern const int krb5int_enctypes_length;

172	179	/* Prototypes for enctype table functions */
173	180
174	181	/* Length */
175		unsigned int krb5int_old_crypto_length(const struct krb5_keytypes *ktp,
176		krb5_cryptotype type);
177	182	unsigned int krb5int_raw_crypto_length(const struct krb5_keytypes *ktp,
178	183	krb5_cryptotype type);
179	184	unsigned int krb5int_arcfour_crypto_length(const struct krb5_keytypes *ktp,

188	193	krb5_cryptotype type);
189	194
190	195	/* Encrypt */
191		krb5_error_code krb5int_old_encrypt(const struct krb5_keytypes *ktp,
192		krb5_key key, krb5_keyusage usage,
193		const krb5_data *ivec,
194		krb5_crypto_iov *data, size_t num_data);
195	196	krb5_error_code krb5int_raw_encrypt(const struct krb5_keytypes *ktp,
196	197	krb5_key key, krb5_keyusage usage,
197	198	const krb5_data *ivec,

216	217	krb5_crypto_iov *data, size_t num_data);
217	218
218	219	/* Decrypt */
219		krb5_error_code krb5int_old_decrypt(const struct krb5_keytypes *ktp,
220		krb5_key key, krb5_keyusage usage,
221		const krb5_data *ivec,
222		krb5_crypto_iov *data, size_t num_data);
223	220	krb5_error_code krb5int_raw_decrypt(const struct krb5_keytypes *ktp,
224	221	krb5_key key, krb5_keyusage usage,
225	222	const krb5_data *ivec,

305	302	const krb5_crypto_iov *data,
306	303	size_t num_data,
307	304	krb5_data *output);
308		krb5_error_code krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
309		krb5_key key, krb5_keyusage usage,
310		const krb5_crypto_iov *data,
311		size_t num_data,
312		krb5_data *output);
313	305	krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
314	306	krb5_key key, krb5_keyusage usage,
315	307	const krb5_crypto_iov *data,

323	315	krb5_key key, krb5_keyusage usage,
324	316	const krb5_crypto_iov *data,
325	317	size_t num_data, krb5_data *output);
326		krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
327		krb5_key key, krb5_keyusage usage,
328		const krb5_crypto_iov *data,
329		size_t num_data,
330		krb5_data *output);
331		krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
332		krb5_key key, krb5_keyusage usage,
333		const krb5_crypto_iov *data,
334		size_t num_data,
335		const krb5_data *input,
336		krb5_boolean *valid);
337	318	krb5_error_code krb5int_etm_checksum(const struct krb5_cksumtypes *ctp,
338	319	krb5_key key, krb5_keyusage usage,
339	320	const krb5_crypto_iov *data,

380	361	size_t num_data,
381	362	krb5_data *output);
382	363
383		/* Compute a CRC-32 checksum. c is in-out to allow chaining; init to 0. */
384		#define CRC32_CKSUM_LENGTH 4
385		void mit_crc32(krb5_pointer in, size_t in_length, unsigned long *c);
386
387	364	/* Translate an RFC 3961 key usage to a Microsoft RC4 usage. */
388	365	krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage);
389	366

447	424	/* Modules must implement the k5_sha256() function prototyped in k5-int.h. */
448	425
449	426	/* Modules must implement the following enc_providers and hash_providers: */
450		extern const struct krb5_enc_provider krb5int_enc_des;
451	427	extern const struct krb5_enc_provider krb5int_enc_des3;
452	428	extern const struct krb5_enc_provider krb5int_enc_arcfour;
453	429	extern const struct krb5_enc_provider krb5int_enc_aes128;

457	433	extern const struct krb5_enc_provider krb5int_enc_camellia128;
458	434	extern const struct krb5_enc_provider krb5int_enc_camellia256;
459	435
460		extern const struct krb5_hash_provider krb5int_hash_crc32;
461	436	extern const struct krb5_hash_provider krb5int_hash_md4;
462	437	extern const struct krb5_hash_provider krb5int_hash_md5;
463	438	extern const struct krb5_hash_provider krb5int_hash_sha1;

+0

-4

src/lib/crypto/krb/default_state.c less more

38	38	if (alloc_data(state_out, 8))
39	39	return ENOMEM;
40	40
41		/* des-cbc-crc uses the key as the initial ivec. */
42		if (key->enctype == ENCTYPE_DES_CBC_CRC)
43		memcpy(state_out->data, key->contents, state_out->length);
44
45	41	return 0;
46	42	}
47	43

+0

-75

src/lib/crypto/krb/deps less more

36	36	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
37	37	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
38	38	cf2.c crypto_int.h
39		checksum_cbc.so checksum_cbc.po $(OUTPRE)checksum_cbc.$(OBJEXT): \
40		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
41		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
42		$(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
43		$(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
44		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
45		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
46		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
47		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
48		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
49		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
50		$(top_srcdir)/include/socket-utils.h checksum_cbc.c \
51		crypto_int.h
52		checksum_confounder.so checksum_confounder.po $(OUTPRE)checksum_confounder.$(OBJEXT): \
53		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
54		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
55		$(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
56		$(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
57		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
58		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
59		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
60		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
61		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
62		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
63		$(top_srcdir)/include/socket-utils.h checksum_confounder.c \
64		crypto_int.h
65	39	checksum_dk_cmac.so checksum_dk_cmac.po $(OUTPRE)checksum_dk_cmac.$(OBJEXT): \
66	40	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
67	41	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

190	164	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
191	165	$(top_srcdir)/include/socket-utils.h coll_proof_cksum.c \
192	166	crypto_int.h
193		combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \
194		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
195		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
196		$(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
197		$(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
198		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
199		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
200		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
201		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
202		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
203		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
204		$(top_srcdir)/include/socket-utils.h combine_keys.c \
205		crypto_int.h
206		crc32.so crc32.po $(OUTPRE)crc32.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
207		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
208		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \
209		$(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \
210		$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
211		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
212		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
213		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
214		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
215		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
216		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
217		crc32.c crypto_int.h
218	167	crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \
219	168	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
220	169	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

371	320	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
372	321	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
373	322	crypto_int.h enc_etm.c
374		enc_old.so enc_old.po $(OUTPRE)enc_old.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
375		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
376		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \
377		$(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \
378		$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
379		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
380		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
381		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
382		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
383		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
384		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
385		crypto_int.h enc_old.c
386	323	enc_raw.so enc_raw.po $(OUTPRE)enc_raw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
387	324	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
388	325	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \

659	596	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
660	597	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
661	598	$(top_srcdir)/include/socket-utils.h crypto_int.h random_to_key.c
662		s2k_des.so s2k_des.po $(OUTPRE)s2k_des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
663		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
664		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h \
665		$(srcdir)/../builtin/crypto_mod.h $(srcdir)/../builtin/sha2/sha2.h \
666		$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
667		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
668		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
669		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
670		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
671		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
672		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
673		crypto_int.h s2k_des.c
674	599	s2k_pbkdf2.so s2k_pbkdf2.po $(OUTPRE)s2k_pbkdf2.$(OBJEXT): \
675	600	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
676	601	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+0

-181

~~src/lib/crypto/krb/enc_old.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/krb/enc_old.c */
2		/*
3		* Copyright 2008 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "crypto_int.h"
27
28		unsigned int
29		krb5int_old_crypto_length(const struct krb5_keytypes *ktp,
30		krb5_cryptotype type)
31		{
32		switch (type) {
33		case KRB5_CRYPTO_TYPE_HEADER:
34		return ktp->enc->block_size + ktp->hash->hashsize;
35		case KRB5_CRYPTO_TYPE_PADDING:
36		return ktp->enc->block_size;
37		case KRB5_CRYPTO_TYPE_TRAILER:
38		return 0;
39		case KRB5_CRYPTO_TYPE_CHECKSUM:
40		return ktp->hash->hashsize;
41		default:
42		assert(0 && "invalid cryptotype passed to krb5int_old_crypto_length");
43		return 0;
44		}
45		}
46
47		krb5_error_code
48		krb5int_old_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
49		krb5_keyusage usage, const krb5_data *ivec,
50		krb5_crypto_iov *data, size_t num_data)
51		{
52		const struct krb5_enc_provider *enc = ktp->enc;
53		const struct krb5_hash_provider *hash = ktp->hash;
54		krb5_error_code ret;
55		krb5_crypto_iov header, trailer, *padding;
56		krb5_data checksum, confounder, crcivec = empty_data();
57		unsigned int plainlen, padsize;
58		size_t i;
59
60		/* E(Confounder \| Checksum \| Plaintext \| Pad) */
61
62		plainlen = enc->block_size + hash->hashsize;
63		for (i = 0; i < num_data; i++) {
64		krb5_crypto_iov *iov = &data[i];
65
66		if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
67		plainlen += iov->data.length;
68		}
69
70		header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
71		if (header == NULL \|\|
72		header->data.length < enc->block_size + hash->hashsize)
73		return KRB5_BAD_MSIZE;
74
75		/* Trailer may be absent. */
76		trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
77		if (trailer != NULL)
78		trailer->data.length = 0;
79
80		/* Check that the input data is correctly padded. */
81		padsize = krb5_roundup(plainlen, enc->block_size) - plainlen;
82		padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
83		if (padsize > 0 && (padding == NULL \|\| padding->data.length < padsize))
84		return KRB5_BAD_MSIZE;
85		if (padding) {
86		padding->data.length = padsize;
87		memset(padding->data.data, 0, padsize);
88		}
89
90		/* Generate a confounder in the header block. */
91		confounder = make_data(header->data.data, enc->block_size);
92		ret = krb5_c_random_make_octets(0, &confounder);
93		if (ret != 0)
94		goto cleanup;
95		checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
96		memset(checksum.data, 0, hash->hashsize);
97
98		/* Checksum the plaintext with zeroed checksum and padding. */
99		ret = hash->hash(data, num_data, &checksum);
100		if (ret != 0)
101		goto cleanup;
102
103		/* Use the key as the ivec for des-cbc-crc if none was provided. */
104		if (key->keyblock.enctype == ENCTYPE_DES_CBC_CRC && ivec == NULL) {
105		ret = alloc_data(&crcivec, key->keyblock.length);
106		if (ret != 0)
107		goto cleanup;
108		memcpy(crcivec.data, key->keyblock.contents, key->keyblock.length);
109		ivec = &crcivec;
110		}
111
112		ret = enc->encrypt(key, ivec, data, num_data);
113		if (ret != 0)
114		goto cleanup;
115
116		cleanup:
117		zapfree(crcivec.data, crcivec.length);
118		return ret;
119		}
120
121		krb5_error_code
122		krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
123		krb5_keyusage usage, const krb5_data *ivec,
124		krb5_crypto_iov *data, size_t num_data)
125		{
126		const struct krb5_enc_provider *enc = ktp->enc;
127		const struct krb5_hash_provider *hash = ktp->hash;
128		krb5_error_code ret;
129		krb5_crypto_iov header, trailer;
130		krb5_data checksum, crcivec = empty_data();
131		char *saved_checksum = NULL;
132
133		/* Check that the input data is correctly padded. */
134		if (iov_total_length(data, num_data, FALSE) % enc->block_size != 0)
135		return KRB5_BAD_MSIZE;
136
137		header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
138		if (header == NULL \|\|
139		header->data.length != enc->block_size + hash->hashsize)
140		return KRB5_BAD_MSIZE;
141
142		trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
143		if (trailer != NULL && trailer->data.length != 0)
144		return KRB5_BAD_MSIZE;
145
146		/* Use the key as the ivec for des-cbc-crc if none was provided. */
147		if (key->keyblock.enctype == ENCTYPE_DES_CBC_CRC && ivec == NULL) {
148		ret = alloc_data(&crcivec, key->keyblock.length);
149		memcpy(crcivec.data, key->keyblock.contents, key->keyblock.length);
150		ivec = &crcivec;
151		}
152
153		/* Decrypt the ciphertext. */
154		ret = enc->decrypt(key, ivec, data, num_data);
155		if (ret != 0)
156		goto cleanup;
157
158		/* Save the checksum, then zero it out in the plaintext. */
159		checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
160		saved_checksum = k5memdup(checksum.data, checksum.length, &ret);
161		if (saved_checksum == NULL)
162		goto cleanup;
163		memset(checksum.data, 0, checksum.length);
164
165		/*
166		* Checksum the plaintext (with zeroed checksum field), storing the result
167		* back into the plaintext field we just zeroed out. Then compare it to
168		* the saved checksum.
169		*/
170		ret = hash->hash(data, num_data, &checksum);
171		if (k5_bcmp(checksum.data, saved_checksum, checksum.length) != 0) {
172		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
173		goto cleanup;
174		}
175
176		cleanup:
177		zapfree(crcivec.data, crcivec.length);
178		zapfree(saved_checksum, hash->hashsize);
179		return ret;
180		}

+27

-0

src/lib/crypto/krb/enctype_util.c less more

35	35
36	36	#include "crypto_int.h"
37	37
	38	struct {
	39	krb5_enctype etype;
	40	const char *name;
	41	} unsupported_etypes[] = {
	42	{ ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
	43	{ ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
	44	{ ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
	45	{ ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
	46	{ ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
	47	{ ENCTYPE_NULL, NULL }
	48	};
	49
38	50	krb5_boolean KRB5_CALLCONV
39	51	krb5_c_valid_enctype(krb5_enctype etype)
40	52	{

48	60
49	61	ktp = find_enctype(etype);
50	62	return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0);
	63	}
	64
	65	krb5_boolean KRB5_CALLCONV
	66	krb5int_c_deprecated_enctype(krb5_enctype etype)
	67	{
	68	const struct krb5_keytypes *ktp = find_enctype(etype);
	69	return ktp == NULL \|\| (ktp->flags & ETYPE_DEPRECATED) != 0;
51	70	}
52	71
53	72	krb5_error_code KRB5_CALLCONV

114	133	const char *name;
115	134	int i;
116	135
	136	for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
	137	if (enctype == unsupported_etypes[i].etype) {
	138	if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
	139	return ENOMEM;
	140	return 0;
	141	}
	142	}
	143
117	144	ktp = find_enctype(enctype);
118	145	if (ktp == NULL)
119	146	return EINVAL;

+5

-50

src/lib/crypto/krb/etypes.c less more

32	32	that the keytypes are all near each other. I'd rather not make
33	33	that assumption. */
34	34
	35	/* Deprecations come from RFC 6649 and RFC 8249. */
35	36	const struct krb5_keytypes krb5int_enctypes_list[] = {
36		{ ENCTYPE_DES_CBC_CRC,
37		"des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
38		&krb5int_enc_des, &krb5int_hash_crc32,
39		16,
40		krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
41		krb5int_des_string_to_key, k5_rand2key_des,
42		krb5int_des_prf,
43		CKSUMTYPE_RSA_MD5_DES,
44		ETYPE_WEAK, 56 },
45		{ ENCTYPE_DES_CBC_MD4,
46		"des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
47		&krb5int_enc_des, &krb5int_hash_md4,
48		16,
49		krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
50		krb5int_des_string_to_key, k5_rand2key_des,
51		krb5int_des_prf,
52		CKSUMTYPE_RSA_MD4_DES,
53		ETYPE_WEAK, 56 },
54		{ ENCTYPE_DES_CBC_MD5,
55		"des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
56		&krb5int_enc_des, &krb5int_hash_md5,
57		16,
58		krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
59		krb5int_des_string_to_key, k5_rand2key_des,
60		krb5int_des_prf,
61		CKSUMTYPE_RSA_MD5_DES,
62		ETYPE_WEAK, 56 },
63		{ ENCTYPE_DES_CBC_RAW,
64		"des-cbc-raw", { 0 }, "DES cbc mode raw",
65		&krb5int_enc_des, NULL,
66		16,
67		krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
68		krb5int_des_string_to_key, k5_rand2key_des,
69		krb5int_des_prf,
70		0,
71		ETYPE_WEAK, 56 },
72	37	{ ENCTYPE_DES3_CBC_RAW,
73	38	"des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
74	39	&krb5int_enc_des3, NULL,

77	42	krb5int_dk_string_to_key, k5_rand2key_des3,
78	43	NULL, /PRF/
79	44	0,
80		ETYPE_WEAK, 112 },
	45	ETYPE_WEAK \| ETYPE_DEPRECATED, 112 },
81	46
82	47	{ ENCTYPE_DES3_CBC_SHA1,
83	48	"des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },

88	53	krb5int_dk_string_to_key, k5_rand2key_des3,
89	54	krb5int_dk_prf,
90	55	CKSUMTYPE_HMAC_SHA1_DES3,
91		0 /flags/, 112 },
92
93		{ ENCTYPE_DES_HMAC_SHA1,
94		"des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
95		&krb5int_enc_des, &krb5int_hash_sha1,
96		8,
97		krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
98		krb5int_dk_string_to_key, k5_rand2key_des,
99		NULL, /PRF/
100		0,
101		ETYPE_WEAK, 56 },
	56	ETYPE_DEPRECATED, 112 },
102	57
103	58	/* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we
104	59	* consider its strength degraded and assign it an SSF value of 64. */

112	67	krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
113	68	k5_rand2key_direct, krb5int_arcfour_prf,
114	69	CKSUMTYPE_HMAC_MD5_ARCFOUR,
115		0 /flags/, 64 },
	70	ETYPE_DEPRECATED, 64 },
116	71	{ ENCTYPE_ARCFOUR_HMAC_EXP,
117	72	"arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
118	73	"Exportable ArcFour with HMAC/md5",

123	78	krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
124	79	k5_rand2key_direct, krb5int_arcfour_prf,
125	80	CKSUMTYPE_HMAC_MD5_ARCFOUR,
126		ETYPE_WEAK, 40
	81	ETYPE_WEAK \| ETYPE_DEPRECATED, 40
127	82	},
128	83
129	84	{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,

+0

-691

~~src/lib/crypto/krb/s2k_des.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/*
2		* Copyright (C) 1998 by the FundsXpress, INC.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require
7		* a specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of FundsXpress. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. FundsXpress makes no representations about the suitability of
19		* this software for any purpose. It is provided "as is" without express
20		* or implied warranty.
21		*
22		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23		* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24		* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25		*/
26
27		/*
28		* RFC 3961 and AFS string to key. These are not standard crypto primitives
29		* (RFC 3961 string-to-key is implemented in OpenSSL for historical reasons but
30		* it doesn't get weak keys right), so we have to implement them here.
31		*/
32
33		#include <ctype.h>
34		#include "crypto_int.h"
35
36		#undef min
37		#define min(a,b) ((a)>(b)?(b):(a))
38
39		/* Compute a CBC checksum of in (with length len) using the specified key and
40		* ivec. The result is written into out. */
41		static krb5_error_code
42		des_cbc_mac(const unsigned char keybits, const unsigned char ivec,
43		const unsigned char in, size_t len, unsigned char out)
44		{
45		krb5_error_code ret;
46		krb5_keyblock kb;
47		krb5_key key;
48		krb5_crypto_iov iov[2];
49		unsigned char zero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
50		krb5_data outd, ivecd;
51
52		/* Make a key from keybits. */
53		kb.magic = KV5M_KEYBLOCK;
54		kb.enctype = ENCTYPE_DES_CBC_CRC;
55		kb.length = 8;
56		kb.contents = (unsigned char *)keybits;
57		ret = krb5_k_create_key(NULL, &kb, &key);
58		if (ret)
59		return ret;
60
61		/* Make iovs for the input data, padding it out to the block size. */
62		iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
63		iov[0].data = make_data((unsigned char *)in, len);
64		iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
65		iov[1].data = make_data(zero, krb5_roundup(len, 8) - len);
66
67		/* Make krb5_data structures for the ivec and output. */
68		ivecd = make_data((unsigned char *)ivec, 8);
69		outd = make_data(out, 8);
70
71		/* Call the cbc_mac operation of the module's DES enc-provider. */
72		ret = krb5int_enc_des.cbc_mac(key, iov, 2, &ivecd, &outd);
73		krb5_k_free_key(NULL, key);
74		return ret;
75		}
76
77		/* AFS string-to-key constants */
78
79		/* Initial permutation */
80		static const char IP[] = {
81		58,50,42,34,26,18,10, 2,
82		60,52,44,36,28,20,12, 4,
83		62,54,46,38,30,22,14, 6,
84		64,56,48,40,32,24,16, 8,
85		57,49,41,33,25,17, 9, 1,
86		59,51,43,35,27,19,11, 3,
87		61,53,45,37,29,21,13, 5,
88		63,55,47,39,31,23,15, 7,
89		};
90
91		/* Final permutation, FP = IP^(-1) */
92		static const char FP[] = {
93		40, 8,48,16,56,24,64,32,
94		39, 7,47,15,55,23,63,31,
95		38, 6,46,14,54,22,62,30,
96		37, 5,45,13,53,21,61,29,
97		36, 4,44,12,52,20,60,28,
98		35, 3,43,11,51,19,59,27,
99		34, 2,42,10,50,18,58,26,
100		33, 1,41, 9,49,17,57,25,
101		};
102
103		/*
104		* Permuted-choice 1 from the key bits to yield C and D.
105		* Note that bits 8,16... are left out: They are intended for a parity check.
106		*/
107		static const char PC1_C[] = {
108		57,49,41,33,25,17, 9,
109		1,58,50,42,34,26,18,
110		10, 2,59,51,43,35,27,
111		19,11, 3,60,52,44,36,
112		};
113
114		static const char PC1_D[] = {
115		63,55,47,39,31,23,15,
116		7,62,54,46,38,30,22,
117		14, 6,61,53,45,37,29,
118		21,13, 5,28,20,12, 4,
119		};
120
121		/* Sequence of shifts used for the key schedule */
122		static const char shifts[] = {
123		1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
124		};
125
126		/* Permuted-choice 2, to pick out the bits from the CD array that generate the
127		* key schedule */
128		static const char PC2_C[] = {
129		14,17,11,24, 1, 5,
130		3,28,15, 6,21,10,
131		23,19,12, 4,26, 8,
132		16, 7,27,20,13, 2,
133		};
134
135		static const char PC2_D[] = {
136		41,52,31,37,47,55,
137		30,40,51,45,33,48,
138		44,49,39,56,34,53,
139		46,42,50,36,29,32,
140		};
141
142		/* The E bit-selection table */
143		static const char e[] = {
144		32, 1, 2, 3, 4, 5,
145		4, 5, 6, 7, 8, 9,
146		8, 9,10,11,12,13,
147		12,13,14,15,16,17,
148		16,17,18,19,20,21,
149		20,21,22,23,24,25,
150		24,25,26,27,28,29,
151		28,29,30,31,32, 1,
152		};
153
154		/* P is a permutation on the selected combination of the current L and key. */
155		static const char P[] = {
156		16, 7,20,21,
157		29,12,28,17,
158		1,15,23,26,
159		5,18,31,10,
160		2, 8,24,14,
161		32,27, 3, 9,
162		19,13,30, 6,
163		22,11, 4,25,
164		};
165
166		/*
167		* The 8 selection functions.
168		* For some reason, they give a 0-origin
169		* index, unlike everything else.
170		*/
171		static const char S[8][64] = {
172		{14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
173		0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
174		4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
175		15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
176
177		{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
178		3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
179		0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
180		13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
181
182		{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
183		13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
184		13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
185		1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
186
187		{ 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
188		13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
189		10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
190		3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
191
192		{ 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
193		14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
194		4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
195		11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
196
197		{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
198		10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
199		9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
200		4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
201
202		{ 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
203		13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
204		1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
205		6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
206
207		{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
208		1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
209		7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
210		2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
211		};
212
213
214		/* Set up the key schedule from the key. */
215		static void
216		afs_crypt_setkey(char key, char E, char (*KS)[48])
217		{
218		int i, j, k, t;
219		char C[28], D[28]; /* Used to calculate key schedule. */
220
221		/*
222		* First, generate C and D by permuting
223		* the key. The low order bit of each
224		* 8-bit char is not used, so C and D are only 28
225		* bits apiece.
226		*/
227		for (i = 0; i < 28; i++) {
228		C[i] = key[PC1_C[i] - 1];
229		D[i] = key[PC1_D[i] - 1];
230		}
231		/*
232		* To generate Ki, rotate C and D according
233		* to schedule and pick up a permutation
234		* using PC2.
235		*/
236		for (i = 0; i < 16; i++) {
237		/* Rotate. */
238		for (k = 0; k < shifts[i]; k++) {
239		t = C[0];
240		for (j = 0; j < 28 - 1; j++)
241		C[j] = C[j + 1];
242		C[27] = t;
243		t = D[0];
244		for (j = 0; j < 28 - 1; j++)
245		D[j] = D[j + 1];
246		D[27] = t;
247		}
248		/* Get Ki. Note C and D are concatenated. */
249		for (j = 0; j < 24; j++) {
250		KS[i][j] = C[PC2_C[j]-1];
251		KS[i][j+24] = D[PC2_D[j]-28-1];
252		}
253		}
254
255		memcpy(E, e, 48);
256		}
257
258		/*
259		* The payoff: encrypt a block.
260		*/
261
262		static void
263		afs_encrypt_block(char block, char E, char (*KS)[48])
264		{
265		const long edflag = 0;
266		int i, ii;
267		int t, j, k;
268		char tempL[32];
269		char f[32];
270		char L[64]; /* Current block divided into two halves */
271		char *const R = &L[32];
272		/* The combination of the key and the input, before selection. */
273		char preS[48];
274
275		/* First, permute the bits in the input. */
276		for (j = 0; j < 64; j++)
277		L[j] = block[IP[j] - 1];
278		/* Perform an encryption operation 16 times. */
279		for (ii = 0; ii < 16; ii++) {
280		/* Set direction. */
281		i = (edflag) ? 15 - ii : ii;
282		/* Save the R array, which will be the new L. */
283		memcpy(tempL, R, 32);
284		/* Expand R to 48 bits using the E selector; exclusive-or with the
285		* current key bits. */
286		for (j = 0; j < 48; j++)
287		preS[j] = R[E[j] - 1] ^ KS[i][j];
288		/*
289		* The pre-select bits are now considered in 8 groups of 6 bits each.
290		* The 8 selection functions map these 6-bit quantities into 4-bit
291		* quantities and the results permuted to make an f(R, K). The
292		* indexing into the selection functions is peculiar; it could be
293		* simplified by rewriting the tables.
294		*/
295		for (j = 0; j < 8; j++) {
296		t = 6 * j;
297		k = S[j][(preS[t + 0] << 5) +
298		(preS[t + 1] << 3) +
299		(preS[t + 2] << 2) +
300		(preS[t + 3] << 1) +
301		(preS[t + 4] << 0) +
302		(preS[t + 5] << 4)];
303		t = 4 * j;
304		f[t + 0] = (k >> 3) & 1;
305		f[t + 1] = (k >> 2) & 1;
306		f[t + 2] = (k >> 1) & 1;
307		f[t + 3] = (k >> 0) & 1;
308		}
309		/* The new R is L ^ f(R, K). The f here has to be permuted first,
310		* though. */
311		for (j = 0; j < 32; j++)
312		R[j] = L[j] ^ f[P[j] - 1];
313		/* Finally, the new L (the original R) is copied back. */
314		memcpy(L, tempL, 32);
315		}
316		/* The output L and R are reversed. */
317		for (j = 0; j < 32; j++) {
318		t = L[j];
319		L[j] = R[j];
320		R[j] = t;
321		}
322		/* The final output gets the inverse permutation of the very original. */
323		for (j = 0; j < 64; j++)
324		block[j] = L[FP[j] - 1];
325		}
326
327		/* iobuf must be at least 16 bytes */
328		static char *
329		afs_crypt(const char pw, const char salt, char *iobuf)
330		{
331		int i, j, c;
332		int temp;
333		char block[66];
334		char E[48];
335		char KS[16][48]; /* Key schedule, generated from key */
336
337		for (i = 0; i < 66; i++)
338		block[i] = 0;
339		for (i = 0; (c = *pw) != '\0' && i < 64; pw++){
340		for(j = 0; j < 7; j++, i++)
341		block[i] = (c >> (6 - j)) & 01;
342		i++;
343		}
344
345		afs_crypt_setkey(block, E, KS);
346
347		for (i = 0; i < 66; i++)
348		block[i] = 0;
349
350		for (i = 0; i < 2; i++) {
351		c = *salt++;
352		iobuf[i] = c;
353		if (c > 'Z')
354		c -= 6;
355		if (c > '9')
356		c -= 7;
357		c -= '.';
358		for (j = 0; j < 6; j++) {
359		if ((c >> j) & 01) {
360		temp = E[6 * i + j];
361		E[6 * i + j] = E[6 * i + j + 24];
362		E[6 * i + j + 24] = temp;
363		}
364		}
365		}
366
367		for (i = 0; i < 25; i++)
368		afs_encrypt_block(block, E, KS);
369
370		for (i = 0; i < 11; i++) {
371		c = 0;
372		for (j = 0; j < 6; j++) {
373		c <<= 1;
374		c \|= block[6 * i + j];
375		}
376		c += '.';
377		if (c > '9')
378		c += 7;
379		if (c > 'Z')
380		c += 6;
381		iobuf[i + 2] = c;
382		}
383		iobuf[i + 2] = 0;
384		if (iobuf[1] == 0)
385		iobuf[1] = iobuf[0];
386		return iobuf;
387		}
388
389		static krb5_error_code
390		afs_s2k_oneblock(const krb5_data data, const krb5_data salt,
391		unsigned char *key_out)
392		{
393		unsigned int i;
394		unsigned char password[9]; /* trailing nul for crypt() */
395		char afs_crypt_buf[16];
396
397		/*
398		* Run afs_crypt and use the first eight returned bytes after the copy of
399		* the (fixed) salt.
400		*
401		* Since the returned bytes are alphanumeric, the output is limited to
402		* 2**48 possibilities; for each byte, only 64 possible values can be used.
403		*/
404
405		memset(password, 0, sizeof(password));
406		if (salt->length > 0)
407		memcpy(password, salt->data, min(salt->length, 8));
408		for (i = 0; i < 8; i++) {
409		if (isupper(password[i]))
410		password[i] = tolower(password[i]);
411		}
412		for (i = 0; i < data->length; i++)
413		password[i] ^= data->data[i];
414		for (i = 0; i < 8; i++) {
415		if (password[i] == '\0')
416		password[i] = 'X';
417		}
418		password[8] = '\0';
419		/* Out-of-bounds salt characters are equivalent to a salt string
420		* of "p1". */
421		strncpy((char *)key_out,
422		(char )afs_crypt((char )password, "#~", afs_crypt_buf) + 2, 8);
423		for (i = 0; i < 8; i++)
424		key_out[i] <<= 1;
425		/* Fix up key parity again. */
426		k5_des_fixup_key_parity(key_out);
427		zap(password, sizeof(password));
428		return 0;
429		}
430
431		static krb5_error_code
432		afs_s2k_multiblock(const krb5_data data, const krb5_data salt,
433		unsigned char *key_out)
434		{
435		krb5_error_code ret;
436		unsigned char ivec[8], tkey[8], *password;
437		size_t pw_len = salt->length + data->length;
438		unsigned int i, j;
439
440		/* Do a CBC checksum, twice, and use the result as the new key. */
441
442		password = malloc(pw_len);
443		if (!password)
444		return ENOMEM;
445
446		if (data->length > 0)
447		memcpy(password, data->data, data->length);
448		for (i = data->length, j = 0; j < salt->length; i++, j++) {
449		password[i] = salt->data[j];
450		if (isupper(password[i]))
451		password[i] = tolower(password[i]);
452		}
453
454		memcpy(ivec, "kerberos", sizeof(ivec));
455		memcpy(tkey, ivec, sizeof(tkey));
456		k5_des_fixup_key_parity(tkey);
457		ret = des_cbc_mac(tkey, ivec, password, pw_len, tkey);
458		if (ret)
459		goto cleanup;
460
461		memcpy(ivec, tkey, sizeof(ivec));
462		k5_des_fixup_key_parity(tkey);
463		ret = des_cbc_mac(tkey, ivec, password, pw_len, key_out);
464		if (ret)
465		goto cleanup;
466		k5_des_fixup_key_parity(key_out);
467
468		cleanup:
469		zapfree(password, pw_len);
470		return ret;
471		}
472
473		static krb5_error_code
474		afs_s2k(const krb5_data data, const krb5_data salt, unsigned char *key_out)
475		{
476		if (data->length <= 8)
477		return afs_s2k_oneblock(data, salt, key_out);
478		else
479		return afs_s2k_multiblock(data, salt, key_out);
480		}
481
482		static krb5_error_code
483		des_s2k(const krb5_data pw, const krb5_data salt, unsigned char *key_out)
484		{
485		union {
486		/* 8 "forward" bytes, 8 "reverse" bytes */
487		unsigned char uc[16];
488		krb5_ui_4 ui[4];
489		} temp;
490		unsigned int i;
491		krb5_ui_4 x, y, z;
492		unsigned char p, copy;
493		size_t copylen;
494		krb5_error_code ret;
495
496		/* As long as the architecture is big-endian or little-endian, it
497		doesn't matter which it is. Think of it as reversing the
498		bytes, and also reversing the bits within each byte. But this
499		current algorithm is dependent on having four 8-bit char values
500		exactly overlay a 32-bit integral type. */
501		if (sizeof(temp.uc) != sizeof(temp.ui)
502		\|\| (unsigned char)~0 != 0xFF
503		\|\| (krb5_ui_4)~(krb5_ui_4)0 != 0xFFFFFFFF
504		\|\| (temp.uc[0] = 1, temp.uc[1] = 2, temp.uc[2] = 3, temp.uc[3] = 4,
505		!(temp.ui[0] == 0x01020304
506		\|\| temp.ui[0] == 0x04030201)))
507		abort();
508		#define FETCH4(VAR, IDX) VAR = temp.ui[IDX/4]
509		#define PUT4(VAR, IDX) temp.ui[IDX/4] = VAR
510
511		copylen = pw->length + salt->length;
512		/* Don't need NUL termination, at this point we're treating it as
513		a byte array, not a string. */
514		copy = malloc(copylen);
515		if (copy == NULL)
516		return ENOMEM;
517		if (pw->length > 0)
518		memcpy(copy, pw->data, pw->length);
519		if (salt->length > 0)
520		memcpy(copy + pw->length, salt->data, salt->length);
521
522		memset(&temp, 0, sizeof(temp));
523		p = temp.uc;
524		/* Handle the fan-fold xor operation by splitting the data into
525		forward and reverse sections, and combine them later, rather
526		than having to do the reversal over and over again. */
527		for (i = 0; i < copylen; i++) {
528		*p++ ^= copy[i];
529		if (p == temp.uc+16) {
530		p = temp.uc;
531		#ifdef PRINT_TEST_VECTORS
532		{
533		int j;
534		printf("after %d input bytes:\nforward block:\t", i+1);
535		for (j = 0; j < 8; j++)
536		printf(" %02x", temp.uc[j] & 0xff);
537		printf("\nreverse block:\t");
538		for (j = 8; j < 16; j++)
539		printf(" %02x", temp.uc[j] & 0xff);
540		printf("\n");
541		}
542		#endif
543		}
544		}
545
546		#ifdef PRINT_TEST_VECTORS
547		if (p != temp.uc) {
548		int j;
549		printf("at end, after %d input bytes:\nforward block:\t", i);
550		for (j = 0; j < 8; j++)
551		printf(" %02x", temp.uc[j] & 0xff);
552		printf("\nreverse block:\t");
553		for (j = 8; j < 16; j++)
554		printf(" %02x", temp.uc[j] & 0xff);
555		printf("\n");
556		}
557		#endif
558		#define REVERSE(VAR) \
559		{ \
560		krb5_ui_4 old = VAR, temp1 = 0; \
561		int j; \
562		for (j = 0; j < 32; j++) { \
563		temp1 = (temp1 << 1) \| (old & 1); \
564		old >>= 1; \
565		} \
566		VAR = temp1; \
567		}
568
569		FETCH4 (x, 8);
570		FETCH4 (y, 12);
571		/* Ignore high bits of each input byte. */
572		x &= 0x7F7F7F7F;
573		y &= 0x7F7F7F7F;
574		/* Reverse the bit strings -- after this, y is "before" x. */
575		REVERSE (x);
576		REVERSE (y);
577		#ifdef PRINT_TEST_VECTORS
578		{
579		int j;
580		union { unsigned char uc[4]; krb5_ui_4 ui; } t2;
581		printf("after reversal, reversed block:\n\t\t");
582		t2.ui = y;
583		for (j = 0; j < 4; j++)
584		printf(" %02x", t2.uc[j] & 0xff);
585		t2.ui = x;
586		for (j = 0; j < 4; j++)
587		printf(" %02x", t2.uc[j] & 0xff);
588		printf("\n");
589		}
590		#endif
591		/* Ignored bits are now at the bottom of each byte, where we'll
592		* put the parity bits. Good. */
593		FETCH4 (z, 0);
594		z &= 0x7F7F7F7F;
595		/* Ignored bits for z are at the top of each byte; fix that. */
596		z <<= 1;
597		/* Finish the fan-fold xor for these four bytes. */
598		z ^= y;
599		PUT4 (z, 0);
600		/* Now do the second four bytes. */
601		FETCH4 (z, 4);
602		z &= 0x7F7F7F7F;
603		/* Ignored bits for z are at the top of each byte; fix that. */
604		z <<= 1;
605		/* Finish the fan-fold xor for these four bytes. */
606		z ^= x;
607		PUT4 (z, 4);
608
609		#ifdef PRINT_TEST_VECTORS
610		{
611		int j;
612		printf("after reversal, combined block:\n\t\t");
613		for (j = 0; j < 8; j++)
614		printf(" %02x", temp.uc[j] & 0xff);
615		printf("\n");
616		}
617		#endif
618
619		#define FIXUP(k) (k5_des_fixup_key_parity(k), \
620		k5_des_is_weak_key(k) ? (k[7] ^= 0xF0) : 0)
621
622		/* Now temp.cb is the temporary key, with invalid parity. */
623		FIXUP(temp.uc);
624
625		#ifdef PRINT_TEST_VECTORS
626		{
627		int j;
628		printf("after fixing parity and weak keys:\n\t\t");
629		for (j = 0; j < 8; j++)
630		printf(" %02x", temp.uc[j] & 0xff);
631		printf("\n");
632		}
633		#endif
634
635		ret = des_cbc_mac(temp.uc, temp.uc, copy, copylen, temp.uc);
636		if (ret)
637		goto cleanup;
638
639		#ifdef PRINT_TEST_VECTORS
640		{
641		int j;
642		printf("cbc checksum:\n\t\t");
643		for (j = 0; j < 8; j++)
644		printf(" %02x", temp.uc[j] & 0xff);
645		printf("\n");
646		}
647		#endif
648
649		FIXUP(temp.uc);
650
651		#ifdef PRINT_TEST_VECTORS
652		{
653		int j;
654		printf("after fixing parity and weak keys:\n\t\t");
655		for (j = 0; j < 8; j++)
656		printf(" %02x", temp.uc[j] & 0xff);
657		printf("\n");
658		}
659		#endif
660
661		memcpy(key_out, temp.uc, 8);
662
663		cleanup:
664		zap(&temp, sizeof(temp));
665		zapfree(copy, copylen);
666		return ret;
667		}
668
669		krb5_error_code
670		krb5int_des_string_to_key(const struct krb5_keytypes *ktp,
671		const krb5_data string, const krb5_data salt,
672		const krb5_data parm, krb5_keyblock keyblock)
673		{
674		int type;
675
676		if (parm != NULL) {
677		if (parm->length != 1)
678		return KRB5_ERR_BAD_S2K_PARAMS;
679		type = parm->data[0];
680		if (type != 0 && type != 1)
681		return KRB5_ERR_BAD_S2K_PARAMS;
682		} else
683		type = 0;
684
685		/* Use AFS string to key if we were told to. */
686		if (type == 1)
687		return afs_s2k(string, salt, keyblock->contents);
688
689		return des_s2k(string, salt, keyblock->contents);
690		}

+1

-2

src/lib/crypto/libk5crypto.exports less more

57	57	krb5int_c_mandatory_cksumtype
58	58	krb5_c_fx_cf2_simple
59	59	krb5int_c_weak_enctype
60		krb5int_c_combine_keys
61	60	krb5_encrypt_data
62	61	krb5int_c_copy_keyblock
63	62	krb5int_c_copy_keyblock_contents

84	83	krb5_k_reference_key
85	84	krb5_k_verify_checksum
86	85	krb5_k_verify_checksum_iov
87		mit_crc32
88	86	krb5int_aes_encrypt
89	87	krb5int_aes_decrypt
90	88	krb5int_enc_des3

108	106	krb5_c_prfplus
109	107	krb5_c_derive_prfplus
110	108	k5_enctype_to_ssf
	109	krb5int_c_deprecated_enctype

+0

-3

src/lib/crypto/openssl/enc_provider/Makefile.in less more

2	2	LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/..
3	3
4	4	STLIBOBJS= \
5		des.o \
6	5	des3.o \
7	6	rc4.o \
8	7	aes.o \
9	8	camellia.o
10	9
11	10	OBJS= \
12		$(OUTPRE)des.$(OBJEXT) \
13	11	$(OUTPRE)des3.$(OBJEXT) \
14	12	$(OUTPRE)aes.$(OBJEXT) \
15	13	$(OUTPRE)camellia.$(OBJEXT) \
16	14	$(OUTPRE)rc4.$(OBJEXT)
17	15
18	16	SRCS= \
19		$(srcdir)/des.c \
20	17	$(srcdir)/des3.c \
21	18	$(srcdir)/aes.c \
22	19	$(srcdir)/camellia.c \

+0

-11

src/lib/crypto/openssl/enc_provider/deps less more

0	0	#
1	1	# Generated makefile dependencies follow.
2	2	#
3		des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
4		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
5		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
6		$(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \
7		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
8		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
9		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
10		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
11		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
12		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
13		$(top_srcdir)/include/socket-utils.h des.c
14	3	des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
15	4	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
16	5	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \

+0

-218

~~src/lib/crypto/openssl/enc_provider/des.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/crypto/openssl/enc_provider/des.c */
2		/*
3		* Copyright (C) 2009 by the Massachusetts Institute of Technology.
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/*
27		* Copyright (C) 1998 by the FundsXpress, INC.
28		*
29		* All rights reserved.
30		*
31		* Export of this software from the United States of America may require
32		* a specific license from the United States Government. It is the
33		* responsibility of any person or organization contemplating export to
34		* obtain such a license before exporting.
35		*
36		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37		* distribute this software and its documentation for any purpose and
38		* without fee is hereby granted, provided that the above copyright
39		* notice appear in all copies and that both that copyright notice and
40		* this permission notice appear in supporting documentation, and that
41		* the name of FundsXpress. not be used in advertising or publicity pertaining
42		* to distribution of the software without specific, written prior
43		* permission. FundsXpress makes no representations about the suitability of
44		* this software for any purpose. It is provided "as is" without express
45		* or implied warranty.
46		*
47		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48		* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49		* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50		*/
51
52		#include "crypto_int.h"
53		#include <openssl/evp.h>
54		#include <openssl/des.h>
55
56		#define DES_BLOCK_SIZE 8
57		#define DES_KEY_SIZE 8
58		#define DES_KEY_BYTES 7
59
60		static krb5_error_code
61		validate(krb5_key key, const krb5_data ivec, const krb5_crypto_iov data,
62		size_t num_data, krb5_boolean *empty)
63		{
64		size_t input_length = iov_total_length(data, num_data, FALSE);
65
66		if (key->keyblock.length != DES_KEY_SIZE)
67		return(KRB5_BAD_KEYSIZE);
68		if ((input_length%DES_BLOCK_SIZE) != 0)
69		return(KRB5_BAD_MSIZE);
70		if (ivec && (ivec->length != 8))
71		return(KRB5_BAD_MSIZE);
72
73		*empty = (input_length == 0);
74		return 0;
75		}
76
77		static krb5_error_code
78		k5_des_encrypt(krb5_key key, const krb5_data ivec, krb5_crypto_iov data,
79		size_t num_data)
80		{
81		int ret, olen = DES_BLOCK_SIZE;
82		unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE];
83		struct iov_cursor cursor;
84		EVP_CIPHER_CTX *ctx;
85		krb5_boolean empty;
86
87		ret = validate(key, ivec, data, num_data, &empty);
88		if (ret != 0 \|\| empty)
89		return ret;
90
91		ctx = EVP_CIPHER_CTX_new();
92		if (ctx == NULL)
93		return ENOMEM;
94
95		ret = EVP_EncryptInit_ex(ctx, EVP_des_cbc(), NULL,
96		key->keyblock.contents, (ivec && ivec->data) ? (unsigned char*)ivec->data : NULL);
97		if (!ret) {
98		EVP_CIPHER_CTX_free(ctx);
99		return KRB5_CRYPTO_INTERNAL;
100		}
101
102		EVP_CIPHER_CTX_set_padding(ctx, 0);
103
104		k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
105		while (k5_iov_cursor_get(&cursor, iblock)) {
106		ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES_BLOCK_SIZE);
107		if (!ret)
108		break;
109		k5_iov_cursor_put(&cursor, oblock);
110		}
111
112		if (ivec != NULL)
113		memcpy(ivec->data, oblock, DES_BLOCK_SIZE);
114
115		EVP_CIPHER_CTX_free(ctx);
116
117		zap(iblock, sizeof(iblock));
118		zap(oblock, sizeof(oblock));
119
120		if (ret != 1)
121		return KRB5_CRYPTO_INTERNAL;
122		return 0;
123		}
124
125		static krb5_error_code
126		k5_des_decrypt(krb5_key key, const krb5_data ivec, krb5_crypto_iov data,
127		size_t num_data)
128		{
129		int ret, olen = DES_BLOCK_SIZE;
130		unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE];
131		struct iov_cursor cursor;
132		EVP_CIPHER_CTX *ctx;
133		krb5_boolean empty;
134
135		ret = validate(key, ivec, data, num_data, &empty);
136		if (ret != 0 \|\| empty)
137		return ret;
138
139		ctx = EVP_CIPHER_CTX_new();
140		if (ctx == NULL)
141		return ENOMEM;
142
143		ret = EVP_DecryptInit_ex(ctx, EVP_des_cbc(), NULL,
144		key->keyblock.contents,
145		(ivec) ? (unsigned char*)ivec->data : NULL);
146		if (!ret) {
147		EVP_CIPHER_CTX_free(ctx);
148		return KRB5_CRYPTO_INTERNAL;
149		}
150
151		EVP_CIPHER_CTX_set_padding(ctx,0);
152
153		k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
154		while (k5_iov_cursor_get(&cursor, iblock)) {
155		ret = EVP_DecryptUpdate(ctx, oblock, &olen, iblock, DES_BLOCK_SIZE);
156		if (!ret)
157		break;
158		k5_iov_cursor_put(&cursor, oblock);
159		}
160
161		if (ivec != NULL)
162		memcpy(ivec->data, iblock, DES_BLOCK_SIZE);
163
164		EVP_CIPHER_CTX_free(ctx);
165
166		zap(iblock, sizeof(iblock));
167		zap(oblock, sizeof(oblock));
168
169		if (ret != 1)
170		return KRB5_CRYPTO_INTERNAL;
171		return 0;
172		}
173
174		static krb5_error_code
175		k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
176		const krb5_data ivec, krb5_data output)
177		{
178		int ret;
179		struct iov_cursor cursor;
180		DES_cblock blockY, blockB;
181		DES_key_schedule sched;
182		krb5_boolean empty;
183
184		ret = validate(key, ivec, data, num_data, &empty);
185		if (ret != 0)
186		return ret;
187
188		if (output->length != DES_BLOCK_SIZE)
189		return KRB5_BAD_MSIZE;
190
191		if (DES_set_key((DES_cblock *)key->keyblock.contents, &sched) != 0)
192		return KRB5_CRYPTO_INTERNAL;
193
194		if (ivec != NULL)
195		memcpy(blockY, ivec->data, DES_BLOCK_SIZE);
196		else
197		memset(blockY, 0, DES_BLOCK_SIZE);
198
199		k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
200		while (k5_iov_cursor_get(&cursor, blockB)) {
201		store_64_n(load_64_n(blockB) ^ load_64_n(blockY), blockB);
202		DES_ecb_encrypt(&blockB, &blockY, &sched, 1);
203		}
204
205		memcpy(output->data, blockY, DES_BLOCK_SIZE);
206		return 0;
207		}
208
209		const struct krb5_enc_provider krb5int_enc_des = {
210		DES_BLOCK_SIZE,
211		DES_KEY_BYTES, DES_KEY_SIZE,
212		k5_des_encrypt,
213		k5_des_decrypt,
214		k5_des_cbc_mac,
215		krb5int_des_init_state,
216		krb5int_default_free_state
217		};

+12

-3

src/lib/crypto/openssl/enc_provider/rc4.c less more

56	56
57	57	/* In-place IOV crypto */
58	58	static krb5_error_code
59		k5_arcfour_docrypt(krb5_key key,const krb5_data state, krb5_crypto_iov data,
	59	k5_arcfour_docrypt(krb5_key key, const krb5_data state, krb5_crypto_iov data,
60	60	size_t num_data)
61	61	{
62	62	size_t i;

65	65	EVP_CIPHER_CTX *ctx = NULL;
66	66	struct arcfour_state *arcstate;
67	67
68		arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL;
	68	arcstate = (state != NULL) ? (void *)state->data : NULL;
69	69	if (arcstate != NULL) {
70	70	ctx = arcstate->ctx;
71	71	if (arcstate->loopback != arcstate)

112	112	static void
113	113	k5_arcfour_free_state(krb5_data *state)
114	114	{
115		struct arcfour_state arcstate = (struct arcfour_state ) state->data;
	115	struct arcfour_state arcstate = (void )state->data;
116	116
117	117	EVP_CIPHER_CTX_free(arcstate->ctx);
118	118	free(arcstate);

123	123	krb5_keyusage keyusage, krb5_data *new_state)
124	124	{
125	125	struct arcfour_state *arcstate;
	126
	127	/*
	128	* The cipher state here is a saved pointer to a struct arcfour_state
	129	* object, rather than a flat byte array as in most enc providers. The
	130	* object includes a loopback pointer to detect if if the caller made a
	131	* copy of the krb5_data value or otherwise assumed it was a simple byte
	132	* array. When we cast the data pointer back, we need to go through void *
	133	* to avoid increased alignment warnings.
	134	*/
126	135
127	136	/* Create a state structure with an uninitialized context. */
128	137	arcstate = calloc(1, sizeof(*arcstate));

+3

-7

src/lib/crypto/openssl/hash_provider/Makefile.in less more

1	1	BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
2	2	LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/..
3	3
4		STLIBOBJS= \
5		hash_crc32.o \
6		hash_evp.o
	4	STLIBOBJS= hash_evp.o
7	5
8		OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \
9		$(OUTPRE)hash_evp.$(OBJEXT)
	6	OBJS= $(OUTPRE)hash_evp.$(OBJEXT)
10	7
11		SRCS= $(srcdir)/hash_crc32.c \
12		$(srcdir)/hash_evp.c
	8	SRCS= $(srcdir)/hash_evp.c
13	9
14	10	all-unix: all-libobjs
15	11

+0

-12

src/lib/crypto/openssl/hash_provider/deps less more

0	0	#
1	1	# Generated makefile dependencies follow.
2	2	#
3		hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
4		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
5		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
6		$(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
7		$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
8		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
9		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
10		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
11		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
12		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
13		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
14		hash_crc32.c
15	3	hash_evp.so hash_evp.po $(OUTPRE)hash_evp.$(OBJEXT): \
16	4	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
17	5	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+0

-56

~~src/lib/crypto/openssl/hash_provider/hash_crc32.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/*
2		* Copyright (C) 1998 by the FundsXpress, INC.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require
7		* a specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of FundsXpress. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. FundsXpress makes no representations about the suitability of
19		* this software for any purpose. It is provided "as is" without express
20		* or implied warranty.
21		*
22		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23		* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24		* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25		*/
26
27		#include "crypto_int.h"
28
29		static krb5_error_code
30		k5_crc32_hash(const krb5_crypto_iov data, size_t num_data, krb5_data output)
31		{
32		unsigned long c;
33		unsigned int i;
34
35		if (output->length != CRC32_CKSUM_LENGTH)
36		return(KRB5_CRYPTO_INTERNAL);
37
38		c = 0;
39		for (i = 0; i < num_data; i++) {
40		const krb5_crypto_iov *iov = &data[i];
41
42		if (SIGN_IOV(iov))
43		mit_crc32(iov->data.data, iov->data.length, &c);
44		}
45
46		store_32_le(c, output->data);
47		return(0);
48		}
49
50		const struct krb5_hash_provider krb5int_hash_crc32 = {
51		"CRC32",
52		CRC32_CKSUM_LENGTH,
53		1,
54		k5_crc32_hash
55		};

+1

-1

src/lib/crypto/openssl/hash_provider/hash_evp.c less more

57	57	}
58	58	ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
59	59	EVP_MD_CTX_free(ctx);
60		return ok ? 0 : ENOMEM;
	60	return ok ? 0 : KRB5_CRYPTO_INTERNAL;
61	61	}
62	62
63	63	static krb5_error_code

+9

-9

src/lib/crypto/openssl/hmac.c less more

116	116	const krb5_crypto_iov *data, size_t num_data,
117	117	krb5_data *output)
118	118	{
119		unsigned int i = 0, md_len = 0;
	119	unsigned int i = 0, md_len = 0, ok;
120	120	unsigned char md[EVP_MAX_MD_SIZE];
121	121	HMAC_CTX *ctx;
122	122	size_t hashsize, blocksize;

136	136	if (ctx == NULL)
137	137	return ENOMEM;
138	138
139		HMAC_Init(ctx, keyblock->contents, keyblock->length, map_digest(hash));
140		for (i = 0; i < num_data; i++) {
	139	ok = HMAC_Init_ex(ctx, keyblock->contents, keyblock->length,
	140	map_digest(hash), NULL);
	141	for (i = 0; ok && i < num_data; i++) {
141	142	const krb5_crypto_iov *iov = &data[i];
142	143
143	144	if (SIGN_IOV(iov))
144		HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
	145	ok = HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
145	146	}
146		HMAC_Final(ctx, md, &md_len);
147		if ( md_len <= output->length) {
	147	if (ok)
	148	ok = HMAC_Final(ctx, md, &md_len);
	149	if (ok && md_len <= output->length) {
148	150	output->length = md_len;
149	151	memcpy(output->data, md, output->length);
150	152	}
151	153	HMAC_CTX_free(ctx);
152		return 0;
153
154
	154	return ok ? 0 : KRB5_CRYPTO_INTERNAL;
155	155	}
156	156
157	157	krb5_error_code

+5

-4

src/lib/crypto/openssl/pbkdf2.c less more

34	34	const krb5_data pass, const krb5_data salt)
35	35	{
36	36	const EVP_MD *md = NULL;
	37	int ok;
37	38
38	39	/* Get the message digest handle corresponding to the hash. */
39	40	if (hash == &krb5int_hash_sha1)

45	46	if (md == NULL)
46	47	return KRB5_CRYPTO_INTERNAL;
47	48
48		PKCS5_PBKDF2_HMAC(pass->data, pass->length, (unsigned char *)salt->data,
49		salt->length, count, md, out->length,
50		(unsigned char *)out->data);
51		return 0;
	49	ok = PKCS5_PBKDF2_HMAC(pass->data, pass->length,
	50	(unsigned char *)salt->data, salt->length, count,
	51	md, out->length, (unsigned char *)out->data);
	52	return ok ? 0 : KRB5_CRYPTO_INTERNAL;
52	53	}

+1

-1

src/lib/crypto/openssl/sha256.c less more

47	47	ok = ok && EVP_DigestUpdate(ctx, in[i].data, in[i].length);
48	48	ok = ok && EVP_DigestFinal_ex(ctx, out, NULL);
49	49	EVP_MD_CTX_free(ctx);
50		return ok ? 0 : ENOMEM;
	50	return ok ? 0 : KRB5_CRYPTO_INTERNAL;
51	51	}

+1

-1

src/lib/gssapi/generic/Makefile.in less more

102	102	util_token.o \
103	103	gssapi_err_generic.o
104	104
105		EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h
	105	EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h gssapi_alloc.h
106	106	EXPORTED_BUILT_HEADERS= gssapi.h
107	107
108	108	$(OBJS): $(EXPORTED_HEADERS) $(ETHDRS)

+4

-1

src/lib/gssapi/generic/gssapi_alloc.h less more

35	35	static inline void *
36	36	gssalloc_realloc(void *value, size_t size)
37	37	{
	38	/* Unlike realloc(), HeapReAlloc() does not work on null values. */
	39	if (value == NULL)
	40	return HeapAlloc(GetProcessHeap(), 0, size);
38	41	return HeapReAlloc(GetProcessHeap(), 0, value, size);
39	42	}
40	43

79	82	return gssalloc_malloc(size);
80	83	if (memcmp(p, "gssalloc", 8) != 0)
81	84	abort();
82		return (char *)realloc(p, size) + 8;
	85	return (char *)realloc(p, size + 8) + 8;
83	86	}
84	87
85	88	#else /* not _WIN32 or DEBUG_GSSALLOC */

+46

-1

src/lib/gssapi/generic/gssapi_ext.h less more

91	91	*
92	92	* @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user,
93	93	* GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error
94		* occured.
	94	* occurred.
95	95	*
96	96	* @sa gss_userok
97	97	*/

236	236	*/
237	237	GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
238	238
	239	GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_KEY;
	240	GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY;
	241
239	242	OM_uint32 KRB5_CALLCONV gss_complete_auth_token
240	243	(OM_uint32 *minor_status,
241	244	const gss_ctx_id_t context_handle,

577	580	gss_OID_set , / elements_stored */
578	581	gss_cred_usage_t ); / cred_usage_stored */
579	582
	583	/*
	584	* A mech can make itself negotiable via NegoEx (draft-zhu-negoex) by
	585	* implementing the following three SPIs, and also implementing
	586	* gss_inquire_sec_context_by_oid() and answering the GSS_C_INQ_NEGOEX_KEY and
	587	* GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs. The answer must be in two buffers: the
	588	* first contains the key contents, and the second contains the key enctype as
	589	* a four-byte little-endian integer.
	590	*
	591	* By default, NegoEx mechanisms will not be directly negotiated via SPNEGO.
	592	* If direct SPNEGO negotiation is required for interoperability, implement
	593	* gss_inquire_attrs_for_mech() and assert the GSS_C_MA_NEGOEX_AND_SPNEGO
	594	* attribute (along with any applicable RFC 5587 attributes).
	595	*/
	596
	597	OM_uint32 KRB5_CALLCONV
	598	gssspi_query_meta_data(
	599	OM_uint32 *minor_status,
	600	gss_const_OID mech_oid,
	601	gss_cred_id_t cred_handle,
	602	gss_ctx_id_t *context_handle,
	603	const gss_name_t targ_name,
	604	OM_uint32 req_flags,
	605	gss_buffer_t meta_data);
	606
	607	OM_uint32 KRB5_CALLCONV
	608	gssspi_exchange_meta_data(
	609	OM_uint32 *minor_status,
	610	gss_const_OID mech_oid,
	611	gss_cred_id_t cred_handle,
	612	gss_ctx_id_t *context_handle,
	613	const gss_name_t targ_name,
	614	OM_uint32 req_flags,
	615	gss_const_buffer_t meta_data);
	616
	617	OM_uint32 KRB5_CALLCONV
	618	gssspi_query_mechanism_info(
	619	OM_uint32 *minor_status,
	620	gss_const_OID mech_oid,
	621	unsigned char auth_scheme[16]);
	622
	623	GSS_DLLIMP extern gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO;
	624
580	625	#ifdef __cplusplus
581	626	}
582	627	#endif

+79

-60

src/lib/gssapi/generic/gssapi_generic.c less more

127	127	*/
128	128	/* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */
129	129	{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"},
	130	/* GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16 */
	131	{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x10"},
	132	/* GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17 */
	133	{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x11"},
130	134
131	135	/* RFC 5587 attributes, see below */
132	136	{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"},

156	160	{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"},
157	161	{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"},
158	162	{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"},
	163	/* GSS_C_MA_NEGOEX_AND_SPNEGO 1.2.840.113554.1.2.2.5.18 */
	164	{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x12"},
159	165
160	166	/*
161	167	* GSS_SEC_CONTEXT_SASL_SSF_OID 1.2.840.113554.1.2.2.5.15

193	199	gss_OID gss_nt_exported_name = oids+6;
194	200
195	201	GSS_DLLIMP gss_OID GSS_C_NT_COMPOSITE_EXPORT = oids+7;
196
197	202	GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+8;
198
199		GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+9;
200		GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+10;
201		GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+11;
202		GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+12;
203		GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+13;
204		GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+14;
205		GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+15;
206		GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+16;
207		GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+17;
208		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+18;
209		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+19;
210		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+20;
211		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+21;
212		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+22;
213		GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+23;
214		GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+24;
215		GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+25;
216		GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+26;
217		GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+27;
218		GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+28;
219		GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+29;
220		GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+30;
221		GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+31;
222		GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+32;
223		GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+33;
224		GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+34;
225		GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+35;
226
227		GSS_DLLIMP gss_OID GSS_C_SEC_CONTEXT_SASL_SSF = oids+36;
228
229		static gss_OID_set_desc gss_ma_known_attrs_desc = { 27, oids+9 };
	203	GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_KEY = oids+9;
	204	GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY = oids+10;
	205
	206	GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+11;
	207	GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+12;
	208	GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+13;
	209	GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+14;
	210	GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+15;
	211	GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+16;
	212	GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+17;
	213	GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+18;
	214	GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+19;
	215	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+20;
	216	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+21;
	217	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+22;
	218	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+23;
	219	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+24;
	220	GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+25;
	221	GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+26;
	222	GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+27;
	223	GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+28;
	224	GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+29;
	225	GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+30;
	226	GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+31;
	227	GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+32;
	228	GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+33;
	229	GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+34;
	230	GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+35;
	231	GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+36;
	232	GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+37;
	233	GSS_DLLIMP gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO = oids+38;
	234
	235	GSS_DLLIMP gss_OID GSS_C_SEC_CONTEXT_SASL_SSF = oids+39;
	236
	237	static gss_OID_set_desc gss_ma_known_attrs_desc = { 28, oids+11 };
	238
230	239	gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc;
231	240
232	241	static struct mech_attr_info_desc {

236	245	const char *long_desc;
237	246	} mech_attr_info[] = {
238	247	{
239		oids+9,
	248	oids+11,
240	249	"GSS_C_MA_MECH_CONCRETE",
241	250	"concrete-mech",
242	251	"Mechanism is neither a pseudo-mechanism nor a composite mechanism.",
243	252	},
244	253	{
245		oids+10,
	254	oids+12,
246	255	"GSS_C_MA_MECH_PSEUDO",
247	256	"pseudo-mech",
248	257	"Mechanism is a pseudo-mechanism.",
249	258	},
250	259	{
251		oids+11,
	260	oids+13,
252	261	"GSS_C_MA_MECH_COMPOSITE",
253	262	"composite-mech",
254	263	"Mechanism is a composite of other mechanisms.",
255	264	},
256	265	{
257		oids+12,
	266	oids+14,
258	267	"GSS_C_MA_MECH_NEGO",
259	268	"mech-negotiation-mech",
260	269	"Mechanism negotiates other mechanisms.",
261	270	},
262	271	{
263		oids+13,
	272	oids+15,
264	273	"GSS_C_MA_MECH_GLUE",
265	274	"mech-glue",
266	275	"OID is not a mechanism but the GSS-API itself.",
267	276	},
268	277	{
269		oids+14,
	278	oids+16,
270	279	"GSS_C_MA_NOT_MECH",
271	280	"not-mech",
272	281	"Known OID but not a mechanism OID.",
273	282	},
274	283	{
275		oids+15,
	284	oids+17,
276	285	"GSS_C_MA_DEPRECATED",
277	286	"mech-deprecated",
278	287	"Mechanism is deprecated.",
279	288	},
280	289	{
281		oids+16,
	290	oids+18,
282	291	"GSS_C_MA_NOT_DFLT_MECH",
283	292	"mech-not-default",
284	293	"Mechanism must not be used as a default mechanism.",
285	294	},
286	295	{
287		oids+17,
	296	oids+19,
288	297	"GSS_C_MA_ITOK_FRAMED",
289	298	"initial-is-framed",
290	299	"Mechanism's initial contexts are properly framed.",
291	300	},
292	301	{
293		oids+18,
	302	oids+20,
294	303	"GSS_C_MA_AUTH_INIT",
295	304	"auth-init-princ",
296	305	"Mechanism supports authentication of initiator to acceptor.",
297	306	},
298	307	{
299		oids+19,
	308	oids+21,
300	309	"GSS_C_MA_AUTH_TARG",
301	310	"auth-targ-princ",
302	311	"Mechanism supports authentication of acceptor to initiator.",
303	312	},
304	313	{
305		oids+20,
	314	oids+22,
306	315	"GSS_C_MA_AUTH_INIT_INIT",
307	316	"auth-init-princ-initial",
308	317	"Mechanism supports authentication of initiator using "
309	318	"initial credentials.",
310	319	},
311	320	{
312		oids+21,
	321	oids+23,
313	322	"GSS_C_MA_AUTH_TARG_INIT",
314	323	"auth-target-princ-initial",
315	324	"Mechanism supports authentication of acceptor using "
316	325	"initial credentials.",
317	326	},
318	327	{
319		oids+22,
	328	oids+24,
320	329	"GSS_C_MA_AUTH_INIT_ANON",
321	330	"auth-init-princ-anon",
322	331	"Mechanism supports GSS_C_NT_ANONYMOUS as an initiator name.",
323	332	},
324	333	{
325		oids+23,
	334	oids+25,
326	335	"GSS_C_MA_AUTH_TARG_ANON",
327	336	"auth-targ-princ-anon",
328	337	"Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor name.",
329	338	},
330	339	{
331		oids+24,
	340	oids+26,
332	341	"GSS_C_MA_DELEG_CRED",
333	342	"deleg-cred",
334	343	"Mechanism supports credential delegation.",
335	344	},
336	345	{
337		oids+25,
	346	oids+27,
338	347	"GSS_C_MA_INTEG_PROT",
339	348	"integ-prot",
340	349	"Mechanism supports per-message integrity protection.",
341	350	},
342	351	{
343		oids+26,
	352	oids+28,
344	353	"GSS_C_MA_CONF_PROT",
345	354	"conf-prot",
346	355	"Mechanism supports per-message confidentiality protection.",
347	356	},
348	357	{
349		oids+27,
	358	oids+29,
350	359	"GSS_C_MA_MIC",
351	360	"mic",
352	361	"Mechanism supports Message Integrity Code (MIC) tokens.",
353	362	},
354	363	{
355		oids+28,
	364	oids+30,
356	365	"GSS_C_MA_WRAP",
357	366	"wrap",
358	367	"Mechanism supports wrap tokens.",
359	368	},
360	369	{
361		oids+29,
	370	oids+31,
362	371	"GSS_C_MA_PROT_READY",
363	372	"prot-ready",
364	373	"Mechanism supports per-message proteciton prior to "
365	374	"full context establishment.",
366	375	},
367	376	{
368		oids+30,
	377	oids+32,
369	378	"GSS_C_MA_REPLAY_DET",
370	379	"replay-detection",
371	380	"Mechanism supports replay detection.",
372	381	},
373	382	{
374		oids+31,
	383	oids+33,
375	384	"GSS_C_MA_OOS_DET",
376	385	"oos-detection",
377	386	"Mechanism supports out-of-sequence detection.",
378	387	},
379	388	{
380		oids+32,
	389	oids+34,
381	390	"GSS_C_MA_CBINDINGS",
382	391	"channel-bindings",
383	392	"Mechanism supports channel bindings.",
384	393	},
385	394	{
386		oids+33,
	395	oids+35,
387	396	"GSS_C_MA_PFS",
388	397	"pfs",
389	398	"Mechanism supports Perfect Forward Security.",
390	399	},
391	400	{
392		oids+34,
	401	oids+36,
393	402	"GSS_C_MA_COMPRESS",
394	403	"compress",
395	404	"Mechanism supports compression of data inputs to gss_wrap().",
396	405	},
397	406	{
398		oids+35,
	407	oids+37,
399	408	"GSS_C_MA_CTX_TRANS",
400	409	"context-transfer",
401	410	"Mechanism supports security context export/import.",
	411	},
	412	{
	413	oids+38,
	414	"GSS_C_MA_NEGOEX_AND_SPNEGO",
	415	"negoex-only",
	416	"NegoEx mechanism should also be negotiable through SPNEGO.",
402	417	},
403	418	};
404	419

412	427	{
413	428	size_t i;
414	429
	430	if (minor_status != NULL)
	431	*minor_status = 0;
415	432	if (name != GSS_C_NO_BUFFER) {
416	433	name->length = 0;
417	434	name->value = NULL;

424	441	long_desc->length = 0;
425	442	long_desc->value = NULL;
426	443	}
	444	if (minor_status == NULL)
	445	return GSS_S_CALL_INACCESSIBLE_WRITE;
427	446	for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) {
428	447	struct mech_attr_info_desc *mai = &mech_attr_info[i];
429	448

+1

-1

src/lib/gssapi/generic/oid_ops.c less more

85	85
86	86	/*
87	87	* We use the official OID definitions instead of the unofficial OID
88		* defintions. But we continue to support the unofficial OID
	88	* definitions. But we continue to support the unofficial OID
89	89	* gss_nt_service_name just in case if some gss applications use
90	90	* the old OID.
91	91	*/

+1

-5

src/lib/gssapi/krb5/accept_sec_context.c less more

944	944
945	945	if (delegated_cred_handle != NULL &&
946	946	deleg_cred == NULL && /* no unconstrained delegation */
947		cred->usage == GSS_C_BOTH &&
948		(ticket->enc_part2->flags & TKT_FLG_FORWARDABLE)) {
	947	cred->usage == GSS_C_BOTH) {
949	948	/*
950	949	* Now, we always fabricate a delegated credentials handle
951	950	* containing the service ticket to ourselves, which can be

1010	1009	}
1011	1010
1012	1011	switch (negotiated_etype) {
1013		case ENCTYPE_DES_CBC_MD5:
1014		case ENCTYPE_DES_CBC_MD4:
1015		case ENCTYPE_DES_CBC_CRC:
1016	1012	case ENCTYPE_DES3_CBC_SHA1:
1017	1013	case ENCTYPE_ARCFOUR_HMAC:
1018	1014	case ENCTYPE_ARCFOUR_HMAC_EXP:

+5

-16

src/lib/gssapi/krb5/acquire_cred.c less more

190	190
191	191	/* If we have an explicit rcache name, open it. */
192	192	if (rcname != NULL) {
193		code = krb5_rc_resolve_full(context, &rc, rcname);
194		if (code) {
195		major = GSS_S_FAILURE;
196		goto cleanup;
197		}
198		code = krb5_rc_recover_or_initialize(context, rc, context->clockskew);
	193	code = k5_rc_resolve(context, rcname, &rc);
199	194	if (code) {
200	195	major = GSS_S_FAILURE;
201	196	goto cleanup;

259	254	if (kt != NULL)
260	255	krb5_kt_close(context, kt);
261	256	if (rc != NULL)
262		krb5_rc_close(context, rc);
	257	k5_rc_close(context, rc);
263	258	*minor_status = code;
264	259	return major;
265	260	}

879	874	krb5_kt_close(context, cred->keytab);
880	875	#endif /* LEAN_CLIENT */
881	876	if (cred->rcache)
882		krb5_rc_close(context, cred->rcache);
	877	k5_rc_close(context, cred->rcache);
883	878	if (cred->name)
884	879	kg_release_name(context, &cred->name);
885	880	krb5_free_principal(context, cred->impersonator);

1046	1041	*minor_status = code;
1047	1042	return GSS_S_FAILURE;
1048	1043	}
1049		if (cred->rcache != NULL) {
1050		code = krb5_rc_close(context, cred->rcache);
1051		if (code) {
1052		*minor_status = code;
1053		krb5_free_context(context);
1054		return GSS_S_FAILURE;
1055		}
1056		}
	1044	if (cred->rcache != NULL)
	1045	k5_rc_close(context, cred->rcache);
1057	1046
1058	1047	cred->rcache = rcache;
1059	1048

+12

-19

src/lib/gssapi/krb5/copy_ccache.c less more

8	8	{
9	9	krb5_gss_cred_id_t k5creds;
10	10	krb5_error_code code;
11		krb5_context context;
	11	krb5_context context = NULL;
12	12	krb5_ccache out_ccache;
13	13
14	14	assert(value->length == sizeof(out_ccache));

22	22	k5creds = (krb5_gss_cred_id_t) *cred_handle;
23	23	k5_mutex_lock(&k5creds->lock);
24	24	if (k5creds->usage == GSS_C_ACCEPT) {
25		k5_mutex_unlock(&k5creds->lock);
26		*minor_status = (OM_uint32) G_BAD_USAGE;
27		return(GSS_S_FAILURE);
	25	code = G_BAD_USAGE;
	26	goto cleanup;
28	27	}
29	28
30	29	code = krb5_gss_init_context(&context);
31		if (code) {
32		k5_mutex_unlock(&k5creds->lock);
33		*minor_status = code;
34		return GSS_S_FAILURE;
35		}
	30	if (code)
	31	goto cleanup;
36	32
37	33	code = krb5_cc_copy_creds(context, k5creds->ccache, out_ccache);
38		if (code) {
39		k5_mutex_unlock(&k5creds->lock);
40		*minor_status = code;
41		save_error_info(*minor_status, context);
42		krb5_free_context(context);
43		return(GSS_S_FAILURE);
44		}
	34
	35	cleanup:
45	36	k5_mutex_unlock(&k5creds->lock);
46	37	*minor_status = code;
47		if (code)
48		save_error_info(*minor_status, context);
49		krb5_free_context(context);
	38	if (context != NULL) {
	39	if (code)
	40	save_error_info(*minor_status, context);
	41	krb5_free_context(context);
	42	}
50	43	return code ? GSS_S_FAILURE : GSS_S_COMPLETE;
51	44	}

+2

-4

src/lib/gssapi/krb5/duplicate_name.c less more

33	33	krb5_error_code code;
34	34	krb5_gss_name_t princ, outprinc;
35	35
36		if (minor_status)
37		*minor_status = 0;
	36	*minor_status = 0;
38	37
39	38	code = krb5_gss_init_context(&context);
40	39	if (code) {
41		if (minor_status)
42		*minor_status = code;
	40	*minor_status = code;
43	41	return GSS_S_FAILURE;
44	42	}
45	43

+1

-6

src/lib/gssapi/krb5/export_cred.c less more

129	129	{
130	130	krb5_error_code ret;
131	131	k5_json_string str = NULL;
132		char *name;
133	132
134	133	if (rcache == NULL)
135	134	return k5_json_null_create_val(val_out);
136		if (asprintf(&name, "%s:%s", krb5_rc_get_type(context, rcache),
137		krb5_rc_get_name(context, rcache)) < 0)
138		return ENOMEM;
139		ret = k5_json_string_create(name, &str);
140		free(name);
	135	ret = k5_json_string_create(k5_rc_get_name(context, rcache), &str);
141	136	*val_out = str;
142	137	return ret;
143	138	}

+2

-7

src/lib/gssapi/krb5/export_sec_context.c less more

50	50	}
51	51
52	52	context = ctx->k5_context;
53		kret = krb5_gss_ser_init(context);
54		if (kret)
55		goto error_out;
56	53
57	54	/* Determine size needed for externalization of context */
58	55	bufsize = 0;
59		if ((kret = kg_ctx_size(context, (krb5_pointer) ctx,
60		&bufsize)))
	56	if ((kret = kg_ctx_size(context, ctx, &bufsize)))
61	57	goto error_out;
62	58
63	59	/* Allocate the buffer */

69	65	obp = obuffer;
70	66	blen = bufsize;
71	67	/* Externalize the context */
72		if ((kret = kg_ctx_externalize(context,
73		(krb5_pointer) ctx, &obp, &blen)))
	68	if ((kret = kg_ctx_externalize(context, ctx, &obp, &blen)))
74	69	goto error_out;
75	70
76	71	/* Success! Return the buffer */

+13

-15

src/lib/gssapi/krb5/gssapiP_krb5.h less more

119	119	/* These are to be stored in little-endian order, i.e., des-mac is
120	120	stored as 02 00. */
121	121	enum sgn_alg {
122		SGN_ALG_DES_MAC_MD5 = 0x0000,
123		SGN_ALG_MD2_5 = 0x0001,
124		SGN_ALG_DES_MAC = 0x0002,
125		SGN_ALG_3 = 0x0003, /* not published */
	122	/* SGN_ALG_DES_MAC_MD5 = 0x0000, */
	123	/* SGN_ALG_MD2_5 = 0x0001, */
	124	/* SGN_ALG_DES_MAC = 0x0002, */
	125	/* SGN_ALG_3 = 0x0003, /\* not published \/ /
126	126	SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */
127	127	SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
128	128	};
129	129	enum seal_alg {
130	130	SEAL_ALG_NONE = 0xffff,
131		SEAL_ALG_DES = 0x0000,
132		SEAL_ALG_1 = 0x0001, /* not published */
	131	/* SEAL_ALG_DES = 0x0000, */
	132	/* SEAL_ALG_1 = 0x0001, /\* not published \/ /
133	133	SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */
134	134	SEAL_ALG_DES3KD = 0x0002
135	135	};

146	146	#define KG_USAGE_INITIATOR_SIGN 25
147	147
148	148	enum qop {
149		GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* partial MD5 = "MD2.5" */
150		GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002,
151		GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003,
	149	/* GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, */
	150	/* GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, */
	151	/* GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, */
152	152	GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
153	153	GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff,
154		GSS_KRB5_CONF_C_QOP_DES = 0x0100,
	154	/* GSS_KRB5_CONF_C_QOP_DES = 0x0100, */
155	155	GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200,
156	156	GSS_KRB5_CONF_C_QOP_MASK = 0xff00
157	157	};

359	359	OM_uint32 *input_size);
360	360
361	361	krb5_error_code kg_ctx_size (krb5_context kcontext,
362		krb5_pointer arg,
	362	krb5_gss_ctx_id_t ctx,
363	363	size_t *sizep);
364	364
365	365	krb5_error_code kg_ctx_externalize (krb5_context kcontext,
366		krb5_pointer arg,
	366	krb5_gss_ctx_id_t ctx,
367	367	krb5_octet **buffer,
368	368	size_t *lenremain);
369	369
370	370	krb5_error_code kg_ctx_internalize (krb5_context kcontext,
371		krb5_pointer *argp,
	371	krb5_gss_ctx_id_t *argp,
372	372	krb5_octet **buffer,
373	373	size_t *lenremain);
374	374

849	849	gss_ctx_id_t * /* context_handle */
850	850	);
851	851	#endif /* LEAN_CLIENT */
852
853		krb5_error_code krb5_gss_ser_init(krb5_context);
854	852
855	853	OM_uint32 krb5_gss_release_oid
856	854	(OM_uint32 , / minor_status */

+1

-3

src/lib/gssapi/krb5/gssapi_krb5.c less more

78	78	*/
79	79
80	80
81		/* For declaration of krb5_ser_context_init */
82		#include "k5-int.h"
83	81	#include "gssapiP_krb5.h"
84	82	#include "mglueP.h"
85	83

779	777	localname->value = gssalloc_strdup(lname);
780	778	localname->length = strlen(lname);
781	779
782		return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
	780	return GSS_S_COMPLETE;
783	781	}
784	782
785	783

+0

-1

src/lib/gssapi/krb5/iakerb.c less more

261	261	/*
262	262	* Assemble the IAKERB-HEADER from the realm and cookie
263	263	*/
264		memset(&iah, 0, sizeof(iah));
265	264	iah.target_realm = *realm;
266	265	iah.cookie = cookie;
267	266

+2

-6

src/lib/gssapi/krb5/import_cred.c less more

170	170	return 0;
171	171	if (k5_json_get_tid(v) != K5_JSON_TID_STRING)
172	172	return -1;
173		if (krb5_rc_resolve_full(context, &rcache, (char *)k5_json_string_utf8(v)))
174		return -1;
175		if (krb5_rc_recover_or_initialize(context, rcache, context->clockskew)) {
176		krb5_rc_close(context, rcache);
177		return -1;
178		}
	173	if (k5_rc_resolve(context, (char *)k5_json_string_utf8(v), &rcache))
	174	return -1;
179	175	*rcache_out = rcache;
180	176	return 0;
181	177	}

+1

-24

src/lib/gssapi/krb5/import_sec_context.c less more

47	47	return oid;
48	48	}
49	49
50		krb5_error_code
51		krb5_gss_ser_init (krb5_context context)
52		{
53		krb5_error_code code;
54		static krb5_error_code (KRB5_CALLCONV *const fns[])(krb5_context) = {
55		krb5_ser_context_init, krb5_ser_auth_context_init,
56		krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
57		};
58		unsigned int i;
59
60		for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
61		if ((code = (fns[i])(context)) != 0)
62		return code;
63		return 0;
64		}
65
66	50	OM_uint32 KRB5_CALLCONV
67	51	krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
68	52	OM_uint32 *minor_status;

84	68	*minor_status = kret;
85	69	return GSS_S_FAILURE;
86	70	}
87		kret = krb5_gss_ser_init(context);
88		if (kret) {
89		*minor_status = kret;
90		save_error_info(*minor_status, context);
91		krb5_free_context(context);
92		return GSS_S_FAILURE;
93		}
94	71
95	72	/* Assume a tragic failure */
96	73	ctx = (krb5_gss_ctx_id_t) NULL;

99	76	/* Internalize the context */
100	77	ibp = (krb5_octet *) interprocess_token->value;
101	78	blen = (size_t) interprocess_token->length;
102		kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
	79	kret = kg_ctx_internalize(context, &ctx, &ibp, &blen);
103	80	if (kret) {
104	81	*minor_status = (OM_uint32) kret;
105	82	save_error_info(*minor_status, context);

+16

-3

src/lib/gssapi/krb5/init_sec_context.c less more

128	128	krb5_error_code code;
129	129	krb5_creds in_creds, evidence_creds, mcreds, *result_creds = NULL;
130	130	krb5_flags flags = 0;
	131	krb5_principal_data server_data;
131	132
132	133	*out_creds = NULL;
133	134

138	139
139	140	assert(cred->name != NULL);
140	141
	142	/* Remove assumed realm from host-based S4U2Proxy requests as they must
	143	* start in the client realm. */
	144	server_data = *server->princ;
	145	if (cred->impersonator != NULL && server_data.type == KRB5_NT_SRV_HST)
	146	server_data.realm = empty_data();
	147	in_creds.server = &server_data;
	148
141	149	in_creds.client = cred->name->princ;
142		in_creds.server = server->princ;
143	150	in_creds.times.endtime = endtime;
144	151	in_creds.authdata = NULL;
145	152	in_creds.keyblock.enctype = 0;

188	195	if (code)
189	196	goto cleanup;
190	197
191		assert(evidence_creds.ticket_flags & TKT_FLG_FORWARDABLE);
192	198	in_creds.client = cred->impersonator;
193	199	in_creds.second_ticket = evidence_creds.ticket;
194	200	flags = KRB5_GC_CANONICALIZE \| KRB5_GC_CONSTRAINED_DELEGATION;

555	561	ctx->initiate = 1;
556	562	ctx->seed_init = 0;
557	563	ctx->seqstate = 0;
	564
	565	/* enforce_ok_as_delegate causes GSS_C_DELEG_FLAG to be treated as
	566	* GSS_C_DELEG_POLICY_FLAG (so ok-as-delegate is always enforced). */
	567	if (context->enforce_ok_as_delegate && (req_flags & GSS_C_DELEG_FLAG)) {
	568	req_flags &= ~GSS_C_DELEG_FLAG;
	569	req_flags \|= GSS_C_DELEG_POLICY_FLAG;
	570	}
558	571
559	572	ctx->gss_flags = req_flags & (GSS_C_CONF_FLAG \| GSS_C_INTEG_FLAG \|
560	573	GSS_C_MUTUAL_FLAG \| GSS_C_REPLAY_FLAG \|

809	822	if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
810	823	&ap_rep_data))) {
811	824	/*
812		* XXX A hack for backwards compatiblity.
	825	* XXX A hack for backwards compatibility.
813	826	* To be removed in 1999 -- proven
814	827	*/
815	828	krb5_auth_con_setuseruserkey(context, ctx->auth_context,

+1

-27

src/lib/gssapi/krb5/k5seal.c less more

70	70	char *data_ptr;
71	71	krb5_data plaind;
72	72	krb5_checksum md5cksum;
73		krb5_checksum cksum;
74	73	/* msglen contains the message length
75	74	* we are signing/encrypting. tmsglen
76	75	* contains the length of the message

136	135
137	136	/* pad the plaintext, encrypt if needed, and stick it in the token */
138	137
139		/* initialize the the cksum */
	138	/* initialize the the checksum */
140	139	switch (signalg) {
141		case SGN_ALG_DES_MAC_MD5:
142		case SGN_ALG_MD2_5:
143		md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
144		break;
145	140	case SGN_ALG_HMAC_SHA1_DES3_KD:
146	141	md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
147	142	break;

151	146	sign_usage = 15;
152	147	break;
153	148	default:
154		case SGN_ALG_DES_MAC:
155	149	abort ();
156	150	}
157	151

202	196	return(code);
203	197	}
204	198	switch(signalg) {
205		case SGN_ALG_DES_MAC_MD5:
206		case 3:
207
208		code = kg_encrypt_inplace(context, seq, KG_USAGE_SEAL,
209		(g_OID_equal(oid, gss_mech_krb5_old) ?
210		seq->keyblock.contents : NULL),
211		md5cksum.contents, 16);
212		if (code) {
213		krb5_free_checksum_contents(context, &md5cksum);
214		xfree (plain);
215		gssalloc_free(t);
216		return code;
217		}
218
219		cksum.length = cksum_size;
220		cksum.contents = md5cksum.contents + 16 - cksum.length;
221
222		memcpy(ptr+14, cksum.contents, cksum.length);
223		break;
224
225	199	case SGN_ALG_HMAC_SHA1_DES3_KD:
226	200	/*
227	201	* Using key derivation, the call to krb5_c_make_checksum

+0

-20

src/lib/gssapi/krb5/k5sealiov.c less more

144	144
145	145	/* initialize the checksum */
146	146	switch (ctx->signalg) {
147		case SGN_ALG_DES_MAC_MD5:
148		case SGN_ALG_MD2_5:
149		md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
150		break;
151	147	case SGN_ALG_HMAC_SHA1_DES3_KD:
152	148	md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
153	149	break;

157	153	sign_usage = 15;
158	154	break;
159	155	default:
160		case SGN_ALG_DES_MAC:
161	156	abort ();
162	157	}
163	158

182	177	goto cleanup;
183	178
184	179	switch (ctx->signalg) {
185		case SGN_ALG_DES_MAC_MD5:
186		case SGN_ALG_3:
187		code = kg_encrypt_inplace(context, ctx->seq, KG_USAGE_SEAL,
188		(g_OID_equal(ctx->mech_used,
189		gss_mech_krb5_old) ?
190		ctx->seq->keyblock.contents : NULL),
191		md5cksum.contents, 16);
192		if (code != 0)
193		goto cleanup;
194
195		cksum.length = ctx->cksum_size;
196		cksum.contents = md5cksum.contents + 16 - cksum.length;
197
198		memcpy(ptr + 14, cksum.contents, cksum.length);
199		break;
200	180	case SGN_ALG_HMAC_SHA1_DES3_KD:
201	181	assert(md5cksum.length == ctx->cksum_size);
202	182	memcpy(ptr + 14, md5cksum.contents, md5cksum.length);

+2

-3

src/lib/gssapi/krb5/k5sealv3.c less more

144	144	/* TOK_ID */
145	145	store_16_be(KG2_TOK_WRAP_MSG, outbuf);
146	146	/* flags */
147		outbuf[2] = (acceptor_flag
148		\| (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
149		\| (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
	147	outbuf[2] = (acceptor_flag \| FLAG_WRAP_CONFIDENTIAL \|
	148	(ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
150	149	/* filler */
151	150	outbuf[3] = 0xff;
152	151	/* EC */

+2

-3

src/lib/gssapi/krb5/k5sealv3iov.c less more

143	143	/* TOK_ID */
144	144	store_16_be(KG2_TOK_WRAP_MSG, outbuf);
145	145	/* flags */
146		outbuf[2] = (acceptor_flag
147		\| (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
148		\| (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
	146	outbuf[2] = (acceptor_flag \| FLAG_WRAP_CONFIDENTIAL \|
	147	(ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
149	148	/* filler */
150	149	outbuf[3] = 0xFF;
151	150	/* EC */

+0

-112

src/lib/gssapi/krb5/k5unseal.c less more

75	75	int sealalg;
76	76	int bad_pad = 0;
77	77	gss_buffer_desc token;
78		krb5_checksum cksum;
79	78	krb5_checksum md5cksum;
80	79	krb5_data plaind;
81	80	char *data_ptr;

131	130	but few enough that we can try them all. */
132	131
133	132	if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) \|\|
134		(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) \|\|
135	133	(ctx->sealalg == SEAL_ALG_DES3KD &&
136	134	signalg != SGN_ALG_HMAC_SHA1_DES3_KD)\|\|
137	135	(ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&

141	139	}
142	140
143	141	switch (signalg) {
144		case SGN_ALG_DES_MAC_MD5:
145		case SGN_ALG_MD2_5:
146	142	case SGN_ALG_HMAC_MD5:
147	143	cksum_len = 8;
148	144	if (toktype != KG_TOK_SEAL_MSG)
149	145	sign_usage = 15;
150		break;
151		case SGN_ALG_3:
152		cksum_len = 16;
153	146	break;
154	147	case SGN_ALG_HMAC_SHA1_DES3_KD:
155	148	cksum_len = 20;

259	252
260	253	/* initialize the the cksum */
261	254	switch (signalg) {
262		case SGN_ALG_DES_MAC_MD5:
263		case SGN_ALG_MD2_5:
264		case SGN_ALG_DES_MAC:
265		case SGN_ALG_3:
266		md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
267		break;
268	255	case SGN_ALG_HMAC_MD5:
269	256	md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
270	257	break;

281	268	md5cksum.length = sumlen;
282	269
283	270	switch (signalg) {
284		case SGN_ALG_DES_MAC_MD5:
285		case SGN_ALG_3:
286		/* compute the checksum of the message */
287
288		/* 8 = bytes of token body to be checksummed according to spec */
289
290		if (! (data_ptr = xmalloc(8 + plainlen))) {
291		if (sealalg != 0xffff)
292		xfree(plain);
293		if (toktype == KG_TOK_SEAL_MSG)
294		gssalloc_free(token.value);
295		*minor_status = ENOMEM;
296		return(GSS_S_FAILURE);
297		}
298
299		(void) memcpy(data_ptr, ptr-2, 8);
300
301		(void) memcpy(data_ptr+8, plain, plainlen);
302
303		plaind.length = 8 + plainlen;
304		plaind.data = data_ptr;
305		code = krb5_k_make_checksum(context, md5cksum.checksum_type,
306		ctx->seq, sign_usage,
307		&plaind, &md5cksum);
308		xfree(data_ptr);
309
310		if (code) {
311		if (toktype == KG_TOK_SEAL_MSG)
312		gssalloc_free(token.value);
313		*minor_status = code;
314		return(GSS_S_FAILURE);
315		}
316
317		code = kg_encrypt_inplace(context, ctx->seq, KG_USAGE_SEAL,
318		(g_OID_equal(ctx->mech_used,
319		gss_mech_krb5_old) ?
320		ctx->seq->keyblock.contents : NULL),
321		md5cksum.contents, 16);
322		if (code) {
323		krb5_free_checksum_contents(context, &md5cksum);
324		if (toktype == KG_TOK_SEAL_MSG)
325		gssalloc_free(token.value);
326		*minor_status = code;
327		return GSS_S_FAILURE;
328		}
329
330		if (signalg == 0)
331		cksum.length = 8;
332		else
333		cksum.length = 16;
334		cksum.contents = md5cksum.contents + 16 - cksum.length;
335
336		code = k5_bcmp(cksum.contents, ptr + 14, cksum.length);
337		break;
338
339		case SGN_ALG_MD2_5:
340		if (!ctx->seed_init &&
341		(code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
342		krb5_free_checksum_contents(context, &md5cksum);
343		if (sealalg != 0xffff)
344		xfree(plain);
345		if (toktype == KG_TOK_SEAL_MSG)
346		gssalloc_free(token.value);
347		*minor_status = code;
348		return GSS_S_FAILURE;
349		}
350
351		if (! (data_ptr = xmalloc(sizeof(ctx->seed) + 8 + plainlen))) {
352		krb5_free_checksum_contents(context, &md5cksum);
353		if (sealalg == 0)
354		xfree(plain);
355		if (toktype == KG_TOK_SEAL_MSG)
356		gssalloc_free(token.value);
357		*minor_status = ENOMEM;
358		return(GSS_S_FAILURE);
359		}
360		(void) memcpy(data_ptr, ptr-2, 8);
361		(void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
362		(void) memcpy(data_ptr+8+sizeof(ctx->seed), plain, plainlen);
363		plaind.length = 8 + sizeof(ctx->seed) + plainlen;
364		plaind.data = data_ptr;
365		krb5_free_checksum_contents(context, &md5cksum);
366		code = krb5_k_make_checksum(context, md5cksum.checksum_type,
367		ctx->seq, sign_usage,
368		&plaind, &md5cksum);
369		xfree(data_ptr);
370
371		if (code) {
372		if (sealalg == 0)
373		xfree(plain);
374		if (toktype == KG_TOK_SEAL_MSG)
375		gssalloc_free(token.value);
376		*minor_status = code;
377		return(GSS_S_FAILURE);
378		}
379
380		code = k5_bcmp(md5cksum.contents, ptr + 14, 8);
381		/* Falls through to defective-token?? */
382
383	271	default:
384	272	*minor_status = 0;
385	273	return(GSS_S_DEFECTIVE_TOKEN);

+3

-32

src/lib/gssapi/krb5/k5unsealiov.c less more

43	43	unsigned char *ptr;
44	44	int sealalg;
45	45	int signalg;
46		krb5_checksum cksum;
47	46	krb5_checksum md5cksum;
48	47	size_t cksum_len = 0;
49	48	size_t conflen = 0;

53	52	size_t sumlen;
54	53	krb5_keyusage sign_usage = KG_USAGE_SIGN;
55	54
56		md5cksum.length = cksum.length = 0;
57		md5cksum.contents = cksum.contents = NULL;
	55	md5cksum.length = 0;
	56	md5cksum.contents = NULL;
58	57
59	58	header = kg_locate_header_iov(iov, iov_count, toktype);
60	59	assert(header != NULL);

102	101	}
103	102
104	103	if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) \|\|
105		(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) \|\|
106	104	(ctx->sealalg == SEAL_ALG_DES3KD &&
107	105	signalg != SGN_ALG_HMAC_SHA1_DES3_KD)\|\|
108	106	(ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&

112	110	}
113	111
114	112	switch (signalg) {
115		case SGN_ALG_DES_MAC_MD5:
116		case SGN_ALG_MD2_5:
117	113	case SGN_ALG_HMAC_MD5:
118	114	cksum_len = 8;
119	115	if (toktype != KG_TOK_WRAP_MSG)
120	116	sign_usage = 15;
121		break;
122		case SGN_ALG_3:
123		cksum_len = 16;
124	117	break;
125	118	case SGN_ALG_HMAC_SHA1_DES3_KD:
126	119	cksum_len = 20;

188	181	/* initialize the checksum */
189	182
190	183	switch (signalg) {
191		case SGN_ALG_DES_MAC_MD5:
192		case SGN_ALG_MD2_5:
193		case SGN_ALG_DES_MAC:
194		case SGN_ALG_3:
195		md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
196		break;
197	184	case SGN_ALG_HMAC_MD5:
198	185	md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
199	186	break;

222	209	}
223	210
224	211	switch (signalg) {
225		case SGN_ALG_DES_MAC_MD5:
226		case SGN_ALG_3:
227		code = kg_encrypt_inplace(context, ctx->seq, KG_USAGE_SEAL,
228		(g_OID_equal(ctx->mech_used,
229		gss_mech_krb5_old) ?
230		ctx->seq->keyblock.contents : NULL),
231		md5cksum.contents, 16);
232		if (code != 0) {
233		retval = GSS_S_FAILURE;
234		goto cleanup;
235		}
236
237		cksum.length = cksum_len;
238		cksum.contents = md5cksum.contents + 16 - cksum.length;
239
240		code = k5_bcmp(cksum.contents, ptr + 14, cksum.length);
241		break;
242	212	case SGN_ALG_HMAC_SHA1_DES3_KD:
243	213	case SGN_ALG_HMAC_MD5:
244	214	code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);

280	250	(!ctx->initiate && direction != 0)) {
281	251	*minor_status = (OM_uint32)G_BAD_DIRECTION;
282	252	retval = GSS_S_BAD_SIG;
	253	goto cleanup;
283	254	}
284	255
285	256	code = 0;

+1

-1

src/lib/gssapi/krb5/naming_exts.c less more

623	623	exp_composite_name->length += 4; /* length of encoded attributes */
624	624	if (attrs != NULL)
625	625	exp_composite_name->length += attrs->length;
626		exp_composite_name->value = malloc(exp_composite_name->length);
	626	exp_composite_name->value = gssalloc_malloc(exp_composite_name->length);
627	627	if (exp_composite_name->value == NULL) {
628	628	code = ENOMEM;
629	629	goto cleanup;

+1

-1

src/lib/gssapi/krb5/prf.c less more

85	85	if (desired_output_len == 0)
86	86	return GSS_S_COMPLETE;
87	87
88		prf_out->value = k5alloc(desired_output_len, &code);
	88	prf_out->value = gssalloc_malloc(desired_output_len);
89	89	if (prf_out->value == NULL) {
90	90	code = KG_INPUT_TOO_LONG;
91	91	goto cleanup;

+2

-6

src/lib/gssapi/krb5/rel_cred.c less more

29	29	{
30	30	krb5_context context;
31	31	krb5_gss_cred_id_t cred;
32		krb5_error_code code1, code2, code3;
	32	krb5_error_code code1, code2;
33	33
34	34	code1 = krb5_gss_init_context(&context);
35	35	if (code1) {

67	67	code2 = 0;
68	68
69	69	if (cred->rcache)
70		code3 = krb5_rc_close(context, cred->rcache);
71		else
72		code3 = 0;
	70	k5_rc_close(context, cred->rcache);
73	71	if (cred->name)
74	72	kg_release_name(context, &cred->name);
75	73

90	88	*minor_status = code1;
91	89	if (code2)
92	90	*minor_status = code2;
93		if (code3)
94		*minor_status = code3;
95	91
96	92	if (*minor_status)
97	93	save_error_info(*minor_status, context);

+3

-11

src/lib/gssapi/krb5/s4u_gss_glue.c less more

260	260	if (code != 0)
261	261	goto cleanup;
262	262
263		/*
264		* Only return a "proxy" credential for use with constrained
265		* delegation if the subject credentials are forwardable.
266		* Submitting non-forwardable credentials to the KDC for use
267		* with constrained delegation will only return an error.
268		*/
269		if (subject_creds->ticket_flags & TKT_FLG_FORWARDABLE) {
270		code = make_proxy_cred(context, cred, impersonator_cred);
271		if (code != 0)
272		goto cleanup;
273		}
	263	code = make_proxy_cred(context, cred, impersonator_cred);
	264	if (code != 0)
	265	goto cleanup;
274	266
275	267	code = krb5_cc_store_cred(context, cred->ccache, subject_creds);
276	268	if (code != 0)

+86

-186

src/lib/gssapi/krb5/ser_sctx.c less more

39	39	*/
40	40
41	41	static krb5_error_code
42		kg_oid_externalize(kcontext, arg, buffer, lenremain)
43		krb5_context kcontext;
44		krb5_pointer arg;
45		krb5_octet **buffer;
46		size_t *lenremain;
47		{
48		gss_OID oid = (gss_OID) arg;
	42	kg_oid_externalize(gss_OID oid, krb5_octet *buffer, size_t lenremain)
	43	{
49	44	krb5_error_code err;
50	45
51	46	err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);

64	59	}
65	60
66	61	static krb5_error_code
67		kg_oid_internalize(kcontext, argp, buffer, lenremain)
68		krb5_context kcontext;
69		krb5_pointer *argp;
70		krb5_octet **buffer;
71		size_t *lenremain;
	62	kg_oid_internalize(gss_OID argp, krb5_octet buffer, size_t lenremain)
72	63	{
73	64	gss_OID oid;
74	65	krb5_int32 ibuf;

120	111
121	112	*buffer = bp;
122	113	*lenremain = remain;
123		*argp = (krb5_pointer) oid;
	114	*argp = oid;
124	115	return 0;
125	116	}
126	117
127	118	static krb5_error_code
128		kg_oid_size(kcontext, arg, sizep)
129		krb5_context kcontext;
130		krb5_pointer arg;
131		size_t *sizep;
	119	kg_oid_size(gss_OID oid, size_t *sizep)
132	120	{
133	121	krb5_error_code kret;
134		gss_OID oid;
135	122	size_t required;
136	123
137	124	kret = EINVAL;
138		if ((oid = (gss_OID) arg)) {
	125	if (oid != NULL) {
139	126	required = 2sizeof(krb5_int32); / For the header and trailer */
140	127	required += sizeof(krb5_int32);
141	128	required += oid->length;

149	136	}
150	137
151	138	static krb5_error_code
152		kg_seqstate_externalize(kcontext, arg, buffer, lenremain)
153		krb5_context kcontext;
	139	kg_seqstate_externalize(arg, buffer, lenremain)
154	140	g_seqnum_state arg;
155	141	krb5_octet **buffer;
156	142	size_t *lenremain;

165	151	}
166	152
167	153	static krb5_error_code
168		kg_seqstate_internalize(kcontext, argp, buffer, lenremain)
169		krb5_context kcontext;
	154	kg_seqstate_internalize(argp, buffer, lenremain)
170	155	g_seqnum_state *argp;
171	156	krb5_octet **buffer;
172	157	size_t *lenremain;

207	192	}
208	193
209	194	static krb5_error_code
210		kg_seqstate_size(kcontext, arg, sizep)
211		krb5_context kcontext;
	195	kg_seqstate_size(arg, sizep)
212	196	g_seqnum_state arg;
213	197	size_t *sizep;
214	198	{

230	214	* Determine the size required for this krb5_gss_ctx_id_rec.
231	215	*/
232	216	krb5_error_code
233		kg_ctx_size(kcontext, arg, sizep)
234		krb5_context kcontext;
235		krb5_pointer arg;
236		size_t *sizep;
	217	kg_ctx_size(krb5_context kcontext, krb5_gss_ctx_id_t ctx, size_t *sizep)
237	218	{
238	219	krb5_error_code kret;
239		krb5_gss_ctx_id_rec *ctx;
240	220	size_t required;
241	221
242	222	/*

276	256	* krb5_int32 for trailer.
277	257	*/
278	258	kret = EINVAL;
279		if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
	259	if (ctx != NULL) {
280	260	required = 21*sizeof(krb5_int32);
281	261	required += 2*sizeof(int64_t);
282	262	required += sizeof(ctx->seed);
283	263
284	264	kret = 0;
285	265	if (!kret && ctx->here)
286		kret = krb5_size_opaque(kcontext,
287		KV5M_PRINCIPAL,
288		(krb5_pointer) ctx->here->princ,
289		&required);
	266	kret = k5_size_principal(ctx->here->princ, &required);
290	267
291	268	if (!kret && ctx->there)
292		kret = krb5_size_opaque(kcontext,
293		KV5M_PRINCIPAL,
294		(krb5_pointer) ctx->there->princ,
295		&required);
	269	kret = k5_size_principal(ctx->there->princ, &required);
296	270
297	271	if (!kret && ctx->subkey)
298		kret = krb5_size_opaque(kcontext,
299		KV5M_KEYBLOCK,
300		(krb5_pointer) &ctx->subkey->keyblock,
301		&required);
	272	kret = k5_size_keyblock(&ctx->subkey->keyblock, &required);
302	273
303	274	if (!kret && ctx->enc)
304		kret = krb5_size_opaque(kcontext,
305		KV5M_KEYBLOCK,
306		(krb5_pointer) &ctx->enc->keyblock,
307		&required);
	275	kret = k5_size_keyblock(&ctx->enc->keyblock, &required);
308	276
309	277	if (!kret && ctx->seq)
310		kret = krb5_size_opaque(kcontext,
311		KV5M_KEYBLOCK,
312		(krb5_pointer) &ctx->seq->keyblock,
313		&required);
	278	kret = k5_size_keyblock(&ctx->seq->keyblock, &required);
314	279
315	280	if (!kret)
316		kret = kg_oid_size(kcontext,
317		(krb5_pointer) ctx->mech_used,
318		&required);
	281	kret = kg_oid_size(ctx->mech_used, &required);
319	282
320	283	if (!kret && ctx->seqstate)
321		kret = kg_seqstate_size(kcontext, ctx->seqstate, &required);
	284	kret = kg_seqstate_size(ctx->seqstate, &required);
322	285
323	286	if (!kret)
324		kret = krb5_size_opaque(kcontext,
325		KV5M_CONTEXT,
326		(krb5_pointer) ctx->k5_context,
327		&required);
	287	kret = k5_size_context(ctx->k5_context, &required);
328	288	if (!kret)
329		kret = krb5_size_opaque(kcontext,
330		KV5M_AUTH_CONTEXT,
331		(krb5_pointer) ctx->auth_context,
332		&required);
	289	kret = k5_size_auth_context(ctx->auth_context, &required);
333	290	if (!kret && ctx->acceptor_subkey)
334		kret = krb5_size_opaque(kcontext,
335		KV5M_KEYBLOCK, (krb5_pointer)
336		&ctx->acceptor_subkey->keyblock,
	291	kret = k5_size_keyblock(&ctx->acceptor_subkey->keyblock,
337	292	&required);
338	293	if (!kret && ctx->authdata) {
339	294	krb5_int32 i;
340	295
341		for (i = 0; !kret && ctx->authdata[i]; i++) {
342		kret = krb5_size_opaque(kcontext,
343		KV5M_AUTHDATA,
344		(krb5_pointer)ctx->authdata[i],
345		&required);
346		}
	296	for (i = 0; !kret && ctx->authdata[i]; i++)
	297	kret = k5_size_authdata(ctx->authdata[i], &required);
347	298	}
348	299	if (!kret) {
349	300	krb5_gss_name_t initiator_name;

351	302	initiator_name = ctx->initiate ? ctx->here : ctx->there;
352	303
353	304	if (initiator_name && initiator_name->ad_context) {
354		kret = krb5_size_opaque(kcontext,
355		KV5M_AUTHDATA_CONTEXT,
356		initiator_name->ad_context,
357		&required);
	305	kret = k5_size_authdata_context(kcontext,
	306	initiator_name->ad_context,
	307	&required);
358	308	}
359	309	}
360	310	*sizep += required;

366	316	* Externalize this krb5_gss_ctx_id_ret.
367	317	*/
368	318	krb5_error_code
369		kg_ctx_externalize(kcontext, arg, buffer, lenremain)
370		krb5_context kcontext;
371		krb5_pointer arg;
372		krb5_octet **buffer;
373		size_t *lenremain;
	319	kg_ctx_externalize(krb5_context kcontext, krb5_gss_ctx_id_t ctx,
	320	krb5_octet *buffer, size_t lenremain)
374	321	{
375	322	krb5_error_code kret;
376		krb5_gss_ctx_id_rec *ctx;
377	323	size_t required;
378	324	krb5_octet *bp;
379	325	size_t remain;

387	333	bp = *buffer;
388	334	remain = *lenremain;
389	335	kret = EINVAL;
390		if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
	336	if (ctx != NULL) {
391	337	kret = ENOMEM;
392		if (!kg_ctx_size(kcontext, arg, &required) &&
	338	if (!kg_ctx_size(kcontext, ctx, &required) &&
393	339	(required <= remain)) {
394	340	/* Our identifier */
395	341	(void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);

433	379	kret = 0;
434	380
435	381	if (!kret && ctx->mech_used)
436		kret = kg_oid_externalize(kcontext, ctx->mech_used,
437		&bp, &remain);
	382	kret = kg_oid_externalize(ctx->mech_used, &bp, &remain);
438	383
439	384	if (!kret && ctx->here)
440		kret = krb5_externalize_opaque(kcontext,
441		KV5M_PRINCIPAL,
442		(krb5_pointer) ctx->here->princ,
	385	kret = k5_externalize_principal(ctx->here->princ,
	386	&bp, &remain);
	387
	388	if (!kret && ctx->there)
	389	kret = k5_externalize_principal(ctx->there->princ,
	390	&bp, &remain);
	391
	392	if (!kret && ctx->subkey)
	393	kret = k5_externalize_keyblock(&ctx->subkey->keyblock,
443	394	&bp, &remain);
444	395
445		if (!kret && ctx->there)
446		kret = krb5_externalize_opaque(kcontext,
447		KV5M_PRINCIPAL,
448		(krb5_pointer) ctx->there->princ,
	396	if (!kret && ctx->enc)
	397	kret = k5_externalize_keyblock(&ctx->enc->keyblock,
449	398	&bp, &remain);
450	399
451		if (!kret && ctx->subkey)
452		kret = krb5_externalize_opaque(kcontext,
453		KV5M_KEYBLOCK, (krb5_pointer)
454		&ctx->subkey->keyblock,
	400	if (!kret && ctx->seq)
	401	kret = k5_externalize_keyblock(&ctx->seq->keyblock,
455	402	&bp, &remain);
456	403
457		if (!kret && ctx->enc)
458		kret = krb5_externalize_opaque(kcontext,
459		KV5M_KEYBLOCK, (krb5_pointer)
460		&ctx->enc->keyblock,
461		&bp, &remain);
462
463		if (!kret && ctx->seq)
464		kret = krb5_externalize_opaque(kcontext,
465		KV5M_KEYBLOCK, (krb5_pointer)
466		&ctx->seq->keyblock,
467		&bp, &remain);
468
469	404	if (!kret && ctx->seqstate)
470		kret = kg_seqstate_externalize(kcontext,
471		ctx->seqstate, &bp, &remain);
472
473		if (!kret)
474		kret = krb5_externalize_opaque(kcontext,
475		KV5M_CONTEXT,
476		(krb5_pointer) ctx->k5_context,
477		&bp, &remain);
478
479		if (!kret)
480		kret = krb5_externalize_opaque(kcontext,
481		KV5M_AUTH_CONTEXT,
482		(krb5_pointer) ctx->auth_context,
483		&bp, &remain);
	405	kret = kg_seqstate_externalize(ctx->seqstate, &bp, &remain);
	406
	407	if (!kret)
	408	kret = k5_externalize_context(ctx->k5_context, &bp, &remain);
	409
	410	if (!kret)
	411	kret = k5_externalize_auth_context(ctx->auth_context,
	412	&bp, &remain);
484	413
485	414	if (!kret)
486	415	kret = krb5_ser_pack_int32((krb5_int32) ctx->proto,

489	418	kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype,
490	419	&bp, &remain);
491	420	if (!kret && ctx->acceptor_subkey)
492		kret = krb5_externalize_opaque(kcontext,
493		KV5M_KEYBLOCK, (krb5_pointer)
494		&ctx->acceptor_subkey->keyblock,
	421	kret = k5_externalize_keyblock(&ctx->acceptor_subkey->keyblock,
495	422	&bp, &remain);
496	423	if (!kret)
497	424	kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype,

512	439	if (!kret && ctx->authdata) {
513	440	/* authdata */
514	441	for (i = 0; !kret && ctx->authdata[i]; i++)
515		kret = krb5_externalize_opaque(kcontext,
516		KV5M_AUTHDATA,
517		ctx->authdata[i],
518		&bp,
519		&remain);
	442	kret = k5_externalize_authdata(ctx->authdata[i],
	443	&bp, &remain);
520	444	}
521	445	}
522	446	/* authdata context */

526	450	initiator_name = ctx->initiate ? ctx->here : ctx->there;
527	451
528	452	if (initiator_name && initiator_name->ad_context) {
529		kret = krb5_externalize_opaque(kcontext,
530		KV5M_AUTHDATA_CONTEXT,
531		initiator_name->ad_context,
532		&bp,
533		&remain);
	453	kret = k5_externalize_authdata_context(kcontext,
	454	initiator_name->
	455	ad_context,
	456	&bp, &remain);
534	457	}
535	458	}
536	459	/* trailer */

547	470
548	471	/* Internalize a keyblock and convert it to a key. */
549	472	static krb5_error_code
550		intern_key(krb5_context ctx, krb5_key key, krb5_octet bp, size_t sp)
	473	intern_key(krb5_key key, krb5_octet bp, size_t sp)
551	474	{
552	475	krb5_keyblock *keyblock;
553	476	krb5_error_code ret;
554	477
555		ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK,
556		(krb5_pointer *) &keyblock, bp, sp);
	478	ret = k5_internalize_keyblock(&keyblock, bp, sp);
557	479	if (ret != 0)
558	480	return ret;
559		ret = krb5_k_create_key(ctx, keyblock, key);
560		krb5_free_keyblock(ctx, keyblock);
	481	ret = krb5_k_create_key(NULL, keyblock, key);
	482	krb5_free_keyblock(NULL, keyblock);
561	483	return ret;
562	484	}
563	485

565	487	* Internalize this krb5_gss_ctx_id_t.
566	488	*/
567	489	krb5_error_code
568		kg_ctx_internalize(kcontext, argp, buffer, lenremain)
569		krb5_context kcontext;
570		krb5_pointer *argp;
571		krb5_octet **buffer;
572		size_t *lenremain;
	490	kg_ctx_internalize(krb5_context kcontext, krb5_gss_ctx_id_t *argp,
	491	krb5_octet *buffer, size_t lenremain)
573	492	{
574	493	krb5_error_code kret;
575	494	krb5_gss_ctx_id_rec *ctx;

602	521	memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
603	522
604	523	ctx->magic = ibuf;
605		ctx->k5_context = kcontext;
606	524
607	525	/* Get static data */
608	526	(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

644	562	}
645	563
646	564	{
647		krb5_pointer tmp;
648		kret = kg_oid_internalize(kcontext, &tmp, &bp,
649		&remain);
	565	gss_OID tmp;
	566	kret = kg_oid_internalize(&tmp, &bp, &remain);
650	567	if (kret == 0)
651	568	ctx->mech_used = tmp;
652	569	else if (kret == EINVAL)
653	570	kret = 0;
654	571	}
655	572	/* Now get substructure data */
656		kret = krb5_internalize_opaque(kcontext,
657		KV5M_PRINCIPAL,
658		(krb5_pointer *) &princ,
659		&bp, &remain);
	573	kret = k5_internalize_principal(&princ, &bp, &remain);
660	574	if (kret == 0) {
661	575	kret = kg_init_name(kcontext, princ, NULL, NULL, NULL,
662	576	KG_INIT_NAME_NO_COPY, &ctx->here);

665	579	} else if (kret == EINVAL)
666	580	kret = 0;
667	581	if (!kret) {
668		kret = krb5_internalize_opaque(kcontext,
669		KV5M_PRINCIPAL,
670		(krb5_pointer *) &princ,
671		&bp, &remain);
	582	kret = k5_internalize_principal(&princ, &bp, &remain);
672	583	if (kret == 0) {
673	584	kret = kg_init_name(kcontext, princ, NULL, NULL, NULL,
674	585	KG_INIT_NAME_NO_COPY, &ctx->there);

678	589	kret = 0;
679	590	}
680	591	if (!kret &&
681		(kret = intern_key(kcontext, &ctx->subkey, &bp, &remain))) {
	592	(kret = intern_key(&ctx->subkey, &bp, &remain))) {
682	593	if (kret == EINVAL)
683	594	kret = 0;
684	595	}
685	596	if (!kret &&
686		(kret = intern_key(kcontext, &ctx->enc, &bp, &remain))) {
	597	(kret = intern_key(&ctx->enc, &bp, &remain))) {
687	598	if (kret == EINVAL)
688	599	kret = 0;
689	600	}
690	601	if (!kret &&
691		(kret = intern_key(kcontext, &ctx->seq, &bp, &remain))) {
	602	(kret = intern_key(&ctx->seq, &bp, &remain))) {
692	603	if (kret == EINVAL)
693	604	kret = 0;
694	605	}
695	606
696	607	if (!kret) {
697		kret = kg_seqstate_internalize(kcontext, &ctx->seqstate,
698		&bp, &remain);
	608	kret = kg_seqstate_internalize(&ctx->seqstate, &bp, &remain);
699	609	if (kret == EINVAL)
700	610	kret = 0;
701	611	}
702	612
703	613	if (!kret)
704		kret = krb5_internalize_opaque(kcontext,
705		KV5M_CONTEXT,
706		(krb5_pointer *) &ctx->k5_context,
707		&bp, &remain);
708
709		if (!kret)
710		kret = krb5_internalize_opaque(kcontext,
711		KV5M_AUTH_CONTEXT,
712		(krb5_pointer *) &ctx->auth_context,
713		&bp, &remain);
	614	kret = k5_internalize_context(&ctx->k5_context, &bp, &remain);
	615
	616	if (!kret)
	617	kret = k5_internalize_auth_context(&ctx->auth_context,
	618	&bp, &remain);
714	619
715	620	if (!kret)
716	621	kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);

719	624	kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
720	625	ctx->cksumtype = ibuf;
721	626	if (!kret &&
722		(kret = intern_key(kcontext, &ctx->acceptor_subkey,
723		&bp, &remain))) {
	627	(kret = intern_key(&ctx->acceptor_subkey, &bp, &remain))) {
724	628	if (kret == EINVAL)
725	629	kret = 0;
726	630	}

743	647	kret = ENOMEM;
744	648	} else {
745	649	for (i = 0; !kret && i < nadata; i++)
746		kret = krb5_internalize_opaque(kcontext,
747		KV5M_AUTHDATA,
748		(krb5_pointer *)&ctx->authdata[i],
749		&bp,
750		&remain);
	650	kret = k5_internalize_authdata(&ctx->authdata[i],
	651	&bp, &remain);
751	652	}
752	653	}
753	654	}

759	660	if (initiator_name == NULL) {
760	661	kret = EINVAL;
761	662	} else {
762		kret = krb5_internalize_opaque(kcontext,
763		KV5M_AUTHDATA_CONTEXT,
764		(krb5_pointer *)&initiator_name->ad_context,
765		&bp,
766		&remain);
	663	kret = k5_internalize_authdata_context(kcontext,
	664	&initiator_name->
	665	ad_context,
	666	&bp, &remain);
767	667	if (kret == EINVAL)
768	668	kret = 0;
769	669	}

777	677	if (!kret) {
778	678	*buffer = bp;
779	679	*lenremain = remain;
780		*argp = (krb5_pointer) ctx;
	680	*argp = ctx;
781	681	} else {
782	682	if (ctx->seq)
783	683	krb5_k_free_key(kcontext, ctx->seq);

+14

-15

src/lib/gssapi/krb5/set_allowable_enctypes.c less more

65	65	const gss_OID desired_oid,
66	66	const gss_buffer_t value)
67	67	{
68		unsigned int i;
	68	unsigned int i, j;
69	69	krb5_enctype * new_ktypes;
70	70	OM_uint32 major_status;
71	71	krb5_gss_cred_id_t cred;

82	82	/* verify and valildate cred handle */
83	83	cred = (krb5_gss_cred_id_t) *cred_handle;
84	84
85		if (req->ktypes) {
86		for (i = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
87		if (!krb5_c_valid_enctype(req->ktypes[i])) {
88		kerr = KRB5_PROG_ETYPE_NOSUPP;
89		goto error_out;
90		}
91		}
92		} else {
	85	if (req->ktypes == NULL) {
93	86	k5_mutex_lock(&cred->lock);
94	87	if (cred->req_enctypes)
95	88	free(cred->req_enctypes);

98	91	return GSS_S_COMPLETE;
99	92	}
100	93
101		/* Copy the requested ktypes into the cred structure */
102		if ((new_ktypes = (krb5_enctype )malloc(sizeof(krb5_enctype) (i + 1)))) {
103		memcpy(new_ktypes, req->ktypes, sizeof(krb5_enctype) * i);
104		new_ktypes[i] = 0; /* "null-terminate" the list */
	94	/* Copy the requested enctypes into the cred structure. Filter out the
	95	* ones we don't consider valid. Error out if no enctypes are valid. */
	96	new_ktypes = k5calloc(req->num_ktypes + 1, sizeof(*new_ktypes), &kerr);
	97	if (new_ktypes == NULL)
	98	goto error_out;
	99	for (i = 0, j = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
	100	if (krb5_c_valid_enctype(req->ktypes[i]))
	101	new_ktypes[j++] = req->ktypes[i];
105	102	}
106		else {
107		kerr = ENOMEM;
	103	new_ktypes[j] = 0;
	104	if (j == 0) {
	105	free(new_ktypes);
	106	kerr = KRB5_PROG_ETYPE_NOSUPP;
108	107	goto error_out;
109	108	}
110	109	k5_mutex_lock(&cred->lock);

+1

-0

src/lib/gssapi/krb5/util_cksum.c less more

47	47
48	48	cksum->checksum_type = CKSUMTYPE_RSA_MD5;
49	49	cksum->length = sumlen;
	50	cksum->magic = KV5M_CHECKSUM;
50	51
51	52	/* generate a buffer full of zeros if no cb specified */
52	53

+0

-41

src/lib/gssapi/krb5/util_crypt.c less more

73	73	return 0;
74	74	}
75	75
76		static krb5_error_code
77		kg_derive_des_enc_key(krb5_context context, krb5_key subkey, krb5_key *out)
78		{
79		krb5_error_code code;
80		krb5_keyblock *keyblock;
81		unsigned int i;
82
83		*out = NULL;
84
85		code = krb5_k_key_keyblock(context, subkey, &keyblock);
86		if (code != 0)
87		return code;
88
89		for (i = 0; i < keyblock->length; i++)
90		keyblock->contents[i] ^= 0xF0;
91
92		code = krb5_k_create_key(context, keyblock, out);
93		krb5_free_keyblock(context, keyblock);
94		return code;
95		}
96
97	76	krb5_error_code
98	77	kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey,
99	78	krb5_cksumtype *cksumtype)

117	96	return code;
118	97
119	98	switch (subkey->keyblock.enctype) {
120		case ENCTYPE_DES_CBC_MD5:
121		case ENCTYPE_DES_CBC_MD4:
122		case ENCTYPE_DES_CBC_CRC:
123		krb5_k_free_key(context, ctx->seq);
124		code = krb5_k_create_key(context, &subkey->keyblock, &ctx->seq);
125		if (code != 0)
126		return code;
127
128		krb5_k_free_key(context, ctx->enc);
129		code = kg_derive_des_enc_key(context, subkey, &ctx->enc);
130		if (code != 0)
131		return code;
132
133		ctx->enc->keyblock.enctype = ENCTYPE_DES_CBC_RAW;
134		ctx->seq->keyblock.enctype = ENCTYPE_DES_CBC_RAW;
135		ctx->signalg = SGN_ALG_DES_MAC_MD5;
136		ctx->cksum_size = 8;
137		ctx->sealalg = SEAL_ALG_DES;
138
139		break;
140	99	case ENCTYPE_DES3_CBC_SHA1:
141	100	code = kg_copy_keys(context, ctx, subkey);
142	101	if (code != 0)

+3

-0

src/lib/gssapi/libgssapi_krb5.exports less more

0	0	GSS_C_ATTR_LOCAL_LOGIN_USER
1	1	GSS_C_INQ_SSPI_SESSION_KEY
	2	GSS_C_INQ_NEGOEX_KEY
	3	GSS_C_INQ_NEGOEX_VERIFY_KEY
2	4	GSS_C_NT_ANONYMOUS
3	5	GSS_C_NT_COMPOSITE_EXPORT
4	6	GSS_C_NT_EXPORT_NAME

38	40	GSS_C_MA_PFS
39	41	GSS_C_MA_COMPRESS
40	42	GSS_C_MA_CTX_TRANS
	43	GSS_C_MA_NEGOEX_AND_SPNEGO
41	44	GSS_C_SEC_CONTEXT_SASL_SSF
42	45	gss_accept_sec_context
43	46	gss_acquire_cred

+4

-0

src/lib/gssapi/mechglue/Makefile.in less more

0	0	mydir=lib$(S)gssapi$(S)mechglue
1	1	BUILDTOP=$(REL)..$(S)..$(S)..
2	2	LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../krb5 -I$(srcdir)/../krb5 -I../spnego -I$(srcdir)/../spnego
	3
3	4	DEFINES=-D_GSS_STATIC_LINK=1
4	5
5	6	##DOSBUILDTOP = ..\..\..

48	49	$(srcdir)/g_mech_invoke.c \
49	50	$(srcdir)/g_mechattr.c \
50	51	$(srcdir)/g_mechname.c \
	52	$(srcdir)/g_negoex.c \
51	53	$(srcdir)/g_oid_ops.c \
52	54	$(srcdir)/g_prf.c \
53	55	$(srcdir)/g_process_context.c \

112	114	$(OUTPRE)g_mech_invoke.$(OBJEXT) \
113	115	$(OUTPRE)g_mechattr.$(OBJEXT) \
114	116	$(OUTPRE)g_mechname.$(OBJEXT) \
	117	$(OUTPRE)g_negoex.$(OBJEXT) \
115	118	$(OUTPRE)g_oid_ops.$(OBJEXT) \
116	119	$(OUTPRE)g_prf.$(OBJEXT) \
117	120	$(OUTPRE)g_process_context.$(OBJEXT) \

176	179	g_mech_invoke.o \
177	180	g_mechattr.o \
178	181	g_mechname.o \
	182	g_negoex.o \
179	183	g_oid_ops.o \
180	184	g_prf.o \
181	185	g_process_context.o \

+13

-4

src/lib/gssapi/mechglue/deps less more

233	233	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
234	234	$(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
235	235	$(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../krb5/gssapi_krb5.h \
236		$(srcdir)/../spnego/gssapiP_spnego.h $(top_srcdir)/include/k5-buf.h \
237		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
238		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
239		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	236	$(srcdir)/../spnego/gssapiP_negoex.h $(srcdir)/../spnego/gssapiP_spnego.h \
	237	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	238	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	239	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	240	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
240	241	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
241	242	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
242	243	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \

323	324	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
324	325	$(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
325	326	g_mechname.c mechglue.h mglueP.h
	327	g_negoex.so g_negoex.po $(OUTPRE)g_negoex.$(OBJEXT): \
	328	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
	329	$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
	330	$(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
	331	$(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
	332	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
	333	$(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
	334	g_negoex.c mechglue.h mglueP.h
326	335	g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \
327	336	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
328	337	$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \

+13

-13

src/lib/gssapi/mechglue/g_accept_sec_context.c less more

65	65	output_token->value = NULL;
66	66	}
67	67
	68	if (ret_flags != NULL)
	69	*ret_flags = 0;
	70
	71	if (time_rec != NULL)
	72	*time_rec = 0;
	73
68	74	if (d_cred != NULL)
69	75	*d_cred = GSS_C_NO_CREDENTIAL;
70	76

102	108	status = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
103	109	if (status)
104	110	return 0;
	111
	112	/* If the mechanism doesn't support RFC 5587, don't exclude it. */
	113	if (attrs == GSS_C_NO_OID_SET)
	114	return 1;
105	115
106	116	/* Check for each attribute which would cause us to exclude this mech from
107	117	* the default credential. */

221	231
222	232	/* Now create a new context if we didn't get one. */
223	233	if (*context_handle == GSS_C_NO_CONTEXT) {
224		status = GSS_S_FAILURE;
225		union_ctx_id = (gss_union_ctx_id_t)
226		malloc(sizeof(gss_union_ctx_id_desc));
227		if (!union_ctx_id)
228		return (GSS_S_FAILURE);
229
230		union_ctx_id->loopback = union_ctx_id;
231		union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
232		status = generic_gss_copy_oid(&temp_minor_status, selected_mech,
233		&union_ctx_id->mech_type);
234		if (status != GSS_S_COMPLETE) {
235		free(union_ctx_id);
	234	status = gssint_create_union_context(minor_status, selected_mech,
	235	&union_ctx_id);
	236	if (status != GSS_S_COMPLETE)
236	237	return (status);
237		}
238	238	}
239	239
240	240	/*

+1

-2

src/lib/gssapi/mechglue/g_authorize_localname.c less more

168	168
169	169	if (minor == NULL)
170	170	return (GSS_S_CALL_INACCESSIBLE_WRITE);
	171	*minor = 0;
171	172
172	173	if (name == GSS_C_NO_NAME \|\| user == GSS_C_NO_NAME)
173	174	return (GSS_S_CALL_INACCESSIBLE_READ);
174
175		*minor = 0;
176	175
177	176	unionName = (gss_union_name_t)name;
178	177	unionUser = (gss_union_name_t)user;

+5

-0

src/lib/gssapi/mechglue/g_complete_auth_token.c less more

42	42	gss_union_ctx_id_t ctx;
43	43	gss_mechanism mech;
44	44
	45	if (minor_status == NULL)
	46	return GSS_S_CALL_INACCESSIBLE_WRITE;
	47	*minor_status = 0;
	48	if (input_message_buffer == GSS_C_NO_BUFFER)
	49	return GSS_S_CALL_INACCESSIBLE_READ;
45	50	if (context_handle == GSS_C_NO_CONTEXT)
46	51	return GSS_S_NO_CONTEXT;
47	52

+1

-1

src/lib/gssapi/mechglue/g_decapsulate_token.c less more

54	54	if (minor != 0)
55	55	return GSS_S_DEFECTIVE_TOKEN;
56	56
57		output_token->value = malloc(body_size);
	57	output_token->value = gssalloc_malloc(body_size);
58	58	if (output_token->value == NULL)
59	59	return GSS_S_FAILURE;
60	60

+1

-2

src/lib/gssapi/mechglue/g_del_name_attr.c less more

37	37
38	38	if (minor_status == NULL)
39	39	return GSS_S_CALL_INACCESSIBLE_WRITE;
	40	*minor_status = 0;
40	41
41	42	if (name == GSS_C_NO_NAME)
42	43	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
43
44		*minor_status = 0;
45	44
46	45	union_name = (gss_union_name_t)name;
47	46

+1

-1

src/lib/gssapi/mechglue/g_encapsulate_token.c less more

50	50	assert(tokenSize > 2);
51	51	tokenSize -= 2; /* TOK_ID */
52	52
53		output_token->value = malloc(tokenSize);
	53	output_token->value = gssalloc_malloc(tokenSize);
54	54	if (output_token->value == NULL)
55	55	return GSS_S_FAILURE;
56	56

+1

-1

src/lib/gssapi/mechglue/g_exp_sec_context.c less more

111	111
112	112	length = token.length + 4 + ctx->mech_type->length;
113	113	interprocess_token->length = length;
114		interprocess_token->value = malloc(length);
	114	interprocess_token->value = gssalloc_malloc(length);
115	115	if (interprocess_token->value == 0) {
116	116	*minor_status = ENOMEM;
117	117	status = GSS_S_FAILURE;

+2

-5

src/lib/gssapi/mechglue/g_export_cred.c less more

65	65	gss_mechanism mech;
66	66	gss_buffer_desc mech_token;
67	67	struct k5buf buf;
68		char lenbuf[4];
69	68	int i;
70	69
71	70	status = val_exp_cred_args(minor_status, cred_handle, token);

96	95	}
97	96
98	97	/* Append the mech OID and token to buf. */
99		store_32_be(public_oid->length, lenbuf);
100		k5_buf_add_len(&buf, lenbuf, 4);
	98	k5_buf_add_uint32_be(&buf, public_oid->length);
101	99	k5_buf_add_len(&buf, public_oid->elements, public_oid->length);
102		store_32_be(mech_token.length, lenbuf);
103		k5_buf_add_len(&buf, lenbuf, 4);
	100	k5_buf_add_uint32_be(&buf, mech_token.length);
104	101	k5_buf_add_len(&buf, mech_token.value, mech_token.length);
105	102	gss_release_buffer(&tmpmin, &mech_token);
106	103	}

+8

-2

src/lib/gssapi/mechglue/g_export_name_comp.c less more

38	38	gss_union_name_t union_name;
39	39	gss_mechanism mech;
40	40
	41	if (minor_status != NULL)
	42	*minor_status = 0;
	43
	44	if (exp_composite_name != GSS_C_NO_BUFFER) {
	45	exp_composite_name->value = NULL;
	46	exp_composite_name->length = 0;
	47	}
	48
41	49	if (minor_status == NULL)
42	50	return GSS_S_CALL_INACCESSIBLE_WRITE;
43	51

46	54
47	55	if (exp_composite_name == GSS_C_NO_BUFFER)
48	56	return GSS_S_CALL_INACCESSIBLE_WRITE;
49
50		*minor_status = 0;
51	57
52	58	union_name = (gss_union_name_t)name;
53	59

+11

-11

src/lib/gssapi/mechglue/g_get_name_attr.c less more

40	40	gss_union_name_t union_name;
41	41	gss_mechanism mech;
42	42
43		if (minor_status == NULL)
44		return GSS_S_CALL_INACCESSIBLE_WRITE;
45
46		if (name == GSS_C_NO_NAME)
47		return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
48		if (attr == GSS_C_NO_BUFFER)
49		return GSS_S_CALL_INACCESSIBLE_READ;
50		if (more == NULL)
51		return GSS_S_CALL_INACCESSIBLE_WRITE;
52
	43	if (minor_status != NULL)
	44	*minor_status = 0;
53	45	if (authenticated != NULL)
54	46	*authenticated = 0;
55	47	if (complete != NULL)

63	55	display_value->length = 0;
64	56	}
65	57
66		*minor_status = 0;
	58	if (minor_status == NULL)
	59	return GSS_S_CALL_INACCESSIBLE_WRITE;
	60
	61	if (name == GSS_C_NO_NAME)
	62	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
	63	if (attr == GSS_C_NO_BUFFER)
	64	return GSS_S_CALL_INACCESSIBLE_READ;
	65	if (more == NULL)
	66	return GSS_S_CALL_INACCESSIBLE_WRITE;
67	67
68	68	union_name = (gss_union_name_t)name;
69	69

+28

-0

src/lib/gssapi/mechglue/g_glue.c less more

757	757
758	758	return (GSS_S_COMPLETE);
759	759	} /* **** gssint_create_copy_buffer **** */
	760
	761	OM_uint32
	762	gssint_create_union_context(OM_uint32 *minor, gss_const_OID mech_oid,
	763	gss_union_ctx_id_t *ctx_out)
	764	{
	765	OM_uint32 status;
	766	gss_union_ctx_id_t ctx;
	767
	768	*ctx_out = NULL;
	769
	770	ctx = calloc(1, sizeof(*ctx));
	771	if (ctx == NULL) {
	772	*minor = ENOMEM;
	773	return GSS_S_FAILURE;
	774	}
	775
	776	status = generic_gss_copy_oid(minor, mech_oid, &ctx->mech_type);
	777	if (status != GSS_S_COMPLETE) {
	778	free(ctx);
	779	return status;
	780	}
	781
	782	ctx->loopback = ctx;
	783	ctx->internal_ctx_id = GSS_C_NO_CONTEXT;
	784
	785	*ctx_out = ctx;
	786	return GSS_S_COMPLETE;
	787	}

+8

-22

src/lib/gssapi/mechglue/g_imp_sec_context.c less more

96	96	/* Initial value needed below. */
97	97	status = GSS_S_FAILURE;
98	98
99		ctx = (gss_union_ctx_id_t) malloc(sizeof(gss_union_ctx_id_desc));
100		if (!ctx)
101		return (GSS_S_FAILURE);
102
103	99	if (interprocess_token->length >= sizeof (OM_uint32)) {
104	100	p = interprocess_token->value;
105	101	length = (OM_uint32)*p++;

110	106
111	107	if (length == 0 \|\|
112	108	length > (interprocess_token->length - sizeof (OM_uint32))) {
113		free(ctx);
114	109	return (GSS_S_CALL_BAD_STRUCTURE \| GSS_S_DEFECTIVE_TOKEN);
115	110	}
116	111

130	125	status = gssint_select_mech_type(minor_status, &token_mech,
131	126	&selected_mech);
132	127	if (status != GSS_S_COMPLETE)
133		goto error_out;
	128	return status;
134	129
135	130	mech = gssint_get_mechanism(selected_mech);
136		if (!mech) {
137		status = GSS_S_BAD_MECH;
138		goto error_out;
139		}
	131	if (!mech)
	132	return GSS_S_BAD_MECH;
140	133	if (!mech->gssspi_import_sec_context_by_mech &&
141		!mech->gss_import_sec_context) {
142		status = GSS_S_UNAVAILABLE;
143		goto error_out;
144		}
	134	!mech->gss_import_sec_context)
	135	return GSS_S_UNAVAILABLE;
145	136
146		if (generic_gss_copy_oid(minor_status, selected_mech,
147		&ctx->mech_type) != GSS_S_COMPLETE) {
148		status = GSS_S_FAILURE;
149		goto error_out;
150		}
	137	status = gssint_create_union_context(minor_status, selected_mech, &ctx);
	138	if (status != GSS_S_COMPLETE)
	139	return status;
151	140
152	141	if (mech->gssspi_import_sec_context_by_mech) {
153	142	public_mech = gssint_get_public_oid(selected_mech);

159	148	}
160	149	if (status == GSS_S_COMPLETE) {
161	150	ctx->internal_ctx_id = mctx;
162		ctx->loopback = ctx;
163	151	*context_handle = (gss_ctx_id_t)ctx;
164	152	return (GSS_S_COMPLETE);
165	153	}
166	154	map_error(minor_status, mech);
167	155	free(ctx->mech_type->elements);
168	156	free(ctx->mech_type);
169
170		error_out:
171	157	free(ctx);
172	158	return status;
173	159	}

+9

-14

src/lib/gssapi/mechglue/g_init_sec_context.c less more

62	62	output_token->value = NULL;
63	63	}
64	64
	65	if (ret_flags != NULL)
	66	*ret_flags = 0;
	67
	68	if (time_rec != NULL)
	69	*time_rec = 0;
	70
65	71	/* Validate arguments. */
66	72
67	73	if (minor_status == NULL)

177	183	*/
178	184
179	185	if(*context_handle == GSS_C_NO_CONTEXT) {
180		status = GSS_S_FAILURE;
181		union_ctx_id = (gss_union_ctx_id_t)
182		malloc(sizeof(gss_union_ctx_id_desc));
183		if (union_ctx_id == NULL)
	186	status = gssint_create_union_context(minor_status, selected_mech,
	187	&union_ctx_id);
	188	if (status != GSS_S_COMPLETE)
184	189	goto end;
185
186		if (generic_gss_copy_oid(&temp_minor_status, selected_mech,
187		&union_ctx_id->mech_type) != GSS_S_COMPLETE) {
188		free(union_ctx_id);
189		goto end;
190		}
191
192		/* copy the supplied context handle */
193		union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
194	190	} else {
195	191	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
196	192	if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {

241	237	free(union_ctx_id);
242	238	}
243	239	} else if (*context_handle == GSS_C_NO_CONTEXT) {
244		union_ctx_id->loopback = union_ctx_id;
245	240	*context_handle = (gss_ctx_id_t)union_ctx_id;
246	241	}
247	242

+24

-0

src/lib/gssapi/mechglue/g_initialize.c less more

113	113	add_error_table(&et_ggss_error_table);
114	114
115	115	err = k5_mutex_finish_init(&g_mechSetLock);
	116	if (err)
	117	return err;
116	118	err = k5_mutex_finish_init(&g_mechListLock);
	119	if (err)
	120	return err;
117	121
118	122	#ifdef _GSS_STATIC_LINK
119	123	err = gss_krb5int_lib_init();
	124	if (err)
	125	return err;
120	126	err = gss_spnegoint_lib_init();
	127	if (err)
	128	return err;
121	129	#endif
122	130
123	131	err = gssint_mecherrmap_init();

166	174	{
167	175	OM_uint32 major;
168	176	gss_mech_info aMech;
	177
	178	if (minor_status != NULL)
	179	*minor_status = 0;
169	180
170	181	if (minor_status == NULL \|\| oid == NULL)
171	182	return (GSS_S_CALL_INACCESSIBLE_WRITE);

472	483	glob_t globbuf;
473	484	time_t highest = 0, now;
474	485	char **path;
	486	const char *val;
475	487
476	488	/* Don't glob and stat more than once per second. */
477	489	if (time(&now) == (time_t)-1 \|\| now == g_confLastCall)
478	490	return;
479	491	g_confLastCall = now;
	492
	493	val = secure_getenv("GSS_MECH_CONFIG");
	494	if (val != NULL) {
	495	load_if_changed(val, g_confFileModTime, &g_confFileModTime);
	496	return;
	497	}
480	498
481	499	load_if_changed(MECH_CONF, g_confFileModTime, &highest);
482	500

759	777	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
760	778	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
761	779	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
	780	/* draft-zhu-negoex */
	781	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_query_meta_data);
	782	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_exchange_meta_data);
	783	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_query_mechanism_info);
762	784
763	785	assert(mech_type != GSS_C_NO_OID);
764	786

1147	1169
1148	1170	if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 \|\|
1149	1171	errinfo.code != 0) {
	1172	k5_clear_error(&errinfo);
1150	1173	k5_mutex_unlock(&g_mechListLock);
1151	1174	return ((gss_mechanism)NULL);
1152	1175	}

1157	1180	aMech->mech = (*sym)(aMech->mech_type);
1158	1181	} else {
1159	1182	/* Try dynamic dispatch table */
	1183	k5_clear_error(&errinfo);
1160	1184	aMech->mech = build_dynamicMech(dl, aMech->mech_type);
1161	1185	aMech->freeMech = 1;
1162	1186	}

+7

-1

src/lib/gssapi/mechglue/g_inq_context_oid.c less more

35	35	gss_union_ctx_id_t ctx;
36	36	gss_mechanism mech;
37	37
38		if (minor_status == NULL)
	38	if (minor_status != NULL)
	39	*minor_status = 0;
	40
	41	if (data_set != NULL)
	42	*data_set = GSS_C_NO_BUFFER_SET;
	43
	44	if (minor_status == NULL \|\| data_set == NULL)
39	45	return GSS_S_CALL_INACCESSIBLE_WRITE;
40	46
41	47	if (context_handle == GSS_C_NO_CONTEXT)

+9

-3

src/lib/gssapi/mechglue/g_inq_cred_oid.c less more

73	73	gss_buffer_set_t ret_set = GSS_C_NO_BUFFER_SET;
74	74	OM_uint32 status, minor;
75	75
76		if (minor_status == NULL)
	76	if (minor_status != NULL)
	77	*minor_status = 0;
	78
	79	if (data_set != NULL)
	80	*data_set = GSS_C_NO_BUFFER_SET;
	81
	82	if (minor_status == NULL \|\| data_set == NULL)
77	83	return GSS_S_CALL_INACCESSIBLE_WRITE;
78	84
79	85	if (cred_handle == GSS_C_NO_CREDENTIAL)
80	86	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_NO_CRED;
81	87
82		*minor_status = 0;
83		*data_set = GSS_C_NO_BUFFER_SET;
	88	if (desired_object == GSS_C_NO_OID)
	89	return GSS_S_CALL_INACCESSIBLE_READ;
84	90
85	91	union_cred = (gss_union_cred_t) cred_handle;
86	92

+8

-6

src/lib/gssapi/mechglue/g_inq_name.c less more

37	37	gss_union_name_t union_name;
38	38	gss_mechanism mech;
39	39
40		if (minor_status == NULL)
41		return GSS_S_CALL_INACCESSIBLE_WRITE;
42
43		if (name == GSS_C_NO_NAME)
44		return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
	40	if (minor_status != NULL)
	41	*minor_status = 0;
45	42
46	43	if (MN_mech != NULL)
47	44	*MN_mech = GSS_C_NO_OID;

49	46	if (attrs != NULL)
50	47	*attrs = GSS_C_NO_BUFFER_SET;
51	48
52		*minor_status = 0;
	49	if (minor_status == NULL)
	50	return GSS_S_CALL_INACCESSIBLE_WRITE;
	51
	52	if (name == GSS_C_NO_NAME)
	53	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
	54
53	55	union_name = (gss_union_name_t)name;
54	56
55	57	if (union_name->mech_type == GSS_C_NO_OID) {

+7

-6

src/lib/gssapi/mechglue/g_map_name_to_any.c less more

37	37	gss_union_name_t union_name;
38	38	gss_mechanism mech;
39	39
40		if (minor_status == NULL)
	40	if (minor_status != NULL)
	41	*minor_status = 0;
	42
	43	if (output != NULL)
	44	*output = NULL;
	45
	46	if (minor_status == NULL \|\| output == NULL)
41	47	return GSS_S_CALL_INACCESSIBLE_WRITE;
42	48
43	49	if (name == GSS_C_NO_NAME)

45	51
46	52	if (type_id == GSS_C_NO_BUFFER)
47	53	return GSS_S_CALL_INACCESSIBLE_READ;
48
49		if (output == NULL)
50		return GSS_S_CALL_INACCESSIBLE_WRITE;
51
52		*minor_status = 0;
53	54
54	55	union_name = (gss_union_name_t)name;
55	56

+16

-16

src/lib/gssapi/mechglue/g_mechattr.c less more

99	99	gss_OID_set allMechs = GSS_C_NO_OID_SET;
100	100	size_t i;
101	101
102		if (minor == NULL)
	102	if (minor != NULL)
	103	*minor = 0;
	104
	105	if (mechs != NULL)
	106	*mechs = GSS_C_NO_OID_SET;
	107
	108	if (minor == NULL \|\| mechs == NULL)
103	109	return GSS_S_CALL_INACCESSIBLE_WRITE;
104
105		*minor = 0;
106
107		if (mechs == NULL)
108		return GSS_S_CALL_INACCESSIBLE_WRITE;
109
110		*mechs = GSS_C_NO_OID_SET;
111	110
112	111	status = gss_indicate_mechs(minor, &allMechs);
113	112	if (GSS_ERROR(status))

162	161	gss_OID selected_mech, public_mech;
163	162	gss_mechanism mech;
164	163
	164	if (minor != NULL)
	165	*minor = 0;
	166
	167	if (mech_attrs != NULL)
	168	*mech_attrs = GSS_C_NO_OID_SET;
	169
	170	if (known_mech_attrs != NULL)
	171	*known_mech_attrs = GSS_C_NO_OID_SET;
	172
165	173	if (minor == NULL)
166	174	return GSS_S_CALL_INACCESSIBLE_WRITE;
167
168		*minor = 0;
169
170		if (mech_attrs != NULL)
171		*mech_attrs = GSS_C_NO_OID_SET;
172
173		if (known_mech_attrs != NULL)
174		*known_mech_attrs = GSS_C_NO_OID_SET;
175	175
176	176	status = gssint_select_mech_type(minor, mech_oid, &selected_mech);
177	177	if (status != GSS_S_COMPLETE)

+237

-0

src/lib/gssapi/mechglue/g_negoex.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2011 by the Massachusetts Institute of Technology.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	/*
	32	* This file contains dispatch functions for the three GSSAPI extensions
	33	* described in draft-zhu-negoex-04, renamed to use the gssspi_ prefix. Since
	34	* the only caller of these functions is SPNEGO, argument validation is
	35	* omitted.
	36	*/
	37
	38	#include "mglueP.h"
	39
	40	OM_uint32 KRB5_CALLCONV
	41	gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
	42	gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle,
	43	const gss_name_t targ_name, OM_uint32 req_flags,
	44	gss_buffer_t meta_data)
	45	{
	46	OM_uint32 status, minor;
	47	gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
	48	gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
	49	gss_union_name_t union_name = (gss_union_name_t)targ_name;
	50	gss_mechanism mech;
	51	gss_OID selected_mech, public_mech;
	52	gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
	53	gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
	54	gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
	55
	56	*minor_status = 0;
	57	meta_data->length = 0;
	58	meta_data->value = NULL;
	59
	60	status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
	61	if (status != GSS_S_COMPLETE)
	62	return status;
	63	public_mech = gssint_get_public_oid(selected_mech);
	64
	65	mech = gssint_get_mechanism(selected_mech);
	66	if (mech == NULL)
	67	return GSS_S_BAD_MECH;
	68	if (mech->gssspi_query_meta_data == NULL)
	69	return GSS_S_UNAVAILABLE;
	70
	71	if (cred != NULL) {
	72	internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
	73	if (internal_cred == GSS_C_NO_CREDENTIAL)
	74	return GSS_S_NO_CRED;
	75	}
	76
	77	if (union_name != NULL) {
	78	if (union_name->mech_type != GSS_C_NO_OID &&
	79	g_OID_equal(union_name->mech_type, selected_mech)) {
	80	internal_name = union_name->mech_name;
	81	} else {
	82	status = gssint_import_internal_name(minor_status, selected_mech,
	83	union_name, &imported_name);
	84	if (status != GSS_S_COMPLETE)
	85	goto cleanup;
	86	internal_name = imported_name;
	87	}
	88	}
	89
	90	internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
	91	status = mech->gssspi_query_meta_data(minor_status, public_mech,
	92	internal_cred, internal_ctx,
	93	internal_name, req_flags, meta_data);
	94	if (status != GSS_S_COMPLETE) {
	95	map_error(minor_status, mech);
	96	goto cleanup;
	97	}
	98
	99	/* If the mech created a context, wrap it in a union context. */
	100	if (new_ctx != GSS_C_NO_CONTEXT) {
	101	assert(ctx == NULL);
	102	status = gssint_create_union_context(minor_status, selected_mech,
	103	&ctx);
	104	if (status != GSS_S_COMPLETE)
	105	goto cleanup;
	106
	107	ctx->internal_ctx_id = new_ctx;
	108	new_ctx = GSS_C_NO_CONTEXT;
	109	*context_handle = (gss_ctx_id_t)ctx;
	110	}
	111
	112	cleanup:
	113	if (imported_name != GSS_C_NO_NAME) {
	114	(void)gssint_release_internal_name(&minor, selected_mech,
	115	&imported_name);
	116	}
	117	if (new_ctx != GSS_C_NO_CONTEXT) {
	118	(void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
	119	&new_ctx, GSS_C_NO_BUFFER);
	120	}
	121	return status;
	122	}
	123
	124	OM_uint32 KRB5_CALLCONV
	125	gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
	126	gss_cred_id_t cred_handle,
	127	gss_ctx_id_t *context_handle,
	128	const gss_name_t targ_name, OM_uint32 req_flags,
	129	gss_const_buffer_t meta_data)
	130	{
	131	OM_uint32 status, minor;
	132	gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
	133	gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
	134	gss_union_name_t union_name = (gss_union_name_t)targ_name;
	135	gss_mechanism mech;
	136	gss_OID selected_mech, public_mech;
	137	gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
	138	gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
	139	gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
	140
	141	*minor_status = 0;
	142
	143	status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
	144	if (status != GSS_S_COMPLETE)
	145	return status;
	146	public_mech = gssint_get_public_oid(selected_mech);
	147
	148	mech = gssint_get_mechanism(selected_mech);
	149	if (mech == NULL)
	150	return GSS_S_BAD_MECH;
	151	if (mech->gssspi_exchange_meta_data == NULL)
	152	return GSS_S_UNAVAILABLE;
	153
	154	if (cred != NULL) {
	155	internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
	156	if (internal_cred == GSS_C_NO_CREDENTIAL)
	157	return GSS_S_NO_CRED;
	158	}
	159
	160	if (union_name != NULL) {
	161	if (union_name->mech_type != GSS_C_NO_OID &&
	162	g_OID_equal(union_name->mech_type, selected_mech)) {
	163	internal_name = union_name->mech_name;
	164	} else {
	165	status = gssint_import_internal_name(minor_status, selected_mech,
	166	union_name, &imported_name);
	167	if (GSS_ERROR(status))
	168	return status;
	169	internal_name = imported_name;
	170	}
	171	}
	172
	173	internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
	174	status = mech->gssspi_exchange_meta_data(minor_status, public_mech,
	175	internal_cred, internal_ctx,
	176	internal_name, req_flags,
	177	meta_data);
	178	if (status != GSS_S_COMPLETE) {
	179	map_error(minor_status, mech);
	180	goto cleanup;
	181	}
	182
	183	/* If the mech created a context, wrap it in a union context. */
	184	if (new_ctx != GSS_C_NO_CONTEXT) {
	185	assert(ctx == NULL);
	186	status = gssint_create_union_context(minor_status, selected_mech,
	187	&ctx);
	188	if (status != GSS_S_COMPLETE)
	189	goto cleanup;
	190
	191	ctx->internal_ctx_id = new_ctx;
	192	new_ctx = GSS_C_NO_CONTEXT;
	193	*context_handle = (gss_ctx_id_t)ctx;
	194	}
	195
	196	cleanup:
	197	if (imported_name != GSS_C_NO_NAME) {
	198	(void)gssint_release_internal_name(&minor, selected_mech,
	199	&imported_name);
	200	}
	201	if (new_ctx != GSS_C_NO_CONTEXT) {
	202	(void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
	203	&new_ctx, GSS_C_NO_BUFFER);
	204	}
	205	return status;
	206	}
	207
	208	OM_uint32 KRB5_CALLCONV
	209	gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid,
	210	unsigned char auth_scheme[16])
	211	{
	212	OM_uint32 status;
	213	gss_OID selected_mech, public_mech;
	214	gss_mechanism mech;
	215
	216	*minor_status = 0;
	217	memset(auth_scheme, 0, 16);
	218
	219	status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
	220	if (status != GSS_S_COMPLETE)
	221	return status;
	222	public_mech = gssint_get_public_oid(selected_mech);
	223
	224	mech = gssint_get_mechanism(selected_mech);
	225	if (mech == NULL)
	226	return GSS_S_BAD_MECH;
	227	if (mech->gssspi_query_mechanism_info == NULL)
	228	return GSS_S_UNAVAILABLE;
	229
	230	status = mech->gssspi_query_mechanism_info(minor_status, public_mech,
	231	auth_scheme);
	232	if (GSS_ERROR(status))
	233	map_error(minor_status, mech);
	234
	235	return status;
	236	}

+10

-2

src/lib/gssapi/mechglue/g_prf.c less more

37	37	gss_union_ctx_id_t ctx;
38	38	gss_mechanism mech;
39	39
	40	if (minor_status != NULL)
	41	*minor_status = 0;
	42
	43	if (prf_out != GSS_C_NO_BUFFER) {
	44	prf_out->length = 0;
	45	prf_out->value = NULL;
	46	}
	47
40	48	if (minor_status == NULL)
41	49	return GSS_S_CALL_INACCESSIBLE_WRITE;
42	50

44	52	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_NO_CONTEXT;
45	53
46	54	if (prf_in == GSS_C_NO_BUFFER)
47		return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_NO_CONTEXT;
	55	return GSS_S_CALL_INACCESSIBLE_READ;
48	56
49	57	if (prf_out == GSS_C_NO_BUFFER)
50		return GSS_S_CALL_INACCESSIBLE_WRITE \| GSS_S_NO_CONTEXT;
	58	return GSS_S_CALL_INACCESSIBLE_WRITE;
51	59
52	60	prf_out->length = 0;
53	61	prf_out->value = NULL;

+1

-2

src/lib/gssapi/mechglue/g_rel_name_mapping.c less more

38	38
39	39	if (minor_status == NULL)
40	40	return GSS_S_CALL_INACCESSIBLE_WRITE;
	41	*minor_status = 0;
41	42
42	43	if (name == GSS_C_NO_NAME)
43	44	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;

47	48
48	49	if (input == NULL)
49	50	return GSS_S_CALL_INACCESSIBLE_READ;
50
51		*minor_status = 0;
52	51
53	52	union_name = (gss_union_name_t)name;
54	53

+6

-5

src/lib/gssapi/mechglue/g_saslname.c less more

176	176	gss_OID_set mechSet = GSS_C_NO_OID_SET;
177	177	size_t i;
178	178
	179	if (minor_status != NULL)
	180	*minor_status = 0;
	181
	182	if (mech_type != NULL)
	183	*mech_type = GSS_C_NO_OID;
	184
179	185	if (minor_status == NULL)
180	186	return GSS_S_CALL_INACCESSIBLE_WRITE;
181
182		*minor_status = 0;
183
184		if (mech_type != NULL)
185		*mech_type = GSS_C_NO_OID;
186	187
187	188	status = gss_indicate_mechs(minor_status, &mechSet);
188	189	if (status != GSS_S_COMPLETE)

+17

-31

src/lib/gssapi/mechglue/g_set_context_option.c less more

43	43
44	44	if (minor_status == NULL)
45	45	return GSS_S_CALL_INACCESSIBLE_WRITE;
	46	*minor_status = 0;
46	47
47	48	if (context_handle == NULL)
48	49	return GSS_S_CALL_INACCESSIBLE_WRITE;
49
50		*minor_status = 0;
51	50
52	51	/*
53	52	* select the approprate underlying mechanism routine and

71	70	&internal_ctx,
72	71	desired_object,
73	72	value);
74		if (status == GSS_S_COMPLETE) {
75		if (ctx == NULL && internal_ctx != GSS_C_NO_CONTEXT) {
76		/* Allocate a union context handle to wrap new context */
77		ctx = (gss_union_ctx_id_t)malloc(sizeof(*ctx));
78		if (ctx == NULL) {
79		*minor_status = ENOMEM;
80		gssint_delete_internal_sec_context(&minor,
81		&mech->mech_type,
82		&internal_ctx,
83		GSS_C_NO_BUFFER);
84		return GSS_S_FAILURE;
85		}
	73	if (status != GSS_S_COMPLETE) {
	74	map_error(minor_status, mech);
	75	return status;
	76	}
86	77
87		status = generic_gss_copy_oid(minor_status,
88		&mech->mech_type,
89		&ctx->mech_type);
90		if (status != GSS_S_COMPLETE) {
91		gssint_delete_internal_sec_context(&minor,
92		ctx->mech_type,
93		&internal_ctx,
94		GSS_C_NO_BUFFER);
95		free(ctx);
96		return status;
97		}
	78	if (ctx == NULL && internal_ctx != GSS_C_NO_CONTEXT) {
	79	status = gssint_create_union_context(minor_status, &mech->mech_type,
	80	&ctx);
	81	if (status != GSS_S_COMPLETE) {
	82	gssint_delete_internal_sec_context(&minor, ctx->mech_type,
	83	&internal_ctx, GSS_C_NO_BUFFER);
	84	return status;
	85	}
98	86
99		ctx->internal_ctx_id = internal_ctx;
100		*context_handle = (gss_ctx_id_t)ctx;
101		}
102		} else
103		map_error(minor_status, mech);
	87	ctx->internal_ctx_id = internal_ctx;
	88	*context_handle = (gss_ctx_id_t)ctx;
	89	}
104	90
105		return status;
	91	return GSS_S_COMPLETE;
106	92	}

+1

-2

src/lib/gssapi/mechglue/g_set_cred_option.c less more

102	102
103	103	if (minor_status == NULL)
104	104	return GSS_S_CALL_INACCESSIBLE_WRITE;
	105	*minor_status = 0;
105	106
106	107	if (cred_handle == NULL)
107	108	return GSS_S_CALL_INACCESSIBLE_WRITE;
108
109		*minor_status = 0;
110	109
111	110	status = GSS_S_UNAVAILABLE;
112	111

+1

-2

src/lib/gssapi/mechglue/g_set_name_attr.c less more

39	39
40	40	if (minor_status == NULL)
41	41	return GSS_S_CALL_INACCESSIBLE_WRITE;
	42	*minor_status = 0;
42	43
43	44	if (name == GSS_C_NO_NAME)
44	45	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_BAD_NAME;
45
46		*minor_status = 0;
47	46
48	47	union_name = (gss_union_name_t)name;
49	48

+1

-2

src/lib/gssapi/mechglue/g_set_neg_mechs.c less more

36	36
37	37	if (minor_status == NULL)
38	38	return GSS_S_CALL_INACCESSIBLE_WRITE;
	39	*minor_status = 0;
39	40
40	41	if (cred_handle == GSS_C_NO_CREDENTIAL)
41	42	return GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_NO_CRED;
42
43		*minor_status = 0;
44	43
45	44	union_cred = (gss_union_cred_t) cred_handle;
46	45

+37

-0

src/lib/gssapi/mechglue/mglueP.h less more

701	701	int /* iov_count */
702	702	);
703	703
	704	/* NegoEx extensions added in 1.18 */
	705
	706	OM_uint32 (KRB5_CALLCONV *gssspi_query_meta_data)
	707	(
	708	OM_uint32 , / minor_status */
	709	gss_const_OID, /* mech_oid */
	710	gss_cred_id_t, /* cred_handle */
	711	gss_ctx_id_t , / context_handle */
	712	const gss_name_t, /* targ_name */
	713	OM_uint32, /* req_flags */
	714	gss_buffer_t /* meta_data */
	715	/* */);
	716
	717	OM_uint32 (KRB5_CALLCONV *gssspi_exchange_meta_data)
	718	(
	719	OM_uint32 , / minor_status */
	720	gss_const_OID, /* mech_oid */
	721	gss_cred_id_t, /* cred_handle */
	722	gss_ctx_id_t , / context_handle */
	723	const gss_name_t, /* targ_name */
	724	OM_uint32, /* req_flags */
	725	gss_const_buffer_t /* meta_data */
	726	/* */);
	727
	728	OM_uint32 (KRB5_CALLCONV *gssspi_query_mechanism_info)
	729	(
	730	OM_uint32 , / minor_status */
	731	gss_const_OID, /* mech_oid */
	732	unsigned char[16] /* auth_scheme */
	733	/* */);
	734
704	735	} *gss_mechanism;
705	736
706	737	/*

768	799	int /* NULL terminate buffer ? */
769	800	);
770	801
	802	OM_uint32 gssint_create_union_context(
	803	OM_uint32 minor, / minor_status */
	804	gss_const_OID, /* mech_oid */
	805	gss_union_ctx_id_t * /* ctx_out */
	806	);
	807
771	808	OM_uint32 gssint_copy_oid_set(
772	809	OM_uint32 , / minor_status */
773	810	const gss_OID_set_desc * const, /* oid set */

+4

-3

src/lib/gssapi/spnego/Makefile.in less more

8	8
9	9	##DOS##DLL_EXP_TYPE=GSS
10	10
11		SRCS = $(srcdir)/spnego_mech.c
	11	SRCS = $(srcdir)/spnego_mech.c $(srcdir)/negoex_ctx.c $(srcdir)/negoex_util.c
12	12
13		OBJS = $(OUTPRE)spnego_mech.$(OBJEXT)
	13	OBJS = $(OUTPRE)spnego_mech.$(OBJEXT) $(OUTPRE)negoex_ctx.$(OBJEXT) \
	14	$(OUTPRE)negoex_util.$(OBJEXT)
14	15
15		STLIBOBJS = spnego_mech.o
	16	STLIBOBJS = spnego_mech.o negoex_ctx.o negoex_util.o
16	17
17	18	all-unix: all-libobjs
18	19

+34

-2

src/lib/gssapi/spnego/deps less more

10	10	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
11	11	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
12	12	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
13		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	13	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
	14	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	15	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	16	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	17	$(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
	18	gssapiP_negoex.h gssapiP_spnego.h spnego_mech.c
	19	negoex_ctx.so negoex_ctx.po $(OUTPRE)negoex_ctx.$(OBJEXT): \
	20	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
	21	$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
	22	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	23	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
	24	$(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
	25	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	26	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	27	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	28	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
	29	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	30	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	31	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	32	$(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
	33	gssapiP_negoex.h gssapiP_spnego.h negoex_ctx.c
	34	negoex_util.so negoex_util.po $(OUTPRE)negoex_util.$(OBJEXT): \
	35	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
	36	$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
	37	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	38	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
	39	$(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
	40	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	41	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
	42	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	43	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	44	$(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
14	45	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
15	46	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
16	47	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
17		../generic/gssapi_err_generic.h gssapiP_spnego.h spnego_mech.c
	48	../generic/gssapi_err_generic.h gssapiP_negoex.h gssapiP_spnego.h \
	49	negoex_util.c

+210

-0

src/lib/gssapi/spnego/gssapiP_negoex.h less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2011-2018 PADL Software Pty Ltd.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	#include "k5-int.h"
	32
	33	/*
	34	* { iso(1) identified-organization(3) dod(6) internet(1) private(4)
	35	* enterprise(1) microsoft (311) security(2) mechanisms(2) negoex(30) }
	36	*/
	37	#define NEGOEX_OID_LENGTH 10
	38	#define NEGOEX_OID "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e"
	39
	40	#define MESSAGE_SIGNATURE 0x535458454F47454EULL
	41
	42	#define EXTENSION_LENGTH 12
	43
	44	#define EXTENSION_FLAG_CRITICAL 0x80000000
	45
	46	#define CHECKSUM_SCHEME_RFC3961 1
	47
	48	#define NEGOEX_KEYUSAGE_INITIATOR_CHECKSUM 23
	49	#define NEGOEX_KEYUSAGE_ACCEPTOR_CHECKSUM 25
	50
	51	#define CHECKSUM_HEADER_LENGTH 20
	52
	53	#define GUID_LENGTH 16
	54
	55	typedef uint8_t auth_scheme[GUID_LENGTH];
	56	typedef uint8_t conversation_id[GUID_LENGTH];
	57	#define GUID_EQ(a, b) (memcmp(a, b, GUID_LENGTH) == 0)
	58
	59	#define NEGO_MESSAGE_HEADER_LENGTH 96
	60	#define EXCHANGE_MESSAGE_HEADER_LENGTH 64
	61	#define VERIFY_MESSAGE_HEADER_LENGTH 80
	62	#define ALERT_MESSAGE_HEADER_LENGTH 72
	63	#define ALERT_LENGTH 12
	64	#define ALERT_PULSE_LENGTH 8
	65
	66	#define ALERT_TYPE_PULSE 1
	67	#define ALERT_VERIFY_NO_KEY 1
	68
	69	enum message_type {
	70	INITIATOR_NEGO = 0, /* NEGO_MESSAGE */
	71	ACCEPTOR_NEGO, /* NEGO_MESSAGE */
	72	INITIATOR_META_DATA, /* EXCHANGE_MESSAGE */
	73	ACCEPTOR_META_DATA, /* EXCHANGE_MESSAGE */
	74	CHALLENGE, /* EXCHANGE_MESSAGE */
	75	AP_REQUEST, /* EXCHANGE_MESSAGE */
	76	VERIFY, /* VERIFY_MESSAGE */
	77	ALERT, /* ALERT */
	78	};
	79
	80	struct nego_message {
	81	uint8_t random[32];
	82	const uint8_t *schemes;
	83	uint16_t nschemes;
	84	};
	85
	86	struct exchange_message {
	87	auth_scheme scheme;
	88	gss_buffer_desc token;
	89	};
	90
	91	struct verify_message {
	92	auth_scheme scheme;
	93	uint32_t cksum_type;
	94	const uint8_t *cksum;
	95	size_t cksum_len;
	96	size_t offset_in_token;
	97	};
	98
	99	struct alert_message {
	100	auth_scheme scheme;
	101	int verify_no_key;
	102	};
	103
	104	struct negoex_message {
	105	uint32_t type;
	106	union {
	107	struct nego_message n;
	108	struct exchange_message e;
	109	struct verify_message v;
	110	struct alert_message a;
	111	} u;
	112	};
	113
	114	struct negoex_auth_mech {
	115	K5_TAILQ_ENTRY(negoex_auth_mech) links;
	116	gss_OID oid;
	117	auth_scheme scheme;
	118	gss_ctx_id_t mech_context;
	119	gss_buffer_desc metadata;
	120	krb5_keyblock key;
	121	krb5_keyblock verify_key;
	122	int complete;
	123	int sent_checksum;
	124	int verified_checksum;
	125	};
	126
	127	/* negoex_util.c */
	128
	129	OM_uint32
	130	negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	131	gss_const_buffer_t token,
	132	struct negoex_message *messages_out, size_t count_out);
	133
	134
	135	struct nego_message *
	136	negoex_locate_nego_message(struct negoex_message *messages, size_t nmessages,
	137	enum message_type type);
	138	struct exchange_message *
	139	negoex_locate_exchange_message(struct negoex_message *messages,
	140	size_t nmessages, enum message_type type);
	141	struct verify_message *
	142	negoex_locate_verify_message(struct negoex_message *messages,
	143	size_t nmessages);
	144	struct alert_message *
	145	negoex_locate_alert_message(struct negoex_message *messages, size_t nmessages);
	146
	147	void
	148	negoex_add_nego_message(spnego_gss_ctx_id_t ctx, enum message_type type,
	149	uint8_t random[32]);
	150	void
	151	negoex_add_exchange_message(spnego_gss_ctx_id_t ctx, enum message_type type,
	152	const auth_scheme scheme, gss_buffer_t token);
	153	void
	154	negoex_add_verify_message(spnego_gss_ctx_id_t ctx, const auth_scheme scheme,
	155	uint32_t cksum_type, const uint8_t *cksum,
	156	uint32_t cksum_len);
	157
	158	void
	159	negoex_add_verify_no_key_alert(spnego_gss_ctx_id_t ctx,
	160	const auth_scheme scheme);
	161
	162	OM_uint32
	163	negoex_random(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	164	unsigned char *data, size_t length);
	165
	166	void
	167	negoex_prep_context_for_spnego(spnego_gss_ctx_id_t ctx);
	168
	169	OM_uint32
	170	negoex_prep_context_for_negoex(OM_uint32 *minor, spnego_gss_ctx_id_t ctx);
	171
	172	void
	173	negoex_release_context(spnego_gss_ctx_id_t ctx);
	174
	175	OM_uint32
	176	negoex_add_auth_mech(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	177	gss_const_OID oid, auth_scheme scheme);
	178
	179	void
	180	negoex_delete_auth_mech(spnego_gss_ctx_id_t ctx,
	181	struct negoex_auth_mech *mech);
	182
	183	void
	184	negoex_select_auth_mech(spnego_gss_ctx_id_t ctx,
	185	struct negoex_auth_mech *mech);
	186
	187	struct negoex_auth_mech *
	188	negoex_locate_auth_scheme(spnego_gss_ctx_id_t ctx, const auth_scheme scheme);
	189
	190	void
	191	negoex_common_auth_schemes(spnego_gss_ctx_id_t ctx,
	192	const uint8_t *schemes, uint16_t nschemes);
	193
	194	void
	195	negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx,
	196	const uint8_t *schemes, uint16_t nschemes);
	197
	198	/* negoex_ctx.c */
	199
	200	OM_uint32
	201	negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	202	gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
	203	gss_buffer_t input_token, gss_buffer_t output_token,
	204	OM_uint32 *time_rec);
	205
	206	OM_uint32
	207	negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	208	gss_buffer_t input_token, gss_buffer_t output_token,
	209	OM_uint32 *time_rec);

+35

-9

src/lib/gssapi/spnego/gssapiP_spnego.h less more

11	11	extern "C" {
12	12	#endif
13	13
	14	typedef struct spnego_ctx_st *spnego_gss_ctx_id_t;
	15
14	16	#include <gssapi/gssapi.h>
	17	#include <gssapi/gssapi_ext.h>
	18	#include <k5-queue.h>
	19	#include "gssapiP_negoex.h"
15	20
16	21	#define SEC_CONTEXT_TOKEN 1
17	22	#define SPNEGO_SIZE_OF_INT 4

20	25	#define ACCEPT_INCOMPLETE 1
21	26	#define REJECT 2
22	27	#define REQUEST_MIC 3
23		#define ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
	28	#define UNSPECIFIED 0xffffffffUL
24	29
25	30	/*
26	31	* constants for der encoding/decoding routines.

40	45	#define GENERAL_STRING 0x1b
41	46
42	47	/*
43		* SPNEGO specific error codes (minor status codes)
	48	* SPNEGO and NegoEx minor status codes
44	49	*/
45		#define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001
46		#define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002
47		#define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003
48		#define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004
49		#define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005
	50	#define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001
	51	#define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002
	52	#define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003
	53	#define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004
	54	#define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005
	55	#define ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE 0x20000006
	56	#define ERR_NEGOEX_INVALID_MESSAGE_TYPE 0x20000007
	57	#define ERR_NEGOEX_INVALID_MESSAGE_SIZE 0x20000008
	58	#define ERR_NEGOEX_INVALID_CONVERSATION_ID 0x20000009
	59	#define ERR_NEGOEX_AUTH_SCHEME_NOT_FOUND 0x20000010
	60	#define ERR_NEGOEX_MISSING_NEGO_MESSAGE 0x20000011
	61	#define ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE 0x20000012
	62	#define ERR_NEGOEX_NO_AVAILABLE_MECHS 0x20000013
	63	#define ERR_NEGOEX_NO_VERIFY_KEY 0x20000014
	64	#define ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME 0x20000015
	65	#define ERR_NEGOEX_INVALID_CHECKSUM 0x20000016
	66	#define ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION 0x20000017
	67	#define ERR_NEGOEX_UNSUPPORTED_VERSION 0x20000018
	68	#define ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE 0x20000019
50	69
51	70	/*
52	71	* send_token_flag is used to indicate in later steps what type

88	107	} spnego_gss_cred_id_rec, *spnego_gss_cred_id_t;
89	108
90	109	/* Structure for context handle */
91		typedef struct {
	110	struct spnego_ctx_st {
92	111	OM_uint32 magic_num;
93	112	gss_buffer_desc DER_mechTypes;
94	113	gss_OID_set mech_set;

105	124	OM_uint32 ctx_flags;
106	125	gss_name_t internal_name;
107	126	gss_OID actual_mech;
108		} spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t;
	127	gss_cred_id_t deleg_cred;
	128	int negoex_step;
	129	struct k5buf negoex_transcript;
	130	uint32_t negoex_seqnum;
	131	conversation_id negoex_conv_id;
	132	K5_TAILQ_HEAD(negoex_mech_list, negoex_auth_mech) negoex_mechs;
	133	krb5_context kctx;
	134	};
109	135
110	136	/*
111	137	* The magic number must be less than a standard pagesize

+786

-0

src/lib/gssapi/spnego/negoex_ctx.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2011-2018 PADL Software Pty Ltd.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	#include "k5-platform.h"
	32	#include "gssapiP_spnego.h"
	33	#include <generic/gssapiP_generic.h>
	34
	35	/*
	36	* The initial context token emitted by the initiator is a INITIATOR_NEGO
	37	* message followed by zero or more INITIATOR_META_DATA tokens, and zero
	38	* or one AP_REQUEST tokens.
	39	*
	40	* Upon receiving this, the acceptor computes the list of mutually supported
	41	* authentication mechanisms and performs the metadata exchange. The output
	42	* token is ACCEPTOR_NEGO followed by zero or more ACCEPTOR_META_DATA tokens,
	43	* and zero or one CHALLENGE tokens.
	44	*
	45	* Once the metadata exchange is complete and a mechanism is selected, the
	46	* selected mechanism's context token exchange continues with AP_REQUEST and
	47	* CHALLENGE messages.
	48	*
	49	* Once the context token exchange is complete, VERIFY messages are sent to
	50	* authenticate the entire exchange.
	51	*/
	52
	53	static void
	54	zero_and_release_buffer_set(gss_buffer_set_t *pbuffers)
	55	{
	56	OM_uint32 tmpmin;
	57	gss_buffer_set_t buffers = *pbuffers;
	58	uint32_t i;
	59
	60	if (buffers != GSS_C_NO_BUFFER_SET) {
	61	for (i = 0; i < buffers->count; i++)
	62	zap(buffers->elements[i].value, buffers->elements[i].length);
	63
	64	gss_release_buffer_set(&tmpmin, &buffers);
	65	}
	66
	67	*pbuffers = GSS_C_NO_BUFFER_SET;
	68	}
	69
	70	static OM_uint32
	71	buffer_set_to_key(OM_uint32 *minor, gss_buffer_set_t buffers,
	72	krb5_keyblock *key)
	73	{
	74	krb5_error_code ret;
	75
	76	/* Returned keys must be in two buffers, with the key contents in the first
	77	* and the enctype as a 32-bit little-endian integer in the second. */
	78	if (buffers->count != 2 \|\| buffers->elements[1].length != 4) {
	79	*minor = ERR_NEGOEX_NO_VERIFY_KEY;
	80	return GSS_S_FAILURE;
	81	}
	82
	83	krb5_free_keyblock_contents(NULL, key);
	84
	85	key->contents = k5memdup(buffers->elements[0].value,
	86	buffers->elements[0].length, &ret);
	87	if (key->contents == NULL) {
	88	*minor = ret;
	89	return GSS_S_FAILURE;
	90	}
	91	key->length = buffers->elements[0].length;
	92	key->enctype = load_32_le(buffers->elements[1].value);
	93
	94	return GSS_S_COMPLETE;
	95	}
	96
	97	static OM_uint32
	98	get_session_keys(OM_uint32 minor, struct negoex_auth_mech mech)
	99	{
	100	OM_uint32 major, tmpmin;
	101	gss_buffer_set_t buffers = GSS_C_NO_BUFFER_SET;
	102
	103	major = gss_inquire_sec_context_by_oid(&tmpmin, mech->mech_context,
	104	GSS_C_INQ_NEGOEX_KEY, &buffers);
	105	if (major == GSS_S_COMPLETE) {
	106	major = buffer_set_to_key(minor, buffers, &mech->key);
	107	zero_and_release_buffer_set(&buffers);
	108	if (major != GSS_S_COMPLETE)
	109	return major;
	110	}
	111
	112	major = gss_inquire_sec_context_by_oid(&tmpmin, mech->mech_context,
	113	GSS_C_INQ_NEGOEX_VERIFY_KEY,
	114	&buffers);
	115	if (major == GSS_S_COMPLETE) {
	116	major = buffer_set_to_key(minor, buffers, &mech->verify_key);
	117	zero_and_release_buffer_set(&buffers);
	118	if (major != GSS_S_COMPLETE)
	119	return major;
	120	}
	121
	122	return GSS_S_COMPLETE;
	123	}
	124
	125	static OM_uint32
	126	emit_initiator_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
	127	{
	128	OM_uint32 major;
	129	uint8_t random[32];
	130
	131	major = negoex_random(minor, ctx, random, 32);
	132	if (major != GSS_S_COMPLETE)
	133	return major;
	134
	135	negoex_add_nego_message(ctx, INITIATOR_NEGO, random);
	136	return GSS_S_COMPLETE;
	137	}
	138
	139	static OM_uint32
	140	process_initiator_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	141	struct negoex_message *messages, size_t nmessages)
	142	{
	143	struct nego_message *msg;
	144
	145	assert(!ctx->initiate && ctx->negoex_step == 1);
	146
	147	msg = negoex_locate_nego_message(messages, nmessages, INITIATOR_NEGO);
	148	if (msg == NULL) {
	149	*minor = ERR_NEGOEX_MISSING_NEGO_MESSAGE;
	150	return GSS_S_DEFECTIVE_TOKEN;
	151	}
	152
	153	negoex_restrict_auth_schemes(ctx, msg->schemes, msg->nschemes);
	154	return GSS_S_COMPLETE;
	155	}
	156
	157	static OM_uint32
	158	emit_acceptor_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
	159	{
	160	OM_uint32 major;
	161	uint8_t random[32];
	162
	163	major = negoex_random(minor, ctx, random, 32);
	164	if (major != GSS_S_COMPLETE)
	165	return major;
	166
	167	negoex_add_nego_message(ctx, ACCEPTOR_NEGO, random);
	168	return GSS_S_COMPLETE;
	169	}
	170
	171	static OM_uint32
	172	process_acceptor_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	173	struct negoex_message *messages, size_t nmessages)
	174	{
	175	struct nego_message *msg;
	176
	177	msg = negoex_locate_nego_message(messages, nmessages, ACCEPTOR_NEGO);
	178	if (msg == NULL) {
	179	*minor = ERR_NEGOEX_MISSING_NEGO_MESSAGE;
	180	return GSS_S_DEFECTIVE_TOKEN;
	181	}
	182
	183	/* Reorder and prune our mech list to match the acceptor's list (or a
	184	* subset of it). */
	185	negoex_common_auth_schemes(ctx, msg->schemes, msg->nschemes);
	186
	187	return GSS_S_COMPLETE;
	188	}
	189
	190	static void
	191	query_meta_data(spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	192	gss_name_t target, OM_uint32 req_flags)
	193	{
	194	OM_uint32 major, minor;
	195	struct negoex_auth_mech p, next;
	196
	197	K5_TAILQ_FOREACH_SAFE(p, &ctx->negoex_mechs, links, next) {
	198	major = gssspi_query_meta_data(&minor, p->oid, cred, &p->mech_context,
	199	target, req_flags, &p->metadata);
	200	/* GSS_Query_meta_data failure removes mechanism from list. */
	201	if (major != GSS_S_COMPLETE)
	202	negoex_delete_auth_mech(ctx, p);
	203	}
	204	}
	205
	206	static void
	207	exchange_meta_data(spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	208	gss_name_t target, OM_uint32 req_flags,
	209	struct negoex_message *messages, size_t nmessages)
	210	{
	211	OM_uint32 major, minor;
	212	struct negoex_auth_mech *mech;
	213	enum message_type type;
	214	struct exchange_message *msg;
	215	uint32_t i;
	216
	217	type = ctx->initiate ? ACCEPTOR_META_DATA : INITIATOR_META_DATA;
	218
	219	for (i = 0; i < nmessages; i++) {
	220	if (messages[i].type != type)
	221	continue;
	222	msg = &messages[i].u.e;
	223
	224	mech = negoex_locate_auth_scheme(ctx, msg->scheme);
	225	if (mech == NULL)
	226	continue;
	227
	228	major = gssspi_exchange_meta_data(&minor, mech->oid, cred,
	229	&mech->mech_context, target,
	230	req_flags, &msg->token);
	231	/* GSS_Exchange_meta_data failure removes mechanism from list. */
	232	if (major != GSS_S_COMPLETE)
	233	negoex_delete_auth_mech(ctx, mech);
	234	}
	235	}
	236
	237	/*
	238	* In the initiator, if we are processing the acceptor's first reply, discard
	239	* the optimistic context if the acceptor ignored the optimistic token. If the
	240	* acceptor continued the optimistic mech, discard all other mechs.
	241	*/
	242	static void
	243	check_optimistic_result(spnego_gss_ctx_id_t ctx,
	244	struct negoex_message *messages, size_t nmessages)
	245	{
	246	struct negoex_auth_mech *mech;
	247	OM_uint32 tmpmin;
	248
	249	assert(ctx->initiate && ctx->negoex_step == 2);
	250
	251	/* Do nothing if we didn't make an optimistic context. */
	252	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	253	if (mech == NULL \|\| mech->mech_context == GSS_C_NO_CONTEXT)
	254	return;
	255
	256	/* If the acceptor used the optimistic token, it will send an acceptor
	257	* token or a checksum (or both) in its first reply. */
	258	if (negoex_locate_exchange_message(messages, nmessages,
	259	CHALLENGE) != NULL \|\|
	260	negoex_locate_verify_message(messages, nmessages) != NULL) {
	261	/* The acceptor continued the optimistic mech, and metadata exchange
	262	* didn't remove it. Commit to this mechanism. */
	263	negoex_select_auth_mech(ctx, mech);
	264	} else {
	265	/* The acceptor ignored the optimistic token. Restart the mech. */
	266	(void)gss_delete_sec_context(&tmpmin, &mech->mech_context, NULL);
	267	krb5_free_keyblock_contents(NULL, &mech->key);
	268	krb5_free_keyblock_contents(NULL, &mech->verify_key);
	269	mech->complete = mech->sent_checksum = FALSE;
	270	}
	271	}
	272
	273	/* Perform an initiator step of the underlying mechanism exchange. */
	274	static OM_uint32
	275	mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	276	gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req,
	277	struct negoex_message *messages, size_t nmessages,
	278	gss_buffer_t output_token, OM_uint32 *time_rec)
	279	{
	280	OM_uint32 major, first_major = 0, first_minor = 0;
	281	struct negoex_auth_mech *mech = NULL;
	282	gss_buffer_t input_token = GSS_C_NO_BUFFER;
	283	struct exchange_message *msg;
	284	int first_mech;
	285
	286	output_token->value = NULL;
	287	output_token->length = 0;
	288
	289	/* Allow disabling of optimistic token for testing. */
	290	if (ctx->negoex_step == 1 &&
	291	secure_getenv("NEGOEX_NO_OPTIMISTIC_TOKEN") != NULL)
	292	return GSS_S_COMPLETE;
	293
	294	if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
	295	*minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
	296	return GSS_S_FAILURE;
	297	}
	298
	299	/*
	300	* Get the input token. The challenge could be for the optimistic mech,
	301	* which we might have discarded in metadata exchange, so ignore the
	302	* challenge if it doesn't match the first auth mech.
	303	*/
	304	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	305	msg = negoex_locate_exchange_message(messages, nmessages, CHALLENGE);
	306	if (msg != NULL && GUID_EQ(msg->scheme, mech->scheme))
	307	input_token = &msg->token;
	308
	309	if (mech->complete)
	310	return GSS_S_COMPLETE;
	311
	312	first_mech = TRUE;
	313
	314	while (!K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
	315	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	316
	317	major = gss_init_sec_context(minor, cred, &mech->mech_context, target,
	318	mech->oid, req_flags, time_req,
	319	GSS_C_NO_CHANNEL_BINDINGS, input_token,
	320	&ctx->actual_mech, output_token,
	321	&ctx->ctx_flags, time_rec);
	322
	323	if (major == GSS_S_COMPLETE)
	324	mech->complete = 1;
	325
	326	if (!GSS_ERROR(major))
	327	return get_session_keys(minor, mech);
	328
	329	/* Remember the error we got from the first mech. */
	330	if (first_mech) {
	331	first_major = major;
	332	first_minor = *minor;
	333	}
	334
	335	/* If we still have multiple mechs to try, move on to the next one. */
	336	negoex_delete_auth_mech(ctx, mech);
	337	first_mech = FALSE;
	338	input_token = GSS_C_NO_BUFFER;
	339	}
	340
	341	if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
	342	major = first_major;
	343	*minor = first_minor;
	344	}
	345
	346	return major;
	347	}
	348
	349	/* Perform an acceptor step of the underlying mechanism exchange. */
	350	static OM_uint32
	351	mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	352	gss_cred_id_t cred, struct negoex_message *messages,
	353	size_t nmessages, gss_buffer_t output_token, OM_uint32 *time_rec)
	354	{
	355	OM_uint32 major, tmpmin;
	356	struct negoex_auth_mech *mech;
	357	struct exchange_message *msg;
	358
	359	assert(!ctx->initiate && !K5_TAILQ_EMPTY(&ctx->negoex_mechs));
	360
	361	msg = negoex_locate_exchange_message(messages, nmessages, AP_REQUEST);
	362	if (msg == NULL) {
	363	/* No input token is okay on the first request or if the mech is
	364	* complete. */
	365	if (ctx->negoex_step == 1 \|\|
	366	K5_TAILQ_FIRST(&ctx->negoex_mechs)->complete)
	367	return GSS_S_COMPLETE;
	368	*minor = ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE;
	369	return GSS_S_DEFECTIVE_TOKEN;
	370	}
	371
	372	if (ctx->negoex_step == 1) {
	373	/* Ignore the optimistic token if it isn't for our most preferred
	374	* mech. */
	375	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	376	if (!GUID_EQ(msg->scheme, mech->scheme))
	377	return GSS_S_COMPLETE;
	378	} else {
	379	/* The initiator has selected a mech; discard other entries. */
	380	mech = negoex_locate_auth_scheme(ctx, msg->scheme);
	381	if (mech == NULL) {
	382	*minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
	383	return GSS_S_FAILURE;
	384	}
	385	negoex_select_auth_mech(ctx, mech);
	386	}
	387
	388	if (mech->complete)
	389	return GSS_S_COMPLETE;
	390
	391	if (ctx->internal_name != GSS_C_NO_NAME)
	392	gss_release_name(&tmpmin, &ctx->internal_name);
	393	if (ctx->deleg_cred != GSS_C_NO_CREDENTIAL)
	394	gss_release_cred(&tmpmin, &ctx->deleg_cred);
	395
	396	major = gss_accept_sec_context(minor, &mech->mech_context, cred,
	397	&msg->token, GSS_C_NO_CHANNEL_BINDINGS,
	398	&ctx->internal_name, &ctx->actual_mech,
	399	output_token, &ctx->ctx_flags,
	400	time_rec, &ctx->deleg_cred);
	401
	402	if (major == GSS_S_COMPLETE)
	403	mech->complete = 1;
	404
	405	if (!GSS_ERROR(major)) {
	406	major = get_session_keys(minor, mech);
	407	} else if (ctx->negoex_step == 1) {
	408	/* This was an optimistic token; pretend this never happened. */
	409	major = GSS_S_COMPLETE;
	410	*minor = 0;
	411	gss_release_buffer(&tmpmin, output_token);
	412	gss_delete_sec_context(&tmpmin, &mech->mech_context, GSS_C_NO_BUFFER);
	413	}
	414
	415	return major;
	416	}
	417
	418	static krb5_keyusage
	419	verify_keyusage(spnego_gss_ctx_id_t ctx, int make_checksum)
	420	{
	421	/* Of course, these are the wrong way around in the spec. */
	422	return (ctx->initiate ^ !make_checksum) ?
	423	NEGOEX_KEYUSAGE_ACCEPTOR_CHECKSUM : NEGOEX_KEYUSAGE_INITIATOR_CHECKSUM;
	424	}
	425
	426	static OM_uint32
	427	verify_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	428	struct negoex_message *messages, size_t nmessages,
	429	gss_buffer_t input_token, int *send_alert_out)
	430	{
	431	krb5_error_code ret;
	432	struct negoex_auth_mech *mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	433	struct verify_message *msg;
	434	krb5_crypto_iov iov[3];
	435	krb5_keyusage usage = verify_keyusage(ctx, FALSE);
	436	krb5_boolean valid;
	437
	438	*send_alert_out = FALSE;
	439	assert(mech != NULL);
	440
	441	/* The other party may not be ready to send a verify token yet, or (in the
	442	* first initiator step) may send one for a mechanism we don't support. */
	443	msg = negoex_locate_verify_message(messages, nmessages);
	444	if (msg == NULL \|\| !GUID_EQ(msg->scheme, mech->scheme))
	445	return GSS_S_COMPLETE;
	446
	447	/* A recoverable error may cause us to be unable to verify a token from the
	448	* other party. In this case we should send an alert. */
	449	if (mech->verify_key.enctype == ENCTYPE_NULL) {
	450	*send_alert_out = TRUE;
	451	return GSS_S_COMPLETE;
	452	}
	453
	454	/* Verify the checksum over the existing transcript and the portion of the
	455	* input token leading up to the verify message. */
	456	assert(input_token != NULL);
	457	iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
	458	iov[0].data = make_data(ctx->negoex_transcript.data,
	459	ctx->negoex_transcript.len);
	460	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
	461	iov[1].data = make_data(input_token->value, msg->offset_in_token);
	462	iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
	463	iov[2].data = make_data((uint8_t *)msg->cksum, msg->cksum_len);
	464
	465	ret = krb5_c_verify_checksum_iov(ctx->kctx, msg->cksum_type,
	466	&mech->verify_key, usage, iov, 3, &valid);
	467	if (ret) {
	468	*minor = ret;
	469	return GSS_S_FAILURE;
	470	}
	471	if (!valid \|\| !krb5_c_is_keyed_cksum(msg->cksum_type)) {
	472	*minor = ERR_NEGOEX_INVALID_CHECKSUM;
	473	return GSS_S_BAD_SIG;
	474	}
	475
	476	mech->verified_checksum = TRUE;
	477	return GSS_S_COMPLETE;
	478	}
	479
	480	static OM_uint32
	481	make_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
	482	{
	483	krb5_error_code ret;
	484	krb5_data d;
	485	krb5_keyusage usage = verify_keyusage(ctx, TRUE);
	486	krb5_checksum cksum;
	487	struct negoex_auth_mech *mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	488
	489	assert(mech != NULL);
	490
	491	if (mech->key.enctype == ENCTYPE_NULL) {
	492	if (mech->complete) {
	493	*minor = ERR_NEGOEX_NO_VERIFY_KEY;
	494	return GSS_S_UNAVAILABLE;
	495	} else {
	496	return GSS_S_COMPLETE;
	497	}
	498	}
	499
	500	d = make_data(ctx->negoex_transcript.data, ctx->negoex_transcript.len);
	501	ret = krb5_c_make_checksum(ctx->kctx, 0, &mech->key, usage, &d, &cksum);
	502	if (ret) {
	503	*minor = ret;
	504	return GSS_S_FAILURE;
	505	}
	506
	507	negoex_add_verify_message(ctx, mech->scheme, cksum.checksum_type,
	508	cksum.contents, cksum.length);
	509
	510	mech->sent_checksum = TRUE;
	511	krb5_free_checksum_contents(ctx->kctx, &cksum);
	512	return GSS_S_COMPLETE;
	513	}
	514
	515	/* If the other side sent a VERIFY_NO_KEY pulse alert, clear the checksum state
	516	* on the mechanism so that we send another VERIFY message. */
	517	static void
	518	process_alerts(spnego_gss_ctx_id_t ctx,
	519	struct negoex_message *messages, uint32_t nmessages)
	520	{
	521	struct alert_message *msg;
	522	struct negoex_auth_mech *mech;
	523
	524	msg = negoex_locate_alert_message(messages, nmessages);
	525	if (msg != NULL && msg->verify_no_key) {
	526	mech = negoex_locate_auth_scheme(ctx, msg->scheme);
	527	if (mech != NULL) {
	528	mech->sent_checksum = FALSE;
	529	krb5_free_keyblock_contents(NULL, &mech->key);
	530	krb5_free_keyblock_contents(NULL, &mech->verify_key);
	531	}
	532	}
	533	}
	534
	535	static OM_uint32
	536	make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	537	gss_buffer_t mech_output_token, int send_alert,
	538	gss_buffer_t output_token)
	539	{
	540	OM_uint32 major;
	541	struct negoex_auth_mech *mech;
	542	enum message_type type;
	543	size_t old_transcript_len = ctx->negoex_transcript.len;
	544
	545	output_token->length = 0;
	546	output_token->value = NULL;
	547
	548	/* If the mech is complete and we previously sent a checksum, we just
	549	* processed the last leg and don't need to send another token. */
	550	if (mech_output_token->length == 0 &&
	551	K5_TAILQ_FIRST(&ctx->negoex_mechs)->sent_checksum)
	552	return GSS_S_COMPLETE;
	553
	554	if (ctx->negoex_step == 1) {
	555	if (ctx->initiate)
	556	major = emit_initiator_nego(minor, ctx);
	557	else
	558	major = emit_acceptor_nego(minor, ctx);
	559	if (major != GSS_S_COMPLETE)
	560	return major;
	561
	562	type = ctx->initiate ? INITIATOR_META_DATA : ACCEPTOR_META_DATA;
	563	K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
	564	if (mech->metadata.length > 0) {
	565	negoex_add_exchange_message(ctx, type, mech->scheme,
	566	&mech->metadata);
	567	}
	568	}
	569	}
	570
	571	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	572
	573	if (mech_output_token->length > 0) {
	574	type = ctx->initiate ? AP_REQUEST : CHALLENGE;
	575	negoex_add_exchange_message(ctx, type, mech->scheme,
	576	mech_output_token);
	577	}
	578
	579	if (send_alert)
	580	negoex_add_verify_no_key_alert(ctx, mech->scheme);
	581
	582	/* Try to add a VERIFY message if we haven't already done so. */
	583	if (!mech->sent_checksum) {
	584	major = make_checksum(minor, ctx);
	585	if (major != GSS_S_COMPLETE)
	586	return major;
	587	}
	588
	589	if (ctx->negoex_transcript.data == NULL) {
	590	*minor = ENOMEM;
	591	return GSS_S_FAILURE;
	592	}
	593
	594	/* Copy what we added to the transcript into the output token. */
	595	output_token->length = ctx->negoex_transcript.len - old_transcript_len;
	596	output_token->value = gssalloc_malloc(output_token->length);
	597	if (output_token->value == NULL) {
	598	*minor = ENOMEM;
	599	return GSS_S_FAILURE;
	600	}
	601	memcpy(output_token->value,
	602	(uint8_t *)ctx->negoex_transcript.data + old_transcript_len,
	603	output_token->length);
	604
	605	return GSS_S_COMPLETE;
	606	}
	607
	608	OM_uint32
	609	negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	610	gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
	611	gss_buffer_t input_token, gss_buffer_t output_token,
	612	OM_uint32 *time_rec)
	613	{
	614	OM_uint32 major, tmpmin;
	615	gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
	616	struct negoex_message *messages = NULL;
	617	struct negoex_auth_mech *mech;
	618	size_t nmessages = 0;
	619	int send_alert = FALSE;
	620
	621	if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
	622	input_token->length != 0)
	623	return GSS_S_DEFECTIVE_TOKEN;
	624
	625	major = negoex_prep_context_for_negoex(minor, ctx);
	626	if (major != GSS_S_COMPLETE)
	627	goto cleanup;
	628
	629	ctx->negoex_step++;
	630
	631	if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
	632	major = negoex_parse_token(minor, ctx, input_token, &messages,
	633	&nmessages);
	634	if (major != GSS_S_COMPLETE)
	635	goto cleanup;
	636	}
	637
	638	process_alerts(ctx, messages, nmessages);
	639
	640	if (ctx->negoex_step == 1) {
	641	/* Choose a random conversation ID. */
	642	major = negoex_random(minor, ctx, ctx->negoex_conv_id, GUID_LENGTH);
	643	if (major != GSS_S_COMPLETE)
	644	goto cleanup;
	645
	646	/* Query each mech for its metadata (this may prune the mech list). */
	647	query_meta_data(ctx, cred, target_name, req_flags);
	648	} else if (ctx->negoex_step == 2) {
	649	/* See if the mech processed the optimistic token. */
	650	check_optimistic_result(ctx, messages, nmessages);
	651
	652	/* Pass the acceptor metadata to each mech to prune the list. */
	653	exchange_meta_data(ctx, cred, target_name, req_flags,
	654	messages, nmessages);
	655
	656	/* Process the ACCEPTOR_NEGO message. */
	657	major = process_acceptor_nego(minor, ctx, messages, nmessages);
	658	if (major != GSS_S_COMPLETE)
	659	goto cleanup;
	660	}
	661
	662	/* Process the input token and/or produce an output token. This may prune
	663	* the mech list, but on success there will be at least one mech entry. */
	664	major = mech_init(minor, ctx, cred, target_name, req_flags, time_req,
	665	messages, nmessages, &mech_output_token, time_rec);
	666	if (major != GSS_S_COMPLETE)
	667	goto cleanup;
	668	assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs));
	669
	670	/* At this point in step 2 we have performed the metadata exchange and
	671	* chosen a mech we can use, so discard any fallback mech entries. */
	672	if (ctx->negoex_step == 2)
	673	negoex_select_auth_mech(ctx, K5_TAILQ_FIRST(&ctx->negoex_mechs));
	674
	675	major = verify_checksum(minor, ctx, messages, nmessages, input_token,
	676	&send_alert);
	677	if (major != GSS_S_COMPLETE)
	678	goto cleanup;
	679
	680	if (input_token != GSS_C_NO_BUFFER) {
	681	k5_buf_add_len(&ctx->negoex_transcript, input_token->value,
	682	input_token->length);
	683	}
	684
	685	major = make_output_token(minor, ctx, &mech_output_token, send_alert,
	686	output_token);
	687	if (major != GSS_S_COMPLETE)
	688	goto cleanup;
	689
	690	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	691	major = (mech->complete && mech->verified_checksum) ? GSS_S_COMPLETE :
	692	GSS_S_CONTINUE_NEEDED;
	693
	694	cleanup:
	695	free(messages);
	696	gss_release_buffer(&tmpmin, &mech_output_token);
	697	negoex_prep_context_for_spnego(ctx);
	698	return major;
	699	}
	700
	701	OM_uint32
	702	negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
	703	gss_buffer_t input_token, gss_buffer_t output_token,
	704	OM_uint32 *time_rec)
	705	{
	706	OM_uint32 major, tmpmin;
	707	gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
	708	struct negoex_message *messages = NULL;
	709	struct negoex_auth_mech *mech;
	710	size_t nmessages;
	711	int send_alert = FALSE;
	712
	713	if (input_token == GSS_C_NO_BUFFER \|\| input_token->length == 0) {
	714	major = GSS_S_DEFECTIVE_TOKEN;
	715	goto cleanup;
	716	}
	717
	718	major = negoex_prep_context_for_negoex(minor, ctx);
	719	if (major != GSS_S_COMPLETE)
	720	goto cleanup;
	721
	722	ctx->negoex_step++;
	723
	724	major = negoex_parse_token(minor, ctx, input_token, &messages, &nmessages);
	725	if (major != GSS_S_COMPLETE)
	726	goto cleanup;
	727
	728	process_alerts(ctx, messages, nmessages);
	729
	730	if (ctx->negoex_step == 1) {
	731	/* Read the INITIATOR_NEGO message to prune the candidate mech list. */
	732	major = process_initiator_nego(minor, ctx, messages, nmessages);
	733	if (major != GSS_S_COMPLETE)
	734	goto cleanup;
	735
	736	/*
	737	* Pass the initiator metadata to each mech to prune the list, and
	738	* query each mech for its acceptor metadata (which may also prune the
	739	* list).
	740	*/
	741	exchange_meta_data(ctx, cred, GSS_C_NO_NAME, 0, messages, nmessages);
	742	query_meta_data(ctx, cred, GSS_C_NO_NAME, 0);
	743
	744	if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
	745	*minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
	746	major = GSS_S_FAILURE;
	747	goto cleanup;
	748	}
	749	}
	750
	751	/*
	752	* Process the input token and possibly produce an output token. This may
	753	* prune the list to a single mech. Continue on error if an output token
	754	* is generated, so that we send the token to the initiator.
	755	*/
	756	major = mech_accept(minor, ctx, cred, messages, nmessages,
	757	&mech_output_token, time_rec);
	758	if (major != GSS_S_COMPLETE && mech_output_token.length == 0)
	759	goto cleanup;
	760
	761	if (major == GSS_S_COMPLETE) {
	762	major = verify_checksum(minor, ctx, messages, nmessages, input_token,
	763	&send_alert);
	764	if (major != GSS_S_COMPLETE)
	765	goto cleanup;
	766	}
	767
	768	k5_buf_add_len(&ctx->negoex_transcript,
	769	input_token->value, input_token->length);
	770
	771	major = make_output_token(minor, ctx, &mech_output_token, send_alert,
	772	output_token);
	773	if (major != GSS_S_COMPLETE)
	774	goto cleanup;
	775
	776	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	777	major = (mech->complete && mech->verified_checksum) ? GSS_S_COMPLETE :
	778	GSS_S_CONTINUE_NEEDED;
	779
	780	cleanup:
	781	free(messages);
	782	gss_release_buffer(&tmpmin, &mech_output_token);
	783	negoex_prep_context_for_spnego(ctx);
	784	return major;
	785	}

+121

-0

src/lib/gssapi/spnego/negoex_trace.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2011-2018 PADL Software Pty Ltd.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	#include "gssapiP_spnego.h"
	32
	33	static int
	34	guid_to_string(const uint8_t guid[16], char *buffer, size_t bufsiz)
	35	{
	36	uint32_t data1;
	37	uint16_t data2, data3;
	38
	39	data1 = load_32_le(guid);
	40	data2 = load_16_le(guid + 4);
	41	data3 = load_16_le(guid + 6);
	42
	43	return snprintf(buffer, bufsiz,
	44	"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
	45	data1, data2, data3, guid[8], guid[9], guid[10], guid[11],
	46	guid[12], guid[13], guid[14], guid[15]);
	47	}
	48
	49	static void
	50	trace_auth_scheme(spnego_gss_ctx_id_t ctx, const char *prefix, int ind,
	51	const auth_scheme scheme)
	52	{
	53	char trace_msg[128];
	54	char szAuthScheme[37];
	55
	56	guid_to_string(scheme, szAuthScheme, sizeof(szAuthScheme));
	57
	58	snprintf(trace_msg, sizeof(trace_msg),
	59	"NEGOEXTS: %20s[%02u] -- AuthScheme %s",
	60	prefix, ind, szAuthScheme);
	61	TRACE_NEGOEX_AUTH_SCHEMES(ctx->kctx, trace_msg);
	62	}
	63
	64	void
	65	negoex_trace_auth_schemes(spnego_gss_ctx_id_t ctx, const char *prefix,
	66	const uint8_t *schemes, uint16_t nschemes)
	67	{
	68	uint16_t i;
	69
	70	for (i = 0; i < nschemes; i++)
	71	trace_auth_scheme(ctx, prefix, i, schemes + i * GUID_LENGTH);
	72	}
	73
	74	void
	75	negoex_trace_ctx_auth_schemes(spnego_gss_ctx_id_t ctx, const char *prefix)
	76	{
	77	negoex_auth_mech_t mech;
	78	int ind = 0;
	79
	80	K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links)
	81	trace_auth_scheme(ctx, prefix, ind++, mech->scheme);
	82	}
	83
	84	void
	85	negoex_trace_message(spnego_gss_ctx_id_t ctx, int direction,
	86	enum message_type type, const conversation_id conv_id,
	87	unsigned int seqnum, unsigned int header_len,
	88	unsigned int msg_len)
	89	{
	90	char trace_msg[128];
	91	char conv_str[37];
	92	char *typestr;
	93
	94	if (type == INITIATOR_NEGO)
	95	typestr = "INITIATOR_NEGO";
	96	else if (type == ACCEPTOR_NEGO)
	97	typestr = "ACCEPTOR_NEGO";
	98	else if (type == INITIATOR_META_DATA)
	99	typestr = "INITIATOR_META_DATA";
	100	else if (type == ACCEPTOR_META_DATA)
	101	typestr = "ACCEPTOR_META_DATA";
	102	else if (type == CHALLENGE)
	103	typestr = "CHALLENGE";
	104	else if (type == AP_REQUEST)
	105	typestr = "AP_REQUEST";
	106	else if (type == VERIFY)
	107	typestr = "VERIFY";
	108	else if (type == ALERT)
	109	typestr = "ALERT";
	110	else
	111	typestr = "UNKNOWN";
	112
	113	guid_to_string(conv_id, conv_str, sizeof(conv_str));
	114	snprintf(trace_msg, sizeof(trace_msg),
	115	"NEGOEXTS%c %20s[%02u] -- ConvId %s HdrLength %u MsgLength %u",
	116	direction ? '<' : '>', typestr, seqnum, conv_str, header_len,
	117	msg_len);
	118
	119	TRACE_NEGOEX_MESSAGE(ctx->kctx, trace_msg);
	120	}

+812

-0

src/lib/gssapi/spnego/negoex_util.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2011-2018 PADL Software Pty Ltd.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	#include "gssapiP_spnego.h"
	32	#include <generic/gssapiP_generic.h>
	33	#include "k5-input.h"
	34
	35	static void
	36	release_auth_mech(struct negoex_auth_mech *mech);
	37
	38	OM_uint32
	39	negoex_random(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	40	uint8_t *data, size_t length)
	41	{
	42	krb5_data d = make_data(data, length);
	43
	44	*minor = krb5_c_random_make_octets(ctx->kctx, &d);
	45	return *minor ? GSS_S_FAILURE : GSS_S_COMPLETE;
	46	}
	47
	48	/*
	49	* SPNEGO functions expect to find the active mech context in ctx->ctx_handle,
	50	* but the metadata exchange APIs force us to have one mech context per mech
	51	* entry. To address this mismatch, move the active mech context (if we have
	52	* one) to ctx->ctx_handle at the end of NegoEx processing.
	53	*/
	54	void
	55	negoex_prep_context_for_spnego(spnego_gss_ctx_id_t ctx)
	56	{
	57	struct negoex_auth_mech *mech;
	58
	59	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	60	if (mech == NULL \|\| mech->mech_context == GSS_C_NO_CONTEXT)
	61	return;
	62
	63	assert(ctx->ctx_handle == GSS_C_NO_CONTEXT);
	64	ctx->ctx_handle = mech->mech_context;
	65	mech->mech_context = GSS_C_NO_CONTEXT;
	66	}
	67
	68	OM_uint32
	69	negoex_prep_context_for_negoex(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
	70	{
	71	krb5_error_code ret;
	72	struct negoex_auth_mech *mech;
	73
	74	if (ctx->kctx != NULL) {
	75	/* The context is already initialized for NegoEx. Undo what
	76	* negoex_prep_for_spnego() did, if applicable. */
	77	if (ctx->ctx_handle != GSS_C_NO_CONTEXT) {
	78	mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
	79	assert(mech != NULL && mech->mech_context == GSS_C_NO_CONTEXT);
	80	mech->mech_context = ctx->ctx_handle;
	81	ctx->ctx_handle = GSS_C_NO_CONTEXT;
	82	}
	83	return GSS_S_COMPLETE;
	84	}
	85
	86	/* Initialize the NegoEX context fields. (negoex_mechs is already set up
	87	* by SPNEGO.) */
	88	ret = krb5_init_context(&ctx->kctx);
	89	if (ret) {
	90	*minor = ret;
	91	return GSS_S_FAILURE;
	92	}
	93
	94	k5_buf_init_dynamic(&ctx->negoex_transcript);
	95
	96	return GSS_S_COMPLETE;
	97	}
	98
	99	static void
	100	release_all_mechs(spnego_gss_ctx_id_t ctx)
	101	{
	102	struct negoex_auth_mech mech, next;
	103
	104	K5_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next)
	105	release_auth_mech(mech);
	106	K5_TAILQ_INIT(&ctx->negoex_mechs);
	107	}
	108
	109	void
	110	negoex_release_context(spnego_gss_ctx_id_t ctx)
	111	{
	112	k5_buf_free(&ctx->negoex_transcript);
	113	release_all_mechs(ctx);
	114	krb5_free_context(ctx->kctx);
	115	ctx->kctx = NULL;
	116	}
	117
	118	static const char *
	119	typestr(enum message_type type)
	120	{
	121	if (type == INITIATOR_NEGO)
	122	return "INITIATOR_NEGO";
	123	else if (type == ACCEPTOR_NEGO)
	124	return "ACCEPTOR_NEGO";
	125	else if (type == INITIATOR_META_DATA)
	126	return "INITIATOR_META_DATA";
	127	else if (type == ACCEPTOR_META_DATA)
	128	return "ACCEPTOR_META_DATA";
	129	else if (type == CHALLENGE)
	130	return "CHALLENGE";
	131	else if (type == AP_REQUEST)
	132	return "AP_REQUEST";
	133	else if (type == VERIFY)
	134	return "VERIFY";
	135	else if (type == ALERT)
	136	return "ALERT";
	137	else
	138	return "UNKNOWN";
	139	}
	140
	141	static void
	142	add_guid(struct k5buf *buf, const uint8_t guid[GUID_LENGTH])
	143	{
	144	uint32_t data1 = load_32_le(guid);
	145	uint16_t data2 = load_16_le(guid + 4), data3 = load_16_le(guid + 6);
	146
	147	k5_buf_add_fmt(buf, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
	148	data1, data2, data3, guid[8], guid[9], guid[10], guid[11],
	149	guid[12], guid[13], guid[14], guid[15]);
	150	}
	151
	152	static char *
	153	guid_to_string(const uint8_t guid[GUID_LENGTH])
	154	{
	155	struct k5buf buf;
	156
	157	k5_buf_init_dynamic(&buf);
	158	add_guid(&buf, guid);
	159	return buf.data;
	160	}
	161
	162	/* Check that the described vector lies within the message, and return a
	163	* pointer to its first element. */
	164	static inline const uint8_t *
	165	vector_base(size_t offset, size_t count, size_t width,
	166	const uint8_t *msg_base, size_t msg_len)
	167	{
	168	if (offset > msg_len \|\| count > (msg_len - offset) / width)
	169	return NULL;
	170	return msg_base + offset;
	171	}
	172
	173	/* Trace a received message. Call after the context sequence number is
	174	* incremented. */
	175	static void
	176	trace_received_message(spnego_gss_ctx_id_t ctx,
	177	const struct negoex_message *msg)
	178	{
	179	struct k5buf buf;
	180	uint16_t i;
	181	char *info = NULL;
	182
	183	if (msg->type == INITIATOR_NEGO \|\| msg->type == ACCEPTOR_NEGO) {
	184	k5_buf_init_dynamic(&buf);
	185	for (i = 0; i < msg->u.n.nschemes; i++) {
	186	add_guid(&buf, msg->u.n.schemes + i * GUID_LENGTH);
	187	if (i + 1 < msg->u.n.nschemes)
	188	k5_buf_add(&buf, " ");
	189	}
	190	info = buf.data;
	191	} else if (msg->type == INITIATOR_META_DATA \|\|
	192	msg->type == ACCEPTOR_META_DATA \|\|
	193	msg->type == CHALLENGE \|\| msg->type == AP_REQUEST) {
	194	info = guid_to_string(msg->u.e.scheme);
	195	} else if (msg->type == VERIFY) {
	196	info = guid_to_string(msg->u.v.scheme);
	197	} else if (msg->type == ALERT) {
	198	info = guid_to_string(msg->u.a.scheme);
	199	}
	200
	201	if (info == NULL)
	202	return;
	203
	204	TRACE_NEGOEX_INCOMING(ctx->kctx, ctx->negoex_seqnum - 1,
	205	typestr(msg->type), info);
	206	free(info);
	207	}
	208
	209	/* Trace an outgoing message with a GUID info string. Call after the context
	210	* sequence number is incremented. */
	211	static void
	212	trace_outgoing_message(spnego_gss_ctx_id_t ctx, enum message_type type,
	213	const uint8_t guid[GUID_LENGTH])
	214	{
	215	char *info = guid_to_string(guid);
	216
	217	if (info == NULL)
	218	return;
	219	TRACE_NEGOEX_OUTGOING(ctx->kctx, ctx->negoex_seqnum - 1, typestr(type),
	220	info);
	221	free(info);
	222	}
	223
	224	static OM_uint32
	225	parse_nego_message(OM_uint32 minor, struct k5input in,
	226	const uint8_t *msg_base, size_t msg_len,
	227	struct nego_message *msg)
	228	{
	229	const uint8_t *p;
	230	uint64_t protocol_version;
	231	uint32_t extension_type;
	232	size_t offset, count, i;
	233
	234	p = k5_input_get_bytes(in, sizeof(msg->random));
	235	if (p != NULL)
	236	memcpy(msg->random, p, sizeof(msg->random));
	237	protocol_version = k5_input_get_uint64_le(in);
	238	if (protocol_version != 0) {
	239	*minor = ERR_NEGOEX_UNSUPPORTED_VERSION;
	240	return GSS_S_UNAVAILABLE;
	241	}
	242
	243	offset = k5_input_get_uint32_le(in);
	244	count = k5_input_get_uint16_le(in);
	245	msg->schemes = vector_base(offset, count, GUID_LENGTH, msg_base, msg_len);
	246	msg->nschemes = count;
	247	if (msg->schemes == NULL) {
	248	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	249	return GSS_S_DEFECTIVE_TOKEN;
	250	}
	251
	252	offset = k5_input_get_uint32_le(in);
	253	count = k5_input_get_uint16_le(in);
	254	p = vector_base(offset, count, EXTENSION_LENGTH, msg_base, msg_len);
	255	for (i = 0; i < count; i++) {
	256	extension_type = load_32_le(p + i * EXTENSION_LENGTH);
	257	if (extension_type & EXTENSION_FLAG_CRITICAL) {
	258	*minor = ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION;
	259	return GSS_S_UNAVAILABLE;
	260	}
	261	}
	262
	263	return GSS_S_COMPLETE;
	264	}
	265
	266	static OM_uint32
	267	parse_exchange_message(OM_uint32 minor, struct k5input in,
	268	const uint8_t *msg_base, size_t msg_len,
	269	struct exchange_message *msg)
	270	{
	271	const uint8_t *p;
	272	size_t offset, len;
	273
	274	p = k5_input_get_bytes(in, GUID_LENGTH);
	275	if (p != NULL)
	276	memcpy(msg->scheme, p, GUID_LENGTH);
	277
	278	offset = k5_input_get_uint32_le(in);
	279	len = k5_input_get_uint32_le(in);
	280	p = vector_base(offset, len, 1, msg_base, msg_len);
	281	if (p == NULL) {
	282	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	283	return GSS_S_DEFECTIVE_TOKEN;
	284	}
	285	msg->token.value = (void *)p;
	286	msg->token.length = len;
	287
	288	return GSS_S_COMPLETE;
	289	}
	290
	291	static OM_uint32
	292	parse_verify_message(OM_uint32 minor, struct k5input in,
	293	const uint8_t *msg_base, size_t msg_len,
	294	size_t token_offset, struct verify_message *msg)
	295	{
	296	const uint8_t *p;
	297	size_t offset, len;
	298	uint32_t hdrlen, cksum_scheme;
	299
	300	p = k5_input_get_bytes(in, GUID_LENGTH);
	301	if (p != NULL)
	302	memcpy(msg->scheme, p, GUID_LENGTH);
	303
	304	hdrlen = k5_input_get_uint32_le(in);
	305	if (hdrlen != CHECKSUM_HEADER_LENGTH) {
	306	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	307	return GSS_S_DEFECTIVE_TOKEN;
	308	}
	309	cksum_scheme = k5_input_get_uint32_le(in);
	310	if (cksum_scheme != CHECKSUM_SCHEME_RFC3961) {
	311	*minor = ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME;
	312	return GSS_S_UNAVAILABLE;
	313	}
	314	msg->cksum_type = k5_input_get_uint32_le(in);
	315
	316	offset = k5_input_get_uint32_le(in);
	317	len = k5_input_get_uint32_le(in);
	318	msg->cksum = vector_base(offset, len, 1, msg_base, msg_len);
	319	msg->cksum_len = len;
	320	if (msg->cksum == NULL) {
	321	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	322	return GSS_S_DEFECTIVE_TOKEN;
	323	}
	324
	325	msg->offset_in_token = token_offset;
	326	return GSS_S_COMPLETE;
	327	}
	328
	329	static OM_uint32
	330	parse_alert_message(OM_uint32 minor, struct k5input in,
	331	const uint8_t *msg_base, size_t msg_len,
	332	struct alert_message *msg)
	333	{
	334	const uint8_t *p;
	335	uint32_t atype, reason;
	336	size_t alerts_offset, nalerts, value_offset, value_len, i;
	337	struct k5input alerts_in, pulse_in;
	338
	339	p = k5_input_get_bytes(in, GUID_LENGTH);
	340	if (p != NULL)
	341	memcpy(msg->scheme, p, GUID_LENGTH);
	342	(void)k5_input_get_uint32_le(in); /* skip over ErrorCode */
	343	alerts_offset = k5_input_get_uint32_le(in);
	344	nalerts = k5_input_get_uint32_le(in);
	345	p = vector_base(alerts_offset, nalerts, ALERT_LENGTH, msg_base, msg_len);
	346	if (p == NULL) {
	347	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	348	return GSS_S_DEFECTIVE_TOKEN;
	349	}
	350
	351	/* Look for a VERIFY_NO_KEY pulse alert in the alerts vector. */
	352	msg->verify_no_key = FALSE;
	353	k5_input_init(&alerts_in, p, nalerts * ALERT_LENGTH);
	354	for (i = 0; i < nalerts; i++) {
	355	atype = k5_input_get_uint32_le(&alerts_in);
	356	value_offset = k5_input_get_uint32_le(&alerts_in);
	357	value_len = k5_input_get_uint32_le(&alerts_in);
	358	p = vector_base(value_offset, value_len, 1, msg_base, msg_len);
	359	if (p == NULL) {
	360	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	361	return GSS_S_DEFECTIVE_TOKEN;
	362	}
	363
	364	if (atype == ALERT_TYPE_PULSE && value_len >= ALERT_PULSE_LENGTH) {
	365	k5_input_init(&pulse_in, p, value_len);
	366	(void)k5_input_get_uint32_le(&pulse_in); /* skip header length */
	367	reason = k5_input_get_uint32_le(&pulse_in);
	368	if (reason == ALERT_VERIFY_NO_KEY)
	369	msg->verify_no_key = TRUE;
	370	}
	371	}
	372
	373	return GSS_S_COMPLETE;
	374	}
	375
	376	static OM_uint32
	377	parse_message(OM_uint32 minor, spnego_gss_ctx_id_t ctx, struct k5input in,
	378	const uint8_t token_base, struct negoex_message msg)
	379	{
	380	OM_uint32 major;
	381	const uint8_t msg_base = in->ptr, conv_id;
	382	size_t token_remaining = in->len, header_len, msg_len;
	383	uint64_t signature;
	384	uint32_t type, seqnum;
	385
	386	signature = k5_input_get_uint64_le(in);
	387	type = k5_input_get_uint32_le(in);
	388	seqnum = k5_input_get_uint32_le(in);
	389	header_len = k5_input_get_uint32_le(in);
	390	msg_len = k5_input_get_uint32_le(in);
	391	conv_id = k5_input_get_bytes(in, GUID_LENGTH);
	392
	393	if (in->status \|\| msg_len > token_remaining \|\| header_len > msg_len) {
	394	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	395	return GSS_S_DEFECTIVE_TOKEN;
	396	}
	397	if (signature != MESSAGE_SIGNATURE) {
	398	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE;
	399	return GSS_S_DEFECTIVE_TOKEN;
	400	}
	401	if (seqnum != ctx->negoex_seqnum) {
	402	*minor = ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE;
	403	return GSS_S_DEFECTIVE_TOKEN;
	404	}
	405	if (seqnum == 0) {
	406	memcpy(ctx->negoex_conv_id, conv_id, GUID_LENGTH);
	407	} else if (!GUID_EQ(conv_id, ctx->negoex_conv_id)) {
	408	*minor = ERR_NEGOEX_INVALID_CONVERSATION_ID;
	409	return GSS_S_DEFECTIVE_TOKEN;
	410	}
	411
	412	/* Restrict the input region to the header. */
	413	in->len = header_len - (in->ptr - msg_base);
	414
	415	msg->type = type;
	416	if (type == INITIATOR_NEGO \|\| type == ACCEPTOR_NEGO) {
	417	major = parse_nego_message(minor, in, msg_base, msg_len, &msg->u.n);
	418	} else if (type == INITIATOR_META_DATA \|\| type == ACCEPTOR_META_DATA \|\|
	419	type == CHALLENGE \|\| type == AP_REQUEST) {
	420	major = parse_exchange_message(minor, in, msg_base, msg_len,
	421	&msg->u.e);
	422	} else if (type == VERIFY) {
	423	major = parse_verify_message(minor, in, msg_base, msg_len,
	424	msg_base - token_base, &msg->u.v);
	425	} else if (type == ALERT) {
	426	major = parse_alert_message(minor, in, msg_base, msg_len, &msg->u.a);
	427	} else {
	428	*minor = ERR_NEGOEX_INVALID_MESSAGE_TYPE;
	429	return GSS_S_DEFECTIVE_TOKEN;
	430	}
	431	if (major != GSS_S_COMPLETE)
	432	return major;
	433
	434	/* Reset the input buffer to the remainder of the token. */
	435	if (!in->status)
	436	k5_input_init(in, msg_base + msg_len, token_remaining - msg_len);
	437
	438	ctx->negoex_seqnum++;
	439	trace_received_message(ctx, msg);
	440	return GSS_S_COMPLETE;
	441	}
	442
	443	/*
	444	* Parse token into an array of negoex_message structures. All pointer fields
	445	* within the parsed messages are aliases into token, so the result can be
	446	* freed with free(). An unknown protocol version, a critical extension, or an
	447	* unknown checksum scheme will cause a parsing failure. Increment the
	448	* sequence number in ctx for each message, and record and check the
	449	* conversation ID in ctx as appropriate.
	450	*/
	451	OM_uint32
	452	negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	453	gss_const_buffer_t token,
	454	struct negoex_message *messages_out, size_t count_out)
	455	{
	456	OM_uint32 major;
	457	size_t count = 0;
	458	struct k5input in;
	459	struct negoex_message messages = NULL, newptr;
	460
	461	*messages_out = NULL;
	462	*count_out = 0;
	463	assert(token != GSS_C_NO_BUFFER);
	464	k5_input_init(&in, token->value, token->length);
	465
	466	while (in.status == 0 && in.len > 0) {
	467	newptr = realloc(messages, (count + 1) * sizeof(*newptr));
	468	if (newptr == NULL) {
	469	free(messages);
	470	*minor = ENOMEM;
	471	return GSS_S_FAILURE;
	472	}
	473	messages = newptr;
	474
	475	major = parse_message(minor, ctx, &in, token->value, &messages[count]);
	476	if (major != GSS_S_COMPLETE)
	477	break;
	478
	479	count++;
	480	}
	481
	482	if (in.status) {
	483	*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
	484	major = GSS_S_DEFECTIVE_TOKEN;
	485	}
	486	if (major != GSS_S_COMPLETE) {
	487	free(messages);
	488	return major;
	489	}
	490
	491	*messages_out = messages;
	492	*count_out = count;
	493	return GSS_S_COMPLETE;
	494	}
	495
	496	static struct negoex_message *
	497	locate_message(struct negoex_message *messages, size_t nmessages,
	498	enum message_type type)
	499	{
	500	uint32_t i;
	501
	502	for (i = 0; i < nmessages; i++) {
	503	if (messages[i].type == type)
	504	return &messages[i];
	505	}
	506
	507	return NULL;
	508	}
	509
	510	struct nego_message *
	511	negoex_locate_nego_message(struct negoex_message *messages, size_t nmessages,
	512	enum message_type type)
	513	{
	514	struct negoex_message *msg = locate_message(messages, nmessages, type);
	515
	516	return (msg == NULL) ? NULL : &msg->u.n;
	517	}
	518
	519	struct exchange_message *
	520	negoex_locate_exchange_message(struct negoex_message *messages,
	521	size_t nmessages, enum message_type type)
	522	{
	523	struct negoex_message *msg = locate_message(messages, nmessages, type);
	524
	525	return (msg == NULL) ? NULL : &msg->u.e;
	526	}
	527
	528	struct verify_message *
	529	negoex_locate_verify_message(struct negoex_message *messages,
	530	size_t nmessages)
	531	{
	532	struct negoex_message *msg = locate_message(messages, nmessages, VERIFY);
	533
	534	return (msg == NULL) ? NULL : &msg->u.v;
	535	}
	536
	537	struct alert_message *
	538	negoex_locate_alert_message(struct negoex_message *messages, size_t nmessages)
	539	{
	540	struct negoex_message *msg = locate_message(messages, nmessages, ALERT);
	541
	542	return (msg == NULL) ? NULL : &msg->u.a;
	543	}
	544
	545	/*
	546	* Add the encoding of a MESSAGE_HEADER structure to buf, given the number of
	547	* bytes of the payload following the full header. Increment the sequence
	548	* number in ctx. Set *payload_start_out to the position of the payload within
	549	* the message.
	550	*/
	551	static void
	552	put_message_header(spnego_gss_ctx_id_t ctx, enum message_type type,
	553	uint32_t payload_len, uint32_t *payload_start_out)
	554	{
	555	size_t header_len;
	556
	557	if (type == INITIATOR_NEGO \|\| type == ACCEPTOR_NEGO)
	558	header_len = NEGO_MESSAGE_HEADER_LENGTH;
	559	else if (type == INITIATOR_META_DATA \|\| type == ACCEPTOR_META_DATA \|\|
	560	type == CHALLENGE \|\| type == AP_REQUEST)
	561	header_len = EXCHANGE_MESSAGE_HEADER_LENGTH;
	562	else if (type == VERIFY)
	563	header_len = VERIFY_MESSAGE_HEADER_LENGTH;
	564	else if (type == ALERT)
	565	header_len = ALERT_MESSAGE_HEADER_LENGTH;
	566	else
	567	abort();
	568
	569	k5_buf_add_uint64_le(&ctx->negoex_transcript, MESSAGE_SIGNATURE);
	570	k5_buf_add_uint32_le(&ctx->negoex_transcript, type);
	571	k5_buf_add_uint32_le(&ctx->negoex_transcript, ctx->negoex_seqnum++);
	572	k5_buf_add_uint32_le(&ctx->negoex_transcript, header_len);
	573	k5_buf_add_uint32_le(&ctx->negoex_transcript, header_len + payload_len);
	574	k5_buf_add_len(&ctx->negoex_transcript, ctx->negoex_conv_id, GUID_LENGTH);
	575
	576	*payload_start_out = header_len;
	577	}
	578
	579	void
	580	negoex_add_nego_message(spnego_gss_ctx_id_t ctx, enum message_type type,
	581	uint8_t random[32])
	582	{
	583	struct negoex_auth_mech *mech;
	584	uint32_t payload_start, seqnum = ctx->negoex_seqnum;
	585	uint16_t nschemes;
	586	struct k5buf buf;
	587
	588	nschemes = 0;
	589	K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links)
	590	nschemes++;
	591
	592	put_message_header(ctx, type, nschemes * GUID_LENGTH, &payload_start);
	593	k5_buf_add_len(&ctx->negoex_transcript, random, 32);
	594	/* ProtocolVersion */
	595	k5_buf_add_uint64_le(&ctx->negoex_transcript, 0);
	596	/* AuthSchemes vector */
	597	k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
	598	k5_buf_add_uint16_le(&ctx->negoex_transcript, nschemes);
	599	/* Extensions vector */
	600	k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
	601	k5_buf_add_uint16_le(&ctx->negoex_transcript, 0);
	602	/* Four bytes of padding to reach a multiple of 8 bytes. */
	603	k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0", 4);
	604
	605	/* Payload (auth schemes); also build guid string for tracing. */
	606	k5_buf_init_dynamic(&buf);
	607	K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
	608	k5_buf_add_len(&ctx->negoex_transcript, mech->scheme, GUID_LENGTH);
	609	add_guid(&buf, mech->scheme);
	610	k5_buf_add(&buf, " ");
	611	}
	612
	613	if (buf.len > 0) {
	614	k5_buf_truncate(&buf, buf.len - 1);
	615	TRACE_NEGOEX_OUTGOING(ctx->kctx, seqnum, typestr(type), buf.data);
	616	k5_buf_free(&buf);
	617	}
	618	}
	619
	620	void
	621	negoex_add_exchange_message(spnego_gss_ctx_id_t ctx, enum message_type type,
	622	const auth_scheme scheme, gss_buffer_t token)
	623	{
	624	uint32_t payload_start;
	625
	626	put_message_header(ctx, type, token->length, &payload_start);
	627	k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
	628	/* Exchange byte vector */
	629	k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
	630	k5_buf_add_uint32_le(&ctx->negoex_transcript, token->length);
	631	/* Payload (token) */
	632	k5_buf_add_len(&ctx->negoex_transcript, token->value, token->length);
	633
	634	trace_outgoing_message(ctx, type, scheme);
	635	}
	636
	637	void
	638	negoex_add_verify_message(spnego_gss_ctx_id_t ctx, const auth_scheme scheme,
	639	uint32_t cksum_type, const uint8_t *cksum,
	640	uint32_t cksum_len)
	641	{
	642	uint32_t payload_start;
	643
	644	put_message_header(ctx, VERIFY, cksum_len, &payload_start);
	645	k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
	646	k5_buf_add_uint32_le(&ctx->negoex_transcript, CHECKSUM_HEADER_LENGTH);
	647	k5_buf_add_uint32_le(&ctx->negoex_transcript, CHECKSUM_SCHEME_RFC3961);
	648	k5_buf_add_uint32_le(&ctx->negoex_transcript, cksum_type);
	649	/* ChecksumValue vector */
	650	k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
	651	k5_buf_add_uint32_le(&ctx->negoex_transcript, cksum_len);
	652	/* Four bytes of padding to reach a multiple of 8 bytes. */
	653	k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0", 4);
	654	/* Payload (checksum contents) */
	655	k5_buf_add_len(&ctx->negoex_transcript, cksum, cksum_len);
	656
	657	trace_outgoing_message(ctx, VERIFY, scheme);
	658	}
	659
	660	/* Add an ALERT_MESSAGE containing a single ALERT_TYPE_PULSE alert with the
	661	* reason ALERT_VERIFY_NO_KEY. */
	662	void
	663	negoex_add_verify_no_key_alert(spnego_gss_ctx_id_t ctx,
	664	const auth_scheme scheme)
	665	{
	666	uint32_t payload_start;
	667
	668	put_message_header(ctx, ALERT, ALERT_LENGTH + ALERT_PULSE_LENGTH,
	669	&payload_start);
	670	k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
	671	/* ErrorCode */
	672	k5_buf_add_uint32_le(&ctx->negoex_transcript, 0);
	673	/* Alerts vector */
	674	k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
	675	k5_buf_add_uint16_le(&ctx->negoex_transcript, 1);
	676	/* Six bytes of padding to reach a multiple of 8 bytes. */
	677	k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0\0\0", 6);
	678	/* Payload part 1: a single ALERT element */
	679	k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_TYPE_PULSE);
	680	k5_buf_add_uint32_le(&ctx->negoex_transcript,
	681	payload_start + ALERT_LENGTH);
	682	k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_PULSE_LENGTH);
	683	/* Payload part 2: ALERT_PULSE */
	684	k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_PULSE_LENGTH);
	685	k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_VERIFY_NO_KEY);
	686
	687	trace_outgoing_message(ctx, ALERT, scheme);
	688	}
	689
	690	static void
	691	release_auth_mech(struct negoex_auth_mech *mech)
	692	{
	693	OM_uint32 tmpmin;
	694
	695	if (mech == NULL)
	696	return;
	697
	698	gss_delete_sec_context(&tmpmin, &mech->mech_context, NULL);
	699	generic_gss_release_oid(&tmpmin, &mech->oid);
	700	gss_release_buffer(&tmpmin, &mech->metadata);
	701	krb5_free_keyblock_contents(NULL, &mech->key);
	702	krb5_free_keyblock_contents(NULL, &mech->verify_key);
	703
	704	free(mech);
	705	}
	706
	707	void
	708	negoex_delete_auth_mech(spnego_gss_ctx_id_t ctx,
	709	struct negoex_auth_mech *mech)
	710	{
	711	K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
	712	release_auth_mech(mech);
	713	}
	714
	715	/* Remove all auth mech entries except for mech from ctx->mechs. */
	716	void
	717	negoex_select_auth_mech(spnego_gss_ctx_id_t ctx,
	718	struct negoex_auth_mech *mech)
	719	{
	720	assert(mech != NULL);
	721	K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
	722	release_all_mechs(ctx);
	723	K5_TAILQ_INSERT_HEAD(&ctx->negoex_mechs, mech, links);
	724	}
	725
	726	OM_uint32
	727	negoex_add_auth_mech(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
	728	gss_const_OID oid, auth_scheme scheme)
	729	{
	730	OM_uint32 major;
	731	struct negoex_auth_mech *mech;
	732
	733	mech = calloc(1, sizeof(*mech));
	734	if (mech == NULL) {
	735	*minor = ENOMEM;
	736	return GSS_S_FAILURE;
	737	}
	738
	739	major = generic_gss_copy_oid(minor, (gss_OID)oid, &mech->oid);
	740	if (major != GSS_S_COMPLETE) {
	741	free(mech);
	742	return major;
	743	}
	744
	745	memcpy(mech->scheme, scheme, GUID_LENGTH);
	746
	747	K5_TAILQ_INSERT_TAIL(&ctx->negoex_mechs, mech, links);
	748
	749	*minor = 0;
	750	return GSS_S_COMPLETE;
	751	}
	752
	753	struct negoex_auth_mech *
	754	negoex_locate_auth_scheme(spnego_gss_ctx_id_t ctx, const auth_scheme scheme)
	755	{
	756	struct negoex_auth_mech *mech;
	757
	758	K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
	759	if (GUID_EQ(mech->scheme, scheme))
	760	return mech;
	761	}
	762
	763	return NULL;
	764	}
	765
	766	/* Prune ctx->mechs to the schemes present in schemes, and reorder them to
	767	* match its order. */
	768	void
	769	negoex_common_auth_schemes(spnego_gss_ctx_id_t ctx,
	770	const uint8_t *schemes, uint16_t nschemes)
	771	{
	772	struct negoex_mech_list list;
	773	struct negoex_auth_mech *mech;
	774	uint16_t i;
	775
	776	/* Construct a new list in the order of schemes. */
	777	K5_TAILQ_INIT(&list);
	778	for (i = 0; i < nschemes; i++) {
	779	mech = negoex_locate_auth_scheme(ctx, schemes + i * GUID_LENGTH);
	780	if (mech == NULL)
	781	continue;
	782	K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
	783	K5_TAILQ_INSERT_TAIL(&list, mech, links);
	784	}
	785
	786	/* Release any leftover entries and replace the context list. */
	787	release_all_mechs(ctx);
	788	K5_TAILQ_CONCAT(&ctx->negoex_mechs, &list, links);
	789	}
	790
	791	/* Prune ctx->mechs to the schemes present in schemes, but do not change
	792	* their order. */
	793	void
	794	negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx,
	795	const uint8_t *schemes, uint16_t nschemes)
	796	{
	797	struct negoex_auth_mech mech, next;
	798	uint16_t i;
	799	int found;
	800
	801	K5_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next) {
	802	found = FALSE;
	803	for (i = 0; i < nschemes && !found; i++) {
	804	if (GUID_EQ(mech->scheme, schemes + i * GUID_LENGTH))
	805	found = TRUE;
	806	}
	807
	808	if (!found)
	809	negoex_delete_auth_mech(ctx, mech);
	810	}
	811	}

+400

-318

src/lib/gssapi/spnego/spnego_mech.c less more

97	97	gss_const_key_value_set_t,
98	98	gss_cred_id_t , gss_OID_set ,
99	99	OM_uint32 *);
100		static OM_uint32 get_negotiable_mechs(OM_uint32 *, spnego_gss_cred_id_t,
101		gss_cred_usage_t, gss_OID_set *);
	100	static OM_uint32 get_negotiable_mechs(OM_uint32 *, spnego_gss_ctx_id_t,
	101	spnego_gss_cred_id_t, gss_cred_usage_t);
102	102	static void release_spnego_ctx(spnego_gss_ctx_id_t *);
103	103	static spnego_gss_ctx_id_t create_spnego_ctx(int);
104	104	static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf);

118	118	spnego_gss_ctx_id_t *);
119	119	static OM_uint32
120	120	init_ctx_nego(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32, gss_OID,
121		gss_buffer_t , gss_buffer_t ,
122		OM_uint32 , send_token_flag );
	121	gss_buffer_t , gss_buffer_t , send_token_flag *);
123	122	static OM_uint32
124	123	init_ctx_cont(OM_uint32 *, spnego_gss_ctx_id_t, gss_buffer_t,
125	124	gss_buffer_t , gss_buffer_t ,
126	125	OM_uint32 , send_token_flag );
127	126	static OM_uint32
128	127	init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32,
129		gss_OID, gss_buffer_t , gss_buffer_t ,
130		OM_uint32 , send_token_flag );
	128	gss_OID, gss_buffer_t , gss_buffer_t , send_token_flag *);
131	129	static OM_uint32
132	130	init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
133		gss_name_t, OM_uint32, OM_uint32, gss_buffer_t,
134		gss_OID , gss_buffer_t, OM_uint32 , OM_uint32 *,
135		OM_uint32 , send_token_flag );
	131	OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t,
	132	gss_buffer_t, OM_uint32 , send_token_flag );
136	133
137	134	static OM_uint32
138	135	acc_ctx_new(OM_uint32 , gss_buffer_t, spnego_gss_cred_id_t, gss_buffer_t ,

146	143	OM_uint32 , send_token_flag );
147	144	static OM_uint32
148	145	acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
149		gss_buffer_t, gss_OID *, gss_buffer_t,
150		OM_uint32 , OM_uint32 , gss_cred_id_t *,
151		OM_uint32 , send_token_flag );
	146	gss_buffer_t, gss_buffer_t, OM_uint32 , OM_uint32 ,
	147	send_token_flag *);
152	148
153	149	static gss_OID
154		negotiate_mech(gss_OID_set, gss_OID_set, OM_uint32 *);
	150	negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *);
155	151	static int
156	152	g_get_tag_and_length(unsigned char *, int, unsigned int, unsigned int );
157	153

187	183	{1, (gss_OID) spnego_oids+0},
188	184	};
189	185	const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
	186
	187	static gss_OID_desc negoex_mech = { NEGOEX_OID_LENGTH, NEGOEX_OID };
190	188
191	189	static int make_NegHints(OM_uint32 , gss_buffer_t );
192	190	static int put_neg_hints(unsigned char **, gss_buffer_t, unsigned int);

334	332	spnego_gss_cred_id_t spcred;
335	333
336	334	*cred_out = NULL;
337		spcred = calloc(1, sizeof(spnego_gss_cred_id_rec));
	335	spcred = calloc(1, sizeof(*spcred));
338	336	if (spcred == NULL) {
339	337	*minor_status = ENOMEM;
340	338	return GSS_S_FAILURE;

447	445	create_spnego_ctx(int initiate)
448	446	{
449	447	spnego_gss_ctx_id_t spnego_ctx = NULL;
450		spnego_ctx = (spnego_gss_ctx_id_t)
451		malloc(sizeof (spnego_gss_ctx_id_rec));
452
	448
	449	spnego_ctx = malloc(sizeof(*spnego_ctx));
453	450	if (spnego_ctx == NULL) {
454	451	return (NULL);
455	452	}

469	466	spnego_ctx->initiate = initiate;
470	467	spnego_ctx->internal_name = GSS_C_NO_NAME;
471	468	spnego_ctx->actual_mech = GSS_C_NO_OID;
	469	spnego_ctx->deleg_cred = GSS_C_NO_CREDENTIAL;
	470	spnego_ctx->negoex_step = 0;
	471	memset(&spnego_ctx->negoex_transcript, 0, sizeof(struct k5buf));
	472	spnego_ctx->negoex_seqnum = 0;
	473	K5_TAILQ_INIT(&spnego_ctx->negoex_mechs);
	474	spnego_ctx->kctx = NULL;
	475	memset(spnego_ctx->negoex_conv_id, 0, GUID_LENGTH);
472	476
473	477	return (spnego_ctx);
474	478	}

679	683	return GSS_S_FAILURE;
680	684
681	685	/* determine negotiation mech set */
682		ret = get_negotiable_mechs(minor_status, spcred, GSS_C_INITIATE,
683		&sc->mech_set);
	686	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
684	687	if (ret != GSS_S_COMPLETE)
685	688	goto cleanup;
686	689

696	699	*sc_out = sc;
697	700	sc = NULL;
698	701	*tokflag = INIT_TOKEN_SEND;
699		ret = GSS_S_CONTINUE_NEEDED;
	702	ret = GSS_S_COMPLETE;
700	703
701	704	cleanup:
702	705	release_spnego_ctx(&sc);

710	713	static OM_uint32
711	714	init_ctx_cont(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
712	715	gss_buffer_t buf, gss_buffer_t *responseToken,
713		gss_buffer_t mechListMIC, OM_uint32 negState,
	716	gss_buffer_t mechListMIC, OM_uint32 acc_negState,
714	717	send_token_flag *tokflag)
715	718	{
716		OM_uint32 ret, tmpmin, acc_negState;
	719	OM_uint32 ret, tmpmin;
717	720	unsigned char *ptr;
718	721	gss_OID supportedMech = GSS_C_NO_OID;
719	722
720		*negState = REJECT;
	723	*acc_negState = UNSPECIFIED;
721	724	*tokflag = ERROR_TOKEN_SEND;
722	725
723	726	ptr = buf->value;
724		ret = get_negTokenResp(minor_status, ptr, buf->length,
725		&acc_negState, &supportedMech,
726		responseToken, mechListMIC);
	727	ret = get_negTokenResp(minor_status, ptr, buf->length, acc_negState,
	728	&supportedMech, responseToken, mechListMIC);
727	729	if (ret != GSS_S_COMPLETE)
728	730	goto cleanup;
729		if (acc_negState == REJECT) {
730		*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
731		map_errcode(minor_status);
	731
	732	/* Bail out now on a reject with no error token. If we have an error
	733	* token, keep going and get a better error status from the mech. */
	734	if (acc_negState == REJECT && responseToken == GSS_C_NO_BUFFER) {
	735	if (!sc->nego_done) {
	736	/* RFC 4178 says to return GSS_S_BAD_MECH on a
	737	* mechanism negotiation failure. */
	738	*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
	739	map_errcode(minor_status);
	740	ret = GSS_S_BAD_MECH;
	741	} else {
	742	ret = GSS_S_FAILURE;
	743	}
732	744	*tokflag = NO_TOKEN_SEND;
733		ret = GSS_S_FAILURE;
734	745	goto cleanup;
735	746	}
736	747	/*
737	748	* nego_done is false for the first call to init_ctx_cont()
738	749	*/
739	750	if (!sc->nego_done) {
740		ret = init_ctx_nego(minor_status, sc,
741		acc_negState,
742		supportedMech, responseToken,
743		mechListMIC,
744		negState, tokflag);
	751	ret = init_ctx_nego(minor_status, sc, *acc_negState,
	752	supportedMech, responseToken, mechListMIC,
	753	tokflag);
745	754	} else if ((!sc->mech_complete && *responseToken == GSS_C_NO_BUFFER) \|\|
746	755	(sc->mech_complete && *responseToken != GSS_C_NO_BUFFER)) {
747	756	/* Missing or spurious token from acceptor. */

751	760	(sc->ctx_flags & GSS_C_INTEG_FLAG))) {
752	761	/* Not obviously done; we may decide we're done later in
753	762	* init_ctx_call_init or handle_mic. */
754		*negState = ACCEPT_INCOMPLETE;
755	763	*tokflag = CONT_TOKEN_SEND;
756		ret = GSS_S_CONTINUE_NEEDED;
	764	ret = GSS_S_COMPLETE;
757	765	} else {
758	766	/* mech finished on last pass and no MIC required, so done. */
759		*negState = ACCEPT_COMPLETE;
760	767	*tokflag = NO_TOKEN_SEND;
761	768	ret = GSS_S_COMPLETE;
762	769	}

775	782	init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
776	783	OM_uint32 acc_negState, gss_OID supportedMech,
777	784	gss_buffer_t responseToken, gss_buffer_t mechListMIC,
778		OM_uint32 negState, send_token_flag tokflag)
	785	send_token_flag *tokflag)
779	786	{
780	787	OM_uint32 ret;
781	788
782		*negState = REJECT;
783	789	*tokflag = ERROR_TOKEN_SEND;
784	790	ret = GSS_S_DEFECTIVE_TOKEN;
785	791

806	812	!g_OID_equal(supportedMech, sc->internal_mech)) {
807	813	ret = init_ctx_reselect(minor_status, sc,
808	814	acc_negState, supportedMech,
809		responseToken, mechListMIC,
810		negState, tokflag);
	815	responseToken, mechListMIC, tokflag);
811	816
812	817	} else if (*responseToken == GSS_C_NO_BUFFER) {
813	818	if (sc->mech_complete) {

816	821	* init_sec_context(). Acceptor sends no mech
817	822	* token.
818	823	*/
819		*negState = ACCEPT_COMPLETE;
820	824	*tokflag = NO_TOKEN_SEND;
821	825	ret = GSS_S_COMPLETE;
822	826	} else {

831	835	} else if ((*responseToken)->length == 0 && sc->mech_complete) {
832	836	/* Handle old IIS servers returning empty token instead of
833	837	* null tokens in the non-mutual auth case. */
834		*negState = ACCEPT_COMPLETE;
835	838	*tokflag = NO_TOKEN_SEND;
836	839	ret = GSS_S_COMPLETE;
837	840	} else if (sc->mech_complete) {
838	841	/* Reject spurious mech token. */
839	842	ret = GSS_S_DEFECTIVE_TOKEN;
840	843	} else {
841		*negState = ACCEPT_INCOMPLETE;
842	844	*tokflag = CONT_TOKEN_SEND;
843		ret = GSS_S_CONTINUE_NEEDED;
	845	ret = GSS_S_COMPLETE;
844	846	}
845	847	sc->nego_done = 1;
846	848	return ret;

853	855	init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
854	856	OM_uint32 acc_negState, gss_OID supportedMech,
855	857	gss_buffer_t responseToken, gss_buffer_t mechListMIC,
856		OM_uint32 negState, send_token_flag tokflag)
	858	send_token_flag *tokflag)
857	859	{
858	860	OM_uint32 tmpmin;
859	861	size_t i;

885	887
886	888	sc->mech_complete = 0;
887	889	sc->mic_reqd = (acc_negState == REQUEST_MIC);
888		*negState = acc_negState;
889	890	*tokflag = CONT_TOKEN_SEND;
890		return GSS_S_CONTINUE_NEEDED;
	891	return GSS_S_COMPLETE;
891	892	}
892	893
893	894	/*

898	899	init_ctx_call_init(OM_uint32 *minor_status,
899	900	spnego_gss_ctx_id_t sc,
900	901	spnego_gss_cred_id_t spcred,
	902	OM_uint32 acc_negState,
901	903	gss_name_t target_name,
902	904	OM_uint32 req_flags,
903	905	OM_uint32 time_req,
904	906	gss_buffer_t mechtok_in,
905		gss_OID *actual_mech,
906	907	gss_buffer_t mechtok_out,
907		OM_uint32 *ret_flags,
908	908	OM_uint32 *time_rec,
909		OM_uint32 *negState,
910	909	send_token_flag *send_token)
911	910	{
912	911	OM_uint32 ret, tmpret, tmpmin, mech_req_flags;

918	917	if (spcred == NULL \|\| !spcred->no_ask_integ)
919	918	mech_req_flags \|= GSS_C_INTEG_FLAG;
920	919
921		ret = gss_init_sec_context(minor_status,
922		mcred,
923		&sc->ctx_handle,
924		target_name,
925		sc->internal_mech,
926		mech_req_flags,
927		time_req,
928		GSS_C_NO_CHANNEL_BINDINGS,
929		mechtok_in,
930		&sc->actual_mech,
931		mechtok_out,
932		&sc->ctx_flags,
933		time_rec);
	920	if (gss_oid_equal(sc->internal_mech, &negoex_mech)) {
	921	ret = negoex_init(minor_status, sc, mcred, target_name,
	922	mech_req_flags, time_req, mechtok_in,
	923	mechtok_out, time_rec);
	924	} else {
	925	ret = gss_init_sec_context(minor_status, mcred,
	926	&sc->ctx_handle, target_name,
	927	sc->internal_mech, mech_req_flags,
	928	time_req, GSS_C_NO_CHANNEL_BINDINGS,
	929	mechtok_in, &sc->actual_mech,
	930	mechtok_out, &sc->ctx_flags,
	931	time_rec);
	932	}
	933
	934	/* Bail out if the acceptor gave us an error token but the mech didn't
	935	* see it as an error. */
	936	if (acc_negState == REJECT && !GSS_ERROR(ret)) {
	937	ret = GSS_S_DEFECTIVE_TOKEN;
	938	goto fail;
	939	}
	940
934	941	if (ret == GSS_S_COMPLETE) {
935	942	sc->mech_complete = 1;
936		if (ret_flags != NULL)
937		*ret_flags = sc->ctx_flags;
938	943	/*
939	944	* Microsoft SPNEGO implementations expect an even number of
940	945	* token exchanges. So if we're sending a final token, ask for

944	949	*/
945	950	if (*send_token == CONT_TOKEN_SEND &&
946	951	mechtok_out->length == 0 &&
947		(!sc->mic_reqd \|\|
948		!(sc->ctx_flags & GSS_C_INTEG_FLAG))) {
949		/* The exchange is complete. */
950		*negState = ACCEPT_COMPLETE;
951		ret = GSS_S_COMPLETE;
	952	(!sc->mic_reqd \|\| !(sc->ctx_flags & GSS_C_INTEG_FLAG)))
952	953	*send_token = NO_TOKEN_SEND;
953		} else {
954		/* Ask for one more hop. */
955		*negState = ACCEPT_INCOMPLETE;
956		ret = GSS_S_CONTINUE_NEEDED;
957		}
958		return ret;
	954
	955	return GSS_S_COMPLETE;
959	956	}
960	957
961	958	if (ret == GSS_S_CONTINUE_NEEDED)
962		return ret;
	959	return GSS_S_COMPLETE;
963	960
964	961	if (*send_token != INIT_TOKEN_SEND) {
965	962	*send_token = ERROR_TOKEN_SEND;
966		*negState = REJECT;
967	963	return ret;
968	964	}
969	965

981	977	gss_release_buffer(&tmpmin, &sc->DER_mechTypes);
982	978	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0)
983	979	goto fail;
984		tmpret = init_ctx_call_init(&tmpmin, sc, spcred, target_name,
985		req_flags, time_req, mechtok_in,
986		actual_mech, mechtok_out, ret_flags,
987		time_rec, negState, send_token);
	980	gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER);
	981	tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState,
	982	target_name, req_flags, time_req,
	983	mechtok_in, mechtok_out, time_rec,
	984	send_token);
988	985	if (HARD_ERROR(tmpret))
989	986	goto fail;
990	987	*minor_status = tmpmin;

993	990	fail:
994	991	/* Don't output token on error from first call. */
995	992	*send_token = NO_TOKEN_SEND;
996		*negState = REJECT;
997	993	return ret;
998	994	}
999	995

1015	1011	OM_uint32 *time_rec)
1016	1012	{
1017	1013	send_token_flag send_token = NO_TOKEN_SEND;
1018		OM_uint32 tmpmin, ret, negState;
	1014	OM_uint32 tmpmin, ret, negState = UNSPECIFIED, acc_negState;
1019	1015	gss_buffer_t mechtok_in, mechListMIC_in, mechListMIC_out;
1020	1016	gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
1021	1017	spnego_gss_cred_id_t spcred = NULL;

1024	1020	dsyslog("Entering init_sec_context\n");
1025	1021
1026	1022	mechtok_in = mechListMIC_out = mechListMIC_in = GSS_C_NO_BUFFER;
1027		negState = REJECT;
1028	1023
1029	1024	/*
1030	1025	* This function works in three steps:

1062	1057
1063	1058	if (actual_mech != NULL)
1064	1059	*actual_mech = GSS_C_NO_OID;
	1060	if (time_rec != NULL)
	1061	*time_rec = 0;
1065	1062
1066	1063	/* Step 1: perform mechanism negotiation. */
1067	1064	spcred = (spnego_gss_cred_id_t)claimant_cred_handle;

1069	1066	if (spnego_ctx == NULL) {
1070	1067	ret = init_ctx_new(minor_status, spcred, &send_token,
1071	1068	&spnego_ctx);
1072		if (ret != GSS_S_CONTINUE_NEEDED) {
	1069	if (ret != GSS_S_COMPLETE)
1073	1070	goto cleanup;
1074		}
1075	1071	*context_handle = (gss_ctx_id_t)spnego_ctx;
	1072	acc_negState = UNSPECIFIED;
1076	1073	} else {
1077		ret = init_ctx_cont(minor_status, spnego_ctx,
1078		input_token, &mechtok_in,
1079		&mechListMIC_in, &negState, &send_token);
1080		if (HARD_ERROR(ret)) {
	1074	ret = init_ctx_cont(minor_status, spnego_ctx, input_token,
	1075	&mechtok_in, &mechListMIC_in,
	1076	&acc_negState, &send_token);
	1077	if (ret != GSS_S_COMPLETE)
1081	1078	goto cleanup;
1082		}
1083	1079	}
1084	1080
1085	1081	/* Step 2: invoke the selected or optimistic mechanism's
1086	1082	* gss_init_sec_context function, if it didn't complete previously. */
1087	1083	if (!spnego_ctx->mech_complete) {
1088		ret = init_ctx_call_init(
1089		minor_status, spnego_ctx, spcred,
1090		target_name, req_flags,
1091		time_req, mechtok_in,
1092		actual_mech, &mechtok_out,
1093		ret_flags, time_rec,
1094		&negState, &send_token);
	1084	ret = init_ctx_call_init(minor_status, spnego_ctx, spcred,
	1085	acc_negState, target_name, req_flags,
	1086	time_req, mechtok_in, &mechtok_out,
	1087	time_rec, &send_token);
	1088	if (ret != GSS_S_COMPLETE)
	1089	goto cleanup;
1095	1090
1096	1091	/* Give the mechanism a chance to force a mechlistMIC. */
1097		if (!HARD_ERROR(ret) && mech_requires_mechlistMIC(spnego_ctx))
	1092	if (mech_requires_mechlistMIC(spnego_ctx))
1098	1093	spnego_ctx->mic_reqd = 1;
1099	1094	}
1100	1095
1101	1096	/* Step 3: process or generate the MIC, if the negotiated mech is
1102		* complete and supports MICs. */
1103		if (!HARD_ERROR(ret) && spnego_ctx->mech_complete &&
	1097	* complete and supports MICs. Also decide the outgoing negState. */
	1098	negState = ACCEPT_INCOMPLETE;
	1099	if (spnego_ctx->mech_complete &&
1104	1100	(spnego_ctx->ctx_flags & GSS_C_INTEG_FLAG)) {
1105	1101
1106	1102	ret = handle_mic(minor_status,

1108	1104	(mechtok_out.length != 0),
1109	1105	spnego_ctx, &mechListMIC_out,
1110	1106	&negState, &send_token);
1111		}
	1107	if (HARD_ERROR(ret))
	1108	goto cleanup;
	1109	}
	1110
	1111	if (ret_flags != NULL)
	1112	*ret_flags = spnego_ctx->ctx_flags & ~GSS_C_PROT_READY_FLAG;
	1113
	1114	ret = (send_token == NO_TOKEN_SEND \|\| negState == ACCEPT_COMPLETE) ?
	1115	GSS_S_COMPLETE : GSS_S_CONTINUE_NEEDED;
	1116
1112	1117	cleanup:
1113	1118	if (send_token == INIT_TOKEN_SEND) {
1114	1119	if (make_spnego_tokenInit_msg(spnego_ctx,

1120	1125	ret = GSS_S_FAILURE;
1121	1126	}
1122	1127	} else if (send_token != NO_TOKEN_SEND) {
	1128	if (send_token == ERROR_TOKEN_SEND)
	1129	negState = REJECT;
1123	1130	if (make_spnego_tokenTarg_msg(negState, GSS_C_NO_OID,
1124	1131	&mechtok_out, mechListMIC_out,
1125	1132	send_token,

1132	1139	spnego_ctx->opened = 1;
1133	1140	if (actual_mech != NULL)
1134	1141	*actual_mech = spnego_ctx->actual_mech;
1135		if (ret_flags != NULL)
1136		*ret_flags = spnego_ctx->ctx_flags;
	1142	/* Get an updated lifetime if we didn't call into the mech. */
	1143	if (time_rec != NULL && *time_rec == 0) {
	1144	(void) gss_context_time(&tmpmin,
	1145	spnego_ctx->ctx_handle,
	1146	time_rec);
	1147	}
1137	1148	} else if (ret != GSS_S_CONTINUE_NEEDED) {
1138	1149	if (spnego_ctx != NULL) {
1139	1150	gss_delete_sec_context(&tmpmin,

1270	1281	* spnego_gss_accept_sec_context() when the request is empty. For empty
1271	1282	* requests, we implement the Microsoft NegHints extension to SPNEGO for
1272	1283	* compatibility with some versions of Samba. See:
1273		* http://msdn.microsoft.com/en-us/library/cc247039(PROT.10).aspx
	1284	* https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/8e71cf53-e867-4b79-b5b5-38c92be3d472
1274	1285	*/
1275	1286	static OM_uint32
1276	1287	acc_ctx_hints(OM_uint32 *minor_status,

1280	1291	send_token_flag *return_token,
1281	1292	spnego_gss_ctx_id_t *sc_out)
1282	1293	{
1283		OM_uint32 tmpmin, ret;
1284		gss_OID_set supported_mechSet;
	1294	OM_uint32 ret;
1285	1295	spnego_gss_ctx_id_t sc = NULL;
1286	1296
1287	1297	*mechListMIC = GSS_C_NO_BUFFER;
1288		supported_mechSet = GSS_C_NO_OID_SET;
1289	1298	*return_token = NO_TOKEN_SEND;
1290	1299	*negState = REJECT;
1291	1300	*minor_status = 0;
1292	1301	*sc_out = NULL;
1293	1302
1294		ret = get_negotiable_mechs(minor_status, spcred, GSS_C_ACCEPT,
1295		&supported_mechSet);
1296		if (ret != GSS_S_COMPLETE)
1297		goto cleanup;
1298
1299	1303	ret = make_NegHints(minor_status, mechListMIC);
1300	1304	if (ret != GSS_S_COMPLETE)
1301	1305	goto cleanup;

1305	1309	ret = GSS_S_FAILURE;
1306	1310	goto cleanup;
1307	1311	}
1308		if (put_mech_set(supported_mechSet, &sc->DER_mechTypes) < 0) {
	1312
	1313	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
	1314	if (ret != GSS_S_COMPLETE)
	1315	goto cleanup;
	1316
	1317	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0) {
1309	1318	ret = GSS_S_FAILURE;
1310	1319	goto cleanup;
1311	1320	}

1320	1329
1321	1330	cleanup:
1322	1331	release_spnego_ctx(&sc);
1323		gss_release_oid_set(&tmpmin, &supported_mechSet);
1324	1332
1325	1333	return ret;
1326	1334	}

1342	1350	spnego_gss_ctx_id_t *sc_out)
1343	1351	{
1344	1352	OM_uint32 tmpmin, ret, req_flags;
1345		gss_OID_set supported_mechSet, mechTypes;
	1353	gss_OID_set mechTypes;
1346	1354	gss_buffer_desc der_mechTypes;
1347	1355	gss_OID mech_wanted;
1348	1356	spnego_gss_ctx_id_t sc = NULL;

1351	1359	der_mechTypes.length = 0;
1352	1360	der_mechTypes.value = NULL;
1353	1361	mechToken = mechListMIC = GSS_C_NO_BUFFER;
1354		supported_mechSet = mechTypes = GSS_C_NO_OID_SET;
	1362	mechTypes = GSS_C_NO_OID_SET;
1355	1363	*return_token = ERROR_TOKEN_SEND;
1356	1364	*negState = REJECT;
1357	1365	*minor_status = 0;

1362	1370	if (ret != GSS_S_COMPLETE) {
1363	1371	goto cleanup;
1364	1372	}
1365		ret = get_negotiable_mechs(minor_status, spcred, GSS_C_ACCEPT,
1366		&supported_mechSet);
	1373
	1374	sc = create_spnego_ctx(0);
	1375	if (sc == NULL) {
	1376	ret = GSS_S_FAILURE;
	1377	*return_token = NO_TOKEN_SEND;
	1378	goto cleanup;
	1379	}
	1380
	1381	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
1367	1382	if (ret != GSS_S_COMPLETE) {
1368	1383	*return_token = NO_TOKEN_SEND;
1369	1384	goto cleanup;

1373	1388	* that the initiator requested and the list that
1374	1389	* the acceptor will support.
1375	1390	*/
1376		mech_wanted = negotiate_mech(supported_mechSet, mechTypes, negState);
	1391	mech_wanted = negotiate_mech(sc, mechTypes, negState);
1377	1392	if (*negState == REJECT) {
1378	1393	ret = GSS_S_BAD_MECH;
1379	1394	goto cleanup;
1380	1395	}
1381		sc = create_spnego_ctx(0);
1382		if (sc == NULL) {
1383		ret = GSS_S_FAILURE;
1384		*return_token = NO_TOKEN_SEND;
1385		goto cleanup;
1386		}
1387		sc->mech_set = mechTypes;
1388		mechTypes = GSS_C_NO_OID_SET;
	1396
1389	1397	sc->internal_mech = mech_wanted;
1390	1398	sc->DER_mechTypes = der_mechTypes;
1391	1399	der_mechTypes.length = 0;

1397	1405	*return_token = INIT_TOKEN_SEND;
1398	1406	sc->firstpass = 1;
1399	1407	*sc_out = sc;
	1408	sc = NULL;
1400	1409	ret = GSS_S_COMPLETE;
	1410
1401	1411	cleanup:
	1412	release_spnego_ctx(&sc);
1402	1413	gss_release_oid_set(&tmpmin, &mechTypes);
1403		gss_release_oid_set(&tmpmin, &supported_mechSet);
1404	1414	if (der_mechTypes.length != 0)
1405	1415	gss_release_buffer(&tmpmin, &der_mechTypes);
1406	1416

1531	1541	static OM_uint32
1532	1542	acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
1533	1543	spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in,
1534		gss_OID *mech_type, gss_buffer_t mechtok_out,
1535		OM_uint32 ret_flags, OM_uint32 time_rec,
1536		gss_cred_id_t *delegated_cred_handle,
	1544	gss_buffer_t mechtok_out, OM_uint32 *time_rec,
1537	1545	OM_uint32 negState, send_token_flag tokflag)
1538	1546	{
1539		OM_uint32 ret;
	1547	OM_uint32 ret, tmpmin;
1540	1548	gss_OID_desc mechoid;
1541	1549	gss_cred_id_t mcred;
1542
1543		if (sc->ctx_handle == GSS_C_NO_CONTEXT) {
	1550	int negoex = gss_oid_equal(sc->internal_mech, &negoex_mech);
	1551
	1552	if (sc->ctx_handle == GSS_C_NO_CONTEXT && !negoex) {
1544	1553	/*
1545	1554	* mechoid is an alias; don't free it.
1546	1555	*/

1556	1565	}
1557	1566
1558	1567	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
1559		ret = gss_accept_sec_context(minor_status,
1560		&sc->ctx_handle,
1561		mcred,
1562		mechtok_in,
1563		GSS_C_NO_CHANNEL_BINDINGS,
1564		&sc->internal_name,
1565		mech_type,
1566		mechtok_out,
1567		&sc->ctx_flags,
1568		time_rec,
1569		delegated_cred_handle);
	1568	if (negoex) {
	1569	ret = negoex_accept(minor_status, sc, mcred, mechtok_in,
	1570	mechtok_out, time_rec);
	1571	} else {
	1572	(void) gss_release_name(&tmpmin, &sc->internal_name);
	1573	(void) gss_release_cred(&tmpmin, &sc->deleg_cred);
	1574	ret = gss_accept_sec_context(minor_status, &sc->ctx_handle,
	1575	mcred, mechtok_in,
	1576	GSS_C_NO_CHANNEL_BINDINGS,
	1577	&sc->internal_name,
	1578	&sc->actual_mech, mechtok_out,
	1579	&sc->ctx_flags, time_rec,
	1580	&sc->deleg_cred);
	1581	}
1570	1582	if (ret == GSS_S_COMPLETE) {
1571	1583	#ifdef MS_BUG_TEST
1572	1584	/*

1583	1595	}
1584	1596	#endif
1585	1597	sc->mech_complete = 1;
1586		if (ret_flags != NULL)
1587		*ret_flags = sc->ctx_flags;
1588	1598
1589	1599	if (!sc->mic_reqd \|\|
1590	1600	!(sc->ctx_flags & GSS_C_INTEG_FLAG)) {

1722	1732	* whether it is the first round-trip.
1723	1733	*/
1724	1734	if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) {
1725		ret = acc_ctx_call_acc(minor_status, sc, spcred,
1726		mechtok_in, mech_type, &mechtok_out,
1727		ret_flags, time_rec,
1728		delegated_cred_handle,
1729		&negState, &return_token);
	1735	ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in,
	1736	&mechtok_out, time_rec, &negState,
	1737	&return_token);
1730	1738	}
1731	1739
1732	1740	/* Step 3: process or generate the MIC, if the negotiated mech is

1739	1747	sc, &mic_out,
1740	1748	&negState, &return_token);
1741	1749	}
	1750
	1751	if (!HARD_ERROR(ret) && ret_flags != NULL)
	1752	*ret_flags = sc->ctx_flags & ~GSS_C_PROT_READY_FLAG;
	1753
1742	1754	cleanup:
1743	1755	if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
1744	1756	assert(sc != NULL);

1765	1777	*src_name = sc->internal_name;
1766	1778	sc->internal_name = GSS_C_NO_NAME;
1767	1779	}
	1780	if (mech_type != NULL)
	1781	*mech_type = sc->actual_mech;
	1782	/* Get an updated lifetime if we didn't call into the mech. */
	1783	if (time_rec != NULL && *time_rec == 0) {
	1784	(void) gss_context_time(&tmpmin, sc->ctx_handle,
	1785	time_rec);
	1786	}
	1787	if (delegated_cred_handle != NULL) {
	1788	*delegated_cred_handle = sc->deleg_cred;
	1789	sc->deleg_cred = GSS_C_NO_CREDENTIAL;
	1790	}
1768	1791	} else if (ret != GSS_S_CONTINUE_NEEDED) {
1769	1792	if (sc != NULL) {
1770	1793	gss_delete_sec_context(&tmpmin, &sc->ctx_handle,

1790	1813	}
1791	1814	#endif /* LEAN_CLIENT */
1792	1815
	1816	static struct {
	1817	OM_uint32 status;
	1818	const char *msg;
	1819	} msg_table[] = {
	1820	{ ERR_SPNEGO_NO_MECHS_AVAILABLE,
	1821	N_("SPNEGO cannot find mechanisms to negotiate") },
	1822	{ ERR_SPNEGO_NO_CREDS_ACQUIRED,
	1823	N_("SPNEGO failed to acquire creds") },
	1824	{ ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR,
	1825	N_("SPNEGO acceptor did not select a mechanism") },
	1826	{ ERR_SPNEGO_NEGOTIATION_FAILED,
	1827	N_("SPNEGO failed to negotiate a mechanism") },
	1828	{ ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR,
	1829	N_("SPNEGO acceptor did not return a valid token") },
	1830	{ ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE,
	1831	N_("Invalid NegoEx signature") },
	1832	{ ERR_NEGOEX_INVALID_MESSAGE_TYPE,
	1833	N_("Invalid NegoEx message type") },
	1834	{ ERR_NEGOEX_INVALID_MESSAGE_SIZE,
	1835	N_("Invalid NegoEx message size") },
	1836	{ ERR_NEGOEX_INVALID_CONVERSATION_ID,
	1837	N_("Invalid NegoEx conversation ID") },
	1838	{ ERR_NEGOEX_AUTH_SCHEME_NOT_FOUND,
	1839	N_("NegoEx authentication scheme not found") },
	1840	{ ERR_NEGOEX_MISSING_NEGO_MESSAGE,
	1841	N_("Missing NegoEx negotiate message") },
	1842	{ ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE,
	1843	N_("Missing NegoEx authentication protocol request message") },
	1844	{ ERR_NEGOEX_NO_AVAILABLE_MECHS,
	1845	N_("No mutually supported NegoEx authentication schemes") },
	1846	{ ERR_NEGOEX_NO_VERIFY_KEY,
	1847	N_("No NegoEx verify key") },
	1848	{ ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME,
	1849	N_("Unknown NegoEx checksum scheme") },
	1850	{ ERR_NEGOEX_INVALID_CHECKSUM,
	1851	N_("Invalid NegoEx checksum") },
	1852	{ ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION,
	1853	N_("Unsupported critical NegoEx extension") },
	1854	{ ERR_NEGOEX_UNSUPPORTED_VERSION,
	1855	N_("Unsupported NegoEx version") },
	1856	{ ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE,
	1857	N_("NegoEx message out of sequence") },
	1858	};
	1859
1793	1860	/ARGSUSED/
1794	1861	OM_uint32 KRB5_CALLCONV
1795	1862	spnego_gss_display_status(

1801	1868	gss_buffer_t status_string)
1802	1869	{
1803	1870	OM_uint32 maj = GSS_S_COMPLETE;
	1871	const char *msg;
	1872	size_t i;
1804	1873	int ret;
1805	1874
1806		dsyslog("Entering display_status\n");
1807
1808	1875	*message_context = 0;
1809		switch (status_value) {
1810		case ERR_SPNEGO_NO_MECHS_AVAILABLE:
1811		/* CSTYLED */
1812		*status_string = make_err_msg(_("SPNEGO cannot find "
1813		"mechanisms to negotiate"));
1814		break;
1815		case ERR_SPNEGO_NO_CREDS_ACQUIRED:
1816		/* CSTYLED */
1817		*status_string = make_err_msg(_("SPNEGO failed to acquire "
1818		"creds"));
1819		break;
1820		case ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR:
1821		/* CSTYLED */
1822		*status_string = make_err_msg(_("SPNEGO acceptor did not "
1823		"select a mechanism"));
1824		break;
1825		case ERR_SPNEGO_NEGOTIATION_FAILED:
1826		/* CSTYLED */
1827		*status_string = make_err_msg(_("SPNEGO failed to negotiate a "
1828		"mechanism"));
1829		break;
1830		case ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR:
1831		/* CSTYLED */
1832		*status_string = make_err_msg(_("SPNEGO acceptor did not "
1833		"return a valid token"));
1834		break;
1835		default:
1836		/* Not one of our minor codes; might be from a mech. Call back
1837		* to gss_display_status, but first check for recursion. */
1838		if (k5_getspecific(K5_KEY_GSS_SPNEGO_STATUS) != NULL) {
1839		/* Perhaps we returned a com_err code like ENOMEM. */
1840		const char *err = error_message(status_value);
1841		*status_string = make_err_msg(err);
1842		break;
	1876	for (i = 0; i < sizeof(msg_table) / sizeof(*msg_table); i++) {
	1877	if (status_value == msg_table[i].status) {
	1878	msg = dgettext(KRB5_TEXTDOMAIN, msg_table[i].msg);
	1879	*status_string = make_err_msg(msg);
	1880	return GSS_S_COMPLETE;
1843	1881	}
1844		/* Set a non-null pointer value; doesn't matter which one. */
1845		ret = k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, &ret);
1846		if (ret != 0) {
1847		*minor_status = ret;
1848		maj = GSS_S_FAILURE;
1849		break;
1850		}
1851		maj = gss_display_status(minor_status, status_value,
1852		status_type, mech_type,
1853		message_context, status_string);
1854		/* This is unlikely to fail; not much we can do if it does. */
1855		(void)k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, NULL);
1856		break;
1857		}
1858
1859		dsyslog("Leaving display_status\n");
	1882	}
	1883
	1884	/* Not one of our minor codes; might be from a mech. Call back
	1885	* to gss_display_status, but first check for recursion. */
	1886	if (k5_getspecific(K5_KEY_GSS_SPNEGO_STATUS) != NULL) {
	1887	/* Perhaps we returned a com_err code like ENOMEM. */
	1888	const char *err = error_message(status_value);
	1889	*status_string = make_err_msg(err);
	1890	return GSS_S_COMPLETE;
	1891	}
	1892	/* Set a non-null pointer value; doesn't matter which one. */
	1893	ret = k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, &ret);
	1894	if (ret != 0) {
	1895	*minor_status = ret;
	1896	return GSS_S_FAILURE;
	1897	}
	1898
	1899	maj = gss_display_status(minor_status, status_value,
	1900	status_type, mech_type,
	1901	message_context, status_string);
	1902	/* This is unlikely to fail; not much we can do if it does. */
	1903	(void)k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, NULL);
	1904
1860	1905	return maj;
1861	1906	}
1862	1907

2888	2933	gss_release_oid_set(minor_status, &spcred->neg_mechs);
2889	2934	ret = generic_gss_copy_oid_set(minor_status, mech_list,
2890	2935	&spcred->neg_mechs);
	2936	if (ret == GSS_S_COMPLETE) {
	2937	(void) gss_set_neg_mechs(minor_status,
	2938	spcred->mcred,
	2939	spcred->neg_mechs);
	2940	}
	2941
2891	2942	return (ret);
2892	2943	}
2893	2944

3063	3114	(void) gss_release_oid_set(&minor_stat, &context->mech_set);
3064	3115
3065	3116	(void) gss_release_name(&minor_stat, &context->internal_name);
	3117	(void) gss_release_cred(&minor_stat, &context->deleg_cred);
	3118
	3119	negoex_release_context(context);
3066	3120
3067	3121	free(context);
3068	3122	*ctx = NULL;

3074	3128	* SPNEGO because it will also return the SPNEGO mech and we do not
3075	3129	* want to consider SPNEGO as an available security mech for
3076	3130	* negotiation. For this reason, get_available_mechs will return
3077		* all available, non-deprecated mechs except SPNEGO.
	3131	* all available, non-deprecated mechs except SPNEGO and NegoEx-
	3132	* only mechanisms.
	3133	*
	3134	* Note that gss_acquire_cred_from(GSS_C_NO_OID_SET) will filter
	3135	* out hidden (GSS_C_MA_NOT_INDICATED) mechanisms such as NegoEx, so
	3136	* calling gss_indicate_mechs_by_attrs() also works around that.
3078	3137	*
3079	3138	* If a ptr to a creds list is given, this function will attempt
3080	3139	* to acquire creds for the creds given and trim the list of

3087	3146	gss_const_key_value_set_t cred_store,
3088	3147	gss_cred_id_t creds, gss_OID_set rmechs, OM_uint32 *time_rec)
3089	3148	{
3090		unsigned int i;
3091		int found = 0;
3092	3149	OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
3093	3150	gss_OID_set mechs, goodmechs;
3094	3151	gss_OID_set_desc except_attrs;
3095		gss_OID_desc attr_oids[2];
	3152	gss_OID_desc attr_oids[3];
	3153
	3154	*rmechs = GSS_C_NO_OID_SET;
3096	3155
3097	3156	attr_oids[0] = *GSS_C_MA_DEPRECATED;
3098	3157	attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
3099		except_attrs.count = 2;
	3158	attr_oids[2] = GSS_C_MA_MECH_NEGO; / Exclude ourselves */
	3159	except_attrs.count = sizeof(attr_oids) / sizeof(attr_oids[0]);
3100	3160	except_attrs.elements = attr_oids;
3101	3161	major_status = gss_indicate_mechs_by_attrs(minor_status,
3102	3162	GSS_C_NO_OID_SET,
3103	3163	&except_attrs,
3104	3164	GSS_C_NO_OID_SET, &mechs);
3105	3165
3106		if (major_status != GSS_S_COMPLETE) {
3107		return (major_status);
3108		}
3109
3110		major_status = gss_create_empty_oid_set(minor_status, rmechs);
3111
3112		if (major_status != GSS_S_COMPLETE) {
3113		(void) gss_release_oid_set(minor_status, &mechs);
3114		return (major_status);
3115		}
3116
3117		for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
3118		if ((mechs->elements[i].length
3119		!= spnego_mechanism.mech_type.length) \|\|
3120		memcmp(mechs->elements[i].elements,
3121		spnego_mechanism.mech_type.elements,
3122		spnego_mechanism.mech_type.length)) {
3123
3124		major_status = gss_add_oid_set_member(minor_status,
3125		&mechs->elements[i],
3126		rmechs);
3127		if (major_status == GSS_S_COMPLETE)
3128		found++;
3129		}
3130		}
3131
3132	3166	/*
3133	3167	* If the caller wanted a list of creds returned,
3134	3168	* trim the list of mechanisms down to only those
3135	3169	* for which the creds are valid.
3136	3170	*/
3137		if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) {
	3171	if (mechs->count > 0 && major_status == GSS_S_COMPLETE &&
	3172	creds != NULL) {
3138	3173	major_status = gss_acquire_cred_from(minor_status, name,
3139	3174	GSS_C_INDEFINITE,
3140		*rmechs, usage,
	3175	mechs, usage,
3141	3176	cred_store, creds,
3142	3177	&goodmechs, time_rec);
3143	3178

3145	3180	* Drop the old list in favor of the new
3146	3181	* "trimmed" list.
3147	3182	*/
3148		(void) gss_release_oid_set(&tmpmin, rmechs);
3149	3183	if (major_status == GSS_S_COMPLETE) {
3150		(void) gssint_copy_oid_set(&tmpmin,
3151		goodmechs, rmechs);
3152		(void) gss_release_oid_set(&tmpmin, &goodmechs);
	3184	(void) gss_release_oid_set(&tmpmin, &mechs);
	3185	mechs = goodmechs;
3153	3186	}
3154	3187	}
3155	3188
3156		(void) gss_release_oid_set(&tmpmin, &mechs);
3157		if (found == 0 \|\| major_status != GSS_S_COMPLETE) {
	3189	if (mechs->count > 0 && major_status == GSS_S_COMPLETE) {
	3190	*rmechs = mechs;
	3191	} else {
	3192	(void) gss_release_oid_set(&tmpmin, &mechs);
3158	3193	*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
3159	3194	map_errcode(minor_status);
3160	3195	if (major_status == GSS_S_COMPLETE)

3164	3199	return (major_status);
3165	3200	}
3166	3201
	3202	/* Return true if mech asserts the GSS_C_MA_NEGOEX_AND_SPNEGO attribute. */
	3203	static int
	3204	negoex_and_spnego(gss_OID mech)
	3205	{
	3206	OM_uint32 ret, minor;
	3207	gss_OID_set attrs;
	3208	int present;
	3209
	3210	ret = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
	3211	if (ret != GSS_S_COMPLETE \|\| attrs == GSS_C_NO_OID_SET)
	3212	return 0;
	3213
	3214	(void) generic_gss_test_oid_set_member(&minor,
	3215	GSS_C_MA_NEGOEX_AND_SPNEGO,
	3216	attrs, &present);
	3217	(void) gss_release_oid_set(&minor, &attrs);
	3218	return present;
	3219	}
	3220
3167	3221	/*
3168		* Return a list of mechanisms we are willing to negotiate for a credential,
3169		* taking into account the mech set provided with gss_set_neg_mechs if it
3170		* exists.
	3222	* Fill sc->mech_set with the SPNEGO-negotiable mechanism OIDs, and
	3223	* sc->negoex_mechs with an entry for each NegoEx-negotiable mechanism. Take
	3224	* into account the mech set provided with gss_set_neg_mechs() if it exists.
3171	3225	*/
3172	3226	static OM_uint32
3173		get_negotiable_mechs(OM_uint32 *minor_status, spnego_gss_cred_id_t spcred,
3174		gss_cred_usage_t usage, gss_OID_set *rmechs)
	3227	get_negotiable_mechs(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
	3228	spnego_gss_cred_id_t spcred, gss_cred_usage_t usage)
3175	3229	{
3176	3230	OM_uint32 ret, tmpmin;
3177		gss_cred_id_t creds = GSS_C_NO_CREDENTIAL, *credptr;
3178		gss_OID_set cred_mechs = GSS_C_NULL_OID_SET;
3179		gss_OID_set intersect_mechs = GSS_C_NULL_OID_SET;
	3231	gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
	3232	gss_OID_set cred_mechs = GSS_C_NULL_OID_SET, mechs;
3180	3233	unsigned int i;
3181		int present;
3182
3183		if (spcred == NULL) {
3184		/*
3185		* The default credentials were supplied. Return a list of all
3186		* available mechs except SPNEGO. When initiating, trim this
3187		* list to mechs we can acquire credentials for.
3188		*/
3189		credptr = (usage == GSS_C_INITIATE) ? &creds : NULL;
	3234	int present, added_negoex = 0;
	3235	auth_scheme scheme;
	3236
	3237	if (spcred != NULL) {
	3238	/* Get the list of mechs in the mechglue cred. */
	3239	ret = gss_inquire_cred(minor_status, spcred->mcred, NULL,
	3240	NULL, NULL, &cred_mechs);
	3241	if (ret != GSS_S_COMPLETE)
	3242	return (ret);
	3243	} else {
	3244	/* Start with the list of available mechs. */
3190	3245	ret = get_available_mechs(minor_status, GSS_C_NO_NAME, usage,
3191		GSS_C_NO_CRED_STORE, credptr,
3192		rmechs, NULL);
	3246	GSS_C_NO_CRED_STORE, &creds,
	3247	&cred_mechs, NULL);
	3248	if (ret != GSS_S_COMPLETE)
	3249	return (ret);
3193	3250	gss_release_cred(&tmpmin, &creds);
3194		return (ret);
3195		}
3196
3197		/* Get the list of mechs in the mechglue cred. */
3198		ret = gss_inquire_cred(minor_status, spcred->mcred, NULL, NULL, NULL,
3199		&cred_mechs);
	3251	}
	3252
	3253	/* If gss_set_neg_mechs() was called, use that to determine the
	3254	* iteration order. Otherwise iterate over the credential mechs. */
	3255	mechs = (spcred != NULL && spcred->neg_mechs != GSS_C_NULL_OID_SET) ?
	3256	spcred->neg_mechs : cred_mechs;
	3257
	3258	ret = gss_create_empty_oid_set(minor_status, &sc->mech_set);
3200	3259	if (ret != GSS_S_COMPLETE)
3201		return (ret);
3202
3203		if (spcred->neg_mechs == GSS_C_NULL_OID_SET) {
3204		/* gss_set_neg_mechs was never called; return cred_mechs. */
3205		*rmechs = cred_mechs;
3206		*minor_status = 0;
3207		return (GSS_S_COMPLETE);
3208		}
3209
3210		/* Compute the intersection of cred_mechs and spcred->neg_mechs,
3211		* preserving the order in spcred->neg_mechs. */
3212		ret = gss_create_empty_oid_set(minor_status, &intersect_mechs);
3213		if (ret != GSS_S_COMPLETE) {
3214		gss_release_oid_set(&tmpmin, &cred_mechs);
3215		return (ret);
3216		}
3217
3218		for (i = 0; i < spcred->neg_mechs->count; i++) {
3219		gss_test_oid_set_member(&tmpmin,
3220		&spcred->neg_mechs->elements[i],
3221		cred_mechs, &present);
3222		if (!present)
3223		continue;
3224		ret = gss_add_oid_set_member(minor_status,
3225		&spcred->neg_mechs->elements[i],
3226		&intersect_mechs);
	3260	goto cleanup;
	3261
	3262	for (i = 0; i < mechs->count; i++) {
	3263	if (mechs != cred_mechs) {
	3264	/* Intersect neg_mechs with cred_mechs. */
	3265	gss_test_oid_set_member(&tmpmin, &mechs->elements[i],
	3266	cred_mechs, &present);
	3267	if (!present)
	3268	continue;
	3269	}
	3270
	3271	/* Query the auth scheme to see if this is a NegoEx mech. */
	3272	ret = gssspi_query_mechanism_info(&tmpmin, &mechs->elements[i],
	3273	scheme);
	3274	if (ret == GSS_S_COMPLETE) {
	3275	/* Add an entry for this mech to the NegoEx list. */
	3276	ret = negoex_add_auth_mech(minor_status, sc,
	3277	&mechs->elements[i],
	3278	scheme);
	3279	if (ret != GSS_S_COMPLETE)
	3280	goto cleanup;
	3281
	3282	/* Add the NegoEx OID to the SPNEGO list at the
	3283	* position of the first NegoEx mechanism. */
	3284	if (!added_negoex) {
	3285	ret = gss_add_oid_set_member(minor_status,
	3286	&negoex_mech,
	3287	&sc->mech_set);
	3288	if (ret != GSS_S_COMPLETE)
	3289	goto cleanup;
	3290	added_negoex = 1;
	3291	}
	3292
	3293	/* Skip this mech in the SPNEGO list unless it asks for
	3294	* direct SPNEGO negotiation. */
	3295	if (!negoex_and_spnego(&mechs->elements[i]))
	3296	continue;
	3297	}
	3298
	3299	/* Add this mech to the SPNEGO list. */
	3300	ret = gss_add_oid_set_member(minor_status, &mechs->elements[i],
	3301	&sc->mech_set);
3227	3302	if (ret != GSS_S_COMPLETE)
3228		break;
3229		}
3230
3231		gss_release_oid_set(&tmpmin, &cred_mechs);
3232		if (intersect_mechs->count == 0 \|\| ret != GSS_S_COMPLETE) {
3233		gss_release_oid_set(&tmpmin, &intersect_mechs);
	3303	goto cleanup;
	3304	}
	3305
	3306	*minor_status = 0;
	3307
	3308	cleanup:
	3309	if (ret != GSS_S_COMPLETE \|\| sc->mech_set->count == 0) {
3234	3310	*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
3235	3311	map_errcode(minor_status);
3236		return (GSS_S_FAILURE);
3237		}
3238
3239		*rmechs = intersect_mechs;
3240		*minor_status = 0;
3241		return (GSS_S_COMPLETE);
	3312	ret = GSS_S_FAILURE;
	3313	}
	3314
	3315	gss_release_oid_set(&tmpmin, &cred_mechs);
	3316	return (ret);
3242	3317	}
3243	3318
3244	3319	/* following are token creation and reading routines */

3573	3648	int tmplen;
3574	3649	unsigned int tag, bytes;
3575	3650
3576		*negState = ACCEPT_DEFECTIVE_TOKEN;
	3651	*negState = UNSPECIFIED;
3577	3652	*supportedMech = GSS_C_NO_OID;
3578	3653	responseToken = mechListMIC = GSS_C_NO_BUFFER;
3579	3654	ptr = bufstart = buf;

3696	3771	* mechanisms supported by the acceptor.
3697	3772	*/
3698	3773	static gss_OID
3699		negotiate_mech(gss_OID_set supported, gss_OID_set received,
	3774	negotiate_mech(spnego_gss_ctx_id_t ctx, gss_OID_set received,
3700	3775	OM_uint32 *negResult)
3701	3776	{
3702	3777	size_t i, j;
	3778	int wrong_krb5_oid;
3703	3779
3704	3780	for (i = 0; i < received->count; i++) {
3705	3781	gss_OID mech_oid = &received->elements[i];
3706	3782
3707	3783	/* Accept wrong mechanism OID from MS clients */
3708		if (g_OID_equal(mech_oid, &gss_mech_krb5_wrong_oid))
	3784	wrong_krb5_oid = 0;
	3785	if (g_OID_equal(mech_oid, &gss_mech_krb5_wrong_oid)) {
3709	3786	mech_oid = (gss_OID)&gss_mech_krb5_oid;
3710
3711		for (j = 0; j < supported->count; j++) {
3712		if (g_OID_equal(mech_oid, &supported->elements[j])) {
	3787	wrong_krb5_oid = 1;
	3788	}
	3789
	3790	for (j = 0; j < ctx->mech_set->count; j++) {
	3791	if (g_OID_equal(mech_oid,
	3792	&ctx->mech_set->elements[j])) {
3713	3793	*negResult = (i == 0) ? ACCEPT_INCOMPLETE :
3714	3794	REQUEST_MIC;
3715		return &received->elements[i];
	3795	return wrong_krb5_oid ?
	3796	(gss_OID)&gss_mech_krb5_wrong_oid :
	3797	&ctx->mech_set->elements[j];
3716	3798	}
3717	3799	}
3718	3800	}

3730	3812	static spnego_token_t
3731	3813	make_spnego_token(const char *name)
3732	3814	{
3733		return (spnego_token_t)strdup(name);
	3815	return (spnego_token_t)gssalloc_strdup(name);
3734	3816	}
3735	3817
3736	3818	static gss_buffer_desc

+0

-3

src/lib/kadm5/admin.h less more

393	393	krb5_key_salt_tuple *ks_tuple,
394	394	krb5_keyblock **keyblocks,
395	395	int *n_keys);
396		kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
397		krb5_principal principal,
398		krb5_keyblock *keyblock);
399	396
400	397	kadm5_ret_t kadm5_setkey_principal(void *server_handle,
401	398	krb5_principal principal,

+0

-1

src/lib/kadm5/admin_xdr.h less more

36	36	bool_t xdr_rprinc_arg(XDR xdrs, rprinc_arg objp);
37	37	bool_t xdr_chpass_arg(XDR xdrs, chpass_arg objp);
38	38	bool_t xdr_chpass3_arg(XDR xdrs, chpass3_arg objp);
39		bool_t xdr_setv4key_arg(XDR xdrs, setv4key_arg objp);
40	39	bool_t xdr_setkey_arg(XDR xdrs, setkey_arg objp);
41	40	bool_t xdr_setkey3_arg(XDR xdrs, setkey3_arg objp);
42	41	bool_t xdr_setkey4_arg(XDR xdrs, setkey4_arg objp);

+1

-1

src/lib/kadm5/alt_prof.c less more

72	72	ret = krb5_get_default_config_files(&filenames);
73	73	if (ret)
74	74	return ret;
75		if (envname == NULL \|\| (kdc_config = getenv(envname)) == NULL)
	75	if (envname == NULL \|\| (kdc_config = secure_getenv(envname)) == NULL)
76	76	kdc_config = fname;
77	77	k5_buf_init_dynamic(&buf);
78	78	if (kdc_config)

+1

-1

src/lib/kadm5/clnt/Makefile.in less more

2	2	LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
3	3
4	4	LIBBASE=kadm5clnt_mit
5		LIBMAJOR=11
	5	LIBMAJOR=12
6	6	LIBMINOR=0
7	7	STOBJLISTS=../OBJS.ST OBJS.ST
8	8	SHLIB_EXPDEPS=\

+3

-0

src/lib/kadm5/clnt/client_init.c less more

464	464	/* Credentials for kadmin don't need to be forwardable or proxiable. */
465	465	if (init_type != INIT_CREDS) {
466	466	code = krb5_get_init_creds_opt_alloc(ctx, &opt);
	467	if (code)
	468	goto error;
	469
467	470	krb5_get_init_creds_opt_set_forwardable(opt, 0);
468	471	krb5_get_init_creds_opt_set_proxiable(opt, 0);
469	472	krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache);

+0

-22

src/lib/kadm5/clnt/client_principal.c less more

273	273	}
274	274
275	275	kadm5_ret_t
276		kadm5_setv4key_principal(void *server_handle,
277		krb5_principal princ,
278		krb5_keyblock *keyblock)
279		{
280		setv4key_arg arg;
281		generic_ret r = { 0, 0 };
282		kadm5_server_handle_t handle = server_handle;
283
284		CHECK_HANDLE(server_handle);
285
286		arg.princ = princ;
287		arg.keyblock = keyblock;
288		arg.api_version = handle->api_version;
289
290		if(princ == NULL \|\| keyblock == NULL)
291		return EINVAL;
292		if (setv4key_principal_2(&arg, &r, handle->clnt))
293		eret();
294		return r.code;
295		}
296
297		kadm5_ret_t
298	276	kadm5_setkey_principal(void *server_handle,
299	277	krb5_principal princ,
300	278	krb5_keyblock *keyblocks,

+0

-8

src/lib/kadm5/clnt/client_rpc.c less more

84	84	}
85	85
86	86	enum clnt_stat
87		setv4key_principal_2(setv4key_arg argp, generic_ret res, CLIENT *clnt)
88		{
89		return clnt_call(clnt, SETV4KEY_PRINCIPAL,
90		(xdrproc_t)xdr_setv4key_arg, (caddr_t)argp,
91		(xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
92		}
93
94		enum clnt_stat
95	87	setkey_principal_2(setkey_arg argp, generic_ret res, CLIENT *clnt)
96	88	{
97	89	return clnt_call(clnt, SETKEY_PRINCIPAL,

+0

-2

src/lib/kadm5/clnt/libkadm5clnt_mit.exports less more

43	43	kadm5_setkey_principal
44	44	kadm5_setkey_principal_3
45	45	kadm5_setkey_principal_4
46		kadm5_setv4key_principal
47	46	kadm5_unlock
48	47	krb5_aprof_finish
49	48	krb5_aprof_get_boolean

113	112	xdr_setkey3_arg
114	113	xdr_setkey4_arg
115	114	xdr_setkey_arg
116		xdr_setv4key_arg
117	115	xdr_ui_4
118	116	kadm5_init_iprop

+3

-13

src/lib/kadm5/kadm_rpc.h less more

80	80	char *pass;
81	81	};
82	82	typedef struct chpass3_arg chpass3_arg;
83
84		struct setv4key_arg {
85		krb5_ui_4 api_version;
86		krb5_principal princ;
87		krb5_keyblock *keyblock;
88		};
89		typedef struct setv4key_arg setv4key_arg;
90	83
91	84	struct setkey_arg {
92	85	krb5_ui_4 api_version;

321	314	CLIENT *);
322	315	extern bool_t setkey_principal_2_svc(setkey_arg , generic_ret ,
323	316	struct svc_req *);
324		#define SETV4KEY_PRINCIPAL 17
325		extern enum clnt_stat setv4key_principal_2(setv4key_arg , generic_ret ,
326		CLIENT *);
327		extern bool_t setv4key_principal_2_svc(setv4key_arg , generic_ret ,
328		struct svc_req *);
	317
	318	/* 17 was SETV4KEY_PRINCIPAL (removed in 1.18). */
	319
329	320	#define CREATE_PRINCIPAL3 18
330	321	extern enum clnt_stat create_principal3_2(cprinc3_arg , generic_ret ,
331	322	CLIENT *);

379	370	extern bool_t xdr_gprincs_ret ();
380	371	extern bool_t xdr_chpass_arg ();
381	372	extern bool_t xdr_chpass3_arg ();
382		extern bool_t xdr_setv4key_arg ();
383	373	extern bool_t xdr_setkey_arg ();
384	374	extern bool_t xdr_setkey3_arg ();
385	375	extern bool_t xdr_setkey4_arg ();

+5

-32

src/lib/kadm5/kadm_rpc_xdr.c less more

704	704	return (FALSE);
705	705	}
706	706	if (!xdr_nullstring(xdrs, &objp->pass)) {
707		return (FALSE);
708		}
709		return (TRUE);
710		}
711
712		bool_t
713		xdr_setv4key_arg(XDR xdrs, setv4key_arg objp)
714		{
715		unsigned int n_keys = 1;
716
717		if (!xdr_ui_4(xdrs, &objp->api_version)) {
718		return (FALSE);
719		}
720		if (!xdr_krb5_principal(xdrs, &objp->princ)) {
721		return (FALSE);
722		}
723		if (!xdr_array(xdrs, (caddr_t *) &objp->keyblock,
724		&n_keys, ~0,
725		sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
726	707	return (FALSE);
727	708	}
728	709	return (TRUE);

1127	1108	bool_t
1128	1109	xdr_krb5_enctype(XDR xdrs, krb5_enctype objp)
1129	1110	{
1130		/*
1131		* This used to be xdr_krb5_keytype, but keytypes and enctypes have
1132		* been merged into only enctypes. However, randkey_principal
1133		* already ensures that only a key of ENCTYPE_DES_CBC_CRC will be
1134		* returned to v1 clients, and ENCTYPE_DES_CBC_CRC has the same
1135		* value as KEYTYPE_DES used too, which is what all v1 clients
1136		* expect. Therefore, IMHO, just encoding whatever enctype we get
1137		* is safe.
1138		*/
1139
1140	1111	if (!xdr_int32(xdrs, (int32_t *) objp))
1141	1112	return (FALSE);
1142	1113	return (TRUE);

1153	1124	bool_t
1154	1125	xdr_krb5_keyblock(XDR xdrs, krb5_keyblock objp)
1155	1126	{
	1127	char *cp;
	1128
1156	1129	/* XXX This only works because free_keyblock assumes ->contents
1157	1130	is allocated by malloc() */
1158
1159	1131	if(!xdr_krb5_enctype(xdrs, &objp->enctype))
1160	1132	return FALSE;
1161		if(!xdr_bytes(xdrs, (char *) &objp->contents, (unsigned int )
1162		&objp->length, ~0))
	1133	cp = (char *)objp->contents;
	1134	if(!xdr_bytes(xdrs, &cp, &objp->length, ~0))
1163	1135	return FALSE;
	1136	objp->contents = (uint8_t *)cp;
1164	1137	return TRUE;
1165	1138	}
1166	1139

+1

-1

src/lib/kadm5/srv/Makefile.in less more

8	8	##DOSLIBNAME = libkadm5srv.lib
9	9
10	10	LIBBASE=kadm5srv_mit
11		LIBMAJOR=11
	11	LIBMAJOR=12
12	12	LIBMINOR=0
13	13	STOBJLISTS=../OBJS.ST OBJS.ST
14	14

+0

-2

src/lib/kadm5/srv/libkadm5srv_mit.exports less more

44	44	kadm5_setkey_principal
45	45	kadm5_setkey_principal_3
46	46	kadm5_setkey_principal_4
47		kadm5_setv4key_principal
48	47	kadm5_unlock
49	48	kdb_delete_entry
50	49	kdb_free_entry

132	131	xdr_setkey3_arg
133	132	xdr_setkey4_arg
134	133	xdr_setkey_arg
135		xdr_setv4key_arg
136	134	xdr_sstring_arg
137	135	xdr_ui_4
138	136	kadm5_init_iprop

+1

-2

src/lib/kadm5/srv/server_kdb.c less more

263	263
264	264	*kdb_ptr = NULL;
265	265
266		ret = krb5_db_get_principal(handle->context, principal,
267		KRB5_KDB_FLAG_ALIAS_OK, &kdb);
	266	ret = krb5_db_get_principal(handle->context, principal, 0, &kdb);
268	267	if (ret == KRB5_KDB_NOENTRY)
269	268	return(KADM5_UNK_PRINC);
270	269	if (ret)

+51

-177

src/lib/kadm5/srv/svr_principal.c less more

301	301	kadm5_server_handle_t handle = server_handle;
302	302	krb5_keyblock *act_mkey;
303	303	krb5_kvno act_kvno;
304		int new_n_ks_tuple = 0;
	304	int new_n_ks_tuple = 0, i;
305	305	krb5_key_salt_tuple *new_ks_tuple = NULL;
306	306
307	307	CHECK_HANDLE(server_handle);

355	355	kdb = calloc(1, sizeof(*kdb));
356	356	if (kdb == NULL)
357	357	return ENOMEM;
	358
	359	/* In all cases the principal entry is new and key data is set; let the
	360	* database provider know. */
	361	kdb->mask = mask \| KADM5_KEY_DATA \| KADM5_PRINCIPAL;
	362
358	363	memset(&adb, 0, sizeof(osa_princ_ent_rec));
359	364
360	365	/*

404	409	kdb->expiration = handle->params.expiration;
405	410
406	411	kdb->pw_expiration = 0;
407		if (have_polent) {
408		if(polent.pw_max_life)
409		kdb->pw_expiration = ts_incr(now, polent.pw_max_life);
410		else
411		kdb->pw_expiration = 0;
412		}
413		if ((mask & KADM5_PW_EXPIRATION))
	412	if (mask & KADM5_PW_EXPIRATION) {
414	413	kdb->pw_expiration = entry->pw_expiration;
	414	} else if (have_polent && polent.pw_max_life) {
	415	kdb->mask \|= KADM5_PW_EXPIRATION;
	416	kdb->pw_expiration = ts_incr(now, polent.pw_max_life);
	417	}
415	418
416	419	kdb->last_success = 0;
417	420	kdb->last_failed = 0;

467	470	/* Null password means create with random key (new in 1.8). */
468	471	ret = krb5_dbe_crk(handle->context, &master_keyblock,
469	472	new_ks_tuple, new_n_ks_tuple, FALSE, kdb);
	473	if (mask & KADM5_KVNO) {
	474	for (i = 0; i < kdb->n_key_data; i++)
	475	kdb->key_data[i].key_data_kvno = entry->kvno;
	476	}
470	477	}
471	478	if (ret)
472	479	goto cleanup;

497	504
498	505	adb.policy = entry->policy;
499	506	}
500
501		/* In all cases key and the principal data is set, let the database provider know */
502		kdb->mask = mask \| KADM5_KEY_DATA \| KADM5_PRINCIPAL ;
503	507
504	508	/* store the new db entry */
505	509	ret = kdb_put_entry(handle, kdb, &adb);

596	600	if (ret)
597	601	return(ret);
598	602
	603	/* Let the mask propagate to the database provider. */
	604	kdb->mask = mask;
	605
599	606	/*
600	607	* This is pretty much the same as create ...
601	608	*/

611	618	free(adb.policy);
612	619	adb.policy = strdup(entry->policy);
613	620	}
614		if (have_pol) {
	621
	622	if (mask & KADM5_PW_EXPIRATION) {
	623	kdb->pw_expiration = entry->pw_expiration;
	624	} else if (have_pol) {
615	625	/* set pw_max_life based on new policy */
	626	kdb->mask \|= KADM5_PW_EXPIRATION;
616	627	if (pol.pw_max_life) {
617	628	ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb,
618		&(kdb->pw_expiration));
	629	&kdb->pw_expiration);
619	630	if (ret)
620	631	goto done;
621	632	kdb->pw_expiration = ts_incr(kdb->pw_expiration, pol.pw_max_life);

637	648	kdb->max_life = entry->max_life;
638	649	if ((mask & KADM5_PRINC_EXPIRE_TIME))
639	650	kdb->expiration = entry->princ_expire_time;
640		if (mask & KADM5_PW_EXPIRATION)
641		kdb->pw_expiration = entry->pw_expiration;
642	651	if (mask & KADM5_MAX_RLIFE)
643	652	kdb->max_renewable_life = entry->max_renewable_life;
644	653

650	659	if (mask & KADM5_TL_DATA) {
651	660	krb5_tl_data *tl;
652	661
653		/* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
	662	/* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writing */
654	663
655	664	for (tl = entry->tl_data; tl;
656	665	tl = tl->tl_data_next)

676	685
677	686	kdb->fail_auth_count = 0;
678	687	}
679
680		/* let the mask propagate to the database provider */
681		kdb->mask = mask;
682	688
683	689	ret = k5_kadm5_hook_modify(handle->context, handle->hook_handles,
684	690	KADM5_HOOK_STAGE_PRECOMMIT, entry, mask);

1357	1363	if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
1358	1364	return(ret);
1359	1365
	1366	/* We will always be changing the key data, attributes, auth failure count,
	1367	* and password expiration time. */
	1368	kdb->mask = KADM5_KEY_DATA \| KADM5_ATTRIBUTES \| KADM5_FAIL_AUTH_COUNT \|
	1369	KADM5_PW_EXPIRATION;
	1370
1360	1371	ret = apply_keysalt_policy(handle, adb.policy, n_ks_tuple, ks_tuple,
1361	1372	&new_n_ks_tuple, &new_ks_tuple);
1362	1373	if (ret)

1402	1413	if (ret)
1403	1414	goto done;
1404	1415
	1416	kdb->pw_expiration = 0;
1405	1417	if ((adb.aux_attributes & KADM5_POLICY)) {
1406	1418	/* the policy was loaded before */
1407	1419

1434	1446
1435	1447	if (pol.pw_max_life)
1436	1448	kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1437		else
1438		kdb->pw_expiration = 0;
1439		} else {
1440		kdb->pw_expiration = 0;
1441	1449	}
1442	1450
1443	1451	#ifdef USE_PASSWORD_SERVER

1475	1483
1476	1484	/* unlock principal on this KDC */
1477	1485	kdb->fail_auth_count = 0;
1478
1479		/* key data and attributes changed, let the database provider know */
1480		kdb->mask = KADM5_KEY_DATA \| KADM5_ATTRIBUTES \|
1481		KADM5_FAIL_AUTH_COUNT;
1482		/* \| KADM5_CPW_FUNCTION */
1483	1486
1484	1487	if (hist_added)
1485	1488	kdb->mask \|= KADM5_KEY_HIST;

1555	1558	if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
1556	1559	return(ret);
1557	1560
	1561	/* We will always be changing the key data, attributes, auth failure count,
	1562	* and password expiration time. */
	1563	kdb->mask = KADM5_KEY_DATA \| KADM5_ATTRIBUTES \| KADM5_FAIL_AUTH_COUNT \|
	1564	KADM5_PW_EXPIRATION;
	1565
1558	1566	ret = apply_keysalt_policy(handle, adb.policy, n_ks_tuple, ks_tuple,
1559	1567	&new_n_ks_tuple, &new_ks_tuple);
1560	1568	if (ret)

1594	1602	if (ret)
1595	1603	goto done;
1596	1604	}
1597		if (have_pol) {
1598		if (pol.pw_max_life)
1599		kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1600		else
1601		kdb->pw_expiration = 0;
1602		} else {
1603		kdb->pw_expiration = 0;
1604		}
	1605
	1606	kdb->pw_expiration = 0;
	1607	if (have_pol && pol.pw_max_life)
	1608	kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1605	1609
1606	1610	ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
1607	1611	if (ret)

1619	1623	goto done;
1620	1624	}
1621	1625
1622		/* key data changed, let the database provider know */
1623		kdb->mask = KADM5_KEY_DATA \| KADM5_FAIL_AUTH_COUNT;
1624		/* \| KADM5_RANDKEY_USED */;
1625
1626	1626	ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
1627	1627	KADM5_HOOK_STAGE_PRECOMMIT, principal, keepold,
1628	1628	new_n_ks_tuple, new_ks_tuple, NULL);

1637	1637	ret = KADM5_OK;
1638	1638	done:
1639	1639	free(new_ks_tuple);
1640		kdb_free_entry(handle, kdb, &adb);
1641		if (have_pol)
1642		kadm5_free_policy_ent(handle->lhandle, &pol);
1643
1644		return ret;
1645		}
1646
1647		/*
1648		* kadm5_setv4key_principal:
1649		*
1650		* Set only ONE key of the principal, removing all others. This key
1651		* must have the DES_CBC_CRC enctype and is entered as having the
1652		* krb4 salttype. This is to enable things like kadmind4 to work.
1653		*/
1654		kadm5_ret_t
1655		kadm5_setv4key_principal(void *server_handle,
1656		krb5_principal principal,
1657		krb5_keyblock *keyblock)
1658		{
1659		krb5_db_entry *kdb;
1660		osa_princ_ent_rec adb;
1661		krb5_timestamp now;
1662		kadm5_policy_ent_rec pol;
1663		krb5_keysalt keysalt;
1664		int i, kvno, ret;
1665		krb5_boolean have_pol = FALSE;
1666		kadm5_server_handle_t handle = server_handle;
1667		krb5_key_data tmp_key_data;
1668		krb5_keyblock *act_mkey;
1669
1670		memset( &tmp_key_data, 0, sizeof(tmp_key_data));
1671
1672		CHECK_HANDLE(server_handle);
1673
1674		krb5_clear_error_message(handle->context);
1675
1676		if (principal == NULL \|\| keyblock == NULL)
1677		return EINVAL;
1678		if (hist_princ && /* this will be NULL when initializing the databse */
1679		((krb5_principal_compare(handle->context,
1680		principal, hist_princ)) == TRUE))
1681		return KADM5_PROTECT_PRINCIPAL;
1682
1683		if (keyblock->enctype != ENCTYPE_DES_CBC_CRC)
1684		return KADM5_SETV4KEY_INVAL_ENCTYPE;
1685
1686		if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
1687		return(ret);
1688
1689		for (kvno = 0, i=0; i<kdb->n_key_data; i++)
1690		if (kdb->key_data[i].key_data_kvno > kvno)
1691		kvno = kdb->key_data[i].key_data_kvno;
1692
1693		if (kdb->key_data != NULL)
1694		cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
1695
1696		kdb->key_data = calloc(1, sizeof(krb5_key_data));
1697		if (kdb->key_data == NULL)
1698		return ENOMEM;
1699		kdb->n_key_data = 1;
1700		keysalt.type = KRB5_KDB_SALTTYPE_V4;
1701		/* XXX data.magic? */
1702		keysalt.data.length = 0;
1703		keysalt.data.data = NULL;
1704
1705		ret = kdb_get_active_mkey(handle, NULL, &act_mkey);
1706		if (ret)
1707		goto done;
1708
1709		/* use tmp_key_data as temporary location and reallocate later */
1710		ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock,
1711		&keysalt, kvno + 1, kdb->key_data);
1712		if (ret) {
1713		goto done;
1714		}
1715
1716		kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
1717
1718		ret = krb5_timeofday(handle->context, &now);
1719		if (ret)
1720		goto done;
1721
1722		if ((adb.aux_attributes & KADM5_POLICY)) {
1723		ret = get_policy(handle, adb.policy, &pol, &have_pol);
1724		if (ret)
1725		goto done;
1726		}
1727		if (have_pol) {
1728		if (pol.pw_max_life)
1729		kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1730		else
1731		kdb->pw_expiration = 0;
1732		} else {
1733		kdb->pw_expiration = 0;
1734		}
1735
1736		ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
1737		if (ret)
1738		goto done;
1739
1740		/* unlock principal on this KDC */
1741		kdb->fail_auth_count = 0;
1742
1743		/* key data changed, let the database provider know */
1744		kdb->mask = KADM5_KEY_DATA \| KADM5_FAIL_AUTH_COUNT;
1745
1746		if ((ret = kdb_put_entry(handle, kdb, &adb)))
1747		goto done;
1748
1749		ret = KADM5_OK;
1750		done:
1751		for (i = 0; i < tmp_key_data.key_data_ver; i++) {
1752		if (tmp_key_data.key_data_contents[i]) {
1753		memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
1754		free (tmp_key_data.key_data_contents[i]);
1755		}
1756		}
1757
1758	1640	kdb_free_entry(handle, kdb, &adb);
1759	1641	if (have_pol)
1760	1642	kadm5_free_policy_ent(handle->lhandle, &pol);

1875	1757	ret = kdb_get_entry(handle, principal, &kdb, &adb);
1876	1758	if (ret)
1877	1759	return ret;
	1760
	1761	/* We will always be changing the key data, attributes, auth failure count,
	1762	* and password expiration time. */
	1763	kdb->mask = KADM5_KEY_DATA \| KADM5_ATTRIBUTES \| KADM5_FAIL_AUTH_COUNT \|
	1764	KADM5_PW_EXPIRATION;
1878	1765
1879	1766	if (kvno == 0) {
1880	1767	/* Pick the next kvno. */

1977	1864	if (ret)
1978	1865	goto done;
1979	1866	}
1980		if (have_pol) {
1981		if (pol.pw_max_life)
1982		kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1983		else
1984		kdb->pw_expiration = 0;
1985		} else {
1986		kdb->pw_expiration = 0;
1987		}
	1867
	1868	kdb->pw_expiration = 0;
	1869	if (have_pol && pol.pw_max_life)
	1870	kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
1988	1871
1989	1872	ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
1990	1873	if (ret)

1992	1875
1993	1876	/* Unlock principal on this KDC. */
1994	1877	kdb->fail_auth_count = 0;
1995
1996		/* key data changed, let the database provider know */
1997		kdb->mask = KADM5_KEY_DATA \| KADM5_FAIL_AUTH_COUNT;
1998	1878
1999	1879	ret = kdb_put_entry(handle, kdb, &adb);
2000	1880	if (ret)

2092	1972	ret = krb5_dbe_decrypt_key_data(context, NULL, &key_data[i], &keys[i],
2093	1973	NULL);
2094	1974	if (ret) {
2095		for (; i >= 0; i--) {
2096		if (keys[i].contents) {
2097		memset (keys[i].contents, 0, keys[i].length);
2098		free( keys[i].contents );
2099		}
2100		}
2101
2102		memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
	1975	for (; i >= 0; i--)
	1976	krb5_free_keyblock_contents(context, &keys[i]);
2103	1977	free(keys);
2104	1978	return ret;
2105	1979	}

+8

-4

src/lib/kadm5/unit-test/Makefile.in less more

55	55	$(CC_LINK) -o server-setkey-test setkey-test.o \
56	56	$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
57	57
	58	runenv.exp: Makefile
	59	$(RUN_SETUP); for i in $(RUN_VARS); do \
	60	eval echo "set env$$$i$ \$$$$i"; done > runenv.exp
	61
58	62	#
59	63	# The unit-test targets
60	64	#

93	97	test-setkey-client: client-setkey-test
94	98	$(ENV_SETUP) $(VALGRIND) ./client-setkey-test testkeys admin admin
95	99
96		unit-test-client-setup:
	100	unit-test-client-setup: runenv.sh
97	101	$(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
98	102
99	103	unit-test-client-cleanup:
100	104	$(ENV_SETUP) $(STOP_SERVERS)
101	105
102		unit-test-server-setup:
	106	unit-test-server-setup: runenv.sh
103	107	$(ENV_SETUP) $(VALGRIND) $(START_SERVERS_LOCAL)
104	108
105	109	unit-test-server-cleanup:
106	110	$(ENV_SETUP) $(STOP_SERVERS_LOCAL)
107	111
108	112	unit-test-client-body: site.exp test-noauth test-destroy test-handle-client \
109		test-setkey-client
	113	test-setkey-client runenv.exp
110	114	$(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
111	115	KINIT=$(BUILDTOP)/clients/kinit/kinit \
112	116	KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \

135	139	$(RM) lock-test lock-test.o
136	140	$(RM) server-iter-test iter-test.o
137	141	$(RM) server-setkey-test client-setkey-test setkey-test.o
138		$(RM) .log .plog .sum .psum unit-test-log.*
	142	$(RM) .log .plog .sum .psum unit-test-log.* runenv.exp

+4

-4

src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp less more

17	17
18	18	# I'd like to specify a long list of keysalt tuples and make sure
19	19	# that chpass does the right thing, but we can only use those
20		# enctypes that krbtgt has a key for: des-cbc-crc:normal and
21		# des-cbc-crc:v4, according to the prototype kdc.conf.
	20	# enctypes that krbtgt has a key for: the AES enctypes, according to
	21	# the prototype kdc.conf.
22	22	if {! [cmd [format {
23	23	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
24	24	$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \

52	52	}
53	53
54	54	# XXX Perhaps I should actually check the key type returned.
55		if {$num_keys == 3} {
	55	if {$num_keys == 5} {
56	56	pass "$test"
57	57	} else {
58		fail "$test: $num_keys keys, should be 3"
	58	fail "$test: $num_keys keys, should be 5"
59	59	}
60	60	if { ! [cmd {kadm5_destroy $server_handle}]} {
61	61	perror "$test: unexpected failure in destroy"

+2

-2

src/lib/kadm5/unit-test/api.current/get-principal-v2.exp less more

142	142	}
143	143
144	144	set failed 0
145		if {$num_keys != 3} {
146		fail "$test: num_keys $num_keys should be 3"
	145	if {$num_keys != 5} {
	146	fail "$test: num_keys $num_keys should be 5"
147	147	set failed 1
148	148	}
149	149	for {set i 0} {$i < $num_keys} {incr i} {

+2

-8

src/lib/kadm5/unit-test/api.current/init.exp less more

687	687	if {$RPC} {
688	688	test "init 45"
689	689
690		test45_46 ovsec_adm/admin
	690	test45_46 kadmin/admin
691	691
692	692	test "init 46"
693	693
694		test45_46 ovsec_adm/changepw
695
696		# re-extract the keytab so it is right
697		exec rm $env(K5ROOT)/ovsec_adm.srvtab
698		exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
699		-princ kadmin/admin -princ kadmin/changepw \
700		$env(K5ROOT)/ovsec_adm.srvtab
	694	test45_46 kadmin/changepw
701	695	}
702	696
703	697	return ""

+5

-6

src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp less more

15	15	return
16	16	}
17	17
18		# I'd like to specify a long list of keysalt tuples and make sure
19		# that randkey does the right thing, but we can only use those
20		# enctypes that krbtgt has a key for: des-cbc-crc:normal and
21		# des-cbc-crc:v4, according to the prototype kdc.conf.
	18	# I'd like to specify a long list of keysalt tuples and make sure that
	19	# randkey does the right thing, but we can only use those enctypes that
	20	# krbtgt has a key for: 3DES and AES, according to the prototype kdc.conf.
22	21	if {! [cmd [format {
23	22	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
24	23	$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \

46	45	}
47	46
48	47	# XXX Perhaps I should actually check the key type returned.
49		if {$num_keys == 2} {
	48	if {$num_keys == 5} {
50	49	pass "$test"
51	50	} else {
52		fail "$test: $num_keys keys, should be 2"
	51	fail "$test: $num_keys keys, should be 5"
53	52	}
54	53	if { ! [cmd {kadm5_destroy $server_handle}]} {
55	54	perror "$test: unexpected failure in destroy"

+2

-0

src/lib/kadm5/unit-test/config/unix.exp less more

	0	source runenv.exp
	1
0	2	set prompt "% "
1	3	set stty_init {-onlcr -opost intr \^C kill \^U}
2	4	set kadmin_local $KADMIN_LOCAL

+1

-1

src/lib/kadm5/unit-test/lib/lib.t less more

263	263	if {[info exists errorInfo]} {
264	264	set saveErrorInfo $errorInfo
265	265	}
266		catch "system $KDESTROY -5 2>/dev/null"
	266	catch "exec $KDESTROY -5 2>/dev/null"
267	267	if {[info exists saveErrorCode]} {
268	268	set errorCode $saveErrorCode
269	269	} elseif {[info exists errorCode]} {

+3

-3

src/lib/kadm5/unit-test/setkey-test.c less more

18	18	#endif /* no random */
19	19
20	20	krb5_keyblock test1[] = {
21		{0, ENCTYPE_DES_CBC_CRC, 0, 0},
	21	{0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
22	22	{-1},
23	23	};
24	24	krb5_keyblock test2[] = {
25		{0, ENCTYPE_DES_CBC_CRC, 0, 0},
	25	{0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
26	26	{-1},
27	27	};
28	28	krb5_keyblock test3[] = {
29		{0, ENCTYPE_DES_CBC_CRC, 0, 0},
	29	{0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
30	30	{-1},
31	31	};
32	32

+1

-1

src/lib/kdb/Makefile.in less more

4	4
5	5	# Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h.
6	6	LIBBASE=kdb5
7		LIBMAJOR=9
	7	LIBMAJOR=10
8	8	LIBMINOR=0
9	9	LIBINITFUNC=kdb_init_lock_list
10	10	LIBFINIFUNC=kdb_fini_lock_list

+104

-14

src/lib/kdb/kdb5.c less more

322	322	out->refresh_config = in->refresh_config;
323	323	out->check_allowed_to_delegate = in->check_allowed_to_delegate;
324	324	out->free_principal_e_data = in->free_principal_e_data;
	325	out->get_s4u_x509_principal = in->get_s4u_x509_principal;
	326	out->allowed_to_delegate_from = in->allowed_to_delegate_from;
	327	out->get_authdata_info = in->get_authdata_info;
	328	out->free_authdata_info = in->free_authdata_info;
325	329
326	330	/* Set defaults for optional fields. */
327	331	if (out->fetch_master_key == NULL)

1033	1037	logging(kcontext))
1034	1038	return KRB5_PLUGIN_OP_NOTSUPP;
1035	1039
1036		status = krb5_db_get_principal(kcontext, target, KRB5_KDB_FLAG_ALIAS_OK,
1037		&entry);
	1040	status = krb5_db_get_principal(kcontext, target, 0, &entry);
1038	1041	if (status == 0) {
1039	1042	krb5_db_free_principal(kcontext, entry);
1040	1043	return KRB5_KDB_INUSE;

2311	2314	if (retval)
2312	2315	return retval;
2313	2316	break;
2314		case KRB5_KDB_SALTTYPE_V4:
2315		sdata = empty_data();
2316		break;
2317	2317	case KRB5_KDB_SALTTYPE_NOREALM:
2318	2318	retval = krb5_principal2salt_norealm(context, princ, &sdata);
2319	2319	if (retval)
2320	2320	return retval;
2321	2321	break;
2322		case KRB5_KDB_SALTTYPE_AFS3:
2323	2322	case KRB5_KDB_SALTTYPE_ONLYREALM:
2324	2323	return krb5_copy_data(context, &princ->realm, salt_out);
2325	2324	case KRB5_KDB_SALTTYPE_SPECIAL:

2591	2590
2592	2591	krb5_error_code
2593	2592	krb5_db_sign_authdata(krb5_context kcontext, unsigned int flags,
2594		krb5_const_principal client_princ, krb5_db_entry *client,
2595		krb5_db_entry server, krb5_db_entry krbtgt,
2596		krb5_keyblock client_key, krb5_keyblock server_key,
2597		krb5_keyblock krbtgt_key, krb5_keyblock session_key,
	2593	krb5_const_principal client_princ,
	2594	krb5_const_principal server_princ, krb5_db_entry *client,
	2595	krb5_db_entry server, krb5_db_entry header_server,
	2596	krb5_db_entry local_tgt, krb5_keyblock client_key,
	2597	krb5_keyblock server_key, krb5_keyblock header_key,
	2598	krb5_keyblock local_tgt_key, krb5_keyblock session_key,
2598	2599	krb5_timestamp authtime, krb5_authdata **tgt_auth_data,
	2600	void ad_info, krb5_data **auth_indicators,
2599	2601	krb5_authdata ***signed_auth_data)
2600	2602	{
2601	2603	krb5_error_code status = 0;

2607	2609	return status;
2608	2610	if (v->sign_authdata == NULL)
2609	2611	return KRB5_PLUGIN_OP_NOTSUPP;
2610		return v->sign_authdata(kcontext, flags, client_princ, client, server,
2611		krbtgt, client_key, server_key, krbtgt_key,
2612		session_key, authtime, tgt_auth_data,
2613		signed_auth_data);
	2612	return v->sign_authdata(kcontext, flags, client_princ, server_princ,
	2613	client, server, header_server, local_tgt,
	2614	client_key, server_key, header_key, local_tgt_key,
	2615	session_key, authtime, tgt_auth_data, ad_info,
	2616	auth_indicators, signed_auth_data);
2614	2617	}
2615	2618
2616	2619	krb5_error_code

2714	2717	if (v->check_allowed_to_delegate == NULL)
2715	2718	return KRB5_PLUGIN_OP_NOTSUPP;
2716	2719	return v->check_allowed_to_delegate(kcontext, client, server, proxy);
	2720	}
	2721
	2722	krb5_error_code
	2723	krb5_db_get_s4u_x509_principal(krb5_context kcontext,
	2724	const krb5_data *client_cert,
	2725	krb5_const_principal in_princ,
	2726	unsigned int flags, krb5_db_entry **entry)
	2727	{
	2728	krb5_error_code ret;
	2729	kdb_vftabl *v;
	2730
	2731	ret = get_vftabl(kcontext, &v);
	2732	if (ret)
	2733	return ret;
	2734	if (v->get_s4u_x509_principal == NULL)
	2735	return KRB5_PLUGIN_OP_NOTSUPP;
	2736	ret = v->get_s4u_x509_principal(kcontext, client_cert, in_princ, flags,
	2737	entry);
	2738	if (ret)
	2739	return ret;
	2740
	2741	/* Sort the keys in the db entry, same as get_principal(). */
	2742	if ((*entry)->key_data != NULL)
	2743	krb5_dbe_sort_key_data((entry)->key_data, (entry)->n_key_data);
	2744
	2745	return 0;
	2746	}
	2747
	2748	krb5_error_code
	2749	krb5_db_allowed_to_delegate_from(krb5_context kcontext,
	2750	krb5_const_principal client,
	2751	krb5_const_principal server,
	2752	void *server_ad_info,
	2753	const krb5_db_entry *proxy)
	2754	{
	2755	krb5_error_code ret;
	2756	kdb_vftabl *v;
	2757
	2758	ret = get_vftabl(kcontext, &v);
	2759	if (ret)
	2760	return ret;
	2761	if (v->allowed_to_delegate_from == NULL)
	2762	return KRB5_PLUGIN_OP_NOTSUPP;
	2763	return v->allowed_to_delegate_from(kcontext, client, server,
	2764	server_ad_info, proxy);
	2765	}
	2766
	2767	krb5_error_code
	2768	krb5_db_get_authdata_info(krb5_context kcontext, unsigned int flags,
	2769	krb5_authdata **in_authdata,
	2770	krb5_const_principal client_princ,
	2771	krb5_const_principal server_princ,
	2772	krb5_keyblock server_key, krb5_keyblock krbtgt_key,
	2773	krb5_db_entry *krbtgt, krb5_timestamp authtime,
	2774	void *ad_info_out, krb5_principal client_out)
	2775	{
	2776	krb5_error_code ret;
	2777	kdb_vftabl *v;
	2778
	2779	*ad_info_out = NULL;
	2780	if (client_out != NULL)
	2781	*client_out = NULL;
	2782
	2783	ret = get_vftabl(kcontext, &v);
	2784	if (ret)
	2785	return ret;
	2786	if (v->get_authdata_info == NULL)
	2787	return KRB5_PLUGIN_OP_NOTSUPP;
	2788	return v->get_authdata_info(kcontext, flags, in_authdata, client_princ,
	2789	server_princ, server_key, krbtgt_key, krbtgt,
	2790	authtime, ad_info_out, client_out);
	2791	}
	2792
	2793	void
	2794	krb5_db_free_authdata_info(krb5_context kcontext, void *ad_info)
	2795	{
	2796	krb5_error_code ret;
	2797	kdb_vftabl *v;
	2798
	2799	if (ad_info == NULL)
	2800	return;
	2801	ret = get_vftabl(kcontext, &v);
	2802	if (ret)
	2803	return;
	2804	if (v->free_authdata_info == NULL)
	2805	return;
	2806	v->free_authdata_info(kcontext, ad_info);
2717	2807	}
2718	2808
2719	2809	void

+4

-32

src/lib/kdb/kdb_convert.c less more

304	304	krb5_error_code ret;
305	305	kdbe_attr_type_t *attr_types;
306	306	int kadm_data_yes;
307		/* always exclude non-replicated attributes, for now */
308		krb5_boolean exclude_nra = TRUE;
309	307
310	308	nattrs = tmpint = 0;
311	309	final = -1;

355	353	nattrs++;
356	354	}
357	355	} else {
358		find_changed_attrs(curr, entry, exclude_nra, attr_types, &nattrs);
	356	/* Always exclude non-replicated attributes for now. */
	357	find_changed_attrs(curr, entry, TRUE, attr_types, &nattrs);
359	358	krb5_db_free_principal(context, curr);
360	359	}
361	360

398	397	ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PW_EXP;
399	398	ULOG_ENTRY(update, final).av_pw_exp =
400	399	(uint32_t)entry->pw_expiration;
401		}
402		break;
403
404		case AT_LAST_SUCCESS:
405		if (!exclude_nra && entry->last_success >= 0) {
406		ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LAST_SUCCESS;
407		ULOG_ENTRY(update, final).av_last_success =
408		(uint32_t)entry->last_success;
409		}
410		break;
411
412		case AT_LAST_FAILED:
413		if (!exclude_nra && entry->last_failed >= 0) {
414		ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LAST_FAILED;
415		ULOG_ENTRY(update, final).av_last_failed =
416		(uint32_t)entry->last_failed;
417		}
418		break;
419
420		case AT_FAIL_AUTH_COUNT:
421		if (!exclude_nra) {
422		ULOG_ENTRY_TYPE(update, ++final).av_type =
423		AT_FAIL_AUTH_COUNT;
424		ULOG_ENTRY(update, final).av_fail_auth_count =
425		(uint32_t)entry->fail_auth_count;
426	400	}
427	401	break;
428	402

551	525	/* END CSTYLED */
552	526
553	527	case AT_LEN:
554		if (entry->len >= 0) {
555		ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LEN;
556		ULOG_ENTRY(update, final).av_len = (int16_t)entry->len;
557		}
	528	ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LEN;
	529	ULOG_ENTRY(update, final).av_len = (int16_t)entry->len;
558	530	break;
559	531
560	532	default:

+1

-15

src/lib/kdb/kdb_cpw.c less more

259	259	krb5_keysalt key_salt;
260	260	krb5_keyblock key;
261	261	krb5_data pwd;
262		krb5_data afs_params = string2data("\1"), *s2k_params;
263	262	int i, j;
264	263	krb5_key_data *kd_slot;
265	264

267	266	krb5_boolean similar;
268	267
269	268	similar = 0;
270		s2k_params = NULL;
271	269
272	270	/*
273	271	* We could use krb5_keysalt_iterate to replace this loop, or use

315	313	&key_salt.data)))
316	314	return(retval);
317	315	break;
318		case KRB5_KDB_SALTTYPE_V4:
319		key_salt.data.length = 0;
320		key_salt.data.data = 0;
321		break;
322		case KRB5_KDB_SALTTYPE_AFS3:
323		retval = krb5int_copy_data_contents(context,
324		&db_entry->princ->realm,
325		&key_salt.data);
326		if (retval)
327		return retval;
328		s2k_params = &afs_params;
329		break;
330	316	case KRB5_KDB_SALTTYPE_SPECIAL:
331	317	retval = make_random_salt(context, &key_salt);
332	318	if (retval)

341	327	retval = krb5_c_string_to_key_with_params(context,
342	328	ks_tuple[i].ks_enctype,
343	329	&pwd, &key_salt.data,
344		s2k_params, &key);
	330	NULL, &key);
345	331	if (retval) {
346	332	free(key_salt.data.data);
347	333	return retval;

+49

-77

src/lib/kdb/kdb_default.c less more

36	36
37	37
38	38	/*
39		* Given a particular enctype and optional salttype and kvno, find the
40		* most appropriate krb5_key_data entry of the database entry.
41		*
42		* If stype or kvno is negative, it is ignored.
43		* If kvno is 0 get the key which is maxkvno for the princ and matches
44		* the other attributes.
	39	* Set *kd_out to the key data entry matching kvno, enctype, and salttype. If
	40	* any of those three parameters are -1, ignore them. If kvno is 0, match only
	41	* the highest kvno. Begin searching at the index start and set start to the
	42	* index after the match. Do not return keys of non-permitted enctypes; return
	43	* KRB5_KDB_NO_PERMITTED_KEY if the whole list was searched and only
	44	* non-permitted matches were found.
45	45	*/
46	46	krb5_error_code
47		krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
48		krb5_context kcontext;
49		krb5_db_entry *dbentp;
50		krb5_int32 *start;
51		krb5_int32 ktype;
52		krb5_int32 stype;
53		krb5_int32 kvno;
54		krb5_key_data **kdatap;
55		{
56		int i, idx;
57		int maxkvno;
58		krb5_key_data *datap;
59		krb5_error_code ret;
60		krb5_boolean saw_non_permitted = FALSE;
61
62		ret = 0;
63		if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
	47	krb5_dbe_def_search_enctype(krb5_context context, krb5_db_entry *ent,
	48	krb5_int32 *start, krb5_int32 enctype,
	49	krb5_int32 salttype, krb5_int32 kvno,
	50	krb5_key_data **kd_out)
	51	{
	52	krb5_key_data *kd;
	53	krb5_int32 db_salttype;
	54	krb5_boolean saw_non_permitted = FALSE;
	55	int i;
	56
	57	*kd_out = NULL;
	58
	59	if (enctype != -1 && !krb5_is_permitted_enctype(context, enctype))
64	60	return KRB5_KDB_NO_PERMITTED_KEY;
65
66		if (kvno == -1 && stype == -1 && ktype == -1)
67		kvno = 0;
68
69		if (kvno == 0) {
70		/* Get the max key version */
71		for (i = 0; i < dbentp->n_key_data; i++) {
72		if (kvno < dbentp->key_data[i].key_data_kvno) {
73		kvno = dbentp->key_data[i].key_data_kvno;
74		}
75		}
76		}
77
78		maxkvno = -1;
79		idx = -1;
80		datap = (krb5_key_data *) NULL;
81		for (i = *start; i < dbentp->n_key_data; i++) {
82		krb5_boolean similar;
83		krb5_int32 db_stype;
84
85		ret = 0;
86		if (dbentp->key_data[i].key_data_ver > 1) {
87		db_stype = dbentp->key_data[i].key_data_type[1];
88		} else {
89		db_stype = KRB5_KDB_SALTTYPE_NORMAL;
90		}
91
92		/* Match this entry against the arguments. */
93		if (ktype != -1) {
94		ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
95		dbentp->key_data[i].key_data_type[0],
96		&similar);
97		if (ret != 0 \|\| !similar)
98		continue;
99		}
100		if (stype >= 0 && db_stype != stype)
	61	if (ent->n_key_data == 0)
	62	return KRB5_KDB_NO_MATCHING_KEY;
	63
	64	/* Match the highest kvno if kvno is 0. Key data is sorted in descending
	65	* order of kvno. */
	66	if (kvno == 0)
	67	kvno = ent->key_data[0].key_data_kvno;
	68
	69	for (i = *start; i < ent->n_key_data; i++) {
	70	kd = &ent->key_data[i];
	71	db_salttype = (kd->key_data_ver > 1) ? kd->key_data_type[1] :
	72	KRB5_KDB_SALTTYPE_NORMAL;
	73
	74	/* Match this entry against the arguments. Stop searching if we have
	75	* passed the entries for the requested kvno. */
	76	if (enctype != -1 && kd->key_data_type[0] != enctype)
101	77	continue;
102		if (kvno >= 0 && dbentp->key_data[i].key_data_kvno != kvno)
	78	if (salttype >= 0 && db_salttype != salttype)
103	79	continue;
	80	if (kvno >= 0 && kd->key_data_kvno < kvno)
	81	break;
	82	if (kvno >= 0 && kd->key_data_kvno != kvno)
	83	continue;
104	84
105	85	/* Filter out non-permitted enctypes. */
106		if (!krb5_is_permitted_enctype(kcontext,
107		dbentp->key_data[i].key_data_type[0])) {
	86	if (!krb5_is_permitted_enctype(context, kd->key_data_type[0])) {
108	87	saw_non_permitted = TRUE;
109	88	continue;
110	89	}
111	90
112		if (dbentp->key_data[i].key_data_kvno > maxkvno) {
113		maxkvno = dbentp->key_data[i].key_data_kvno;
114		datap = &dbentp->key_data[i];
115		idx = i;
116		}
117		}
	91	*start = i + 1;
	92	*kd_out = kd;
	93	return 0;
	94	}
	95
118	96	/* If we scanned the whole set of keys and matched only non-permitted
119	97	* enctypes, indicate that. */
120		if (maxkvno < 0 && *start == 0 && saw_non_permitted)
121		ret = KRB5_KDB_NO_PERMITTED_KEY;
122		if (maxkvno < 0)
123		return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
124		*kdatap = datap;
125		*start = idx+1;
126		return 0;
	98	return (*start == 0 && saw_non_permitted) ? KRB5_KDB_NO_PERMITTED_KEY :
	99	KRB5_KDB_NO_MATCHING_KEY;
127	100	}
128	101
129	102	/*

550	523	if (source == NULL \|\| target == NULL)
551	524	return EINVAL;
552	525
553		ret = krb5_db_get_principal(kcontext, source, KRB5_KDB_FLAG_ALIAS_OK,
554		&kdb);
	526	ret = krb5_db_get_principal(kcontext, source, 0, &kdb);
555	527	if (ret)
556	528	goto cleanup;
557	529

+0

-1

src/lib/kdb/keytab.c less more

57	57	NULL, /* end_get */
58	58	NULL, /* add (extended) */
59	59	NULL, /* remove (extended) */
60		NULL, /* (void ) &krb5_ktfile_ser_entry /
61	60	};
62	61
63	62	typedef struct krb5_ktkdb_data {

+4

-0

src/lib/kdb/libkdb5.exports less more

2	2	krb5_db_inited
3	3	krb5_db_alloc
4	4	krb5_db_free
	5	krb5_db_allowed_to_delegate_from
5	6	krb5_db_audit_as_req
6	7	krb5_db_check_allowed_to_delegate
	8	krb5_db_get_s4u_x509_principal
7	9	krb5_db_check_policy_as
8	10	krb5_db_check_policy_tgs
9	11	krb5_db_check_transited_realms

13	15	krb5_db_fetch_mkey
14	16	krb5_db_fetch_mkey_list
15	17	krb5_db_fini
	18	krb5_db_free_authdata_info
16	19	krb5_db_free_principal
17	20	krb5_db_get_age
	21	krb5_db_get_authdata_info
18	22	krb5_db_get_key_data_kvno
19	23	krb5_db_get_context
20	24	krb5_db_get_principal

+22

-82

src/lib/krb5/asn.1/asn1_k_encode.c less more

527	527	if (ret) {
528	528	free_kdc_req_body(b);
529	529	free(h.server_realm.data);
530		memset(&h, 0, sizeof(h));
531	530	return ret;
532	531	}
533	532	b->server->realm = h.server_realm;

1446	1445	};
1447	1446	DEFSEQTYPE(pk_authenticator, krb5_pk_authenticator, pk_authenticator_fields);
1448	1447
1449		DEFFIELD(pkauth9_0, krb5_pk_authenticator_draft9, kdcName, 0, principal);
1450		DEFFIELD(pkauth9_1, krb5_pk_authenticator_draft9, kdcName, 1,
1451		realm_of_principal);
1452		DEFFIELD(pkauth9_2, krb5_pk_authenticator_draft9, cusec, 2, int32);
1453		DEFFIELD(pkauth9_3, krb5_pk_authenticator_draft9, ctime, 3, kerberos_time);
1454		DEFFIELD(pkauth9_4, krb5_pk_authenticator_draft9, nonce, 4, int32);
1455		static const struct atype_info *pk_authenticator_draft9_fields[] = {
1456		&k5_atype_pkauth9_0, &k5_atype_pkauth9_1, &k5_atype_pkauth9_2,
1457		&k5_atype_pkauth9_3, &k5_atype_pkauth9_4
1458		};
1459		DEFSEQTYPE(pk_authenticator_draft9, krb5_pk_authenticator_draft9,
1460		pk_authenticator_draft9_fields);
1461
1462	1448	DEFCOUNTEDSTRINGTYPE(s_bitstring, char *, unsigned int,
1463	1449	k5_asn1_encode_bitstring, k5_asn1_decode_bitstring,
1464	1450	ASN1_BITSTRING);

1488	1474	};
1489	1475	DEFSEQTYPE(auth_pack, krb5_auth_pack, auth_pack_fields);
1490	1476
1491		DEFFIELD(auth_pack9_0, krb5_auth_pack_draft9, pkAuthenticator, 0,
1492		pk_authenticator_draft9);
1493		DEFFIELD(auth_pack9_1, krb5_auth_pack_draft9, clientPublicValue, 1,
1494		opt_subject_pk_info_ptr);
1495		static const struct atype_info *auth_pack_draft9_fields[] = {
1496		&k5_atype_auth_pack9_0, &k5_atype_auth_pack9_1
1497		};
1498		DEFSEQTYPE(auth_pack_draft9, krb5_auth_pack_draft9, auth_pack_draft9_fields);
1499
1500	1477	DEFFIELD_IMPLICIT(extprinc_0, krb5_external_principal_identifier,
1501	1478	subjectName, 0, opt_ostring_data);
1502	1479	DEFFIELD_IMPLICIT(extprinc_1, krb5_external_principal_identifier,

1529	1506	};
1530	1507	DEFSEQTYPE(pa_pk_as_req, krb5_pa_pk_as_req, pa_pk_as_req_fields);
1531	1508
1532		/*
1533		* In draft-ietf-cat-kerberos-pk-init-09, this sequence has four fields, but we
1534		* only ever use the first and third. The fields are specified as explicitly
1535		* tagged, but our historical behavior is to pretend that they are wrapped in
1536		* IMPLICIT OCTET STRING (i.e., generate primitive context tags), and we don't
1537		* want to change that without interop testing.
1538		*/
1539		DEFFIELD_IMPLICIT(pa_pk_as_req9_0, krb5_pa_pk_as_req_draft9, signedAuthPack, 0,
1540		ostring_data);
1541		DEFFIELD_IMPLICIT(pa_pk_as_req9_2, krb5_pa_pk_as_req_draft9, kdcCert, 2,
1542		opt_ostring_data);
1543		static const struct atype_info *pa_pk_as_req_draft9_fields[] = {
1544		&k5_atype_pa_pk_as_req9_0, &k5_atype_pa_pk_as_req9_2
1545		};
1546		DEFSEQTYPE(pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9,
1547		pa_pk_as_req_draft9_fields);
1548		/* For decoding, we only care about the first field; we can ignore the rest. */
1549		static const struct atype_info *pa_pk_as_req_draft9_decode_fields[] = {
1550		&k5_atype_pa_pk_as_req9_0
1551		};
1552		DEFSEQTYPE(pa_pk_as_req_draft9_decode, krb5_pa_pk_as_req_draft9,
1553		pa_pk_as_req_draft9_decode_fields);
1554
1555	1509	DEFFIELD_IMPLICIT(dh_rep_info_0, krb5_dh_rep_info, dhSignedData, 0,
1556	1510	ostring_data);
1557	1511	DEFFIELD(dh_rep_info_1, krb5_dh_rep_info, serverDHNonce, 1, opt_ostring_data);

1577	1531	};
1578	1532	DEFSEQTYPE(reply_key_pack, krb5_reply_key_pack, reply_key_pack_fields);
1579	1533
1580		DEFFIELD(key_pack9_0, krb5_reply_key_pack_draft9, replyKey, 0, encryption_key);
1581		DEFFIELD(key_pack9_1, krb5_reply_key_pack_draft9, nonce, 1, int32);
1582		static const struct atype_info *reply_key_pack_draft9_fields[] = {
1583		&k5_atype_key_pack9_0, &k5_atype_key_pack9_1
1584		};
1585		DEFSEQTYPE(reply_key_pack_draft9, krb5_reply_key_pack_draft9,
1586		reply_key_pack_draft9_fields);
1587
1588	1534	DEFCTAGGEDTYPE(pa_pk_as_rep_0, 0, dh_rep_info);
1589	1535	DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep_1, 1, ostring_data);
1590	1536	static const struct atype_info *pa_pk_as_rep_alternatives[] = {

1595	1541	DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep, krb5_pa_pk_as_rep, u, choice,
1596	1542	pa_pk_as_rep_choice);
1597	1543
1598		/*
1599		* draft-ietf-cat-kerberos-pk-init-09 specifies these alternatives as
1600		* explicitly tagged SignedData and EnvelopedData respectively, which means
1601		* they should have constructed context tags. However, our historical behavior
1602		* is to use primitive context tags, and we don't want to change that behavior
1603		* without interop testing. We have the encodings for each alternative in a
1604		* krb5_data object; pretend that they are wrapped in IMPLICIT OCTET STRING in
1605		* order to wrap them in primitive [0] and [1] tags.
1606		*/
1607		DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep9_0, 0, ostring_data);
1608		DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep9_1, 1, ostring_data);
1609		static const struct atype_info *pa_pk_as_rep_draft9_alternatives[] = {
1610		&k5_atype_pa_pk_as_rep9_0, &k5_atype_pa_pk_as_rep9_1
1611		};
1612		DEFCHOICETYPE(pa_pk_as_rep_draft9_choice,
1613		union krb5_pa_pk_as_rep_draft9_choices,
1614		enum krb5_pa_pk_as_rep_draft9_selection,
1615		pa_pk_as_rep_draft9_alternatives);
1616		DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep_draft9, krb5_pa_pk_as_rep_draft9, u, choice,
1617		pa_pk_as_rep_draft9_choice);
1618
1619	1544	MAKE_ENCODER(encode_krb5_pa_pk_as_req, pa_pk_as_req);
1620	1545	MAKE_DECODER(decode_krb5_pa_pk_as_req, pa_pk_as_req);
1621		MAKE_ENCODER(encode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9);
1622		MAKE_DECODER(decode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9_decode);
1623	1546	MAKE_ENCODER(encode_krb5_pa_pk_as_rep, pa_pk_as_rep);
1624	1547	MAKE_DECODER(decode_krb5_pa_pk_as_rep, pa_pk_as_rep);
1625		MAKE_ENCODER(encode_krb5_pa_pk_as_rep_draft9, pa_pk_as_rep_draft9);
1626	1548	MAKE_ENCODER(encode_krb5_auth_pack, auth_pack);
1627	1549	MAKE_DECODER(decode_krb5_auth_pack, auth_pack);
1628		MAKE_ENCODER(encode_krb5_auth_pack_draft9, auth_pack_draft9);
1629		MAKE_DECODER(decode_krb5_auth_pack_draft9, auth_pack_draft9);
1630	1550	MAKE_ENCODER(encode_krb5_kdc_dh_key_info, kdc_dh_key_info);
1631	1551	MAKE_DECODER(decode_krb5_kdc_dh_key_info, kdc_dh_key_info);
1632	1552	MAKE_ENCODER(encode_krb5_reply_key_pack, reply_key_pack);
1633	1553	MAKE_DECODER(decode_krb5_reply_key_pack, reply_key_pack);
1634		MAKE_ENCODER(encode_krb5_reply_key_pack_draft9, reply_key_pack_draft9);
1635		MAKE_DECODER(decode_krb5_reply_key_pack_draft9, reply_key_pack_draft9);
1636	1554	MAKE_ENCODER(encode_krb5_td_trusted_certifiers,
1637	1555	seqof_external_principal_identifier);
1638	1556	MAKE_DECODER(decode_krb5_td_trusted_certifiers,

1813	1731	MAKE_ENCODER(encode_krb5_secure_cookie, secure_cookie);
1814	1732	MAKE_DECODER(decode_krb5_secure_cookie, secure_cookie);
1815	1733
	1734	/*
	1735	* -- based on MS-KILE and MS-SFU
	1736	* PAC-OPTIONS-FLAGS ::= BIT STRING {
	1737	* claims(0),
	1738	* branch-aware(1),
	1739	* forward-to-full-dc(2),
	1740	* resource-based-constrained-delegation(3)
	1741	* }
	1742	*
	1743	* PA-PAC-OPTIONS ::= SEQUENCE {
	1744	* flags [0] PAC-OPTIONS-FLAGS
	1745	* }
	1746	*/
	1747	DEFFIELD(pa_pac_options_0, krb5_pa_pac_options, options, 0, krb5_flags);
	1748	static const struct atype_info *pa_pac_options_fields[] = {
	1749	&k5_atype_pa_pac_options_0
	1750	};
	1751	DEFSEQTYPE(pa_pac_options, krb5_pa_pac_options, pa_pac_options_fields);
	1752	MAKE_ENCODER(encode_krb5_pa_pac_options, pa_pac_options);
	1753	MAKE_DECODER(decode_krb5_pa_pac_options, pa_pac_options);
	1754
	1755
1816	1756	DEFFIELD(spake_factor_0, krb5_spake_factor, type, 0, int32);
1817	1757	DEFFIELD(spake_factor_1, krb5_spake_factor, data, 1, opt_ostring_data_ptr);
1818	1758	static const struct atype_info *spake_factor_fields[] = {

+3

-3

src/lib/krb5/ccache/Makefile.in less more

43	43	cc_memory.o \
44	44	cc_keyring.o \
45	45	ccfns.o \
46		ser_cc.o $(KCMRPC_OBJ)
	46	$(KCMRPC_OBJ)
47	47
48	48	OBJS= $(OUTPRE)ccbase.$(OBJEXT) \
49	49	$(OUTPRE)cccopy.$(OBJEXT) \

62	62	$(OUTPRE)cc_memory.$(OBJEXT) \
63	63	$(OUTPRE)cc_keyring.$(OBJEXT) \
64	64	$(OUTPRE)ccfns.$(OBJEXT) \
65		$(OUTPRE)ser_cc.$(OBJEXT) $(MSLSA_OBJ)
	65	$(MSLSA_OBJ)
66	66
67	67	SRCS= $(srcdir)/ccbase.c \
68	68	$(srcdir)/cccopy.c \

81	81	$(srcdir)/cc_memory.c \
82	82	$(srcdir)/cc_keyring.c \
83	83	$(srcdir)/ccfns.c \
84		$(srcdir)/ser_cc.c $(MSLSA_SRC)
	84	$(MSLSA_SRC)
85	85
86	86	EXTRADEPSRCS= \
87	87	$(srcdir)/t_cc.c \

+12

-2

src/lib/krb5/ccache/cc-int.h less more

112	112	extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
113	113	(krb5_context context);
114	114	#endif
	115
	116	krb5_error_code
	117	k5_cc_lock(krb5_context context, krb5_ccache ccache);
	118
	119	krb5_error_code
	120	k5_cc_unlock(krb5_context context, krb5_ccache ccache);
	121
	122	krb5_error_code
	123	k5_cccol_lock(krb5_context context);
	124
	125	krb5_error_code
	126	k5_cccol_unlock(krb5_context context);
115	127
116	128	void
117	129	k5_cc_mutex_force_unlock(k5_cc_mutex *m);

199	211	krb5_cc_ptcursor *);
200	212	krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
201	213	krb5_ccache);
202		krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
203		krb5_ccache, krb5_timestamp *);
204	214	krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
205	215	krb5_timestamp *);
206	216	krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);

+0

-10

src/lib/krb5/ccache/cc_dir.c less more

691	691	}
692	692
693	693	static krb5_error_code KRB5_CALLCONV
694		dcc_lastchange(krb5_context context, krb5_ccache cache,
695		krb5_timestamp *time_out)
696		{
697		dcc_data *data = cache->data;
698
699		return krb5_fcc_ops.lastchange(context, data->fcc, time_out);
700		}
701
702		static krb5_error_code KRB5_CALLCONV
703	694	dcc_lock(krb5_context context, krb5_ccache cache)
704	695	{
705	696	dcc_data *data = cache->data;

761	752	dcc_ptcursor_next,
762	753	dcc_ptcursor_free,
763	754	NULL, /* move */
764		dcc_lastchange,
765	755	NULL, /* wasdefault */
766	756	dcc_lock,
767	757	dcc_unlock,

+170

-53

src/lib/krb5/ccache/cc_file.c less more

445	445	krb5_error_code ret;
446	446	krb5_os_context os_ctx = &context->os_context;
447	447	fcc_data *data = id->data;
448		char i16buf[2], i32buf[4];
449	448	uint16_t fields_len;
450	449	ssize_t nwritten;
451	450	int st, flags, version, fd = -1;

483	482	/* Prepare the header and principal in buf. */
484	483	k5_buf_init_dynamic(&buf);
485	484	version = context->fcc_default_format - FVNO_BASE;
486		store_16_be(FVNO_BASE + version, i16buf);
487		k5_buf_add_len(&buf, i16buf, 2);
	485	k5_buf_add_uint16_be(&buf, FVNO_BASE + version);
488	486	if (version >= 4) {
489	487	/* Add tagged header fields. */
490	488	fields_len = 0;
491	489	if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
492	490	fields_len += 12;
493		store_16_be(fields_len, i16buf);
494		k5_buf_add_len(&buf, i16buf, 2);
	491	k5_buf_add_uint16_be(&buf, fields_len);
495	492	if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
496	493	/* Add time offset tag. */
497		store_16_be(FCC_TAG_DELTATIME, i16buf);
498		k5_buf_add_len(&buf, i16buf, 2);
499		store_16_be(8, i16buf);
500		k5_buf_add_len(&buf, i16buf, 2);
501		store_32_be(os_ctx->time_offset, i32buf);
502		k5_buf_add_len(&buf, i32buf, 4);
503		store_32_be(os_ctx->usec_offset, i32buf);
504		k5_buf_add_len(&buf, i32buf, 4);
	494	k5_buf_add_uint16_be(&buf, FCC_TAG_DELTATIME);
	495	k5_buf_add_uint16_be(&buf, 8);
	496	k5_buf_add_uint32_be(&buf, os_ctx->time_offset);
	497	k5_buf_add_uint32_be(&buf, os_ctx->usec_offset);
505	498	}
506	499	}
507	500	k5_marshal_princ(&buf, version, princ);

743	736	return set_errmsg_filename(context, ret, data->filename);
744	737	}
745	738
	739	/* Return true if cred is a removed entry (assuming that no legitimate cred
	740	* entries will have authtime=-1 and endtime=0). */
	741	static inline krb5_boolean
	742	cred_removed(krb5_creds *c)
	743	{
	744	return c->times.endtime == 0 && c->times.authtime == -1;
	745	}
	746
746	747	/* Get the next credential from the cache file. */
747	748	static krb5_error_code KRB5_CALLCONV
748	749	fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,

764	765	goto cleanup;
765	766	file_locked = TRUE;
766	767
767		/* Load a marshalled cred into memory. */
768		ret = get_size(context, fcursor->fp, &maxsize);
769		if (ret)
770		goto cleanup;
771		ret = load_cred(context, fcursor->fp, fcursor->version, maxsize, &buf);
772		if (ret)
773		goto cleanup;
774		ret = k5_buf_status(&buf);
775		if (ret)
776		goto cleanup;
777
778		/* Unmarshal it from buf into creds. */
779		ret = k5_unmarshal_cred(buf.data, buf.len, fcursor->version, creds);
	768	for (;;) {
	769	/* Load a marshalled cred into memory. */
	770	ret = get_size(context, fcursor->fp, &maxsize);
	771	if (ret)
	772	goto cleanup;
	773	ret = load_cred(context, fcursor->fp, fcursor->version, maxsize, &buf);
	774	if (ret)
	775	goto cleanup;
	776	ret = k5_buf_status(&buf);
	777	if (ret)
	778	goto cleanup;
	779
	780	/* Unmarshal it from buf into creds. */
	781	ret = k5_unmarshal_cred(buf.data, buf.len, fcursor->version, creds);
	782	if (ret)
	783	goto cleanup;
	784
	785	/* Keep going if this entry has been removed; otherwise stop. */
	786	if (!cred_removed(creds))
	787	break;
	788
	789	k5_buf_truncate(&buf, 0);
	790	krb5_free_cred_contents(context, creds);
	791	}
780	792
781	793	cleanup:
782	794	if (file_locked)

1001	1013	return set_errmsg_filename(context, ret ? ret : ret2, data->filename);
1002	1014	}
1003	1015
1004		/* Non-functional stub for removing a cred from the cache file. */
	1016	/*
	1017	* Overwrite cred in the ccache file with an entry that should not match any
	1018	* reasonable search. Deletion is not guaranteed. This method is originally
	1019	* from Heimdal, with the addition of setting authtime to -1.
	1020	*/
	1021	static krb5_error_code
	1022	delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
	1023	krb5_creds *cred)
	1024	{
	1025	krb5_error_code ret;
	1026	krb5_fcc_cursor fcursor = cursor;
	1027	fcc_data *data = cache->data;
	1028	struct k5buf expected = EMPTY_K5BUF, overwrite = EMPTY_K5BUF;
	1029	int fd = -1;
	1030	uint8_t *on_disk = NULL;
	1031	ssize_t rwret;
	1032	off_t start_offset;
	1033
	1034	k5_buf_init_dynamic_zap(&expected);
	1035	k5_buf_init_dynamic_zap(&overwrite);
	1036
	1037	/* Re-marshal cred to get its byte representation in the file. */
	1038	k5_marshal_cred(&expected, fcursor->version, cred);
	1039	ret = k5_buf_status(&expected);
	1040	if (ret)
	1041	goto cleanup;
	1042
	1043	/*
	1044	* Mark the cred expired so that it will be skipped over by any future
	1045	* match checks. Heimdal only sets endtime, but we also set authtime to
	1046	* distinguish from gssproxy's creds.
	1047	*/
	1048	cred->times.endtime = 0;
	1049	cred->times.authtime = -1;
	1050
	1051	/* For config entries, also change the realm so that other implementations
	1052	* won't match them. */
	1053	if (data_eq_string(cred->server->realm, "X-CACHECONF:"))
	1054	memcpy(cred->server->realm.data, "X-RMED-CONF:", 12);
	1055
	1056	k5_marshal_cred(&overwrite, fcursor->version, cred);
	1057	ret = k5_buf_status(&overwrite);
	1058	if (ret)
	1059	goto cleanup;
	1060
	1061	if (expected.len != overwrite.len) {
	1062	ret = KRB5_CC_FORMAT;
	1063	goto cleanup;
	1064	}
	1065
	1066	/* Get a non-O_APPEND handle to the raw file. */
	1067	fd = open(data->filename, O_RDWR \| O_BINARY \| O_CLOEXEC);
	1068	if (fd == -1) {
	1069	ret = interpret_errno(context, errno);
	1070	goto cleanup;
	1071	}
	1072
	1073	start_offset = ftell(fcursor->fp);
	1074	if (start_offset == -1) {
	1075	ret = interpret_errno(context, errno);
	1076	goto cleanup;
	1077	}
	1078	start_offset -= expected.len;
	1079
	1080	/* Read the bytes at the entry to be overwritten. */
	1081	if (lseek(fd, start_offset, SEEK_SET) == -1) {
	1082	ret = interpret_errno(context, errno);
	1083	goto cleanup;
	1084	}
	1085	on_disk = k5alloc(expected.len, &ret);
	1086	if (ret != 0)
	1087	goto cleanup;
	1088	rwret = read(fd, on_disk, expected.len);
	1089	if (rwret < 0) {
	1090	ret = interpret_errno(context, errno);
	1091	goto cleanup;
	1092	} else if ((size_t)rwret != expected.len) {
	1093	ret = KRB5_CC_FORMAT;
	1094	goto cleanup;
	1095	}
	1096
	1097	/*
	1098	* If the bytes have changed, either someone else removed the same cred or
	1099	* the cache was reinitialized. Either way the cred is no longer present,
	1100	* so return successfully.
	1101	*/
	1102	if (memcmp(on_disk, expected.data, expected.len) != 0)
	1103	goto cleanup;
	1104
	1105	/* Write out the altered entry. */
	1106	if (lseek(fd, start_offset, SEEK_SET) == -1) {
	1107	ret = interpret_errno(context, errno);
	1108	goto cleanup;
	1109	}
	1110	rwret = write(fd, overwrite.data, overwrite.len);
	1111	if (rwret < 0) {
	1112	ret = interpret_errno(context, errno);
	1113	goto cleanup;
	1114	}
	1115
	1116	cleanup:
	1117	if (fd >= 0)
	1118	close(fd);
	1119	zapfree(on_disk, expected.len);
	1120	k5_buf_free(&expected);
	1121	k5_buf_free(&overwrite);
	1122	return ret;
	1123	}
	1124
	1125	/* Remove the given creds from the ccache file. */
1005	1126	static krb5_error_code KRB5_CALLCONV
1006	1127	fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
1007	1128	krb5_creds *creds)
1008	1129	{
1009		return KRB5_CC_NOSUPP;
	1130	krb5_error_code ret;
	1131	krb5_cc_cursor cursor;
	1132	krb5_creds cur;
	1133
	1134	ret = krb5_cc_start_seq_get(context, cache, &cursor);
	1135	if (ret)
	1136	return ret;
	1137
	1138	for (;;) {
	1139	ret = krb5_cc_next_cred(context, cache, &cursor, &cur);
	1140	if (ret)
	1141	break;
	1142
	1143	if (krb5int_cc_creds_match_request(context, flags, creds, &cur))
	1144	ret = delete_cred(context, cache, &cursor, &cur);
	1145	krb5_free_cred_contents(context, &cur);
	1146	if (ret)
	1147	break;
	1148	}
	1149
	1150	krb5_cc_end_seq_get(context, cache, &cursor);
	1151	return (ret == KRB5_CC_END) ? 0 : ret;
1010	1152	}
1011	1153
1012	1154	static krb5_error_code KRB5_CALLCONV

1096	1238	free(*cursor);
1097	1239	*cursor = NULL;
1098	1240	return 0;
1099		}
1100
1101		/* Get the cache file's last modification time. */
1102		static krb5_error_code KRB5_CALLCONV
1103		fcc_last_change_time(krb5_context context, krb5_ccache id,
1104		krb5_timestamp *change_time)
1105		{
1106		krb5_error_code ret = 0;
1107		fcc_data *data = id->data;
1108		struct stat buf;
1109
1110		*change_time = 0;
1111
1112		k5_cc_mutex_lock(context, &data->lock);
1113
1114		if (stat(data->filename, &buf) == -1)
1115		ret = interpret_errno(context, errno);
1116		else
1117		*change_time = (krb5_timestamp)buf.st_mtime;
1118
1119		k5_cc_mutex_unlock(context, &data->lock);
1120
1121		return set_errmsg_filename(context, ret, data->filename);
1122	1241	}
1123	1242
1124	1243	/* Lock the cache handle against other threads. (This does not lock the cache

1216	1335	fcc_ptcursor_next,
1217	1336	fcc_ptcursor_free,
1218	1337	NULL, /* move */
1219		fcc_last_change_time,
1220	1338	NULL, /* wasdefault */
1221	1339	fcc_lock,
1222	1340	fcc_unlock,

1287	1405	fcc_ptcursor_next,
1288	1406	fcc_ptcursor_free,
1289	1407	NULL, /* move */
1290		fcc_last_change_time,
1291	1408	NULL, /* wasdefault */
1292	1409	fcc_lock,
1293	1410	fcc_unlock,

+17

-51

src/lib/krb5/ccache/cc_kcm.c less more

78	78
79	79	struct kcm_cache_data {
80	80	char residual; / immutable; may be accessed without lock */
81		k5_cc_mutex lock; /* protects io and changetime */
	81	k5_cc_mutex lock; /* protects io */
82	82	struct kcmio *io;
83		krb5_timestamp changetime;
84	83	};
85	84
86	85	struct kcm_ptcursor {

119	118	name = ((struct kcm_cache_data *)cache->data)->residual;
120	119	k5_buf_add_len(&req->reqbuf, name, strlen(name) + 1);
121	120	}
122		}
123
124		/* Add a 32-bit value to the request in big-endian byte order. */
125		static void
126		kcmreq_put32(struct kcmreq *req, uint32_t val)
127		{
128		unsigned char bytes[4];
129
130		store_32_be(val, bytes);
131		k5_buf_add_len(&req->reqbuf, bytes, 4);
132	121	}
133	122
134	123	#ifdef __APPLE__

539	528
540	529	data->residual = residual_copy;
541	530	data->io = io;
542		data->changetime = 0;
543	531	cache->ops = &krb5_kcm_ops;
544	532	cache->data = data;
545	533	cache->magic = KV5M_CCACHE;

554	542	return ENOMEM;
555	543	}
556	544
557		/* Lock cache's I/O structure and use it to call the KCM daemon. If modify is
558		* true, update the last change time. */
559		static krb5_error_code
560		cache_call(krb5_context context, krb5_ccache cache, struct kcmreq *req,
561		krb5_boolean modify)
	545	/* Lock cache's I/O structure and use it to call the KCM daemon. */
	546	static krb5_error_code
	547	cache_call(krb5_context context, krb5_ccache cache, struct kcmreq *req)
562	548	{
563	549	krb5_error_code ret;
564	550	struct kcm_cache_data *data = cache->data;
565	551
566	552	k5_cc_mutex_lock(context, &data->lock);
567	553	ret = kcmio_call(context, data->io, req);
568		if (modify && !ret)
569		data->changetime = time(NULL);
570	554	k5_cc_mutex_unlock(context, &data->lock);
571	555	return ret;
572	556	}

579	563	int32_t time_offset;
580	564
581	565	kcmreq_init(&req, KCM_OP_GET_KDC_OFFSET, cache);
582		if (cache_call(context, cache, &req, FALSE) != 0)
	566	if (cache_call(context, cache, &req) != 0)
583	567	goto cleanup;
584	568	time_offset = k5_input_get_uint32_be(&req.reply);
585		if (!req.reply.status)
	569	if (req.reply.status)
586	570	goto cleanup;
587	571	context->os_context.time_offset = time_offset;
588	572	context->os_context.usec_offset = 0;

601	585
602	586	if (context->os_context.os_flags & KRB5_OS_TOFFSET_VALID) {
603	587	kcmreq_init(&req, KCM_OP_SET_KDC_OFFSET, cache);
604		kcmreq_put32(&req, context->os_context.time_offset);
605		(void)cache_call(context, cache, &req, TRUE);
	588	k5_buf_add_uint32_be(&req.reqbuf, context->os_context.time_offset);
	589	(void)cache_call(context, cache, &req);
606	590	kcmreq_free(&req);
607	591	}
608	592	}

684	668
685	669	kcmreq_init(&req, KCM_OP_INITIALIZE, cache);
686	670	k5_marshal_princ(&req.reqbuf, 4, princ);
687		ret = cache_call(context, cache, &req, TRUE);
	671	ret = cache_call(context, cache, &req);
688	672	kcmreq_free(&req);
689	673	set_kdc_offset(context, cache);
690	674	return ret;

710	694	struct kcmreq req;
711	695
712	696	kcmreq_init(&req, KCM_OP_DESTROY, cache);
713		ret = cache_call(context, cache, &req, TRUE);
	697	ret = cache_call(context, cache, &req);
714	698	kcmreq_free(&req);
715	699	(void)kcm_close(context, cache);
716	700	return ret;

724	708
725	709	kcmreq_init(&req, KCM_OP_STORE, cache);
726	710	k5_marshal_cred(&req.reqbuf, 4, cred);
727		ret = cache_call(context, cache, &req, TRUE);
	711	ret = cache_call(context, cache, &req);
728	712	kcmreq_free(&req);
729	713	return ret;
730	714	}

747	731	struct kcm_cache_data *data = cache->data;
748	732
749	733	kcmreq_init(&req, KCM_OP_GET_PRINCIPAL, cache);
750		ret = cache_call(context, cache, &req, FALSE);
	734	ret = cache_call(context, cache, &req);
751	735	/* Heimdal KCM can respond with code 0 and no principal. */
752	736	if (!ret && req.reply.len == 0)
753	737	ret = KRB5_FCC_NOFILE;

775	759	get_kdc_offset(context, cache);
776	760
777	761	kcmreq_init(&req, KCM_OP_GET_CRED_UUID_LIST, cache);
778		ret = cache_call(context, cache, &req, FALSE);
	762	ret = cache_call(context, cache, &req);
779	763	if (ret)
780	764	goto cleanup;
781	765	ret = kcmreq_get_uuid_list(&req, &uuids);

805	789	k5_buf_add_len(&req.reqbuf, uuids->uuidbytes + (uuids->pos * KCM_UUID_LEN),
806	790	KCM_UUID_LEN);
807	791	uuids->pos++;
808		ret = cache_call(context, cache, &req, FALSE);
	792	ret = cache_call(context, cache, &req);
809	793	if (!ret)
810	794	ret = k5_unmarshal_cred(req.reply.ptr, req.reply.len, 4, cred_out);
811	795	kcmreq_free(&req);

829	813	struct kcmreq req;
830	814
831	815	kcmreq_init(&req, KCM_OP_REMOVE_CRED, cache);
832		kcmreq_put32(&req, flags);
	816	k5_buf_add_uint32_be(&req.reqbuf, flags);
833	817	k5_marshal_mcred(&req.reqbuf, mcred);
834		ret = cache_call(context, cache, &req, TRUE);
	818	ret = cache_call(context, cache, &req);
835	819	kcmreq_free(&req);
836	820	return ret;
837	821	}

1032	1016	}
1033	1017
1034	1018	static krb5_error_code KRB5_CALLCONV
1035		kcm_lastchange(krb5_context context, krb5_ccache cache,
1036		krb5_timestamp *time_out)
1037		{
1038		struct kcm_cache_data *data = cache->data;
1039
1040		/*
1041		* KCM has no support for retrieving the last change time. Return the time
1042		* of the last change made through this handle, which isn't very useful,
1043		* but is the best we can do for now.
1044		*/
1045		k5_cc_mutex_lock(context, &data->lock);
1046		*time_out = data->changetime;
1047		k5_cc_mutex_unlock(context, &data->lock);
1048		return 0;
1049		}
1050
1051		static krb5_error_code KRB5_CALLCONV
1052	1019	kcm_lock(krb5_context context, krb5_ccache cache)
1053	1020	{
1054	1021	k5_cc_mutex_lock(context, &((struct kcm_cache_data *)cache->data)->lock);

1069	1036	struct kcmreq req;
1070	1037
1071	1038	kcmreq_init(&req, KCM_OP_SET_DEFAULT_CACHE, cache);
1072		ret = cache_call(context, cache, &req, FALSE);
	1039	ret = cache_call(context, cache, &req);
1073	1040	kcmreq_free(&req);
1074	1041	return ret;
1075	1042	}

1096	1063	kcm_ptcursor_next,
1097	1064	kcm_ptcursor_free,
1098	1065	NULL, /* move */
1099		kcm_lastchange,
1100	1066	NULL, /* wasdefault */
1101	1067	kcm_lock,
1102	1068	kcm_unlock,

+64

-72

src/lib/krb5/ccache/cc_keyring.c less more

229	229	key_serial_t collection_id; /* collection containing this cache keyring */
230	230	key_serial_t cache_id; /* keyring representing ccache */
231	231	key_serial_t princ_id; /* key holding principal info */
232		krb5_timestamp changetime;
233	232	krb5_boolean is_legacy_type;
234	233	} krcc_data;
235	234

273	272	static krb5_error_code get_time_offsets(krb5_context context, krb5_ccache id,
274	273	int32_t *time_offset,
275	274	int32_t *usec_offset);
276
277		static void krcc_update_change_time(krcc_data *d);
278	275
279	276	/* Note the following is a stub function for Linux */
280	277	extern krb5_error_code krb5_change_cache(void);

849	846	return errno;
850	847	}
851	848	data->princ_id = 0;
852		krcc_update_change_time(data);
853	849
854	850	return 0;
855	851	}

1031	1027
1032	1028	memset(creds, 0, sizeof(krb5_creds));
1033	1029
1034		/* The cursor has the entire list of keys. (Note that we don't support
1035		* remove_cred.) */
	1030	/* The cursor has the entire list of keys. */
1036	1031	krcursor = *cursor;
1037	1032	if (krcursor == NULL)
1038	1033	return KRB5_CC_END;
1039	1034
1040		/* If we're pointing past the end of the keys array, there are no more. */
1041		if (krcursor->currkey >= krcursor->numkeys)
1042		return KRB5_CC_END;
1043
1044		/* If we're pointing at the entry with the principal, or at the key
1045		* with the time offsets, skip it. */
1046		while (krcursor->keys[krcursor->currkey] == krcursor->princ_id \|\|
1047		krcursor->keys[krcursor->currkey] == krcursor->offsets_id) {
	1035	while (krcursor->currkey < krcursor->numkeys) {
	1036	/* If we're pointing at the entry with the principal, or at the key
	1037	* with the time offsets, skip it. */
	1038	if (krcursor->keys[krcursor->currkey] == krcursor->princ_id \|\|
	1039	krcursor->keys[krcursor->currkey] == krcursor->offsets_id) {
	1040	krcursor->currkey++;
	1041	continue;
	1042	}
	1043
	1044	/* Read the key; the right size buffer will be allocated and
	1045	* returned. */
	1046	psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey],
	1047	&payload);
	1048	if (psize != -1) {
	1049	krcursor->currkey++;
	1050
	1051	/* Unmarshal the cred using the file ccache version 4 format. */
	1052	ret = k5_unmarshal_cred(payload, psize, 4, creds);
	1053	free(payload);
	1054	return ret;
	1055	} else if (errno != ENOKEY && errno != EACCES) {
	1056	DEBUG_PRINT(("Error reading key %d: %s\n",
	1057	krcursor->keys[krcursor->currkey], strerror(errno)));
	1058	return KRB5_FCC_NOFILE;
	1059	}
	1060
	1061	/* The current key was unlinked, probably by a remove_cred call; move
	1062	* on to the next one. */
1048	1063	krcursor->currkey++;
1049		/* Check if we have now reached the end */
1050		if (krcursor->currkey >= krcursor->numkeys)
1051		return KRB5_CC_END;
1052		}
1053
1054		/* Read the key; the right size buffer will be allocated and returned. */
1055		psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload);
1056		if (psize == -1) {
1057		DEBUG_PRINT(("Error reading key %d: %s\n",
1058		krcursor->keys[krcursor->currkey],
1059		strerror(errno)));
1060		return KRB5_FCC_NOFILE;
1061		}
1062		krcursor->currkey++;
1063
1064		/* Unmarshal the credential using the file ccache version 4 format. */
1065		ret = k5_unmarshal_cred(payload, psize, 4, creds);
1066		free(payload);
1067		return ret;
	1064	}
	1065
	1066	/* No more keys in keyring. */
	1067	return KRB5_CC_END;
1068	1068	}
1069	1069
1070	1070	/* Release an iteration cursor. */

1112	1112	data->princ_id = 0;
1113	1113	data->cache_id = cache_id;
1114	1114	data->collection_id = collection_id;
1115		data->changetime = 0;
1116	1115	data->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0);
1117		krcc_update_change_time(data);
1118	1116
1119	1117	*data_out = data;
1120	1118	return 0;

1247	1245	creds);
1248	1246	}
1249	1247
1250		/* Non-functional stub for removing a cred from the cache keyring. */
	1248	/* Remove a credential from the cache keyring. */
1251	1249	static krb5_error_code KRB5_CALLCONV
1252	1250	krcc_remove_cred(krb5_context context, krb5_ccache cache,
1253	1251	krb5_flags flags, krb5_creds *creds)
1254	1252	{
1255		return KRB5_CC_NOSUPP;
	1253	krb5_error_code ret;
	1254	krcc_data *data = cache->data;
	1255	krb5_cc_cursor cursor;
	1256	krb5_creds c;
	1257	krcc_cursor krcursor;
	1258	key_serial_t key;
	1259	krb5_boolean match;
	1260
	1261	ret = krcc_start_seq_get(context, cache, &cursor);
	1262	if (ret)
	1263	return ret;
	1264
	1265	for (;;) {
	1266	ret = krcc_next_cred(context, cache, &cursor, &c);
	1267	if (ret)
	1268	break;
	1269	match = krb5int_cc_creds_match_request(context, flags, creds, &c);
	1270	krb5_free_cred_contents(context, &c);
	1271	if (match) {
	1272	krcursor = cursor;
	1273	key = krcursor->keys[krcursor->currkey - 1];
	1274	if (keyctl_unlink(key, data->cache_id) == -1) {
	1275	ret = errno;
	1276	break;
	1277	}
	1278	}
	1279	}
	1280
	1281	krcc_end_seq_get(context, cache, &cursor);
	1282	return (ret == KRB5_CC_END) ? 0 : ret;
1256	1283	}
1257	1284
1258	1285	/* Set flags on the cache. (We don't care about any flags.) */

1308	1335	if (ret)
1309	1336	goto errout;
1310	1337
1311		krcc_update_change_time(data);
1312
1313	1338	/* Set appropriate timeouts on cache keys. */
1314	1339	ret = krb5_timeofday(context, &now);
1315	1340	if (ret)

1327	1352	krb5_free_unparsed_name(context, keyname);
1328	1353	k5_cc_mutex_unlock(context, &data->lock);
1329	1354	return ret;
1330		}
1331
1332		/* Get the cache's last modification time. (This is currently broken; it
1333		* returns only the last change made using this handle.) */
1334		static krb5_error_code KRB5_CALLCONV
1335		krcc_last_change_time(krb5_context context, krb5_ccache id,
1336		krb5_timestamp *change_time)
1337		{
1338		krcc_data *data = id->data;
1339
1340		k5_cc_mutex_lock(context, &data->lock);
1341		*change_time = data->changetime;
1342		k5_cc_mutex_unlock(context, &data->lock);
1343		return 0;
1344	1355	}
1345	1356
1346	1357	/* Lock the cache handle against other threads. (This does not lock the cache

1402	1413	} else {
1403	1414	data->princ_id = newkey;
1404	1415	ret = 0;
1405		krcc_update_change_time(data);
1406	1416	}
1407	1417
1408	1418	k5_buf_free(&buf);

1429	1439	data->cache_id);
1430	1440	if (newkey == -1)
1431	1441	return errno;
1432		krcc_update_change_time(data);
1433	1442	return 0;
1434	1443	}
1435	1444

1668	1677	free(collection_name);
1669	1678	free(subsidiary_name);
1670	1679	return ret;
1671		}
1672
1673		/*
1674		* Utility routine: called by krcc_* functions to keep
1675		* result of krcc_last_change_time up to date.
1676		* Value monotonically increases -- based on but not guaranteed to be actual
1677		* system time.
1678		*/
1679
1680		static void
1681		krcc_update_change_time(krcc_data *data)
1682		{
1683		krb5_timestamp now_time = time(NULL);
1684		data->changetime = ts_after(now_time, data->changetime) ?
1685		now_time : ts_incr(data->changetime, 1);
1686	1680	}
1687	1681
1688	1682	/*

1713	1707	krcc_ptcursor_next,
1714	1708	krcc_ptcursor_free,
1715	1709	NULL, /* move */
1716		krcc_last_change_time, /* lastchange */
1717	1710	NULL, /* wasdefault */
1718	1711	krcc_lock,
1719	1712	krcc_unlock,

1751	1744	NULL,
1752	1745	NULL,
1753	1746	NULL,
1754		NULL,
1755	1747	};
1756	1748	#endif /* USE_KEYRING_CCACHE */

+31

-45

src/lib/krb5/ccache/cc_memory.c less more

83	83	static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free
84	84	(krb5_context, krb5_cc_ptcursor *);
85	85
86		static krb5_error_code KRB5_CALLCONV krb5_mcc_last_change_time
87		(krb5_context, krb5_ccache, krb5_timestamp *);
88
89	86	static krb5_error_code KRB5_CALLCONV krb5_mcc_lock
90	87	(krb5_context context, krb5_ccache id);
91	88

110	107	k5_cc_mutex lock;
111	108	krb5_principal prin;
112	109	krb5_mcc_link *link;
113		krb5_timestamp changetime;
114	110	/* Time offsets for clock-skewed clients. */
115	111	krb5_int32 time_offset;
116	112	krb5_int32 usec_offset;

132	128	k5_cc_mutex krb5int_mcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
133	129	static struct k5_hashtab *mcc_hashtab = NULL;
134	130
135		static void update_mcc_change_time(krb5_mcc_data *);
136
137	131	/* Ensure that mcc_hashtab is initialized. Call with krb5int_mcc_mutex
138	132	* locked. */
139	133	static krb5_error_code

191	185	empty_mcc_cache(context, d);
192	186
193	187	ret = krb5_copy_principal(context, princ, &d->prin);
194		update_mcc_change_time(d);
195	188
196	189	if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
197	190	/* Store client time offsets in the cache */

404	397	*/
405	398	k5_cc_mutex_lock(context, &d->lock);
406	399	if (mcursor->generation != d->generation) {
407		k5_cc_mutex_unlock(context, &d->lock);
408		return KRB5_CC_END;
	400	retval = KRB5_CC_END;
	401	goto done;
	402	}
	403
	404	/* Skip over removed creds. */
	405	while (mcursor->next_link != NULL && mcursor->next_link->creds == NULL)
	406	mcursor->next_link = mcursor->next_link->next;
	407	if (mcursor->next_link == NULL) {
	408	retval = KRB5_CC_END;
	409	goto done;
409	410	}
410	411
411	412	retval = k5_copy_creds_contents(context, mcursor->next_link->creds, creds);
412	413	if (retval == 0)
413	414	mcursor->next_link = mcursor->next_link->next;
414	415
	416	done:
415	417	k5_cc_mutex_unlock(context, &d->lock);
416	418	return retval;
417	419	}

468	470	}
469	471	d->link = NULL;
470	472	d->prin = NULL;
471		d->changetime = 0;
472	473	d->time_offset = 0;
473	474	d->usec_offset = 0;
474	475	d->refcount = 2;
475	476	d->generation = 0;
476		update_mcc_change_time(d);
477	477
478	478	if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
479	479	free(d->name);

591	591	}
592	592
593	593	/*
594		* Non-functional stub implementation for krb5_mcc_remove
595		*
596		* Errors:
597		* KRB5_CC_NOSUPP - not implemented
	594	* Modifies:
	595	* the memory cache
	596	*
	597	* Effects:
	598	* Remove the given creds from the ccache.
598	599	*/
599	600	static krb5_error_code KRB5_CALLCONV
600	601	krb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
601	602	krb5_creds *creds)
602	603	{
603		return KRB5_CC_NOSUPP;
	604	krb5_mcc_data data = (krb5_mcc_data )cache->data;
	605	krb5_mcc_link *l;
	606
	607	k5_cc_mutex_lock(context, &data->lock);
	608
	609	for (l = data->link; l != NULL; l = l->next) {
	610	if (l->creds != NULL &&
	611	krb5int_cc_creds_match_request(context, flags, creds, l->creds)) {
	612	krb5_free_creds(context, l->creds);
	613	l->creds = NULL;
	614	}
	615	}
	616
	617	k5_cc_mutex_unlock(context, &data->lock);
	618	return 0;
604	619	}
605	620
606	621

655	670	k5_cc_mutex_lock(ctx, &mptr->lock);
656	671	new_node->next = mptr->link;
657	672	mptr->link = new_node;
658		update_mcc_change_time(mptr);
659	673	k5_cc_mutex_unlock(ctx, &mptr->lock);
660	674	return 0;
661	675	cleanup:

722	736	free(*cursor);
723	737	*cursor = NULL;
724	738	return 0;
725		}
726
727		static krb5_error_code KRB5_CALLCONV
728		krb5_mcc_last_change_time(
729		krb5_context context,
730		krb5_ccache id,
731		krb5_timestamp *change_time)
732		{
733		krb5_mcc_data data = (krb5_mcc_data ) id->data;
734
735		k5_cc_mutex_lock(context, &data->lock);
736		*change_time = data->changetime;
737		k5_cc_mutex_unlock(context, &data->lock);
738		return 0;
739		}
740
741		/*
742		Utility routine: called by krb5_mcc_* functions to keep
743		result of krb5_mcc_last_change_time up to date
744		*/
745
746		static void
747		update_mcc_change_time(krb5_mcc_data *d)
748		{
749		krb5_timestamp now_time = time(NULL);
750		d->changetime = ts_after(now_time, d->changetime) ?
751		now_time : ts_incr(d->changetime, 1);
752	739	}
753	740
754	741	static krb5_error_code KRB5_CALLCONV

791	778	krb5_mcc_ptcursor_next,
792	779	krb5_mcc_ptcursor_free,
793	780	NULL, /* move */
794		krb5_mcc_last_change_time,
795	781	NULL, /* wasdefault */
796	782	krb5_mcc_lock,
797	783	krb5_mcc_unlock,

+8

-8

src/lib/krb5/ccache/cc_mslsa.c less more

1064	1064	}
1065	1065
1066	1066	//
1067		// Intialize the request of the request.
	1067	// Initialize the request of the request.
1068	1068	//
1069	1069
1070	1070	pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;

1102	1102	}
1103	1103
1104	1104	if (krb5_get_tgs_ktypes(context, NULL, &etype_list)) {
1105		ptr = etype_list = NULL;
1106		etype = ENCTYPE_DES_CBC_CRC;
1107		} else {
1108		ptr = etype_list + 1;
1109		etype = *etype_list;
1110		}
	1105	/* No enctypes - nothing we can do. */
	1106	bIsLsaError = TRUE;
	1107	goto cleanup;
	1108	}
	1109
	1110	ptr = etype_list + 1;
	1111	etype = *etype_list;
1111	1112
1112	1113	while ( etype ) {
1113	1114	// Try once more but this time specify the Encryption Type

2202	2203	krb5_lcc_ptcursor_next,
2203	2204	krb5_lcc_ptcursor_free,
2204	2205	NULL, /* move */
2205		NULL, /* lastchange */
2206	2206	NULL, /* wasdefault */
2207	2207	NULL, /* lock */
2208	2208	NULL, /* unlock */

+1

-28

src/lib/krb5/ccache/ccapi/stdcc.c less more

91	91	krb5_stdccv3_ptcursor_next,
92	92	krb5_stdccv3_ptcursor_free,
93	93	NULL, /* move */
94		krb5_stdccv3_last_change_time, /* lastchange */
95	94	NULL, /* wasdefault */
96	95	krb5_stdccv3_lock,
97	96	krb5_stdccv3_unlock,

112	111	krb5_stdcc_remove,
113	112	krb5_stdcc_set_flags,
114	113	krb5_stdcc_get_flags,
115		NULL,
116	114	NULL,
117	115	NULL,
118	116	NULL,

588	586	err = stdccv3_setup (context, ccapi_data);
589	587	}
590	588
591		/* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
592	589	while (!err) {
593	590	err = cc_credentials_iterator_next (iterator, &credentials);
594	591

835	832	&iterator);
836	833	}
837	834
838		/* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
839	835	while (!err && !found) {
840	836	cc_credentials_t credentials = NULL;
841	837

1002	998	return 0;
1003	999	}
1004	1000
1005		krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
1006		(krb5_context context, krb5_ccache id,
1007		krb5_timestamp *change_time)
1008		{
1009		krb5_error_code err = 0;
1010		stdccCacheDataPtr ccapi_data = id->data;
1011		cc_time_t ccapi_change_time = 0;
1012
1013		*change_time = 0;
1014
1015		if (!err) {
1016		err = stdccv3_setup(context, ccapi_data);
1017		}
1018		if (!err) {
1019		err = cc_ccache_get_change_time (ccapi_data->NamedCache, &ccapi_change_time);
1020		}
1021		if (!err) {
1022		*change_time = ccapi_change_time;
1023		}
1024
1025		return cc_err_xlate (err);
1026		}
1027
1028	1001	krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
1029	1002	(krb5_context context, krb5_ccache id)
1030	1003	{

1105	1078	{
1106	1079	int err;
1107	1080
1108		/* make sure the API has been intialized */
	1081	/* make sure the API has been initialized */
1109	1082	if (gCntrlBlock == NULL) {
1110	1083	#ifdef CC_API_VER2
1111	1084	err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL);

+0

-4

src/lib/krb5/ccache/ccapi/stdcc.h less more

101	101	krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_free
102	102	(krb5_context context, krb5_cc_ptcursor *cursor);
103	103
104		krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
105		(krb5_context context, krb5_ccache id,
106		krb5_timestamp *change_time);
107
108	104	krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
109	105	(krb5_context, krb5_ccache id);
110	106

+1

-7

src/lib/krb5/ccache/ccapi/stdcc_util.c less more

520	520
521	521	free (cv5);
522	522
523		} else if (in_cred_union->version == cc_credentials_v4 &&
524		in_cred_union->credentials.credentials_v4) {
525		free (in_cred_union->credentials.credentials_v4);
526	523	}
527	524	free ((cc_credentials_union *) in_cred_union);
528	525	}

891	888
892	889	static void deep_free_cc_creds (cred_union creds)
893	890	{
894		if (creds.cred_type == CC_CRED_V4) {
895		/* we shouldn't get this, of course */
896		free (creds.cred.pV4Cred);
897		} else if (creds.cred_type == CC_CRED_V5) {
	891	if (creds.cred_type == CC_CRED_V5) {
898	892	deep_free_cc_v5_creds (creds.cred.pV5Cred);
899	893	}
900	894	}

+16

-16

src/lib/krb5/ccache/ccbase.c less more

354	354	krb5_principal princ = NULL;
355	355
356	356	TRACE_CC_MOVE(context, src, dst);
357		ret = krb5_cccol_lock(context);
	357	ret = k5_cccol_lock(context);
358	358	if (ret) {
359	359	return ret;
360	360	}
361	361
362		ret = krb5_cc_lock(context, src);
	362	ret = k5_cc_lock(context, src);
363	363	if (ret) {
364		krb5_cccol_unlock(context);
	364	k5_cccol_unlock(context);
365	365	return ret;
366	366	}
367	367

370	370	ret = krb5_cc_initialize(context, dst, princ);
371	371	}
372	372	if (ret) {
373		krb5_cc_unlock(context, src);
374		krb5_cccol_unlock(context);
	373	k5_cc_unlock(context, src);
	374	k5_cccol_unlock(context);
375	375	return ret;
376	376	}
377	377
378		ret = krb5_cc_lock(context, dst);
	378	ret = k5_cc_lock(context, dst);
379	379	if (!ret) {
380	380	ret = krb5_cc_copy_creds(context, src, dst);
381		krb5_cc_unlock(context, dst);
382		}
383
384		krb5_cc_unlock(context, src);
	381	k5_cc_unlock(context, dst);
	382	}
	383
	384	k5_cc_unlock(context, src);
385	385	if (!ret) {
386	386	ret = krb5_cc_destroy(context, src);
387	387	}
388		krb5_cccol_unlock(context);
	388	k5_cccol_unlock(context);
389	389	if (princ) {
390	390	krb5_free_principal(context, princ);
391	391	princ = NULL;

496	496	* holds on to all pertype global locks as well as typelist lock
497	497	*/
498	498
499		krb5_error_code KRB5_CALLCONV
500		krb5_cccol_lock(krb5_context context)
	499	krb5_error_code
	500	k5_cccol_lock(krb5_context context)
501	501	{
502	502	krb5_error_code ret = 0;
503	503

510	510	#endif
511	511	#ifdef USE_CCAPI_V3
512	512	ret = krb5_stdccv3_context_lock(context);
513		#endif
514	513	if (ret) {
515	514	k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
516	515	k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);

518	517	k5_cc_mutex_unlock(context, &cccol_lock);
519	518	return ret;
520	519	}
	520	#endif
521	521	k5_mutex_unlock(&cc_typelist_lock);
522	522	return ret;
523	523	}
524	524
525		krb5_error_code KRB5_CALLCONV
526		krb5_cccol_unlock(krb5_context context)
	525	krb5_error_code
	526	k5_cccol_unlock(krb5_context context)
527	527	{
528	528	krb5_error_code ret = 0;
529	529

+0

-35

src/lib/krb5/ccache/cccursor.c less more

141	141	}
142	142
143	143	krb5_error_code KRB5_CALLCONV
144		krb5_cccol_last_change_time(krb5_context context,
145		krb5_timestamp *change_time)
146		{
147		krb5_error_code ret = 0;
148		krb5_cccol_cursor c = NULL;
149		krb5_ccache ccache = NULL;
150		krb5_timestamp last_time = 0;
151		krb5_timestamp max_change_time = 0;
152
153		*change_time = 0;
154
155		ret = krb5_cccol_cursor_new(context, &c);
156
157		while (!ret) {
158		ret = krb5_cccol_cursor_next(context, c, &ccache);
159		if (ccache) {
160		ret = krb5_cc_last_change_time(context, ccache, &last_time);
161		if (!ret && ts_after(last_time, max_change_time)) {
162		max_change_time = last_time;
163		}
164		ret = 0;
165		}
166		else {
167		break;
168		}
169		}
170		*change_time = max_change_time;
171		return ret;
172		}
173
174		/*
175		* krb5_cccol_lock and krb5_cccol_unlock are defined in ccbase.c
176		*/
177
178		krb5_error_code KRB5_CALLCONV
179	144	krb5_cc_cache_match(krb5_context context, krb5_principal client,
180	145	krb5_ccache *cache_out)
181	146	{

+5

-37

src/lib/krb5/ccache/ccfns.c less more

79	79	krb5_cc_store_cred(krb5_context context, krb5_ccache cache,
80	80	krb5_creds *creds)
81	81	{
82		krb5_error_code ret;
83		krb5_ticket *tkt;
84		krb5_principal s1, s2;
85
86	82	TRACE_CC_STORE(context, cache, creds);
87		ret = cache->ops->store(context, cache, creds);
88		if (ret) return ret;
89
90		/*
91		* If creds->server and the server in the decoded ticket differ,
92		* store both principals.
93		*/
94		s1 = creds->server;
95		ret = decode_krb5_ticket(&creds->ticket, &tkt);
96		/* Bail out on errors in case someone is storing a non-ticket. */
97		if (ret) return 0;
98		s2 = tkt->server;
99		if (!krb5_principal_compare(context, s1, s2)) {
100		creds->server = s2;
101		TRACE_CC_STORE_TKT(context, cache, creds);
102		/* remove any dups */
103		krb5_cc_remove_cred(context, cache, KRB5_TC_MATCH_AUTHDATA, creds);
104		ret = cache->ops->store(context, cache, creds);
105		creds->server = s1;
106		}
107		krb5_free_ticket(context, tkt);
108		return ret;
	83	return cache->ops->store(context, cache, creds);
109	84	}
110	85
111	86	krb5_error_code KRB5_CALLCONV

188	163	return cache->ops->prefix;
189	164	}
190	165
191		krb5_error_code KRB5_CALLCONV
192		krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache,
193		krb5_timestamp *change_time)
194		{
195		return ccache->ops->lastchange(context, ccache, change_time);
196		}
197
198		krb5_error_code KRB5_CALLCONV
199		krb5_cc_lock(krb5_context context, krb5_ccache ccache)
	166	krb5_error_code
	167	k5_cc_lock(krb5_context context, krb5_ccache ccache)
200	168	{
201	169	return ccache->ops->lock(context, ccache);
202	170	}
203	171
204		krb5_error_code KRB5_CALLCONV
205		krb5_cc_unlock(krb5_context context, krb5_ccache ccache)
	172	krb5_error_code
	173	k5_cc_unlock(krb5_context context, krb5_ccache ccache)
206	174	{
207	175	return ccache->ops->unlock(context, ccache);
208	176	}

+1

-1

src/lib/krb5/ccache/ccselect_k5identity.c less more

134	134	struct passwd pwx, *pwd;
135	135
136	136	if (!context->profile_secure)
137		homedir = getenv("HOME");
	137	homedir = secure_getenv("HOME");
138	138
139	139	if (homedir == NULL) {
140	140	if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)

+0

-10

src/lib/krb5/ccache/deps less more

187	187	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
188	188	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
189	189	cc-int.h ccfns.c
190		ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
191		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
192		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
193		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
194		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
195		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
196		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
197		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
198		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
199		$(top_srcdir)/include/socket-utils.h cc-int.h ser_cc.c
200	190	t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
201	191	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
202	192	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

+0

-215

~~src/lib/krb5/ccache/ser_cc.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/ccache/ser_cc.c - Serialize credential cache context */
2		/*
3		* Copyright 1995 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "k5-int.h"
27		#include "cc-int.h"
28
29		/*
30		* Routines to deal with externalizing krb5_ccache.
31		* krb5_ccache_size();
32		* krb5_ccache_externalize();
33		* krb5_ccache_internalize();
34		*/
35		static krb5_error_code krb5_ccache_size
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_ccache_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_ccache_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/*
43		* Serialization entry for this type.
44		*/
45		static const krb5_ser_entry krb5_ccache_ser_entry = {
46		KV5M_CCACHE, /* Type */
47		krb5_ccache_size, /* Sizer routine */
48		krb5_ccache_externalize, /* Externalize routine */
49		krb5_ccache_internalize /* Internalize routine */
50		};
51
52		/*
53		* krb5_ccache_size() - Determine the size required to externalize
54		* this krb5_ccache variant.
55		*/
56		static krb5_error_code
57		krb5_ccache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
58		{
59		krb5_error_code kret;
60		krb5_ccache ccache;
61		size_t required;
62
63		kret = EINVAL;
64		if ((ccache = (krb5_ccache) arg)) {
65		/*
66		* Saving FILE: variants of krb5_ccache requires at minimum:
67		* krb5_int32 for KV5M_CCACHE
68		* krb5_int32 for length of ccache name.
69		* krb5_int32 for KV5M_CCACHE
70		*/
71		required = sizeof(krb5_int32) * 3;
72		if (ccache->ops->prefix)
73		required += (strlen(ccache->ops->prefix)+1);
74
75		/*
76		* The ccache name is formed as follows:
77		* <prefix>:<name>
78		*/
79		required += strlen(krb5_cc_get_name(kcontext, ccache));
80
81		kret = 0;
82		*sizep += required;
83		}
84		return(kret);
85		}
86
87		/*
88		* krb5_ccache_externalize() - Externalize the krb5_ccache.
89		*/
90		static krb5_error_code
91		krb5_ccache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
92		{
93		krb5_error_code kret;
94		krb5_ccache ccache;
95		size_t required;
96		krb5_octet *bp;
97		size_t remain;
98		char *ccname;
99		const char *fnamep;
100
101		required = 0;
102		bp = *buffer;
103		remain = *lenremain;
104		kret = EINVAL;
105		if ((ccache = (krb5_ccache) arg)) {
106		kret = ENOMEM;
107		if (!krb5_ccache_size(kcontext, arg, &required) &&
108		(required <= remain)) {
109		/* Our identifier */
110		(void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
111
112		fnamep = krb5_cc_get_name(kcontext, ccache);
113
114		if (ccache->ops->prefix) {
115		if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0)
116		ccname = NULL;
117		} else
118		ccname = strdup(fnamep);
119
120		if (ccname) {
121		/* Put the length of the file name */
122		(void) krb5_ser_pack_int32((krb5_int32) strlen(ccname),
123		&bp, &remain);
124
125		/* Put the name */
126		(void) krb5_ser_pack_bytes((krb5_octet *) ccname,
127		strlen(ccname),
128		&bp, &remain);
129
130		/* Put the trailer */
131		(void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
132		kret = 0;
133		*buffer = bp;
134		*lenremain = remain;
135		free(ccname);
136		}
137		}
138		}
139		return(kret);
140		}
141
142		/*
143		* krb5_ccache_internalize() - Internalize the krb5_ccache.
144		*/
145		static krb5_error_code
146		krb5_ccache_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
147		{
148		krb5_error_code kret;
149		krb5_ccache ccache;
150		krb5_int32 ibuf;
151		krb5_octet *bp;
152		size_t remain;
153		char *ccname = NULL;
154
155		*argp = NULL;
156
157		bp = *buffer;
158		remain = *lenremain;
159
160		/* Read our magic number. */
161		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
162		if (kret)
163		return kret;
164		if (ibuf != KV5M_CCACHE)
165		return EINVAL;
166
167		/* Unpack and validate the length of the ccache name. */
168		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
169		if (kret)
170		return kret;
171		if (ibuf < 0 \|\| (krb5_ui_4) ibuf > remain)
172		return EINVAL;
173
174		/* Allocate and unpack the name. */
175		ccname = malloc(ibuf + 1);
176		if (!ccname)
177		return ENOMEM;
178		kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, (size_t) ibuf,
179		&bp, &remain);
180		if (kret)
181		goto cleanup;
182		ccname[ibuf] = '\0';
183
184		/* Read the second magic number. */
185		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
186		if (kret)
187		goto cleanup;
188		if (ibuf != KV5M_CCACHE) {
189		kret = EINVAL;
190		goto cleanup;
191		}
192
193		/* Resolve the named credential cache. */
194		kret = krb5_cc_resolve(kcontext, ccname, &ccache);
195		if (kret)
196		goto cleanup;
197
198		*buffer = bp;
199		*lenremain = remain;
200		*argp = ccache;
201
202		cleanup:
203		free(ccname);
204		return(kret);
205		}
206
207		/*
208		* Register the ccache serializer.
209		*/
210		krb5_error_code KRB5_CALLCONV
211		krb5_ser_ccache_init(krb5_context kcontext)
212		{
213		return(krb5_register_serializer(kcontext, &krb5_ccache_ser_entry));
214		}

+128

-3

src/lib/krb5/ccache/t_cc.c less more

35	35
36	36	#define KRB5_OK 0
37	37
38		krb5_creds test_creds;
	38	krb5_creds test_creds, test_creds2;
39	39
40	40	int debug=0;
41	41

143	143	a->length = 2;
144	144	test_creds.authdata[1] = a;
145	145
	146	memcpy(&test_creds2, &test_creds, sizeof(test_creds));
	147	kret = krb5_build_principal(context, &test_creds2.server, sizeof(REALM),
	148	REALM, "server-comp1", "server-comp3", NULL);
	149
146	150	cleanup:
147	151	if(kret) {
148	152	if (test_creds.client) {

169	173	krb5_free_principal(context, test_creds.client);
170	174
171	175	krb5_free_principal(context, test_creds.server);
	176	krb5_free_principal(context, test_creds2.server);
172	177
173	178	if(test_creds.authdata) {
174	179	krb5_free_authdata(context, test_creds.authdata);

199	204	if (experr != kret) { CHECK(kret, msg);}
200	205
201	206	static void
	207	check_num_entries(krb5_context context, krb5_ccache cache, int expected,
	208	unsigned linenum)
	209	{
	210	krb5_error_code ret;
	211	krb5_cc_cursor cursor;
	212	krb5_creds creds;
	213	int count = 0;
	214
	215	ret = krb5_cc_start_seq_get(context, cache, &cursor);
	216	if (ret != 0) {
	217	com_err("", ret, "(on line %d) - krb5_cc_start_seq_get", linenum);
	218	fflush(stderr);
	219	exit(1);
	220	}
	221
	222	while (1) {
	223	ret = krb5_cc_next_cred(context, cache, &cursor, &creds);
	224	if (ret)
	225	break;
	226
	227	count++;
	228	krb5_free_cred_contents(context, &creds);
	229	}
	230	krb5_cc_end_seq_get(context, cache, &cursor);
	231	if (ret != KRB5_CC_END) {
	232	CHECK(ret, "counting entries in ccache");
	233	}
	234
	235	if (count != expected) {
	236	com_err("", KRB5_FCC_INTERNAL,
	237	"(on line %d) - count didn't match (expected %d, got %d)",
	238	linenum, expected, count);
	239	fflush(stderr);
	240	exit(1);
	241	}
	242	}
	243
	244	static void
202	245	cc_test(krb5_context context, const char *name, krb5_flags flags)
203	246	{
204	247	krb5_ccache id, id2;

206	249	krb5_error_code kret;
207	250	krb5_cc_cursor cursor;
208	251	krb5_principal tmp;
	252	krb5_flags matchflags = KRB5_TC_MATCH_IS_SKEY;
209	253
210	254	const char *c_name;
211	255	char newcache[300];

310	354	kret = krb5_cc_destroy(context, id2);
311	355	CHECK(kret, "destroy id2");
312	356
	357	/* ----------------------------------------------------- */
	358	/* Test credential removal */
	359	kret = krb5_cc_resolve(context, name, &id);
	360	CHECK(kret, "resolving for remove");
	361
	362	kret = krb5_cc_initialize(context, id, test_creds.client);
	363	CHECK(kret, "initialize for remove");
	364	check_num_entries(context, id, 0, __LINE__);
	365
	366	kret = krb5_cc_store_cred(context, id, &test_creds);
	367	CHECK(kret, "store for remove (first pass)");
	368	check_num_entries(context, id, 1, __LINE__); /* 1 */
	369
	370	kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
	371	CHECK(kret, "removing credential (first pass)");
	372	check_num_entries(context, id, 0, __LINE__); /* empty */
	373
	374	kret = krb5_cc_store_cred(context, id, &test_creds);
	375	CHECK(kret, "first store for remove (second pass)");
	376	check_num_entries(context, id, 1, __LINE__); /* 1 */
	377
	378	kret = krb5_cc_store_cred(context, id, &test_creds2);
	379	CHECK(kret, "second store for remove (second pass)");
	380	check_num_entries(context, id, 2, __LINE__); /* 1, 2 */
	381
	382	kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds2);
	383	CHECK(kret, "first remove (second pass)");
	384	check_num_entries(context, id, 1, __LINE__); /* 1 */
	385
	386	kret = krb5_cc_store_cred(context, id, &test_creds2);
	387	CHECK(kret, "third store for remove (second pass)");
	388	check_num_entries(context, id, 2, __LINE__); /* 1, 2 */
	389
	390	kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
	391	CHECK(kret, "second remove (second pass)");
	392	check_num_entries(context, id, 1, __LINE__); /* 2 */
	393
	394	kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds2);
	395	CHECK(kret, "third remove (second pass)");
	396	check_num_entries(context, id, 0, __LINE__); /* empty */
	397
	398	kret = krb5_cc_destroy(context, id);
	399	CHECK(kret, "destruction for remove");
	400
	401	/* Test removal with iteration. */
	402	kret = krb5_cc_resolve(context, name, &id);
	403	CHECK(kret, "resolving for remove-iter");
	404
	405	kret = krb5_cc_initialize(context, id, test_creds.client);
	406	CHECK(kret, "initialize for remove-iter");
	407
	408	kret = krb5_cc_store_cred(context, id, &test_creds);
	409	CHECK(kret, "first store for remove-iter");
	410
	411	kret = krb5_cc_store_cred(context, id, &test_creds2);
	412	CHECK(kret, "second store for remove-iter");
	413
	414	kret = krb5_cc_start_seq_get(context, id, &cursor);
	415	CHECK(kret, "start_seq_get for remove-iter");
	416
	417	kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
	418	CHECK(kret, "remove for remove-iter");
	419
	420	while (1) {
	421	/* The removed credential may or may not be present in the cache -
	422	* either behavior is technically correct. */
	423	kret = krb5_cc_next_cred(context, id, &cursor, &creds);
	424	if (kret == KRB5_CC_END)
	425	break;
	426	CHECK(kret, "next_cred for remove-iter: %s");
	427
	428	CHECK(creds.times.endtime == 0, "no-lifetime cred");
	429
	430	krb5_free_cred_contents(context, &creds);
	431	}
	432
	433	kret = krb5_cc_end_seq_get(context, id, &cursor);
	434	CHECK(kret, "end_seq_get for remove-iter");
	435
	436	kret = krb5_cc_destroy(context, id);
	437	CHECK(kret, "destruction for remove-iter");
	438
313	439	free(save_type);
314	440	free_test_cred(context);
315
316	441	}
317	442
318	443	/*

373	498	CHECK(kret, "resolve unknown type");
374	499	}
375	500
376		/* Test for not specifiying a cache type with no defaults */
	501	/* Test for not specifying a cache type with no defaults */
377	502	ops_save = krb5_cc_dfl_ops;
378	503	krb5_cc_dfl_ops = 0;
379	504

+1

-1

src/lib/krb5/deps less more

4	4	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
5	5	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
6	6	$(COM_ERR_DEPS) $(srcdir)/ccache/cc-int.h $(srcdir)/keytab/kt-int.h \
7		$(srcdir)/os/os-proto.h $(srcdir)/rcache/rc-int.h $(top_srcdir)/include/k5-buf.h \
	7	$(srcdir)/os/os-proto.h $(top_srcdir)/include/k5-buf.h \
8	8	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
9	9	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
10	10	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \

+0

-3

src/lib/krb5/keytab/Makefile.in less more

13	13	ktfns.o \
14	14	kt_file.o \
15	15	kt_memory.o \
16		kt_srvtab.o \
17	16	read_servi.o
18	17
19	18	OBJS= \

25	24	$(OUTPRE)ktfns.$(OBJEXT) \
26	25	$(OUTPRE)kt_file.$(OBJEXT) \
27	26	$(OUTPRE)kt_memory.$(OBJEXT) \
28		$(OUTPRE)kt_srvtab.$(OBJEXT) \
29	27	$(OUTPRE)read_servi.$(OBJEXT)
30	28
31	29	SRCS= \

37	35	$(srcdir)/ktfns.c \
38	36	$(srcdir)/kt_file.c \
39	37	$(srcdir)/kt_memory.c \
40		$(srcdir)/kt_srvtab.c \
41	38	$(srcdir)/read_servi.c
42	39
43	40	EXTRADEPSRCS= \

+0

-11

src/lib/krb5/keytab/deps less more

86	86	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
87	87	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
88	88	kt-int.h kt_memory.c
89		kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \
90		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
91		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
92		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
93		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
94		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
95		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
96		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
97		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
98		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
99		kt_srvtab.c
100	89	read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \
101	90	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
102	91	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+8

-297

src/lib/krb5/keytab/kt_file.c less more

288	288	krb5_keytab_entry cur_entry, new_entry;
289	289	krb5_error_code kerror = 0;
290	290	int found_wrong_kvno = 0;
291		krb5_boolean similar;
292	291	int was_open;
293	292	char *princname;
294	293

335	334	continue;
336	335	}
337	336
338		/* if the enctype is not ignored and doesn't match, free new_entry
339		and continue to the next */
340
341		if (enctype != IGNORE_ENCTYPE) {
342		if ((kerror = krb5_c_enctype_compare(context, enctype,
343		new_entry.key.enctype,
344		&similar))) {
345		krb5_kt_free_entry(context, &new_entry);
346		break;
347		}
348
349		if (!similar) {
350		krb5_kt_free_entry(context, &new_entry);
351		continue;
352		}
353		/*
354		* Coerce the enctype of the output keyblock in case we
355		* got an inexact match on the enctype.
356		*/
357		new_entry.key.enctype = enctype;
358
	337	/* If the enctype is not ignored and doesn't match, free new_entry and
	338	continue to the next. */
	339	if (enctype != IGNORE_ENCTYPE && enctype != new_entry.key.enctype) {
	340	krb5_kt_free_entry(context, &new_entry);
	341	continue;
359	342	}
360	343
361	344	if (kvno == IGNORE_VNO \|\| new_entry.vno == IGNORE_VNO) {

537	520	}
538	521
539	522	/*
540		* ser_ktf.c - Serialize keytab file context for subsequent reopen.
541		*/
542
543		static const char ktfile_def_name[] = ".";
544
545		/*
546		* Routines to deal with externalizing krb5_keytab for [WR]FILE: variants.
547		* krb5_ktf_keytab_size();
548		* krb5_ktf_keytab_externalize();
549		* krb5_ktf_keytab_internalize();
550		*/
551		static krb5_error_code
552		krb5_ktf_keytab_size(krb5_context, krb5_pointer, size_t *);
553
554		static krb5_error_code
555		krb5_ktf_keytab_externalize(krb5_context, krb5_pointer, krb5_octet **,
556		size_t *);
557
558		static krb5_error_code
559		krb5_ktf_keytab_internalize(krb5_context,krb5_pointer , krb5_octet *,
560		size_t *);
561
562		/*
563		* Serialization entry for this type.
564		*/
565		const krb5_ser_entry krb5_ktfile_ser_entry = {
566		KV5M_KEYTAB, /* Type */
567		krb5_ktf_keytab_size, /* Sizer routine */
568		krb5_ktf_keytab_externalize, /* Externalize routine */
569		krb5_ktf_keytab_internalize /* Internalize routine */
570		};
571
572		/*
573		* krb5_ktf_keytab_size() - Determine the size required to externalize
574		* this krb5_keytab variant.
575		*/
576		static krb5_error_code
577		krb5_ktf_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
578		{
579		krb5_error_code kret;
580		krb5_keytab keytab;
581		size_t required;
582		krb5_ktfile_data *ktdata;
583
584		kret = EINVAL;
585		if ((keytab = (krb5_keytab) arg)) {
586		/*
587		* Saving FILE: variants of krb5_keytab requires at minimum:
588		* krb5_int32 for KV5M_KEYTAB
589		* krb5_int32 for length of keytab name.
590		* krb5_int32 for file status.
591		* krb5_int32 for file position.
592		* krb5_int32 for file position.
593		* krb5_int32 for version.
594		* krb5_int32 for KV5M_KEYTAB
595		*/
596		required = sizeof(krb5_int32) * 7;
597		if (keytab->ops && keytab->ops->prefix)
598		required += (strlen(keytab->ops->prefix)+1);
599
600		/*
601		* The keytab name is formed as follows:
602		* <prefix>:<name>
603		* If there's no name, we use a default name so that we have something
604		* to call krb5_keytab_resolve with.
605		*/
606		ktdata = (krb5_ktfile_data *) keytab->data;
607		required += strlen((ktdata && ktdata->name) ?
608		ktdata->name : ktfile_def_name);
609		kret = 0;
610
611		if (!kret)
612		*sizep += required;
613		}
614		return(kret);
615		}
616
617		/*
618		* krb5_ktf_keytab_externalize() - Externalize the krb5_keytab.
619		*/
620		static krb5_error_code
621		krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
622		{
623		krb5_error_code kret;
624		krb5_keytab keytab;
625		size_t required;
626		krb5_octet *bp;
627		size_t remain;
628		krb5_ktfile_data *ktdata;
629		krb5_int32 file_is_open;
630		int64_t file_pos;
631		char *ktname;
632		const char *fnamep;
633
634		required = 0;
635		bp = *buffer;
636		remain = *lenremain;
637		kret = EINVAL;
638		if ((keytab = (krb5_keytab) arg)) {
639		kret = ENOMEM;
640		if (!krb5_ktf_keytab_size(kcontext, arg, &required) &&
641		(required <= remain)) {
642		/* Our identifier */
643		(void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
644
645		ktdata = (krb5_ktfile_data *) keytab->data;
646		file_is_open = 0;
647		file_pos = 0;
648
649		/* Calculate the length of the name */
650		if (ktdata && ktdata->name)
651		fnamep = ktdata->name;
652		else
653		fnamep = ktfile_def_name;
654
655		if (keytab->ops && keytab->ops->prefix) {
656		if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0)
657		ktname = NULL;
658		} else
659		ktname = strdup(fnamep);
660
661		if (ktname) {
662		/* Fill in the file-specific keytab information. */
663		if (ktdata) {
664		if (ktdata->openf) {
665		long fpos;
666		int fflags = 0;
667
668		file_is_open = 1;
669		#if !defined(_WIN32)
670		fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0);
671		if (fflags > 0)
672		file_is_open \|= ((fflags & O_ACCMODE) << 1);
673		#else
674		file_is_open = 0;
675		#endif
676		fpos = ftell(ktdata->openf);
677		file_pos = fpos; /* XX range check? */
678		}
679		}
680
681		/* Put the length of the file name */
682		(void) krb5_ser_pack_int32((krb5_int32) strlen(ktname),
683		&bp, &remain);
684
685		/* Put the name */
686		(void) krb5_ser_pack_bytes((krb5_octet *) ktname,
687		strlen(ktname),
688		&bp, &remain);
689
690		/* Put the file open flag */
691		(void) krb5_ser_pack_int32(file_is_open, &bp, &remain);
692
693		/* Put the file position */
694		(void) krb5_ser_pack_int64(file_pos, &bp, &remain);
695
696		/* Put the version */
697		(void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ?
698		ktdata->version : 0),
699		&bp, &remain);
700
701		/* Put the trailer */
702		(void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
703		kret = 0;
704		*buffer = bp;
705		*lenremain = remain;
706		free(ktname);
707		}
708		}
709		}
710		return(kret);
711		}
712
713		/*
714		* krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab.
715		*/
716		static krb5_error_code
717		krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
718		{
719		krb5_error_code kret;
720		krb5_keytab keytab = NULL;
721		krb5_int32 ibuf;
722		krb5_octet *bp;
723		size_t remain;
724		char *ktname = NULL;
725		krb5_ktfile_data *ktdata;
726		krb5_int32 file_is_open;
727		int64_t foff;
728
729		*argp = NULL;
730		bp = *buffer;
731		remain = *lenremain;
732
733		/* Read our magic number */
734		if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) \|\| ibuf != KV5M_KEYTAB)
735		return EINVAL;
736
737		/* Read the keytab name */
738		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
739		if (kret)
740		return kret;
741		ktname = malloc(ibuf + 1);
742		if (!ktname)
743		return ENOMEM;
744		kret = krb5_ser_unpack_bytes((krb5_octet *) ktname, (size_t) ibuf,
745		&bp, &remain);
746		if (kret)
747		goto cleanup;
748		ktname[ibuf] = '\0';
749
750		/* Resolve the keytab. */
751		kret = krb5_kt_resolve(kcontext, ktname, &keytab);
752		if (kret)
753		goto cleanup;
754
755		if (keytab->ops != &krb5_ktf_ops) {
756		kret = EINVAL;
757		goto cleanup;
758		}
759		ktdata = (krb5_ktfile_data *) keytab->data;
760
761		if (remain < (sizeof(krb5_int32)*5)) {
762		kret = EINVAL;
763		goto cleanup;
764		}
765		(void) krb5_ser_unpack_int32(&file_is_open, &bp, &remain);
766		(void) krb5_ser_unpack_int64(&foff, &bp, &remain);
767		(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
768		ktdata->version = (int) ibuf;
769		(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
770		if (ibuf != KV5M_KEYTAB) {
771		kret = EINVAL;
772		goto cleanup;
773		}
774
775		if (file_is_open) {
776		int fmode;
777		long fpos;
778
779		#if !defined(_WIN32)
780		fmode = (file_is_open >> 1) & O_ACCMODE;
781		#else
782		fmode = 0;
783		#endif
784		if (fmode)
785		kret = krb5_ktfileint_openw(kcontext, keytab);
786		else
787		kret = krb5_ktfileint_openr(kcontext, keytab);
788		if (kret)
789		goto cleanup;
790		fpos = foff; /* XX range check? */
791		if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) {
792		kret = errno;
793		goto cleanup;
794		}
795		}
796
797		*buffer = bp;
798		*lenremain = remain;
799		*argp = (krb5_pointer) keytab;
800		cleanup:
801		if (kret != 0 && keytab)
802		krb5_kt_close(kcontext, keytab);
803		free(ktname);
804		return kret;
805		}
806
807
808		/*
809	523	* krb5_ktfile_add()
810	524	*/
811	525

916	630	krb5_ktfile_get_next,
917	631	krb5_ktfile_end_get,
918	632	krb5_ktfile_add,
919		krb5_ktfile_remove,
920		&krb5_ktfile_ser_entry
	633	krb5_ktfile_remove
921	634	};
922	635
923	636	/*

937	650	krb5_ktfile_get_next,
938	651	krb5_ktfile_end_get,
939	652	krb5_ktfile_add,
940		krb5_ktfile_remove,
941		&krb5_ktfile_ser_entry
	653	krb5_ktfile_remove
942	654	};
943	655
944	656	/*

956	668	krb5_ktfile_get_next,
957	669	krb5_ktfile_end_get,
958	670	0,
959		0,
960		&krb5_ktfile_ser_entry
	671	0
961	672	};
962	673
963	674	/* Formerly lib/krb5/keytab/file/ktf_util.c */

+1

-2

src/lib/krb5/keytab/kt_memory.c less more

630	630	krb5_mkt_get_next,
631	631	krb5_mkt_end_get,
632	632	krb5_mkt_add,
633		krb5_mkt_remove,
634		NULL
	633	krb5_mkt_remove
635	634	};
636	635
637	636	#endif /* LEAN_CLIENT */

+0

-435

~~src/lib/krb5/keytab/kt_srvtab.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/keytab/kt_srvtab.c */
2		/*
3		* Copyright 1990,1991,2002,2007,2008 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25		/*
26		* Copyright (c) Hewlett-Packard Company 1991
27		* Released to the Massachusetts Institute of Technology for inclusion
28		* in the Kerberos source code distribution.
29		*
30		* Copyright 1990,1991 by the Massachusetts Institute of Technology.
31		* All Rights Reserved.
32		*
33		* Export of this software from the United States of America may
34		* require a specific license from the United States Government.
35		* It is the responsibility of any person or organization contemplating
36		* export to obtain such a license before exporting.
37		*
38		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
39		* distribute this software and its documentation for any purpose and
40		* without fee is hereby granted, provided that the above copyright
41		* notice appear in all copies and that both that copyright notice and
42		* this permission notice appear in supporting documentation, and that
43		* the name of M.I.T. not be used in advertising or publicity pertaining
44		* to distribution of the software without specific, written prior
45		* permission. Furthermore if you modify this software you must label
46		* your software as modified software and not distribute it in such a
47		* fashion that it might be confused with the original M.I.T. software.
48		* M.I.T. makes no representations about the suitability of
49		* this software for any purpose. It is provided "as is" without express
50		* or implied warranty.
51		*/
52
53		#include "k5-int.h"
54		#include <stdio.h>
55
56		#ifndef LEAN_CLIENT
57
58		/*
59		* Constants
60		*/
61
62		#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */
63		#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */
64
65		#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO
66
67		/*
68		* Types
69		*/
70		typedef struct _krb5_ktsrvtab_data {
71		char name; / Name of the file */
72		FILE openf; / open file, if any. */
73		} krb5_ktsrvtab_data;
74
75		/*
76		* Macros
77		*/
78		#define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data)
79		#define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name)
80		#define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf)
81
82		extern const struct _krb5_kt_ops krb5_kts_ops;
83
84		static krb5_error_code KRB5_CALLCONV
85		krb5_ktsrvtab_resolve(krb5_context, const char , krb5_keytab );
86
87		static krb5_error_code KRB5_CALLCONV
88		krb5_ktsrvtab_get_name(krb5_context, krb5_keytab, char *, unsigned int);
89
90		static krb5_error_code KRB5_CALLCONV
91		krb5_ktsrvtab_close(krb5_context, krb5_keytab);
92
93		static krb5_error_code KRB5_CALLCONV
94		krb5_ktsrvtab_get_entry(krb5_context, krb5_keytab, krb5_const_principal,
95		krb5_kvno, krb5_enctype, krb5_keytab_entry *);
96
97		static krb5_error_code KRB5_CALLCONV
98		krb5_ktsrvtab_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
99
100		static krb5_error_code KRB5_CALLCONV
101		krb5_ktsrvtab_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *,
102		krb5_kt_cursor *);
103
104		static krb5_error_code KRB5_CALLCONV
105		krb5_ktsrvtab_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
106
107		static krb5_error_code
108		krb5_ktsrvint_open(krb5_context, krb5_keytab);
109
110		static krb5_error_code
111		krb5_ktsrvint_close(krb5_context, krb5_keytab);
112
113		static krb5_error_code
114		krb5_ktsrvint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
115
116		/*
117		* This is an implementation specific resolver. It returns a keytab id
118		* initialized with srvtab keytab routines.
119		*/
120
121		static krb5_error_code KRB5_CALLCONV
122		krb5_ktsrvtab_resolve(krb5_context context, const char name, krb5_keytab id)
123		{
124		krb5_ktsrvtab_data *data;
125
126		if ((id = (krb5_keytab) malloc(sizeof(*id))) == NULL)
127		return(ENOMEM);
128
129		(*id)->ops = &krb5_kts_ops;
130		data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data));
131		if (data == NULL) {
132		free(*id);
133		return(ENOMEM);
134		}
135
136		data->name = strdup(name);
137		if (data->name == NULL) {
138		free(data);
139		free(*id);
140		return(ENOMEM);
141		}
142
143		data->openf = 0;
144
145		(*id)->data = (krb5_pointer)data;
146		(*id)->magic = KV5M_KEYTAB;
147		return(0);
148		}
149
150		/*
151		* "Close" a file-based keytab and invalidate the id. This means
152		* free memory hidden in the structures.
153		*/
154
155		krb5_error_code KRB5_CALLCONV
156		krb5_ktsrvtab_close(krb5_context context, krb5_keytab id)
157		/*
158		* This routine is responsible for freeing all memory allocated
159		* for this keytab. There are no system resources that need
160		* to be freed nor are there any open files.
161		*
162		* This routine should undo anything done by krb5_ktsrvtab_resolve().
163		*/
164		{
165		free(KTFILENAME(id));
166		free(id->data);
167		id->ops = 0;
168		free(id);
169		return (0);
170		}
171
172		/*
173		* This is the get_entry routine for the file based keytab implementation.
174		* It opens the keytab file, and either retrieves the entry or returns
175		* an error.
176		*/
177
178		krb5_error_code KRB5_CALLCONV
179		krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)
180		{
181		krb5_keytab_entry best_entry, ent;
182		krb5_error_code kerror = 0;
183		int found_wrong_kvno = 0;
184
185		/* Open the srvtab. */
186		if ((kerror = krb5_ktsrvint_open(context, id)))
187		return(kerror);
188
189		/* srvtab files only have DES_CBC_CRC keys. */
190		switch (enctype) {
191		case ENCTYPE_DES_CBC_CRC:
192		case ENCTYPE_DES_CBC_MD5:
193		case ENCTYPE_DES_CBC_MD4:
194		case ENCTYPE_DES_CBC_RAW:
195		case IGNORE_ENCTYPE:
196		break;
197		default:
198		return KRB5_KT_NOTFOUND;
199		}
200
201		best_entry.principal = 0;
202		best_entry.vno = 0;
203		best_entry.key.contents = 0;
204		while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) {
205		ent.key.enctype = enctype;
206		if (krb5_principal_compare(context, principal, ent.principal)) {
207		if (kvno == IGNORE_VNO \|\| ent.vno == IGNORE_VNO) {
208		if (!best_entry.principal \|\| (best_entry.vno < ent.vno)) {
209		krb5_kt_free_entry(context, &best_entry);
210		best_entry = ent;
211		}
212		} else {
213		if (ent.vno == kvno) {
214		best_entry = ent;
215		break;
216		} else {
217		found_wrong_kvno = 1;
218		}
219		}
220		} else {
221		krb5_kt_free_entry(context, &ent);
222		}
223		}
224		if (kerror == KRB5_KT_END) {
225		if (best_entry.principal)
226		kerror = 0;
227		else if (found_wrong_kvno)
228		kerror = KRB5_KT_KVNONOTFOUND;
229		else
230		kerror = KRB5_KT_NOTFOUND;
231		}
232		if (kerror) {
233		(void) krb5_ktsrvint_close(context, id);
234		krb5_kt_free_entry(context, &best_entry);
235		return kerror;
236		}
237		if ((kerror = krb5_ktsrvint_close(context, id)) != 0) {
238		krb5_kt_free_entry(context, &best_entry);
239		return kerror;
240		}
241		*entry = best_entry;
242		return 0;
243		}
244
245		/*
246		* Get the name of the file containing a srvtab-based keytab.
247		*/
248
249		krb5_error_code KRB5_CALLCONV
250		krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
251		/*
252		* This routine returns the name of the name of the file associated with
253		* this srvtab-based keytab. The name is prefixed with PREFIX:, so that
254		* trt will happen if the name is passed back to resolve.
255		*/
256		{
257		int result;
258
259		memset(name, 0, len);
260		result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id));
261		if (SNPRINTF_OVERFLOW(result, len))
262		return(KRB5_KT_NAME_TOOLONG);
263		return(0);
264		}
265
266		/*
267		* krb5_ktsrvtab_start_seq_get()
268		*/
269
270		krb5_error_code KRB5_CALLCONV
271		krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
272		{
273		krb5_error_code retval;
274		long *fileoff;
275
276		if ((retval = krb5_ktsrvint_open(context, id)))
277		return retval;
278
279		if (!(fileoff = (long )malloc(sizeof(fileoff)))) {
280		krb5_ktsrvint_close(context, id);
281		return ENOMEM;
282		}
283		*fileoff = ftell(KTFILEP(id));
284		*cursorp = (krb5_kt_cursor)fileoff;
285
286		return 0;
287		}
288
289		/*
290		* krb5_ktsrvtab_get_next()
291		*/
292
293		krb5_error_code KRB5_CALLCONV
294		krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry entry, krb5_kt_cursor cursor)
295		{
296		long fileoff = (long )*cursor;
297		krb5_keytab_entry cur_entry;
298		krb5_error_code kerror;
299
300		if (fseek(KTFILEP(id), *fileoff, 0) == -1)
301		return KRB5_KT_END;
302		if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry)))
303		return kerror;
304		*fileoff = ftell(KTFILEP(id));
305		*entry = cur_entry;
306		return 0;
307		}
308
309		/*
310		* krb5_ktsrvtab_end_get()
311		*/
312
313		krb5_error_code KRB5_CALLCONV
314		krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
315		{
316		free(*cursor);
317		return krb5_ktsrvint_close(context, id);
318		}
319
320		/*
321		* krb5_kts_ops
322		*/
323
324		const struct _krb5_kt_ops krb5_kts_ops = {
325		0,
326		"SRVTAB", /* Prefix -- this string should not appear anywhere else! */
327		krb5_ktsrvtab_resolve,
328		krb5_ktsrvtab_get_name,
329		krb5_ktsrvtab_close,
330		krb5_ktsrvtab_get_entry,
331		krb5_ktsrvtab_start_seq_get,
332		krb5_ktsrvtab_get_next,
333		krb5_ktsrvtab_end_get,
334		0,
335		0,
336		0
337		};
338
339		/* formerly: lib/krb5/keytab/srvtab/kts_util.c */
340
341		#include <stdio.h>
342
343		/* The maximum sizes for V4 aname, realm, sname, and instance +1 */
344		/* Taken from krb.h */
345		#define ANAME_SZ 40
346		#define REALM_SZ 40
347		#define SNAME_SZ 40
348		#define INST_SZ 40
349
350		static krb5_error_code
351		read_field(FILE fp, char s, int len)
352		{
353		int c;
354
355		while ((c = getc(fp)) != 0) {
356		if (c == EOF \|\| len <= 1)
357		return KRB5_KT_END;
358		*s = c;
359		s++;
360		len--;
361		}
362		*s = 0;
363		return 0;
364		}
365
366		krb5_error_code
367		krb5_ktsrvint_open(krb5_context context, krb5_keytab id)
368		{
369		KTFILEP(id) = fopen(KTFILENAME(id), "rb");
370		if (!KTFILEP(id))
371		return errno;
372		set_cloexec_file(KTFILEP(id));
373		return 0;
374		}
375
376		krb5_error_code
377		krb5_ktsrvint_close(krb5_context context, krb5_keytab id)
378		{
379		if (!KTFILEP(id))
380		return 0;
381		(void) fclose(KTFILEP(id));
382		KTFILEP(id) = 0;
383		return 0;
384		}
385
386		krb5_error_code
387		krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry)
388		{
389		FILE *fp;
390		char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ];
391		unsigned char key[8];
392		int vno;
393		krb5_error_code kerror;
394
395		/* Read in an entry from the srvtab file. */
396		fp = KTFILEP(id);
397		kerror = read_field(fp, name, sizeof(name));
398		if (kerror != 0)
399		return kerror;
400		kerror = read_field(fp, instance, sizeof(instance));
401		if (kerror != 0)
402		return kerror;
403		kerror = read_field(fp, realm, sizeof(realm));
404		if (kerror != 0)
405		return kerror;
406		vno = getc(fp);
407		if (vno == EOF)
408		return KRB5_KT_END;
409		if (fread(key, 1, sizeof(key), fp) != sizeof(key))
410		return KRB5_KT_END;
411
412		/* Fill in ret_entry with the data we read. Everything maps well
413		* except for the timestamp, which we don't have a value for. For
414		* now we just set it to 0. */
415		memset(ret_entry, 0, sizeof(*ret_entry));
416		ret_entry->magic = KV5M_KEYTAB_ENTRY;
417		kerror = krb5_425_conv_principal(context, name, instance, realm,
418		&ret_entry->principal);
419		if (kerror != 0)
420		return kerror;
421		ret_entry->vno = vno;
422		ret_entry->timestamp = 0;
423		ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
424		ret_entry->key.magic = KV5M_KEYBLOCK;
425		ret_entry->key.length = sizeof(key);
426		ret_entry->key.contents = k5memdup(key, sizeof(key), &kerror);
427		if (ret_entry->key.contents == NULL) {
428		krb5_free_principal(context, ret_entry->principal);
429		return kerror;
430		}
431
432		return 0;
433		}
434		#endif /* LEAN_CLIENT */

+1

-81

src/lib/krb5/keytab/ktbase.c less more

54	54
55	55	extern const krb5_kt_ops krb5_ktf_ops;
56	56	extern const krb5_kt_ops krb5_ktf_writable_ops;
57		extern const krb5_kt_ops krb5_kts_ops;
58	57	extern const krb5_kt_ops krb5_mkt_ops;
59	58
60	59	struct krb5_kt_typelist {
61	60	const krb5_kt_ops *ops;
62	61	const struct krb5_kt_typelist *next;
63	62	};
64		const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
65		&krb5_kts_ops,
66		NULL
67		};
68	63	const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
69	64	&krb5_mkt_ops,
70		&krb5_kt_typelist_srvtab
	65	NULL
71	66	};
72	67	const static struct krb5_kt_typelist krb5_kt_typelist_wrfile = {
73	68	&krb5_ktf_writable_ops,

222	217	return err ? err : krb5_kt_resolve(context, name, out);
223	218	}
224	219
225		/*
226		* Routines to deal with externalizingt krb5_keytab.
227		* keytab_size();
228		* keytab_externalize();
229		* keytab_internalize();
230		*/
231		static krb5_error_code keytab_size
232		(krb5_context, krb5_pointer, size_t *);
233		static krb5_error_code keytab_externalize
234		(krb5_context, krb5_pointer, krb5_octet *, size_t );
235		static krb5_error_code keytab_internalize
236		(krb5_context,krb5_pointer , krb5_octet , size_t );
237
238		/*
239		* Serialization entry for this type.
240		*/
241		static const krb5_ser_entry krb5_keytab_ser_entry = {
242		KV5M_KEYTAB, /* Type */
243		keytab_size, /* Sizer routine */
244		keytab_externalize, /* Externalize routine */
245		keytab_internalize /* Internalize routine */
246		};
247
248		static krb5_error_code
249		keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
250		{
251		krb5_error_code kret;
252		krb5_keytab keytab;
253		krb5_ser_handle shandle;
254
255		kret = EINVAL;
256		if ((keytab = (krb5_keytab) arg) &&
257		keytab->ops &&
258		(shandle = (krb5_ser_handle) keytab->ops->serializer) &&
259		shandle->sizer)
260		kret = (*shandle->sizer)(kcontext, arg, sizep);
261		return(kret);
262		}
263
264		static krb5_error_code
265		keytab_externalize(krb5_context kcontext, krb5_pointer arg,
266		krb5_octet *buffer, size_t lenremain)
267		{
268		krb5_error_code kret;
269		krb5_keytab keytab;
270		krb5_ser_handle shandle;
271
272		kret = EINVAL;
273		if ((keytab = (krb5_keytab) arg) &&
274		keytab->ops &&
275		(shandle = (krb5_ser_handle) keytab->ops->serializer) &&
276		shandle->externalizer)
277		kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain);
278		return(kret);
279		}
280
281		static krb5_error_code
282		keytab_internalize(krb5_context kcontext, krb5_pointer *argp,
283		krb5_octet *buffer, size_t lenremain)
284		{
285		krb5_error_code kret;
286		krb5_ser_handle shandle;
287
288		kret = EINVAL;
289		if ((shandle = (krb5_ser_handle) krb5_kt_dfl_ops.serializer) &&
290		shandle->internalizer)
291		kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain);
292		return(kret);
293		}
294
295		krb5_error_code KRB5_CALLCONV
296		krb5_ser_keytab_init(krb5_context kcontext)
297		{
298		return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry));
299		}
300	220	#endif /* LEAN_CLIENT */

+27

-25

src/lib/krb5/keytab/t_keytab.c less more

95	95	krb5_principal princ;
96	96	krb5_kt_cursor cursor, cursor2;
97	97	int cnt;
	98	krb5_enctype e1 = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
	99	e2 = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
98	100
99	101	kret = krb5_kt_resolve(context, name, &kt);
100	102	CHECK(kret, "resolve");

138	140	/* =================== Add entries to keytab ================= */
139	141	/*
140	142	* Add the following for this principal
141		* enctype 1, kvno 1, key = "1"
142		* enctype 2, kvno 1, key = "1"
143		* enctype 1, kvno 2, key = "2"
	143	* enctype e1, kvno 1, key = "1"
	144	* enctype e2, kvno 1, key = "1"
	145	* enctype e1, kvno 2, key = "2"
144	146	*/
145	147	memset(&kent, 0, sizeof(kent));
146	148	kent.magic = KV5M_KEYTAB_ENTRY;

148	150	kent.timestamp = 327689;
149	151	kent.vno = 1;
150	152	kent.key.magic = KV5M_KEYBLOCK;
151		kent.key.enctype = 1;
	153	kent.key.enctype = e1;
152	154	kent.key.length = 1;
153	155	kent.key.contents = (krb5_octet *) "1";
154	156

156	158	kret = krb5_kt_add_entry(context, kt, &kent);
157	159	CHECK(kret, "Adding initial entry");
158	160
159		kent.key.enctype = 2;
	161	kent.key.enctype = e2;
160	162	kret = krb5_kt_add_entry(context, kt, &kent);
161	163	CHECK(kret, "Adding second entry");
162	164
163		kent.key.enctype = 1;
	165	kent.key.enctype = e1;
164	166	kent.vno = 2;
165	167	kent.key.contents = (krb5_octet *) "2";
166	168	kret = krb5_kt_add_entry(context, kt, &kent);

182	184	cnt = 0;
183	185	while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) {
184	186	if(((kent.vno != 1) && (kent.vno != 2)) \|\|
185		((kent.key.enctype != 1) && (kent.key.enctype != 2)) \|\|
	187	((kent.key.enctype != e1) && (kent.key.enctype != e2)) \|\|
186	188	(kent.key.length != 1) \|\|
187	189	(kent.key.contents[0] != kent.vno +'0')) {
188	190	fprintf(stderr, "Error in read contents\n");

230	232	/* Ensure a valid answer - we did not specify an enctype or kvno */
231	233	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
232	234	((kent.vno != 1) && (kent.vno != 2)) \|\|
233		((kent.key.enctype != 1) && (kent.key.enctype != 2)) \|\|
	235	((kent.key.enctype != e1) && (kent.key.enctype != e2)) \|\|
234	236	(kent.key.length != 1) \|\|
235	237	(kent.key.contents[0] != kent.vno +'0')) {
236	238	fprintf(stderr, "Retrieved principal does not check\n");

242	244	/* Try to lookup a specific enctype - but unspecified kvno - should give
243	245	* max kvno
244	246	*/
245		kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
	247	kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
246	248	CHECK(kret, "looking up principal");
247	249
248	250	/* Ensure a valid answer - we did specified an enctype */
249	251	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
250		(kent.vno != 2) \|\| (kent.key.enctype != 1) \|\|
	252	(kent.vno != 2) \|\| (kent.key.enctype != e1) \|\|
251	253	(kent.key.length != 1) \|\|
252	254	(kent.key.contents[0] != kent.vno +'0')) {
253	255	fprintf(stderr, "Retrieved principal does not check\n");

265	267
266	268	/* Ensure a valid answer - we did not specify a kvno */
267	269	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
268		(kent.vno != 2) \|\| (kent.key.enctype != 1) \|\|
	270	(kent.vno != 2) \|\| (kent.key.enctype != e1) \|\|
269	271	(kent.key.length != 1) \|\|
270	272	(kent.key.contents[0] != kent.vno +'0')) {
271	273	fprintf(stderr, "Retrieved principal does not check\n");

280	282
281	283	/* Try to lookup specified enctype and kvno */
282	284
283		kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent);
284		CHECK(kret, "looking up principal");
285
286		if (!krb5_principal_compare(context, princ, kent.principal) \|\|
287		(kent.vno != 1) \|\| (kent.key.enctype != 1) \|\|
	285	kret = krb5_kt_get_entry(context, kt, princ, 1, e1, &kent);
	286	CHECK(kret, "looking up principal");
	287
	288	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
	289	(kent.vno != 1) \|\| (kent.key.enctype != e1) \|\|
288	290	(kent.key.length != 1) \|\|
289	291	(kent.key.contents[0] != kent.vno +'0')) {
290	292	fprintf(stderr, "Retrieved principal does not check\n");

333	335
334	336	/* Try to lookup specified enctype and kvno - that does not exist*/
335	337
336		kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent);
	338	kret = krb5_kt_get_entry(context, kt, princ, 3, e1, &kent);
337	339	CHECK_ERR(kret, KRB5_KT_KVNONOTFOUND,
338	340	"looking up specific principal, kvno, enctype");
339	341

346	348	kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
347	349	CHECK(kret, "parsing principal");
348	350
349		kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
350		CHECK(kret, "looking up principal");
351
352		/* Ensure a valid answer - we are looking for max(kvno) and enc=1 */
353		if (!krb5_principal_compare(context, princ, kent.principal) \|\|
354		(kent.vno != 2) \|\| (kent.key.enctype != 1) \|\|
	351	kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
	352	CHECK(kret, "looking up principal");
	353
	354	/* Ensure a valid answer - we are looking for max(kvno) and enc=e1 */
	355	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
	356	(kent.vno != 2) \|\| (kent.key.enctype != e1) \|\|
355	357	(kent.key.length != 1) \|\|
356	358	(kent.key.contents[0] != kent.vno +'0')) {
357	359	fprintf(stderr, "Retrieved principal does not check\n");

367	369	krb5_free_keytab_entry_contents(context, &kent);
368	370	/* And ensure gone */
369	371
370		kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
	372	kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
371	373	CHECK(kret, "looking up principal");
372	374
373	375	/* Ensure a valid answer - kvno should now be 1 - we deleted 2 */
374	376	if (!krb5_principal_compare(context, princ, kent.principal) \|\|
375		(kent.vno != 1) \|\| (kent.key.enctype != 1) \|\|
	377	(kent.vno != 1) \|\| (kent.key.enctype != e1) \|\|
376	378	(kent.key.length != 1) \|\|
377	379	(kent.key.contents[0] != kent.vno +'0')) {
378	380	fprintf(stderr, "Delete principal check failed\n");

+4

-1

src/lib/krb5/krb/Makefile.in less more

76	76	mk_safe.o \
77	77	pac.o \
78	78	pac_sign.o \
	79	padata.o \
79	80	parse.o \
80	81	parse_host_string.o \
81	82	plugin.o \

189	190	$(OUTPRE)mk_safe.$(OBJEXT) \
190	191	$(OUTPRE)pac.$(OBJEXT) \
191	192	$(OUTPRE)pac_sign.$(OBJEXT) \
	193	$(OUTPRE)padata.$(OBJEXT) \
192	194	$(OUTPRE)parse.$(OBJEXT) \
193	195	$(OUTPRE)parse_host_string.$(OBJEXT) \
194	196	$(OUTPRE)plugin.$(OBJEXT) \

302	304	$(srcdir)/mk_safe.c \
303	305	$(srcdir)/pac.c \
304	306	$(srcdir)/pac_sign.c \
	307	$(srcdir)/padata.c \
305	308	$(srcdir)/parse.c \
306	309	$(srcdir)/parse_host_string.c \
307	310	$(srcdir)/plugin.c \

471	474	t_in_ccache t_cc_config t_copy_context t_princ t_etypes t_vfy_increds \
472	475	t_response_items t_sname_match t_valid_times t_get_etype_info
473	476
474		check-unix: $(TEST_PROGS)
	477	check-unix: $(TEST_PROGS) runenv.sh
475	478	$(RUN_TEST_LOCAL_CONF) ./t_kerb \
476	479	parse_name tytso \
477	480	parse_name tytso@SHAZAAM \

+5

-23

src/lib/krb5/krb/auth_con.c less more

39	39	(*auth_context)->auth_context_flags =
40	40	KRB5_AUTH_CONTEXT_DO_TIME \| KRB5_AUTH_CONN_INITIALIZED;
41	41
42		(*auth_context)->req_cksumtype = context->default_ap_req_sumtype;
43		(*auth_context)->safe_cksumtype = context->default_safe_sumtype;
44	42	(*auth_context)->checksum_func = NULL;
45	43	(*auth_context)->checksum_func_data = NULL;
46	44	(*auth_context)->negotiated_etype = ENCTYPE_NULL;

71	69	krb5_k_free_key(context, auth_context->recv_subkey);
72	70	zapfree(auth_context->cstate.data, auth_context->cstate.length);
73	71	if (auth_context->rcache)
74		krb5_rc_close(context, auth_context->rcache);
	72	k5_rc_close(context, auth_context->rcache);
75	73	if (auth_context->permitted_etypes)
76	74	free(auth_context->permitted_etypes);
77	75	if (auth_context->ad_context)
78	76	krb5_authdata_context_free(context, auth_context->ad_context);
	77	k5_memrcache_free(context, auth_context->memrcache);
79	78	free(auth_context);
80	79	return 0;
81	80	}

314	313	krb5_error_code KRB5_CALLCONV
315	314	krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
316	315	{
317		krb5_error_code ret;
318		krb5_enctype enctype;
319
320	316	if (auth_context->key == NULL)
321	317	return EINVAL;
322		ret = krb5_c_init_state(context, &auth_context->key->keyblock,
323		KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
324		&auth_context->cstate);
325		if (ret)
326		return ret;
327
328		/*
329		* Historically we used a zero-filled buffer of the enctype block size.
330		* This matches every existing enctype except RC4 (which has a block size
331		* of 1) and des-cbc-crc (which uses the key instead of a zero-filled
332		* buffer). Special-case des-cbc-crc to remain interoperable.
333		*/
334		enctype = krb5_k_key_enctype(context, auth_context->key);
335		if (enctype == ENCTYPE_DES_CBC_CRC)
336		zap(auth_context->cstate.data, auth_context->cstate.length);
337
338		return 0;
	318	return krb5_c_init_state(context, &auth_context->key->keyblock,
	319	KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
	320	&auth_context->cstate);
339	321	}
340	322
341	323	krb5_error_code

+3

-0

src/lib/krb5/krb/auth_con.h less more

1	1
2	2	#ifndef KRB5_AUTH_CONTEXT
3	3	#define KRB5_AUTH_CONTEXT
	4
	5	#include "../rcache/memrcache.h"
4	6
5	7	struct _krb5_auth_context {
6	8	krb5_magic magic;

20	22	krb5_cksumtype safe_cksumtype; /* mk_safe, ... */
21	23	krb5_data cstate; /* mk_priv, rd_priv only */
22	24	krb5_rcache rcache;
	25	k5_memrcache memrcache;
23	26	krb5_enctype * permitted_etypes; /* rd_req */
24	27	krb5_mk_req_checksum_func checksum_func;
25	28	void *checksum_func_data;

+15

-39

src/lib/krb5/krb/authdata.c less more

556	556	if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
557	557	goto cleanup;
558	558	ret = 0;
	559	if (elements == NULL)
	560	continue;
559	561
560	562	/* Add the verified elements to list and free the container array. */
561	563	for (n_elements = 0; elements[n_elements] != NULL; n_elements++);

975	977
976	978	*ptr = NULL;
977	979
978		name.length = strlen(module_name);
979		name.data = (char *)module_name;
980
	980	name = make_data((char *)module_name, strlen(module_name));
981	981	module = k5_ad_find_module(kcontext, context, AD_USAGE_MASK, &name);
982	982	if (module == NULL)
983	983	return ENOENT;

1004	1004	krb5_data name;
1005	1005	struct _krb5_authdata_context_module *module;
1006	1006
1007		name.length = strlen(module_name);
1008		name.data = (char *)module_name;
1009
	1007	name = make_data((char *)module_name, strlen(module_name));
1010	1008	module = k5_ad_find_module(kcontext, context, AD_USAGE_MASK, &name);
1011	1009	if (module == NULL)
1012	1010	return ENOENT;

1152	1150	/*
1153	1151	* Calculate size of to-be-externalized authdata context.
1154	1152	*/
1155		static krb5_error_code
1156		krb5_authdata_context_size(krb5_context kcontext,
1157		krb5_pointer ptr,
1158		size_t *sizep)
	1153	krb5_error_code
	1154	k5_size_authdata_context(krb5_context kcontext, krb5_authdata_context context,
	1155	size_t *sizep)
1159	1156	{
1160	1157	krb5_error_code code;
1161		krb5_authdata_context context = (krb5_authdata_context)ptr;
1162	1158
1163	1159	code = k5_ad_size(kcontext, context, AD_USAGE_MASK, sizep);
1164	1160	if (code != 0)

1172	1168	/*
1173	1169	* Externalize an authdata context.
1174	1170	*/
1175		static krb5_error_code
1176		krb5_authdata_context_externalize(krb5_context kcontext,
1177		krb5_pointer ptr,
1178		krb5_octet **buffer,
1179		size_t *lenremain)
	1171	krb5_error_code
	1172	k5_externalize_authdata_context(krb5_context kcontext,
	1173	krb5_authdata_context context,
	1174	krb5_octet *buffer, size_t lenremain)
1180	1175	{
1181	1176	krb5_error_code code;
1182		krb5_authdata_context context = (krb5_authdata_context)ptr;
1183	1177	krb5_octet *bp;
1184	1178	size_t remain;
1185	1179

1211	1205	/*
1212	1206	* Internalize an authdata context.
1213	1207	*/
1214		static krb5_error_code
1215		krb5_authdata_context_internalize(krb5_context kcontext,
1216		krb5_pointer *ptr,
1217		krb5_octet **buffer,
1218		size_t *lenremain)
	1208	krb5_error_code
	1209	k5_internalize_authdata_context(krb5_context kcontext,
	1210	krb5_authdata_context *ptr,
	1211	krb5_octet *buffer, size_t lenremain)
1219	1212	{
1220	1213	krb5_error_code code;
1221	1214	krb5_authdata_context context;

1258	1251	*ptr = context;
1259	1252
1260	1253	return 0;
1261		}
1262
1263		static const krb5_ser_entry krb5_authdata_context_ser_entry = {
1264		KV5M_AUTHDATA_CONTEXT,
1265		krb5_authdata_context_size,
1266		krb5_authdata_context_externalize,
1267		krb5_authdata_context_internalize
1268		};
1269
1270		/*
1271		* Register the authdata context serializer.
1272		*/
1273		krb5_error_code
1274		krb5_ser_authdata_context_init(krb5_context kcontext)
1275		{
1276		return krb5_register_serializer(kcontext,
1277		&krb5_authdata_context_ser_entry);
1278	1254	}
1279	1255
1280	1256	krb5_error_code

+0

-30

~~src/lib/krb5/krb/cleanup.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1
2		#ifndef KRB5_CLEANUP
3		#define KRB5_CLEANUP
4
5		struct cleanup {
6		void * arg;
7		void (func)(void );
8		};
9
10		#define CLEANUP_INIT(x) \
11		struct cleanup cleanup_data[x]; \
12		int cleanup_count = 0;
13
14		#define CLEANUP_PUSH(x, y) \
15		cleanup_data[cleanup_count].arg = x; \
16		cleanup_data[cleanup_count].func = y; \
17		cleanup_count++;
18
19		#define CLEANUP_POP(x) \
20		if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func)) \
21		cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
22
23		#define CLEANUP_DONE() \
24		while(cleanup_count--) \
25		if (cleanup_data[cleanup_count].func) \
26		cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
27
28
29		#endif

+0

-2

src/lib/krb5/krb/copy_ctx.c less more

73	73	nctx->default_realm = NULL;
74	74	nctx->profile = NULL;
75	75	nctx->dal_handle = NULL;
76		nctx->ser_ctx_count = 0;
77		nctx->ser_ctx = NULL;
78	76	nctx->prompt_types = NULL;
79	77	nctx->preauth_context = NULL;
80	78	nctx->ccselect_handles = NULL;

+1

-1

src/lib/krb5/krb/deltat.c less more

14	14	GNU General Public License for more details.
15	15
16	16	You should have received a copy of the GNU General Public License
17		along with this program. If not, see <http://www.gnu.org/licenses/>. */
	17	along with this program. If not, see <https://www.gnu.org/licenses/>. */
18	18
19	19	/* As a special exception, you may create a larger work that contains
20	20	part or all of the Bison parser skeleton and distribute that work

+239

-219

src/lib/krb5/krb/deps less more

47	47	auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): \
48	48	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
49	49	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
50		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
51		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
52		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
53		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
54		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
55		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
56		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
57		auth_con.c auth_con.h int-proto.h
	50	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	51	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	52	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	53	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	54	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	55	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	56	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	57	$(top_srcdir)/include/socket-utils.h auth_con.c auth_con.h \
	58	int-proto.h
58	59	cammac_util.so cammac_util.po $(OUTPRE)cammac_util.$(OBJEXT): \
59	60	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
60	61	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

69	70	ai_authdata.so ai_authdata.po $(OUTPRE)ai_authdata.$(OBJEXT): \
70	71	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
71	72	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
72		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
73		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
74		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
75		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
76		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
77		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
78		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
79		$(top_srcdir)/include/socket-utils.h ai_authdata.c \
80		auth_con.h authdata.h int-proto.h
	73	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	74	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	75	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	76	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	77	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	78	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	79	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	80	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	81	ai_authdata.c auth_con.h authdata.h int-proto.h
81	82	authdata.so authdata.po $(OUTPRE)authdata.$(OBJEXT): \
82	83	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
83	84	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
84		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
85		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
86		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
87		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
88		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
89		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
90		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
91		$(top_srcdir)/include/socket-utils.h auth_con.h authdata.c \
92		authdata.h int-proto.h
	85	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	86	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	87	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	88	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	89	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	90	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	91	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	92	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	93	auth_con.h authdata.c authdata.h int-proto.h
93	94	authdata_exp.so authdata_exp.po $(OUTPRE)authdata_exp.$(OBJEXT): \
94	95	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
95	96	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
96		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
97		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
98		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
99		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
100		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
101		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
102		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
103		$(top_srcdir)/include/socket-utils.h auth_con.h authdata.h \
104		authdata_exp.c int-proto.h
	97	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	98	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	99	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	100	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	101	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	102	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	103	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	104	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	105	auth_con.h authdata.h authdata_exp.c int-proto.h
105	106	authdata_enc.so authdata_enc.po $(OUTPRE)authdata_enc.$(OBJEXT): \
106	107	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
107	108	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

161	162	chk_trans.c
162	163	chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
163	164	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
164		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
165		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
166		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
167		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
168		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
169		$(top_srcdir)/include/k5-unicode.h $(top_srcdir)/include/k5-utf8.h \
170		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
171		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
172		$(top_srcdir)/include/socket-utils.h auth_con.h chpw.c \
173		int-proto.h
	165	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	166	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	167	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	168	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	169	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	170	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-unicode.h \
	171	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	172	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	173	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	174	auth_con.h chpw.c int-proto.h
174	175	conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \
175	176	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
176	177	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

218	219	copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \
219	220	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
220	221	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
221		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
222		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
223		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
224		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
225		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
226		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
227		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
228		auth_con.h copy_athctr.c
	222	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	223	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	224	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	225	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	226	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	227	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	228	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	229	$(top_srcdir)/include/socket-utils.h auth_con.h copy_athctr.c
229	230	copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \
230	231	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
231	232	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

448	449	gen_save_subkey.so gen_save_subkey.po $(OUTPRE)gen_save_subkey.$(OBJEXT): \
449	450	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
450	451	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
451		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
452		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
453		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
454		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
455		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
456		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
457		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
458		auth_con.h gen_save_subkey.c int-proto.h
	452	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	453	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	454	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	455	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	456	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	457	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	458	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	459	$(top_srcdir)/include/socket-utils.h auth_con.h gen_save_subkey.c \
	460	int-proto.h
459	461	get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \
460	462	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
461	463	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
462		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
463		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
464		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
465		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
466		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
467		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	464	$(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
	465	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	466	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	467	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	468	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	469	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	470	$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
468	471	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
469	472	fast.h get_creds.c int-proto.h
470	473	get_etype_info.so get_etype_info.po $(OUTPRE)get_etype_info.$(OBJEXT): \

619	622	int-proto.h libdef_parse.c
620	623	mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
621	624	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
622		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
623		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
624		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
625		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
626		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
627		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
628		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
629		$(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
630		int-proto.h mk_cred.c
	625	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	626	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	627	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	628	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	629	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	630	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	631	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	632	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	633	auth_con.h int-proto.h mk_cred.c
631	634	mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): \
632	635	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
633	636	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

641	644	mk_error.c
642	645	mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
643	646	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
644		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
645		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
646		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
647		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
648		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
649		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
650		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
651		$(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
652		mk_priv.c
	647	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	648	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	649	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	650	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	651	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	652	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	653	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	654	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	655	auth_con.h int-proto.h mk_priv.c
653	656	mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
654	657	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
655		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
	658	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	659	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	660	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	661	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	662	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	663	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	664	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	665	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	666	auth_con.h int-proto.h mk_rep.c
	667	mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	668	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	669	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	670	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	671	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	672	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	673	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	674	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	675	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	676	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	677	auth_con.h mk_req.c
	678	mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \
	679	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
	680	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	681	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
656	682	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
657	683	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
658	684	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \

660	686	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
661	687	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
662	688	$(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
663		mk_rep.c
664		mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
665		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
666		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
667		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
668		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
669		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
670		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
671		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
672		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
673		$(top_srcdir)/include/socket-utils.h auth_con.h mk_req.c
674		mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \
675		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
676		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
677		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
678		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
679		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
680		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
681		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
682		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
683		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
684		auth_con.h int-proto.h mk_req_ext.c
	689	mk_req_ext.c
685	690	mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
686	691	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
687		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
688		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
689		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
690		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
691		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
692		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
693		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
694		$(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
695		mk_safe.c
	692	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	693	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	694	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	695	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	696	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	697	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	698	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	699	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	700	auth_con.h int-proto.h mk_safe.c
696	701	pac.so pac.po $(OUTPRE)pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
697	702	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
698	703	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

715	720	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
716	721	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
717	722	$(top_srcdir)/include/socket-utils.h authdata.h pac_sign.c
	723	padata.so padata.po $(OUTPRE)padata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	724	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	725	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
	726	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	727	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	728	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	729	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	730	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	731	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	732	$(top_srcdir)/include/socket-utils.h padata.c
718	733	parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
719	734	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
720	735	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

846	861	privsafe.so privsafe.po $(OUTPRE)privsafe.$(OBJEXT): \
847	862	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
848	863	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
849		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
850		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
851		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
852		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
853		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
854		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
855		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
856		auth_con.h int-proto.h privsafe.c
	864	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	865	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	866	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	867	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	868	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	869	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	870	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	871	$(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
	872	privsafe.c
857	873	random_str.so random_str.po $(OUTPRE)random_str.$(OBJEXT): \
858	874	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
859	875	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

867	883	random_str.c
868	884	rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
869	885	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
870		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
871		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
872		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
873		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
874		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
875		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
876		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
877		$(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
878		rd_cred.c
	886	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	887	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	888	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	889	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	890	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	891	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	892	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	893	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	894	auth_con.h int-proto.h rd_cred.c
879	895	rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): \
880	896	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
881	897	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

889	905	rd_error.c
890	906	rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
891	907	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
892		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
893		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
894		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
895		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
896		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
897		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
898		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
899		$(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
900		rd_priv.c
	908	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	909	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	910	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	911	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	912	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	913	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	914	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	915	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	916	auth_con.h int-proto.h rd_priv.c
901	917	rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
902	918	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
903		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
904		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
905		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
906		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
907		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
908		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
909		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
910		$(top_srcdir)/include/socket-utils.h auth_con.h rd_rep.c
	919	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	920	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	921	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	922	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	923	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	924	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	925	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	926	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	927	auth_con.h rd_rep.c
911	928	rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
912	929	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
913		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
914		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
915		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
916		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
917		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
918		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
919		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
920		$(top_srcdir)/include/socket-utils.h auth_con.h rd_req.c
	930	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	931	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	932	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	933	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	934	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	935	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	936	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	937	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	938	auth_con.h rd_req.c
921	939	rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): \
922	940	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
923	941	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
924		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
925		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
926		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
927		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
928		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
929		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
930		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
931		$(top_srcdir)/include/socket-utils.h auth_con.h authdata.h \
932		int-proto.h rd_req_dec.c
	942	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	943	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	944	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	945	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	946	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	947	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	948	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	949	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	950	auth_con.h authdata.h int-proto.h rd_req_dec.c
933	951	rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
934	952	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
935		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
936		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
937		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
938		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
939		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
940		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
941		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
942		$(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
943		int-proto.h rd_safe.c
	953	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	954	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	955	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	956	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	957	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	958	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	959	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	960	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	961	auth_con.h int-proto.h rd_safe.c
944	962	recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \
945	963	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
946	964	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
947		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
948		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
949		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
950		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
951		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
952		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
953		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
954		auth_con.h recvauth.c
	965	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	966	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	967	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	968	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	969	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	970	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	971	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	972	$(top_srcdir)/include/socket-utils.h auth_con.h recvauth.c
955	973	response_items.so response_items.po $(OUTPRE)response_items.$(OBJEXT): \
956	974	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
957	975	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

966	984	s4u_authdata.so s4u_authdata.po $(OUTPRE)s4u_authdata.$(OBJEXT): \
967	985	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
968	986	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
969		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
970		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
971		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
972		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
973		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
974		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
975		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
976		$(top_srcdir)/include/socket-utils.h auth_con.h authdata.h \
977		int-proto.h s4u_authdata.c
	987	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	988	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	989	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	990	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	991	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	992	$(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
	993	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	994	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	995	auth_con.h authdata.h int-proto.h s4u_authdata.c
978	996	s4u_creds.so s4u_creds.po $(OUTPRE)s4u_creds.$(OBJEXT): \
979	997	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
980	998	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

989	1007	sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \
990	1008	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
991	1009	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
992		$(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
993		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
994		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
995		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
996		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
997		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
998		$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
999		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
1000		auth_con.h sendauth.c
	1010	$(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(srcdir)/../rcache/memrcache.h \
	1011	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	1012	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	1013	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	1014	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	1015	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	1016	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
	1017	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	1018	$(top_srcdir)/include/socket-utils.h auth_con.h sendauth.c
1001	1019	send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): \
1002	1020	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
1003	1021	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

1012	1030	ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): \
1013	1031	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
1014	1032	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
1015		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
1016		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
1017		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
1018		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
1019		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
1020		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
1021		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
1022		auth_con.h int-proto.h ser_actx.c
	1033	$(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
	1034	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	1035	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	1036	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	1037	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	1038	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	1039	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	1040	$(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
	1041	ser_actx.c
1023	1042	ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): \
1024	1043	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
1025	1044	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

1260	1279	$(top_srcdir)/include/socket-utils.h t_kerb.c
1261	1280	t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
1262	1281	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
1263		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
1264		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
1265		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
1266		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
1267		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
1268		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
1269		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
1270		$(top_srcdir)/include/socket-utils.h auth_con.h t_ser.c
	1282	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
	1283	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	1284	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	1285	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	1286	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	1287	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	1288	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	1289	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	1290	auth_con.h t_ser.c
1271	1291	t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): \
1272	1292	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
1273	1293	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+0

-17

src/lib/krb5/krb/fast.c less more

617	617	free(state);
618	618	}
619	619
620		krb5_pa_data *
621		krb5int_find_pa_data(krb5_context context, krb5_pa_data const padata,
622		krb5_preauthtype pa_type)
623		{
624		krb5_pa_data * const *tmppa;
625
626		if (padata == NULL)
627		return NULL;
628
629		for (tmppa = padata; *tmppa != NULL; tmppa++) {
630		if ((*tmppa)->pa_type == pa_type)
631		break;
632		}
633
634		return *tmppa;
635		}
636
637	620	/*
638	621	* Implement FAST negotiation as specified in RFC 6806 section 11. If
639	622	* the encrypted part of rep sets the enc-pa-rep flag, look for and

+6

-3

src/lib/krb5/krb/gc_via_tkt.c less more

256	256	/* Final hop, check whether KDC supports S4U2Self */
257	257	if (krb5_principal_compare(context, dec_rep->client, in_cred->server))
258	258	retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
259		} else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
260		/* XXX for constrained delegation this check must be performed by caller
261		* as we don't have access to the key to decrypt the evidence ticket.
	259	} else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0 \|\|
	260	IS_TGS_PRINC(dec_rep->ticket->server)) {
	261	/*
	262	* For constrained delegation this check must be performed by caller,
	263	* as we can't decrypt the evidence ticket. However, if it is a
	264	* referral the client should match the TGT client like normal.
262	265	*/
263	266	if (!krb5_principal_compare(context, dec_rep->client, tkt->client))
264	267	retval = KRB5_KDCREP_MODIFIED;

+81

-32

src/lib/krb5/krb/get_creds.c less more

38	38
39	39	#include "k5-int.h"
40	40	#include "int-proto.h"
	41	#include "os-proto.h"
41	42	#include "fast.h"
42	43
43	44	/*

330	331	extra_options = ctx->req_kdcopt;
331	332
332	333	/* Automatically set the enc-tkt-in-skey flag for user-to-user requests. */
333		if (ctx->in_creds->second_ticket.length != 0 &&
334		(extra_options & KDC_OPT_CNAME_IN_ADDL_TKT) == 0)
	334	if (ctx->in_creds->second_ticket.length != 0)
335	335	extra_options \|= KDC_OPT_ENC_TKT_IN_SKEY;
336	336
337	337	/* Set the canonicalize flag for referral requests. */

441	441	/* Try to cache the credential. */
442	442	(void) krb5_cc_store_cred(context, ctx->ccache, ctx->reply_creds);
443	443	}
444
445		/* If we were doing constrained delegation, make sure we got a forwardable
446		* ticket, or it won't work. */
447		if ((ctx->req_options & KRB5_GC_CONSTRAINED_DELEGATION)
448		&& (ctx->reply_creds->ticket_flags & TKT_FLG_FORWARDABLE) == 0)
449		return KRB5_TKT_NOT_FORWARDABLE;
450	444
451	445	ctx->state = STATE_COMPLETE;
452	446	return 0;

1021	1015	krb5_creds mcreds;
1022	1016	krb5_flags fields;
1023	1017
1024		/* For constrained delegation, the expected result is in second_ticket, so
1025		* we can't really do a cache check here. */
1026		if (ctx->req_options & KRB5_GC_CONSTRAINED_DELEGATION)
1027		return (ctx->req_options & KRB5_GC_CACHED) ? KRB5_CC_NOTFOUND : 0;
1028
1029	1018	/* Perform the cache lookup. */
1030	1019	code = krb5int_construct_matching_creds(context, ctx->req_options,
1031	1020	ctx->in_creds, &mcreds, &fields);

1096	1085	ctx->req_kdcopt \|= KDC_OPT_FORWARDABLE;
1097	1086	if (options & KRB5_GC_NO_TRANSIT_CHECK)
1098	1087	ctx->req_kdcopt \|= KDC_OPT_DISABLE_TRANSITED_CHECK;
1099		if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
1100		if (options & KRB5_GC_USER_USER) {
1101		code = EINVAL;
1102		goto cleanup;
1103		}
1104		ctx->req_kdcopt \|= KDC_OPT_FORWARDABLE \| KDC_OPT_CNAME_IN_ADDL_TKT;
1105		}
1106	1088
1107	1089	ctx->state = STATE_BEGIN;
1108	1090

1248	1230	return EINVAL;
1249	1231	}
1250	1232
	1233	static krb5_error_code
	1234	try_get_creds(krb5_context context, krb5_flags options, krb5_ccache ccache,
	1235	krb5_creds in_creds, krb5_creds creds_out)
	1236	{
	1237	krb5_error_code code;
	1238	krb5_tkt_creds_context ctx = NULL;
	1239
	1240	code = krb5_tkt_creds_init(context, ccache, in_creds, options, &ctx);
	1241	if (code)
	1242	goto cleanup;
	1243	code = krb5_tkt_creds_get(context, ctx);
	1244	if (code)
	1245	goto cleanup;
	1246	code = krb5_tkt_creds_get_creds(context, ctx, creds_out);
	1247
	1248	cleanup:
	1249	krb5_tkt_creds_free(context, ctx);
	1250	return code;
	1251	}
	1252
1251	1253	krb5_error_code KRB5_CALLCONV
1252	1254	krb5_get_credentials(krb5_context context, krb5_flags options,
1253	1255	krb5_ccache ccache, krb5_creds *in_creds,

1255	1257	{
1256	1258	krb5_error_code code;
1257	1259	krb5_creds *ncreds = NULL;
1258		krb5_tkt_creds_context ctx = NULL;
	1260	krb5_creds canon_creds, store_creds;
	1261	krb5_principal_data canon_server;
	1262	krb5_data canon_components[2];
	1263	char hostname = NULL, canon_hostname = NULL;
1259	1264
1260	1265	*out_creds = NULL;
	1266
	1267	/* If S4U2Proxy is requested, use the synchronous implementation in
	1268	* s4u_creds.c. */
	1269	if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
	1270	return k5_get_proxy_cred_from_kdc(context, options, ccache, in_creds,
	1271	out_creds);
	1272	}
1261	1273
1262	1274	/* Allocate a container. */
1263	1275	ncreds = k5alloc(sizeof(*ncreds), &code);
1264	1276	if (ncreds == NULL)
1265	1277	goto cleanup;
1266	1278
1267		/* Make and execute a krb5_tkt_creds context to get the credential. */
1268		code = krb5_tkt_creds_init(context, ccache, in_creds, options, &ctx);
1269		if (code != 0)
1270		goto cleanup;
1271		code = krb5_tkt_creds_get(context, ctx);
1272		if (code != 0)
1273		goto cleanup;
1274		code = krb5_tkt_creds_get_creds(context, ctx, ncreds);
1275		if (code != 0)
1276		goto cleanup;
	1279	code = try_get_creds(context, options, ccache, in_creds, ncreds);
	1280	if (!code) {
	1281	*out_creds = ncreds;
	1282	return 0;
	1283	}
	1284
	1285	/* Possibly try again with the canonicalized hostname, if the server is
	1286	* host-based and we are configured for fallback canonicalization. */
	1287	if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
	1288	goto cleanup;
	1289	if (context->dns_canonicalize_hostname != CANONHOST_FALLBACK)
	1290	goto cleanup;
	1291	if (in_creds->server->type != KRB5_NT_SRV_HST \|\|
	1292	in_creds->server->length != 2)
	1293	goto cleanup;
	1294
	1295	hostname = k5memdup0(in_creds->server->data[1].data,
	1296	in_creds->server->data[1].length, &code);
	1297	if (hostname == NULL)
	1298	goto cleanup;
	1299	code = k5_expand_hostname(context, hostname, TRUE, &canon_hostname);
	1300	if (code)
	1301	goto cleanup;
	1302
	1303	TRACE_GET_CREDS_FALLBACK(context, canon_hostname);
	1304
	1305	/* Make shallow copies of in_creds and its server to alter the hostname. */
	1306	canon_components[0] = in_creds->server->data[0];
	1307	canon_components[1] = string2data(canon_hostname);
	1308	canon_server = *in_creds->server;
	1309	canon_server.data = canon_components;
	1310	canon_creds = *in_creds;
	1311	canon_creds.server = &canon_server;
	1312
	1313	code = try_get_creds(context, options \| KRB5_GC_NO_STORE, ccache,
	1314	&canon_creds, ncreds);
	1315	if (code)
	1316	goto cleanup;
	1317
	1318	if (!(options & KRB5_GC_NO_STORE)) {
	1319	/* Store the creds under the originally requested server name. The
	1320	* ccache layer will also store them under the ticket server name. */
	1321	store_creds = *ncreds;
	1322	store_creds.server = in_creds->server;
	1323	(void)krb5_cc_store_cred(context, ccache, &store_creds);
	1324	}
1277	1325
1278	1326	*out_creds = ncreds;
1279	1327	ncreds = NULL;
1280	1328
1281	1329	cleanup:
	1330	free(hostname);
	1331	free(canon_hostname);
1282	1332	krb5_free_creds(context, ncreds);
1283		krb5_tkt_creds_free(context, ctx);
1284	1333	return code;
1285	1334	}

+72

-47

src/lib/krb5/krb/get_in_tkt.c less more

229	229	if (canon_req) {
230	230	canon_ok = IS_TGS_PRINC(request->server) &&
231	231	IS_TGS_PRINC(as_reply->enc_part2->server);
232		if (!canon_ok && (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS)) {
233		canon_ok = krb5_principal_compare_any_realm(context,
234		as_reply->client,
235		krb5_anonymous_principal());
236		}
237	232	} else
238	233	canon_ok = 0;
239	234
240	235	if ((!canon_ok &&
241		(!krb5_principal_compare(context, as_reply->client, request->client) \|\|
242		!krb5_principal_compare(context, as_reply->enc_part2->server, request->server)))
	236	!krb5_principal_compare(context, as_reply->enc_part2->server, request->server))
	237	\|\| (!canon_req && !krb5_principal_compare(context, as_reply->client, request->client))
243	238	\|\| !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server)
244	239	\|\| (request->nonce != as_reply->enc_part2->nonce)
245	240	/* XXX check for extraneous flags */

400	395	}
401	396
402	397	#define MAX_IN_TKT_LOOPS 16
403
404		/* Add a pa-data item with the specified type and contents to padptr. /
405		static krb5_error_code
406		add_padata(krb5_pa_data ***padptr, krb5_preauthtype pa_type,
407		const void *contents, unsigned int length)
408		{
409		size_t size = 0;
410		krb5_pa_data *pad = padptr;
411		krb5_pa_data *pa= NULL;
412		if (pad)
413		for (size=0; pad[size]; size++);
414		pad = realloc(pad, sizeof(pad)(size+2));
415		if (pad == NULL)
416		return ENOMEM;
417		*padptr = pad;
418		pad[size] = pad[size + 1] = NULL;
419
420		pa = malloc(sizeof(krb5_pa_data));
421		if (pa == NULL)
422		return ENOMEM;
423		pa->contents = NULL;
424		pa->length = length;
425		if (contents != NULL) {
426		pa->contents = malloc(length);
427		if (pa->contents == NULL) {
428		free(pa);
429		return ENOMEM;
430		}
431		memcpy(pa->contents, contents, length);
432		}
433		pa->pa_type = pa_type;
434		pad[size] = pa;
435		return 0;
436		}
437	398
438	399	/* Sort a pa_data sequence so that types named in the "preferred_preauth_types"
439	400	* libdefaults entry are listed before any others. */

1299	1260	code = encode_krb5_pa_pac_req(&pac_req, &encoded);
1300	1261	if (code)
1301	1262	return code;
1302		code = add_padata(&ctx->request->padata, KRB5_PADATA_PAC_REQUEST,
1303		encoded->data, encoded->length);
	1263	code = k5_add_pa_data_from_data(&ctx->request->padata,
	1264	KRB5_PADATA_PAC_REQUEST, encoded);
1304	1265	krb5_free_data(context, encoded);
1305	1266	return code;
1306	1267	}

1312	1273	{
1313	1274	krb5_error_code code;
1314	1275	krb5_preauthtype pa_type;
	1276	krb5_data copy;
1315	1277	struct errinfo save = EMPTY_ERRINFO;
1316	1278	uint32_t rcode = (ctx->err_reply == NULL) ? 0 : ctx->err_reply->error;
1317	1279

1413	1375	ctx->encoded_previous_request = NULL;
1414	1376	}
1415	1377	if (ctx->info_pa_permitted) {
1416		code = add_padata(&ctx->request->padata, KRB5_PADATA_AS_FRESHNESS,
1417		NULL, 0);
	1378	code = k5_add_empty_pa_data(&ctx->request->padata,
	1379	KRB5_PADATA_AS_FRESHNESS);
1418	1380	if (code)
1419	1381	goto cleanup;
1420		code = add_padata(&ctx->request->padata, KRB5_ENCPADATA_REQ_ENC_PA_REP,
1421		NULL, 0);
	1382	code = k5_add_empty_pa_data(&ctx->request->padata,
	1383	KRB5_ENCPADATA_REQ_ENC_PA_REP);
1422	1384	}
1423	1385	if (code)
1424	1386	goto cleanup;
	1387
	1388	if (ctx->subject_cert != NULL) {
	1389	code = krb5int_copy_data_contents(context, ctx->subject_cert, &copy);
	1390	if (code)
	1391	goto cleanup;
	1392	code = k5_add_pa_data_from_data(&ctx->request->padata,
	1393	KRB5_PADATA_S4U_X509_USER, &copy);
	1394	krb5_free_data_contents(context, &copy);
	1395	if (code)
	1396	goto cleanup;
	1397	}
1425	1398
1426	1399	code = maybe_add_pac_request(context, ctx);
1427	1400	if (code)

1565	1538	* FAST upgrade. */
1566	1539	ctx->restarted = FALSE;
1567	1540	code = restart_init_creds_loop(context, ctx, FALSE);
	1541	} else if (ctx->identify_realm &&
	1542	(reply_code == KDC_ERR_PREAUTH_REQUIRED \|\|
	1543	reply_code == KDC_ERR_KEY_EXP)) {
	1544	/* The client exists in this realm; we can stop. */
	1545	ctx->complete = TRUE;
	1546	goto cleanup;
1568	1547	} else if (reply_code == KDC_ERR_PREAUTH_REQUIRED && retry) {
1569	1548	note_req_timestamp(context, ctx, ctx->err_reply->stime,
1570	1549	ctx->err_reply->susec);

1624	1603	if (code != 0)
1625	1604	goto cleanup;
1626	1605
	1606	if (ctx->identify_realm) {
	1607	/* Just getting a reply means the client exists in this realm. */
	1608	ctx->complete = TRUE;
	1609	goto cleanup;
	1610	}
	1611
1627	1612	code = sort_krb5_padata_sequence(context, &ctx->request->client->realm,
1628	1613	ctx->reply->padata);
1629	1614	if (code != 0)

1849	1834	}
1850	1835
1851	1836	krb5_error_code
	1837	k5_identify_realm(krb5_context context, krb5_principal client,
	1838	const krb5_data subject_cert, krb5_principal client_out)
	1839	{
	1840	krb5_error_code ret;
	1841	krb5_get_init_creds_opt *opts = NULL;
	1842	krb5_init_creds_context ctx = NULL;
	1843	int use_master = 0;
	1844
	1845	*client_out = NULL;
	1846
	1847	ret = krb5_get_init_creds_opt_alloc(context, &opts);
	1848	if (ret)
	1849	goto cleanup;
	1850	krb5_get_init_creds_opt_set_tkt_life(opts, 15);
	1851	krb5_get_init_creds_opt_set_renew_life(opts, 0);
	1852	krb5_get_init_creds_opt_set_forwardable(opts, 0);
	1853	krb5_get_init_creds_opt_set_proxiable(opts, 0);
	1854	krb5_get_init_creds_opt_set_canonicalize(opts, 1);
	1855
	1856	ret = krb5_init_creds_init(context, client, NULL, NULL, 0, opts, &ctx);
	1857	if (ret)
	1858	goto cleanup;
	1859
	1860	ctx->identify_realm = TRUE;
	1861	ctx->subject_cert = subject_cert;
	1862
	1863	ret = k5_init_creds_get(context, ctx, &use_master);
	1864	if (ret)
	1865	goto cleanup;
	1866
	1867	TRACE_INIT_CREDS_IDENTIFIED_REALM(context, &ctx->request->client->realm);
	1868	ret = krb5_copy_principal(context, ctx->request->client, client_out);
	1869
	1870	cleanup:
	1871	krb5_get_init_creds_opt_free(context, opts);
	1872	krb5_init_creds_free(context, ctx);
	1873	return ret;
	1874	}
	1875
	1876	krb5_error_code
1852	1877	k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
1853	1878	krb5_flags options, krb5_address const addrs,
1854	1879	krb5_enctype ktypes, krb5_preauthtype pre_auth_types,

+0

-4

src/lib/krb5/krb/gic_keytab.c less more

129	129	}
130	130	etypes = p;
131	131	etypes[count++] = etype;
132		/* All DES key types work with des-cbc-crc, which is more likely to be
133		* accepted by the KDC (since MIT KDCs refuse des-cbc-md5). */
134		if (etype == ENCTYPE_DES_CBC_MD5 \|\| etype == ENCTYPE_DES_CBC_MD4)
135		etypes[count++] = ENCTYPE_DES_CBC_CRC;
136	132	etypes[count] = 0;
137	133	}
138	134	if (ret != KRB5_KT_END)

+3

-3

src/lib/krb5/krb/in_tkt_sky.c less more

55	55	If addrs is non-NULL, it is used for the addresses requested. If it is
56	56	null, the system standard addresses are used.
57	57
58		If keyblock is NULL, an appropriate key for creds->client is retrieved
59		from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL,
60		it is used as the decryption key.
	58	If keyblock is NULL, an appropriate key for creds->client is retrieved from
	59	the system key store (e.g. /etc/krb5.keytab). If keyblock is non-NULL, it
	60	is used as the decryption key.
61	61
62	62	A succesful call will place the ticket in the credentials cache ccache.
63	63

+2

-0

src/lib/krb5/krb/init_creds_ctx.h less more

19	19	struct _krb5_init_creds_context {
20	20	krb5_get_init_creds_opt *opt;
21	21	krb5_get_init_creds_opt opt_storage;
	22	krb5_boolean identify_realm;
	23	const krb5_data *subject_cert;
22	24	char *in_tkt_service;
23	25	krb5_prompter_fct prompter;
24	26	void *prompter_data;

+111

-95

src/lib/krb5/krb/init_ctx.c less more

55	55	#include "brand.c"
56	56	#include "../krb5_libinit.h"
57	57
58		/* The des-mdX entries are last for now, because it's easy to
59		configure KDCs to issue TGTs with des-mdX keys and then not accept
60		them. This'll be fixed, but for better compatibility, let's prefer
61		des-crc for now. */
62	58	static krb5_enctype default_enctype_list[] = {
63	59	ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
64	60	ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
65	61	ENCTYPE_DES3_CBC_SHA1,
66	62	ENCTYPE_ARCFOUR_HMAC,
67	63	ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
68		ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
69	64	0
70	65	};
71	66

98	93	if (retval)
99	94	TRACE_PROFILE_ERR(ctx, name, KRB5_CONF_LIBDEFAULTS, retval);
100	95	return retval;
	96	}
	97
	98	static krb5_error_code
	99	get_tristate(krb5_context ctx, const char name, const char third_option,
	100	int third_option_val, int def_val, int *val_out)
	101	{
	102	krb5_error_code retval;
	103	char *str;
	104	int match;
	105
	106	retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, name,
	107	NULL, def_val, val_out);
	108	if (retval != PROF_BAD_BOOLEAN)
	109	return retval;
	110	retval = profile_get_string(ctx->profile, KRB5_CONF_LIBDEFAULTS, name,
	111	NULL, NULL, &str);
	112	if (retval)
	113	return retval;
	114	match = (strcasecmp(third_option, str) == 0);
	115	free(str);
	116	if (!match)
	117	return EINVAL;
	118	*val_out = third_option_val;
	119	return 0;
101	120	}
102	121
103	122	krb5_error_code KRB5_CALLCONV

212	231	goto cleanup;
213	232	ctx->ignore_acceptor_hostname = tmp;
214	233
215		retval = get_boolean(ctx, KRB5_CONF_DNS_CANONICALIZE_HOSTNAME, 1, &tmp);
	234	retval = get_boolean(ctx, KRB5_CONF_ENFORCE_OK_AS_DELEGATE, 0, &tmp);
	235	if (retval)
	236	goto cleanup;
	237	ctx->enforce_ok_as_delegate = tmp;
	238
	239	retval = get_tristate(ctx, KRB5_CONF_DNS_CANONICALIZE_HOSTNAME, "fallback",
	240	CANONHOST_FALLBACK, 1, &tmp);
216	241	if (retval)
217	242	goto cleanup;
218	243	ctx->dns_canonicalize_hostname = tmp;

231	256	ctx->default_realm = 0;
232	257	get_integer(ctx, KRB5_CONF_CLOCKSKEW, DEFAULT_CLOCKSKEW, &tmp);
233	258	ctx->clockskew = tmp;
234
235		/* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */
236		/* DCE add kdc_req_checksum_type = 2 to krb5.conf */
237		get_integer(ctx, KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, CKSUMTYPE_RSA_MD5,
238		&tmp);
239		ctx->kdc_req_sumtype = tmp;
240
241		get_integer(ctx, KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, &tmp);
242		ctx->default_ap_req_sumtype = tmp;
243
244		get_integer(ctx, KRB5_CONF_SAFE_CHECKSUM_TYPE, CKSUMTYPE_RSA_MD5_DES,
245		&tmp);
246		ctx->default_safe_sumtype = tmp;
247	259
248	260	get_integer(ctx, KRB5_CONF_KDC_DEFAULT_OPTIONS, KDC_OPT_RENEWABLE_OK,
249	261	&tmp);

303	315	ctx->tgs_etypes = NULL;
304	316	free(ctx->default_realm);
305	317	ctx->default_realm = 0;
306		if (ctx->ser_ctx_count && ctx->ser_ctx) {
307		free(ctx->ser_ctx);
308		ctx->ser_ctx = 0;
309		}
310	318
311	319	krb5_clear_error_message(ctx);
312	320	free(ctx->err_fmt);

470	478	/* Set all enctypes in the default list. */
471	479	for (i = 0; default_list[i]; i++)
472	480	mod_list(default_list[i], sel, weak, &list);
473		} else if (strcasecmp(token, "des") == 0) {
474		mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, &list);
475		mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, &list);
476		mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, &list);
477	481	} else if (strcasecmp(token, "des3") == 0) {
478	482	mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list);
479	483	} else if (strcasecmp(token, "aes") == 0) {

496	500
497	501	if (list == NULL)
498	502	return ENOMEM;
	503	if (list[0] == ENCTYPE_NULL) {
	504	free(list);
	505	return KRB5_CONFIG_ETYPE_NOSUPP;
	506	}
499	507	*result = list;
500	508	return 0;
501	509	}
502	510
503		/*
504		* Set *etypes_ptr to a zero-terminated list of enctypes. ctx_list
505		* (containing application-specified enctypes) is used if non-NULL;
506		* otherwise the libdefaults profile string specified by profkey is
507		* used. default_list is the default enctype list to be used while
508		* parsing profile strings, and is also used if the profile string is
509		* not set.
510		*/
511		static krb5_error_code
512		get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr,
513		char profkey, krb5_enctype ctx_list,
514		krb5_enctype *default_list)
515		{
516		krb5_enctype *etypes;
517		krb5_error_code code;
518		char *profstr;
519
520		*etypes_ptr = NULL;
521
522		if (ctx_list) {
523		/* Use application defaults. */
524		code = k5_copy_etypes(ctx_list, &etypes);
525		if (code)
526		return code;
527		} else {
528		/* Parse profile setting, or "DEFAULT" if not specified. */
529		code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
530		profkey, NULL, "DEFAULT", &profstr);
531		if (code)
532		return code;
533		code = krb5int_parse_enctype_list(context, profkey, profstr,
534		default_list, &etypes);
535		profile_release_string(profstr);
536		if (code)
537		return code;
538		}
539
540		if (etypes[0] == 0) {
541		free(etypes);
542		return KRB5_CONFIG_ETYPE_NOSUPP;
543		}
544
545		*etypes_ptr = etypes;
546		return 0;
547		}
548
549	511	krb5_error_code
550	512	krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes)
551	513	{
552		return get_profile_etype_list(context, ktypes,
553		KRB5_CONF_DEFAULT_TKT_ENCTYPES,
554		context->in_tkt_etypes,
555		default_enctype_list);
	514	krb5_error_code ret;
	515	char *profstr = NULL;
	516	const char *profkey;
	517
	518	*ktypes = NULL;
	519
	520	if (context->in_tkt_etypes != NULL)
	521	return k5_copy_etypes(context->in_tkt_etypes, ktypes);
	522
	523	profkey = KRB5_CONF_DEFAULT_TKT_ENCTYPES;
	524	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	525	profkey, NULL, NULL, &profstr);
	526	if (ret)
	527	return ret;
	528	if (profstr == NULL) {
	529	profkey = KRB5_CONF_PERMITTED_ENCTYPES;
	530	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	531	profkey, NULL, "DEFAULT", &profstr);
	532	if (ret)
	533	return ret;
	534	}
	535
	536	ret = krb5int_parse_enctype_list(context, profkey, profstr,
	537	default_enctype_list, ktypes);
	538	profile_release_string(profstr);
	539	return ret;
556	540	}
557	541
558	542	void

562	546	free (val);
563	547	}
564	548
565		krb5_error_code
566		KRB5_CALLCONV
567		krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes)
568		{
569		if (context->use_conf_ktypes)
570		/* This one is set only by reading the config file; it's not
571		set by the application. */
572		return get_profile_etype_list(context, ktypes,
573		KRB5_CONF_DEFAULT_TGS_ENCTYPES, NULL,
574		default_enctype_list);
575		else
576		return get_profile_etype_list(context, ktypes,
577		KRB5_CONF_DEFAULT_TGS_ENCTYPES,
578		context->tgs_etypes,
579		default_enctype_list);
	549	krb5_error_code KRB5_CALLCONV
	550	krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ,
	551	krb5_enctype **ktypes)
	552	{
	553	krb5_error_code ret;
	554	char *profstr = NULL;
	555	const char *profkey;
	556
	557	*ktypes = NULL;
	558
	559	/* Use only profile configuration when use_conf_ktypes is set. */
	560	if (!context->use_conf_ktypes && context->tgs_etypes != NULL)
	561	return k5_copy_etypes(context->tgs_etypes, ktypes);
	562
	563	profkey = KRB5_CONF_DEFAULT_TGS_ENCTYPES;
	564	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	565	profkey, NULL, NULL, &profstr);
	566	if (ret)
	567	return ret;
	568	if (profstr == NULL) {
	569	profkey = KRB5_CONF_PERMITTED_ENCTYPES;
	570	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	571	profkey, NULL, "DEFAULT", &profstr);
	572	if (ret)
	573	return ret;
	574	}
	575
	576	ret = krb5int_parse_enctype_list(context, profkey, profstr,
	577	default_enctype_list, ktypes);
	578	profile_release_string(profstr);
	579	return ret;
580	580	}
581	581
582	582	krb5_error_code KRB5_CALLCONV
583	583	krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
584	584	{
585		return get_profile_etype_list(context, ktypes,
586		KRB5_CONF_PERMITTED_ENCTYPES,
587		context->tgs_etypes, default_enctype_list);
	585	krb5_error_code ret;
	586	char *profstr = NULL;
	587	const char *profkey;
	588
	589	*ktypes = NULL;
	590
	591	if (context->tgs_etypes != NULL)
	592	return k5_copy_etypes(context->tgs_etypes, ktypes);
	593
	594	profkey = KRB5_CONF_PERMITTED_ENCTYPES;
	595	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	596	profkey, NULL, "DEFAULT", &profstr);
	597	if (ret)
	598	return ret;
	599
	600	ret = krb5int_parse_enctype_list(context, profkey, profstr,
	601	default_enctype_list, ktypes);
	602	profile_release_string(profstr);
	603	return ret;
588	604	}
589	605
590	606	krb5_boolean

+48

-0

src/lib/krb5/krb/int-proto.h less more

142	142	krb5_error_code
143	143	krb5int_copy_authdatum(krb5_context, const krb5_authdata , krb5_authdata *);
144	144
	145	/* Set replay data fields in rdata and caller_rdata according to the flags in
	146	* authcon. */
	147	krb5_error_code
	148	k5_privsafe_gen_rdata(krb5_context context, krb5_auth_context authcon,
	149	krb5_replay_data rdata, krb5_replay_data caller_rdata);
	150
	151	/*
	152	* Set local_out and remote_out to addresses based on authcon. The resulting
	153	* pointers should not be freed, but addresses may be placed into *lstorage and
	154	* *rstorage which the caller must free, even on error.
	155	*/
	156	krb5_error_code
	157	k5_privsafe_gen_addrs(krb5_context context, krb5_auth_context authcon,
	158	krb5_address lstorage, krb5_address rstorage,
	159	krb5_address local_out, krb5_address remote_out);
	160
	161	/*
	162	* If the DO_TIME flag is set in authcon, store a replay record in a memory
	163	* replay cache (initializing one if necessary). Either enc or cksum must be
	164	* non-null. If rdata is not null, also check that its timestamp is within
	165	* clock skew.
	166	*/
	167	krb5_error_code
	168	k5_privsafe_check_replay(krb5_context context, krb5_auth_context authcon,
	169	const krb5_replay_data *rdata,
	170	const krb5_enc_data enc, const krb5_checksum cksum);
	171
145	172	krb5_boolean
146	173	k5_privsafe_check_seqnum(krb5_context ctx, krb5_auth_context ac,
147	174	krb5_ui_4 in_seq);

265	292	const char in_tkt_service, krb5_get_init_creds_opt options,
266	293	get_as_key_fn gak, void gak_data, int master,
267	294	krb5_kdc_rep **as_reply);
	295
	296	/*
	297	* Make AS requests with the canonicalize flag set, stopping when we get a
	298	* message indicating which realm the client principal is in. Set *client_out
	299	* to a copy of client with the canonical realm. If subject_cert is non-null,
	300	* include PA_S4U_X509_USER pa-data with the subject certificate each request.
	301	* (See [MS-SFU] 3.1.5.1.1.1 and 3.1.5.1.1.2.)
	302	*/
	303	krb5_error_code
	304	k5_identify_realm(krb5_context context, krb5_principal client,
	305	const krb5_data subject_cert, krb5_principal client_out);
268	306
269	307	krb5_error_code
270	308	k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **opt,

337	375	k5_get_etype_info(krb5_context context, krb5_init_creds_context ctx,
338	376	krb5_pa_data **padata);
339	377
	378	/*
	379	* Make an S4U2Proxy (constrained delegation) request. in_creds->client is the
	380	* impersonator principal, and in_creds->second_ticket is the evidence
	381	* ticket.
	382	*/
	383	krb5_error_code
	384	k5_get_proxy_cred_from_kdc(krb5_context context, krb5_flags options,
	385	krb5_ccache ccache, krb5_creds *in_creds,
	386	krb5_creds **out_creds);
	387
340	388	#endif /* KRB5_INT_FUNC_PROTO__ */

+218

-295

src/lib/krb5/krb/mk_cred.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/krb/mk_cred.c - definition of krb5_mk_ncred(), krb5_mk_1cred() */
1	2	/*
2		* NAME
3		* cred.c
4		*
5		* DESCRIPTION
6		* Provide an interface to assemble and disassemble krb5_cred
7		* structures.
8		*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
9	30	*/
	31
10	32	#include "k5-int.h"
11	33	#include "int-proto.h"
12		#include "cleanup.h"
13	34	#include "auth_con.h"
14	35
15		#include <stddef.h> /* NULL */
16		#include <stdlib.h> /* malloc */
17		#include <errno.h> /* ENOMEM */
18
19		/-------------------- encrypt_credencpart --------------------/
	36	/* Encrypt the enc_part of krb5_cred. key may be NULL to use the unencrypted
	37	* KRB-CRED form (RFC 6448). */
	38	static krb5_error_code
	39	encrypt_credencpart(krb5_context context, krb5_cred_enc_part *encpart,
	40	krb5_key key, krb5_enc_data *encdata_out)
	41	{
	42	krb5_error_code ret;
	43	krb5_data *der_enccred;
	44
	45	/* Start by encoding to-be-encrypted part of the message. */
	46	ret = encode_krb5_enc_cred_part(encpart, &der_enccred);
	47	if (ret)
	48	return ret;
	49
	50	if (key == NULL) {
	51	/* Just copy the encoded data to the ciphertext area. */
	52	encdata_out->enctype = ENCTYPE_NULL;
	53	encdata_out->ciphertext = *der_enccred;
	54	free(der_enccred);
	55	return 0;
	56	}
	57
	58	ret = k5_encrypt_keyhelper(context, key, KRB5_KEYUSAGE_KRB_CRED_ENCPART,
	59	der_enccred, encdata_out);
	60
	61	zapfreedata(der_enccred);
	62	return ret;
	63	}
20	64
21	65	/*
22		* encrypt the enc_part of krb5_cred
	66	* Marshal a KRB-CRED message into der_out, encrypted with key (or unencrypted
	67	* if key is NULL). Store the ciphertext in enc_out. Use the timestamp and
	68	* sequence number from rdata and the addresses from local_addr and remote_addr
	69	* (either of which may be NULL). der_out and enc_out should be freed by the
	70	* caller when finished.
23	71	*/
24	72	static krb5_error_code
25		encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
26		krb5_key pkey, krb5_enc_data *pencdata)
27		{
28		krb5_error_code retval;
29		krb5_data * scratch;
30
31		/* start by encoding to-be-encrypted part of the message */
32		if ((retval = encode_krb5_enc_cred_part(pcredpart, &scratch)))
33		return retval;
34
35		/*
36		* If the keyblock is NULL, just copy the data from the encoded
37		* data to the ciphertext area.
38		*/
39		if (pkey == NULL) {
40		pencdata->ciphertext.data = scratch->data;
41		pencdata->ciphertext.length = scratch->length;
42		free(scratch);
43		return 0;
44		}
45
46		/* call the encryption routine */
47		retval = k5_encrypt_keyhelper(context, pkey,
48		KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch,
49		pencdata);
50
51		memset(scratch->data, 0, scratch->length);
52		krb5_free_data(context, scratch);
53
	73	create_krbcred(krb5_context context, krb5_creds **creds, krb5_key key,
	74	const krb5_replay_data rdata, krb5_address local_addr,
	75	krb5_address remote_addr, krb5_data *der_out,
	76	krb5_enc_data *enc_out)
	77	{
	78	krb5_error_code ret;
	79	krb5_cred_enc_part credenc;
	80	krb5_cred cred;
	81	krb5_ticket **tickets = NULL;
	82	krb5_cred_info *ticket_info = NULL, tinfos = NULL;
	83	krb5_enc_data enc;
	84	size_t i, ncreds;
	85
	86	*der_out = NULL;
	87	memset(enc_out, 0, sizeof(*enc_out));
	88	memset(&enc, 0, sizeof(enc));
	89
	90	for (ncreds = 0; creds[ncreds] != NULL; ncreds++);
	91
	92	tickets = k5calloc(ncreds + 1, sizeof(*tickets), &ret);
	93	if (tickets == NULL)
	94	goto cleanup;
	95
	96	ticket_info = k5calloc(ncreds + 1, sizeof(*ticket_info), &ret);
	97	if (ticket_info == NULL)
	98	goto cleanup;
	99
	100	tinfos = k5calloc(ncreds, sizeof(*tinfos), &ret);
	101	if (tinfos == NULL)
	102	goto cleanup;
	103
	104	/* For each credential in the list, decode the ticket and create a cred
	105	* info structure using alias pointers. */
	106	for (i = 0; i < ncreds; i++) {
	107	ret = decode_krb5_ticket(&creds[i]->ticket, &tickets[i]);
	108	if (ret)
	109	goto cleanup;
	110
	111	tinfos[i].magic = KV5M_CRED_INFO;
	112	tinfos[i].times = creds[i]->times;
	113	tinfos[i].flags = creds[i]->ticket_flags;
	114	tinfos[i].session = &creds[i]->keyblock;
	115	tinfos[i].client = creds[i]->client;
	116	tinfos[i].server = creds[i]->server;
	117	tinfos[i].caddrs = creds[i]->addresses;
	118	ticket_info[i] = &tinfos[i];
	119	}
	120
	121	/* Encrypt the credential encrypted part. */
	122	credenc.magic = KV5M_CRED_ENC_PART;
	123	credenc.s_address = local_addr;
	124	credenc.r_address = remote_addr;
	125	credenc.nonce = rdata->seq;
	126	credenc.usec = rdata->usec;
	127	credenc.timestamp = rdata->timestamp;
	128	credenc.ticket_info = ticket_info;
	129	ret = encrypt_credencpart(context, &credenc, key, &enc);
	130	if (ret)
	131	goto cleanup;
	132
	133	/* Encode the KRB-CRED message. */
	134	cred.magic = KV5M_CRED;
	135	cred.tickets = tickets;
	136	cred.enc_part = enc;
	137	ret = encode_krb5_cred(&cred, der_out);
	138	if (ret)
	139	goto cleanup;
	140
	141	*enc_out = enc;
	142	memset(&enc, 0, sizeof(enc));
	143
	144	cleanup:
	145	krb5_free_tickets(context, tickets);
	146	krb5_free_data_contents(context, &enc.ciphertext);
	147	free(tinfos);
	148	free(ticket_info);
	149	return ret;
	150	}
	151
	152	krb5_error_code KRB5_CALLCONV
	153	krb5_mk_ncred(krb5_context context, krb5_auth_context authcon,
	154	krb5_creds creds, krb5_data der_out,
	155	krb5_replay_data *rdata_out)
	156	{
	157	krb5_error_code ret;
	158	krb5_key key;
	159	krb5_replay_data rdata;
	160	krb5_data *der_krbcred = NULL;
	161	krb5_enc_data enc;
	162	krb5_address local_addr, remote_addr, lstorage, rstorage;
	163
	164	*der_out = NULL;
	165	memset(&enc, 0, sizeof(enc));
	166	memset(&lstorage, 0, sizeof(lstorage));
	167	memset(&rstorage, 0, sizeof(rstorage));
	168
	169	if (creds == NULL)
	170	return KRB5KRB_AP_ERR_BADADDR;
	171
	172	ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
	173	if (ret)
	174	goto cleanup;
	175	/* Historically we always set the timestamp, so keep doing that. */
	176	if (rdata.timestamp == 0) {
	177	ret = krb5_us_timeofday(context, &rdata.timestamp, &rdata.usec);
	178	if (ret)
	179	goto cleanup;
	180	}
	181
	182	ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
	183	&local_addr, &remote_addr);
	184	if (ret)
	185	goto cleanup;
	186
	187	key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
	188	ret = create_krbcred(context, creds, key, &rdata, local_addr, remote_addr,
	189	&der_krbcred, &enc);
	190	if (ret)
	191	goto cleanup;
	192
	193	if (key != NULL) {
	194	ret = k5_privsafe_check_replay(context, authcon, NULL, &enc, NULL);
	195	if (ret)
	196	goto cleanup;
	197	}
	198
	199	*der_out = der_krbcred;
	200	der_krbcred = NULL;
	201	if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
	202	(authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
	203	authcon->local_seq_number++;
	204
	205	cleanup:
	206	krb5_free_data_contents(context, &enc.ciphertext);
	207	free(lstorage.contents);
	208	free(rstorage.contents);
	209	zapfreedata(der_krbcred);
	210	return ret;
	211	}
	212
	213	krb5_error_code KRB5_CALLCONV
	214	krb5_mk_1cred(krb5_context context, krb5_auth_context authcon,
	215	krb5_creds creds, krb5_data *der_out,
	216	krb5_replay_data *rdata_out)
	217	{
	218	krb5_error_code retval;
	219	krb5_creds **list;
	220
	221	list = calloc(2, sizeof(*list));
	222	if (list == NULL)
	223	return ENOMEM;
	224
	225	list[0] = creds;
	226	list[1] = NULL;
	227	retval = krb5_mk_ncred(context, authcon, list, der_out, rdata_out);
	228	free(list);
54	229	return retval;
55	230	}
56
57		/----------------------- krb5_mk_ncred_basic -----------------------/
58
59		static krb5_error_code
60		krb5_mk_ncred_basic(krb5_context context,
61		krb5_creds **ppcreds, krb5_int32 nppcreds,
62		krb5_key key, krb5_replay_data *replaydata,
63		krb5_address local_addr, krb5_address remote_addr,
64		krb5_cred *pcred)
65		{
66		krb5_cred_enc_part credenc;
67		krb5_error_code retval;
68		size_t size;
69		int i;
70
71		credenc.magic = KV5M_CRED_ENC_PART;
72
73		credenc.s_address = 0;
74		credenc.r_address = 0;
75		if (local_addr) krb5_copy_addr(context, local_addr, &credenc.s_address);
76		if (remote_addr) krb5_copy_addr(context, remote_addr, &credenc.r_address);
77
78		credenc.nonce = replaydata->seq;
79		credenc.usec = replaydata->usec;
80		credenc.timestamp = replaydata->timestamp;
81
82		/* Get memory for creds and initialize it */
83		size = sizeof(krb5_cred_info ) (nppcreds + 1);
84		credenc.ticket_info = (krb5_cred_info **) calloc(1, size);
85		if (credenc.ticket_info == NULL)
86		return ENOMEM;
87
88		/*
89		* For each credential in the list, initialize a cred info
90		* structure and copy the ticket into the ticket list.
91		*/
92		for (i = 0; i < nppcreds; i++) {
93		credenc.ticket_info[i] = calloc(1, sizeof(krb5_cred_info));
94		if (credenc.ticket_info[i] == NULL) {
95		retval = ENOMEM;
96		goto cleanup;
97		}
98		credenc.ticket_info[i+1] = NULL;
99
100		credenc.ticket_info[i]->magic = KV5M_CRED_INFO;
101		credenc.ticket_info[i]->times = ppcreds[i]->times;
102		credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags;
103
104		if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket,
105		&pcred->tickets[i])))
106		goto cleanup;
107
108		if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock,
109		&credenc.ticket_info[i]->session)))
110		goto cleanup;
111
112		if ((retval = krb5_copy_principal(context, ppcreds[i]->client,
113		&credenc.ticket_info[i]->client)))
114		goto cleanup;
115
116		if ((retval = krb5_copy_principal(context, ppcreds[i]->server,
117		&credenc.ticket_info[i]->server)))
118		goto cleanup;
119
120		if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses,
121		&credenc.ticket_info[i]->caddrs)))
122		goto cleanup;
123		}
124
125		/*
126		* NULL terminate the lists.
127		*/
128		pcred->tickets[i] = NULL;
129
130		/* encrypt the credential encrypted part */
131		retval = encrypt_credencpart(context, &credenc, key, &pcred->enc_part);
132
133		cleanup:
134		krb5_free_cred_enc_part(context, &credenc);
135		return retval;
136		}
137
138		/----------------------- krb5_mk_ncred -----------------------/
139
140		/*
141		* This functions takes as input an array of krb5_credentials, and
142		* outputs an encoded KRB_CRED message suitable for krb5_rd_cred
143		*/
144		krb5_error_code KRB5_CALLCONV
145		krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
146		krb5_creds ppcreds, krb5_data ppdata,
147		krb5_replay_data *outdata)
148		{
149		krb5_address * premote_fulladdr = NULL;
150		krb5_address * plocal_fulladdr = NULL;
151		krb5_address remote_fulladdr;
152		krb5_address local_fulladdr;
153		krb5_error_code retval;
154		krb5_key key;
155		krb5_replay_data replaydata;
156		krb5_cred * pcred;
157		krb5_int32 ncred;
158		krb5_boolean increased_sequence = FALSE;
159
160		local_fulladdr.contents = 0;
161		remote_fulladdr.contents = 0;
162		memset(&replaydata, 0, sizeof(krb5_replay_data));
163
164		if (ppcreds == NULL)
165		return KRB5KRB_AP_ERR_BADADDR;
166
167		/*
168		* Allocate memory for a NULL terminated list of tickets.
169		*/
170		for (ncred = 0; ppcreds[ncred]; ncred++)
171		;
172
173		if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL)
174		return ENOMEM;
175
176		if ((pcred->tickets
177		= (krb5_ticket **)calloc((size_t)ncred+1,
178		sizeof(krb5_ticket *))) == NULL) {
179		retval = ENOMEM;
180		goto error;
181		}
182
183		/* Get keyblock */
184		if ((key = auth_context->send_subkey) == NULL)
185		key = auth_context->key;
186
187		/* Get replay info */
188		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
189		(auth_context->rcache == NULL)) {
190		retval = KRB5_RC_REQUIRED;
191		goto error;
192		}
193
194		if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
195		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
196		&& (outdata == NULL)) {
197		/* Need a better error */
198		retval = KRB5_RC_REQUIRED;
199		goto error;
200		}
201
202		if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
203		&replaydata.usec)))
204		goto error;
205		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
206		outdata->timestamp = replaydata.timestamp;
207		outdata->usec = replaydata.usec;
208		}
209		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
210		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
211		replaydata.seq = auth_context->local_seq_number++;
212		increased_sequence = TRUE;
213		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
214		outdata->seq = replaydata.seq;
215		}
216
217		if (auth_context->local_addr) {
218		if (auth_context->local_port) {
219		if ((retval = krb5_make_fulladdr(context, auth_context->local_addr,
220		auth_context->local_port,
221		&local_fulladdr)))
222		goto error;
223		plocal_fulladdr = &local_fulladdr;
224		} else {
225		plocal_fulladdr = auth_context->local_addr;
226		}
227		}
228
229		if (auth_context->remote_addr) {
230		if (auth_context->remote_port) {
231		if ((retval = krb5_make_fulladdr(context,auth_context->remote_addr,
232		auth_context->remote_port,
233		&remote_fulladdr)))
234		goto error;
235		premote_fulladdr = &remote_fulladdr;
236		} else {
237		premote_fulladdr = auth_context->remote_addr;
238		}
239		}
240
241		/* Setup creds structure */
242		if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, key,
243		&replaydata, plocal_fulladdr,
244		premote_fulladdr, pcred))) {
245		goto error;
246		}
247
248		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
249		krb5_donot_replay replay;
250
251		if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
252		"_forw", &replay.client)))
253		goto error;
254
255		replay.server = ""; /* XXX */
256		replay.msghash = NULL;
257		replay.cusec = replaydata.usec;
258		replay.ctime = replaydata.timestamp;
259		if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
260		/* should we really error out here? XXX */
261		free(replay.client);
262		goto error;
263		}
264		free(replay.client);
265		}
266
267		/* Encode creds structure */
268		retval = encode_krb5_cred(pcred, ppdata);
269
270		error:
271		free(local_fulladdr.contents);
272		free(remote_fulladdr.contents);
273		krb5_free_cred(context, pcred);
274
275		if (retval) {
276		if (increased_sequence)
277		auth_context->local_seq_number--;
278		}
279		return retval;
280		}
281
282		/----------------------- krb5_mk_1cred -----------------------/
283
284		/*
285		* A convenience function that calls krb5_mk_ncred.
286		*/
287		krb5_error_code KRB5_CALLCONV
288		krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context,
289		krb5_creds pcreds, krb5_data *ppdata,
290		krb5_replay_data *outdata)
291		{
292		krb5_error_code retval;
293		krb5_creds **ppcreds;
294
295		if ((ppcreds = (krb5_creds *)malloc(sizeof(ppcreds) * 2)) == NULL) {
296		return ENOMEM;
297		}
298
299		ppcreds[0] = pcreds;
300		ppcreds[1] = NULL;
301
302		retval = krb5_mk_ncred(context, auth_context, ppcreds,
303		ppdata, outdata);
304
305		free(ppcreds);
306		return retval;
307		}

+118

-188

src/lib/krb5/krb/mk_priv.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/krb/mk_priv.c */
	1	/* lib/krb5/krb/mk_priv.c - definition of krb5_mk_priv() */
2	2	/*
3		* Copyright 1990,1991 by the Massachusetts Institute of Technology.
	3	* Copyright 1990,1991,2019 by the Massachusetts Institute of Technology.
4	4	* All Rights Reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
10	9	*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"
27		#include "cleanup.h"
	33	#include "int-proto.h"
28	34	#include "auth_con.h"
29	35
	36	/*
	37	* Marshal a KRB-PRIV message into der_out, encrypted with key. Store the
	38	* ciphertext in enc_out. Use the timestamp and sequence number from rdata and
	39	* the addresses from local_addr and remote_addr (the second of which may be
	40	* NULL). der_out and enc_out should be freed by the caller when finished.
	41	*/
30	42	static krb5_error_code
31		mk_priv_basic(krb5_context context, const krb5_data *userdata,
32		krb5_key key, krb5_replay_data *replaydata,
33		krb5_address local_addr, krb5_address remote_addr,
34		krb5_data cstate, krb5_data outbuf)
	43	create_krbpriv(krb5_context context, const krb5_data *userdata,
	44	krb5_key key, const krb5_replay_data *rdata,
	45	krb5_address local_addr, krb5_address remote_addr,
	46	krb5_data cstate, krb5_data der_out, krb5_enc_data *enc_out)
35	47	{
36		krb5_enctype enctype = krb5_k_key_enctype(context, key);
37		krb5_error_code retval;
38		krb5_priv privmsg;
39		krb5_priv_enc_part privmsg_enc_part;
40		krb5_data scratch1, scratch2;
41		size_t enclen;
	48	krb5_enctype enctype = krb5_k_key_enctype(context, key);
	49	krb5_error_code ret;
	50	krb5_priv privmsg;
	51	krb5_priv_enc_part encpart;
	52	krb5_data der_encpart = NULL, der_krbpriv;
	53	size_t enclen;
42	54
43		privmsg.enc_part.kvno = 0; /* XXX allow user-set? */
	55	memset(&privmsg, 0, sizeof(privmsg));
	56	privmsg.enc_part.kvno = 0;
44	57	privmsg.enc_part.enctype = enctype;
	58	encpart.user_data = *userdata;
	59	encpart.s_address = local_addr;
	60	encpart.r_address = remote_addr;
	61	encpart.timestamp = rdata->timestamp;
	62	encpart.usec = rdata->usec;
	63	encpart.seq_number = rdata->seq;
45	64
46		privmsg_enc_part.user_data = *userdata;
47		privmsg_enc_part.s_address = local_addr;
48		privmsg_enc_part.r_address = remote_addr;
49
50		/* We should check too make sure one exists. */
51		privmsg_enc_part.timestamp = replaydata->timestamp;
52		privmsg_enc_part.usec = replaydata->usec;
53		privmsg_enc_part.seq_number = replaydata->seq;
54
55		/* start by encoding to-be-encrypted part of the message */
56		if ((retval = encode_krb5_enc_priv_part(&privmsg_enc_part, &scratch1)))
57		return retval;
	65	/* Start by encoding the to-be-encrypted part of the message. */
	66	ret = encode_krb5_enc_priv_part(&encpart, &der_encpart);
	67	if (ret)
	68	return ret;
58	69
59	70	/* put together an eblock for this encryption */
60		if ((retval = krb5_c_encrypt_length(context, enctype,
61		scratch1->length, &enclen)))
62		goto clean_scratch;
	71	ret = krb5_c_encrypt_length(context, enctype, der_encpart->length,
	72	&enclen);
	73	if (ret)
	74	goto cleanup;
63	75
64		privmsg.enc_part.ciphertext.length = enclen;
65		if (!(privmsg.enc_part.ciphertext.data =
66		malloc(privmsg.enc_part.ciphertext.length))) {
67		retval = ENOMEM;
68		goto clean_scratch;
69		}
	76	ret = alloc_data(&privmsg.enc_part.ciphertext, enclen);
	77	if (ret)
	78	goto cleanup;
70	79
71		if ((retval = krb5_k_encrypt(context, key,
72		KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
73		(cstate->length > 0) ? cstate : NULL,
74		scratch1, &privmsg.enc_part)))
75		goto clean_encpart;
	80	ret = krb5_k_encrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
	81	(cstate->length > 0) ? cstate : NULL, der_encpart,
	82	&privmsg.enc_part);
	83	if (ret)
	84	goto cleanup;
76	85
77		if ((retval = encode_krb5_priv(&privmsg, &scratch2)))
78		goto clean_encpart;
	86	ret = encode_krb5_priv(&privmsg, &der_krbpriv);
	87	if (ret)
	88	goto cleanup;
79	89
80		outbuf = scratch2;
81		free(scratch2);
82		retval = 0;
	90	der_out = der_krbpriv;
	91	free(der_krbpriv);
83	92
84		clean_encpart:
85		memset(privmsg.enc_part.ciphertext.data, 0,
86		privmsg.enc_part.ciphertext.length);
87		free(privmsg.enc_part.ciphertext.data);
88		privmsg.enc_part.ciphertext.length = 0;
89		privmsg.enc_part.ciphertext.data = 0;
	93	*enc_out = privmsg.enc_part;
	94	memset(&privmsg.enc_part, 0, sizeof(privmsg.enc_part));
90	95
91		clean_scratch:
92		memset(scratch1->data, 0, scratch1->length);
93		krb5_free_data(context, scratch1);
94
95		return retval;
	96	cleanup:
	97	zapfree(privmsg.enc_part.ciphertext.data,
	98	privmsg.enc_part.ciphertext.length);
	99	zapfreedata(der_encpart);
	100	return ret;
96	101	}
97	102
98	103
99	104	krb5_error_code KRB5_CALLCONV
100		krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
101		const krb5_data userdata, krb5_data outbuf,
102		krb5_replay_data *outdata)
	105	krb5_mk_priv(krb5_context context, krb5_auth_context authcon,
	106	const krb5_data userdata, krb5_data der_out,
	107	krb5_replay_data *rdata_out)
103	108	{
104		krb5_error_code retval;
105		krb5_key key;
106		krb5_replay_data replaydata;
107		krb5_data buf = empty_data();
	109	krb5_error_code ret;
	110	krb5_key key;
	111	krb5_replay_data rdata;
	112	krb5_data der_krbpriv = empty_data();
	113	krb5_enc_data enc;
	114	krb5_address local_addr, remote_addr, lstorage, rstorage;
108	115
109		*outbuf = empty_data();
110
111		/* Clear replaydata block */
112		memset(&replaydata, 0, sizeof(krb5_replay_data));
113
114		/* Get keyblock */
115		if ((key = auth_context->send_subkey) == NULL)
116		key = auth_context->key;
117
118		/* Get replay info */
119		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
120		(auth_context->rcache == NULL))
121		return KRB5_RC_REQUIRED;
122
123		if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
124		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
125		(outdata == NULL))
126		/* Need a better error */
127		return KRB5_RC_REQUIRED;
128
129		if (!auth_context->local_addr)
	116	*der_out = empty_data();
	117	memset(&enc, 0, sizeof(enc));
	118	memset(&lstorage, 0, sizeof(lstorage));
	119	memset(&rstorage, 0, sizeof(rstorage));
	120	if (!authcon->local_addr)
130	121	return KRB5_LOCAL_ADDR_REQUIRED;
131	122
132		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) \|\|
133		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
134		if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
135		&replaydata.usec)))
136		return retval;
137		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
138		outdata->timestamp = replaydata.timestamp;
139		outdata->usec = replaydata.usec;
140		}
141		}
142		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
143		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
144		replaydata.seq = auth_context->local_seq_number++;
145		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
146		outdata->seq = replaydata.seq;
147		}
	123	ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
	124	if (ret)
	125	goto cleanup;
148	126
149		{
150		krb5_address * premote_fulladdr = NULL;
151		krb5_address * plocal_fulladdr;
152		krb5_address remote_fulladdr;
153		krb5_address local_fulladdr;
154		CLEANUP_INIT(2);
	127	ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
	128	&local_addr, &remote_addr);
	129	if (ret)
	130	goto cleanup;
155	131
156		if (auth_context->local_port) {
157		if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
158		auth_context->local_port,
159		&local_fulladdr))) {
160		CLEANUP_PUSH(local_fulladdr.contents, free);
161		plocal_fulladdr = &local_fulladdr;
162		} else {
163		goto error;
164		}
165		} else {
166		plocal_fulladdr = auth_context->local_addr;
167		}
	132	key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
	133	ret = create_krbpriv(context, userdata, key, &rdata, local_addr,
	134	remote_addr, &authcon->cstate, &der_krbpriv, &enc);
	135	if (ret)
	136	goto cleanup;
168	137
169		if (auth_context->remote_addr) {
170		if (auth_context->remote_port) {
171		if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
172		auth_context->remote_port,
173		&remote_fulladdr))){
174		CLEANUP_PUSH(remote_fulladdr.contents, free);
175		premote_fulladdr = &remote_fulladdr;
176		} else {
177		CLEANUP_DONE();
178		goto error;
179		}
180		} else {
181		premote_fulladdr = auth_context->remote_addr;
182		}
183		}
	138	ret = k5_privsafe_check_replay(context, authcon, NULL, &enc, NULL);
	139	if (ret)
	140	goto cleanup;
184	141
185		if ((retval = mk_priv_basic(context, userdata, key, &replaydata,
186		plocal_fulladdr, premote_fulladdr,
187		&auth_context->cstate, &buf))) {
188		CLEANUP_DONE();
189		goto error;
190		}
	142	*der_out = der_krbpriv;
	143	der_krbpriv = empty_data();
	144	if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
	145	(authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
	146	authcon->local_seq_number++;
191	147
192		CLEANUP_DONE();
193		}
194
195		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
196		krb5_donot_replay replay;
197
198		if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
199		"_priv", &replay.client)))
200		goto error;
201
202		replay.server = ""; /* XXX */
203		replay.msghash = NULL;
204		replay.cusec = replaydata.usec;
205		replay.ctime = replaydata.timestamp;
206		if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
207		/* should we really error out here? XXX */
208		free(replay.client);
209		goto error;
210		}
211		free(replay.client);
212		}
213
214		*outbuf = buf;
215		return 0;
216
217		error:
218		krb5_free_data_contents(context, &buf);
219		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
220		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
221		auth_context->local_seq_number--;
222
223		return retval;
	148	cleanup:
	149	krb5_free_data_contents(context, &der_krbpriv);
	150	zapfree(enc.ciphertext.data, enc.ciphertext.length);
	151	free(lstorage.contents);
	152	free(rstorage.contents);
	153	return ret;
224	154	}

+4

-39

src/lib/krb5/krb/mk_req_ext.c less more

81	81	krb5_enctype *desired_etypes,
82	82	krb5_enctype tkt_enctype);
83	83
84		/* Return the checksum type for the AP request, or 0 to use the enctype's
85		* mandatory checksum. */
86		static krb5_cksumtype
87		ap_req_cksum(krb5_context context, krb5_auth_context auth_context,
88		krb5_enctype enctype)
89		{
90		/* Use the configured checksum type if one was set. */
91		if (auth_context->req_cksumtype)
92		return auth_context->req_cksumtype;
93
94		/*
95		* Otherwise choose based on the enctype. For interoperability with very
96		* old implementations, use unkeyed MD4 or MD5 checkums for DES enctypes.
97		* (The authenticator checksum does not have to be keyed since it is
98		* contained within an encrypted blob.)
99		*/
100		switch (enctype) {
101		case ENCTYPE_DES_CBC_CRC:
102		case ENCTYPE_DES_CBC_MD5:
103		return CKSUMTYPE_RSA_MD5;
104		break;
105		case ENCTYPE_DES_CBC_MD4:
106		return CKSUMTYPE_RSA_MD4;
107		break;
108		default:
109		/* Use the mandatory checksum type for the enctype. */
110		return 0;
111		}
112		}
113
114	84	krb5_error_code KRB5_CALLCONV
115	85	krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
116	86	krb5_flags ap_req_options, krb5_data *in_data,

197	167	checksum.length = in_data->length;
198	168	checksum.contents = (krb5_octet *) in_data->data;
199	169	} else {
200		krb5_enctype enctype = krb5_k_key_enctype(context,
201		(*auth_context)->key);
202		krb5_cksumtype cksumtype = ap_req_cksum(context, *auth_context,
203		enctype);
204		if ((retval = krb5_k_make_checksum(context,
205		cksumtype,
206		(*auth_context)->key,
207		KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
208		in_data, &checksum)))
	170	retval = krb5_k_make_checksum(context, 0, (*auth_context)->key,
	171	KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
	172	in_data, &checksum);
	173	if (retval)
209	174	goto cleanup_cksum;
210	175	}
211	176	checksump = &checksum;

+111

-195

src/lib/krb5/krb/mk_safe.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/krb/mk_safe.c */
	1	/* lib/krb5/krb/mk_safe.c - definition of krb5_mk_safe() */
2	2	/*
3		* Copyright 1990,1991 by the Massachusetts Institute of Technology.
	3	* Copyright 1990,1991,2019 by the Massachusetts Institute of Technology.
4	4	* All Rights Reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
10	9	*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"
27		#include "cleanup.h"
	33	#include "int-proto.h"
28	34	#include "auth_con.h"
29	35
30	36	/*
31		Formats a KRB_SAFE message into outbuf.
32
33		userdata is formatted as the user data in the message.
34		sumtype specifies the encryption type; key specifies the key which
35		might be used to seed the checksum; sender_addr and recv_addr specify
36		the full addresses (host and port) of the sender and receiver.
37		The host portion of sender_addr is used to form the addresses used in the
38		KRB_SAFE message.
39
40		The outbuf buffer storage is allocated, and should be freed by the
41		caller when finished.
42
43		returns system errors
44		*/
	37	* Marshal a KRB-SAFE message into der_out, with a keyed checksum of type
	38	* sumtype. Store the checksum in cksum_out. Use the timestamp and sequence
	39	* number from rdata and the addresses from local_addr and remote_addr (the
	40	* second of which may be NULL). der_out and cksum_out should be freed by the
	41	* caller when finished.
	42	*/
45	43	static krb5_error_code
46		krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
47		krb5_key key, krb5_replay_data *replaydata,
48		krb5_address local_addr, krb5_address remote_addr,
49		krb5_cksumtype sumtype, krb5_data *outbuf)
	44	create_krbsafe(krb5_context context, const krb5_data *userdata, krb5_key key,
	45	const krb5_replay_data rdata, krb5_address local_addr,
	46	krb5_address *remote_addr, krb5_cksumtype sumtype,
	47	krb5_data der_out, krb5_checksum cksum_out)
50	48	{
51		krb5_error_code retval;
	49	krb5_error_code ret;
52	50	krb5_safe safemsg;
53	51	krb5_octet zero_octet = 0;
54	52	krb5_checksum safe_checksum;
55		krb5_data scratch1, scratch2;
	53	krb5_data *der_krbsafe;
56	54
57	55	if (sumtype && !krb5_c_valid_cksumtype(sumtype))
58	56	return KRB5_PROG_SUMTYPE_NOSUPP;

60	58	return KRB5KRB_AP_ERR_INAPP_CKSUM;
61	59
62	60	safemsg.user_data = *userdata;
63		safemsg.s_address = (krb5_address *) local_addr;
64		safemsg.r_address = (krb5_address *) remote_addr;
	61	safemsg.s_address = local_addr;
	62	safemsg.r_address = remote_addr;
	63	safemsg.timestamp = rdata->timestamp;
	64	safemsg.usec = rdata->usec;
	65	safemsg.seq_number = rdata->seq;
65	66
66		/* We should check too make sure one exists. */
67		safemsg.timestamp = replaydata->timestamp;
68		safemsg.usec = replaydata->usec;
69		safemsg.seq_number = replaydata->seq;
70
71		/*
72		* To do the checksum stuff, we need to encode the message with a
73		* zero-length zero-type checksum, then checksum the encoding, then
74		* re-encode with the checksum.
75		*/
76
	67	/* Encode the message with a zero-length zero-type checksum. */
77	68	safe_checksum.length = 0;
78	69	safe_checksum.checksum_type = 0;
79	70	safe_checksum.contents = &zero_octet;
	71	safemsg.checksum = &safe_checksum;
	72	ret = encode_krb5_safe(&safemsg, &der_krbsafe);
	73	if (ret)
	74	return ret;
80	75
	76	/* Checksum the encoding. */
	77	ret = krb5_k_make_checksum(context, sumtype, key,
	78	KRB5_KEYUSAGE_KRB_SAFE_CKSUM, der_krbsafe,
	79	&safe_checksum);
	80	zapfreedata(der_krbsafe);
	81	if (ret)
	82	return ret;
	83
	84	/* Encode the message again with the real checksum. */
81	85	safemsg.checksum = &safe_checksum;
	86	ret = encode_krb5_safe(&safemsg, &der_krbsafe);
	87	if (ret) {
	88	krb5_free_checksum_contents(context, &safe_checksum);
	89	return ret;
	90	}
82	91
83		if ((retval = encode_krb5_safe(&safemsg, &scratch1)))
84		return retval;
85
86		if ((retval = krb5_k_make_checksum(context, sumtype, key,
87		KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
88		scratch1, &safe_checksum)))
89		goto cleanup_checksum;
90
91		safemsg.checksum = &safe_checksum;
92		if ((retval = encode_krb5_safe(&safemsg, &scratch2))) {
93		goto cleanup_checksum;
94		}
95		outbuf = scratch2;
96		free(scratch2);
97		retval = 0;
98
99		cleanup_checksum:
100		free(safe_checksum.contents);
101
102		memset(scratch1->data, 0, scratch1->length);
103		krb5_free_data(context, scratch1);
104		return retval;
	92	der_out = der_krbsafe;
	93	free(der_krbsafe);
	94	*cksum_out = safe_checksum;
	95	return 0;
105	96	}
106	97
107	98	/* Return the checksum type for the KRB-SAFE message, or 0 to use the enctype's

110	101	safe_cksumtype(krb5_context context, krb5_auth_context auth_context,
111	102	krb5_enctype enctype)
112	103	{
113		krb5_error_code retval;
	104	krb5_error_code ret;
114	105	unsigned int nsumtypes, i;
115	106	krb5_cksumtype *sumtypes;
116	107
117	108	/* Use the auth context's safe_cksumtype if it is valid for the enctype.
118	109	* Otherwise return 0 for the mandatory checksum. */
119		retval = krb5_c_keyed_checksum_types(context, enctype, &nsumtypes,
120		&sumtypes);
121		if (retval != 0)
	110	ret = krb5_c_keyed_checksum_types(context, enctype, &nsumtypes, &sumtypes);
	111	if (ret != 0)
122	112	return 0;
123	113	for (i = 0; i < nsumtypes; i++) {
124	114	if (auth_context->safe_cksumtype == sumtypes[i])

129	119	}
130	120
131	121	krb5_error_code KRB5_CALLCONV
132		krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
133		const krb5_data userdata, krb5_data outbuf,
134		krb5_replay_data *outdata)
	122	krb5_mk_safe(krb5_context context, krb5_auth_context authcon,
	123	const krb5_data userdata, krb5_data der_out,
	124	krb5_replay_data *rdata_out)
135	125	{
136		krb5_error_code retval;
137		krb5_key key;
138		krb5_replay_data replaydata;
139		krb5_data buf = empty_data();
	126	krb5_error_code ret;
	127	krb5_key key;
	128	krb5_replay_data rdata;
	129	krb5_data der_krbsafe = empty_data();
	130	krb5_checksum cksum;
	131	krb5_address local_addr, remote_addr, lstorage, rstorage;
	132	krb5_cksumtype sumtype;
140	133
141		*outbuf = empty_data();
142
143		/* Clear replaydata block */
144		memset(&replaydata, 0, sizeof(krb5_replay_data));
145
146		/* Get key */
147		if ((key = auth_context->send_subkey) == NULL)
148		key = auth_context->key;
149
150		/* Get replay info */
151		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
152		(auth_context->rcache == NULL))
153		return KRB5_RC_REQUIRED;
154
155		if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
156		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
157		(outdata == NULL))
158		/* Need a better error */
159		return KRB5_RC_REQUIRED;
160
161		if (!auth_context->local_addr)
	134	*der_out = empty_data();
	135	memset(&cksum, 0, sizeof(cksum));
	136	memset(&lstorage, 0, sizeof(lstorage));
	137	memset(&rstorage, 0, sizeof(rstorage));
	138	if (authcon->local_addr == NULL)
162	139	return KRB5_LOCAL_ADDR_REQUIRED;
163	140
164		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) \|\|
165		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
166		if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
167		&replaydata.usec)))
168		return retval;
169		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
170		outdata->timestamp = replaydata.timestamp;
171		outdata->usec = replaydata.usec;
172		}
173		}
174		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
175		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
176		replaydata.seq = auth_context->local_seq_number++;
177		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
178		outdata->seq = replaydata.seq;
179		}
	141	ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
	142	if (ret)
	143	goto cleanup;
180	144
181		{
182		krb5_address * premote_fulladdr = NULL;
183		krb5_address * plocal_fulladdr;
184		krb5_address remote_fulladdr;
185		krb5_address local_fulladdr;
186		krb5_cksumtype sumtype;
	145	ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
	146	&local_addr, &remote_addr);
	147	if (ret)
	148	goto cleanup;
187	149
188		CLEANUP_INIT(2);
	150	key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
	151	sumtype = safe_cksumtype(context, authcon, key->keyblock.enctype);
	152	ret = create_krbsafe(context, userdata, key, &rdata, local_addr,
	153	remote_addr, sumtype, &der_krbsafe, &cksum);
	154	if (ret)
	155	goto cleanup;
189	156
190		if (auth_context->local_port) {
191		if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
192		auth_context->local_port,
193		&local_fulladdr))){
194		CLEANUP_PUSH(local_fulladdr.contents, free);
195		plocal_fulladdr = &local_fulladdr;
196		} else {
197		goto error;
198		}
199		} else {
200		plocal_fulladdr = auth_context->local_addr;
201		}
	157	ret = k5_privsafe_check_replay(context, authcon, NULL, NULL, &cksum);
	158	if (ret)
	159	goto cleanup;
202	160
203		if (auth_context->remote_addr) {
204		if (auth_context->remote_port) {
205		if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
206		auth_context->remote_port,
207		&remote_fulladdr))){
208		CLEANUP_PUSH(remote_fulladdr.contents, free);
209		premote_fulladdr = &remote_fulladdr;
210		} else {
211		CLEANUP_DONE();
212		goto error;
213		}
214		} else {
215		premote_fulladdr = auth_context->remote_addr;
216		}
217		}
	161	*der_out = der_krbsafe;
	162	der_krbsafe = empty_data();
	163	if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
	164	(authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
	165	authcon->local_seq_number++;
218	166
219		sumtype = safe_cksumtype(context, auth_context, key->keyblock.enctype);
220		if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
221		plocal_fulladdr, premote_fulladdr,
222		sumtype, &buf))) {
223		CLEANUP_DONE();
224		goto error;
225		}
226
227		CLEANUP_DONE();
228		}
229
230		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
231		krb5_donot_replay replay;
232
233		if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
234		"_safe", &replay.client)))
235		goto error;
236
237		replay.server = ""; /* XXX */
238		replay.msghash = NULL;
239		replay.cusec = replaydata.usec;
240		replay.ctime = replaydata.timestamp;
241		/* should we really error out here? XXX */
242		if ((retval = krb5_rc_store(context, auth_context->rcache, &replay)))
243		goto error;
244		free(replay.client);
245		}
246
247		*outbuf = buf;
248		return 0;
249
250		error:
251		krb5_free_data_contents(context, &buf);
252		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) \|\|
253		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
254		auth_context->local_seq_number--;
255
256		return retval;
	167	cleanup:
	168	krb5_free_data_contents(context, &der_krbsafe);
	169	krb5_free_checksum_contents(context, &cksum);
	170	free(lstorage.contents);
	171	free(rstorage.contents);
	172	return ret;
257	173	}

+42

-29

src/lib/krb5/krb/pac.c less more

398	398	return 0;
399	399	}
400	400
401		krb5_error_code
402		k5_pac_validate_client(krb5_context context,
403		const krb5_pac pac,
404		krb5_timestamp authtime,
405		krb5_const_principal principal,
406		krb5_boolean with_realm)
	401	krb5_error_code KRB5_CALLCONV
	402	krb5_pac_get_client_info(krb5_context context,
	403	const krb5_pac pac,
	404	krb5_timestamp *authtime_out,
	405	char **princname_out)
407	406	{
408	407	krb5_error_code ret;
409	408	krb5_data client_info;

412	411	krb5_timestamp pac_authtime;
413	412	krb5_ui_2 pac_princname_length;
414	413	int64_t pac_nt_authtime;
415		krb5_principal pac_principal;
416		int flags = 0;
	414
	415	if (authtime_out != NULL)
	416	*authtime_out = 0;
	417	*princname_out = NULL;
417	418
418	419	ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
419	420	&client_info);

441	442	if (ret != 0)
442	443	return ret;
443	444
444		/* Parse the UTF-8 name as an enterprise principal if we are matching
445		* against one; otherwise parse it as a regular principal. */
446		if (principal->type == KRB5_NT_ENTERPRISE_PRINCIPAL)
447		flags \|= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
448
449		if (with_realm)
450		flags \|= KRB5_PRINCIPAL_PARSE_REQUIRE_REALM;
451		else
452		flags \|= KRB5_PRINCIPAL_PARSE_NO_REALM;
453
454		ret = krb5_parse_name_flags(context, pac_princname, flags, &pac_principal);
	445	if (authtime_out != NULL)
	446	*authtime_out = pac_authtime;
	447	*princname_out = pac_princname;
	448
	449	return 0;
	450	}
	451
	452	krb5_error_code
	453	k5_pac_validate_client(krb5_context context,
	454	const krb5_pac pac,
	455	krb5_timestamp authtime,
	456	krb5_const_principal principal,
	457	krb5_boolean with_realm)
	458	{
	459	krb5_error_code ret;
	460	char pac_princname, princname;
	461	krb5_timestamp pac_authtime;
	462	int flags = 0;
	463
	464	ret = krb5_pac_get_client_info(context, pac, &pac_authtime,
	465	&pac_princname);
	466	if (ret != 0)
	467	return ret;
	468
	469	flags = KRB5_PRINCIPAL_UNPARSE_DISPLAY;
	470	if (!with_realm)
	471	flags \|= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
	472
	473	ret = krb5_unparse_name_flags(context, principal, flags, &princname);
455	474	if (ret != 0) {
456	475	free(pac_princname);
457	476	return ret;
458	477	}
459	478
	479	if (pac_authtime != authtime \|\| strcmp(pac_princname, princname) != 0)
	480	ret = KRB5KRB_AP_WRONG_PRINC;
	481
460	482	free(pac_princname);
461
462		if (pac_authtime != authtime \|\|
463		!krb5_principal_compare_flags(context,
464		pac_principal,
465		principal,
466		with_realm ? 0 :
467		KRB5_PRINCIPAL_COMPARE_IGNORE_REALM))
468		ret = KRB5KRB_AP_WRONG_PRINC;
469
470		krb5_free_principal(context, pac_principal);
	483	krb5_free_unparsed_name(context, princname);
471	484
472	485	return ret;
473	486	}

+127

-0

src/lib/krb5/krb/padata.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/krb/padata.c - utility functions for krb5_pa_data lists */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "k5-int.h"
	33
	34	krb5_pa_data *
	35	krb5int_find_pa_data(krb5_context context, krb5_pa_data const pa_list,
	36	krb5_preauthtype pa_type)
	37	{
	38	krb5_pa_data const pa;
	39
	40	for (pa = pa_list; pa != NULL && *pa != NULL; pa++) {
	41	if ((*pa)->pa_type == pa_type)
	42	return *pa;
	43	}
	44	return NULL;
	45	}
	46
	47	krb5_error_code
	48	k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out)
	49	{
	50	krb5_pa_data *pa;
	51	uint8_t *buf = NULL;
	52
	53	*out = NULL;
	54	if (len > 0) {
	55	buf = malloc(len);
	56	if (buf == NULL)
	57	return ENOMEM;
	58	}
	59	pa = malloc(sizeof(*pa));
	60	if (pa == NULL) {
	61	free(buf);
	62	return ENOMEM;
	63	}
	64	pa->magic = KV5M_PA_DATA;
	65	pa->pa_type = pa_type;
	66	pa->length = len;
	67	pa->contents = buf;
	68	*out = pa;
	69	return 0;
	70	}
	71
	72	void
	73	k5_free_pa_data_element(krb5_pa_data *pa)
	74	{
	75	if (pa != NULL) {
	76	free(pa->contents);
	77	free(pa);
	78	}
	79	}
	80
	81	krb5_error_code
	82	k5_add_pa_data_element(krb5_pa_data *list, krb5_pa_data pa)
	83	{
	84	size_t count;
	85	krb5_pa_data **newlist;
	86
	87	for (count = 0; list != NULL && (list)[count] != NULL; count++);
	88
	89	newlist = realloc(list, (count + 2) sizeof(*newlist));
	90	if (newlist == NULL)
	91	return ENOMEM;
	92	newlist[count] = *pa;
	93	newlist[count + 1] = NULL;
	94	*pa = NULL;
	95	*list = newlist;
	96	return 0;
	97	}
	98
	99	krb5_error_code
	100	k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
	101	krb5_data *data)
	102	{
	103	krb5_error_code ret;
	104	krb5_pa_data *pa;
	105
	106	ret = k5_alloc_pa_data(pa_type, 0, &pa);
	107	if (ret)
	108	return ret;
	109	pa->contents = (uint8_t *)data->data;
	110	pa->length = data->length;
	111	ret = k5_add_pa_data_element(list, &pa);
	112	if (ret) {
	113	free(pa);
	114	return ret;
	115	}
	116	*data = empty_data();
	117	return 0;
	118	}
	119
	120	krb5_error_code
	121	k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type)
	122	{
	123	krb5_data empty = empty_data();
	124
	125	return k5_add_pa_data_from_data(list, pa_type, &empty);
	126	}

+1

-1

src/lib/krb5/krb/parse_host_string.c less more

60	60	* address - The address string that should be parsed.
61	61	* default_port - The default port to use if no port is found.
62	62	* host_out - An output pointer for the parsed host, or NULL if no host was
63		* specified or an error occured. Must be freed.
	63	* specified or an error occurred. Must be freed.
64	64	* port_out - An output pointer for the parsed port. Will be 0 on error.
65	65	*
66	66	* Returns 0 on success, otherwise an error.

+2

-54

src/lib/krb5/krb/preauth2.c less more

878	878	return ENOMEM;
879	879	}
880	880
881		static krb5_error_code
882		add_s4u_x509_user_padata(krb5_context context, krb5_s4u_userid *userid,
883		krb5_principal client, krb5_pa_data ***out_pa_list,
884		int *out_pa_list_size)
885		{
886		krb5_pa_data *s4u_padata;
887		krb5_error_code code;
888		krb5_principal client_copy;
889
890		if (userid == NULL)
891		return EINVAL;
892		code = krb5_copy_principal(context, client, &client_copy);
893		if (code != 0)
894		return code;
895		krb5_free_principal(context, userid->user);
896		userid->user = client_copy;
897
898		if (userid->subject_cert.length != 0) {
899		s4u_padata = malloc(sizeof(*s4u_padata));
900		if (s4u_padata == NULL)
901		return ENOMEM;
902
903		s4u_padata->magic = KV5M_PA_DATA;
904		s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER;
905		s4u_padata->contents = k5memdup(userid->subject_cert.data,
906		userid->subject_cert.length, &code);
907		if (s4u_padata->contents == NULL) {
908		free(s4u_padata);
909		return code;
910		}
911		s4u_padata->length = userid->subject_cert.length;
912
913		code = grow_pa_list(out_pa_list, out_pa_list_size, &s4u_padata, 1);
914		if (code) {
915		free(s4u_padata->contents);
916		free(s4u_padata);
917		return code;
918		}
919		}
920
921		return 0;
922		}
923
924	881	/*
925	882	* If the module for pa_type can adjust its AS_REQ data using the contents of
926	883	* err and err_padata, return 0 with *padata_out set to a padata list for the

1016	973	*padata_out = NULL;
1017	974	*pa_type_out = KRB5_PADATA_NONE;
1018	975
1019		if (in_padata == NULL)
	976	/* We should never invoke preauth modules when identifying the realm. */
	977	if (in_padata == NULL \|\| ctx->identify_realm)
1020	978	return 0;
1021	979
1022	980	TRACE_PREAUTH_INPUT(context, in_padata);

1030	988	ret = copy_cookie(context, in_padata, &out_pa_list, &out_pa_list_size);
1031	989	if (ret)
1032	990	goto error;
1033
1034		if (krb5int_find_pa_data(context, in_padata,
1035		KRB5_PADATA_S4U_X509_USER) != NULL) {
1036		/* Fulfill a private contract with krb5_get_credentials_for_user. */
1037		ret = add_s4u_x509_user_padata(context, ctx->gak_data,
1038		ctx->request->client,
1039		&out_pa_list, &out_pa_list_size);
1040		if (ret)
1041		goto error;
1042		}
1043	991
1044	992	/* If we can't initialize the preauth context, stop with what we have. */
1045	993	k5_init_preauth_context(context);

+14

-51

src/lib/krb5/krb/preauth_sam2.c less more

94	94	krb5_prompt kprompt;
95	95	krb5_prompt_type prompt_type;
96	96	krb5_data defsalt, *salt;
97		struct gak_password *gakpw;
98	97	krb5_checksum **cksum;
99	98	krb5_data *scratch = NULL;
100	99	krb5_boolean valid_cksum = 0;

151	150
152	151	salt = ctx->default_salt ? NULL : &ctx->salt;
153	152	retval = ctx->gak_fct(context, request->client, sc2b->sam_etype,
154		prompter, prompter_data, &ctx->salt,
155		&ctx->s2kparams, &ctx->as_key,
156		ctx->gak_data, ctx->rctx.items);
	153	prompter, prompter_data, salt, &ctx->s2kparams,
	154	&ctx->as_key, ctx->gak_data, ctx->rctx.items);
157	155	if (retval) {
158	156	krb5_free_sam_challenge_2(context, sc2);
159	157	krb5_free_sam_challenge_2_body(context, sc2b);

211	209
212	210	/* Get encryption key to be used for checksum and sam_response */
213	211	if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
214		/* as_key = string_to_key(password) */
215
216		if (ctx->as_key.length) {
217		krb5_free_keyblock_contents(context, &ctx->as_key);
218		ctx->as_key.length = 0;
219		}
220
221		/* generate a key using the supplied password */
222		gakpw = ctx->gak_data;
223		retval = krb5_c_string_to_key(context, sc2b->sam_etype,
224		gakpw->password, salt, &ctx->as_key);
225
226		if (retval) {
227		krb5_free_sam_challenge_2(context, sc2);
228		krb5_free_sam_challenge_2_body(context, sc2b);
229		if (defsalt.length) free(defsalt.data);
230		return(retval);
231		}
232
233		if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
234		/* as_key = combine_key (as_key, string_to_key(SAD)) */
235		krb5_keyblock tmp_kb;
236
237		retval = krb5_c_string_to_key(context, sc2b->sam_etype,
238		&response_data, salt, &tmp_kb);
239
240		if (retval) {
241		krb5_free_sam_challenge_2(context, sc2);
242		krb5_free_sam_challenge_2_body(context, sc2b);
243		if (defsalt.length) free(defsalt.data);
244		return(retval);
245		}
246
247		/* This should be a call to the crypto library some day */
248		/* key types should already match the sam_etype */
249		retval = krb5int_c_combine_keys(context, &ctx->as_key, &tmp_kb,
250		&ctx->as_key);
251
252		if (retval) {
253		krb5_free_sam_challenge_2(context, sc2);
254		krb5_free_sam_challenge_2_body(context, sc2b);
255		if (defsalt.length) free(defsalt.data);
256		return(retval);
257		}
258		krb5_free_keyblock_contents(context, &tmp_kb);
259		}
260
	212	/* Retain as_key from above gak_fct call. */
261	213	if (defsalt.length)
262	214	free(defsalt.data);
263	215
	216	if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
	217	/*
	218	* If no flags are set, the protocol calls for us to combine the
	219	* initial reply key with the SAD, using a method which is only
	220	* specified for DES and 3DES enctypes. We no longer support this
	221	* case.
	222	*/
	223	krb5_free_sam_challenge_2(context, sc2);
	224	krb5_free_sam_challenge_2_body(context, sc2b);
	225	return(KRB5_SAM_UNSUPPORTED);
	226	}
264	227	} else {
265	228	/* as_key = string_to_key(SAD) */
266	229

+133

-21

src/lib/krb5/krb/privsafe.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1	1	/* lib/krb5/krb/privsafe.c - Shared logic for KRB-SAFE and KRB-PRIV messages */
2	2	/*
3		* Copyright (C) 2011 by the Massachusetts Institute of Technology.
	3	* Copyright (C) 2011,2019 by the Massachusetts Institute of Technology.
4	4	* All rights reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"
27	33	#include "int-proto.h"
28	34	#include "auth_con.h"
	35
	36	krb5_error_code
	37	k5_privsafe_gen_rdata(krb5_context context, krb5_auth_context authcon,
	38	krb5_replay_data rdata, krb5_replay_data caller_rdata)
	39	{
	40	krb5_error_code ret;
	41	krb5_int32 flags = authcon->auth_context_flags;
	42	krb5_boolean do_time = !!(flags & KRB5_AUTH_CONTEXT_DO_TIME);
	43	krb5_boolean do_sequence = !!(flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE);
	44	krb5_boolean ret_time = !!(flags & KRB5_AUTH_CONTEXT_RET_TIME);
	45	krb5_boolean ret_sequence = !!(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE);
	46
	47	memset(rdata, 0, sizeof(*rdata));
	48	if ((ret_time \|\| ret_sequence) && caller_rdata == NULL)
	49	return KRB5_RC_REQUIRED;
	50
	51	if (do_time \|\| ret_time) {
	52	ret = krb5_us_timeofday(context, &rdata->timestamp, &rdata->usec);
	53	if (ret)
	54	return ret;
	55	if (ret_time) {
	56	caller_rdata->timestamp = rdata->timestamp;
	57	caller_rdata->usec = rdata->usec;
	58	}
	59	}
	60	if (do_sequence \|\| ret_sequence) {
	61	rdata->seq = authcon->local_seq_number;
	62	if (ret_sequence)
	63	caller_rdata->seq = rdata->seq;
	64	}
	65
	66	return 0;
	67	}
	68
	69	krb5_error_code
	70	k5_privsafe_gen_addrs(krb5_context context, krb5_auth_context authcon,
	71	krb5_address lstorage, krb5_address rstorage,
	72	krb5_address local_out, krb5_address remote_out)
	73	{
	74	krb5_error_code ret;
	75
	76	*local_out = NULL;
	77	*remote_out = NULL;
	78
	79	if (authcon->local_addr != NULL) {
	80	if (authcon->local_port != NULL) {
	81	ret = krb5_make_fulladdr(context, authcon->local_addr,
	82	authcon->local_port, lstorage);
	83	if (ret)
	84	return ret;
	85	*local_out = lstorage;
	86	} else {
	87	*local_out = authcon->local_addr;
	88	}
	89	}
	90
	91	if (authcon->remote_addr != NULL) {
	92	if (authcon->remote_port != NULL) {
	93	ret = krb5_make_fulladdr(context, authcon->remote_addr,
	94	authcon->remote_port, rstorage);
	95	if (ret)
	96	return ret;
	97	*remote_out = rstorage;
	98	} else {
	99	*remote_out = authcon->remote_addr;
	100	}
	101	}
	102
	103	return 0;
	104	}
	105
	106	krb5_error_code
	107	k5_privsafe_check_replay(krb5_context context, krb5_auth_context authcon,
	108	const krb5_replay_data *rdata,
	109	const krb5_enc_data enc, const krb5_checksum cksum)
	110	{
	111	krb5_error_code ret;
	112	krb5_data tag;
	113
	114	assert(enc != NULL \|\| cksum != NULL);
	115
	116	if (!(authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME))
	117	return 0;
	118
	119	if (rdata != NULL) {
	120	ret = krb5_check_clockskew(context, rdata->timestamp);
	121	if (ret)
	122	return ret;
	123	}
	124
	125	if (enc != NULL) {
	126	ret = k5_rc_tag_from_ciphertext(context, enc, &tag);
	127	if (ret)
	128	return ret;
	129	} else {
	130	tag = make_data(cksum->contents, cksum->length);
	131	}
	132
	133	if (authcon->memrcache == NULL) {
	134	ret = k5_memrcache_create(context, &authcon->memrcache);
	135	if (ret)
	136	return ret;
	137	}
	138
	139	return k5_memrcache_store(context, authcon->memrcache, &tag);
	140	}
29	141
30	142	/*
31	143	* k5_privsafe_check_seqnum

79	191	* There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous
80	192	* initial Heimdal counter values, but we receive them as one of 2^23
81	193	* possible values. There is a ~1/256 chance of a Heimdal
82		* implementation sending an intial sequence number in the ambiguous
	194	* implementation sending an initial sequence number in the ambiguous
83	195	* range.
84	196	*
85	197	* We have to do special treatment when receiving sequence numbers

169	281	}
170	282
171	283	/*
172		* Magic wraparound for the case where the intial sequence number
	284	* Magic wraparound for the case where the initial sequence number
173	285	* is in the ambiguous range. This means that the sender's
174	286	* counter is at a different count than ours, so we correct ours,
175	287	* and mark the sender as being a broken Heimdal implementation.

+31

-43

src/lib/krb5/krb/rd_cred.c less more

3	3	* Copyright 1994-2009,2014 by the Massachusetts Institute of Technology.
4	4	* All Rights Reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"
27		#include "cleanup.h"
	33	#include "int-proto.h"
28	34	#include "auth_con.h"
29
30		#include <stdlib.h>
31		#include <errno.h>
32	35
33	36	/*
34	37	* Decrypt and decode the enc_part of a krb5_cred using the receiving subkey or
35	38	* the session key of authcon. If neither key is present, ctext->ciphertext is
36		* assumed to be unencrypted plain text.
	39	* assumed to be unencrypted plain text (RFC 6448).
37	40	*/
38	41	static krb5_error_code
39	42	decrypt_encpart(krb5_context context, krb5_enc_data *ctext,

144	147	krb5_creds **credlist = NULL;
145	148	krb5_cred *krbcred = NULL;
146	149	krb5_cred_enc_part *encpart = NULL;
147		krb5_donot_replay replay;
	150	krb5_replay_data rdata;
148	151	const krb5_int32 flags = authcon->auth_context_flags;
149	152
150	153	*creds_out = NULL;

154	157	replaydata_out == NULL)
155	158	return KRB5_RC_REQUIRED;
156	159
157		if ((flags & KRB5_AUTH_CONTEXT_DO_TIME) && authcon->rcache == NULL)
158		return KRB5_RC_REQUIRED;
159
160	160	ret = decode_krb5_cred(creddata, &krbcred);
161	161	if (ret)
162	162	goto cleanup;

169	169	if (ret)
170	170	goto cleanup;
171	171
172		if (flags & KRB5_AUTH_CONTEXT_DO_TIME) {
173		ret = krb5_check_clockskew(context, encpart->timestamp);
174		if (ret)
175		goto cleanup;
176
177		ret = krb5_gen_replay_name(context, authcon->remote_addr, "_forw",
178		&replay.client);
179		if (ret)
180		goto cleanup;
181
182		replay.server = "";
183		replay.msghash = NULL;
184		replay.cusec = encpart->usec;
185		replay.ctime = encpart->timestamp;
186		ret = krb5_rc_store(context, authcon->rcache, &replay);
187		free(replay.client);
	172	if (authcon->recv_subkey != NULL \|\| authcon->key != NULL) {
	173	rdata.timestamp = encpart->timestamp;
	174	ret = k5_privsafe_check_replay(context, authcon, &rdata,
	175	&krbcred->enc_part, NULL);
188	176	if (ret)
189	177	goto cleanup;
190	178	}

+109

-147

src/lib/krb5/krb/rd_priv.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/krb/rd_priv.c */
	1	/* lib/krb5/krb/rd_priv.c - krb5_rd_priv() */
2	2	/*
3		* Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
	3	* Copyright 1990,1991,2007,2019 by the Massachusetts Institute of Technology.
4	4	* All Rights Reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
10	9	*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"

28	34	#include "auth_con.h"
29	35
30	36	/*
	37	* Unmarshal a KRB-PRIV message from der_krbpriv, placing the confidential user
	38	* data in userdata_out, ciphertext in enc_out, and replay data in
	39	* rdata_out. The caller should free userdata_out and *enc_out when
	40	* finished.
	41	*/
	42	static krb5_error_code
	43	read_krbpriv(krb5_context context, krb5_auth_context authcon,
	44	const krb5_data *der_krbpriv, const krb5_key key,
	45	krb5_replay_data rdata_out, krb5_data userdata_out,
	46	krb5_enc_data *enc_out)
	47	{
	48	krb5_error_code ret;
	49	krb5_priv *privmsg = NULL;
	50	krb5_data plaintext = empty_data();
	51	krb5_priv_enc_part *encpart = NULL;
	52	krb5_data *cstate;
31	53
32		Parses a KRB_PRIV message from inbuf, placing the confidential user
33		data in *outbuf.
34
35		key specifies the key to be used for decryption of the message.
36
37		outbuf points to allocated storage which the caller should
38		free when finished.
39
40		Returns system errors, integrity errors.
41
42		*/
43
44		static krb5_error_code
45		rd_priv_basic(krb5_context context, krb5_auth_context ac,
46		const krb5_data *inbuf, const krb5_key key,
47		krb5_replay_data replaydata, krb5_data outbuf)
48		{
49		krb5_error_code retval;
50		krb5_priv * privmsg;
51		krb5_data scratch;
52		krb5_priv_enc_part * privmsg_enc_part;
53		krb5_data *iv = NULL;
54
55		if (!krb5_is_krb_priv(inbuf))
	54	if (!krb5_is_krb_priv(der_krbpriv))
56	55	return KRB5KRB_AP_ERR_MSG_TYPE;
57	56
58	57	/* decode private message */
59		if ((retval = decode_krb5_priv(inbuf, &privmsg)))
60		return retval;
	58	ret = decode_krb5_priv(der_krbpriv, &privmsg);
	59	if (ret)
	60	return ret;
61	61
62		if (ac->cstate.length > 0)
63		iv = &ac->cstate;
	62	ret = alloc_data(&plaintext, privmsg->enc_part.ciphertext.length);
	63	if (ret)
	64	goto cleanup;
64	65
65		scratch.length = privmsg->enc_part.ciphertext.length;
66		if (!(scratch.data = malloc(scratch.length))) {
67		retval = ENOMEM;
68		goto cleanup_privmsg;
69		}
	66	cstate = (authcon->cstate.length > 0) ? &authcon->cstate : NULL;
	67	ret = krb5_k_decrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART, cstate,
	68	&privmsg->enc_part, &plaintext);
	69	if (ret)
	70	goto cleanup;
70	71
71		if ((retval = krb5_k_decrypt(context, key,
72		KRB5_KEYUSAGE_KRB_PRIV_ENCPART, iv,
73		&privmsg->enc_part, &scratch)))
74		goto cleanup_scratch;
	72	ret = decode_krb5_enc_priv_part(&plaintext, &encpart);
	73	if (ret)
	74	goto cleanup;
75	75
76		/* now decode the decrypted stuff */
77		if ((retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part)))
78		goto cleanup_scratch;
	76	ret = k5_privsafe_check_addrs(context, authcon, encpart->s_address,
	77	encpart->r_address);
	78	if (ret)
	79	goto cleanup;
79	80
80		retval = k5_privsafe_check_addrs(context, ac, privmsg_enc_part->s_address,
81		privmsg_enc_part->r_address);
82		if (retval)
83		goto cleanup_data;
	81	rdata_out->timestamp = encpart->timestamp;
	82	rdata_out->usec = encpart->usec;
	83	rdata_out->seq = encpart->seq_number;
84	84
85		replaydata->timestamp = privmsg_enc_part->timestamp;
86		replaydata->usec = privmsg_enc_part->usec;
87		replaydata->seq = privmsg_enc_part->seq_number;
	85	*userdata_out = encpart->user_data;
	86	encpart->user_data.data = NULL;
88	87
89		/* everything is ok - return data to the user */
90		*outbuf = privmsg_enc_part->user_data;
91		retval = 0;
	88	*enc_out = privmsg->enc_part;
	89	memset(&privmsg->enc_part, 0, sizeof(privmsg->enc_part));
92	90
93		cleanup_data:;
94		if (retval == 0)
95		privmsg_enc_part->user_data.data = 0;
96		krb5_free_priv_enc_part(context, privmsg_enc_part);
97
98		cleanup_scratch:;
99		memset(scratch.data, 0, scratch.length);
100		free(scratch.data);
101
102		cleanup_privmsg:;
103		free(privmsg->enc_part.ciphertext.data);
104		free(privmsg);
105
106		return retval;
	91	cleanup:
	92	krb5_free_priv_enc_part(context, encpart);
	93	krb5_free_priv(context, privmsg);
	94	zapfree(plaintext.data, plaintext.length);
	95	return ret;
107	96	}
108	97
109	98	krb5_error_code KRB5_CALLCONV
110		krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
111		const krb5_data inbuf, krb5_data outbuf,
112		krb5_replay_data *outdata)
	99	krb5_rd_priv(krb5_context context, krb5_auth_context authcon,
	100	const krb5_data inbuf, krb5_data userdata_out,
	101	krb5_replay_data *rdata_out)
113	102	{
114		krb5_error_code retval;
115		krb5_key key;
116		krb5_replay_data replaydata;
	103	krb5_error_code ret;
	104	krb5_key key;
	105	krb5_replay_data rdata;
	106	krb5_enc_data enc;
	107	krb5_data userdata = empty_data();
	108	const krb5_int32 flags = authcon->auth_context_flags;
117	109
118		/* Get key */
119		if ((key = auth_context->recv_subkey) == NULL)
120		key = auth_context->key;
	110	*userdata_out = empty_data();
	111	memset(&enc, 0, sizeof(enc));
121	112
122		if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
123		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
124		(outdata == NULL))
125		/* Need a better error */
	113	if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
	114	(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
126	115	return KRB5_RC_REQUIRED;
127	116
128		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
129		(auth_context->remote_addr == NULL))
130		return KRB5_REMOTE_ADDR_REQUIRED;
	117	key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
	118	memset(&rdata, 0, sizeof(rdata));
	119	ret = read_krbpriv(context, authcon, inbuf, key, &rdata, &userdata, &enc);
	120	if (ret)
	121	goto cleanup;
131	122
132		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
133		(auth_context->rcache == NULL))
134		return KRB5_RC_REQUIRED;
	123	ret = k5_privsafe_check_replay(context, authcon, &rdata, &enc, NULL);
	124	if (ret)
	125	goto cleanup;
135	126
136		memset(&replaydata, 0, sizeof(replaydata));
137		retval = rd_priv_basic(context, auth_context, inbuf, key, &replaydata,
138		outbuf);
139		if (retval)
140		return retval;
141
142		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
143		krb5_donot_replay replay;
144
145		if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
146		goto error;
147
148		if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
149		"_priv", &replay.client)))
150		goto error;
151
152		replay.server = ""; /* XXX */
153		replay.msghash = NULL;
154		replay.cusec = replaydata.usec;
155		replay.ctime = replaydata.timestamp;
156		if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
157		free(replay.client);
158		goto error;
	127	if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
	128	if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
	129	ret = KRB5KRB_AP_ERR_BADORDER;
	130	goto cleanup;
159	131	}
160		free(replay.client);
	132	authcon->remote_seq_number++;
161	133	}
162	134
163		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
164		if (!k5_privsafe_check_seqnum(context, auth_context, replaydata.seq)) {
165		retval = KRB5KRB_AP_ERR_BADORDER;
166		goto error;
167		}
168		auth_context->remote_seq_number++;
	135	if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
	136	(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
	137	rdata_out->timestamp = rdata.timestamp;
	138	rdata_out->usec = rdata.usec;
	139	rdata_out->seq = rdata.seq;
169	140	}
170	141
171		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
172		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
173		outdata->timestamp = replaydata.timestamp;
174		outdata->usec = replaydata.usec;
175		outdata->seq = replaydata.seq;
176		}
	142	*userdata_out = userdata;
	143	userdata = empty_data();
177	144
178		/* everything is ok - return data to the user */
179		return 0;
180
181		error:;
182		free(outbuf->data);
183		outbuf->length = 0;
184		outbuf->data = NULL;
185
186		return retval;
	145	cleanup:
	146	krb5_free_data_contents(context, &enc.ciphertext);
	147	krb5_free_data_contents(context, &userdata);
	148	return ret;
187	149	}

+14

-29

src/lib/krb5/krb/rd_req_dec.c less more

513	513
514	514	/* Get an rcache if necessary. */
515	515	if (((*auth_context)->rcache == NULL) &&
516		((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
517		server != NULL && server->length > 0) {
518		retval = krb5_get_server_rcache(context, &server->data[0],
519		&(*auth_context)->rcache);
	516	((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)) {
	517	retval = k5_rc_default(context, &(*auth_context)->rcache);
520	518	if (retval)
521	519	goto cleanup;
522	520	}

565	563	{
566	564	krb5_data * realm;
567	565	krb5_transited * trans;
	566	krb5_flags flags;
568	567
569	568	realm = &req->ticket->enc_part2->client->realm;
570	569	trans = &(req->ticket->enc_part2->transited);
	570	flags = req->ticket->enc_part2->flags;
571	571
572	572	/*
573		* If the transited list is not empty, then check that all realms
574		* transited are within the hierarchy between the client's realm
575		* and the local realm.
	573	* If the transited list is not empty and the KDC hasn't checked it,
	574	* then check that all realms transited are within the hierarchy
	575	* between the client's realm and the local realm.
576	576	*/
577		if (trans->tr_contents.length > 0 && trans->tr_contents.data[0]) {
	577	if (!(flags & TKT_FLG_TRANSIT_POLICY_CHECKED) &&
	578	trans->tr_contents.length > 0 && trans->tr_contents.data[0]) {
578	579	retval = krb5_check_transited_list(context, &(trans->tr_contents),
579	580	realm, &server->realm);
580	581	}

587	588	/* only check rcache if sender has provided one---some services
588	589	may not be able to use replay caches (such as datagram servers) */
589	590
590		if ((*auth_context)->rcache) {
591		krb5_donot_replay rep;
592		krb5_tkt_authent tktauthent;
593
594		tktauthent.ticket = req->ticket;
595		tktauthent.authenticator = (*auth_context)->authentp;
596		if (!(retval = krb5_auth_to_rep(context, &tktauthent, &rep))) {
597		retval = krb5_rc_hash_message(context,
598		&req->authenticator.ciphertext,
599		&rep.msghash);
600		if (!retval) {
601		retval = krb5_rc_store(context, (*auth_context)->rcache, &rep);
602		free(rep.msghash);
603		}
604		free(rep.server);
605		free(rep.client);
606		}
607
	591	if ((*auth_context)->rcache != NULL) {
	592	retval = k5_rc_store(context, (*auth_context)->rcache,
	593	&req->authenticator);
608	594	if (retval)
609	595	goto cleanup;
610	596	}

863	849	if (permitted == FALSE) {
864	850	char enctype_name[30];
865	851
866		if (krb5_enctype_to_string(desired_etypes[i],
867		enctype_name,
868		sizeof(enctype_name)) == 0)
	852	if (krb5_enctype_to_name(desired_etypes[i], FALSE, enctype_name,
	853	sizeof(enctype_name)) == 0)
869	854	k5_setmsg(context, KRB5_NOPERM_ETYPE,
870	855	_("Encryption type %s not permitted"), enctype_name);
871	856	return KRB5_NOPERM_ETYPE;

+122

-154

src/lib/krb5/krb/rd_safe.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/krb/rd_safe.c - definition of krb5_rd_safe() */
	1	/* lib/krb5/krb/rd_safe.c - krb5_rd_safe() */
2	2	/*
3		* Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
	3	* Copyright 1990,1991,2007,2008,2019 by the Massachusetts Institute of
	4	* Technology. All Rights Reserved.
5	5	*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
10	9	*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
24	30	*/
25	31
26	32	#include "k5-int.h"
27	33	#include "int-proto.h"
28		#include "cleanup.h"
29	34	#include "auth_con.h"
30	35
31	36	/*
32		parses a KRB_SAFE message from inbuf, placing the integrity-protected user
33		data in *outbuf.
34
35		key specifies the key to be used for decryption of the message.
36
37		outbuf points to allocated storage which the caller should free when finished.
38
39		returns system errors, integrity errors
40		*/
	37	* Unmarshal a KRB-SAFE message from der_krbsafe, placing the
	38	* integrity-protected user data in userdata_out, replay data in rdata_out,
	39	* and checksum in cksum_out. The caller should free userdata_out and
	40	* *cksum_out when finished.
	41	*/
41	42	static krb5_error_code
42		rd_safe_basic(krb5_context context, krb5_auth_context ac,
43		const krb5_data *inbuf, krb5_key key,
44		krb5_replay_data replaydata, krb5_data outbuf)
	43	read_krbsafe(krb5_context context, krb5_auth_context ac,
	44	const krb5_data *der_krbsafe, krb5_key key,
	45	krb5_replay_data rdata_out, krb5_data userdata_out,
	46	krb5_checksum **cksum_out)
45	47	{
46		krb5_error_code retval;
47		krb5_safe * message;
48		krb5_data *safe_body = NULL;
49		krb5_checksum our_cksum, *his_cksum;
	48	krb5_error_code ret;
	49	krb5_safe *krbsafe;
	50	krb5_data safe_body = NULL, der_zerosafe = NULL;
	51	krb5_checksum zero_cksum, *safe_cksum = NULL;
50	52	krb5_octet zero_octet = 0;
51		krb5_data *scratch;
52	53	krb5_boolean valid;
53	54	struct krb5_safe_with_body swb;
54	55
55		if (!krb5_is_krb_safe(inbuf))
	56	*userdata_out = empty_data();
	57	*cksum_out = NULL;
	58	if (!krb5_is_krb_safe(der_krbsafe))
56	59	return KRB5KRB_AP_ERR_MSG_TYPE;
57	60
58		if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body)))
59		return retval;
	61	ret = decode_krb5_safe_with_body(der_krbsafe, &krbsafe, &safe_body);
	62	if (ret)
	63	return ret;
60	64
61		if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) {
62		retval = KRB5_PROG_SUMTYPE_NOSUPP;
	65	if (!krb5_c_valid_cksumtype(krbsafe->checksum->checksum_type)) {
	66	ret = KRB5_PROG_SUMTYPE_NOSUPP;
63	67	goto cleanup;
64	68	}
65		if (!krb5_c_is_coll_proof_cksum(message->checksum->checksum_type) \|\|
66		!krb5_c_is_keyed_cksum(message->checksum->checksum_type)) {
67		retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
	69	if (!krb5_c_is_coll_proof_cksum(krbsafe->checksum->checksum_type) \|\|
	70	!krb5_c_is_keyed_cksum(krbsafe->checksum->checksum_type)) {
	71	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
68	72	goto cleanup;
69	73	}
70	74
71		retval = k5_privsafe_check_addrs(context, ac, message->s_address,
72		message->r_address);
73		if (retval)
	75	ret = k5_privsafe_check_addrs(context, ac, krbsafe->s_address,
	76	krbsafe->r_address);
	77	if (ret)
74	78	goto cleanup;
75	79
76		/* verify the checksum */
77		/*
78		* In order to recreate what was checksummed, we regenerate the message
79		* without checksum and then have the cryptographic subsystem verify
80		* the checksum for us. This is because some checksum methods have
81		* a confounder encrypted as part of the checksum.
82		*/
83		his_cksum = message->checksum;
84
85		our_cksum.length = 0;
86		our_cksum.checksum_type = 0;
87		our_cksum.contents = &zero_octet;
88
89		message->checksum = &our_cksum;
90
	80	/* Regenerate the KRB-SAFE message without the checksum. Save the message
	81	* checksum to verify. */
	82	safe_cksum = krbsafe->checksum;
	83	zero_cksum.length = 0;
	84	zero_cksum.checksum_type = 0;
	85	zero_cksum.contents = &zero_octet;
	86	krbsafe->checksum = &zero_cksum;
91	87	swb.body = safe_body;
92		swb.safe = message;
93		retval = encode_krb5_safe_with_body(&swb, &scratch);
94		message->checksum = his_cksum;
95		if (retval)
	88	swb.safe = krbsafe;
	89	ret = encode_krb5_safe_with_body(&swb, &der_zerosafe);
	90	krbsafe->checksum = NULL;
	91	if (ret)
96	92	goto cleanup;
97	93
98		retval = krb5_k_verify_checksum(context, key,
99		KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
100		scratch, his_cksum, &valid);
101
102		(void) memset(scratch->data, 0, scratch->length);
103		krb5_free_data(context, scratch);
104
	94	/* Verify the checkum over the re-encoded message. */
	95	ret = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
	96	der_zerosafe, safe_cksum, &valid);
105	97	if (!valid) {
106		/*
107		* Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
108		* case someone actually implements it correctly.
109		*/
110		retval = krb5_k_verify_checksum(context, key,
111		KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
112		safe_body, his_cksum, &valid);
	98	/* Checksum over only the KRB-SAFE-BODY as specified in RFC 1510. */
	99	ret = krb5_k_verify_checksum(context, key,
	100	KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
	101	safe_body, safe_cksum, &valid);
113	102	if (!valid) {
114		retval = KRB5KRB_AP_ERR_MODIFIED;
	103	ret = KRB5KRB_AP_ERR_MODIFIED;
115	104	goto cleanup;
116	105	}
117	106	}
118	107
119		replaydata->timestamp = message->timestamp;
120		replaydata->usec = message->usec;
121		replaydata->seq = message->seq_number;
	108	rdata_out->timestamp = krbsafe->timestamp;
	109	rdata_out->usec = krbsafe->usec;
	110	rdata_out->seq = krbsafe->seq_number;
122	111
123		*outbuf = message->user_data;
124		message->user_data.data = NULL;
125		retval = 0;
	112	*userdata_out = krbsafe->user_data;
	113	krbsafe->user_data.data = NULL;
	114
	115	*cksum_out = safe_cksum;
	116	safe_cksum = NULL;
126	117
127	118	cleanup:
128		krb5_free_safe(context, message);
	119	zapfreedata(der_zerosafe);
129	120	krb5_free_data(context, safe_body);
130		return retval;
	121	krb5_free_safe(context, krbsafe);
	122	krb5_free_checksum(context, safe_cksum);
	123	return ret;
131	124	}
132	125
133	126	krb5_error_code KRB5_CALLCONV
134		krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
135		const krb5_data inbuf, krb5_data outbuf,
136		krb5_replay_data *outdata)
	127	krb5_rd_safe(krb5_context context, krb5_auth_context authcon,
	128	const krb5_data inbuf, krb5_data userdata_out,
	129	krb5_replay_data *rdata_out)
137	130	{
138		krb5_error_code retval;
139		krb5_key key;
140		krb5_replay_data replaydata;
	131	krb5_error_code ret;
	132	krb5_key key;
	133	krb5_replay_data rdata;
	134	krb5_data userdata = empty_data();
	135	krb5_checksum *cksum;
	136	const krb5_int32 flags = authcon->auth_context_flags;
141	137
142		if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
143		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
144		(outdata == NULL))
145		/* Need a better error */
	138	*userdata_out = empty_data();
	139
	140	if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
	141	(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
146	142	return KRB5_RC_REQUIRED;
147	143
148		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
149		(auth_context->remote_addr == NULL))
150		return KRB5_REMOTE_ADDR_REQUIRED;
	144	key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
	145	memset(&rdata, 0, sizeof(rdata));
	146	ret = read_krbsafe(context, authcon, inbuf, key, &rdata, &userdata,
	147	&cksum);
	148	if (ret)
	149	goto cleanup;
151	150
152		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
153		(auth_context->rcache == NULL))
154		return KRB5_RC_REQUIRED;
	151	ret = k5_privsafe_check_replay(context, authcon, &rdata, NULL, cksum);
	152	if (ret)
	153	goto cleanup;
155	154
156		/* Get key */
157		if ((key = auth_context->recv_subkey) == NULL)
158		key = auth_context->key;
159
160		memset(&replaydata, 0, sizeof(replaydata));
161		retval = rd_safe_basic(context, auth_context, inbuf, key, &replaydata,
162		outbuf);
163		if (retval)
164		return retval;
165
166		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
167		krb5_donot_replay replay;
168
169		if ((retval = krb5_check_clockskew(context, replaydata.timestamp)))
170		goto error;
171
172		if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
173		"_safe", &replay.client)))
174		goto error;
175
176		replay.server = ""; /* XXX */
177		replay.msghash = NULL;
178		replay.cusec = replaydata.usec;
179		replay.ctime = replaydata.timestamp;
180		if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
181		free(replay.client);
182		goto error;
	155	if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
	156	if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
	157	ret = KRB5KRB_AP_ERR_BADORDER;
	158	goto cleanup;
183	159	}
184		free(replay.client);
	160	authcon->remote_seq_number++;
185	161	}
186	162
187		if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
188		if (!k5_privsafe_check_seqnum(context, auth_context, replaydata.seq)) {
189		retval = KRB5KRB_AP_ERR_BADORDER;
190		goto error;
191		}
192		auth_context->remote_seq_number++;
	163	if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
	164	(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
	165	rdata_out->timestamp = rdata.timestamp;
	166	rdata_out->usec = rdata.usec;
	167	rdata_out->seq = rdata.seq;
193	168	}
194	169
195		if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) \|\|
196		(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
197		outdata->timestamp = replaydata.timestamp;
198		outdata->usec = replaydata.usec;
199		outdata->seq = replaydata.seq;
200		}
	170	*userdata_out = userdata;
	171	userdata = empty_data();
201	172
202		/* everything is ok - return data to the user */
203		return 0;
204
205		error:
206		free(outbuf->data);
207		return retval;
208
	173	cleanup:
	174	krb5_free_data_contents(context, &userdata);
	175	krb5_free_checksum(context, cksum);
	176	return ret;
209	177	}

+3

-14

src/lib/krb5/krb/recvauth.c less more

57	57	krb5_data outbuf;
58	58	krb5_rcache rcache = 0;
59	59	krb5_octet response;
60		krb5_data null_server;
61	60	krb5_data d;
62	61	int need_error_free = 0;
63	62	int local_rcache = 0, local_authcon = 0;
64	63
65	64	/*
66	65	* Zero out problem variable. If problem is set at the end of
67		* the intial version negotiation section, it means that we
	66	* the initial version negotiation section, it means that we
68	67	* need to send an error code back to the client application
69	68	* and exit.
70	69	*/

131	130	}
132	131	krb5_auth_con_getrcache(context, *auth_context, &rcache);
133	132	if ((!problem) && rcache == NULL) {
134		/*
135		* Setup the replay cache.
136		*/
137		if (server != NULL && server->length > 0) {
138		problem = krb5_get_server_rcache(context, &server->data[0],
139		&rcache);
140		} else {
141		null_server.length = 7;
142		null_server.data = "default";
143		problem = krb5_get_server_rcache(context, &null_server, &rcache);
144		}
	133	problem = k5_rc_default(context, &rcache);
145	134	if (!problem)
146	135	problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
147	136	local_rcache = 1;

219	208	if (local_authcon) {
220	209	krb5_auth_con_free(context, *auth_context);
221	210	} else if (local_rcache && rcache != NULL) {
222		krb5_rc_close(context, rcache);
	211	k5_rc_close(context, rcache);
223	212	krb5_auth_con_setrcache(context, *auth_context, NULL);
224	213	}
225	214	}

+3

-8

src/lib/krb5/krb/s4u_authdata.c less more

417	417	sizep += sizeof(krb5_int32); / princ count */
418	418
419	419	for (i = 0; i < s4uctx->count; i++) {
420		code = krb5_size_opaque(kcontext, KV5M_PRINCIPAL,
421		(krb5_pointer)s4uctx->delegated[i], sizep);
	420	code = k5_size_principal(s4uctx->delegated[i], sizep);
422	421	if (code != 0)
423	422	return code;
424	423	}

456	455	krb5_ser_pack_int32(s4uctx->count, &bp, &remain); /* princ count */
457	456
458	457	for (i = 0; i < s4uctx->count; i++) {
459		code = krb5_externalize_opaque(kcontext, KV5M_PRINCIPAL,
460		(krb5_pointer)s4uctx->delegated[i],
461		&bp, &remain);
	458	code = k5_externalize_principal(s4uctx->delegated[i], &bp, &remain);
462	459	if (code != 0)
463	460	return code;
464	461	}

515	512	goto cleanup;
516	513
517	514	for (i = 0; i < count; i++) {
518		code = krb5_internalize_opaque(kcontext, KV5M_PRINCIPAL,
519		(krb5_pointer *)&delegated[i],
520		&bp, &remain);
	515	code = k5_internalize_principal(&delegated[i], &bp, &remain);
521	516	if (code != 0)
522	517	goto cleanup;
523	518	}

+535

-124

src/lib/krb5/krb/s4u_creds.c less more

35	35	*/
36	36
37	37	static krb5_error_code
38		krb5_get_as_key_noop(
39		krb5_context context,
40		krb5_principal client,
41		krb5_enctype etype,
42		krb5_prompter_fct prompter,
43		void *prompter_data,
44		krb5_data *salt,
45		krb5_data *params,
46		krb5_keyblock *as_key,
47		void *gak_data,
48		k5_response_items *ritems)
49		{
50		/* force a hard error, we don't actually have the key */
51		return KRB5_PREAUTH_FAILED;
52		}
53
54		static krb5_error_code
55	38	s4u_identify_user(krb5_context context,
56	39	krb5_creds *in_creds,
57	40	krb5_data *subject_cert,
58	41	krb5_principal *canon_user)
59	42	{
60		krb5_error_code code;
61		krb5_preauthtype ptypes[1] = { KRB5_PADATA_S4U_X509_USER };
62		krb5_creds creds;
63		int use_master = 0;
64		krb5_get_init_creds_opt *opts = NULL;
65	43	krb5_principal_data client;
66		krb5_s4u_userid userid;
	44	krb5_data empty_name = empty_data();
67	45
68	46	*canon_user = NULL;
69	47

84	62	canon_user);
85	63	}
86	64
87		memset(&creds, 0, sizeof(creds));
88
89		memset(&userid, 0, sizeof(userid));
90		if (subject_cert != NULL)
91		userid.subject_cert = *subject_cert;
92
93		code = krb5_get_init_creds_opt_alloc(context, &opts);
94		if (code != 0)
95		goto cleanup;
96		krb5_get_init_creds_opt_set_tkt_life(opts, 15);
97		krb5_get_init_creds_opt_set_renew_life(opts, 0);
98		krb5_get_init_creds_opt_set_forwardable(opts, 0);
99		krb5_get_init_creds_opt_set_proxiable(opts, 0);
100		krb5_get_init_creds_opt_set_canonicalize(opts, 1);
101		krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
102
103	65	if (in_creds->client != NULL) {
104	66	client = *in_creds->client;
105	67	client.realm = in_creds->server->realm;
106		} else {
107		client.magic = KV5M_PRINCIPAL;
108		client.realm = in_creds->server->realm;
109		/* should this be NULL, empty or a fixed string? XXX */
110		client.data = NULL;
111		client.length = 0;
112		client.type = KRB5_NT_ENTERPRISE_PRINCIPAL;
113		}
114
115		code = k5_get_init_creds(context, &creds, &client, NULL, NULL, 0, NULL,
116		opts, krb5_get_as_key_noop, &userid, &use_master,
117		NULL);
118		if (!code \|\| code == KRB5_PREAUTH_FAILED \|\| code == KRB5KDC_ERR_KEY_EXP) {
119		*canon_user = userid.user;
120		userid.user = NULL;
121		code = 0;
122		}
123
124		cleanup:
125		krb5_free_cred_contents(context, &creds);
126		if (opts != NULL)
127		krb5_get_init_creds_opt_free(context, opts);
128		if (userid.user != NULL)
129		krb5_free_principal(context, userid.user);
130
131		return code;
	68
	69	/* Don't send subject_cert if we have an enterprise principal. */
	70	return k5_identify_realm(context, &client, NULL, canon_user);
	71	}
	72
	73	client.magic = KV5M_PRINCIPAL;
	74	client.realm = in_creds->server->realm;
	75
	76	/*
	77	* Windows clients send the certificate subject as the client name.
	78	* However, Windows KDC seem to be happy with an empty string as long as
	79	* the name-type is NT-X500-PRINCIPAL.
	80	*/
	81	client.data = &empty_name;
	82	client.length = 1;
	83	client.type = KRB5_NT_X500_PRINCIPAL;
	84
	85	return k5_identify_realm(context, &client, subject_cert, canon_user);
132	86	}
133	87
134	88	static krb5_error_code

248	202	krb5_error_code code;
249	203	krb5_pa_s4u_x509_user s4u_user = (krb5_pa_s4u_x509_user )gcvt_data;
250	204	krb5_data *data = NULL;
251		krb5_pa_data **padata;
252	205	krb5_cksumtype cksumtype;
253	206	int i;
254	207

284	237	if (code != 0)
285	238	goto cleanup;
286	239
	240	/* Find the empty PA-S4U-X509-USER element placed in the TGS request padata
	241	* by krb5_get_self_cred_from_kdc() and replace it with the encoding. */
287	242	assert(tgsreq->padata != NULL);
288
289		for (i = 0; tgsreq->padata[i] != NULL; i++)
290		;
291
292		padata = realloc(tgsreq->padata,
293		(i + 2) * sizeof(krb5_pa_data *));
294		if (padata == NULL) {
295		code = ENOMEM;
296		goto cleanup;
297		}
298		tgsreq->padata = padata;
299
300		padata[i] = malloc(sizeof(krb5_pa_data));
301		if (padata[i] == NULL) {
302		code = ENOMEM;
303		goto cleanup;
304		}
305		padata[i]->magic = KV5M_PA_DATA;
306		padata[i]->pa_type = KRB5_PADATA_S4U_X509_USER;
307		padata[i]->length = data->length;
308		padata[i]->contents = (krb5_octet *)data->data;
309
310		padata[i + 1] = NULL;
311
	243	for (i = 0; tgsreq->padata[i] != NULL; i++) {
	244	if (tgsreq->padata[i]->pa_type == KRB5_PADATA_S4U_X509_USER)
	245	break;
	246	}
	247	assert(tgsreq->padata[i] != NULL);
	248	free(tgsreq->padata[i]->contents);
	249	tgsreq->padata[i]->length = data->length;
	250	tgsreq->padata[i]->contents = (krb5_octet *)data->data;
312	251	free(data);
313	252	data = NULL;
314	253

322	261	return code;
323	262	}
324	263
	264	/*
	265	* Validate the S4U2Self padata in the KDC reply. If update_req_user is true
	266	* and the KDC sent S4U-X509-USER padata, replace req_s4u_user->user_id.user
	267	* with the checksum-protected client name from the KDC. If update_req_user is
	268	* false, verify that the client name has not changed.
	269	*/
325	270	static krb5_error_code
326	271	verify_s4u2self_reply(krb5_context context,
327	272	krb5_keyblock *subkey,
328	273	krb5_pa_s4u_x509_user *req_s4u_user,
329	274	krb5_pa_data **rep_padata,
330		krb5_pa_data **enc_padata)
	275	krb5_pa_data **enc_padata,
	276	krb5_boolean update_req_user)
331	277	{
332	278	krb5_error_code code;
333	279	krb5_pa_data rep_s4u_padata, enc_s4u_padata;

340	286	assert(req_s4u_user != NULL);
341	287
342	288	switch (subkey->enctype) {
343		case ENCTYPE_DES_CBC_CRC:
344		case ENCTYPE_DES_CBC_MD4:
345		case ENCTYPE_DES_CBC_MD5:
346	289	case ENCTYPE_DES3_CBC_SHA1:
347	290	case ENCTYPE_DES3_CBC_RAW:
348	291	case ENCTYPE_ARCFOUR_HMAC:

395	338	if (code != 0)
396	339	goto cleanup;
397	340	if (valid == FALSE) {
	341	code = KRB5_KDCREP_MODIFIED;
	342	goto cleanup;
	343	}
	344
	345	if (rep_s4u_user->user_id.user == NULL \|\|
	346	rep_s4u_user->user_id.user->length == 0) {
	347	code = KRB5_KDCREP_MODIFIED;
	348	goto cleanup;
	349	}
	350
	351	if (update_req_user) {
	352	krb5_free_principal(context, req_s4u_user->user_id.user);
	353	code = krb5_copy_principal(context, rep_s4u_user->user_id.user,
	354	&req_s4u_user->user_id.user);
	355	if (code != 0)
	356	goto cleanup;
	357	} else if (!krb5_principal_compare(context, rep_s4u_user->user_id.user,
	358	req_s4u_user->user_id.user)) {
398	359	code = KRB5_KDCREP_MODIFIED;
399	360	goto cleanup;
400	361	}

503	464	}
504	465	} else {
505	466	code = krb5_build_principal_ext(context, &s4u_user.user_id.user,
506		user_realm->length,
507		user_realm->data);
	467	user_realm->length, user_realm->data,
	468	0);
508	469	if (code != 0)
509	470	goto cleanup;
510		s4u_user.user_id.user->type = KRB5_NT_ENTERPRISE_PRINCIPAL;
511	471	}
512	472	if (subject_cert != NULL)
513	473	s4u_user.user_id.subject_cert = *subject_cert;

557	517	krb5_pa_data **enc_padata = NULL;
558	518	krb5_keyblock *subkey = NULL;
559	519
	520	in_padata = k5calloc(3, sizeof(krb5_pa_data *), &code);
	521	if (in_padata == NULL)
	522	goto cleanup;
	523
	524	in_padata[0] = k5alloc(sizeof(krb5_pa_data), &code);
	525	if (in_padata[0] == NULL) {
	526	krb5_free_pa_data(context, in_padata);
	527	goto cleanup;
	528	}
	529
	530	in_padata[0]->magic = KV5M_PA_DATA;
	531	in_padata[0]->pa_type = KRB5_PADATA_S4U_X509_USER;
	532	in_padata[0]->length = 0;
	533	in_padata[0]->contents = NULL;
	534
560	535	if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) {
561		in_padata = calloc(2, sizeof(krb5_pa_data *));
562		if (in_padata == NULL) {
563		code = ENOMEM;
564		goto cleanup;
565		}
566		code = build_pa_for_user(context,
567		tgtptr,
568		&s4u_user.user_id, &in_padata[0]);
	536	code = build_pa_for_user(context, tgtptr, &s4u_user.user_id,
	537	&in_padata[1]);
569	538	if (code != 0) {
570	539	krb5_free_pa_data(context, in_padata);
571	540	goto cleanup;

598	567	goto cleanup;
599	568	}
600	569
601		code = verify_s4u2self_reply(context, subkey, &s4u_user,
602		out_padata, enc_padata);
	570	/* Update s4u_user.user_id.user if this is the initial request to the
	571	* client realm; otherwise verify that it doesn't change. */
	572	code = verify_s4u2self_reply(context, subkey, &s4u_user, out_padata,
	573	enc_padata, referral_count == 0);
603	574
604	575	krb5_free_checksum_contents(context, &s4u_user.cksum);
605	576	krb5_free_pa_data(context, in_padata);

610	581	if (code != 0)
611	582	goto cleanup;
612	583
	584	/* The authdata in this referral TGT will be copied into the final
	585	* credentials, so we don't need to request it again. */
	586	s4u_creds.authdata = NULL;
	587
	588	/* Only include a cert in the initial request to the client realm. */
	589	s4u_user.user_id.subject_cert = empty_data();
	590
613	591	if (krb5_principal_compare(context,
614	592	in_creds->server,
615	593	(*out_creds)->server)) {
616		code = 0;
	594	/* Verify that the unprotected client name in the reply matches the
	595	* checksum-protected one from the client realm's KDC padata. */
	596	if (!krb5_principal_compare(context, (*out_creds)->client,
	597	s4u_user.user_id.user))
	598	code = KRB5_KDCREP_MODIFIED;
617	599	goto cleanup;
618	600	} else if (IS_TGS_PRINC((*out_creds)->server)) {
619	601	krb5_data *r1 = &tgtptr->server->data[1];

709	691
710	692	assert(*out_creds != NULL);
711	693
	694	/* If we canonicalized the client name or discovered it using subject_cert,
	695	* check if we had cached credentials and return them if found. */
	696	if (in_creds->client == NULL \|\|
	697	!krb5_principal_compare(context, in_creds->client,
	698	(*out_creds)->client)) {
	699	krb5_creds *old_creds;
	700	krb5_creds mcreds = *in_creds;
	701	mcreds.client = (*out_creds)->client;
	702	code = krb5_get_credentials(context, options \| KRB5_GC_CACHED, ccache,
	703	&mcreds, &old_creds);
	704	if (code == 0) {
	705	krb5_free_creds(context, *out_creds);
	706	*out_creds = old_creds;
	707	options \|= KRB5_GC_NO_STORE;
	708	} else if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) {
	709	goto cleanup;
	710	}
	711	code = 0;
	712	}
	713
	714	/* Note the authdata we asked for in the output creds. */
	715	code = krb5_copy_authdata(context, in_creds->authdata,
	716	&(*out_creds)->authdata);
	717	if (code)
	718	goto cleanup;
	719
712	720	if ((options & KRB5_GC_NO_STORE) == 0) {
713	721	code = krb5_cc_store_cred(context, ccache, *out_creds);
714	722	if (code != 0)

723	731
724	732	krb5_free_principal(context, realm);
725	733
	734	return code;
	735	}
	736
	737	static krb5_error_code
	738	check_rbcd_support(krb5_context context, krb5_pa_data **padata)
	739	{
	740	krb5_error_code code;
	741	krb5_pa_data *pa;
	742	krb5_pa_pac_options *pac_options;
	743	krb5_data der_pac_options;
	744
	745	pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_PAC_OPTIONS);
	746	if (pa == NULL)
	747	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
	748
	749	der_pac_options = make_data(pa->contents, pa->length);
	750	code = decode_krb5_pa_pac_options(&der_pac_options, &pac_options);
	751	if (code)
	752	return code;
	753
	754	if (!(pac_options->options & KRB5_PA_PAC_OPTIONS_RBCD))
	755	code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
	756
	757	free(pac_options);
	758	return code;
	759	}
	760
	761	static krb5_error_code
	762	add_rbcd_padata(krb5_context context, krb5_pa_data ***in_padata)
	763	{
	764	krb5_error_code code;
	765	krb5_pa_pac_options pac_options;
	766	krb5_data *der_pac_options = NULL;
	767
	768	memset(&pac_options, 0, sizeof(pac_options));
	769	pac_options.options \|= KRB5_PA_PAC_OPTIONS_RBCD;
	770
	771	code = encode_krb5_pa_pac_options(&pac_options, &der_pac_options);
	772	if (code)
	773	return code;
	774
	775	code = k5_add_pa_data_from_data(in_padata, KRB5_PADATA_PAC_OPTIONS,
	776	der_pac_options);
	777	krb5_free_data(context, der_pac_options);
	778	return code;
	779	}
	780
	781	/* Set tgt_out to a local TGT for the client realm retrieved from ccache. /
	782	static krb5_error_code
	783	get_client_tgt(krb5_context context, krb5_flags options, krb5_ccache ccache,
	784	krb5_principal client, krb5_creds **tgt_out)
	785	{
	786	krb5_error_code code;
	787	krb5_principal tgs;
	788	krb5_creds mcreds;
	789
	790	*tgt_out = NULL;
	791
	792	code = krb5int_tgtname(context, &client->realm, &client->realm, &tgs);
	793	if (code)
	794	return code;
	795
	796	memset(&mcreds, 0, sizeof(mcreds));
	797	mcreds.client = client;
	798	mcreds.server = tgs;
	799	code = krb5_get_credentials(context, options, ccache, &mcreds, tgt_out);
	800	krb5_free_principal(context, tgs);
	801	return code;
	802	}
	803
	804	/*
	805	* Copy req_server to *out_server. If req_server has the referral realm, set
	806	* the realm of *out_server to realm. Otherwise the S4U2Proxy request will
	807	* fail unless the specified realm is the same as the TGT (or an alias to it).
	808	*/
	809	static krb5_error_code
	810	normalize_server_princ(krb5_context context, const krb5_data *realm,
	811	krb5_principal req_server, krb5_principal *out_server)
	812	{
	813	krb5_error_code code;
	814	krb5_principal server;
	815
	816	*out_server = NULL;
	817
	818	code = krb5_copy_principal(context, req_server, &server);
	819	if (code)
	820	return code;
	821
	822	if (krb5_is_referral_realm(&server->realm)) {
	823	krb5_free_data_contents(context, &server->realm);
	824	code = krb5int_copy_data_contents(context, realm, &server->realm);
	825	if (code) {
	826	krb5_free_principal(context, server);
	827	return code;
	828	}
	829	}
	830
	831	*out_server = server;
	832	return 0;
	833	}
	834
	835	/* Return an error if server is present in referral_list. */
	836	static krb5_error_code
	837	check_referral_path(krb5_context context, krb5_principal server,
	838	krb5_creds **referral_list, int referral_count)
	839	{
	840	int i;
	841
	842	for (i = 0; i < referral_count; i++) {
	843	if (krb5_principal_compare(context, server, referral_list[i]->server))
	844	return KRB5_KDC_UNREACH;
	845	}
	846	return 0;
	847	}
	848
	849	/*
	850	* Make TGS requests for in_creds using *tgt_inout, following referrals until
	851	* the requested service ticket is issued. Replace *tgt_inout with the final
	852	* TGT used, or free it and set it to NULL on error. Place the final creds
	853	* received in *creds_out.
	854	*/
	855	static krb5_error_code
	856	chase_referrals(krb5_context context, krb5_creds *in_creds, krb5_flags kdcopt,
	857	krb5_creds tgt_inout, krb5_creds creds_out)
	858	{
	859	krb5_error_code code;
	860	krb5_creds *referral_tgts[KRB5_REFERRAL_MAXHOPS] = { NULL };
	861	krb5_creds mcreds, tgt, tkt = NULL;
	862	krb5_principal_data server;
	863	int referral_count = 0, i;
	864
	865	tgt = *tgt_inout;
	866	*tgt_inout = NULL;
	867	*creds_out = NULL;
	868
	869	mcreds = *in_creds;
	870	server = *in_creds->server;
	871	mcreds.server = &server;
	872
	873	for (referral_count = 0; referral_count < KRB5_REFERRAL_MAXHOPS;
	874	referral_count++) {
	875	code = krb5_get_cred_via_tkt(context, tgt, kdcopt, tgt->addresses,
	876	&mcreds, &tkt);
	877	if (code)
	878	goto cleanup;
	879
	880	if (krb5_principal_compare_any_realm(context, mcreds.server,
	881	tkt->server)) {
	882	*creds_out = tkt;
	883	*tgt_inout = tgt;
	884	tkt = tgt = NULL;
	885	goto cleanup;
	886	}
	887
	888	if (!IS_TGS_PRINC(tkt->server)) {
	889	code = KRB5KRB_AP_WRONG_PRINC;
	890	goto cleanup;
	891	}
	892
	893	if (data_eq(tgt->server->data[1], tkt->server->data[1])) {
	894	code = KRB5_ERR_HOST_REALM_UNKNOWN;
	895	goto cleanup;
	896	}
	897
	898	code = check_referral_path(context, tkt->server, referral_tgts,
	899	referral_count);
	900	if (code)
	901	goto cleanup;
	902
	903	referral_tgts[referral_count] = tgt;
	904	tgt = tkt;
	905	tkt = NULL;
	906	server.realm = tgt->server->data[1];
	907	}
	908
	909	/* Max hop count exceeded. */
	910	code = KRB5_KDCREP_MODIFIED;
	911
	912	cleanup:
	913	for (i = 0; i < KRB5_REFERRAL_MAXHOPS; i++)
	914	krb5_free_creds(context, referral_tgts[i]);
	915	krb5_free_creds(context, tkt);
	916	krb5_free_creds(context, tgt);
	917	return code;
	918	}
	919
	920	/*
	921	* Make non-S4U2Proxy TGS requests for in_creds using *tgt_inout, following
	922	* referrals until the requested service ticket is returned. Discard the
	923	* service ticket, but replace *tgt_inout with the final referral TGT.
	924	*/
	925	static krb5_error_code
	926	get_tgt_to_target_realm(krb5_context context, krb5_creds *in_creds,
	927	krb5_flags req_kdcopt, krb5_creds **tgt_inout)
	928	{
	929	krb5_error_code code;
	930	krb5_flags kdcopt;
	931	krb5_creds mcreds, *out;
	932
	933	mcreds = *in_creds;
	934	mcreds.second_ticket = empty_data();
	935	kdcopt = FLAGS2OPTS((*tgt_inout)->ticket_flags) \| req_kdcopt;
	936
	937	code = chase_referrals(context, &mcreds, kdcopt, tgt_inout, &out);
	938	krb5_free_creds(context, out);
	939
	940	return code;
	941	}
	942
	943	/*
	944	* Make TGS requests for a cross-TGT to realm using *tgt_inout, following
	945	* alternate TGS replies until the requested TGT is issued. Replace *tgt_inout
	946	* with the result. Do nothing if *tgt_inout is already a cross-TGT for realm.
	947	*/
	948	static krb5_error_code
	949	get_target_realm_proxy_tgt(krb5_context context, const krb5_data *realm,
	950	krb5_flags req_kdcopt, krb5_creds **tgt_inout)
	951	{
	952	krb5_error_code code;
	953	krb5_creds mcreds, *out;
	954	krb5_principal tgs;
	955	krb5_flags flags;
	956
	957	if (data_eq(realm, (tgt_inout)->server->data[1]))
	958	return 0;
	959
	960	code = krb5int_tgtname(context, realm, &(*tgt_inout)->server->data[1],
	961	&tgs);
	962	if (code)
	963	return code;
	964
	965	memset(&mcreds, 0, sizeof(mcreds));
	966	mcreds.client = (*tgt_inout)->client;
	967	mcreds.server = tgs;
	968	flags = req_kdcopt \| FLAGS2OPTS((*tgt_inout)->ticket_flags);
	969
	970	code = chase_referrals(context, &mcreds, flags, tgt_inout, &out);
	971	krb5_free_principal(context, tgs);
	972	if (code)
	973	return code;
	974
	975	krb5_free_creds(context, *tgt_inout);
	976	*tgt_inout = out;
	977
	978	return 0;
	979	}
	980
	981	krb5_error_code
	982	k5_get_proxy_cred_from_kdc(krb5_context context, krb5_flags options,
	983	krb5_ccache ccache, krb5_creds *in_creds,
	984	krb5_creds **out_creds)
	985	{
	986	krb5_error_code code;
	987	krb5_flags flags, req_kdcopt = 0;
	988	krb5_principal server = NULL;
	989	krb5_pa_data **in_padata = NULL;
	990	krb5_pa_data **enc_padata = NULL;
	991	krb5_creds mcreds, tgt = NULL, tkt = NULL;
	992
	993	*out_creds = NULL;
	994
	995	if (in_creds->second_ticket.length == 0 \|\|
	996	(options & KRB5_GC_CONSTRAINED_DELEGATION) == 0)
	997	return EINVAL;
	998
	999	options &= ~KRB5_GC_CONSTRAINED_DELEGATION;
	1000
	1001	code = get_client_tgt(context, options, ccache, in_creds->client, &tgt);
	1002	if (code)
	1003	goto cleanup;
	1004
	1005	code = normalize_server_princ(context, &in_creds->client->realm,
	1006	in_creds->server, &server);
	1007	if (code)
	1008	goto cleanup;
	1009
	1010	code = add_rbcd_padata(context, &in_padata);
	1011	if (code)
	1012	goto cleanup;
	1013
	1014	if (options & KRB5_GC_CANONICALIZE)
	1015	req_kdcopt \|= KDC_OPT_CANONICALIZE;
	1016	if (options & KRB5_GC_FORWARDABLE)
	1017	req_kdcopt \|= KDC_OPT_FORWARDABLE;
	1018	if (options & KRB5_GC_NO_TRANSIT_CHECK)
	1019	req_kdcopt \|= KDC_OPT_DISABLE_TRANSITED_CHECK;
	1020
	1021	mcreds = *in_creds;
	1022	mcreds.server = server;
	1023
	1024	flags = req_kdcopt \| FLAGS2OPTS(tgt->ticket_flags) \|
	1025	KDC_OPT_CNAME_IN_ADDL_TKT \| KDC_OPT_CANONICALIZE;
	1026	code = krb5_get_cred_via_tkt_ext(context, tgt, flags, tgt->addresses,
	1027	in_padata, &mcreds, NULL, NULL, NULL,
	1028	&enc_padata, &tkt, NULL);
	1029
	1030	/*
	1031	* If the server principal name included a foreign realm which wasn't an
	1032	* alias for the local realm, the KDC won't be able to decrypt the TGT.
	1033	* Windows KDCs will return a BAD_INTEGRITY error in this case, while MIT
	1034	* KDCs will return S_PRINCIPAL_UNKNOWN. We cannot distinguish the latter
	1035	* error from the service principal actually being unknown in the realm,
	1036	* but set a comprehensible error message for the BAD_INTEGRITY error.
	1037	*/
	1038	if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY &&
	1039	!krb5_realm_compare(context, in_creds->client, server)) {
	1040	k5_setmsg(context, code, _("Realm specified but S4U2Proxy must use "
	1041	"referral realm"));
	1042	}
	1043
	1044	if (code)
	1045	goto cleanup;
	1046
	1047	if (!krb5_principal_compare_any_realm(context, server, tkt->server)) {
	1048	/* Make sure we got a referral. */
	1049	if (!IS_TGS_PRINC(tkt->server)) {
	1050	code = KRB5KRB_AP_WRONG_PRINC;
	1051	goto cleanup;
	1052	}
	1053
	1054	/* The authdata in this referral TGT will be copied into the final
	1055	* credentials, so we don't need to request it again. */
	1056	mcreds.authdata = NULL;
	1057
	1058	/*
	1059	* Make sure the KDC supports S4U and resource-based constrained
	1060	* delegation; otherwise we might have gotten a regular TGT referral
	1061	* rather than a proxy TGT referral.
	1062	*/
	1063	code = check_rbcd_support(context, enc_padata);
	1064	if (code)
	1065	goto cleanup;
	1066
	1067	krb5_free_pa_data(context, enc_padata);
	1068	enc_padata = NULL;
	1069
	1070	/*
	1071	* Replace tgt with a regular (not proxy) TGT to the target realm, by
	1072	* making a normal TGS request and following referrals. Per [MS-SFU]
	1073	* 3.1.5.2.2, we need this TGT to make the final TGS request.
	1074	*/
	1075	code = get_tgt_to_target_realm(context, &mcreds, req_kdcopt, &tgt);
	1076	if (code)
	1077	goto cleanup;
	1078
	1079	/*
	1080	* Replace tkt with a proxy TGT (meaning, one obtained using the
	1081	* referral TGT we got from the first S4U2Proxy request) to the target
	1082	* realm, if it isn't already one.
	1083	*/
	1084	code = get_target_realm_proxy_tgt(context, &tgt->server->data[1],
	1085	req_kdcopt, &tkt);
	1086	if (code)
	1087	goto cleanup;
	1088
	1089	krb5_free_data_contents(context, &server->realm);
	1090	code = krb5int_copy_data_contents(context, &tgt->server->data[1],
	1091	&server->realm);
	1092	if (code)
	1093	goto cleanup;
	1094
	1095	/* Make an S4U2Proxy request to the target realm using the regular TGT,
	1096	* with the proxy TGT as the evidence ticket. */
	1097	mcreds.second_ticket = tkt->ticket;
	1098	tkt->ticket = empty_data();
	1099	krb5_free_creds(context, tkt);
	1100	tkt = NULL;
	1101	flags = req_kdcopt \| FLAGS2OPTS(tgt->ticket_flags) \|
	1102	KDC_OPT_CNAME_IN_ADDL_TKT \| KDC_OPT_CANONICALIZE;
	1103	code = krb5_get_cred_via_tkt_ext(context, tgt, flags, tgt->addresses,
	1104	in_padata, &mcreds, NULL, NULL, NULL,
	1105	&enc_padata, &tkt, NULL);
	1106	free(mcreds.second_ticket.data);
	1107	if (code)
	1108	goto cleanup;
	1109
	1110	code = check_rbcd_support(context, enc_padata);
	1111	if (code)
	1112	goto cleanup;
	1113
	1114	if (!krb5_principal_compare(context, server, tkt->server)) {
	1115	code = KRB5KRB_AP_WRONG_PRINC;
	1116	goto cleanup;
	1117	}
	1118	}
	1119
	1120	if (!krb5_principal_compare(context, in_creds->server, tkt->server)) {
	1121	krb5_free_principal(context, tkt->server);
	1122	tkt->server = NULL;
	1123	code = krb5_copy_principal(context, in_creds->server, &tkt->server);
	1124	if (code)
	1125	goto cleanup;
	1126	}
	1127
	1128	/* Note the authdata we asked for in the output creds. */
	1129	code = krb5_copy_authdata(context, in_creds->authdata, &tkt->authdata);
	1130	if (code)
	1131	goto cleanup;
	1132
	1133	if (!(options & KRB5_GC_NO_STORE))
	1134	(void)krb5_cc_store_cred(context, ccache, tkt);
	1135
	1136	*out_creds = tkt;
	1137	tkt = NULL;
	1138
	1139	cleanup:
	1140	krb5_free_creds(context, tgt);
	1141	krb5_free_creds(context, tkt);
	1142	krb5_free_principal(context, server);
	1143	krb5_free_pa_data(context, in_padata);
	1144	krb5_free_pa_data(context, enc_padata);
726	1145	return code;
727	1146	}
728	1147

749	1168
750	1169	*out_creds = NULL;
751	1170
752		if (in_creds == NULL \|\| in_creds->client == NULL \|\|
753		evidence_tkt == NULL \|\| evidence_tkt->enc_part2 == NULL) {
	1171	if (in_creds == NULL \|\| in_creds->client == NULL \|\| evidence_tkt == NULL) {
754	1172	code = EINVAL;
755	1173	goto cleanup;
756	1174	}
757	1175
758	1176	/*
759	1177	* Caller should have set in_creds->client to match evidence
760		* ticket client
	1178	* ticket client. If we can, verify it before issuing the request.
761	1179	*/
762		if (!krb5_principal_compare(context, evidence_tkt->enc_part2->client,
	1180	if (evidence_tkt->enc_part2 != NULL &&
	1181	!krb5_principal_compare(context, evidence_tkt->enc_part2->client,
763	1182	in_creds->client)) {
764	1183	code = EINVAL;
765		goto cleanup;
766		}
767
768		if ((evidence_tkt->enc_part2->flags & TKT_FLG_FORWARDABLE) == 0) {
769		code = KRB5_TKT_NOT_FORWARDABLE;
770	1184	goto cleanup;
771	1185	}
772	1186

802	1216	s4u_creds.client = evidence_tkt->server;
803	1217	s4u_creds.second_ticket = *evidence_tkt_data;
804	1218
805		code = krb5_get_credentials(context,
806		options \| KRB5_GC_CONSTRAINED_DELEGATION,
807		ccache,
808		&s4u_creds,
809		out_creds);
	1219	code = k5_get_proxy_cred_from_kdc(context,
	1220	options \| KRB5_GC_CONSTRAINED_DELEGATION,
	1221	ccache, &s4u_creds, out_creds);
810	1222	if (code != 0)
811	1223	goto cleanup;
812	1224

814	1226	* Check client name because we couldn't compare that inside
815	1227	* krb5_get_credentials() (enc_part2 is unavailable in clear)
816	1228	*/
817		if (!krb5_principal_compare(context,
818		evidence_tkt->enc_part2->client,
	1229	if (!krb5_principal_compare(context, in_creds->client,
819	1230	(*out_creds)->client)) {
820	1231	code = KRB5_KDCREP_MODIFIED;
821	1232	goto cleanup;

+1

-18

src/lib/krb5/krb/send_tgs.c less more

52	52	krb5_creds tgt, krb5_keyblock subkey,
53	53	krb5_data **ap_req_asn1_out)
54	54	{
55		krb5_cksumtype cksumtype;
56	55	krb5_error_code ret;
57	56	krb5_checksum checksum;
58	57	krb5_authenticator authent;

66	65	memset(&ap_req, 0, sizeof(ap_req));
67	66	memset(&authent_enc, 0, sizeof(authent_enc));
68	67
69		/* Determine the authenticator checksum type. */
70		switch (tgt->keyblock.enctype) {
71		case ENCTYPE_DES_CBC_CRC:
72		case ENCTYPE_DES_CBC_MD4:
73		case ENCTYPE_DES_CBC_MD5:
74		case ENCTYPE_ARCFOUR_HMAC:
75		case ENCTYPE_ARCFOUR_HMAC_EXP:
76		cksumtype = context->kdc_req_sumtype;
77		break;
78		default:
79		ret = krb5int_c_mandatory_cksumtype(context, tgt->keyblock.enctype,
80		&cksumtype);
81		if (ret)
82		goto cleanup;
83		}
84
85	68	/* Generate checksum. */
86		ret = krb5_c_make_checksum(context, cksumtype, &tgt->keyblock,
	69	ret = krb5_c_make_checksum(context, 0, &tgt->keyblock,
87	70	KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, checksum_data,
88	71	&checksum);
89	72	if (ret)

+59

-206

src/lib/krb5/krb/ser_actx.c less more

35	35	#define TOKEN_LSKBLOCK 950921
36	36	#define TOKEN_RSKBLOCK 950922
37	37
38		/*
39		* Routines to deal with externalizing the krb5_auth_context:
40		* krb5_auth_context_size();
41		* krb5_auth_context_externalize();
42		* krb5_auth_context_internalize();
43		*/
44		static krb5_error_code krb5_auth_context_size
45		(krb5_context, krb5_pointer, size_t *);
46		static krb5_error_code krb5_auth_context_externalize
47		(krb5_context, krb5_pointer, krb5_octet *, size_t );
48		static krb5_error_code krb5_auth_context_internalize
49		(krb5_context,krb5_pointer , krb5_octet , size_t );
50
51		/*
52		* Other metadata serialization initializers.
53		*/
54
55		/* Local data */
56		static const krb5_ser_entry krb5_auth_context_ser_entry = {
57		KV5M_AUTH_CONTEXT, /* Type */
58		krb5_auth_context_size, /* Sizer routine */
59		krb5_auth_context_externalize, /* Externalize routine */
60		krb5_auth_context_internalize /* Internalize routine */
61		};
62
63		/*
64		* krb5_auth_context_size() - Determine the size required to externalize
65		* the krb5_auth_context.
66		*/
67		static krb5_error_code
68		krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	38	krb5_error_code
	39	k5_size_auth_context(krb5_auth_context auth_context, size_t *sizep)
69	40	{
70	41	krb5_error_code kret;
71		krb5_auth_context auth_context;
72	42	size_t required;
73	43
74	44	/*

83	53	* krb5_int32 for KV5M_AUTH_CONTEXT
84	54	*/
85	55	kret = EINVAL;
86		if ((auth_context = (krb5_auth_context) arg)) {
	56	if (auth_context != NULL) {
87	57	kret = 0;
88	58
89	59	required = auth_context->cstate.length;

91	61
92	62	/* Calculate size required by remote_addr, if appropriate */
93	63	if (!kret && auth_context->remote_addr) {
94		kret = krb5_size_opaque(kcontext,
95		KV5M_ADDRESS,
96		(krb5_pointer) auth_context->remote_addr,
97		&required);
	64	kret = k5_size_address(auth_context->remote_addr, &required);
98	65	if (!kret)
99	66	required += sizeof(krb5_int32);
100	67	}
101	68
102	69	/* Calculate size required by remote_port, if appropriate */
103	70	if (!kret && auth_context->remote_port) {
104		kret = krb5_size_opaque(kcontext,
105		KV5M_ADDRESS,
106		(krb5_pointer) auth_context->remote_port,
107		&required);
	71	kret = k5_size_address(auth_context->remote_port, &required);
108	72	if (!kret)
109	73	required += sizeof(krb5_int32);
110	74	}
111	75
112	76	/* Calculate size required by local_addr, if appropriate */
113	77	if (!kret && auth_context->local_addr) {
114		kret = krb5_size_opaque(kcontext,
115		KV5M_ADDRESS,
116		(krb5_pointer) auth_context->local_addr,
117		&required);
	78	kret = k5_size_address(auth_context->local_addr, &required);
118	79	if (!kret)
119	80	required += sizeof(krb5_int32);
120	81	}
121	82
122	83	/* Calculate size required by local_port, if appropriate */
123	84	if (!kret && auth_context->local_port) {
124		kret = krb5_size_opaque(kcontext,
125		KV5M_ADDRESS,
126		(krb5_pointer) auth_context->local_port,
127		&required);
	85	kret = k5_size_address(auth_context->local_port, &required);
128	86	if (!kret)
129	87	required += sizeof(krb5_int32);
130	88	}
131	89
132	90	/* Calculate size required by key, if appropriate */
133	91	if (!kret && auth_context->key) {
134		kret = krb5_size_opaque(kcontext,
135		KV5M_KEYBLOCK, (krb5_pointer)
136		&auth_context->key->keyblock,
137		&required);
	92	kret = k5_size_keyblock(&auth_context->key->keyblock, &required);
138	93	if (!kret)
139	94	required += sizeof(krb5_int32);
140	95	}
141	96
142	97	/* Calculate size required by send_subkey, if appropriate */
143	98	if (!kret && auth_context->send_subkey) {
144		kret = krb5_size_opaque(kcontext,
145		KV5M_KEYBLOCK, (krb5_pointer)
146		&auth_context->send_subkey->keyblock,
	99	kret = k5_size_keyblock(&auth_context->send_subkey->keyblock,
147	100	&required);
148	101	if (!kret)
149	102	required += sizeof(krb5_int32);

151	104
152	105	/* Calculate size required by recv_subkey, if appropriate */
153	106	if (!kret && auth_context->recv_subkey) {
154		kret = krb5_size_opaque(kcontext,
155		KV5M_KEYBLOCK, (krb5_pointer)
156		&auth_context->recv_subkey->keyblock,
	107	kret = k5_size_keyblock(&auth_context->recv_subkey->keyblock,
157	108	&required);
158	109	if (!kret)
159	110	required += sizeof(krb5_int32);

161	112
162	113	/* Calculate size required by authentp, if appropriate */
163	114	if (!kret && auth_context->authentp)
164		kret = krb5_size_opaque(kcontext,
165		KV5M_AUTHENTICATOR,
166		(krb5_pointer) auth_context->authentp,
167		&required);
	115	kret = k5_size_authenticator(auth_context->authentp, &required);
168	116
169	117	}
170	118	if (!kret)

172	120	return(kret);
173	121	}
174	122
175		/*
176		* krb5_auth_context_externalize() - Externalize the krb5_auth_context.
177		*/
178		static krb5_error_code
179		krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	123	krb5_error_code
	124	k5_externalize_auth_context(krb5_auth_context auth_context,
	125	krb5_octet *buffer, size_t lenremain)
180	126	{
181	127	krb5_error_code kret;
182		krb5_auth_context auth_context;
183	128	size_t required;
184	129	krb5_octet *bp;
185	130	size_t remain;

188	133	bp = *buffer;
189	134	remain = *lenremain;
190	135	kret = EINVAL;
191		if ((auth_context = (krb5_auth_context) arg)) {
	136	if (auth_context != NULL) {
192	137	kret = ENOMEM;
193		if (!krb5_auth_context_size(kcontext, arg, &required) &&
194		(required <= remain)) {
	138	if (!k5_size_auth_context(auth_context, &required) &&
	139	required <= remain) {
195	140
196	141	/* Write fixed portion */
197	142	(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);

218	163	/* Now handle remote_addr, if appropriate */
219	164	if (!kret && auth_context->remote_addr) {
220	165	(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
221		kret = krb5_externalize_opaque(kcontext,
222		KV5M_ADDRESS,
223		(krb5_pointer)
224		auth_context->remote_addr,
225		&bp,
226		&remain);
	166	kret = k5_externalize_address(auth_context->remote_addr,
	167	&bp, &remain);
227	168	}
228	169
229	170	/* Now handle remote_port, if appropriate */
230	171	if (!kret && auth_context->remote_port) {
231	172	(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
232		kret = krb5_externalize_opaque(kcontext,
233		KV5M_ADDRESS,
234		(krb5_pointer)
235		auth_context->remote_addr,
236		&bp,
237		&remain);
	173	kret = k5_externalize_address(auth_context->remote_addr,
	174	&bp, &remain);
238	175	}
239	176
240	177	/* Now handle local_addr, if appropriate */
241	178	if (!kret && auth_context->local_addr) {
242	179	(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
243		kret = krb5_externalize_opaque(kcontext,
244		KV5M_ADDRESS,
245		(krb5_pointer)
246		auth_context->local_addr,
247		&bp,
248		&remain);
	180	kret = k5_externalize_address(auth_context->local_addr,
	181	&bp, &remain);
249	182	}
250	183
251	184	/* Now handle local_port, if appropriate */
252	185	if (!kret && auth_context->local_port) {
253	186	(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
254		kret = krb5_externalize_opaque(kcontext,
255		KV5M_ADDRESS,
256		(krb5_pointer)
257		auth_context->local_addr,
258		&bp,
259		&remain);
	187	kret = k5_externalize_address(auth_context->local_addr,
	188	&bp, &remain);
260	189	}
261	190
262	191	/* Now handle keyblock, if appropriate */
263	192	if (!kret && auth_context->key) {
264	193	(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
265		kret = krb5_externalize_opaque(kcontext,
266		KV5M_KEYBLOCK,
267		(krb5_pointer)
268		&auth_context->key->keyblock,
269		&bp,
270		&remain);
	194	kret = k5_externalize_keyblock(&auth_context->key->keyblock,
	195	&bp, &remain);
271	196	}
272	197
273	198	/* Now handle subkey, if appropriate */
274	199	if (!kret && auth_context->send_subkey) {
275	200	(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
276		kret = krb5_externalize_opaque(kcontext,
277		KV5M_KEYBLOCK,
278		(krb5_pointer) &auth_context->
	201	kret = k5_externalize_keyblock(&auth_context->
279	202	send_subkey->keyblock,
280		&bp,
281		&remain);
	203	&bp, &remain);
282	204	}
283	205
284	206	/* Now handle subkey, if appropriate */
285	207	if (!kret && auth_context->recv_subkey) {
286	208	(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
287		kret = krb5_externalize_opaque(kcontext,
288		KV5M_KEYBLOCK,
289		(krb5_pointer) &auth_context->
	209	kret = k5_externalize_keyblock(&auth_context->
290	210	recv_subkey->keyblock,
291		&bp,
292		&remain);
	211	&bp, &remain);
293	212	}
294	213
295	214	/* Now handle authentp, if appropriate */
296	215	if (!kret && auth_context->authentp)
297		kret = krb5_externalize_opaque(kcontext,
298		KV5M_AUTHENTICATOR,
299		(krb5_pointer)
300		auth_context->authentp,
301		&bp,
302		&remain);
	216	kret = k5_externalize_authenticator(auth_context->authentp,
	217	&bp, &remain);
303	218
304	219	/*
305	220	* If we were successful, write trailer then update the pointer and

318	233
319	234	/* Internalize a keyblock and convert it to a key. */
320	235	static krb5_error_code
321		intern_key(krb5_context ctx, krb5_key key, krb5_octet bp, size_t sp)
	236	intern_key(krb5_key key, krb5_octet bp, size_t sp)
322	237	{
323	238	krb5_keyblock *keyblock;
324	239	krb5_error_code ret;
325	240
326		ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK,
327		(krb5_pointer *) &keyblock, bp, sp);
	241	ret = k5_internalize_keyblock(&keyblock, bp, sp);
328	242	if (ret != 0)
329	243	return ret;
330		ret = krb5_k_create_key(ctx, keyblock, key);
331		krb5_free_keyblock(ctx, keyblock);
	244	ret = krb5_k_create_key(NULL, keyblock, key);
	245	krb5_free_keyblock(NULL, keyblock);
332	246	return ret;
333	247	}
334	248
335		/*
336		* krb5_auth_context_internalize() - Internalize the krb5_auth_context.
337		*/
338		static krb5_error_code
339		krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	249	krb5_error_code
	250	k5_internalize_auth_context(krb5_auth_context *argp,
	251	krb5_octet *buffer, size_t lenremain)
340	252	{
341	253	krb5_error_code kret;
342	254	krb5_auth_context auth_context;

401	313
402	314	/* This is the remote_addr */
403	315	if (!kret && (tag == TOKEN_RADDR)) {
404		if (!(kret = krb5_internalize_opaque(kcontext,
405		KV5M_ADDRESS,
406		(krb5_pointer *)
407		&auth_context->
408		remote_addr,
409		&bp,
410		&remain)))
	316	if (!(kret = k5_internalize_address(&auth_context->remote_addr,
	317	&bp, &remain)))
411	318	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
412	319	}
413	320
414	321	/* This is the remote_port */
415	322	if (!kret && (tag == TOKEN_RPORT)) {
416		if (!(kret = krb5_internalize_opaque(kcontext,
417		KV5M_ADDRESS,
418		(krb5_pointer *)
419		&auth_context->
420		remote_port,
421		&bp,
422		&remain)))
	323	if (!(kret = k5_internalize_address(&auth_context->remote_port,
	324	&bp, &remain)))
423	325	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
424	326	}
425	327
426	328	/* This is the local_addr */
427	329	if (!kret && (tag == TOKEN_LADDR)) {
428		if (!(kret = krb5_internalize_opaque(kcontext,
429		KV5M_ADDRESS,
430		(krb5_pointer *)
431		&auth_context->
432		local_addr,
433		&bp,
434		&remain)))
	330	if (!(kret = k5_internalize_address(&auth_context->local_addr,
	331	&bp, &remain)))
435	332	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
436	333	}
437	334
438	335	/* This is the local_port */
439	336	if (!kret && (tag == TOKEN_LPORT)) {
440		if (!(kret = krb5_internalize_opaque(kcontext,
441		KV5M_ADDRESS,
442		(krb5_pointer *)
443		&auth_context->
444		local_port,
445		&bp,
446		&remain)))
	337	if (!(kret = k5_internalize_address(&auth_context->local_port,
	338	&bp, &remain)))
447	339	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
448	340	}
449	341
450	342	/* This is the keyblock */
451	343	if (!kret && (tag == TOKEN_KEYBLOCK)) {
452		if (!(kret = intern_key(kcontext,
453		&auth_context->key,
454		&bp,
455		&remain)))
	344	if (!(kret = intern_key(&auth_context->key, &bp, &remain)))
456	345	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
457	346	}
458	347
459	348	/* This is the send_subkey */
460	349	if (!kret && (tag == TOKEN_LSKBLOCK)) {
461		if (!(kret = intern_key(kcontext,
462		&auth_context->send_subkey,
463		&bp,
464		&remain)))
	350	if (!(kret = intern_key(&auth_context->send_subkey,
	351	&bp, &remain)))
465	352	kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
466	353	}
467	354
468	355	/* This is the recv_subkey */
469	356	if (!kret) {
470	357	if (tag == TOKEN_RSKBLOCK) {
471		kret = intern_key(kcontext,
472		&auth_context->recv_subkey,
473		&bp,
474		&remain);
	358	kret = intern_key(&auth_context->recv_subkey,
	359	&bp, &remain);
475	360	}
476	361	else {
477	362	/*

485	370
486	371	/* Now find the authentp */
487	372	if (!kret) {
488		if ((kret = krb5_internalize_opaque(kcontext,
489		KV5M_AUTHENTICATOR,
490		(krb5_pointer *)
491		&auth_context->authentp,
492		&bp,
493		&remain))) {
494		if (kret == EINVAL)
495		kret = 0;
496		}
	373	kret = k5_internalize_authenticator(&auth_context->authentp,
	374	&bp, &remain);
	375	if (kret == EINVAL)
	376	kret = 0;
497	377	}
498	378
499	379	/* Finally, find the trailer */

506	386	*buffer = bp;
507	387	*lenremain = remain;
508	388	auth_context->magic = KV5M_AUTH_CONTEXT;
509		*argp = (krb5_pointer) auth_context;
	389	*argp = auth_context;
510	390	}
511	391	else
512		krb5_auth_con_free(kcontext, auth_context);
	392	krb5_auth_con_free(NULL, auth_context);
513	393	}
514	394	}
515	395	return(kret);
516	396	}
517
518		/*
519		* Register the auth_context serializer.
520		*/
521		krb5_error_code KRB5_CALLCONV
522		krb5_ser_auth_context_init(krb5_context kcontext)
523		{
524		krb5_error_code kret;
525		kret = krb5_register_serializer(kcontext, &krb5_auth_context_ser_entry);
526		if (!kret)
527		kret = krb5_ser_authdata_init(kcontext);
528		if (!kret)
529		kret = krb5_ser_address_init(kcontext);
530		#ifndef LEAN_CLIENT
531		if (!kret)
532		kret = krb5_ser_authenticator_init(kcontext);
533		#endif
534		if (!kret)
535		kret = krb5_ser_checksum_init(kcontext);
536		if (!kret)
537		kret = krb5_ser_keyblock_init(kcontext);
538		if (!kret)
539		kret = krb5_ser_principal_init(kcontext);
540		if (!kret)
541		kret = krb5_ser_authdata_context_init(kcontext);
542		return(kret);
543		}

+12

-53

src/lib/krb5/krb/ser_adata.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_authdata:
31		* krb5_authdata_size();
32		* krb5_authdata_externalize();
33		* krb5_authdata_internalize();
34		*/
35		static krb5_error_code krb5_authdata_size
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_authdata_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_authdata_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/* Local data */
43		static const krb5_ser_entry krb5_authdata_ser_entry = {
44		KV5M_AUTHDATA, /* Type */
45		krb5_authdata_size, /* Sizer routine */
46		krb5_authdata_externalize, /* Externalize routine */
47		krb5_authdata_internalize /* Internalize routine */
48		};
49
50		/*
51		* krb5_authdata_esize() - Determine the size required to externalize
52		* the krb5_authdata.
53		*/
54		static krb5_error_code
55		krb5_authdata_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	29	krb5_error_code
	30	k5_size_authdata(krb5_authdata authdata, size_t sizep)
56	31	{
57	32	krb5_error_code kret;
58		krb5_authdata *authdata;
59	33
60	34	/*
61	35	* krb5_authdata requires:

66	40	* krb5_int32 for KV5M_AUTHDATA
67	41	*/
68	42	kret = EINVAL;
69		if ((authdata = (krb5_authdata *) arg)) {
	43	if (authdata != NULL) {
70	44	*sizep += (sizeof(krb5_int32) +
71	45	sizeof(krb5_int32) +
72	46	sizeof(krb5_int32) +

77	51	return(kret);
78	52	}
79	53
80		/*
81		* krb5_authdata_externalize() - Externalize the krb5_authdata.
82		*/
83		static krb5_error_code
84		krb5_authdata_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	54	krb5_error_code
	55	k5_externalize_authdata(krb5_authdata *authdata,
	56	krb5_octet *buffer, size_t lenremain)
85	57	{
86	58	krb5_error_code kret;
87		krb5_authdata *authdata;
88	59	size_t required;
89	60	krb5_octet *bp;
90	61	size_t remain;

93	64	bp = *buffer;
94	65	remain = *lenremain;
95	66	kret = EINVAL;
96		if ((authdata = (krb5_authdata *) arg)) {
	67	if (authdata != NULL) {
97	68	kret = ENOMEM;
98		if (!krb5_authdata_size(kcontext, arg, &required) &&
99		(required <= remain)) {
	69	if (!k5_size_authdata(authdata, &required) && required <= remain) {
100	70	/* Our identifier */
101	71	(void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
102	72

123	93	return(kret);
124	94	}
125	95
126		/*
127		* krb5_authdata_internalize() - Internalize the krb5_authdata.
128		*/
129		static krb5_error_code
130		krb5_authdata_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	96	krb5_error_code
	97	k5_internalize_authdata(krb5_authdata **argp,
	98	krb5_octet *buffer, size_t lenremain)
131	99	{
132	100	krb5_error_code kret;
133	101	krb5_authdata *authdata;

168	136	authdata->magic = KV5M_AUTHDATA;
169	137	*buffer = bp;
170	138	*lenremain = remain;
171		*argp = (krb5_pointer) authdata;
	139	*argp = authdata;
172	140	}
173	141	else
174	142	kret = EINVAL;

182	150	}
183	151	return(kret);
184	152	}
185
186		/*
187		* Register the authdata serializer.
188		*/
189		krb5_error_code
190		krb5_ser_authdata_init(krb5_context kcontext)
191		{
192		return(krb5_register_serializer(kcontext, &krb5_authdata_ser_entry));
193		}

+12

-53

src/lib/krb5/krb/ser_addr.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_address:
31		* krb5_address_size();
32		* krb5_address_externalize();
33		* krb5_address_internalize();
34		*/
35		static krb5_error_code krb5_address_size
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_address_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_address_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/* Local data */
43		static const krb5_ser_entry krb5_address_ser_entry = {
44		KV5M_ADDRESS, /* Type */
45		krb5_address_size, /* Sizer routine */
46		krb5_address_externalize, /* Externalize routine */
47		krb5_address_internalize /* Internalize routine */
48		};
49
50		/*
51		* krb5_address_size() - Determine the size required to externalize
52		* the krb5_address.
53		*/
54		static krb5_error_code
55		krb5_address_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	29	krb5_error_code
	30	k5_size_address(krb5_address address, size_t sizep)
56	31	{
57	32	krb5_error_code kret;
58		krb5_address *address;
59	33
60	34	/*
61	35	* krb5_address requires:

66	40	* krb5_int32 for KV5M_ADDRESS
67	41	*/
68	42	kret = EINVAL;
69		if ((address = (krb5_address *) arg)) {
	43	if (address != NULL) {
70	44	*sizep += (sizeof(krb5_int32) +
71	45	sizeof(krb5_int32) +
72	46	sizeof(krb5_int32) +

77	51	return(kret);
78	52	}
79	53
80		/*
81		* krb5_address_externalize() - Externalize the krb5_address.
82		*/
83		static krb5_error_code
84		krb5_address_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	54	krb5_error_code
	55	k5_externalize_address(krb5_address *address,
	56	krb5_octet *buffer, size_t lenremain)
85	57	{
86	58	krb5_error_code kret;
87		krb5_address *address;
88	59	size_t required;
89	60	krb5_octet *bp;
90	61	size_t remain;

93	64	bp = *buffer;
94	65	remain = *lenremain;
95	66	kret = EINVAL;
96		if ((address = (krb5_address *) arg)) {
	67	if (address != NULL) {
97	68	kret = ENOMEM;
98		if (!krb5_address_size(kcontext, arg, &required) &&
99		(required <= remain)) {
	69	if (!k5_size_address(address, &required) && required <= remain) {
100	70	/* Our identifier */
101	71	(void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
102	72

124	94	return(kret);
125	95	}
126	96
127		/*
128		* krb5_address_internalize() - Internalize the krb5_address.
129		*/
130		static krb5_error_code
131		krb5_address_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	97	krb5_error_code
	98	k5_internalize_address(krb5_address **argp,
	99	krb5_octet *buffer, size_t lenremain)
132	100	{
133	101	krb5_error_code kret;
134	102	krb5_address *address;

172	140	address->magic = KV5M_ADDRESS;
173	141	*buffer = bp;
174	142	*lenremain = remain;
175		*argp = (krb5_pointer) address;
	143	*argp = address;
176	144	}
177	145	else
178	146	kret = EINVAL;

186	154	}
187	155	return(kret);
188	156	}
189
190		/*
191		* Register the address serializer.
192		*/
193		krb5_error_code
194		krb5_ser_address_init(krb5_context kcontext)
195		{
196		return(krb5_register_serializer(kcontext, &krb5_address_ser_entry));
197		}

+35

-117

src/lib/krb5/krb/ser_auth.c less more

28	28	#include "k5-int.h"
29	29	#include "int-proto.h"
30	30
31		/*
32		* Routines to deal with externalizing the krb5_authenticator:
33		* krb5_authenticator_size();
34		* krb5_authenticator_externalize();
35		* krb5_authenticator_internalize();
36		*/
37		static krb5_error_code krb5_authenticator_size
38		(krb5_context, krb5_pointer, size_t *);
39		static krb5_error_code krb5_authenticator_externalize
40		(krb5_context, krb5_pointer, krb5_octet *, size_t );
41		static krb5_error_code krb5_authenticator_internalize
42		(krb5_context,krb5_pointer , krb5_octet , size_t );
43
44		/* Local data */
45		static const krb5_ser_entry krb5_authenticator_ser_entry = {
46		KV5M_AUTHENTICATOR, /* Type */
47		krb5_authenticator_size, /* Sizer routine */
48		krb5_authenticator_externalize, /* Externalize routine */
49		krb5_authenticator_internalize /* Internalize routine */
50		};
51
52		/*
53		* krb5_authenticator_size() - Determine the size required to externalize
54		* the krb5_authenticator.
55		*/
56		static krb5_error_code
57		krb5_authenticator_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	31	krb5_error_code
	32	k5_size_authenticator(krb5_authenticator authenticator, size_t sizep)
58	33	{
59	34	krb5_error_code kret;
60		krb5_authenticator *authenticator;
61	35	size_t required;
62	36
63	37	/*

70	44	* krb5_int32 for KV5M_AUTHENTICATOR
71	45	*/
72	46	kret = EINVAL;
73		if ((authenticator = (krb5_authenticator *) arg)) {
	47	if (authenticator != NULL) {
74	48	required = sizeof(krb5_int32)*6;
75	49
76	50	/* Calculate size required by client, if appropriate */
77	51	if (authenticator->client)
78		kret = krb5_size_opaque(kcontext,
79		KV5M_PRINCIPAL,
80		(krb5_pointer) authenticator->client,
81		&required);
	52	kret = k5_size_principal(authenticator->client, &required);
82	53	else
83	54	kret = 0;
84	55
85	56	/* Calculate size required by checksum, if appropriate */
86	57	if (!kret && authenticator->checksum)
87		kret = krb5_size_opaque(kcontext,
88		KV5M_CHECKSUM,
89		(krb5_pointer) authenticator->checksum,
90		&required);
	58	kret = k5_size_checksum(authenticator->checksum, &required);
91	59
92	60	/* Calculate size required by subkey, if appropriate */
93	61	if (!kret && authenticator->subkey)
94		kret = krb5_size_opaque(kcontext,
95		KV5M_KEYBLOCK,
96		(krb5_pointer) authenticator->subkey,
97		&required);
	62	kret = k5_size_keyblock(authenticator->subkey, &required);
98	63
99	64	/* Calculate size required by authorization_data, if appropriate */
100	65	if (!kret && authenticator->authorization_data) {
101	66	int i;
102	67
103	68	for (i=0; !kret && authenticator->authorization_data[i]; i++) {
104		kret = krb5_size_opaque(kcontext,
105		KV5M_AUTHDATA,
106		(krb5_pointer) authenticator->
107		authorization_data[i],
	69	kret = k5_size_authdata(authenticator->authorization_data[i],
108	70	&required);
109	71	}
110	72	}

114	76	return(kret);
115	77	}
116	78
117		/*
118		* krb5_authenticator_externalize() - Externalize the krb5_authenticator.
119		*/
120		static krb5_error_code
121		krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	79	krb5_error_code
	80	k5_externalize_authenticator(krb5_authenticator *authenticator,
	81	krb5_octet *buffer, size_t lenremain)
122	82	{
123	83	krb5_error_code kret;
124		krb5_authenticator *authenticator;
125	84	size_t required;
126	85	krb5_octet *bp;
127	86	size_t remain;

131	90	bp = *buffer;
132	91	remain = *lenremain;
133	92	kret = EINVAL;
134		if ((authenticator = (krb5_authenticator *) arg)) {
	93	if (authenticator != NULL) {
135	94	kret = ENOMEM;
136		if (!krb5_authenticator_size(kcontext, arg, &required) &&
137		(required <= remain)) {
	95	if (!k5_size_authenticator(authenticator, &required) &&
	96	required <= remain) {
138	97	/* First write our magic number */
139	98	(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
140	99

152	111
153	112	/* Now handle client, if appropriate */
154	113	if (authenticator->client)
155		kret = krb5_externalize_opaque(kcontext,
156		KV5M_PRINCIPAL,
157		(krb5_pointer)
158		authenticator->client,
159		&bp,
160		&remain);
	114	kret = k5_externalize_principal(authenticator->client,
	115	&bp, &remain);
161	116	else
162	117	kret = 0;
163	118
164	119	/* Now handle checksum, if appropriate */
165	120	if (!kret && authenticator->checksum)
166		kret = krb5_externalize_opaque(kcontext,
167		KV5M_CHECKSUM,
168		(krb5_pointer)
169		authenticator->checksum,
170		&bp,
171		&remain);
	121	kret = k5_externalize_checksum(authenticator->checksum,
	122	&bp, &remain);
172	123
173	124	/* Now handle subkey, if appropriate */
174	125	if (!kret && authenticator->subkey)
175		kret = krb5_externalize_opaque(kcontext,
176		KV5M_KEYBLOCK,
177		(krb5_pointer)
178		authenticator->subkey,
179		&bp,
180		&remain);
	126	kret = k5_externalize_keyblock(authenticator->subkey,
	127	&bp, &remain);
181	128
182	129	/* Now handle authorization_data, if appropriate */
183	130	if (!kret) {

191	138	if (authenticator->authorization_data) {
192	139	for (i=0; !kret && authenticator->authorization_data[i];
193	140	i++)
194		kret = krb5_externalize_opaque(kcontext,
195		KV5M_AUTHDATA,
196		(krb5_pointer)
197		authenticator->
	141	kret = k5_externalize_authdata(authenticator->
198	142	authorization_data[i],
199		&bp,
200		&remain);
	143	&bp, &remain);
201	144	}
202	145	}
203	146

216	159	return(kret);
217	160	}
218	161
219		/*
220		* krb5_authenticator_internalize() - Internalize the krb5_authenticator.
221		*/
222		static krb5_error_code
223		krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	162	krb5_error_code
	163	k5_internalize_authenticator(krb5_authenticator **argp,
	164	krb5_octet *buffer, size_t lenremain)
224	165	{
225	166	krb5_error_code kret;
226	167	krb5_authenticator *authenticator;

260	201	kret = 0;
261	202
262	203	/* Attempt to read in the client */
263		kret = krb5_internalize_opaque(kcontext,
264		KV5M_PRINCIPAL,
265		(krb5_pointer *)
266		&authenticator->client,
267		&bp,
268		&remain);
	204	kret = k5_internalize_principal(&authenticator->client,
	205	&bp, &remain);
269	206	if (kret == EINVAL)
270	207	kret = 0;
271	208
272	209	/* Attempt to read in the checksum */
273	210	if (!kret) {
274		kret = krb5_internalize_opaque(kcontext,
275		KV5M_CHECKSUM,
276		(krb5_pointer *)
277		&authenticator->checksum,
278		&bp,
279		&remain);
	211	kret = k5_internalize_checksum(&authenticator->checksum,
	212	&bp, &remain);
280	213	if (kret == EINVAL)
281	214	kret = 0;
282	215	}
283	216
284	217	/* Attempt to read in the subkey */
285	218	if (!kret) {
286		kret = krb5_internalize_opaque(kcontext,
287		KV5M_KEYBLOCK,
288		(krb5_pointer *)
289		&authenticator->subkey,
290		&bp,
291		&remain);
	219	kret = k5_internalize_keyblock(&authenticator->subkey,
	220	&bp, &remain);
292	221	if (kret == EINVAL)
293	222	kret = 0;
294	223	}

302	231	if ((authenticator->authorization_data = (krb5_authdata **)
303	232	calloc(len, sizeof(krb5_authdata *)))) {
304	233	for (i=0; !kret && (i<nadata); i++) {
305		kret = krb5_internalize_opaque(kcontext,
306		KV5M_AUTHDATA,
307		(krb5_pointer *)
308		&authenticator->
	234	kret = k5_internalize_authdata(&authenticator->
309	235	authorization_data[i],
310		&bp,
311		&remain);
	236	&bp, &remain);
312	237	}
313	238
314	239	/* Finally, find the trailer */

324	249	if (!kret) {
325	250	*buffer = bp;
326	251	*lenremain = remain;
327		*argp = (krb5_pointer) authenticator;
	252	*argp = authenticator;
328	253	}
329	254	else
330		krb5_free_authenticator(kcontext, authenticator);
	255	krb5_free_authenticator(NULL, authenticator);
331	256	}
332	257	}
333	258	return(kret);
334	259	}
335		/*
336		* Register the authenticator serializer.
337		*/
338		krb5_error_code
339		krb5_ser_authenticator_init(krb5_context kcontext)
340		{
341		return(krb5_register_serializer(kcontext, &krb5_authenticator_ser_entry));
342		}
	260
343	261	#endif

+12

-53

src/lib/krb5/krb/ser_cksum.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_checksum:
31		* krb5_checksum_esize();
32		* krb5_checksum_externalize();
33		* krb5_checksum_internalize();
34		*/
35		static krb5_error_code krb5_checksum_esize
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_checksum_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_checksum_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/* Local data */
43		static const krb5_ser_entry krb5_checksum_ser_entry = {
44		KV5M_CHECKSUM, /* Type */
45		krb5_checksum_esize, /* Sizer routine */
46		krb5_checksum_externalize, /* Externalize routine */
47		krb5_checksum_internalize /* Internalize routine */
48		};
49
50		/*
51		* krb5_checksum_esize() - Determine the size required to externalize
52		* the krb5_checksum.
53		*/
54		static krb5_error_code
55		krb5_checksum_esize(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	29	krb5_error_code
	30	k5_size_checksum(krb5_checksum checksum, size_t sizep)
56	31	{
57	32	krb5_error_code kret;
58		krb5_checksum *checksum;
59	33
60	34	/*
61	35	* krb5_checksum requires:

66	40	* checksum->length for contents
67	41	*/
68	42	kret = EINVAL;
69		if ((checksum = (krb5_checksum *) arg)) {
	43	if (checksum != NULL) {
70	44	*sizep += (sizeof(krb5_int32) +
71	45	sizeof(krb5_int32) +
72	46	sizeof(krb5_int32) +

77	51	return(kret);
78	52	}
79	53
80		/*
81		* krb5_checksum_externalize() - Externalize the krb5_checksum.
82		*/
83		static krb5_error_code
84		krb5_checksum_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	54	krb5_error_code
	55	k5_externalize_checksum(krb5_checksum *checksum,
	56	krb5_octet *buffer, size_t lenremain)
85	57	{
86	58	krb5_error_code kret;
87		krb5_checksum *checksum;
88	59	size_t required;
89	60	krb5_octet *bp;
90	61	size_t remain;

93	64	bp = *buffer;
94	65	remain = *lenremain;
95	66	kret = EINVAL;
96		if ((checksum = (krb5_checksum *) arg)) {
	67	if (checksum != NULL) {
97	68	kret = ENOMEM;
98		if (!krb5_checksum_esize(kcontext, arg, &required) &&
99		(required <= remain)) {
	69	if (!k5_size_checksum(checksum, &required) && required <= remain) {
100	70	/* Our identifier */
101	71	(void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
102	72

124	94	return(kret);
125	95	}
126	96
127		/*
128		* krb5_checksum_internalize() - Internalize the krb5_checksum.
129		*/
130		static krb5_error_code
131		krb5_checksum_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	97	krb5_error_code
	98	k5_internalize_checksum(krb5_checksum **argp,
	99	krb5_octet *buffer, size_t lenremain)
132	100	{
133	101	krb5_error_code kret;
134	102	krb5_checksum *checksum;

170	138	checksum->magic = KV5M_CHECKSUM;
171	139	*buffer = bp;
172	140	*lenremain = remain;
173		*argp = (krb5_pointer) checksum;
	141	*argp = checksum;
174	142	}
175	143	else
176	144	kret = EINVAL;

184	152	}
185	153	return(kret);
186	154	}
187
188		/*
189		* Register the checksum serializer.
190		*/
191		krb5_error_code
192		krb5_ser_checksum_init(krb5_context kcontext)
193		{
194		return(krb5_register_serializer(kcontext, &krb5_checksum_ser_entry));
195		}

+46

-213

src/lib/krb5/krb/ser_ctx.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_context:
31		* krb5_context_size();
32		* krb5_context_externalize();
33		* krb5_context_internalize();
34		*
35		* Routines to deal with externalizing the krb5_os_context:
36		* krb5_oscontext_size();
37		* krb5_oscontext_externalize();
38		* krb5_oscontext_internalize();
39		*
40		* Routines to deal with externalizing the profile.
41		* profile_ser_size();
42		* profile_ser_externalize();
43		* profile_ser_internalize();
44		*
45		* Interface to initialize serializing of krb5_context and krb5_os_context:
46		* krb5_ser_context_init();
47		*/
48		static krb5_error_code
49		krb5_context_size(krb5_context, krb5_pointer, size_t *);
50
51		static krb5_error_code
52		krb5_context_externalize(krb5_context, krb5_pointer, krb5_octet *, size_t );
53
54		static krb5_error_code
55		krb5_context_internalize(krb5_context, krb5_pointer , krb5_octet , size_t );
56
57		static krb5_error_code
58		krb5_oscontext_size(krb5_context, krb5_pointer, size_t *);
59
60		static krb5_error_code
61		krb5_oscontext_externalize(krb5_context, krb5_pointer, krb5_octet *, size_t );
62
63		static krb5_error_code
64		krb5_oscontext_internalize(krb5_context, krb5_pointer *,
65		krb5_octet *, size_t );
66
67		#ifndef LEAN_CLIENT
68		krb5_error_code profile_ser_size(krb5_context, krb5_pointer, size_t *);
69
70		krb5_error_code profile_ser_externalize(krb5_context, krb5_pointer,
	29	krb5_error_code profile_ser_size(krb5_context, profile_t, size_t *);
	30	krb5_error_code profile_ser_externalize(krb5_context, profile_t,
71	31	krb5_octet *, size_t );
72
73		krb5_error_code profile_ser_internalize(krb5_context, krb5_pointer *,
	32	krb5_error_code profile_ser_internalize(krb5_context, profile_t *,
74	33	krb5_octet *, size_t );
75		#endif /* LEAN_CLIENT */
76
77		/* Local data */
78		static const krb5_ser_entry krb5_context_ser_entry = {
79		KV5M_CONTEXT, /* Type */
80		krb5_context_size, /* Sizer routine */
81		krb5_context_externalize, /* Externalize routine */
82		krb5_context_internalize /* Internalize routine */
83		};
84		static const krb5_ser_entry krb5_oscontext_ser_entry = {
85		KV5M_OS_CONTEXT, /* Type */
86		krb5_oscontext_size, /* Sizer routine */
87		krb5_oscontext_externalize, /* Externalize routine */
88		krb5_oscontext_internalize /* Internalize routine */
89		};
90		#ifndef LEAN_CLIENT
91		static const krb5_ser_entry krb5_profile_ser_entry = {
92		PROF_MAGIC_PROFILE, /* Type */
93		profile_ser_size, /* Sizer routine */
94		profile_ser_externalize, /* Externalize routine */
95		profile_ser_internalize /* Internalize routine */
96		};
97		#endif /* LEAN_CLIENT */
	34
	35	static krb5_error_code size_oscontext(krb5_os_context os_ctx, size_t *sizep);
	36	static krb5_error_code externalize_oscontext(krb5_os_context os_ctx,
	37	krb5_octet **buffer,
	38	size_t *lenremain);
	39	static krb5_error_code internalize_oscontext(krb5_os_context *argp,
	40	krb5_octet **buffer,
	41	size_t *lenremain);
98	42
99	43	static inline unsigned int
100	44	etypes_len(krb5_enctype *list)

102	46	return (list == NULL) ? 0 : k5_count_etypes(list);
103	47	}
104	48
105		/*
106		* krb5_context_size() - Determine the size required to externalize the
107		* krb5_context.
108		*/
109		static krb5_error_code
110		krb5_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	49	krb5_error_code
	50	k5_size_context(krb5_context context, size_t *sizep)
111	51	{
112	52	krb5_error_code kret;
113	53	size_t required;
114		krb5_context context;
115	54
116	55	/*
117	56	* The KRB5 context itself requires:

123	62	* krb5_int32 for n_tgs_etypes*sizeof(krb5_int32)
124	63	* nktypes*sizeof(krb5_int32) for tgs_etypes.
125	64	* krb5_int32 for clockskew
126		* krb5_int32 for kdc_req_sumtype
127		* krb5_int32 for ap_req_sumtype
128		* krb5_int32 for safe_sumtype
129	65	* krb5_int32 for kdc_default_options
130	66	* krb5_int32 for library_options
131	67	* krb5_int32 for profile_secure
132	68	* krb5_int32 for fcc_default_format
133	69	* <> for os_context
134		* <> for db_context
135	70	* <> for profile
136	71	* krb5_int32 for trailer.
137	72	*/
138	73	kret = EINVAL;
139		if ((context = (krb5_context) arg)) {
	74	if (context != NULL) {
140	75	/* Calculate base length */
141		required = (14 * sizeof(krb5_int32) +
	76	required = (10 * sizeof(krb5_int32) +
142	77	(etypes_len(context->in_tkt_etypes) * sizeof(krb5_int32)) +
143	78	(etypes_len(context->tgs_etypes) * sizeof(krb5_int32)));
144	79
145	80	if (context->default_realm)
146	81	required += strlen(context->default_realm);
	82
147	83	/* Calculate size required by os_context, if appropriate */
148		kret = krb5_size_opaque(kcontext,
149		KV5M_OS_CONTEXT,
150		(krb5_pointer) &context->os_context,
151		&required);
152
153		/* Calculate size required by db_context, if appropriate */
154		if (!kret && context->dal_handle)
155		kret = krb5_size_opaque(kcontext,
156		KV5M_DB_CONTEXT,
157		(krb5_pointer) context->dal_handle,
158		&required);
159
160		/* Finally, calculate size required by profile, if appropriate */
	84	kret = size_oscontext(&context->os_context, &required);
	85
	86	/* Calculate size required by profile, if appropriate */
161	87	if (!kret && context->profile)
162		kret = krb5_size_opaque(kcontext,
163		PROF_MAGIC_PROFILE,
164		(krb5_pointer) context->profile,
165		&required);
	88	kret = profile_ser_size(NULL, context->profile, &required);
166	89	}
167	90	if (!kret)
168	91	*sizep += required;
169	92	return(kret);
170	93	}
171	94
172		/*
173		* krb5_context_externalize() - Externalize the krb5_context.
174		*/
175		static krb5_error_code
176		krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	95	krb5_error_code
	96	k5_externalize_context(krb5_context context,
	97	krb5_octet *buffer, size_t lenremain)
177	98	{
178	99	krb5_error_code kret;
179		krb5_context context;
180	100	size_t required;
181	101	krb5_octet *bp;
182	102	size_t remain;

185	105	required = 0;
186	106	bp = *buffer;
187	107	remain = *lenremain;
188		context = (krb5_context) arg;
189	108	if (!context)
190	109	return (EINVAL);
191	110	if (context->magic != KV5M_CONTEXT)
192	111	return (KV5M_CONTEXT);
193	112
194		if ((kret = krb5_context_size(kcontext, arg, &required)))
	113	if ((kret = k5_size_context(context, &required)))
195	114	return (kret);
196	115
197	116	if (required > remain)

254	173	if (kret)
255	174	return (kret);
256	175
257		/* Now kdc_req_sumtype */
258		kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype,
259		&bp, &remain);
260		if (kret)
261		return (kret);
262
263		/* Now default ap_req_sumtype */
264		kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype,
265		&bp, &remain);
266		if (kret)
267		return (kret);
268
269		/* Now default safe_sumtype */
270		kret = krb5_ser_pack_int32((krb5_int32) context->default_safe_sumtype,
271		&bp, &remain);
272		if (kret)
273		return (kret);
274
275	176	/* Now kdc_default_options */
276	177	kret = krb5_ser_pack_int32((krb5_int32) context->kdc_default_options,
277	178	&bp, &remain);

297	198	return (kret);
298	199
299	200	/* Now handle os_context, if appropriate */
300		kret = krb5_externalize_opaque(kcontext, KV5M_OS_CONTEXT,
301		(krb5_pointer) &context->os_context,
302		&bp, &remain);
303		if (kret)
304		return (kret);
305
306		/* Now handle database context, if appropriate */
307		if (context->dal_handle) {
308		kret = krb5_externalize_opaque(kcontext, KV5M_DB_CONTEXT,
309		(krb5_pointer) context->dal_handle,
310		&bp, &remain);
311		if (kret)
312		return (kret);
313		}
	201	kret = externalize_oscontext(&context->os_context, &bp, &remain);
	202	if (kret)
	203	return (kret);
314	204
315	205	/* Finally, handle profile, if appropriate */
316		if (context->profile) {
317		kret = krb5_externalize_opaque(kcontext, PROF_MAGIC_PROFILE,
318		(krb5_pointer) context->profile,
319		&bp, &remain);
	206	if (context->profile != NULL) {
	207	kret = profile_ser_externalize(NULL, context->profile, &bp, &remain);
320	208	if (kret)
321	209	return (kret);
322	210	}

335	223	return (0);
336	224	}
337	225
338		/*
339		* krb5_context_internalize() - Internalize the krb5_context.
340		*/
341		static krb5_error_code
342		krb5_context_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	226	krb5_error_code
	227	k5_internalize_context(krb5_context *argp,
	228	krb5_octet *buffer, size_t lenremain)
343	229	{
344	230	krb5_error_code kret;
345	231	krb5_context context;

420	306	} else
421	307	context->tgs_etypes = NULL;
422	308
423		/* Allowable checksum */
	309	/* Allowable clockskew */
424	310	if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
425	311	goto cleanup;
426	312	context->clockskew = (krb5_deltat) ibuf;
427
428		/* kdc_req_sumtype */
429		if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
430		goto cleanup;
431		context->kdc_req_sumtype = (krb5_cksumtype) ibuf;
432
433		/* default ap_req_sumtype */
434		if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
435		goto cleanup;
436		context->default_ap_req_sumtype = (krb5_cksumtype) ibuf;
437
438		/* default_safe_sumtype */
439		if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
440		goto cleanup;
441		context->default_safe_sumtype = (krb5_cksumtype) ibuf;
442	313
443	314	/* kdc_default_options */
444	315	if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))

465	336	a pointer. */
466	337	{
467	338	krb5_os_context osp = 0;
468		kret = krb5_internalize_opaque(kcontext, KV5M_OS_CONTEXT,
469		(krb5_pointer *) &osp,
470		&bp, &remain);
	339	kret = internalize_oscontext(&osp, &bp, &remain);
471	340	if (kret && (kret != EINVAL) && (kret != ENOENT))
472	341	goto cleanup;
473	342	/* Put the newly allocated data into the krb5_context

477	346	free(osp);
478	347	}
479	348
480		/* Attempt to read in the db_context */
481		kret = krb5_internalize_opaque(kcontext, KV5M_DB_CONTEXT,
482		(krb5_pointer *) &context->dal_handle,
483		&bp, &remain);
484		if (kret && (kret != EINVAL) && (kret != ENOENT))
485		goto cleanup;
486
487	349	/* Attempt to read in the profile */
488		kret = krb5_internalize_opaque(kcontext, PROF_MAGIC_PROFILE,
489		(krb5_pointer *) &context->profile,
490		&bp, &remain);
	350	kret = profile_ser_internalize(NULL, &context->profile, &bp, &remain);
491	351	if (kret && (kret != EINVAL) && (kret != ENOENT))
492	352	goto cleanup;
493	353

503	363	context->magic = KV5M_CONTEXT;
504	364	*buffer = bp;
505	365	*lenremain = remain;
506		*argp = (krb5_pointer) context;
	366	*argp = context;
507	367
508	368	return 0;
509	369

513	373	return(kret);
514	374	}
515	375
516		/*
517		* krb5_oscontext_size() - Determine the size required to externalize
518		* the krb5_os_context.
519		*/
520		static krb5_error_code
521		krb5_oscontext_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	376	krb5_error_code
	377	size_oscontext(krb5_os_context os_ctx, size_t *sizep)
522	378	{
523	379	/*
524	380	* We need five 32-bit integers:

529	385	return(0);
530	386	}
531	387
532		/*
533		* krb5_oscontext_externalize() - Externalize the krb5_os_context.
534		*/
535		static krb5_error_code
536		krb5_oscontext_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	388	krb5_error_code
	389	externalize_oscontext(krb5_os_context os_ctx,
	390	krb5_octet *buffer, size_t lenremain)
537	391	{
538	392	krb5_error_code kret;
539		krb5_os_context os_ctx;
540	393	size_t required;
541	394	krb5_octet *bp;
542	395	size_t remain;

545	398	bp = *buffer;
546	399	remain = *lenremain;
547	400	kret = EINVAL;
548		if ((os_ctx = (krb5_os_context) arg)) {
	401	if (os_ctx != NULL) {
549	402	kret = ENOMEM;
550		if (!krb5_oscontext_size(kcontext, arg, &required) &&
551		(required <= remain)) {
	403	if (!size_oscontext(os_ctx, &required) && required <= remain) {
552	404	(void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain);
553	405	(void) krb5_ser_pack_int32(os_ctx->time_offset, &bp, &remain);
554	406	(void) krb5_ser_pack_int32(os_ctx->usec_offset, &bp, &remain);

566	418	return(kret);
567	419	}
568	420
569		/*
570		* krb5_oscontext_internalize() - Internalize the krb5_os_context.
571		*/
572	421	static krb5_error_code
573		krb5_oscontext_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	422	internalize_oscontext(krb5_os_context *argp,
	423	krb5_octet *buffer, size_t lenremain)
574	424	{
575	425	krb5_error_code kret;
576	426	krb5_os_context os_ctx;

610	460	}
611	461	}
612	462	if (!kret) {
613		*argp = (krb5_pointer) os_ctx;
	463	*argp = os_ctx;
614	464	}
615	465	else {
616	466	if (os_ctx)

618	468	}
619	469	return(kret);
620	470	}
621
622		/*
623		* Register the context serializers.
624		*/
625		krb5_error_code KRB5_CALLCONV
626		krb5_ser_context_init(krb5_context kcontext)
627		{
628		krb5_error_code kret;
629		kret = krb5_register_serializer(kcontext, &krb5_context_ser_entry);
630		if (!kret)
631		kret = krb5_register_serializer(kcontext, &krb5_oscontext_ser_entry);
632		#ifndef LEAN_CLIENT
633		if (!kret)
634		kret = krb5_register_serializer(kcontext, &krb5_profile_ser_entry);
635		#endif /* LEAN_CLIENT */
636		return(kret);
637		}

+13

-59

src/lib/krb5/krb/ser_key.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_keyblock:
31		* krb5_keyblock_size();
32		* krb5_keyblock_externalize();
33		* krb5_keyblock_internalize();
34		*/
35		static krb5_error_code krb5_keyblock_size
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_keyblock_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_keyblock_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/* Local data */
43		static const krb5_ser_entry krb5_keyblock_ser_entry = {
44		KV5M_KEYBLOCK, /* Type */
45		krb5_keyblock_size, /* Sizer routine */
46		krb5_keyblock_externalize, /* Externalize routine */
47		krb5_keyblock_internalize /* Internalize routine */
48		};
49
50		/*
51		* krb5_keyblock_size() - Determine the size required to externalize
52		* the krb5_keyblock.
53		*/
54		static krb5_error_code
55		krb5_keyblock_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	29	krb5_error_code
	30	k5_size_keyblock(krb5_keyblock keyblock, size_t sizep)
56	31	{
57	32	krb5_error_code kret;
58		krb5_keyblock *keyblock;
59	33
60	34	/*
61	35	* krb5_keyblock requires:

66	40	* krb5_int32 for KV5M_KEYBLOCK
67	41	*/
68	42	kret = EINVAL;
69		if ((keyblock = (krb5_keyblock *) arg)) {
70		*sizep += (sizeof(krb5_int32) +
71		sizeof(krb5_int32) +
72		sizeof(krb5_int32) +
73		sizeof(krb5_int32) +
74		sizeof(krb5_int32) +
75		(size_t) keyblock->length);
	43	if (keyblock != NULL) {
	44	sizep += 4 sizeof(krb5_int32) + keyblock->length;
76	45	kret = 0;
77	46	}
78	47	return(kret);
79	48	}
80	49
81		/*
82		* krb5_keyblock_externalize() - Externalize the krb5_keyblock.
83		*/
84		static krb5_error_code
85		krb5_keyblock_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	50	krb5_error_code
	51	k5_externalize_keyblock(krb5_keyblock *keyblock,
	52	krb5_octet *buffer, size_t lenremain)
86	53	{
87	54	krb5_error_code kret;
88		krb5_keyblock *keyblock;
89	55	size_t required;
90	56	krb5_octet *bp;
91	57	size_t remain;

94	60	bp = *buffer;
95	61	remain = *lenremain;
96	62	kret = EINVAL;
97		if ((keyblock = (krb5_keyblock *) arg)) {
	63	if (keyblock != NULL) {
98	64	kret = ENOMEM;
99		if (!krb5_keyblock_size(kcontext, arg, &required) &&
100		(required <= remain)) {
	65	if (!k5_size_keyblock(keyblock, &required) && required <= remain) {
101	66	/* Our identifier */
102	67	(void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
103	68

125	90	return(kret);
126	91	}
127	92
128		/*
129		* krb5_keyblock_internalize() - Internalize the krb5_keyblock.
130		*/
131		static krb5_error_code
132		krb5_keyblock_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	93	krb5_error_code
	94	k5_internalize_keyblock(krb5_keyblock **argp,
	95	krb5_octet *buffer, size_t lenremain)
133	96	{
134	97	krb5_error_code kret;
135	98	krb5_keyblock *keyblock;

168	131	*buffer = bp;
169	132	*lenremain = remain;
170	133	keyblock->magic = KV5M_KEYBLOCK;
171		*argp = (krb5_pointer) keyblock;
	134	*argp = keyblock;
172	135	}
173	136	else
174	137	kret = EINVAL;

182	145	}
183	146	return(kret);
184	147	}
185
186		/*
187		* Register the keyblock serializer.
188		*/
189		krb5_error_code
190		krb5_ser_keyblock_init(krb5_context kcontext)
191		{
192		return(krb5_register_serializer(kcontext, &krb5_keyblock_ser_entry));
193		}

+17

-56

src/lib/krb5/krb/ser_princ.c less more

26	26	#include "k5-int.h"
27	27	#include "int-proto.h"
28	28
29		/*
30		* Routines to deal with externalizing the krb5_principal:
31		* krb5_principal_size();
32		* krb5_principal_externalize();
33		* krb5_principal_internalize();
34		*/
35		static krb5_error_code krb5_principal_size
36		(krb5_context, krb5_pointer, size_t *);
37		static krb5_error_code krb5_principal_externalize
38		(krb5_context, krb5_pointer, krb5_octet *, size_t );
39		static krb5_error_code krb5_principal_internalize
40		(krb5_context,krb5_pointer , krb5_octet , size_t );
41
42		/* Local data */
43		static const krb5_ser_entry krb5_principal_ser_entry = {
44		KV5M_PRINCIPAL, /* Type */
45		krb5_principal_size, /* Sizer routine */
46		krb5_principal_externalize, /* Externalize routine */
47		krb5_principal_internalize /* Internalize routine */
48		};
49
50		/*
51		* krb5_principal_size() - Determine the size required to externalize
52		* the krb5_principal.
53		*/
54		static krb5_error_code
55		krb5_principal_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
	29	krb5_error_code
	30	k5_size_principal(krb5_principal principal, size_t *sizep)
56	31	{
57	32	krb5_error_code kret;
58		krb5_principal principal;
59	33	char *fname;
60	34
61	35	/*

66	40	* krb5_int32 for KV5M_PRINCIPAL
67	41	*/
68	42	kret = EINVAL;
69		if ((principal = (krb5_principal) arg) &&
70		!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
	43	if (principal != NULL &&
	44	!(kret = krb5_unparse_name(NULL, principal, &fname))) {
71	45	sizep += (3sizeof(krb5_int32)) + strlen(fname);
72	46	free(fname);
73	47	}
74	48	return(kret);
75	49	}
76	50
77		/*
78		* krb5_principal_externalize() - Externalize the krb5_principal.
79		*/
80		static krb5_error_code
81		krb5_principal_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
	51	krb5_error_code
	52	k5_externalize_principal(krb5_principal principal,
	53	krb5_octet *buffer, size_t lenremain)
82	54	{
83	55	krb5_error_code kret;
84		krb5_principal principal;
85	56	size_t required;
86	57	krb5_octet *bp;
87	58	size_t remain;

91	62	bp = *buffer;
92	63	remain = *lenremain;
93	64	kret = EINVAL;
94		if ((principal = (krb5_principal) arg)) {
	65	if (principal != NULL) {
95	66	kret = ENOMEM;
96		if (!krb5_principal_size(kcontext, arg, &required) &&
97		(required <= remain)) {
98		if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
	67	if (!k5_size_principal(principal, &required) && required <= remain) {
	68	if (!(kret = krb5_unparse_name(NULL, principal, &fname))) {
99	69
100	70	(void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
101	71	(void) krb5_ser_pack_int32((krb5_int32) strlen(fname),

113	83	return(kret);
114	84	}
115	85
116		/*
117		* krb5_principal_internalize() - Internalize the krb5_principal.
118		*/
119		static krb5_error_code
120		krb5_principal_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
	86	krb5_error_code
	87	k5_internalize_principal(krb5_principal *argp,
	88	krb5_octet *buffer, size_t lenremain)
121	89	{
122	90	krb5_error_code kret;
123	91	krb5_principal principal = NULL;

146	114	tmpname[ibuf] = '\0';
147	115
148	116	/* Parse the name to a principal structure */
149		kret = krb5_parse_name(kcontext, tmpname, &principal);
	117	kret = krb5_parse_name_flags(NULL, tmpname,
	118	KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
	119	&principal);
150	120	if (kret)
151	121	goto cleanup;
152	122

161	131	*argp = principal;
162	132	cleanup:
163	133	if (kret)
164		krb5_free_principal(kcontext, principal);
	134	krb5_free_principal(NULL, principal);
165	135	free(tmpname);
166	136	return kret;
167	137	}
168
169		/*
170		* Register the context serializer.
171		*/
172		krb5_error_code
173		krb5_ser_principal_init(krb5_context kcontext)
174		{
175		return(krb5_register_serializer(kcontext, &krb5_principal_ser_entry));
176		}

+0

-144

src/lib/krb5/krb/serialize.c less more

24	24	*/
25	25
26	26	#include "k5-int.h"
27
28		/*
29		* krb5_find_serializer() - See if a particular type is registered.
30		*/
31		krb5_ser_handle
32		krb5_find_serializer(krb5_context kcontext, krb5_magic odtype)
33		{
34		krb5_ser_handle res;
35		krb5_ser_handle sctx;
36		int i;
37
38		res = (krb5_ser_handle) NULL;
39		sctx = (krb5_ser_handle) kcontext->ser_ctx;
40		for (i=0; i<kcontext->ser_ctx_count; i++) {
41		if (sctx[i].odtype == odtype) {
42		res = &sctx[i];
43		break;
44		}
45		}
46		return(res);
47		}
48
49		/*
50		* krb5_register_serializer() - Register a particular serializer.
51		*/
52		krb5_error_code
53		krb5_register_serializer(krb5_context kcontext, const krb5_ser_entry *entry)
54		{
55		krb5_error_code kret;
56		krb5_ser_entry * stable;
57
58		kret = 0;
59		/* See if it's already there, if so, we're good to go. */
60		if (!(stable = (krb5_ser_entry *)krb5_find_serializer(kcontext,
61		entry->odtype))) {
62		/*
63		* Can't find our type. Create a new entry.
64		*/
65		if ((stable = (krb5_ser_entry ) malloc(sizeof(krb5_ser_entry)
66		(kcontext->ser_ctx_count+1)))) {
67		/* Copy in old table */
68		if (kcontext->ser_ctx_count)
69		memcpy(stable, kcontext->ser_ctx,
70		sizeof(krb5_ser_entry) * kcontext->ser_ctx_count);
71		/* Copy in new entry */
72		memcpy(&stable[kcontext->ser_ctx_count], entry,
73		sizeof(krb5_ser_entry));
74		if (kcontext->ser_ctx) free(kcontext->ser_ctx);
75		kcontext->ser_ctx = (void *) stable;
76		kcontext->ser_ctx_count++;
77		}
78		else
79		kret = ENOMEM;
80		}
81		else
82		stable = entry;
83		return(kret);
84		}
85
86		/*
87		* krb5_size_opaque() - Determine the size necessary to serialize a given
88		* piece of opaque data.
89		*/
90		krb5_error_code KRB5_CALLCONV
91		krb5_size_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, size_t *sizep)
92		{
93		krb5_error_code kret;
94		krb5_ser_handle shandle;
95
96		kret = ENOENT;
97		/* See if the type is supported, if so, do it */
98		if ((shandle = krb5_find_serializer(kcontext, odtype)))
99		kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, sizep) : 0;
100		return(kret);
101		}
102
103		/*
104		* krb5_externalize_opaque() - Externalize a piece of opaque data.
105		*/
106		krb5_error_code KRB5_CALLCONV
107		krb5_externalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, krb5_octet *bufpp, size_t sizep)
108		{
109		krb5_error_code kret;
110		krb5_ser_handle shandle;
111
112		kret = ENOENT;
113		/* See if the type is supported, if so, do it */
114		if ((shandle = krb5_find_serializer(kcontext, odtype)))
115		kret = (shandle->externalizer) ?
116		(*shandle->externalizer)(kcontext, arg, bufpp, sizep) : 0;
117		return(kret);
118		}
119
120		/*
121		* Externalize a piece of arbitrary data.
122		*/
123		krb5_error_code
124		krb5_externalize_data(krb5_context kcontext, krb5_pointer arg, krb5_octet *bufpp, size_t sizep)
125		{
126		krb5_error_code kret;
127		krb5_magic *mp;
128		krb5_octet buffer, bp;
129		size_t bufsize, bsize;
130
131		mp = (krb5_magic *) arg;
132		bufsize = 0;
133		if (!(kret = krb5_size_opaque(kcontext, *mp, arg, &bufsize))) {
134		if ((buffer = (krb5_octet *) malloc(bufsize))) {
135		bp = buffer;
136		bsize = bufsize;
137		if (!(kret = krb5_externalize_opaque(kcontext,
138		*mp,
139		arg,
140		&bp,
141		&bsize))) {
142		if (bsize != 0)
143		bufsize -= bsize;
144		*bufpp = buffer;
145		*sizep = bufsize;
146		}
147		}
148		else
149		kret = ENOMEM;
150		}
151		return(kret);
152		}
153
154		/*
155		* krb5_internalize_opaque() - Convert external representation into a data
156		* structure.
157		*/
158		krb5_error_code KRB5_CALLCONV
159		krb5_internalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer argp, krb5_octet bufpp, size_t sizep)
160		{
161		krb5_error_code kret;
162		krb5_ser_handle shandle;
163
164		kret = ENOENT;
165		/* See if the type is supported, if so, do it */
166		if ((shandle = krb5_find_serializer(kcontext, odtype)))
167		kret = (shandle->internalizer) ?
168		(*shandle->internalizer)(kcontext, argp, bufpp, sizep) : 0;
169		return(kret);
170		}
171	27
172	28	/*
173	29	* krb5_ser_pack_int32() - Pack a 4-byte integer if space is available.

+6

-52

src/lib/krb5/krb/srv_rcache.c less more

27	27	#include <ctype.h>
28	28	#include <stdio.h>
29	29
30		/* Macro for valid RC name characters*/
31		#define isvalidrcname(x) ((!ispunct(x))&&isgraph(x))
32	30	krb5_error_code KRB5_CALLCONV
33	31	krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
34	32	krb5_rcache *rcptr)
35	33	{
36		krb5_rcache rcache = 0;
37		char *cachetype;
38		krb5_error_code retval;
39		unsigned int i;
40		struct k5buf buf = EMPTY_K5BUF;
41		#ifdef HAVE_GETEUID
42		unsigned long uid = geteuid();
43		#endif
44
45		if (piece == NULL)
46		return ENOMEM;
47
48		cachetype = krb5_rc_default_type(context);
49
50		k5_buf_init_dynamic(&buf);
51		k5_buf_add(&buf, cachetype);
52		k5_buf_add(&buf, ":");
53		for (i = 0; i < piece->length; i++) {
54		if (piece->data[i] == '-')
55		k5_buf_add(&buf, "--");
56		else if (!isvalidrcname((int) piece->data[i]))
57		k5_buf_add_fmt(&buf, "-%03o", piece->data[i]);
58		else
59		k5_buf_add_len(&buf, &piece->data[i], 1);
60		}
61		#ifdef HAVE_GETEUID
62		k5_buf_add_fmt(&buf, "_%lu", uid);
63		#endif
64
65		if (k5_buf_status(&buf) != 0)
66		return ENOMEM;
67
68		retval = krb5_rc_resolve_full(context, &rcache, buf.data);
69		if (retval)
70		goto cleanup;
71
72		retval = krb5_rc_recover_or_initialize(context, rcache,
73		context->clockskew);
74		if (retval)
75		goto cleanup;
76
77		*rcptr = rcache;
78		rcache = 0;
79		retval = 0;
80
81		cleanup:
82		if (rcache)
83		krb5_rc_close(context, rcache);
84		k5_buf_free(&buf);
85		return retval;
	34	/*
	35	* This function used to compose a name based on the first component of the
	36	* server principal, but now ignores the piece argument and resolves the
	37	* default replay cache.
	38	*/
	39	return k5_rc_default(context, rcptr);
86	40	}

+0

-2

src/lib/krb5/krb/str_conv.c less more

60	60	#include "kdb.h"
61	61	static const struct salttype_lookup_entry salttype_table[] = {
62	62	{ KRB5_KDB_SALTTYPE_NORMAL, "normal" },
63		{ KRB5_KDB_SALTTYPE_V4, "v4", },
64	63	{ KRB5_KDB_SALTTYPE_NOREALM, "norealm", },
65	64	{ KRB5_KDB_SALTTYPE_ONLYREALM, "onlyrealm", },
66	65	{ KRB5_KDB_SALTTYPE_SPECIAL, "special", },
67		{ KRB5_KDB_SALTTYPE_AFS3, "afs3", },
68	66	};
69	67	static const int salttype_table_nents = sizeof(salttype_table)/
70	68	sizeof(salttype_table[0]);

+3

-9

src/lib/krb5/krb/t_copy_context.c less more

76	76	check(c->os_context.os_flags == r->os_context.os_flags);
77	77	compare_string(c->os_context.default_ccname, r->os_context.default_ccname);
78	78	check(c->clockskew == r->clockskew);
79		check(c->kdc_req_sumtype == r->kdc_req_sumtype);
80		check(c->default_ap_req_sumtype == r->default_ap_req_sumtype);
81		check(c->default_safe_sumtype == r->default_safe_sumtype);
82	79	check(c->kdc_default_options == r->kdc_default_options);
83	80	check(c->library_options == r->library_options);
84	81	check(c->profile_secure == r->profile_secure);

87	84	check(c->use_conf_ktypes == r->use_conf_ktypes);
88	85	check(c->allow_weak_crypto == r->allow_weak_crypto);
89	86	check(c->ignore_acceptor_hostname == r->ignore_acceptor_hostname);
	87	check(c->enforce_ok_as_delegate == r->enforce_ok_as_delegate);
90	88	check(c->dns_canonicalize_hostname == r->dns_canonicalize_hostname);
91	89	compare_string(c->plugin_base_dir, r->plugin_base_dir);
92	90
93	91	/* Check fields which don't propagate. */
94	92	check(c->dal_handle == NULL);
95		check(c->ser_ctx_count == 0);
96		check(c->ser_ctx == NULL);
97	93	check(c->prompt_types == NULL);
98	94	check(c->libkrb5_plugins.files == NULL);
99	95	check(c->preauth_context == NULL);

135	131	check(krb5_cc_set_default_name(ctx, "defccname") == 0);
136	132	check(krb5_set_default_realm(ctx, "defrealm") == 0);
137	133	ctx->clockskew = 18;
138		ctx->kdc_req_sumtype = CKSUMTYPE_NIST_SHA;
139		ctx->default_ap_req_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES128;
140		ctx->default_safe_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES256;
141	134	ctx->kdc_default_options = KDC_OPT_FORWARDABLE;
142	135	ctx->library_options = 0;
143	136	ctx->profile_secure = TRUE;
144	137	ctx->udp_pref_limit = 2345;
145	138	ctx->use_conf_ktypes = TRUE;
146	139	ctx->ignore_acceptor_hostname = TRUE;
147		ctx->dns_canonicalize_hostname = FALSE;
	140	ctx->enforce_ok_as_delegate = TRUE;
	141	ctx->dns_canonicalize_hostname = CANONHOST_FALSE;
148	142	free(ctx->plugin_base_dir);
149	143	check((ctx->plugin_base_dir = strdup("/a/b/c/d")) != NULL);
150	144

+14

-61

src/lib/krb5/krb/t_etypes.c less more

35	35	krb5_error_code expected_err_noweak;
36	36	krb5_error_code expected_err_weak;
37	37	} tests[] = {
38		/* Empty string, unused default list */
39		{ "",
40		{ ENCTYPE_DES_CBC_CRC, 0 },
41		{ 0 },
42		{ 0 },
43		0, 0
44		},
45		/* Single weak enctype */
46		{ "des-cbc-md4",
47		{ 0 },
48		{ 0 },
49		{ ENCTYPE_DES_CBC_MD4, 0 },
50		0, 0
51		},
52	38	/* Single non-weak enctype */
53	39	{ "aes128-cts-hmac-sha1-96",
54	40	{ 0 },

56	42	{ ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
57	43	0, 0
58	44	},
59		/* Two enctypes, one an alias, one weak */
60		{ "rc4-hmac des-cbc-md5",
61		{ 0 },
62		{ ENCTYPE_ARCFOUR_HMAC, 0 },
63		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES_CBC_MD5, 0 },
64		0, 0
65		},
66		/* Three enctypes, all weak, case variation, funky separators */
67		{ " deS-HMac-shA1 , arCFour-hmaC-mD5-exp\tdeS3-Cbc-RAw\n",
68		{ 0 },
69		{ 0 },
70		{ ENCTYPE_DES_HMAC_SHA1, ENCTYPE_ARCFOUR_HMAC_EXP,
71		ENCTYPE_DES3_CBC_RAW, 0 },
72		0, 0
73		},
74		/* Default set with enctypes added (one weak in each pair) */
75		{ "DEFAULT des-cbc-raw +des3-hmac-sha1",
76		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
77		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 },
78		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP,
79		ENCTYPE_DES_CBC_RAW, ENCTYPE_DES3_CBC_SHA1, 0 },
80		0, 0
81		},
82	45	/* Default set with enctypes removed */
83	46	{ "default -aes128-cts -des-hmac-sha1",
84		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
85		ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_HMAC_SHA1, 0 },
86		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
87		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_DES_CBC_MD5, 0 },
	47	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
	48	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
	49	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
88	50	0, 0
89	51	},
90	52	/* Family followed by enctype */

104	66	{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 },
105	67	{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }
106	68	},
107		/* Enctype followed by two families */
108		{ "+rc4-hmAC des3 +des",
109		{ 0 },
110		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 },
111		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES_CBC_CRC,
112		ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4 },
113		0, 0
114		},
115	69	/* Default set with family added and enctype removed */
116	70	{ "DEFAULT +aes -arcfour-hmac-md5",
117		{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES_CBC_CRC, 0 },
	71	{ ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 },
118	72	{ ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
119	73	ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
120	74	ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 },
121		{ ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES_CBC_CRC,
	75	{ ENCTYPE_DES3_CBC_SHA1,
122	76	ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
123	77	ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
124	78	0 },
125	79	0, 0
126	80	},
127	81	/* Default set with families removed and enctypes added (one redundant) */
128		{ "DEFAULT -des -des3 rc4-hmac rc4-hmac-exp",
129		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
130		ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC,
131		ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4, 0 },
	82	{ "DEFAULT -des3 rc4-hmac rc4-hmac-exp",
	83	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
	84	ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 },
132	85	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
133	86	ENCTYPE_ARCFOUR_HMAC, 0 },
134	87	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,

157	110	},
158	111	/* Test krb5_set_default_in_tkt_ktypes */
159	112	{ NULL,
160		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_DES_CBC_CRC, 0 },
161		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
162		{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_DES_CBC_CRC, 0 },
	113	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
	114	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
	115	{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
163	116	0, 0
164	117	},
165	118	/* Should get KRB5_CONFIG_ETYPE_NOSUPP if app-provided list has no strong
166	119	* enctypes and allow_weak_crypto=false. */
167	120	{ NULL,
168		{ ENCTYPE_DES_CBC_CRC, 0 },
169		{ 0 },
170		{ ENCTYPE_DES_CBC_CRC, 0 },
	121	{ ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
	122	{ 0 },
	123	{ ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
171	124	KRB5_CONFIG_ETYPE_NOSUPP, 0
172	125	},
173	126	/* Should get EINVAL if app provides an empty list. */

+0

-7

src/lib/krb5/krb/t_get_etype_info.py less more

8	8	realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
9	9	realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
10	10	'pexp'])
11		realm.run([kadminl, 'ank', '-e', 'des-cbc-crc:afs3', '-pw', 'pw', 'afs'])
12		realm.run([kadminl, 'ank', '-e', 'des-cbc-crc:afs3', '-pw', 'pw', '+preauth',
13		'pafs'])
14	11
15	12	# Extract the explicit salt values from the database.
16	13	out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])

55	52	realm.run(['./t_get_etype_info', 'pexp'],
56	53	expected_msg='etype: aes256-cts\nsalt: ' + pexp_salt + '\n')
57	54
58		msg = 'etype: des-cbc-crc\nsalt: KRBTEST.COM\ns2kparams: 01\n'
59		realm.run(['./t_get_etype_info', 'afs'], expected_msg=msg)
60		realm.run(['./t_get_etype_info', 'pafs'], expected_msg=msg)
61
62	55	success('krb5_get_etype_info() tests')

+62

-15

src/lib/krb5/krb/t_pac.c less more

732	732	}
733	733
734	734	{
735		krb5_principal ep;
	735	krb5_principal ep, np;
736	736
737	737	ret = krb5_parse_name_flags(context, user,
738	738	KRB5_PRINCIPAL_PARSE_ENTERPRISE, &ep);
739	739	if (ret)
740	740	err(context, ret, "krb5_parse_name_flags");
	741
	742	ret = krb5_copy_principal(context, ep, &np);
	743	if (ret)
	744	err(context, ret, "krb5_copy_principal");
	745	np->type = KRB5_NT_MS_PRINCIPAL;
741	746
742	747	/* Try to verify as enterprise. */
743	748	ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,

787	792	if (ret)
788	793	err(context, ret, "krb5_pac_verify enterprise failed");
789	794
	795	/* Also verify enterprise as KRB5_NT_MS_PRINCIPAL. */
	796	ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
	797	&kdc_keyblock);
	798	if (ret)
	799	err(context, ret, "krb5_pac_verify enterprise as nt-ms failed");
	800
790	801	ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
791	802	&kdc_keyblock);
792	803	if (!ret)

794	805
795	806	krb5_pac_free(context, pac);
796	807
797		/* Test with realm. */
	808	/* Test nt-ms-principal. */
798	809	ret = krb5_pac_init(context, &pac);
799	810	if (ret)
800	811	err(context, ret, "krb5_pac_init");
801	812
802		ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
803		&kdc_keyblock, TRUE, &data);
804		if (ret)
805		err(context, ret, "krb5_pac_sign_ext with realm failed");
	813	ret = krb5_pac_sign(context, pac, authtime, np, &member_keyblock,
	814	&kdc_keyblock, &data);
	815	if (ret)
	816	err(context, ret, "krb5_pac_sign enterprise failed");
806	817
807	818	krb5_pac_free(context, pac);
808	819

811	822	if (ret)
812	823	err(context, ret, "krb5_pac_parse failed");
813	824
814		ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
815		&kdc_keyblock, TRUE);
816		if (ret)
817		err(context, ret, "krb5_pac_verify_ext with realm failed");
	825	ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
	826	&kdc_keyblock);
	827	if (ret)
	828	err(context, ret, "krb5_pac_verify enterprise failed");
	829
	830	/* Also verify as enterprise principal. */
	831	ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
	832	&kdc_keyblock);
	833	if (ret)
	834	err(context, ret, "krb5_pac_verify nt-ms as enterprise failed");
818	835
819	836	ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
820	837	&kdc_keyblock);

823	840
824	841	krb5_pac_free(context, pac);
825	842
826		/* Test enterprise with realm. */
	843	/* Test with realm. */
827	844	ret = krb5_pac_init(context, &pac);
828	845	if (ret)
829	846	err(context, ret, "krb5_pac_init");
830	847
831		ret = krb5_pac_sign_ext(context, pac, authtime, ep, &member_keyblock,
	848	ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
832	849	&kdc_keyblock, TRUE, &data);
833	850	if (ret)
834		err(context, ret, "krb5_pac_sign_ext ent with realm failed");
	851	err(context, ret, "krb5_pac_sign_ext with realm failed");
835	852
836	853	krb5_pac_free(context, pac);
837	854

840	857	if (ret)
841	858	err(context, ret, "krb5_pac_parse failed");
842	859
843		ret = krb5_pac_verify_ext(context, pac, authtime, ep, &member_keyblock,
	860	ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
844	861	&kdc_keyblock, TRUE);
845	862	if (ret)
846		err(context, ret, "krb5_pac_verify_ext ent with realm failed");
	863	err(context, ret, "krb5_pac_verify_ext with realm failed");
847	864
848	865	ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
849	866	&kdc_keyblock);
850	867	if (!ret)
851	868	err(context, ret, "krb5_pac_verify should have failed");
852	869
	870	krb5_pac_free(context, pac);
	871
	872	/* Test enterprise with realm. */
	873	ret = krb5_pac_init(context, &pac);
	874	if (ret)
	875	err(context, ret, "krb5_pac_init");
	876
	877	ret = krb5_pac_sign_ext(context, pac, authtime, ep, &member_keyblock,
	878	&kdc_keyblock, TRUE, &data);
	879	if (ret)
	880	err(context, ret, "krb5_pac_sign_ext ent with realm failed");
	881
	882	krb5_pac_free(context, pac);
	883
	884	ret = krb5_pac_parse(context, data.data, data.length, &pac);
	885	krb5_free_data_contents(context, &data);
	886	if (ret)
	887	err(context, ret, "krb5_pac_parse failed");
	888
	889	ret = krb5_pac_verify_ext(context, pac, authtime, ep, &member_keyblock,
	890	&kdc_keyblock, TRUE);
	891	if (ret)
	892	err(context, ret, "krb5_pac_verify_ext ent with realm failed");
	893
	894	ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
	895	&kdc_keyblock);
	896	if (!ret)
	897	err(context, ret, "krb5_pac_verify should have failed");
	898
853	899	ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
854	900	&kdc_keyblock);
855	901	if (!ret)

861	907	err(context, ret, "krb5_pac_verify_ext should have failed");
862	908
863	909	krb5_free_principal(context, ep);
	910	krb5_free_principal(context, np);
864	911	}
865	912
866	913	krb5_pac_free(context, pac);

+0

-1

src/lib/krb5/krb/t_parse_host_string.c less more

31	31
32	32	#include "k5-int.h"
33	33	#include "k5-cmocka.h"
34		#include <malloc.h>
35	34
36	35	/* Call k5_parse_host_string() and check the result against the expected code,
37	36	* hostname, and port. */

+282

-576

src/lib/krb5/krb/t_ser.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1	1	/* lib/krb5/krb/t_ser.c - Test serialization */
2	2	/*
3		* Copyright 1995 by the Massachusetts Institute of Technology.
	3	* Copyright 1995, 2019 by the Massachusetts Institute of Technology.
4	4	* All Rights Reserved.
5	5	*
6	6	* Export of this software from the United States of America may

34	34	you can lose some bits of the function pointer, and get a pointer that you \
35	35	can't safely dereference. This test file used to make this mistake, often.";
36	36
37		/*
38		* Dump an external representation.
39		*/
40		static void
41		print_erep(krb5_octet *erep, size_t elen)
42		{
43		unsigned int i, j;
44
45		for (i=0; i<elen; ) {
46		printf("%08d: ", i);
47		for (j=0; j<15; j++) {
48		if ((i+j) < elen)
49		printf("%02x ", erep[i+j]);
50		else
51		printf("-- ");
52		}
53		printf("\t");
54		for (j=0; j<15; j++) {
55		if ((i+j) < elen) {
56		if (isprint(erep[i+j]) && (erep[i+j] != '\n'))
57		printf("%c", erep[i+j]);
58		else
59		printf(".");
60		}
61		else
62		printf("-");
63		}
64		printf("\n");
65		i += 15;
	37	static void
	38	check(krb5_error_code code)
	39	{
	40	if (code != 0) {
	41	com_err("t_ser", code, NULL);
	42	abort();
66	43	}
67	44	}
68	45
69		/*
70		* Do a serialization test.
71		*/
72		static krb5_error_code
73		ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
74		{
75		krb5_error_code kret;
76		krb5_context ser_ctx;
77		krb5_pointer nctx;
78		krb5_octet outrep, ibuf, *outrep2;
79		size_t outlen, ilen, outlen2;
80
81		/* Initialize context and initialize all Kerberos serializers */
82		if ((kret = krb5_init_context(&ser_ctx))) {
83		printf("Couldn't initialize krb5 library: %s\n",
84		error_message(kret));
85		exit(1);
86		}
87		krb5_ser_context_init(ser_ctx);
88		krb5_ser_auth_context_init(ser_ctx);
89		krb5_ser_ccache_init(ser_ctx);
90		krb5_ser_rcache_init(ser_ctx);
91		krb5_ser_keytab_init(ser_ctx);
92
93		/* Externalize the data */
94		kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
95		if (!kret) {
96		if (verbose) {
97		printf("%s: externalized in %d bytes\n", msg, (int)outlen);
98		print_erep(outrep, outlen);
99		}
100
101		/* Now attempt to re-constitute it */
102		ibuf = outrep;
103		ilen = outlen;
104		kret = krb5_internalize_opaque(ser_ctx,
105		dtype,
106		(krb5_pointer *) &nctx,
107		&ibuf,
108		&ilen);
109		if (!kret) {
110		if (ilen)
111		printf("%s: %d bytes left over after internalize\n",
112		msg, (int)ilen);
113		/* Now attempt to re-externalize it */
114		kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
115		if (!kret) {
116		/* Compare the results. */
117		if ((outlen2 != outlen) \|\|
118		memcmp(outrep, outrep2, outlen)) {
119		printf("%s: comparison failed\n", msg);
120		print_erep(outrep2, outlen2);
121		}
122		else {
123		if (verbose)
124		printf("%s: compare succeeded\n", msg);
125		}
126		free(outrep2);
127		}
128		else
129		printf("%s: second externalize returned %d\n", msg, kret);
130
131		/* Free the data */
132		switch (dtype) {
133		case KV5M_CONTEXT:
134		krb5_free_context((krb5_context) nctx);
135		break;
136		case KV5M_AUTH_CONTEXT:
137		krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx);
138		break;
139		case KV5M_CCACHE:
140		krb5_cc_close(ser_ctx, (krb5_ccache) nctx);
141		break;
142		case KV5M_RCACHE:
143		krb5_rc_close(ser_ctx, (krb5_rcache) nctx);
144		break;
145		case KV5M_KEYTAB:
146		krb5_kt_close(ser_ctx, (krb5_keytab) nctx);
147		break;
148		case KV5M_ENCRYPT_BLOCK:
149		if (nctx) {
150		krb5_encrypt_block *eblock;
151
152		eblock = (krb5_encrypt_block *) nctx;
153		if (eblock->key)
154		krb5_free_keyblock(ser_ctx, eblock->key);
155		free(eblock);
156		}
157		break;
158		case KV5M_PRINCIPAL:
159		krb5_free_principal(ser_ctx, (krb5_principal) nctx);
160		break;
161		case KV5M_CHECKSUM:
162		krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx);
163		break;
164		default:
165		printf("don't know how to free %d\n", dtype);
166		break;
167		}
168		}
169		else
170		printf("%s: internalize returned %d\n", msg, kret);
171		free(outrep);
172		}
173		else
174		printf("%s: externalize_data returned %d\n", msg, kret);
175		krb5_free_context(ser_ctx);
176		return(kret);
177		}
178
179		/*
180		* Serialize krb5_context.
181		*/
182		static krb5_error_code
183		ser_kcontext_test(krb5_context kcontext, int verbose)
184		{
185		krb5_error_code kret;
186		profile_t sprofile;
187		char dbname[128];
188
189		snprintf(dbname, sizeof(dbname), "temp_%d", (int) getpid());
190		sprofile = kcontext->profile;
191		kcontext->profile = (profile_t) NULL;
192		if (!(kret = ser_data(verbose, "> Context with no profile",
193		(krb5_pointer) kcontext,
194		KV5M_CONTEXT))) {
195		kcontext->profile = sprofile;
196		if (!(kret = ser_data(verbose, "> Context with no realm",
197		(krb5_pointer) kcontext,
198		KV5M_CONTEXT)) &&
199		!(kret = krb5_set_default_realm(kcontext, "this.is.a.test"))) {
200		if (!(kret = ser_data(verbose, "> Context with default realm",
201		(krb5_pointer) kcontext,
202		KV5M_CONTEXT))) {
203		if (verbose)
204		printf("* krb5_context test succeeded\n");
205		}
206		}
207		}
208		if (kret)
209		printf("* krb5_context test failed\n");
210		return(kret);
211		}
212
213		/*
214		* Serialize krb5_auth_context.
215		*/
216		static krb5_error_code
217		ser_acontext_test(krb5_context kcontext, int verbose)
218		{
219		krb5_error_code kret;
	46	static void *
	47	ealloc(size_t size)
	48	{
	49	void *ptr = calloc(1, size);
	50
	51	if (ptr == NULL)
	52	abort();
	53	return ptr;
	54	}
	55
	56	static void
	57	ser_context(krb5_context ctx)
	58	{
	59	uint8_t erep, erep2, *bp;
	60	size_t elen = 0, elen2 = 0, blen;
	61	krb5_context ctx2;
	62
	63	check(k5_size_context(ctx, &elen));
	64	erep = ealloc(elen);
	65
	66	bp = erep;
	67	blen = elen;
	68	check(k5_externalize_context(ctx, &bp, &blen));
	69	assert(bp == erep + elen && blen == 0);
	70
	71	bp = erep;
	72	blen = elen;
	73	check(k5_internalize_context(&ctx2, &bp, &blen));
	74	assert(bp == erep + elen && blen == 0);
	75
	76	check(k5_size_context(ctx2, &elen2));
	77	assert(elen2 == elen);
	78	erep2 = ealloc(elen2);
	79
	80	bp = erep2;
	81	blen = elen2;
	82	check(k5_externalize_context(ctx2, &bp, &blen));
	83	assert(bp == erep2 + elen2 && blen == 0);
	84	assert(memcmp(erep, erep2, elen) == 0);
	85
	86	free(erep);
	87	free(erep2);
	88	krb5_free_context(ctx2);
	89	}
	90
	91	static void
	92	ser_auth_context(krb5_auth_context actx)
	93	{
	94	uint8_t erep, erep2, *bp;
	95	size_t elen = 0, elen2 = 0, blen;
	96	krb5_auth_context actx2;
	97
	98	check(k5_size_auth_context(actx, &elen));
	99	erep = ealloc(elen);
	100
	101	bp = erep;
	102	blen = elen;
	103	check(k5_externalize_auth_context(actx, &bp, &blen));
	104	assert(bp == erep + elen && blen == 0);
	105
	106	bp = erep;
	107	blen = elen;
	108	check(k5_internalize_auth_context(&actx2, &bp, &blen));
	109	assert(bp == erep + elen && blen == 0);
	110
	111	check(k5_size_auth_context(actx2, &elen2));
	112	assert(elen2 == elen);
	113	erep2 = ealloc(elen2);
	114
	115	bp = erep2;
	116	blen = elen2;
	117	check(k5_externalize_auth_context(actx2, &bp, &blen));
	118	assert(bp == erep2 + elen2 && blen == 0);
	119	assert(memcmp(erep, erep2, elen) == 0);
	120
	121	free(erep);
	122	free(erep2);
	123	krb5_auth_con_free(NULL, actx2);
	124	}
	125
	126	static void
	127	ser_principal(krb5_principal princ)
	128	{
	129	uint8_t erep, erep2, *bp;
	130	size_t elen = 0, elen2 = 0, blen;
	131	krb5_principal princ2;
	132
	133	check(k5_size_principal(princ, &elen));
	134	erep = ealloc(elen);
	135
	136	bp = erep;
	137	blen = elen;
	138	check(k5_externalize_principal(princ, &bp, &blen));
	139	assert(bp == erep + elen && blen == 0);
	140
	141	bp = erep;
	142	blen = elen;
	143	check(k5_internalize_principal(&princ2, &bp, &blen));
	144	assert(bp == erep + elen && blen == 0);
	145
	146	check(k5_size_principal(princ2, &elen2));
	147	assert(elen2 == elen);
	148	erep2 = ealloc(elen2);
	149
	150	bp = erep2;
	151	blen = elen2;
	152	check(k5_externalize_principal(princ2, &bp, &blen));
	153	assert(bp == erep2 + elen2 && blen == 0);
	154	assert(memcmp(erep, erep2, elen) == 0);
	155
	156	free(erep);
	157	free(erep2);
	158	krb5_free_principal(NULL, princ2);
	159	}
	160
	161	static void
	162	ser_checksum(krb5_checksum *cksum)
	163	{
	164	uint8_t erep, erep2, *bp;
	165	size_t elen = 0, elen2 = 0, blen;
	166	krb5_checksum *cksum2;
	167
	168	check(k5_size_checksum(cksum, &elen));
	169	erep = ealloc(elen);
	170
	171	bp = erep;
	172	blen = elen;
	173	check(k5_externalize_checksum(cksum, &bp, &blen));
	174	assert(bp == erep + elen && blen == 0);
	175
	176	bp = erep;
	177	blen = elen;
	178	check(k5_internalize_checksum(&cksum2, &bp, &blen));
	179	assert(bp == erep + elen && blen == 0);
	180
	181	check(k5_size_checksum(cksum2, &elen2));
	182	assert(elen2 == elen);
	183	erep2 = ealloc(elen2);
	184
	185	bp = erep2;
	186	blen = elen2;
	187	check(k5_externalize_checksum(cksum2, &bp, &blen));
	188	assert(bp == erep2 + elen2 && blen == 0);
	189	assert(memcmp(erep, erep2, elen) == 0);
	190
	191	free(erep);
	192	free(erep2);
	193	krb5_free_checksum(NULL, cksum2);
	194	}
	195
	196	static void
	197	ser_context_test()
	198	{
	199	krb5_context context;
	200	profile_t sprofile;
	201
	202	check(krb5_init_context(&context));
	203
	204	sprofile = context->profile;
	205	context->profile = NULL;
	206	ser_context(context);
	207
	208	context->profile = sprofile;
	209	ser_context(context);
	210
	211	check(krb5_set_default_realm(context, "this.is.a.test"));
	212	ser_context(context);
	213
	214	krb5_free_context(context);
	215	}
	216
	217	static void
	218	ser_acontext_test()
	219	{
220	220	krb5_auth_context actx;
221	221	krb5_address local_address;
222	222	krb5_address remote_address;

229	229	krb5_authdata *adatalist[3];
230	230	krb5_authdata adataent;
231	231
232		actx = (krb5_auth_context) NULL;
233		if (!(kret = krb5_auth_con_init(kcontext, &actx)) &&
234		!(kret = ser_data(verbose, "> Vanilla auth context",
235		(krb5_pointer) actx,
236		KV5M_AUTH_CONTEXT))) {
237		memset(&local_address, 0, sizeof(local_address));
238		memset(&remote_address, 0, sizeof(remote_address));
239		memset(laddr_bytes, 0, sizeof(laddr_bytes));
240		memset(raddr_bytes, 0, sizeof(raddr_bytes));
241		local_address.addrtype = ADDRTYPE_INET;
242		local_address.length = sizeof(laddr_bytes);
243		local_address.contents = laddr_bytes;
244		laddr_bytes[0] = 6;
245		laddr_bytes[1] = 2;
246		laddr_bytes[2] = 69;
247		laddr_bytes[3] = 16;
248		laddr_bytes[4] = 1;
249		laddr_bytes[5] = 0;
250		laddr_bytes[6] = 0;
251		laddr_bytes[7] = 127;
252		remote_address.addrtype = ADDRTYPE_INET;
253		remote_address.length = sizeof(raddr_bytes);
254		remote_address.contents = raddr_bytes;
255		raddr_bytes[0] = 6;
256		raddr_bytes[1] = 2;
257		raddr_bytes[2] = 70;
258		raddr_bytes[3] = 16;
259		raddr_bytes[4] = 1;
260		raddr_bytes[5] = 0;
261		raddr_bytes[6] = 0;
262		raddr_bytes[7] = 127;
263		if (!(kret = krb5_auth_con_setaddrs(kcontext, actx,
264		&local_address,
265		&remote_address)) &&
266		!(kret = krb5_auth_con_setports(kcontext, actx,
267		&local_address,
268		&remote_address)) &&
269		!(kret = ser_data(verbose, "> Auth context with addrs/ports",
270		(krb5_pointer) actx,
271		KV5M_AUTH_CONTEXT))) {
272		memset(&ukeyblock, 0, sizeof(ukeyblock));
273		memset(keydata, 0, sizeof(keydata));
274		ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
275		ukeyblock.length = sizeof(keydata);
276		ukeyblock.contents = keydata;
277		keydata[0] = 0xde;
278		keydata[1] = 0xad;
279		keydata[2] = 0xbe;
280		keydata[3] = 0xef;
281		keydata[4] = 0xfe;
282		keydata[5] = 0xed;
283		keydata[6] = 0xf0;
284		keydata[7] = 0xd;
285		if (!(kret = krb5_auth_con_setuseruserkey(kcontext, actx,
286		&ukeyblock)) &&
287		!(kret = ser_data(verbose, "> Auth context with user key",
288		(krb5_pointer) actx,
289		KV5M_AUTH_CONTEXT)) &&
290		!(kret = krb5_auth_con_initivector(kcontext, actx)) &&
291		!(kret = ser_data(verbose, "> Auth context with new vector",
292		(krb5_pointer) actx,
293		KV5M_AUTH_CONTEXT)) &&
294		!(kret = ser_data(verbose, "> Auth context with set vector",
295		(krb5_pointer) actx,
296		KV5M_AUTH_CONTEXT))) {
297		/*
298		* Finally, add an authenticator.
299		*/
300		memset(&aent, 0, sizeof(aent));
301		aent.magic = KV5M_AUTHENTICATOR;
302		snprintf(clname, sizeof(clname),
303		"help/me/%d@this.is.a.test", (int) getpid());
304		actx->authentp = &aent;
305		if (!(kret = krb5_parse_name(kcontext, clname,
306		&aent.client)) &&
307		!(kret = ser_data(verbose,
308		"> Auth context with authenticator",
309		(krb5_pointer) actx,
310		KV5M_AUTH_CONTEXT))) {
311		adataent.magic = KV5M_AUTHDATA;
312		adataent.ad_type = 123;
313		adataent.length = 128;
314		adataent.contents = (krb5_octet *) stuff;
315		adatalist[0] = &adataent;
316		adatalist[1] = &adataent;
317		adatalist[2] = (krb5_authdata *) NULL;
318		aent.authorization_data = adatalist;
319		if (!(kret = ser_data(verbose,
320		"> Auth context with full auth",
321		(krb5_pointer) actx,
322		KV5M_AUTH_CONTEXT))) {
323		if (verbose)
324		printf("* krb5_auth_context test succeeded\n");
325		}
326		krb5_free_principal(kcontext, aent.client);
327		}
328		actx->authentp = (krb5_authenticator *) NULL;
329		}
330		}
331		}
332		if (actx)
333		krb5_auth_con_free(kcontext, actx);
334		if (kret)
335		printf("* krb5_auth_context test failed\n");
336		return(kret);
337		}
338
339		/*
340		* Serialize krb5_ccache
341		*/
342		static krb5_error_code
343		ser_ccache_test(krb5_context kcontext, int verbose)
344		{
345		krb5_error_code kret;
346		char ccname[128];
347		char princname[256];
348		krb5_ccache ccache;
349		krb5_principal principal;
350
351		snprintf(ccname, sizeof(ccname), "temp_cc_%d", (int) getpid());
352		snprintf(princname, sizeof(princname),
353		"zowie%d/instance%d@this.is.a.test",
354		(int) getpid(), (int) getpid());
355		if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) &&
356		!(kret = ser_data(verbose, "> Resolved default ccache",
357		(krb5_pointer) ccache, KV5M_CCACHE)) &&
358		!(kret = krb5_parse_name(kcontext, princname, &principal)) &&
359		!(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
360		!(kret = ser_data(verbose, "> Initialized default ccache",
361		(krb5_pointer) ccache, KV5M_CCACHE)) &&
362		!(kret = krb5_cc_destroy(kcontext, ccache))) {
363		krb5_free_principal(kcontext, principal);
364		snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid());
365		snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test",
366		(int) getpid(), (int) getpid());
367		if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) &&
368		!(kret = ser_data(verbose, "> Resolved FILE ccache",
369		(krb5_pointer) ccache, KV5M_CCACHE)) &&
370		!(kret = krb5_parse_name(kcontext, princname, &principal)) &&
371		!(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
372		!(kret = ser_data(verbose, "> Initialized FILE ccache",
373		(krb5_pointer) ccache, KV5M_CCACHE)) &&
374		!(kret = krb5_cc_destroy(kcontext, ccache))) {
375		krb5_free_principal(kcontext, principal);
376
377		if (verbose)
378		printf("* ccache test succeeded\n");
379		}
380		}
381		if (kret)
382		printf("* krb5_ccache test failed\n");
383		return(kret);
384		}
385
386		/*
387		* Serialize krb5_keytab.
388		*/
389		static krb5_error_code
390		ser_keytab_test(krb5_context kcontext, int verbose)
391		{
392		krb5_error_code kret;
393		char ccname[128];
394		krb5_keytab keytab;
395
396		snprintf(ccname, sizeof(ccname), "temp_kt_%d", (int) getpid());
397		if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
398		!(kret = ser_data(verbose, "> Resolved default keytab",
399		(krb5_pointer) keytab, KV5M_KEYTAB)) &&
400		!(kret = krb5_kt_close(kcontext, keytab))) {
401		snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid());
402		if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
403		!(kret = ser_data(verbose, "> Resolved FILE keytab",
404		(krb5_pointer) keytab, KV5M_KEYTAB)) &&
405		!(kret = krb5_kt_close(kcontext, keytab))) {
406		snprintf(ccname, sizeof(ccname),
407		"WRFILE:temp_kt_%d", (int) getpid());
408		if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
409		!(kret = ser_data(verbose, "> Resolved WRFILE keytab",
410		(krb5_pointer) keytab, KV5M_KEYTAB)) &&
411		!(kret = krb5_kt_close(kcontext, keytab))) {
412		if (verbose)
413		printf("* keytab test succeeded\n");
414		}
415		}
416		}
417		if (kret)
418		printf("* krb5_keytab test failed\n");
419		return(kret);
420		}
421
422		/*
423		* Serialize krb5_rcache.
424		*/
425		static krb5_error_code
426		ser_rcache_test(krb5_context kcontext, int verbose)
427		{
428		krb5_error_code kret;
429		char rcname[128];
430		krb5_rcache rcache;
431
432		snprintf(rcname, sizeof(rcname), "dfl:temp_rc_%d", (int) getpid());
433		if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname)) &&
434		!(kret = ser_data(verbose, "> Resolved FILE rcache",
435		(krb5_pointer) rcache, KV5M_RCACHE)) &&
436		!(kret = krb5_rc_initialize(kcontext, rcache, 3600*24)) &&
437		!(kret = ser_data(verbose, "> Initialized FILE rcache",
438		(krb5_pointer) rcache, KV5M_RCACHE)) &&
439		!(kret = krb5_rc_destroy(kcontext, rcache))) {
440		if (verbose)
441		printf("* rcache test succeeded\n");
442		}
443		if (kret)
444		printf("* krb5_rcache test failed\n");
445		return(kret);
446		}
447
448		/*
449		* Serialize krb5_principal
450		*/
451		static krb5_error_code
452		ser_princ_test(krb5_context kcontext, int verbose)
453		{
454		krb5_error_code kret;
	232	check(krb5_auth_con_init(NULL, &actx));
	233	ser_auth_context(actx);
	234
	235	memset(&local_address, 0, sizeof(local_address));
	236	memset(&remote_address, 0, sizeof(remote_address));
	237	memset(laddr_bytes, 0, sizeof(laddr_bytes));
	238	memset(raddr_bytes, 0, sizeof(raddr_bytes));
	239	local_address.addrtype = ADDRTYPE_INET;
	240	local_address.length = sizeof(laddr_bytes);
	241	local_address.contents = laddr_bytes;
	242	laddr_bytes[0] = 6;
	243	laddr_bytes[1] = 2;
	244	laddr_bytes[2] = 69;
	245	laddr_bytes[3] = 16;
	246	laddr_bytes[4] = 1;
	247	laddr_bytes[5] = 0;
	248	laddr_bytes[6] = 0;
	249	laddr_bytes[7] = 127;
	250	remote_address.addrtype = ADDRTYPE_INET;
	251	remote_address.length = sizeof(raddr_bytes);
	252	remote_address.contents = raddr_bytes;
	253	raddr_bytes[0] = 6;
	254	raddr_bytes[1] = 2;
	255	raddr_bytes[2] = 70;
	256	raddr_bytes[3] = 16;
	257	raddr_bytes[4] = 1;
	258	raddr_bytes[5] = 0;
	259	raddr_bytes[6] = 0;
	260	raddr_bytes[7] = 127;
	261	check(krb5_auth_con_setaddrs(NULL, actx, &local_address, &remote_address));
	262	check(krb5_auth_con_setports(NULL, actx, &local_address, &remote_address));
	263	ser_auth_context(actx);
	264
	265	memset(&ukeyblock, 0, sizeof(ukeyblock));
	266	memset(keydata, 0, sizeof(keydata));
	267	ukeyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128;
	268	ukeyblock.length = sizeof(keydata);
	269	ukeyblock.contents = keydata;
	270	keydata[0] = 0xde;
	271	keydata[1] = 0xad;
	272	keydata[2] = 0xbe;
	273	keydata[3] = 0xef;
	274	keydata[4] = 0xfe;
	275	keydata[5] = 0xed;
	276	keydata[6] = 0xf0;
	277	keydata[7] = 0xd;
	278	check(krb5_auth_con_setuseruserkey(NULL, actx, &ukeyblock));
	279	ser_auth_context(actx);
	280
	281	check(krb5_auth_con_initivector(NULL, actx));
	282	ser_auth_context(actx);
	283
	284	memset(&aent, 0, sizeof(aent));
	285	aent.magic = KV5M_AUTHENTICATOR;
	286	snprintf(clname, sizeof(clname),
	287	"help/me/%d@this.is.a.test", (int)getpid());
	288	actx->authentp = &aent;
	289	check(krb5_parse_name(NULL, clname, &aent.client));
	290	ser_auth_context(actx);
	291
	292	adataent.magic = KV5M_AUTHDATA;
	293	adataent.ad_type = 123;
	294	adataent.length = 128;
	295	adataent.contents = (uint8_t *)stuff;
	296	adatalist[0] = &adataent;
	297	adatalist[1] = &adataent;
	298	adatalist[2] = NULL;
	299	aent.authorization_data = adatalist;
	300	ser_auth_context(actx);
	301
	302	krb5_free_principal(NULL, aent.client);
	303	actx->authentp = NULL;
	304	krb5_auth_con_free(NULL, actx);
	305	}
	306
	307	static void
	308	ser_princ_test()
	309	{
455	310	krb5_principal princ;
456	311	char pname[1024];
457	312
458	313	snprintf(pname, sizeof(pname),
459	314	"the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test",
460	315	(int) getpid());
461		if (!(kret = krb5_parse_name(kcontext, pname, &princ))) {
462		if (!(kret = ser_data(verbose, "> Principal",
463		(krb5_pointer) princ, KV5M_PRINCIPAL))) {
464		if (verbose)
465		printf("* principal test succeeded\n");
466		}
467		krb5_free_principal(kcontext, princ);
468		}
469		if (kret)
470		printf("* principal test failed\n");
471		return(kret);
472		}
473
474		/*
475		* Serialize krb5_checksum.
476		*/
477		static krb5_error_code
478		ser_cksum_test(krb5_context kcontext, int verbose)
479		{
480		krb5_error_code kret;
	316	check(krb5_parse_name(NULL, pname, &princ));
	317	ser_principal(princ);
	318	krb5_free_principal(NULL, princ);
	319	}
	320
	321	static void
	322	ser_cksum_test()
	323	{
481	324	krb5_checksum checksum;
482	325	krb5_octet ckdata[24];
483	326
484	327	memset(&checksum, 0, sizeof(krb5_checksum));
485	328	checksum.magic = KV5M_CHECKSUM;
486		if (!(kret = ser_data(verbose, "> NULL checksum",
487		(krb5_pointer) &checksum, KV5M_CHECKSUM))) {
488		checksum.checksum_type = 123;
489		checksum.length = sizeof(ckdata);
490		checksum.contents = ckdata;
491		memcpy(ckdata, &stuff, sizeof(ckdata));
492		if (!(kret = ser_data(verbose, "> checksum with data",
493		(krb5_pointer) &checksum, KV5M_CHECKSUM))) {
494		if (verbose)
495		printf("* checksum test succeeded\n");
496		}
497		}
498		if (kret)
499		printf("* checksum test failed\n");
500		return(kret);
501		}
502
503		/*
504		* Main procedure.
505		*/
	329	ser_checksum(&checksum);
	330
	331	checksum.checksum_type = 123;
	332	checksum.length = sizeof(ckdata);
	333	checksum.contents = ckdata;
	334	memcpy(ckdata, &stuff, sizeof(ckdata));
	335	ser_checksum(&checksum);
	336	}
	337
506	338	int
507	339	main(int argc, char **argv)
508	340	{
509		krb5_error_code kret;
510		krb5_context kcontext;
511		int do_atest, do_ctest, do_ktest, do_rtest, do_xtest;
512		int do_etest, do_ptest, do_stest;
513		int verbose;
514		int option;
515		extern char *optarg;
516		char ch_err;
517
518		kret = 0;
519		verbose = 0;
520		do_atest = 1;
521		do_xtest = 1;
522		do_ctest = 1;
523		do_etest = 1;
524		do_ktest = 1;
525		do_ptest = 1;
526		do_rtest = 1;
527		do_stest = 1;
528		while ((option = getopt(argc, argv, "acekprsxvACKPRSX")) != -1) {
529		switch (option) {
530		case 'a':
531		do_atest = 0;
532		break;
533		case 'c':
534		do_ctest = 0;
535		break;
536		case 'e':
537		do_etest = 0;
538		break;
539		case 'k':
540		do_ktest = 0;
541		break;
542		case 'p':
543		do_ptest = 0;
544		break;
545		case 'r':
546		do_rtest = 0;
547		break;
548		case 's':
549		do_stest = 0;
550		break;
551		case 'x':
552		do_xtest = 0;
553		break;
554		case 'v':
555		verbose = 1;
556		break;
557		case 'A':
558		do_atest = 1;
559		break;
560		case 'C':
561		do_ctest = 1;
562		break;
563		case 'K':
564		do_ktest = 1;
565		break;
566		case 'P':
567		do_ptest = 1;
568		break;
569		case 'R':
570		do_rtest = 1;
571		break;
572		case 'S':
573		do_stest = 1;
574		break;
575		case 'X':
576		do_xtest = 1;
577		break;
578		default:
579		fprintf(stderr,
580		"%s: usage is %s [-acekprsxvACKPRSX]\n",
581		argv[0], argv[0]);
582		exit(1);
583		break;
584		}
585		}
586		if ((kret = krb5_init_context(&kcontext))) {
587		com_err(argv[0], kret, "while initializing krb5");
588		exit(1);
589		}
590
591		if (do_xtest) {
592		ch_err = 'x';
593		kret = ser_kcontext_test(kcontext, verbose);
594		if (kret)
595		goto fail;
596		}
597		if (do_atest) {
598		ch_err = 'a';
599		kret = ser_acontext_test(kcontext, verbose);
600		if (kret)
601		goto fail;
602		}
603		if (do_ctest) {
604		ch_err = 'c';
605		kret = ser_ccache_test(kcontext, verbose);
606		if (kret)
607		goto fail;
608		}
609		if (do_ktest) {
610		ch_err = 'k';
611		kret = ser_keytab_test(kcontext, verbose);
612		if (kret)
613		goto fail;
614		}
615		if (do_rtest) {
616		ch_err = 'r';
617		kret = ser_rcache_test(kcontext, verbose);
618		if (kret)
619		goto fail;
620		}
621		if (do_ptest) {
622		ch_err = 'p';
623		kret = ser_princ_test(kcontext, verbose);
624		if (kret)
625		goto fail;
626		}
627		if (do_stest) {
628		ch_err = 's';
629		kret = ser_cksum_test(kcontext, verbose);
630		if (kret)
631		goto fail;
632		}
633		krb5_free_context(kcontext);
634
635		exit(0);
636		fail:
637		com_err(argv[0], kret, "--- test %cfailed", ch_err);
638		krb5_free_context(kcontext);
639		exit(1);
640		}
	341	ser_context_test();
	342	ser_acontext_test();
	343	ser_princ_test();
	344	ser_cksum_test();
	345	return 0;
	346	}

+2

-0

src/lib/krb5/krb/transit-tests less more

0	0	#!/bin/sh
	1
	2	. ./runenv.sh
1	3
2	4	# Test the chk_trans.c code.
3	5	# BUG: Currently only tests expansion, not validation.

+1

-1

src/lib/krb5/krb/unparse.c less more

175	175	* Allocate space for the ascii string; if space has been
176	176	* provided, use it, realloc'ing it if necessary.
177	177	*
178		* We need only n-1 seperators for n components, but we need
	178	* We need only n-1 separators for n components, but we need
179	179	* an extra byte for the NUL at the end.
180	180	*/
181	181	if (size) {

+2

-0

src/lib/krb5/krb/walktree-tests less more

0	0	#!/bin/sh
	1
	2	. ./runenv.sh
1	3
2	4	# Test the walk_rtree.c code.
3	5	#

+0

-5

src/lib/krb5/krb5_libinit.c less more

9	9	#include "k5-platform.h"
10	10	#include "cc-int.h"
11	11	#include "kt-int.h"
12		#include "rc-int.h"
13	12	#include "os-proto.h"
14	13
15	14	/*

39	38
40	39	bindtextdomain(KRB5_TEXTDOMAIN, LOCALEDIR);
41	40
42		err = krb5int_rc_finish_init();
43		if (err)
44		return err;
45	41	#ifndef LEAN_CLIENT
46	42	err = krb5int_kt_initialize();
47	43	if (err)

86	82	#ifndef LEAN_CLIENT
87	83	krb5int_kt_finalize();
88	84	#endif /* LEAN_CLIENT */
89		krb5int_rc_terminate();
90	85
91	86	#if defined(_WIN32) \|\| defined(USE_CCAPI)
92	87	krb5_stdcc_shutdown();

+29

-56

src/lib/krb5/libkrb5.exports less more

33	33	decode_krb5_pa_otp_challenge
34	34	decode_krb5_pa_otp_req
35	35	decode_krb5_pa_otp_enc_req
	36	decode_krb5_pa_pac_options
36	37	decode_krb5_pa_pac_req
37	38	decode_krb5_pa_s4u_x509_user
38	39	decode_krb5_pa_spake

85	86	encode_krb5_pa_otp_challenge
86	87	encode_krb5_pa_otp_req
87	88	encode_krb5_pa_otp_enc_req
	89	encode_krb5_pa_pac_options
88	90	encode_krb5_pa_s4u_x509_user
89	91	encode_krb5_pa_spake
90	92	encode_krb5_padata_sequence

116	118	initialize_k5e1_error_table
117	119	initialize_kv5m_error_table
118	120	initialize_prof_error_table
	121	k5_add_empty_pa_data
	122	k5_add_pa_data_element
	123	k5_add_pa_data_from_data
	124	k5_alloc_pa_data
119	125	k5_authind_decode
120	126	k5_build_conf_principals
121	127	k5_ccselect_free_context

123	129	k5_etypes_contains
124	130	k5_expand_path_tokens
125	131	k5_expand_path_tokens_extra
	132	k5_externalize_auth_context
	133	k5_externalize_authdata
	134	k5_externalize_authdata_context
	135	k5_externalize_context
	136	k5_externalize_keyblock
	137	k5_externalize_principal
126	138	k5_free_algorithm_identifier
127	139	k5_free_cammac
128	140	k5_free_data_ptr_list
129	141	k5_free_otp_tokeninfo
130	142	k5_free_kkdcp_message
	143	k5_free_pa_data_element
131	144	k5_free_pa_otp_challenge
132	145	k5_free_pa_otp_req
133	146	k5_free_secure_cookie

136	149	k5_free_spake_factor
137	150	k5_hostrealm_free_context
138	151	k5_init_trace
	152	k5_internalize_auth_context
	153	k5_internalize_authdata
	154	k5_internalize_authdata_context
	155	k5_internalize_context
	156	k5_internalize_keyblock
	157	k5_internalize_principal
139	158	k5_is_string_numeric
140	159	k5_kt_get_principal
141	160	k5_localauth_free_context

150	169	k5_plugin_load_all
151	170	k5_plugin_register
152	171	k5_plugin_register_dyn
	172	k5_rc_close
	173	k5_rc_get_name
	174	k5_rc_resolve
	175	k5_size_auth_context
	176	k5_size_authdata
	177	k5_size_authdata_context
	178	k5_size_context
	179	k5_size_keyblock
	180	k5_size_principal
153	181	k5_unmarshal_cred
154	182	k5_unmarshal_princ
155	183	k5_unwrap_cammac_svc

205	233	krb5_auth_con_setsendsubkey
206	234	krb5_auth_con_setsendsubkey_k
207	235	krb5_auth_con_setuseruserkey
208		krb5_auth_to_rep
209	236	krb5_authdata_context_copy
210	237	krb5_authdata_context_free
211	238	krb5_authdata_context_init

288	315	krb5_encrypt_helper
289	316	krb5_encrypt_tkt_part
290	317	krb5_expand_hostname
291		krb5_externalize_data
292		krb5_externalize_opaque
293	318	krb5_fcc_ops
294	319	krb5_find_authdata
295		krb5_find_serializer
296	320	krb5_free_ad_kdcissued
297	321	krb5_free_ad_signedpath
298	322	krb5_free_address

431	455	krb5_init_creds_step
432	456	krb5_init_keyblock
433	457	krb5_init_secure_context
434		krb5_internalize_opaque
435	458	krb5_is_config_principal
436	459	krb5_is_permitted_enctype
437	460	krb5_is_referral_realm

458	481	krb5_kt_start_seq_get
459	482	krb5_ktf_ops
460	483	krb5_ktf_writable_ops
461		krb5_kts_ops
462	484	krb5_kuserok
463	485	krb5_lock_file
464	486	krb5_make_authdata_kdc_issued

489	511	krb5_pac_sign_ext
490	512	krb5_pac_verify
491	513	krb5_pac_verify_ext
	514	krb5_pac_get_client_info
492	515	krb5_parse_name
493	516	krb5_parse_name_flags
494	517	krb5_prepend_error_message

498	521	krb5_principal_compare_any_realm
499	522	krb5_principal_compare_flags
500	523	krb5_prompter_posix
501		krb5_rc_close
502	524	krb5_rc_default
503		krb5_rc_default_name
504		krb5_rc_default_type
505	525	krb5_rc_destroy
506		krb5_rc_dfl_close
507		krb5_rc_dfl_close_no_free
508		krb5_rc_dfl_destroy
509		krb5_rc_dfl_expunge
510		krb5_rc_dfl_get_name
511		krb5_rc_dfl_get_span
512		krb5_rc_dfl_init
513		krb5_rc_dfl_ops
514		krb5_rc_dfl_recover
515		krb5_rc_dfl_resolve
516		krb5_rc_dfl_store
517		krb5_rc_expunge
518		krb5_rc_free_entry
519	526	krb5_rc_get_lifespan
520		krb5_rc_get_name
521		krb5_rc_get_type
522		krb5_rc_hash_message
523	527	krb5_rc_initialize
524		krb5_rc_io_close
525		krb5_rc_io_creat
526		krb5_rc_io_destroy
527		krb5_rc_io_mark
528		krb5_rc_io_move
529		krb5_rc_io_open
530		krb5_rc_io_read
531		krb5_rc_io_size
532		krb5_rc_io_sync
533		krb5_rc_io_unmark
534		krb5_rc_io_write
535		krb5_rc_recover
536		krb5_rc_recover_or_initialize
537		krb5_rc_register_type
538		krb5_rc_resolve
539		krb5_rc_resolve_full
540		krb5_rc_resolve_type
541		krb5_rc_store
542	528	krb5_rd_cred
543	529	krb5_rd_error
544	530	krb5_rd_priv

553	539	krb5_realm_compare
554	540	krb5_recvauth
555	541	krb5_recvauth_version
556		krb5_register_serializer
557	542	krb5_responder_get_challenge
558	543	krb5_responder_list_questions
559	544	krb5_responder_set_answer

566	551	krb5_salttype_to_string
567	552	krb5_sendauth
568	553	krb5_sendto_kdc
569		krb5_ser_address_init
570		krb5_ser_auth_context_init
571		krb5_ser_authdata_init
572		krb5_ser_authenticator_init
573		krb5_ser_ccache_init
574		krb5_ser_checksum_init
575		krb5_ser_context_init
576		krb5_ser_keyblock_init
577		krb5_ser_keytab_init
578	554	krb5_ser_pack_bytes
579	555	krb5_ser_pack_int32
580	556	krb5_ser_pack_int64
581		krb5_ser_principal_init
582		krb5_ser_rcache_init
583	557	krb5_ser_unpack_bytes
584	558	krb5_ser_unpack_int32
585	559	krb5_ser_unpack_int64

600	574	krb5_set_time_offsets
601	575	krb5_set_trace_callback
602	576	krb5_set_trace_filename
603		krb5_size_opaque
604	577	krb5_sname_match
605	578	krb5_sname_to_principal
606	579	krb5_string_to_deltat

+7

-3

src/lib/krb5/os/Makefile.in less more

231	231	echo 'Skipped t_locate_kdc test: OFFLINE' >> $(SKIPTESTS); \
232	232	fi
233	233
	234	ASAN = @ASAN@
234	235	check-unix-uri: t_locate_kdc
235		if [ $(HAVE_RESOLV_WRAPPER) = 1 ]; then \
236		$(RUNPYTEST) $(srcdir)/t_discover_uri.py $(PYTESTFLAGS); \
237		else \
	236	if [ $(HAVE_RESOLV_WRAPPER) = 0 ]; then \
238	237	echo '*** WARNING: skipped t_discover_uri.py due to not using resolv_wrapper'; \
239	238	echo 'Skipped URI discovery tests: resolv_wrapper 1.1.5 not found' >> $(SKIPTESTS); \
	239	elif [ $(ASAN) = yes ]; then \
	240	echo '*** Skipping URI discovery tests: resolv_wrapper is incompatible with asan'; \
	241	echo 'Skipped URI discovery tests: incompatible with asan' >> $(SKIPTESTS); \
	242	else \
	243	$(RUNPYTEST) $(srcdir)/t_discover_uri.py $(PYTESTFLAGS); \
240	244	fi
241	245
242	246	check-unix-trace: t_trace

+0

-7

src/lib/krb5/os/accessor.c less more

79	79	#define SC(FIELD, VAL) S(FIELD, 0)
80	80	#endif
81	81	SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req),
82		SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9),
83	82	SC (encode_krb5_pa_pk_as_rep, encode_krb5_pa_pk_as_rep),
84		SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9),
85	83	SC (encode_krb5_auth_pack, encode_krb5_auth_pack),
86		SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9),
87	84	SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info),
88	85	SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack),
89		SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9),
90	86	SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers),
91	87	SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters),
92	88	SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
93		SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9),
94	89	SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
95	90	SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
96		SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9),
97	91	SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
98	92	SC (decode_krb5_principal_name, decode_krb5_principal_name),
99	93	SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack),
100		SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9),
101	94	SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers),
102	95	SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
103	96	SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),

+2

-2

src/lib/krb5/os/ccdefname.c less more

38	38	* [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME]
39	39	* to point at the cache file name (including the FILE: prefix).
40	40	* By indirecting with the RegKRB5CCNAME entry in kerberos.ini,
41		* we can accomodate other versions that might set a registry
	41	* we can accommodate other versions that might set a registry
42	42	* variable.
43	43	*/
44	44	char newkey[256];

299	299	return os_ctx->default_ccname;
300	300
301	301	/* Try the environment variable first. */
302		envstr = getenv(KRB5_ENV_CCNAME);
	302	envstr = secure_getenv(KRB5_ENV_CCNAME);
303	303	if (envstr != NULL) {
304	304	os_ctx->default_ccname = strdup(envstr);
305	305	return os_ctx->default_ccname;

+9

-9

src/lib/krb5/os/deps less more

39	39	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
40	40	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
41	41	$(COM_ERR_DEPS) $(srcdir)/../krb/auth_con.h $(srcdir)/../krb/int-proto.h \
42		$(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-buf.h \
43		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
44		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
45		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
46		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
47		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
48		$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
49		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
50		changepw.c os-proto.h
	42	$(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/fake-addrinfo.h \
	43	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	44	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	45	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	46	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	47	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	48	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
	49	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	50	$(top_srcdir)/include/socket-utils.h changepw.c os-proto.h
51	51	dnsglue.so dnsglue.po $(OUTPRE)dnsglue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
52	52	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
53	53	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

+24

-0

src/lib/krb5/os/dnsglue.c less more

70	70	* Define macros to use the best available DNS search functions. INIT_HANDLE()
71	71	* returns true if handle initialization is successful, false if it is not.
72	72	* SEARCH() returns the length of the response or -1 on error.
	73	* PRIMARY_DOMAIN() returns the first search domain in allocated memory.
73	74	* DECLARE_HANDLE() must be used last in the declaration list since it may
74	75	* evaluate to nothing.
75	76	*/

80	81	#define DECLARE_HANDLE(h) dns_handle_t h
81	82	#define INIT_HANDLE(h) ((h = dns_open(NULL)) != NULL)
82	83	#define SEARCH(h, n, c, t, a, l) dns_search(h, n, c, t, a, l, NULL, NULL)
	84	#define PRIMARY_DOMAIN(h) dns_search_list_domain(h, 0)
83	85	#define DESTROY_HANDLE(h) dns_free(h)
84	86
85	87	#elif HAVE_RES_NINIT && HAVE_RES_NSEARCH

88	90	#define DECLARE_HANDLE(h) struct __res_state h
89	91	#define INIT_HANDLE(h) (memset(&h, 0, sizeof(h)), res_ninit(&h) == 0)
90	92	#define SEARCH(h, n, c, t, a, l) res_nsearch(&h, n, c, t, a, l)
	93	#define PRIMARY_DOMAIN(h) ((h.dnsrch[0] == NULL) ? NULL : strdup(h.dnsrch[0]))
91	94	#if HAVE_RES_NDESTROY
92	95	#define DESTROY_HANDLE(h) res_ndestroy(&h)
93	96	#else

100	103	#define DECLARE_HANDLE(h)
101	104	#define INIT_HANDLE(h) (res_init() == 0)
102	105	#define SEARCH(h, n, c, t, a, l) res_search(n, c, t, a, l)
	106	#define PRIMARY_DOMAIN(h) \
	107	((_res.defdname == NULL) ? NULL : strdup(_res.defdname))
103	108	#define DESTROY_HANDLE(h)
104	109
105	110	#endif

432	437	return ret;
433	438	}
434	439
	440	char *
	441	k5_primary_domain()
	442	{
	443	return NULL;
	444	}
	445
435	446	#else /* _WIN32 */
436	447
437	448	krb5_error_code

484	495	return retval;
485	496	}
486	497
	498	char *
	499	k5_primary_domain()
	500	{
	501	char *domain;
	502	DECLARE_HANDLE(h);
	503
	504	if (!INIT_HANDLE(h))
	505	return NULL;
	506	domain = PRIMARY_DOMAIN(h);
	507	DESTROY_HANDLE(h);
	508	return domain;
	509	}
	510
487	511	#endif /* not _WIN32 */
488	512	#endif /* KRB5_DNS_LOOKUP */

+1

-1

src/lib/krb5/os/expand_path.c less more

279	279	const char *p = NULL;
280	280
281	281	if (context == NULL \|\| !context->profile_secure)
282		p = getenv("TMPDIR");
	282	p = secure_getenv("TMPDIR");
283	283	*ret = strdup((p != NULL) ? p : "/tmp");
284	284	if (*ret == NULL)
285	285	return ENOMEM;

+3

-3

src/lib/krb5/os/init_os_ctx.c less more

242	242	char *name = 0;
243	243
244	244	if (!secure) {
245		char *env = getenv("KRB5_CONFIG");
	245	char *env = secure_getenv("KRB5_CONFIG");
246	246	if (env) {
247	247	name = strdup(env);
248	248	if (!name) return ENOMEM;

297	297	if (secure) {
298	298	filepath = DEFAULT_SECURE_PROFILE_PATH;
299	299	} else {
300		filepath = getenv("KRB5_CONFIG");
	300	filepath = secure_getenv("KRB5_CONFIG");
301	301	if (!filepath) filepath = DEFAULT_PROFILE_PATH;
302	302	}
303	303

343	343	size_t count = 0;
344	344	profile_filespec_t *newfiles;
345	345
346		file = getenv(KDC_PROFILE_ENV);
	346	file = secure_getenv(KDC_PROFILE_ENV);
347	347	if (file == NULL)
348	348	file = DEFAULT_KDC_PROFILE;
349	349

+2

-2

src/lib/krb5/os/ktdefname.c less more

41	41	*name_out = strdup(krb5_overridekeyname);
42	42	return (*name_out == NULL) ? ENOMEM : 0;
43	43	} else if (context->profile_secure == FALSE &&
44		(str = getenv("KRB5_KTNAME")) != NULL) {
	44	(str = secure_getenv("KRB5_KTNAME")) != NULL) {
45	45	*name_out = strdup(str);
46	46	return (*name_out == NULL) ? ENOMEM : 0;
47	47	} else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,

62	62	char *str;
63	63
64	64	if (context->profile_secure == FALSE &&
65		(str = getenv("KRB5_CLIENT_KTNAME")) != NULL) {
	65	(str = secure_getenv("KRB5_CLIENT_KTNAME")) != NULL) {
66	66	*name_out = strdup(str);
67	67	return (*name_out == NULL) ? ENOMEM : 0;
68	68	} else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,

+1

-1

src/lib/krb5/os/lock_file.c less more

44	44	#define POSIX_FILE_LOCKS
45	45
46	46	/*
47		* Gnu libc bug 20251, currently unfixed, breaks OFD lock support on
	47	* Gnu libc bug 20251, fixed in 2.28, breaks OFD lock support on
48	48	* 32-bit platforms. Work around this bug by explicitly using the
49	49	* fcntl64 system call and struct flock64.
50	50	*/

+6

-0

src/lib/krb5/os/os-proto.h less more

82	82	void *data;
83	83	};
84	84
	85	krb5_error_code k5_expand_hostname(krb5_context context, const char *host,
	86	krb5_boolean is_fallback,
	87	char **canonhost_out);
	88
85	89	krb5_error_code k5_locate_server(krb5_context, const krb5_data *realm,
86	90	struct serverlist *serverlist,
87	91	enum locate_service_type svc,

130	134
131	135	krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
132	136	const char name, char *realm);
	137
	138	char *k5_primary_domain(void);
133	139
134	140	int _krb5_use_dns_realm (krb5_context);
135	141	int _krb5_use_dns_kdc (krb5_context);

+57

-5

src/lib/krb5/os/sn2princ.c less more

49	49	&value);
50	50	if (ret)
51	51	return DEFAULT_RDNS_LOOKUP;
	52
52	53	return value;
53	54	}
54	55
55		krb5_error_code KRB5_CALLCONV
56		krb5_expand_hostname(krb5_context context, const char *host,
57		char **canonhost_out)
	56	/* Append a domain suffix to host and return the result in allocated memory.
	57	* Return NULL if no suffix is configured or on failure. */
	58	static char *
	59	qualify_shortname(krb5_context context, const char *host)
	60	{
	61	krb5_error_code ret;
	62	char fqdn = NULL, prof_domain = NULL, *os_domain = NULL;
	63	const char *domain;
	64
	65	ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	66	KRB5_CONF_QUALIFY_SHORTNAME, NULL, NULL,
	67	&prof_domain);
	68	if (ret)
	69	return NULL;
	70
	71	#ifdef KRB5_DNS_LOOKUP
	72	if (prof_domain == NULL)
	73	os_domain = k5_primary_domain();
	74	#endif
	75
	76	domain = (prof_domain != NULL) ? prof_domain : os_domain;
	77	if (domain != NULL && *domain != '\0') {
	78	if (asprintf(&fqdn, "%s.%s", host, domain) < 0)
	79	fqdn = NULL;
	80	}
	81
	82	profile_release_string(prof_domain);
	83	free(os_domain);
	84	return fqdn;
	85	}
	86
	87	krb5_error_code
	88	k5_expand_hostname(krb5_context context, const char *host,
	89	krb5_boolean is_fallback, char **canonhost_out)
58	90	{
59	91	struct addrinfo *ai = NULL, hint;
60		char namebuf[NI_MAXHOST], copy, p;
	92	char namebuf[NI_MAXHOST], qualified = NULL, copy, *p;
61	93	int err;
62	94	const char *canonhost;
	95	krb5_boolean use_dns;
63	96
64	97	*canonhost_out = NULL;
65	98
66	99	canonhost = host;
67		if (context->dns_canonicalize_hostname) {
	100	use_dns = (context->dns_canonicalize_hostname == CANONHOST_TRUE \|\|
	101	(is_fallback &&
	102	context->dns_canonicalize_hostname == CANONHOST_FALLBACK));
	103	if (use_dns) {
68	104	/* Try a forward lookup of the hostname. */
69	105	memset(&hint, 0, sizeof(hint));
70	106	hint.ai_flags = AI_CANONNAME;

85	121	}
86	122	}
87	123
	124	/* If we didn't use DNS and the name is just one component, try to add a
	125	* domain suffix. */
	126	if (canonhost == host && strchr(host, '.') == NULL) {
	127	qualified = qualify_shortname(context, host);
	128	if (qualified != NULL)
	129	canonhost = qualified;
	130	}
	131
88	132	copy = strdup(canonhost);
89	133	if (copy == NULL)
90	134	goto cleanup;

108	152	/* We only return success or ENOMEM. */
109	153	if (ai != NULL)
110	154	freeaddrinfo(ai);
	155	free(qualified);
111	156	return (*canonhost_out == NULL) ? ENOMEM : 0;
	157	}
	158
	159	krb5_error_code KRB5_CALLCONV
	160	krb5_expand_hostname(krb5_context context, const char *host,
	161	char **canonhost_out)
	162	{
	163	return k5_expand_hostname(context, host, FALSE, canonhost_out);
112	164	}
113	165
114	166	/* If hostname appears to have a :port or :instance trailer (used in MSSQLSvc

+1

-1

src/lib/krb5/os/t_trace.c less more

203	203	padatap = NULL;
204	204
205	205	TRACE(ctx, "krb5_enctype, display shortest name of enctype: {etype}",
206		ENCTYPE_DES_CBC_CRC);
	206	ENCTYPE_AES128_CTS_HMAC_SHA1_96);
207	207	TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", enctypes);
208	208	TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", NULL);
209	209

+1

-1

src/lib/krb5/os/t_trace.ref less more

39	39	int, krb5_principal type: ?
40	40	krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0
41	41	krb5_pa_data **, display list of padata type numbers: (empty)
42		krb5_enctype, display shortest name of enctype: des-cbc-crc
	42	krb5_enctype, display shortest name of enctype: aes128-cts
43	43	krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511
44	44	krb5_enctype *, display list of enctypes: (empty)
45	45	krb5_ccache, display type:name: FILE:/path/to/ccache

+3

-3

src/lib/krb5/os/trace.c less more

388	388	{
389	389	const char *filename;
390	390
391		filename = getenv("KRB5_TRACE");
	391	filename = secure_getenv("KRB5_TRACE");
392	392	if (filename)
393	393	(void) krb5_set_trace_filename(context, filename);
394	394	}

410	410	goto cleanup;
411	411	if (krb5_crypto_us_timeofday(&sec, &usec) != 0)
412	412	goto cleanup;
413		if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec,
414		(int) usec, str) < 0)
	413	if (asprintf(&msg, "[%d] %u.%06d: %s\n", (int)getpid(),
	414	(unsigned int)sec, (int)usec, str) < 0)
415	415	goto cleanup;
416	416	info.message = msg;
417	417	context->trace_callback(context, &info, context->trace_callback_data);

+23

-21

src/lib/krb5/rcache/Makefile.in less more

5	5	##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
6	6
7	7	STLIBOBJS = \
	8	memrcache.o \
8	9	rc_base.o \
9	10	rc_dfl.o \
10		rc_io.o \
11		rcdef.o \
12		rc_none.o \
13		rc_conv.o \
14		ser_rc.o \
15		rcfns.o
	11	rc_file2.o \
	12	rc_none.o
16	13
17	14	OBJS= \
	15	$(OUTPRE)memrcache.$(OBJEXT) \
18	16	$(OUTPRE)rc_base.$(OBJEXT) \
19	17	$(OUTPRE)rc_dfl.$(OBJEXT) \
20		$(OUTPRE)rc_io.$(OBJEXT) \
21		$(OUTPRE)rcdef.$(OBJEXT) \
22		$(OUTPRE)rc_none.$(OBJEXT) \
23		$(OUTPRE)rc_conv.$(OBJEXT) \
24		$(OUTPRE)ser_rc.$(OBJEXT) \
25		$(OUTPRE)rcfns.$(OBJEXT)
	18	$(OUTPRE)rc_file2.$(OBJEXT) \
	19	$(OUTPRE)rc_none.$(OBJEXT)
26	20
27	21	SRCS= \
	22	$(srcdir)/memrcache.c \
28	23	$(srcdir)/rc_base.c \
29	24	$(srcdir)/rc_dfl.c \
30		$(srcdir)/rc_io.c \
31		$(srcdir)/rcdef.c \
	25	$(srcdir)/rc_file2.c \
32	26	$(srcdir)/rc_none.c \
33		$(srcdir)/rc_conv.c \
34		$(srcdir)/ser_rc.c \
35		$(srcdir)/rcfns.c \
36		$(srcdir)/t_replay.c
	27	$(srcdir)/t_memrcache.c \
	28	$(srcdir)/t_rcfile2.c
37	29
38	30	##DOS##LIBOBJS = $(OBJS)
39	31
40	32	all-unix: all-libobjs
41	33	clean-unix:: clean-libobjs
42	34
43		T_REPLAY_OBJS= t_replay.o
	35	t_memrcache: t_memrcache.o $(KRB5_BASE_DEPLIBS)
	36	$(CC_LINK) -o $@ t_memrcache.o $(KRB5_BASE_LIBS)
44	37
45		t_replay: $(T_REPLAY_OBJS) $(KRB5_BASE_DEPLIBS)
46		$(CC_LINK) -o t_replay $(T_REPLAY_OBJS) $(KRB5_BASE_LIBS)
	38	t_rcfile2: t_rcfile2.o $(KRB5_BASE_DEPLIBS)
	39	$(CC_LINK) -o $@ t_rcfile2.o $(KRB5_BASE_LIBS)
	40
	41	check-unix: t_memrcache t_rcfile2
	42	$(RUN_TEST) ./t_memrcache
	43	$(RUN_TEST) ./t_rcfile2 testrcache expiry 10000
	44	$(RUN_TEST) ./t_rcfile2 testrcache concurrent 10 1000
	45	$(RUN_TEST) ./t_rcfile2 testrcache race 10 100
	46
	47	clean-unix::
	48	$(RM) t_memrcache.o t_memrcache t_rcfile2.o t_rcfile2 testrcache
47	49
48	50	@libobj_frag@
49	51

+0

-82

~~src/lib/krb5/rcache/README~~ less more

0		/*
1		Copyright 1990, Daniel J. Bernstein. All rights reserved.
2
3		Please address any questions or comments to the author at brnstnd@acf10.nyu.edu.
4		*/
5
6		The #include's should be rewritten.
7
8		All functions return 0 on success.
9
10		Environment variables: KRB5RCACHETYPE, KRB5RCACHENAME, KRB5RCACHEDIR,
11		and TMPDIR. Obsolete: KRB5RCACHE.
12
13		All header files are both ANSI-compatible and K&R-compatible. The .c files
14		are only ANSI compatible. Everything passes gcc -Wall -ansi -pedantic.
15
16		Strings are freed using FREE(), which is defined in terms of free().
17
18		The error header files should be redone.
19
20		The header files don't use __ because that's reserved.
21
22		Each .c file assumes <malloc.h>. rc_io.c assumes fsync() and a gaggle of
23		error codes. These assumptions are not as portable as the code itself.
24
25
26		rcache.c:
27
28		The rcache.c compatibility interface's type registration is a no-op; it
29		simply passes the type name on to rc_base.h. rcache.h is obsolete; use
30		rc_base.h if possible.
31
32		There are some slight differences between rcache.c and the prototypes I
33		saw in krb/func-proto.h. Don't look at me, it's your interface.
34
35		rcache.c's get_name doesn't fill with zeros unless strncpy does.
36
37
38		rc_base.c:
39
40		It doesn't take linker magic to preregister types. Just change the
41		typehead initialization in rc_base.c, with an appropriate include file
42		setting the ops.
43
44
45		rc_dfl.c:
46
47		If NOIOSTUFF is defined when rc_dfl.c is compiled, all dfl rcaches will
48		be per-process. This is untested.
49
50		Provided that separate threads use separate rcaches, rc_dfl.c is safe
51		for multithreading.
52
53		Getting the name of a cache is only valid after it is created and before
54		it is closed. Recovering a cache is only valid after it has been created.
55
56		krb5_unparse_name had better produce a zero-terminated string.
57
58		rc_dfl.c isn't smart enough to try expunge/retry upon a malloc error.
59		Then again, such an error indicates that the whole system's about to die;
60		without real memory management there's no good solution.
61
62		HASHSIZE can be defined at compile time. It defaults to 997 in rc_dfl.c.
63		EXCESSREPS can be defined at compile time. It defaults to 30 in rc_dfl.c.
64
65		Hopefully adding a deltat to a time to compare to another time cannot
66		overflow.
67
68		In rc_dfl's struct dfl_data, the name field is never freed, even though
69		it may be malloced by io_creat on a generate-name call. This should not
70		be a problem: a single process should not be opening and closing many
71		rcaches. One fix would be another field to indicate whether the string
72		was malloced or not; normally this is an unstated characteristic of a
73		char pointer, but here it would have to be explicit.
74
75
76		rc_io.c:
77
78		rc_io.c assumes that siginterrupt() is not set. If siginterrupt() is set
79		and a signal occurs during, say, close(), then the close will fail.
80
81		On a machine without fsync() you might as well not use the disk at all.

+46

-63

src/lib/krb5/rcache/deps less more

0	0	#
1	1	# Generated makefile dependencies follow.
2	2	#
	3	memrcache.so memrcache.po $(OUTPRE)memrcache.$(OBJEXT): \
	4	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
	5	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	6	$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	7	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
	8	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	9	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	10	$(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
	11	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	12	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	13	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	14	memrcache.c memrcache.h
3	15	rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
4	16	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
5		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
6		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
7		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
8		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
9		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
10		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	17	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
	18	$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	19	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	20	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	21	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	22	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	23	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
11	24	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
12		$(top_srcdir)/include/socket-utils.h rc-int.h rc_base.c \
13		rc_base.h
	25	$(top_srcdir)/include/socket-utils.h rc-int.h rc_base.c
14	26	rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
15	27	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
16	28	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

20	32	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
21	33	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
22	34	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
23		$(top_srcdir)/include/socket-utils.h rc-int.h rc_base.h \
24		rc_dfl.c rc_dfl.h rc_io.h
25		rc_io.so rc_io.po $(OUTPRE)rc_io.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
26		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
27		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
28		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	35	$(top_srcdir)/include/socket-utils.h rc-int.h rc_dfl.c
	36	rc_file2.so rc_file2.po $(OUTPRE)rc_file2.$(OBJEXT): \
	37	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
	38	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	39	$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	40	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
29	41	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
30	42	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
31	43	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
32	44	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
33	45	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
34		$(top_srcdir)/include/socket-utils.h rc_base.h rc_dfl.h \
35		rc_io.c rc_io.h
36		rcdef.so rcdef.po $(OUTPRE)rcdef.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
37		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
38		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
39		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
40		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
41		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
42		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
43		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
44		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
45		$(top_srcdir)/include/socket-utils.h rc-int.h rc_dfl.h \
46		rcdef.c
	46	$(top_srcdir)/include/socket-utils.h rc-int.h rc_file2.c
47	47	rc_none.so rc_none.po $(OUTPRE)rc_none.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
48	48	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
49	49	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

54	54	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
55	55	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
56	56	$(top_srcdir)/include/socket-utils.h rc-int.h rc_none.c
57		rc_conv.so rc_conv.po $(OUTPRE)rc_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
58		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
59		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
60		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	57	t_memrcache.so t_memrcache.po $(OUTPRE)t_memrcache.$(OBJEXT): \
	58	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
	59	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	60	$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	61	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
	62	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	63	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	64	$(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
	65	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	66	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	67	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	68	memrcache.c memrcache.h t_memrcache.c
	69	t_rcfile2.so t_rcfile2.po $(OUTPRE)t_rcfile2.$(OBJEXT): \
	70	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
	71	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	72	$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	73	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
61	74	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
62	75	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
63	76	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
64	77	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
65	78	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
66		$(top_srcdir)/include/socket-utils.h rc_base.h rc_conv.c
67		ser_rc.so ser_rc.po $(OUTPRE)ser_rc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
68		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
69		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
70		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
71		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
72		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
73		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
74		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
75		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
76		$(top_srcdir)/include/socket-utils.h rc-int.h ser_rc.c
77		rcfns.so rcfns.po $(OUTPRE)rcfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
78		$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
79		$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
80		$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
81		$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
82		$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
83		$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
84		$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
85		$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
86		$(top_srcdir)/include/socket-utils.h rc-int.h rcfns.c
87		t_replay.so t_replay.po $(OUTPRE)t_replay.$(OBJEXT): \
88		$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
89		$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
90		$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
91		$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
92		$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
93		$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
94		$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
95		$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
96		$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
97		t_replay.c
	79	$(top_srcdir)/include/socket-utils.h rc-int.h rc_file2.c \
	80	t_rcfile2.c

+165

-0

src/lib/krb5/rcache/memrcache.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/rcache/memrcache.c - in-memory replay cache implementation */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "k5-int.h"
	33	#include "k5-queue.h"
	34	#include "k5-hashtab.h"
	35	#include "memrcache.h"
	36
	37	struct entry {
	38	K5_TAILQ_ENTRY(entry) links;
	39	krb5_timestamp timestamp;
	40	krb5_data tag;
	41	};
	42
	43	K5_LIST_HEAD(entry_list, entry);
	44	K5_TAILQ_HEAD(entry_queue, entry);
	45
	46	struct k5_memrcache_st {
	47	struct k5_hashtab *hash_table;
	48	struct entry_queue expiration_queue;
	49	};
	50
	51	static krb5_error_code
	52	insert_entry(krb5_context context, k5_memrcache mrc, const krb5_data *tag,
	53	krb5_timestamp now)
	54	{
	55	krb5_error_code ret;
	56	struct entry *entry = NULL;
	57
	58	entry = calloc(1, sizeof(*entry));
	59	if (entry == NULL)
	60	return ENOMEM;
	61	entry->timestamp = now;
	62
	63	ret = krb5int_copy_data_contents(context, tag, &entry->tag);
	64	if (ret)
	65	goto error;
	66
	67	ret = k5_hashtab_add(mrc->hash_table, entry->tag.data, entry->tag.length,
	68	entry);
	69	if (ret)
	70	goto error;
	71	K5_TAILQ_INSERT_TAIL(&mrc->expiration_queue, entry, links);
	72
	73	return 0;
	74
	75	error:
	76	if (entry != NULL) {
	77	krb5_free_data_contents(context, &entry->tag);
	78	free(entry);
	79	}
	80	return ret;
	81	}
	82
	83
	84	/* Remove entry from its hash bucket and the expiration queue, and free it. */
	85	static void
	86	discard_entry(krb5_context context, k5_memrcache mrc, struct entry *entry)
	87	{
	88	k5_hashtab_remove(mrc->hash_table, entry->tag.data, entry->tag.length);
	89	K5_TAILQ_REMOVE(&mrc->expiration_queue, entry, links);
	90	krb5_free_data_contents(context, &entry->tag);
	91	free(entry);
	92	}
	93
	94	/* Initialize the lookaside cache structures and randomize the hash seed. */
	95	krb5_error_code
	96	k5_memrcache_create(krb5_context context, k5_memrcache *mrc_out)
	97	{
	98	krb5_error_code ret;
	99	k5_memrcache mrc;
	100	uint8_t seed[K5_HASH_SEED_LEN];
	101	krb5_data seed_data = make_data(seed, sizeof(seed));
	102
	103	*mrc_out = NULL;
	104
	105	ret = krb5_c_random_make_octets(context, &seed_data);
	106	if (ret)
	107	return ret;
	108
	109	mrc = calloc(1, sizeof(*mrc));
	110	if (mrc == NULL)
	111	return ENOMEM;
	112	ret = k5_hashtab_create(seed, 64, &mrc->hash_table);
	113	if (ret) {
	114	free(mrc);
	115	return ret;
	116	}
	117	K5_TAILQ_INIT(&mrc->expiration_queue);
	118
	119	*mrc_out = mrc;
	120	return 0;
	121	}
	122
	123	krb5_error_code
	124	k5_memrcache_store(krb5_context context, k5_memrcache mrc,
	125	const krb5_data *tag)
	126	{
	127	krb5_error_code ret;
	128	krb5_timestamp now;
	129	struct entry e, next;
	130
	131	ret = krb5_timeofday(context, &now);
	132	if (ret)
	133	return ret;
	134
	135	/* Check if we already have a matching entry. */
	136	e = k5_hashtab_get(mrc->hash_table, tag->data, tag->length);
	137	if (e != NULL)
	138	return KRB5KRB_AP_ERR_REPEAT;
	139
	140	/* Discard stale entries. */
	141	K5_TAILQ_FOREACH_SAFE(e, &mrc->expiration_queue, links, next) {
	142	if (!ts_after(now, ts_incr(e->timestamp, context->clockskew)))
	143	break;
	144	discard_entry(context, mrc, e);
	145	}
	146
	147	/* Add the new entry. */
	148	return insert_entry(context, mrc, tag, now);
	149	}
	150
	151	/* Free all entries in the lookaside cache. */
	152	void
	153	k5_memrcache_free(krb5_context context, k5_memrcache mrc)
	154	{
	155	struct entry e, next;
	156
	157	if (mrc == NULL)
	158	return;
	159	K5_TAILQ_FOREACH_SAFE(e, &mrc->expiration_queue, links, next) {
	160	discard_entry(context, mrc, e);
	161	}
	162	k5_hashtab_free(mrc->hash_table);
	163	free(mrc);
	164	}

+46

-0

src/lib/krb5/rcache/memrcache.h less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/rcache/memrcache.h - declarations for in-memory replay cache */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#ifndef MEMRCACHE_H
	33	#define MEMRCACHE_H
	34
	35	typedef struct k5_memrcache_st *k5_memrcache;
	36
	37	krb5_error_code k5_memrcache_create(krb5_context context,
	38	k5_memrcache *mrc_out);
	39
	40	krb5_error_code k5_memrcache_store(krb5_context context, k5_memrcache mrc,
	41	const krb5_data *tag);
	42
	43	void k5_memrcache_free(krb5_context context, k5_memrcache mrc);
	44
	45	#endif /* MEMRCACHE_H */

+20

-54

src/lib/krb5/rcache/rc-int.h less more

26	26	/* This file contains constant and function declarations used in the
27	27	* file-based replay cache routines. */
28	28
29		#ifndef __KRB5_RCACHE_INT_H__
30		#define __KRB5_RCACHE_INT_H__
	29	#ifndef RC_INT_H
	30	#define RC_INT_H
31	31
32		int krb5int_rc_finish_init(void);
33
34		void krb5int_rc_terminate(void);
	32	typedef struct {
	33	const char *type;
	34	krb5_error_code (resolve)(krb5_context context, const char residual,
	35	void **rcdata_out);
	36	void (close)(krb5_context context, void rcdata);
	37	krb5_error_code (store)(krb5_context, void rcdata, const krb5_data *tag);
	38	} krb5_rc_ops;
35	39
36	40	struct krb5_rc_st {
37	41	krb5_magic magic;
38		const struct _krb5_rc_ops *ops;
39		krb5_pointer data;
40		k5_mutex_t lock;
	42	const krb5_rc_ops *ops;
	43	char *name;
	44	void *data;
41	45	};
42	46
43		struct _krb5_rc_ops {
44		krb5_magic magic;
45		char *type;
46		krb5_error_code (KRB5_CALLCONV *init)(
47		krb5_context,
48		krb5_rcache,
49		krb5_deltat); /* create */
50		krb5_error_code (KRB5_CALLCONV *recover)(
51		krb5_context,
52		krb5_rcache); /* open */
53		krb5_error_code (KRB5_CALLCONV *recover_or_init)(
54		krb5_context,
55		krb5_rcache,
56		krb5_deltat);
57		krb5_error_code (KRB5_CALLCONV *destroy)(
58		krb5_context,
59		krb5_rcache);
60		krb5_error_code (KRB5_CALLCONV *close)(
61		krb5_context,
62		krb5_rcache);
63		krb5_error_code (KRB5_CALLCONV *store)(
64		krb5_context,
65		krb5_rcache,
66		krb5_donot_replay *);
67		krb5_error_code (KRB5_CALLCONV *expunge)(
68		krb5_context,
69		krb5_rcache);
70		krb5_error_code (KRB5_CALLCONV *get_span)(
71		krb5_context,
72		krb5_rcache,
73		krb5_deltat *);
74		char (KRB5_CALLCONV get_name)(
75		krb5_context,
76		krb5_rcache);
77		krb5_error_code (KRB5_CALLCONV *resolve)(
78		krb5_context,
79		krb5_rcache,
80		char *);
81		};
	47	extern const krb5_rc_ops k5_rc_dfl_ops;
	48	extern const krb5_rc_ops k5_rc_file2_ops;
	49	extern const krb5_rc_ops k5_rc_none_ops;
82	50
83		typedef struct _krb5_rc_ops krb5_rc_ops;
	51	/* Check and store a replay record in an open (but not locked) file descriptor,
	52	* using the file2 format. fd is assumed to be at offset 0. */
	53	krb5_error_code k5_rcfile2_store(krb5_context context, int fd,
	54	const krb5_data *tag_data);
84	55
85		krb5_error_code krb5_rc_register_type(krb5_context, const krb5_rc_ops *);
86
87		extern const krb5_rc_ops krb5_rc_dfl_ops;
88		extern const krb5_rc_ops krb5_rc_none_ops;
89
90		#endif /* __KRB5_RCACHE_INT_H__ */
	56	#endif /* RC_INT_H */

+162

-145

src/lib/krb5/rcache/rc_base.c less more

9	9	* Base "glue" functions for the replay cache.
10	10	*/
11	11
12		#include "rc_base.h"
	12	#include "k5-int.h"
13	13	#include "rc-int.h"
14	14	#include "k5-thread.h"
	15	#include "../os/os-proto.h"
15	16
16		struct krb5_rc_typelist {
	17	struct typelist {
17	18	const krb5_rc_ops *ops;
18		struct krb5_rc_typelist *next;
	19	struct typelist *next;
19	20	};
20		static struct krb5_rc_typelist none = { &krb5_rc_none_ops, 0 };
21		static struct krb5_rc_typelist krb5_rc_typelist_dfl = { &krb5_rc_dfl_ops, &none };
22		static struct krb5_rc_typelist *typehead = &krb5_rc_typelist_dfl;
23		static k5_mutex_t rc_typelist_lock = K5_MUTEX_PARTIAL_INITIALIZER;
24
25		int
26		krb5int_rc_finish_init(void)
27		{
28		return k5_mutex_finish_init(&rc_typelist_lock);
29		}
30
31		void
32		krb5int_rc_terminate(void)
33		{
34		struct krb5_rc_typelist t, t_next;
35		k5_mutex_destroy(&rc_typelist_lock);
36		for (t = typehead; t != &krb5_rc_typelist_dfl; t = t_next) {
37		t_next = t->next;
38		free(t);
39		}
40		}
	21	static struct typelist none = { &k5_rc_none_ops, 0 };
	22	static struct typelist file2 = { &k5_rc_file2_ops, &none };
	23	static struct typelist dfl = { &k5_rc_dfl_ops, &file2 };
	24	static struct typelist *typehead = &dfl;
41	25
42	26	krb5_error_code
43		krb5_rc_register_type(krb5_context context, const krb5_rc_ops *ops)
	27	k5_rc_default(krb5_context context, krb5_rcache *rc_out)
44	28	{
45		struct krb5_rc_typelist *t;
	29	krb5_error_code ret;
	30	const char *val;
	31	char profstr, rcname;
46	32
47		k5_mutex_lock(&rc_typelist_lock);
48		for (t = typehead;t && strcmp(t->ops->type,ops->type);t = t->next)
49		;
50		if (t) {
51		k5_mutex_unlock(&rc_typelist_lock);
52		return KRB5_RC_TYPE_EXISTS;
	33	*rc_out = NULL;
	34
	35	/* If KRB5RCACHENAME is set in the environment, resolve it. */
	36	val = secure_getenv("KRB5RCACHENAME");
	37	if (val != NULL)
	38	return k5_rc_resolve(context, val, rc_out);
	39
	40	/* If KRB5RCACHETYPE is set in the environment, resolve it with an empty
	41	* residual (primarily to support KRB5RCACHETYPE=none). */
	42	val = secure_getenv("KRB5RCACHETYPE");
	43	if (val != NULL) {
	44	if (asprintf(&rcname, "%s:", val) < 0)
	45	return ENOMEM;
	46	ret = k5_rc_resolve(context, rcname, rc_out);
	47	free(rcname);
	48	return ret;
53	49	}
54		t = (struct krb5_rc_typelist *) malloc(sizeof(struct krb5_rc_typelist));
55		if (t == NULL) {
56		k5_mutex_unlock(&rc_typelist_lock);
57		return KRB5_RC_MALLOC;
	50
	51	/* If [libdefaults] default_rcache_name is set, expand path tokens in the
	52	* value and resolve it. */
	53	if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
	54	KRB5_CONF_DEFAULT_RCACHE_NAME, NULL, NULL,
	55	&profstr) == 0 && profstr != NULL) {
	56	ret = k5_expand_path_tokens(context, profstr, &rcname);
	57	profile_release_string(profstr);
	58	ret = k5_rc_resolve(context, rcname, rc_out);
	59	free(rcname);
	60	return ret;
58	61	}
59		t->next = typehead;
60		t->ops = ops;
61		typehead = t;
62		k5_mutex_unlock(&rc_typelist_lock);
63		return 0;
64		}
65	62
66		krb5_error_code
67		krb5_rc_resolve_type(krb5_context context, krb5_rcache *idptr,
68		const char *type)
69		{
70		struct krb5_rc_typelist *t;
71		krb5_error_code err;
72		krb5_rcache id;
73
74		*idptr = NULL;
75
76		/* Find the named type in the list. */
77		k5_mutex_lock(&rc_typelist_lock);
78		for (t = typehead; t && strcmp(t->ops->type, type); t = t->next)
79		;
80		k5_mutex_unlock(&rc_typelist_lock);
81		if (!t)
82		return KRB5_RC_TYPE_NOTFOUND;
83
84		/* Create and return the rcache structure. */
85		id = malloc(sizeof(*id));
86		if (!id)
87		return KRB5_RC_MALLOC;
88		err = k5_mutex_init(&id->lock);
89		if (err) {
90		free(id);
91		return err;
92		}
93		id->data = NULL; /* Gets real data when resolved */
94		id->magic = 0; /* Gets real magic after resolved */
95		id->ops = t->ops;
96		*idptr = id;
97		return 0;
98		}
99
100		char * krb5_rc_get_type(krb5_context context, krb5_rcache id)
101		{
102		return id->ops->type;
103		}
104
105		char *
106		krb5_rc_default_type(krb5_context context)
107		{
108		char *s;
109		if ((s = getenv("KRB5RCACHETYPE")))
110		return s;
111		else
112		return "dfl";
113		}
114
115		char *
116		krb5_rc_default_name(krb5_context context)
117		{
118		char *s;
119		if ((s = getenv("KRB5RCACHENAME")))
120		return s;
121		else
122		return (char *) 0;
123		}
124
125		krb5_error_code
126		krb5_rc_default(krb5_context context, krb5_rcache *idptr)
127		{
128		krb5_error_code retval;
129		krb5_rcache id;
130
131		*idptr = NULL;
132		retval = krb5_rc_resolve_type(context, &id, krb5_rc_default_type(context));
133		if (retval)
134		return retval;
135		retval = krb5_rc_resolve(context, id, krb5_rc_default_name(context));
136		if (retval) {
137		k5_mutex_destroy(&id->lock);
138		free(id);
139		return retval;
140		}
141		id->magic = KV5M_RCACHE;
142		*idptr = id;
143		return retval;
	63	/* Resolve the default type with no residual. */
	64	return k5_rc_resolve(context, "dfl:", rc_out);
144	65	}
145	66
146	67
147	68	krb5_error_code
148		krb5_rc_resolve_full(krb5_context context, krb5_rcache *idptr,
149		const char *string_name)
	69	k5_rc_resolve(krb5_context context, const char name, krb5_rcache rc_out)
150	70	{
151		char *type;
152		char *residual;
153		krb5_error_code retval;
154		unsigned int diff;
155		krb5_rcache id;
	71	krb5_error_code ret;
	72	struct typelist *t;
	73	const char *sep;
	74	size_t len;
	75	krb5_rcache rc = NULL;
156	76
157		*idptr = NULL;
	77	*rc_out = NULL;
158	78
159		if (!(residual = strchr(string_name,':')))
	79	sep = strchr(name, ':');
	80	if (sep == NULL)
160	81	return KRB5_RC_PARSE;
	82	len = sep - name;
161	83
162		diff = residual - string_name;
163		if (!(type = malloc(diff + 1)))
164		return KRB5_RC_MALLOC;
165		(void) strncpy(type, string_name, diff);
166		type[residual - string_name] = '\0';
	84	for (t = typehead; t != NULL; t = t->next) {
	85	if (strncmp(t->ops->type, name, len) == 0 && t->ops->type[len] == '\0')
	86	break;
	87	}
	88	if (t == NULL)
	89	return KRB5_RC_TYPE_NOTFOUND;
167	90
168		retval = krb5_rc_resolve_type(context, &id,type);
169		free(type);
170		if (retval)
171		return retval;
172		if ((retval = krb5_rc_resolve(context, id,residual + 1))) {
173		k5_mutex_destroy(&id->lock);
174		free(id);
175		return retval;
	91	rc = k5alloc(sizeof(*rc), &ret);
	92	if (rc == NULL)
	93	goto error;
	94	rc->name = strdup(name);
	95	if (rc->name == NULL) {
	96	ret = ENOMEM;
	97	goto error;
176	98	}
177		id->magic = KV5M_RCACHE;
178		*idptr = id;
179		return retval;
	99	ret = t->ops->resolve(context, sep + 1, &rc->data);
	100	if (ret)
	101	goto error;
	102	rc->ops = t->ops;
	103	rc->magic = KV5M_RCACHE;
	104
	105	*rc_out = rc;
	106	return 0;
	107
	108	error:
	109	if (rc != NULL) {
	110	free(rc->name);
	111	free(rc);
	112	}
	113	return ret;
180	114	}
	115
	116	void
	117	k5_rc_close(krb5_context context, krb5_rcache rc)
	118	{
	119	rc->ops->close(context, rc->data);
	120	free(rc->name);
	121	free(rc);
	122	}
	123
	124	krb5_error_code
	125	k5_rc_store(krb5_context context, krb5_rcache rc,
	126	const krb5_enc_data *authenticator)
	127	{
	128	krb5_error_code ret;
	129	krb5_data tag;
	130
	131	ret = k5_rc_tag_from_ciphertext(context, authenticator, &tag);
	132	if (ret)
	133	return ret;
	134	return rc->ops->store(context, rc->data, &tag);
	135	}
	136
	137	const char *
	138	k5_rc_get_name(krb5_context context, krb5_rcache rc)
	139	{
	140	return rc->name;
	141	}
	142
	143	krb5_error_code
	144	k5_rc_tag_from_ciphertext(krb5_context context, const krb5_enc_data *enc,
	145	krb5_data *tag_out)
	146	{
	147	krb5_error_code ret;
	148	const krb5_data *cdata = &enc->ciphertext;
	149	unsigned int len;
	150
	151	*tag_out = empty_data();
	152
	153	ret = krb5_c_crypto_length(context, enc->enctype,
	154	KRB5_CRYPTO_TYPE_CHECKSUM, &len);
	155	if (ret)
	156	return ret;
	157	if (cdata->length < len)
	158	return EINVAL;
	159	*tag_out = make_data(cdata->data + cdata->length - len, len);
	160	return 0;
	161	}
	162
	163	/*
	164	* Stub functions for former internal replay cache functions used by OpenSSL
	165	* (despite the lack of prototypes) before the OpenSSL 1.1 release.
	166	*/
	167
	168	krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
	169	krb5_error_code KRB5_CALLCONV krb5_rc_destroy(krb5_context, krb5_rcache);
	170	krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan(krb5_context, krb5_rcache,
	171	krb5_deltat *);
	172	krb5_error_code KRB5_CALLCONV krb5_rc_initialize(krb5_context, krb5_rcache,
	173	krb5_deltat);
	174
	175	krb5_error_code
	176	krb5_rc_default(krb5_context context, krb5_rcache *rc)
	177	{
	178	return EINVAL;
	179	}
	180
	181	krb5_error_code KRB5_CALLCONV
	182	krb5_rc_destroy(krb5_context context, krb5_rcache rc)
	183	{
	184	return EINVAL;
	185	}
	186
	187	krb5_error_code KRB5_CALLCONV
	188	krb5_rc_get_lifespan(krb5_context context, krb5_rcache rc, krb5_deltat *span)
	189	{
	190	return EINVAL;
	191	}
	192
	193	krb5_error_code KRB5_CALLCONV
	194	krb5_rc_initialize(krb5_context context, krb5_rcache rc, krb5_deltat span)
	195	{
	196	return EINVAL;
	197	}

+0

-15

~~src/lib/krb5/rcache/rc_base.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_base.h */
2		/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
5		*
6		*/
7
8		#ifndef KRB5_RC_H
9		#define KRB5_RC_H
10		#include "k5-int.h"
11
12		/* all the stuff that was here is now in rcache.h, included by krb5/krb5.h */
13
14		#endif

+0

-76

~~src/lib/krb5/rcache/rc_conv.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_conv.c */
2		/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
5		*
6		*/
7
8		/*
9		* An implementation for the default replay cache type.
10		*/
11
12		#include "rc_base.h"
13
14		/*
15		Local stuff:
16		krb5_auth_to_replay(context, krb5_tkt_authent auth,krb5_donot_replay rep)
17		given auth, take important information and make rep; return -1 if failed
18		*/
19
20		krb5_error_code
21		krb5_auth_to_rep(krb5_context context, krb5_tkt_authent auth, krb5_donot_replay rep)
22		{
23		krb5_error_code retval;
24		rep->cusec = auth->authenticator->cusec;
25		rep->ctime = auth->authenticator->ctime;
26		if ((retval = krb5_unparse_name(context, auth->ticket->server, &rep->server)))
27		return retval; /* shouldn't happen */
28		if ((retval = krb5_unparse_name(context, auth->authenticator->client,
29		&rep->client))) {
30		free(rep->server);
31		return retval; /* shouldn't happen. */
32		}
33		return 0;
34		}
35
36		/*
37		* Generate a printable hash value for a message for use in a replay
38		* record. It is not necessary for this hash function to be
39		* collision-proof (the only thing you can do with a second preimage
40		* is produce a false replay error) but for fine granularity replay detection
41		* it is necessary for the function to be consistent across implementations.
42		* When two implementations sharing a single replay cache don't agree on hash
43		* function, the code falls back to legacy replay detection based on
44		* (client, server, timestamp, usec) tuples. We do an unkeyed
45		* SHA256 hash of the message and convert it into uppercase hex
46		* representation.
47		*/
48		krb5_error_code
49		krb5_rc_hash_message(krb5_context context, const krb5_data *message,
50		char **out)
51		{
52		krb5_error_code retval;
53		uint8_t cksum[K5_SHA256_HASHLEN];
54		char hash, ptr;
55		unsigned int i;
56
57		*out = NULL;
58
59		/* Calculate the binary checksum. */
60		retval = k5_sha256(message, 1, cksum);
61		if (retval)
62		return retval;
63
64		/* Convert the checksum into printable form. */
65		hash = malloc(K5_SHA256_HASHLEN * 2 + 1);
66		if (!hash) {
67		return KRB5_RC_MALLOC;
68		}
69
70		for (i = 0, ptr = hash; i < K5_SHA256_HASHLEN; i++, ptr += 2)
71		snprintf(ptr, 3, "%02X", cksum[i]);
72		*ptr = '\0';
73		*out = hash;
74		return 0;
75		}

+130

-816

src/lib/krb5/rcache/rc_dfl.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_dfl.c */
	1	/* lib/krb5/rcache/rc_dfl.c - default replay cache type */
2	2	/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
5	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
6	30	*/
7	31
8	32	/*
9		* An implementation for the default replay cache type.
10		*/
11		#include "k5-int.h"
12		#include "rc_base.h"
13		#include "rc_dfl.h"
14		#include "rc_io.h"
15		#include "rc-int.h"
16
17		/*
18		* If NOIOSTUFF is defined at compile time, dfl rcaches will be per-process.
	33	* The dfl rcache type is a wrapper around the file2 rcache type, selecting a
	34	* filename and (on Unix-like systems) applying open() safety appropriate for
	35	* using a shared temporary directory.
19	36	*/
20	37
21		/*
22		Local stuff:
23
24		static int hash(krb5_donot_replay *rep, int hsize)
25		returns hash value of *rep, between 0 and hsize - 1
26		HASHSIZE
27		size of hash table (constant), can be preset
28		static int cmp(krb5_donot_replay old, krb5_donot_replay new, krb5_deltat t)
29		compare old and new; return CMP_REPLAY or CMP_HOHUM
30		static int alive(krb5_context, krb5_donot_replay *new, krb5_deltat t)
31		see if new is still alive; return CMP_EXPIRED or CMP_HOHUM
32		CMP_MALLOC, CMP_EXPIRED, CMP_REPLAY, CMP_HOHUM
33		return codes from cmp(), alive(), and store()
34		struct dfl_data
35		data stored in this cache type, namely "dfl"
36		struct authlist
37		multilinked list of reps
38		static int rc_store(context, krb5_rcache id, krb5_donot_replay *rep)
39		store rep in cache id; return CMP_REPLAY if replay, else CMP_MALLOC/CMP_HOHUM
40
41		*/
42
43		#ifndef HASHSIZE
44		#define HASHSIZE 997 /* a convenient prime */
	38	#include "k5-int.h"
	39	#include "rc-int.h"
	40	#ifdef _WIN32
	41	#include "../os/os-proto.h"
	42	#else
	43	#include <sys/types.h>
	44	#include <sys/stat.h>
45	45	#endif
46	46
47		#ifndef EXCESSREPS
48		#define EXCESSREPS 30
49		#endif
	47	#ifdef _WIN32
50	48
51		/*
52		* The rcache will be automatically expunged when the number of
53		* expired krb5_donot_replays encountered incidentally in searching
54		* exceeds the number of live krb5_donot_replays by EXCESSREPS. With
55		* the defaults here, a typical cache might build up some 10K of
56		* expired krb5_donot_replays before an automatic expunge, with the
57		* waste basically independent of the number of stores per minute.
58		*
59		* The rcache will also automatically be expunged when it encounters
60		* more than EXCESSREPS expired entries when recovering a cache in
61		* dfl_recover.
62		*/
	49	static krb5_error_code
	50	open_file(krb5_context context, int *fd_out)
	51	{
	52	krb5_error_code ret;
	53	char *fname;
	54	const char *dir;
63	55
64		static unsigned int
65		hash(krb5_donot_replay *rep, unsigned int hsize)
66		{
67		unsigned int h = rep->cusec + rep->ctime;
68		h += *rep->server;
69		h += *rep->client;
70		return h % hsize;
	56	*fd_out = -1;
	57
	58	dir = getenv("KRB5RCACHEDIR");
	59	if (dir != NULL) {
	60	if (asprintf(&fname, "%s\\krb5.rcache2") < 0)
	61	return ENOMEM;
	62	} else {
	63	ret = k5_expand_path_tokens(context, "%{LOCAL_APPDATA}\\krb5.rcache2",
	64	&fname);
	65	if (ret)
	66	return ret;
	67	}
	68
	69	*fd_out = open(O_CREAT \| O_RDWR \| O_BINARY, 0600);
	70	ret = (*fd_out < 0) ? errno : 0;
	71	if (ret) {
	72	k5_setmsg(context, ret, "%s (filename: %s)",
	73	error_message(ret), fname);
	74	}
	75	free(fname);
	76	return ret;
71	77	}
72	78
73		#define CMP_MALLOC -3
74		#define CMP_EXPIRED -2
75		#define CMP_REPLAY -1
76		#define CMP_HOHUM 0
	79	#else /* _WIN32 */
77	80
78		/ARGSUSED/
79		static int
80		cmp(krb5_donot_replay old, krb5_donot_replay new1, krb5_deltat t)
	81	static krb5_error_code
	82	open_file(krb5_context context, int *fd_out)
81	83	{
82		if ((old->cusec == new1->cusec) && /* most likely to distinguish */
83		(old->ctime == new1->ctime) &&
84		(strcmp(old->client, new1->client) == 0) &&
85		(strcmp(old->server, new1->server) == 0)) { /* always true */
86		/* If both records include message hashes, compare them as well. */
87		if (old->msghash == NULL \|\| new1->msghash == NULL \|\|
88		strcmp(old->msghash, new1->msghash) == 0)
89		return CMP_REPLAY;
	84	krb5_error_code ret;
	85	int fd = -1;
	86	char *fname = NULL;
	87	const char *dir;
	88	struct stat statbuf;
	89	uid_t euid = geteuid();
	90
	91	*fd_out = -1;
	92
	93	dir = secure_getenv("KRB5RCACHEDIR");
	94	if (dir == NULL) {
	95	dir = secure_getenv("TMPDIR");
	96	if (dir == NULL)
	97	dir = RCTMPDIR;
90	98	}
91		return CMP_HOHUM;
	99	if (asprintf(&fname, "%s/krb5_%lu.rcache2", dir, (unsigned long)euid) < 0)
	100	return ENOMEM;
	101
	102	fd = open(fname, O_CREAT \| O_RDWR \| O_NOFOLLOW, 0600);
	103	if (fd < 0) {
	104	ret = errno;
	105	k5_setmsg(context, ret, "%s (filename: %s)",
	106	error_message(ret), fname);
	107	goto cleanup;
	108	}
	109
	110	if (fstat(fd, &statbuf) < 0 \|\| statbuf.st_uid != euid) {
	111	ret = EIO;
	112	k5_setmsg(context, ret, "Replay cache file %s is not owned by uid %lu",
	113	fname, (unsigned long)euid);
	114	goto cleanup;
	115	}
	116
	117	*fd_out = fd;
	118	fd = -1;
	119	ret = 0;
	120
	121	cleanup:
	122	if (fd != -1)
	123	close(fd);
	124	free(fname);
	125	return ret;
92	126	}
93	127
94		static int
95		alive(krb5_timestamp mytime, krb5_donot_replay *new1, krb5_deltat t)
	128	#endif /* not _WIN32 */
	129
	130	static krb5_error_code
	131	dfl_resolve(krb5_context context, const char residual, void *rcdata_out)
96	132	{
97		if (mytime == 0)
98		return CMP_HOHUM; /* who cares? */
99		if (ts_after(mytime, ts_incr(new1->ctime, t)))
100		return CMP_EXPIRED;
101		return CMP_HOHUM;
102		}
103
104		struct dfl_data
105		{
106		char *name;
107		krb5_deltat lifespan;
108		unsigned int hsize;
109		int numhits;
110		int nummisses;
111		struct authlist **h;
112		struct authlist *a;
113		#ifndef NOIOSTUFF
114		krb5_rc_iostuff d;
115		#endif
116		char recovering;
117		};
118
119		struct authlist
120		{
121		krb5_donot_replay rep;
122		struct authlist *na;
123		struct authlist *nh;
124		};
125
126		/* of course, list is backwards from file */
127		/* hash could be forwards since we have to search on match, but naaaah */
128
129		static int
130		rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep,
131		krb5_timestamp now, krb5_boolean fromfile)
132		{
133		struct dfl_data t = (struct dfl_data )id->data;
134		unsigned int rephash;
135		struct authlist *ta;
136
137		rephash = hash(rep, t->hsize);
138
139		for (ta = t->h[rephash]; ta; ta = ta->nh) {
140		switch(cmp(&ta->rep, rep, t->lifespan))
141		{
142		case CMP_REPLAY:
143		if (fromfile) {
144		/*
145		* This is an expected collision between a hash
146		* extension record and a normal-format record. Make
147		* sure the message hash is included in the stored
148		* record and carry on.
149		*/
150		if (!ta->rep.msghash && rep->msghash) {
151		if (!(ta->rep.msghash = strdup(rep->msghash)))
152		return CMP_MALLOC;
153		}
154		return CMP_HOHUM;
155		} else
156		return CMP_REPLAY;
157		case CMP_HOHUM:
158		if (alive(now, &ta->rep, t->lifespan) == CMP_EXPIRED)
159		t->nummisses++;
160		else
161		t->numhits++;
162		break;
163		default:
164		; /* wtf? */
165		}
166		}
167
168		if (!(ta = (struct authlist *) malloc(sizeof(struct authlist))))
169		return CMP_MALLOC;
170		ta->rep = *rep;
171		ta->rep.client = ta->rep.server = ta->rep.msghash = NULL;
172		if (!(ta->rep.client = strdup(rep->client)))
173		goto error;
174		if (!(ta->rep.server = strdup(rep->server)))
175		goto error;
176		if (rep->msghash && !(ta->rep.msghash = strdup(rep->msghash)))
177		goto error;
178		ta->na = t->a; t->a = ta;
179		ta->nh = t->h[rephash]; t->h[rephash] = ta;
180		return CMP_HOHUM;
181		error:
182		if (ta->rep.client)
183		free(ta->rep.client);
184		if (ta->rep.server)
185		free(ta->rep.server);
186		if (ta->rep.msghash)
187		free(ta->rep.msghash);
188		free(ta);
189		return CMP_MALLOC;
190		}
191
192		char * KRB5_CALLCONV
193		krb5_rc_dfl_get_name(krb5_context context, krb5_rcache id)
194		{
195		return ((struct dfl_data *) (id->data))->name;
196		}
197
198		krb5_error_code KRB5_CALLCONV
199		krb5_rc_dfl_get_span(krb5_context context, krb5_rcache id,
200		krb5_deltat *lifespan)
201		{
202		struct dfl_data *t;
203
204		k5_mutex_lock(&id->lock);
205		t = (struct dfl_data *) id->data;
206		*lifespan = t->lifespan;
207		k5_mutex_unlock(&id->lock);
	133	*rcdata_out = NULL;
208	134	return 0;
209	135	}
210	136
211		static krb5_error_code KRB5_CALLCONV
212		krb5_rc_dfl_init_locked(krb5_context context, krb5_rcache id, krb5_deltat lifespan)
	137	static void
	138	dfl_close(krb5_context context, void *rcdata)
213	139	{
214		struct dfl_data t = (struct dfl_data )id->data;
215		krb5_error_code retval;
216
217		t->lifespan = lifespan ? lifespan : context->clockskew;
218		/* default to clockskew from the context */
219		#ifndef NOIOSTUFF
220		if ((retval = krb5_rc_io_creat(context, &t->d, &t->name))) {
221		return retval;
222		}
223		if ((krb5_rc_io_write(context, &t->d,
224		(krb5_pointer) &t->lifespan, sizeof(t->lifespan))
225		\|\| krb5_rc_io_sync(context, &t->d))) {
226		return KRB5_RC_IO;
227		}
228		#endif
229		return 0;
230		}
231
232		krb5_error_code KRB5_CALLCONV
233		krb5_rc_dfl_init(krb5_context context, krb5_rcache id, krb5_deltat lifespan)
234		{
235		krb5_error_code retval;
236
237		k5_mutex_lock(&id->lock);
238		retval = krb5_rc_dfl_init_locked(context, id, lifespan);
239		k5_mutex_unlock(&id->lock);
240		return retval;
241		}
242
243		/* Called with the mutex already locked. */
244		krb5_error_code
245		krb5_rc_dfl_close_no_free(krb5_context context, krb5_rcache id)
246		{
247		struct dfl_data t = (struct dfl_data )id->data;
248		struct authlist *q;
249
250		free(t->h);
251		if (t->name)
252		free(t->name);
253		while ((q = t->a))
254		{
255		t->a = q->na;
256		free(q->rep.client);
257		free(q->rep.server);
258		if (q->rep.msghash)
259		free(q->rep.msghash);
260		free(q);
261		}
262		#ifndef NOIOSTUFF
263		(void) krb5_rc_io_close(context, &t->d);
264		#endif
265		free(t);
266		return 0;
267		}
268
269		krb5_error_code KRB5_CALLCONV
270		krb5_rc_dfl_close(krb5_context context, krb5_rcache id)
271		{
272		k5_mutex_lock(&id->lock);
273		krb5_rc_dfl_close_no_free(context, id);
274		k5_mutex_unlock(&id->lock);
275		k5_mutex_destroy(&id->lock);
276		free(id);
277		return 0;
278		}
279
280		krb5_error_code KRB5_CALLCONV
281		krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id)
282		{
283		#ifndef NOIOSTUFF
284		if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d))
285		return KRB5_RC_IO;
286		#endif
287		return krb5_rc_dfl_close(context, id);
288		}
289
290		krb5_error_code KRB5_CALLCONV
291		krb5_rc_dfl_resolve(krb5_context context, krb5_rcache id, char *name)
292		{
293		struct dfl_data *t = 0;
294		krb5_error_code retval;
295
296		/* allocate id? no */
297		if (!(t = (struct dfl_data *) calloc(1, sizeof(struct dfl_data))))
298		return KRB5_RC_MALLOC;
299		id->data = (krb5_pointer) t;
300		if (name) {
301		t->name = strdup(name);
302		if (!t->name) {
303		retval = KRB5_RC_MALLOC;
304		goto cleanup;
305		}
306		} else
307		t->name = 0;
308		t->numhits = t->nummisses = 0;
309		t->hsize = HASHSIZE; /* no need to store---it's memory-only */
310		t->h = (struct authlist *) malloc(t->hsizesizeof(struct authlist *));
311		if (!t->h) {
312		retval = KRB5_RC_MALLOC;
313		goto cleanup;
314		}
315		memset(t->h, 0, t->hsizesizeof(struct authlist ));
316		t->a = (struct authlist *) 0;
317		#ifndef NOIOSTUFF
318		t->d.fd = -1;
319		#endif
320		t->recovering = 0;
321		return 0;
322
323		cleanup:
324		if (t) {
325		if (t->name)
326		free(t->name);
327		if (t->h)
328		free(t->h);
329		free(t);
330		}
331		return retval;
332		}
333
334		void
335		krb5_rc_free_entry(krb5_context context, krb5_donot_replay **rep)
336		{
337		krb5_donot_replay rp = rep;
338
339		*rep = NULL;
340		if (rp)
341		{
342		if (rp->client)
343		free(rp->client);
344		if (rp->server)
345		free(rp->server);
346		if (rp->msghash)
347		free(rp->msghash);
348		rp->client = NULL;
349		rp->server = NULL;
350		rp->msghash = NULL;
351		free(rp);
352		}
353		}
354
355		/*
356		* Parse a string in the format <len>:<data>, with the length
357		* represented in ASCII decimal. On parse failure, return 0 but set
358		* *result to NULL.
359		*/
360		static krb5_error_code
361		parse_counted_string(char strptr, char result)
362		{
363		char str = strptr, *end;
364		unsigned long len;
365
366		*result = NULL;
367
368		/* Parse the length, expecting a ':' afterwards. */
369		errno = 0;
370		len = strtoul(str, &end, 10);
371		if (errno != 0 \|\| *end != ':' \|\| len > strlen(end + 1))
372		return 0;
373
374		/* Allocate space for result and copy the data. /
375		*result = malloc(len + 1);
376		if (!*result)
377		return KRB5_RC_MALLOC;
378		memcpy(*result, end + 1, len);
379		(*result)[len] = '\0';
380		*strptr = end + 1 + len;
381		return 0;
382		}
383
384		/*
385		* Hash extension records have the format:
386		* client = <empty string>
387		* server = SHA256:<msghash> <clientlen>:<client> <serverlen>:<server>
388		* Spaces in the client and server string are represented with
389		* with backslashes. Client and server lengths are represented in
390		* ASCII decimal (which is different from the 32-bit binary we use
391		* elsewhere in the replay cache).
392		*
393		* On parse failure, we leave the record unmodified.
394		*/
395		static krb5_error_code
396		check_hash_extension(krb5_donot_replay *rep)
397		{
398		char msghash = NULL, client = NULL, server = NULL, str, *end;
399		krb5_error_code retval = 0;
400
401		/* Check if this appears to match the hash extension format. */
402		if (*rep->client)
403		return 0;
404		if (strncmp(rep->server, "SHA256:", 7) != 0)
405		return 0;
406
407		/* Parse out the message hash. */
408		str = rep->server + 7;
409		end = strchr(str, ' ');
410		if (!end)
411		return 0;
412		msghash = k5memdup0(str, end - str, &retval);
413		if (!msghash)
414		return KRB5_RC_MALLOC;
415		str = end + 1;
416
417		/* Parse out the client and server. */
418		retval = parse_counted_string(&str, &client);
419		if (retval != 0 \|\| client == NULL)
420		goto error;
421		if (*str != ' ')
422		goto error;
423		str++;
424		retval = parse_counted_string(&str, &server);
425		if (retval != 0 \|\| server == NULL)
426		goto error;
427		if (*str)
428		goto error;
429
430		free(rep->client);
431		free(rep->server);
432		rep->client = client;
433		rep->server = server;
434		rep->msghash = msghash;
435		return 0;
436
437		error:
438		if (msghash)
439		free(msghash);
440		if (client)
441		free(client);
442		if (server)
443		free(server);
444		return retval;
445	140	}
446	141
447	142	static krb5_error_code
448		krb5_rc_io_fetch(krb5_context context, struct dfl_data *t,
449		krb5_donot_replay *rep, int maxlen)
450		{
451		int len2;
452		unsigned int len;
453		krb5_error_code retval;
454
455		rep->client = rep->server = rep->msghash = NULL;
456
457		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2,
458		sizeof(len2));
459		if (retval)
460		return retval;
461
462		if ((len2 <= 0) \|\| (len2 >= maxlen))
463		return KRB5_RC_IO_EOF;
464
465		len = len2;
466		rep->client = malloc (len);
467		if (!rep->client)
468		return KRB5_RC_MALLOC;
469
470		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->client, len);
471		if (retval)
472		goto errout;
473
474		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2,
475		sizeof(len2));
476		if (retval)
477		goto errout;
478
479		if ((len2 <= 0) \|\| (len2 >= maxlen)) {
480		retval = KRB5_RC_IO_EOF;
481		goto errout;
482		}
483		len = len2;
484
485		rep->server = malloc (len);
486		if (!rep->server) {
487		retval = KRB5_RC_MALLOC;
488		goto errout;
489		}
490
491		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->server, len);
492		if (retval)
493		goto errout;
494
495		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->cusec,
496		sizeof(rep->cusec));
497		if (retval)
498		goto errout;
499
500		retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->ctime,
501		sizeof(rep->ctime));
502		if (retval)
503		goto errout;
504
505		retval = check_hash_extension(rep);
506		if (retval)
507		goto errout;
508
509		return 0;
510
511		errout:
512		if (rep->client)
513		free(rep->client);
514		if (rep->server)
515		free(rep->server);
516		if (rep->msghash)
517		free(rep->msghash);
518		rep->client = rep->server = rep->msghash = NULL;
519		return retval;
520		}
521
522
523		static krb5_error_code
524		krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id);
525
526		static krb5_error_code
527		krb5_rc_dfl_recover_locked(krb5_context context, krb5_rcache id)
528		{
529		#ifdef NOIOSTUFF
530		return KRB5_RC_NOIO;
531		#else
532
533		struct dfl_data t = (struct dfl_data )id->data;
534		krb5_donot_replay *rep = 0;
535		krb5_error_code retval;
536		long max_size;
537		int expired_entries = 0;
538		krb5_timestamp now;
539
540		if ((retval = krb5_rc_io_open(context, &t->d, t->name))) {
541		return retval;
542		}
543
544		t->recovering = 1;
545
546		max_size = krb5_rc_io_size(context, &t->d);
547
548		rep = NULL;
549		if (krb5_rc_io_read(context, &t->d, (krb5_pointer) &t->lifespan,
550		sizeof(t->lifespan))) {
551		retval = KRB5_RC_IO;
552		goto io_fail;
553		}
554
555		if (!(rep = (krb5_donot_replay *) malloc(sizeof(krb5_donot_replay)))) {
556		retval = KRB5_RC_MALLOC;
557		goto io_fail;
558		}
559		rep->client = rep->server = rep->msghash = NULL;
560
561		if (krb5_timeofday(context, &now))
562		now = 0;
563
564		/* now read in each auth_replay and insert into table */
565		for (;;) {
566		if (krb5_rc_io_mark(context, &t->d)) {
567		retval = KRB5_RC_IO;
568		goto io_fail;
569		}
570
571		retval = krb5_rc_io_fetch(context, t, rep, (int) max_size);
572
573		if (retval == KRB5_RC_IO_EOF)
574		break;
575		else if (retval != 0)
576		goto io_fail;
577
578		if (alive(now, rep, t->lifespan) != CMP_EXPIRED) {
579		if (rc_store(context, id, rep, now, TRUE) == CMP_MALLOC) {
580		retval = KRB5_RC_MALLOC; goto io_fail;
581		}
582		} else {
583		expired_entries++;
584		}
585
586		/*
587		* free fields allocated by rc_io_fetch
588		*/
589		free(rep->server);
590		free(rep->client);
591		if (rep->msghash)
592		free(rep->msghash);
593		rep->client = rep->server = rep->msghash = NULL;
594		}
595		retval = 0;
596		krb5_rc_io_unmark(context, &t->d);
597		/*
598		* An automatic expunge here could remove the need for
599		* mark/unmark but that would be inefficient.
600		*/
601		io_fail:
602		krb5_rc_free_entry(context, &rep);
603		if (retval)
604		krb5_rc_io_close(context, &t->d);
605		else if (expired_entries > EXCESSREPS)
606		retval = krb5_rc_dfl_expunge_locked(context, id);
607		t->recovering = 0;
608		return retval;
609
610		#endif
611		}
612
613		krb5_error_code KRB5_CALLCONV
614		krb5_rc_dfl_recover(krb5_context context, krb5_rcache id)
	143	dfl_store(krb5_context context, void rcdata, const krb5_data tag)
615	144	{
616	145	krb5_error_code ret;
	146	int fd;
617	147
618		k5_mutex_lock(&id->lock);
619		ret = krb5_rc_dfl_recover_locked(context, id);
620		k5_mutex_unlock(&id->lock);
	148	ret = open_file(context, &fd);
	149	if (ret)
	150	return ret;
	151
	152	ret = k5_rcfile2_store(context, fd, tag);
	153	close(fd);
621	154	return ret;
622	155	}
623	156
624		krb5_error_code KRB5_CALLCONV
625		krb5_rc_dfl_recover_or_init(krb5_context context, krb5_rcache id,
626		krb5_deltat lifespan)
	157	const krb5_rc_ops k5_rc_dfl_ops =
627	158	{
628		krb5_error_code retval;
629
630		k5_mutex_lock(&id->lock);
631		retval = krb5_rc_dfl_recover_locked(context, id);
632		if (retval)
633		retval = krb5_rc_dfl_init_locked(context, id, lifespan);
634		k5_mutex_unlock(&id->lock);
635		return retval;
636		}
637
638		static krb5_error_code
639		krb5_rc_io_store(krb5_context context, struct dfl_data *t,
640		krb5_donot_replay *rep)
641		{
642		size_t clientlen, serverlen;
643		unsigned int len;
644		krb5_error_code ret;
645		struct k5buf buf, extbuf;
646		char *extstr;
647
648		clientlen = strlen(rep->client);
649		serverlen = strlen(rep->server);
650
651		if (rep->msghash) {
652		/*
653		* Write a hash extension record, to be followed by a record
654		* in regular format (without the message hash) for the
655		* benefit of old implementations.
656		*/
657
658		/* Format the extension value so we know its length. */
659		k5_buf_init_dynamic(&extbuf);
660		k5_buf_add_fmt(&extbuf, "SHA256:%s %lu:%s %lu:%s", rep->msghash,
661		(unsigned long)clientlen, rep->client,
662		(unsigned long)serverlen, rep->server);
663		if (k5_buf_status(&extbuf) != 0)
664		return KRB5_RC_MALLOC;
665		extstr = extbuf.data;
666
667		/*
668		* Put the extension value into the server field of a
669		* regular-format record, with an empty client field.
670		*/
671		k5_buf_init_dynamic(&buf);
672		len = 1;
673		k5_buf_add_len(&buf, (char *)&len, sizeof(len));
674		k5_buf_add_len(&buf, "", 1);
675		len = strlen(extstr) + 1;
676		k5_buf_add_len(&buf, (char *)&len, sizeof(len));
677		k5_buf_add_len(&buf, extstr, len);
678		k5_buf_add_len(&buf, (char *)&rep->cusec, sizeof(rep->cusec));
679		k5_buf_add_len(&buf, (char *)&rep->ctime, sizeof(rep->ctime));
680		free(extstr);
681		} else /* No extension record needed. */
682		k5_buf_init_dynamic(&buf);
683
684		len = clientlen + 1;
685		k5_buf_add_len(&buf, (char *)&len, sizeof(len));
686		k5_buf_add_len(&buf, rep->client, len);
687		len = serverlen + 1;
688		k5_buf_add_len(&buf, (char *)&len, sizeof(len));
689		k5_buf_add_len(&buf, rep->server, len);
690		k5_buf_add_len(&buf, (char *)&rep->cusec, sizeof(rep->cusec));
691		k5_buf_add_len(&buf, (char *)&rep->ctime, sizeof(rep->ctime));
692
693		if (k5_buf_status(&buf) != 0)
694		return KRB5_RC_MALLOC;
695
696		ret = krb5_rc_io_write(context, &t->d, buf.data, buf.len);
697		k5_buf_free(&buf);
698		return ret;
699		}
700
701		static krb5_error_code krb5_rc_dfl_expunge_locked(krb5_context, krb5_rcache);
702
703		krb5_error_code KRB5_CALLCONV
704		krb5_rc_dfl_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep)
705		{
706		krb5_error_code ret;
707		struct dfl_data *t;
708		krb5_timestamp now;
709
710		ret = krb5_timeofday(context, &now);
711		if (ret)
712		return ret;
713
714		k5_mutex_lock(&id->lock);
715
716		switch(rc_store(context, id, rep, now, FALSE)) {
717		case CMP_MALLOC:
718		k5_mutex_unlock(&id->lock);
719		return KRB5_RC_MALLOC;
720		case CMP_REPLAY:
721		k5_mutex_unlock(&id->lock);
722		return KRB5KRB_AP_ERR_REPEAT;
723		case 0: break;
724		default: /* wtf? */ ;
725		}
726		t = (struct dfl_data *)id->data;
727		#ifndef NOIOSTUFF
728		ret = krb5_rc_io_store(context, t, rep);
729		if (ret) {
730		k5_mutex_unlock(&id->lock);
731		return ret;
732		}
733		#endif
734		/* Shall we automatically expunge? */
735		if (t->nummisses > t->numhits + EXCESSREPS)
736		{
737		ret = krb5_rc_dfl_expunge_locked(context, id);
738		k5_mutex_unlock(&id->lock);
739		return ret;
740		}
741		#ifndef NOIOSTUFF
742		else
743		{
744		if (krb5_rc_io_sync(context, &t->d)) {
745		k5_mutex_unlock(&id->lock);
746		return KRB5_RC_IO;
747		}
748		}
749		#endif
750		k5_mutex_unlock(&id->lock);
751		return 0;
752		}
753
754		static krb5_error_code
755		krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
756		{
757		struct dfl_data t = (struct dfl_data )id->data;
758		#ifdef NOIOSTUFF
759		unsigned int i;
760		struct authlist **q;
761		struct authlist **qt;
762		struct authlist *r;
763		struct authlist *rt;
764		krb5_timestamp now;
765
766		if (krb5_timestamp(context, &now))
767		now = 0;
768
769		for (q = &t->a; *q; q = qt) {
770		qt = &(*q)->na;
771		if (alive(now, &(*q)->rep, t->lifespan) == CMP_EXPIRED) {
772		free((*q)->rep.client);
773		free((*q)->rep.server);
774		if ((*q)->rep.msghash)
775		free((*q)->rep.msghash);
776		free(*q);
777		q = qt; /* why doesn't this feel right? */
778		}
779		}
780		for (i = 0; i < t->hsize; i++)
781		t->h[i] = (struct authlist *) 0;
782		for (r = t->a; r; r = r->na) {
783		i = hash(&r->rep, t->hsize);
784		rt = t->h[i];
785		t->h[i] = r;
786		r->nh = rt;
787		}
788		return 0;
789		#else
790		struct authlist *q;
791		char *name;
792		krb5_error_code retval = 0;
793		krb5_rcache tmp;
794		krb5_deltat lifespan = t->lifespan; /* save original lifespan */
795
796		if (! t->recovering) {
797		name = t->name;
798		t->name = 0; /* Clear name so it isn't freed */
799		(void) krb5_rc_dfl_close_no_free(context, id);
800		retval = krb5_rc_dfl_resolve(context, id, name);
801		free(name);
802		if (retval)
803		return retval;
804		retval = krb5_rc_dfl_recover_locked(context, id);
805		if (retval)
806		return retval;
807		t = (struct dfl_data )id->data; / point to recovered cache */
808		}
809
810		retval = krb5_rc_resolve_type(context, &tmp, "dfl");
811		if (retval)
812		return retval;
813		retval = krb5_rc_resolve(context, tmp, 0);
814		if (retval)
815		goto cleanup;
816		retval = krb5_rc_initialize(context, tmp, lifespan);
817		if (retval)
818		goto cleanup;
819		for (q = t->a; q; q = q->na) {
820		if (krb5_rc_io_store(context, (struct dfl_data *)tmp->data, &q->rep)) {
821		retval = KRB5_RC_IO;
822		goto cleanup;
823		}
824		}
825		/* NOTE: We set retval in case we have an error */
826		retval = KRB5_RC_IO;
827		if (krb5_rc_io_sync(context, &((struct dfl_data *)tmp->data)->d))
828		goto cleanup;
829		if (krb5_rc_io_sync(context, &t->d))
830		goto cleanup;
831		if (krb5_rc_io_move(context, &t->d, &((struct dfl_data *)tmp->data)->d))
832		goto cleanup;
833		retval = 0;
834		cleanup:
835		(void) krb5_rc_dfl_close(context, tmp);
836		return retval;
837		#endif
838		}
839
840		krb5_error_code KRB5_CALLCONV
841		krb5_rc_dfl_expunge(krb5_context context, krb5_rcache id)
842		{
843		krb5_error_code ret;
844
845		k5_mutex_lock(&id->lock);
846		ret = krb5_rc_dfl_expunge_locked(context, id);
847		k5_mutex_unlock(&id->lock);
848		return ret;
849		}
	159	"dfl",
	160	dfl_resolve,
	161	dfl_close,
	162	dfl_store
	163	};

+0

-48

~~src/lib/krb5/rcache/rc_dfl.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_dfl.h */
2		/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
5		*
6		*/
7
8		/*
9		* Declarations for the default replay cache implementation.
10		*/
11
12		#ifndef KRB5_RC_DFL_H
13		#define KRB5_RC_DFL_H
14
15		krb5_error_code KRB5_CALLCONV
16		krb5_rc_dfl_init(krb5_context, krb5_rcache, krb5_deltat);
17
18		krb5_error_code KRB5_CALLCONV
19		krb5_rc_dfl_recover(krb5_context, krb5_rcache);
20
21		krb5_error_code KRB5_CALLCONV
22		krb5_rc_dfl_recover_or_init(krb5_context, krb5_rcache, krb5_deltat);
23
24		krb5_error_code KRB5_CALLCONV
25		krb5_rc_dfl_destroy(krb5_context, krb5_rcache);
26
27		krb5_error_code KRB5_CALLCONV
28		krb5_rc_dfl_close(krb5_context, krb5_rcache);
29
30		krb5_error_code KRB5_CALLCONV
31		krb5_rc_dfl_store(krb5_context, krb5_rcache, krb5_donot_replay *);
32
33		krb5_error_code KRB5_CALLCONV
34		krb5_rc_dfl_expunge(krb5_context, krb5_rcache);
35
36		krb5_error_code KRB5_CALLCONV
37		krb5_rc_dfl_get_span(krb5_context, krb5_rcache, krb5_deltat *);
38
39		char * KRB5_CALLCONV
40		krb5_rc_dfl_get_name(krb5_context, krb5_rcache);
41
42		krb5_error_code KRB5_CALLCONV
43		krb5_rc_dfl_resolve(krb5_context, krb5_rcache, char *);
44
45		krb5_error_code krb5_rc_dfl_close_no_free(krb5_context, krb5_rcache);
46		void krb5_rc_free_entry(krb5_context, krb5_donot_replay **);
47		#endif

+266

-0

src/lib/krb5/rcache/rc_file2.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/rcache/rc_file2.c - file-based replay cache, version 2 */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "k5-int.h"
	33	#include "k5-hashtab.h"
	34	#include "rc-int.h"
	35	#ifndef _WIN32
	36	#include <sys/types.h>
	37	#include <sys/stat.h>
	38	#endif
	39
	40	#define MAX_SIZE INT32_MAX
	41	#define TAG_LEN 12
	42	#define RECORD_LEN (TAG_LEN + 4)
	43	#define FIRST_TABLE_RECORDS 1023
	44
	45	/* Return the offset and number of records in the next table. *offset should
	46	* initially be -1. */
	47	static inline krb5_error_code
	48	next_table(off_t offset, off_t nrecords)
	49	{
	50	if (*offset == -1) {
	51	*offset = K5_HASH_SEED_LEN;
	52	*nrecords = FIRST_TABLE_RECORDS;
	53	} else if (*offset == K5_HASH_SEED_LEN) {
	54	offset += nrecords * RECORD_LEN;
	55	nrecords = (FIRST_TABLE_RECORDS + 1) 2;
	56	} else {
	57	offset += nrecords * RECORD_LEN;
	58	nrecords = 2;
	59	}
	60
	61	/* Make sure the next table fits within the maximum file size. */
	62	if (*nrecords > MAX_SIZE / RECORD_LEN)
	63	return EOVERFLOW;
	64	if (offset > MAX_SIZE - (nrecords * RECORD_LEN))
	65	return EOVERFLOW;
	66
	67	return 0;
	68	}
	69
	70	/* Read up to two records from fd at offset, and parse them out into tags and
	71	* timestamps. Place the number of records read in nread. /
	72	static krb5_error_code
	73	read_records(int fd, off_t offset, uint8_t tag1_out[TAG_LEN],
	74	uint32_t *timestamp1_out, uint8_t tag2_out[TAG_LEN],
	75	uint32_t timestamp2_out, int nread)
	76	{
	77	uint8_t buf[RECORD_LEN * 2];
	78	ssize_t st;
	79
	80	*nread = 0;
	81
	82	st = lseek(fd, offset, SEEK_SET);
	83	if (st == -1)
	84	return errno;
	85	st = read(fd, buf, RECORD_LEN * 2);
	86	if (st == -1)
	87	return errno;
	88
	89	if (st >= RECORD_LEN) {
	90	memcpy(tag1_out, buf, TAG_LEN);
	91	*timestamp1_out = load_32_be(buf + TAG_LEN);
	92	*nread = 1;
	93	}
	94	if (st == RECORD_LEN * 2) {
	95	memcpy(tag2_out, buf + RECORD_LEN, TAG_LEN);
	96	*timestamp2_out = load_32_be(buf + RECORD_LEN + TAG_LEN);
	97	*nread = 2;
	98	}
	99	return 0;
	100	}
	101
	102	/* Write one record to fd at offset, marshalling the tag and timestamp. */
	103	static krb5_error_code
	104	write_record(int fd, off_t offset, const uint8_t tag[TAG_LEN],
	105	uint32_t timestamp)
	106	{
	107	uint8_t record[RECORD_LEN];
	108	ssize_t st;
	109
	110	memcpy(record, tag, TAG_LEN);
	111	store_32_be(timestamp, record + TAG_LEN);
	112
	113	st = lseek(fd, offset, SEEK_SET);
	114	if (st == -1)
	115	return errno;
	116	st = write(fd, record, RECORD_LEN);
	117	if (st == -1)
	118	return errno;
	119	if (st != RECORD_LEN) /* Unexpected for a regular file */
	120	return EIO;
	121
	122	return 0;
	123	}
	124
	125	/* Return true if timestamp is expired, for the current timestamp (now) and
	126	* allowable clock skew. */
	127	static inline krb5_boolean
	128	expired(uint32_t timestamp, uint32_t now, uint32_t skew)
	129	{
	130	return ts_after(now, ts_incr(timestamp, skew));
	131	}
	132
	133	/* Check and store a record into an open and locked file. fd is assumed to be
	134	* at offset 0. */
	135	static krb5_error_code
	136	store(krb5_context context, int fd, const uint8_t tag[TAG_LEN], uint32_t now,
	137	uint32_t skew)
	138	{
	139	krb5_error_code ret;
	140	krb5_data d;
	141	off_t table_offset = -1, nrecords = 0, avail_offset = -1, record_offset;
	142	ssize_t st;
	143	int ind, nread;
	144	uint8_t seed[K5_HASH_SEED_LEN], r1tag[TAG_LEN], r2tag[TAG_LEN];
	145	uint32_t r1stamp, r2stamp;
	146
	147	/* Read or generate the hash seed. */
	148	st = read(fd, seed, sizeof(seed));
	149	if (st < 0)
	150	return errno;
	151	if ((size_t)st < sizeof(seed)) {
	152	d = make_data(seed, sizeof(seed));
	153	ret = krb5_c_random_make_octets(context, &d);
	154	if (ret)
	155	return ret;
	156	st = write(fd, seed, sizeof(seed));
	157	if (st < 0)
	158	return errno;
	159	if ((size_t)st != sizeof(seed))
	160	return EIO;
	161	}
	162
	163	for (;;) {
	164	ret = next_table(&table_offset, &nrecords);
	165	if (ret)
	166	return ret;
	167
	168	ind = k5_siphash24(tag, TAG_LEN, seed) % nrecords;
	169	record_offset = table_offset + ind * RECORD_LEN;
	170
	171	ret = read_records(fd, record_offset, r1tag, &r1stamp, r2tag, &r2stamp,
	172	&nread);
	173	if (ret)
	174	return ret;
	175
	176	if ((nread >= 1 && r1stamp && memcmp(r1tag, tag, TAG_LEN) == 0) \|\|
	177	(nread == 2 && r2stamp && memcmp(r2tag, tag, TAG_LEN) == 0))
	178	return KRB5KRB_AP_ERR_REPEAT;
	179
	180	/* Make note of the first record available for writing (empty, beyond
	181	* the end of the file, or expired). */
	182	if (avail_offset == -1) {
	183	if (nread == 0 \|\| !r1stamp \|\| expired(r1stamp, now, skew))
	184	avail_offset = record_offset;
	185	else if (nread == 1 \|\| !r2stamp \|\| expired(r2stamp, now, skew))
	186	avail_offset = record_offset + RECORD_LEN;
	187	}
	188
	189	/* Stop searching if we encountered an empty record or one beyond the
	190	* end of the file, as tag would have been written there previously. */
	191	if (nread < 2 \|\| !r1stamp \|\| !r2stamp)
	192	return write_record(fd, avail_offset, tag, now);
	193
	194	/* Use a different hash seed for the next table we search. */
	195	seed[0]++;
	196	}
	197	}
	198
	199	krb5_error_code
	200	k5_rcfile2_store(krb5_context context, int fd, const krb5_data *tag_data)
	201	{
	202	krb5_error_code ret;
	203	krb5_timestamp now;
	204	uint8_t tagbuf[TAG_LEN], *tag;
	205
	206	ret = krb5_timeofday(context, &now);
	207	if (ret)
	208	return ret;
	209
	210	/* Extract a tag from the authenticator checksum. */
	211	if (tag_data->length >= TAG_LEN) {
	212	tag = (uint8_t *)tag_data->data;
	213	} else {
	214	memcpy(tagbuf, tag_data->data, tag_data->length);
	215	memset(tagbuf + tag_data->length, 0, TAG_LEN - tag_data->length);
	216	tag = tagbuf;
	217	}
	218
	219	ret = krb5_lock_file(context, fd, KRB5_LOCKMODE_EXCLUSIVE);
	220	if (ret)
	221	return ret;
	222	ret = store(context, fd, tag, now, context->clockskew);
	223	(void)krb5_unlock_file(NULL, fd);
	224	return ret;
	225	}
	226
	227	static krb5_error_code
	228	file2_resolve(krb5_context context, const char residual, void *rcdata_out)
	229	{
	230	*rcdata_out = strdup(residual);
	231	return (*rcdata_out == NULL) ? ENOMEM : 0;
	232	}
	233
	234	static void
	235	file2_close(krb5_context context, void *rcdata)
	236	{
	237	free(rcdata);
	238	}
	239
	240	static krb5_error_code
	241	file2_store(krb5_context context, void rcdata, const krb5_data tag)
	242	{
	243	krb5_error_code ret;
	244	const char *filename = rcdata;
	245	int fd;
	246
	247	fd = open(filename, O_CREAT \| O_RDWR \| O_BINARY, 0600);
	248	if (fd < 0) {
	249	ret = errno;
	250	k5_setmsg(context, ret, "%s (filename: %s)", error_message(ret),
	251	filename);
	252	return ret;
	253	}
	254	ret = k5_rcfile2_store(context, fd, tag);
	255	close(fd);
	256	return ret;
	257	}
	258
	259	const krb5_rc_ops k5_rc_file2_ops =
	260	{
	261	"file2",
	262	file2_resolve,
	263	file2_close,
	264	file2_store
	265	};

+0

-518

~~src/lib/krb5/rcache/rc_io.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_io.c */
2		/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
5		*
6		*/
7
8		/*
9		* I/O functions for the replay cache default implementation.
10		*/
11
12		#if defined(_WIN32)
13		# define PATH_SEPARATOR "\\"
14		#else
15		# define PATH_SEPARATOR "/"
16		#endif
17
18		#define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */
19
20		#if HAVE_SYS_STAT_H
21		#include <sys/stat.h>
22		#endif
23		#include "k5-int.h"
24		#include <stdio.h> /* for P_tmpdir */
25		#include "rc_base.h"
26		#include "rc_dfl.h"
27		#include "rc_io.h"
28
29		#ifndef O_BINARY
30		#define O_BINARY 0
31		#endif
32
33		#ifdef HAVE_NETINET_IN_H
34		#if !defined(_WINSOCKAPI_)
35		#include <netinet/in.h>
36		#endif
37		#else
38		#error find some way to use net-byte-order file version numbers.
39		#endif
40
41		#define UNIQUE getpid() /* hopefully unique number */
42
43		#define GETDIR (dir = getdir(), dirlen = strlen(dir) + sizeof(PATH_SEPARATOR) - 1)
44
45		static char *
46		getdir(void)
47		{
48		char *dir;
49
50		if (!(dir = getenv("KRB5RCACHEDIR"))) {
51		#if defined(_WIN32)
52		if (!(dir = getenv("TEMP")))
53		if (!(dir = getenv("TMP")))
54		dir = "C:";
55		#else
56		if (!(dir = getenv("TMPDIR"))) {
57		#ifdef RCTMPDIR
58		dir = RCTMPDIR;
59		#else
60		dir = "/tmp";
61		#endif
62		}
63		#endif
64		}
65		return dir;
66		}
67
68		/*
69		* Called from krb5_rc_io_creat(); calls mkstemp() and does some
70		* sanity checking on the file modes in case some broken mkstemp()
71		* implementation creates the file with overly permissive modes. To
72		* avoid race conditions, do not fchmod() a file for which mkstemp set
73		* incorrect modes.
74		*/
75		static krb5_error_code
76		krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff d, char dir)
77		{
78		krb5_error_code retval = 0;
79		#if HAVE_SYS_STAT_H
80		struct stat stbuf;
81
82		memset(&stbuf, 0, sizeof(stbuf));
83		#endif
84		if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX",
85		dir, PATH_SEPARATOR) < 0) {
86		d->fn = NULL;
87		return KRB5_RC_IO_MALLOC;
88		}
89		d->fd = mkstemp(d->fn);
90		if (d->fd == -1) {
91		/*
92		* This return value is deliberate because d->fd == -1 causes
93		* caller to go into errno interpretation code.
94		*/
95		return 0;
96		}
97		#if HAVE_SYS_STAT_H
98		/*
99		* Be paranoid and check that mkstemp made the file accessible
100		* only to the user.
101		*/
102		retval = fstat(d->fd, &stbuf);
103		if (retval) {
104		k5_setmsg(context, retval,
105		_("Cannot fstat replay cache file %s: %s"),
106		d->fn, strerror(errno));
107		return KRB5_RC_IO_UNKNOWN;
108		}
109		if (stbuf.st_mode & 077) {
110		k5_setmsg(context, retval,
111		_("Insecure mkstemp() file mode for replay cache file %s; "
112		"try running this program with umask 077"), d->fn);
113		return KRB5_RC_IO_UNKNOWN;
114		}
115		#endif
116		return 0;
117		}
118
119		static krb5_error_code
120		rc_map_errno (krb5_context context, int e, const char *fn,
121		const char *operation)
122		{
123		switch (e) {
124		case EFBIG:
125		#ifdef EDQUOT
126		case EDQUOT:
127		#endif
128		case ENOSPC:
129		return KRB5_RC_IO_SPACE;
130
131		case EIO:
132		return KRB5_RC_IO_IO;
133
134		case EPERM:
135		case EACCES:
136		case EROFS:
137		case EEXIST:
138		k5_setmsg(context, KRB5_RC_IO_PERM,
139		_("Cannot %s replay cache file %s: %s"),
140		operation, fn, strerror(e));
141		return KRB5_RC_IO_PERM;
142
143		default:
144		k5_setmsg(context, KRB5_RC_IO_UNKNOWN, _("Cannot %s replay cache: %s"),
145		operation, strerror(e));
146		return KRB5_RC_IO_UNKNOWN;
147		}
148		}
149
150
151		krb5_error_code
152		krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff d, char *fn)
153		{
154		krb5_int16 rc_vno = htons(KRB5_RC_VNO);
155		krb5_error_code retval = 0;
156		int flags, do_not_unlink = 0;
157		char *dir;
158		size_t dirlen;
159
160		GETDIR;
161		if (fn && *fn) {
162		if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
163		return KRB5_RC_IO_MALLOC;
164		d->fd = -1;
165		do {
166		if (unlink(d->fn) == -1 && errno != ENOENT)
167		break;
168		flags = O_WRONLY \| O_CREAT \| O_TRUNC \| O_EXCL \| O_BINARY;
169		d->fd = THREEPARAMOPEN(d->fn, flags, 0600);
170		} while (d->fd == -1 && errno == EEXIST);
171		} else {
172		retval = krb5_rc_io_mkstemp(context, d, dir);
173		if (retval)
174		goto cleanup;
175		if (d->fd != -1 && fn) {
176		*fn = strdup(d->fn + dirlen);
177		if (*fn == NULL) {
178		free(d->fn);
179		return KRB5_RC_IO_MALLOC;
180		}
181		}
182		}
183		if (d->fd == -1) {
184		retval = rc_map_errno(context, errno, d->fn, "create");
185		if (retval == KRB5_RC_IO_PERM)
186		do_not_unlink = 1;
187		goto cleanup;
188		}
189		set_cloexec_fd(d->fd);
190		retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno,
191		sizeof(rc_vno));
192		if (retval)
193		goto cleanup;
194
195		retval = krb5_rc_io_sync(context, d);
196
197		cleanup:
198		if (retval) {
199		if (d->fn) {
200		if (!do_not_unlink)
201		(void) unlink(d->fn);
202		free(d->fn);
203		d->fn = NULL;
204		}
205		if (d->fd != -1) {
206		(void) close(d->fd);
207		}
208		}
209		return retval;
210		}
211
212		static krb5_error_code
213		krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff d, char fn,
214		char* full_pathname)
215		{
216		krb5_int16 rc_vno;
217		krb5_error_code retval = 0;
218		int do_not_unlink = 1;
219		#ifndef NO_USERID
220		struct stat sb1, sb2;
221		#endif
222		char *dir;
223
224		dir = getdir();
225		if (full_pathname) {
226		if (!(d->fn = strdup(full_pathname)))
227		return KRB5_RC_IO_MALLOC;
228		} else {
229		if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0)
230		return KRB5_RC_IO_MALLOC;
231		}
232
233		#ifdef NO_USERID
234		d->fd = THREEPARAMOPEN(d->fn, O_RDWR \| O_BINARY, 0600);
235		if (d->fd == -1) {
236		retval = rc_map_errno(context, errno, d->fn, "open");
237		goto cleanup;
238		}
239		#else
240		d->fd = -1;
241		retval = lstat(d->fn, &sb1);
242		if (retval != 0) {
243		retval = rc_map_errno(context, errno, d->fn, "lstat");
244		goto cleanup;
245		}
246		d->fd = THREEPARAMOPEN(d->fn, O_RDWR \| O_BINARY, 0600);
247		if (d->fd < 0) {
248		retval = rc_map_errno(context, errno, d->fn, "open");
249		goto cleanup;
250		}
251		retval = fstat(d->fd, &sb2);
252		if (retval < 0) {
253		retval = rc_map_errno(context, errno, d->fn, "fstat");
254		goto cleanup;
255		}
256		/* check if someone was playing with symlinks */
257		if ((sb1.st_dev != sb2.st_dev \|\| sb1.st_ino != sb2.st_ino)
258		\|\| (sb1.st_mode & S_IFMT) != S_IFREG)
259		{
260		retval = KRB5_RC_IO_PERM;
261		k5_setmsg(context, retval, "rcache not a file %s", d->fn);
262		goto cleanup;
263		}
264		/* check that non other can read/write/execute the file */
265		if (sb1.st_mode & 077) {
266		k5_setmsg(context, retval,
267		_("Insecure file mode for replay cache file %s"), d->fn);
268		return KRB5_RC_IO_UNKNOWN;
269		}
270		/* owned by me */
271		if (sb1.st_uid != geteuid()) {
272		retval = KRB5_RC_IO_PERM;
273		k5_setmsg(context, retval, _("rcache not owned by %d"),
274		(int)geteuid());
275		goto cleanup;
276		}
277		#endif
278		set_cloexec_fd(d->fd);
279
280		do_not_unlink = 0;
281		retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno,
282		sizeof(rc_vno));
283		if (retval)
284		goto cleanup;
285
286		if (ntohs(rc_vno) != KRB5_RC_VNO)
287		retval = KRB5_RCACHE_BADVNO;
288
289		cleanup:
290		if (retval) {
291		if (!do_not_unlink)
292		(void) unlink(d->fn);
293		free(d->fn);
294		d->fn = NULL;
295		if (d->fd >= 0)
296		(void) close(d->fd);
297		}
298		return retval;
299		}
300
301		krb5_error_code
302		krb5_rc_io_open(krb5_context context, krb5_rc_iostuff d, char fn)
303		{
304		return krb5_rc_io_open_internal(context, d, fn, NULL);
305		}
306
307		krb5_error_code
308		krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1,
309		krb5_rc_iostuff *old)
310		{
311		#if defined(_WIN32) \|\| defined(__CYGWIN__)
312		char *new_fn = NULL;
313		char *old_fn = NULL;
314		off_t offset = 0;
315		krb5_error_code retval = 0;
316		/*
317		* Initial work around provided by Tom Sanfilippo to work around
318		* poor Windows emulation of POSIX functions. Rename and dup has
319		* different semantics!
320		*
321		* Additional fixes and explanation provided by dalmeida@mit.edu:
322		*
323		* First, we save the offset of "old". Then, we close and remove
324		* the "new" file so we can do the rename. We also close "old" to
325		* make sure the rename succeeds (though that might not be
326		* necessary on some systems).
327		*
328		* Next, we do the rename. If all goes well, we seek the "new"
329		* file to the position "old" was at.
330		*
331		* --- WARNING!!! ---
332		*
333		* Since "old" is now gone, we mourn its disappearance, but we
334		* cannot emulate that Unix behavior... THIS BEHAVIOR IS
335		* DIFFERENT FROM UNIX. However, it is ok because this function
336		* gets called such that "old" gets closed right afterwards.
337		*/
338		offset = lseek(old->fd, 0, SEEK_CUR);
339
340		new_fn = new1->fn;
341		new1->fn = NULL;
342		close(new1->fd);
343		new1->fd = -1;
344
345		unlink(new_fn);
346
347		old_fn = old->fn;
348		old->fn = NULL;
349		close(old->fd);
350		old->fd = -1;
351
352		if (rename(old_fn, new_fn) == -1) { /* MUST be atomic! */
353		retval = KRB5_RC_IO_UNKNOWN;
354		goto cleanup;
355		}
356
357		retval = krb5_rc_io_open_internal(context, new1, 0, new_fn);
358		if (retval)
359		goto cleanup;
360
361		if (lseek(new1->fd, offset, SEEK_SET) == -1) {
362		retval = KRB5_RC_IO_UNKNOWN;
363		goto cleanup;
364		}
365
366		cleanup:
367		free(new_fn);
368		free(old_fn);
369		return retval;
370		#else
371		char *fn = NULL;
372		if (rename(old->fn, new1->fn) == -1) /* MUST be atomic! */
373		return KRB5_RC_IO_UNKNOWN;
374		fn = new1->fn;
375		new1->fn = NULL; /* avoid clobbering */
376		(void) krb5_rc_io_close(context, new1);
377		new1->fn = fn;
378		new1->fd = dup(old->fd);
379		set_cloexec_fd(new1->fd);
380		return 0;
381		#endif
382		}
383
384		krb5_error_code
385		krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
386		unsigned int num)
387		{
388		if (write(d->fd, (char *) buf, num) == -1)
389		switch(errno)
390		{
391		#ifdef EDQUOT
392		case EDQUOT:
393		#endif
394		case EFBIG:
395		case ENOSPC:
396		k5_setmsg(context, KRB5_RC_IO_SPACE,
397		_("Can't write to replay cache: %s"), strerror(errno));
398		return KRB5_RC_IO_SPACE;
399		case EIO:
400		k5_setmsg(context, KRB5_RC_IO_IO,
401		_("Can't write to replay cache: %s"), strerror(errno));
402		return KRB5_RC_IO_IO;
403		case EBADF:
404		default:
405		k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
406		_("Can't write to replay cache: %s"), strerror(errno));
407		return KRB5_RC_IO_UNKNOWN;
408		}
409		return 0;
410		}
411
412		krb5_error_code
413		krb5_rc_io_sync(krb5_context context, krb5_rc_iostuff *d)
414		{
415		#if defined(_WIN32)
416		#ifndef fsync
417		#define fsync _commit
418		#endif
419		#endif
420		if (fsync(d->fd) == -1) {
421		switch(errno)
422		{
423		case EBADF: return KRB5_RC_IO_UNKNOWN;
424		case EIO: return KRB5_RC_IO_IO;
425		default:
426		k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
427		_("Cannot sync replay cache file: %s"), strerror(errno));
428		return KRB5_RC_IO_UNKNOWN;
429		}
430		}
431		return 0;
432		}
433
434		krb5_error_code
435		krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
436		unsigned int num)
437		{
438		int count;
439		if ((count = read(d->fd, (char *) buf, num)) == -1)
440		switch(errno)
441		{
442		case EIO: return KRB5_RC_IO_IO;
443		case EBADF:
444		default:
445		k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
446		_("Can't read from replay cache: %s"), strerror(errno));
447		return KRB5_RC_IO_UNKNOWN;
448		}
449		if (count < 0 \|\| (unsigned int)count != num)
450		return KRB5_RC_IO_EOF;
451		return 0;
452		}
453
454		krb5_error_code
455		krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d)
456		{
457		if (d->fn != NULL) {
458		free(d->fn);
459		d->fn = NULL;
460		}
461		if (d->fd != -1) {
462		if (close(d->fd) == -1) /* can't happen */
463		return KRB5_RC_IO_UNKNOWN;
464		d->fd = -1;
465		}
466		return 0;
467		}
468
469		krb5_error_code
470		krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d)
471		{
472		if (unlink(d->fn) == -1)
473		switch(errno)
474		{
475		case EIO:
476		k5_setmsg(context, KRB5_RC_IO_IO,
477		_("Can't destroy replay cache: %s"), strerror(errno));
478		return KRB5_RC_IO_IO;
479		case EPERM:
480		case EBUSY:
481		case EROFS:
482		k5_setmsg(context, KRB5_RC_IO_PERM,
483		_("Can't destroy replay cache: %s"), strerror(errno));
484		return KRB5_RC_IO_PERM;
485		case EBADF:
486		default:
487		k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
488		_("Can't destroy replay cache: %s"), strerror(errno));
489		return KRB5_RC_IO_UNKNOWN;
490		}
491		return 0;
492		}
493
494		krb5_error_code
495		krb5_rc_io_mark(krb5_context context, krb5_rc_iostuff *d)
496		{
497		d->mark = lseek(d->fd, (off_t) 0, SEEK_CUR); /* can't fail */
498		return 0;
499		}
500
501		krb5_error_code
502		krb5_rc_io_unmark(krb5_context context, krb5_rc_iostuff *d)
503		{
504		(void) lseek(d->fd, d->mark, SEEK_SET); /* if it fails, tough luck */
505		return 0;
506		}
507
508		long
509		krb5_rc_io_size(krb5_context context, krb5_rc_iostuff *d)
510		{
511		struct stat statb;
512
513		if (fstat(d->fd, &statb) == 0)
514		return statb.st_size;
515		else
516		return 0;
517		}

+0

-60

~~src/lib/krb5/rcache/rc_io.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rc_io.h */
2		/*
3		* This file of the Kerberos V5 software is derived from public-domain code
4		* contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
5		*
6		*/
7
8		/*
9		* Declarations for the I/O sub-package of the replay cache
10		*/
11
12		#ifndef KRB5_RC_IO_H
13		#define KRB5_RC_IO_H
14
15		typedef struct krb5_rc_iostuff {
16		int fd;
17		#ifdef MSDOS_FILESYSTEM
18		long mark;
19		#else
20		off_t mark; /* on newer systems, should be pos_t */
21		#endif
22		char *fn;
23		} krb5_rc_iostuff;
24
25		/* first argument is always iostuff for result file */
26
27		krb5_error_code
28		krb5_rc_io_creat(krb5_context, krb5_rc_iostuff , char *);
29
30		krb5_error_code
31		krb5_rc_io_open(krb5_context, krb5_rc_iostuff , char );
32
33		krb5_error_code
34		krb5_rc_io_move(krb5_context, krb5_rc_iostuff , krb5_rc_iostuff );
35
36		krb5_error_code
37		krb5_rc_io_write(krb5_context, krb5_rc_iostuff *, krb5_pointer, unsigned int);
38
39		krb5_error_code
40		krb5_rc_io_read(krb5_context, krb5_rc_iostuff *, krb5_pointer, unsigned int);
41
42		krb5_error_code
43		krb5_rc_io_close(krb5_context, krb5_rc_iostuff *);
44
45		krb5_error_code
46		krb5_rc_io_destroy(krb5_context, krb5_rc_iostuff *);
47
48		krb5_error_code
49		krb5_rc_io_mark(krb5_context, krb5_rc_iostuff *);
50
51		krb5_error_code
52		krb5_rc_io_unmark(krb5_context, krb5_rc_iostuff *);
53
54		krb5_error_code
55		krb5_rc_io_sync(krb5_context, krb5_rc_iostuff *);
56
57		long
58		krb5_rc_io_size(krb5_context, krb5_rc_iostuff *);
59		#endif

+11

-49

src/lib/krb5/rcache/rc_none.c less more

31	31	#include "k5-int.h"
32	32	#include "rc-int.h"
33	33
34		static krb5_error_code KRB5_CALLCONV
35		krb5_rc_none_init(krb5_context ctx, krb5_rcache rc, krb5_deltat d)
	34	static krb5_error_code
	35	none_resolve(krb5_context ctx, const char residual, void *rcdata_out)
36	36	{
	37	*rcdata_out = NULL;
37	38	return 0;
38	39	}
39		#define krb5_rc_none_recover_or_init krb5_rc_none_init
40	40
41		static krb5_error_code KRB5_CALLCONV
42		krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
	41	static void
	42	none_close(krb5_context ctx, void *rcdata)
43	43	{
44		return 0;
45	44	}
46		#define krb5_rc_none_recover krb5_rc_none_noargs
47		#define krb5_rc_none_expunge krb5_rc_none_noargs
48	45
49		static krb5_error_code KRB5_CALLCONV
50		krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
51		{
52		free (rc);
53		return 0;
54		}
55		#define krb5_rc_none_destroy krb5_rc_none_close
56
57		static krb5_error_code KRB5_CALLCONV
58		krb5_rc_none_store(krb5_context ctx, krb5_rcache rc, krb5_donot_replay *r)
	46	static krb5_error_code
	47	none_store(krb5_context ctx, void rcdata, const krb5_data tag)
59	48	{
60	49	return 0;
61	50	}
62	51
63		static krb5_error_code KRB5_CALLCONV
64		krb5_rc_none_get_span(krb5_context ctx, krb5_rcache rc, krb5_deltat *d)
65		{
66		return 0;
67		}
68
69		static char * KRB5_CALLCONV
70		krb5_rc_none_get_name(krb5_context ctx, krb5_rcache rc)
71		{
72		return "";
73		}
74
75		static krb5_error_code KRB5_CALLCONV
76		krb5_rc_none_resolve(krb5_context ctx, krb5_rcache rc, char *name)
77		{
78		rc->data = "none";
79		return 0;
80		}
81
82		const krb5_rc_ops krb5_rc_none_ops = {
83		0,
	52	const krb5_rc_ops k5_rc_none_ops = {
84	53	"none",
85		krb5_rc_none_init,
86		krb5_rc_none_recover,
87		krb5_rc_none_recover_or_init,
88		krb5_rc_none_destroy,
89		krb5_rc_none_close,
90		krb5_rc_none_store,
91		krb5_rc_none_expunge,
92		krb5_rc_none_get_span,
93		krb5_rc_none_get_name,
94		krb5_rc_none_resolve
	54	none_resolve,
	55	none_close,
	56	none_store
95	57	};

+0

-45

~~src/lib/krb5/rcache/rcdef.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rcdef.c - Default replay cache operations vector */
2		/*
3		* Copyright 1990 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "k5-int.h"
27		#include "rc-int.h"
28		#include "rc_dfl.h"
29
30		const krb5_rc_ops krb5_rc_dfl_ops =
31		{
32		0,
33		"dfl",
34		krb5_rc_dfl_init,
35		krb5_rc_dfl_recover,
36		krb5_rc_dfl_recover_or_init,
37		krb5_rc_dfl_destroy,
38		krb5_rc_dfl_close,
39		krb5_rc_dfl_store,
40		krb5_rc_dfl_expunge,
41		krb5_rc_dfl_get_span,
42		krb5_rc_dfl_get_name,
43		krb5_rc_dfl_resolve
44		};

+0

-95

~~src/lib/krb5/rcache/rcfns.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/rcfns.c */
2		/*
3		* Copyright 2001 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		/*
27		* Dispatch methods for replay cache code.
28		*/
29
30		#include "k5-int.h"
31		#include "rc-int.h"
32
33		krb5_error_code KRB5_CALLCONV
34		krb5_rc_initialize (krb5_context context, krb5_rcache id, krb5_deltat span)
35		{
36		return krb5_x(id->ops->init,(context, id, span));
37		}
38
39		krb5_error_code KRB5_CALLCONV
40		krb5_rc_recover_or_initialize (krb5_context context, krb5_rcache id,
41		krb5_deltat span)
42		{
43		return krb5_x(id->ops->recover_or_init,(context, id, span));
44		}
45
46		krb5_error_code KRB5_CALLCONV
47		krb5_rc_recover (krb5_context context, krb5_rcache id)
48		{
49		return krb5_x((id)->ops->recover,(context, id));
50		}
51
52		krb5_error_code KRB5_CALLCONV
53		krb5_rc_destroy (krb5_context context, krb5_rcache id)
54		{
55		return krb5_x((id)->ops->destroy,(context, id));
56		}
57
58		krb5_error_code KRB5_CALLCONV
59		krb5_rc_close (krb5_context context, krb5_rcache id)
60		{
61		return krb5_x((id)->ops->close,(context, id));
62		}
63
64		krb5_error_code KRB5_CALLCONV
65		krb5_rc_store (krb5_context context, krb5_rcache id,
66		krb5_donot_replay *dontreplay)
67		{
68		return krb5_x((id)->ops->store,(context, id, dontreplay));
69		}
70
71		krb5_error_code KRB5_CALLCONV
72		krb5_rc_expunge (krb5_context context, krb5_rcache id)
73		{
74		return krb5_x((id)->ops->expunge,(context, id));
75		}
76
77		krb5_error_code KRB5_CALLCONV
78		krb5_rc_get_lifespan (krb5_context context, krb5_rcache id,
79		krb5_deltat *spanp)
80		{
81		return krb5_x((id)->ops->get_span,(context, id, spanp));
82		}
83
84		char *KRB5_CALLCONV
85		krb5_rc_get_name (krb5_context context, krb5_rcache id)
86		{
87		return krb5_xc((id)->ops->get_name,(context, id));
88		}
89
90		krb5_error_code KRB5_CALLCONV
91		krb5_rc_resolve (krb5_context context, krb5_rcache id, char *name)
92		{
93		return krb5_x((id)->ops->resolve,(context, id, name));
94		}

+0

-212

~~src/lib/krb5/rcache/ser_rc.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/ser_rc.c - Serialize replay cache context */
2		/*
3		* Copyright 1995 by the Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "k5-int.h"
27		#include "rc-int.h"
28
29		/*
30		* Routines to deal with externalizing krb5_rcache.
31		* krb5_rcache_size();
32		* krb5_rcache_externalize();
33		* krb5_rcache_internalize();
34		*/
35		static krb5_error_code
36		krb5_rcache_size(krb5_context, krb5_pointer, size_t *);
37
38		static krb5_error_code
39		krb5_rcache_externalize(krb5_context, krb5_pointer, krb5_octet *, size_t );
40
41		static krb5_error_code
42		krb5_rcache_internalize(krb5_context,krb5_pointer , krb5_octet , size_t );
43
44		/*
45		* Serialization entry for this type.
46		*/
47		static const krb5_ser_entry krb5_rcache_ser_entry = {
48		KV5M_RCACHE, /* Type */
49		krb5_rcache_size, /* Sizer routine */
50		krb5_rcache_externalize, /* Externalize routine */
51		krb5_rcache_internalize /* Internalize routine */
52		};
53
54		/*
55		* krb5_rcache_size() - Determine the size required to externalize
56		* this krb5_rcache variant.
57		*/
58		static krb5_error_code
59		krb5_rcache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
60		{
61		krb5_error_code kret;
62		krb5_rcache rcache;
63		size_t required;
64
65		kret = EINVAL;
66		if ((rcache = (krb5_rcache) arg)) {
67		/*
68		* Saving FILE: variants of krb5_rcache requires at minimum:
69		* krb5_int32 for KV5M_RCACHE
70		* krb5_int32 for length of rcache name.
71		* krb5_int32 for KV5M_RCACHE
72		*/
73		required = sizeof(krb5_int32) * 3;
74		if (rcache->ops)
75		required += (strlen(rcache->ops->type)+1);
76
77		/*
78		* The rcache name is formed as follows:
79		* <type>:<name>
80		*/
81		required += strlen(krb5_rc_get_name(kcontext, rcache));
82
83		kret = 0;
84		*sizep += required;
85		}
86		return(kret);
87		}
88
89		/*
90		* krb5_rcache_externalize() - Externalize the krb5_rcache.
91		*/
92		static krb5_error_code
93		krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet *buffer, size_t lenremain)
94		{
95		krb5_error_code kret;
96		krb5_rcache rcache;
97		size_t required;
98		krb5_octet *bp;
99		size_t remain;
100		char *rcname;
101		char *fnamep;
102
103		required = 0;
104		bp = *buffer;
105		remain = *lenremain;
106		kret = EINVAL;
107		if ((rcache = (krb5_rcache) arg)) {
108		kret = ENOMEM;
109		if (!krb5_rcache_size(kcontext, arg, &required) &&
110		(required <= remain)) {
111		/* Our identifier */
112		(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
113
114		fnamep = krb5_rc_get_name(kcontext, rcache);
115
116		if (rcache->ops->type) {
117		if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0)
118		rcname = NULL;
119		} else
120		rcname = strdup(fnamep);
121
122		if (rcname) {
123		/* Put the length of the file name */
124		(void) krb5_ser_pack_int32((krb5_int32) strlen(rcname),
125		&bp, &remain);
126
127		/* Put the name */
128		(void) krb5_ser_pack_bytes((krb5_octet *) rcname,
129		strlen(rcname),
130		&bp, &remain);
131
132		/* Put the trailer */
133		(void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain);
134		kret = 0;
135		*buffer = bp;
136		*lenremain = remain;
137		free(rcname);
138		}
139		}
140		}
141		return(kret);
142		}
143
144		/*
145		* krb5_rcache_internalize() - Internalize the krb5_rcache.
146		*/
147		static krb5_error_code
148		krb5_rcache_internalize(krb5_context kcontext, krb5_pointer argp, krb5_octet buffer, size_t lenremain)
149		{
150		krb5_error_code kret;
151		krb5_rcache rcache = NULL;
152		krb5_int32 ibuf;
153		krb5_octet *bp;
154		size_t remain;
155		char *rcname = NULL;
156
157		bp = *buffer;
158		remain = *lenremain;
159
160		/* Read our magic number */
161		if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) \|\| ibuf != KV5M_RCACHE)
162		return EINVAL;
163
164		/* Get the length of the rcache name */
165		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
166		if (kret)
167		return kret;
168
169		/* Get the rcache name. */
170		rcname = malloc(ibuf + 1);
171		if (!rcname)
172		return ENOMEM;
173		kret = krb5_ser_unpack_bytes((krb5_octet*)rcname, (size_t) ibuf,
174		&bp, &remain);
175		if (kret)
176		goto cleanup;
177		rcname[ibuf] = '\0';
178
179		/* Resolve and recover the rcache. */
180		kret = krb5_rc_resolve_full(kcontext, &rcache, rcname);
181		if (kret)
182		goto cleanup;
183		krb5_rc_recover(kcontext, rcache);
184
185		/* Read our magic number again. */
186		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
187		if (kret)
188		goto cleanup;
189		if (ibuf != KV5M_RCACHE) {
190		kret = EINVAL;
191		goto cleanup;
192		}
193
194		*buffer = bp;
195		*lenremain = remain;
196		*argp = (krb5_pointer) rcache;
197		cleanup:
198		free(rcname);
199		if (kret != 0 && rcache)
200		krb5_rc_close(kcontext, rcache);
201		return kret;
202		}
203
204		/*
205		* Register the rcache serializer.
206		*/
207		krb5_error_code KRB5_CALLCONV
208		krb5_ser_rcache_init(krb5_context kcontext)
209		{
210		return(krb5_register_serializer(kcontext, &krb5_rcache_ser_entry));
211		}

+82

-0

src/lib/krb5/rcache/t_memrcache.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/rcache/t_memrcache.c - memory replay cache tests */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "memrcache.c"
	33
	34	int
	35	main()
	36	{
	37	krb5_error_code ret;
	38	krb5_context context;
	39	k5_memrcache mrc;
	40	int i;
	41	uint8_t tag[4];
	42	krb5_data tag_data = make_data(tag, 4);
	43	struct entry *e;
	44
	45	ret = krb5_init_context(&context);
	46	assert(ret == 0);
	47
	48	/* Store a thousand unique tags, then verify that they all appear as
	49	* replays. */
	50	ret = k5_memrcache_create(context, &mrc);
	51	assert(ret == 0);
	52	for (i = 0; i < 1000; i++) {
	53	store_32_be(i, tag);
	54	ret = k5_memrcache_store(context, mrc, &tag_data);
	55	assert(ret == 0);
	56	}
	57	for (i = 0; i < 1000; i++) {
	58	store_32_be(i, tag);
	59	ret = k5_memrcache_store(context, mrc, &tag_data);
	60	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	61	}
	62	k5_memrcache_free(context, mrc);
	63
	64	/* Store a thousand unique tags, each spaced out so that previous entries
	65	* appear as expired. Verify that the expiration queue has one entry. */
	66	ret = k5_memrcache_create(context, &mrc);
	67	assert(ret == 0);
	68	context->clockskew = 100;
	69	for (i = 1; i < 1000; i++) {
	70	krb5_set_debugging_time(context, i * 200, 0);
	71	store_32_be(i, tag);
	72	ret = k5_memrcache_store(context, mrc, &tag_data);
	73	assert(ret == 0);
	74	}
	75	e = K5_TAILQ_FIRST(&mrc->expiration_queue);
	76	assert(e != NULL && K5_TAILQ_NEXT(e, links) == NULL);
	77	k5_memrcache_free(context, mrc);
	78
	79	krb5_free_context(context);
	80	return 0;
	81	}

+209

-0

src/lib/krb5/rcache/t_rcfile2.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* lib/krb5/rcache/t_rcfile2.c - rcache file version 2 tests */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	/*
	33	* Usage:
	34	*
	35	* t_rcfile2 <filename> expiry <nreps>
	36	* store <nreps> records spaced far enough apart that all records appear
	37	* expired; verify that the file size doesn't increase beyond one table.
	38	*
	39	* t_rcfile2 <filename> concurrent <nprocesses> <nreps>
	40	* spawn <nprocesses> subprocesses, each of which stores <nreps> unique
	41	* tags. As each process completes, the master process tests that the
	42	* records stored by the subprocess appears as replays.
	43	*
	44	* t_rcfile2 <filename> race <nprocesses> <nreps>
	45	* spawn <nprocesses> subprocesses, each of which tries to store the same
	46	* tag and reports success or failure. The master process verifies that
	47	* exactly one subprocess succeeds. Repeat <reps> times.
	48	*/
	49
	50	#include "rc_file2.c"
	51	#include <sys/wait.h>
	52	#include <sys/time.h>
	53
	54	krb5_context ctx;
	55
	56	static krb5_error_code
	57	test_store(const char filename, uint8_t tag, krb5_timestamp timestamp,
	58	const uint32_t clockskew)
	59	{
	60	krb5_data tag_data = make_data(tag, TAG_LEN);
	61
	62	ctx->clockskew = clockskew;
	63	(void)krb5_set_debugging_time(ctx, timestamp, 0);
	64	return file2_store(ctx, (void *)filename, &tag_data);
	65	}
	66
	67	/* Store a sequence of unique tags, with timestamps far enough apart that all
	68	* previous records appear expired. Verify that we only use one table. */
	69	static void
	70	expiry_test(const char *filename, int reps)
	71	{
	72	krb5_error_code ret;
	73	struct stat statbuf;
	74	uint8_t tag[TAG_LEN] = { 0 }, seed[K5_HASH_SEED_LEN] = { 0 }, data[4];
	75	uint32_t timestamp;
	76	const uint32_t clockskew = 5, start = 1000;
	77	uint64_t hashval;
	78	int i, st;
	79
	80	assert((uint32_t)reps < (UINT32_MAX - start) / clockskew / 2);
	81	for (i = 0, timestamp = start; i < reps; i++, timestamp += clockskew * 2) {
	82	store_32_be(i, data);
	83	hashval = k5_siphash24(data, 4, seed);
	84	store_64_be(hashval, tag);
	85
	86	ret = test_store(filename, tag, timestamp, clockskew);
	87	assert(ret == 0);
	88
	89	/* Since we increment timestamp enough to expire every record between
	90	* each call, we should never create a second hash table. */
	91	st = stat(filename, &statbuf);
	92	assert(st == 0);
	93	assert(statbuf.st_size <= (FIRST_TABLE_RECORDS + 1) * RECORD_LEN);
	94	}
	95	}
	96
	97	/* Store a sequence of unique tags with the same timestamp. Exit with failure
	98	* if any store operation doesn't succeed or fail as given by expect_fail. */
	99	static void
	100	store_records(const char *filename, int id, int reps, int expect_fail)
	101	{
	102	krb5_error_code ret;
	103	uint8_t tag[TAG_LEN] = { 0 };
	104	int i;
	105
	106	store_32_be(id, tag);
	107	for (i = 0; i < reps; i++) {
	108	store_32_be(i, tag + 4);
	109	ret = test_store(filename, tag, 1000, 100);
	110	if (ret != (expect_fail ? KRB5KRB_AP_ERR_REPEAT : 0)) {
	111	fprintf(stderr, "store %d %d %sfail\n", id, i,
	112	expect_fail ? "didn't " : "");
	113	_exit(1);
	114	}
	115	}
	116	}
	117
	118	/* Spawn multiple child processes, each storing a sequence of unique tags.
	119	* After each process completes, verify that its tags appear as replays. */
	120	static void
	121	concurrency_test(const char *filename, int nchildren, int reps)
	122	{
	123	pid_t *pids, pid;
	124	int i, nprocs, status;
	125
	126	pids = calloc(nchildren, sizeof(*pids));
	127	assert(pids != NULL);
	128	for (i = 0; i < nchildren; i++) {
	129	pids[i] = fork();
	130	assert(pids[i] != -1);
	131	if (pids[i] == 0) {
	132	store_records(filename, i, reps, 0);
	133	_exit(0);
	134	}
	135	}
	136	for (nprocs = nchildren; nprocs > 0; nprocs--) {
	137	pid = wait(&status);
	138	assert(pid != -1 && WIFEXITED(status) && WEXITSTATUS(status) == 0);
	139	for (i = 0; i < nchildren; i++) {
	140	if (pids[i] == pid)
	141	store_records(filename, i, reps, 1);
	142	}
	143	}
	144	free(pids);
	145	}
	146
	147	/* Spawn multiple child processes, all trying to store the same tag. Verify
	148	* that only one of the processes succeeded. Repeat reps times. */
	149	static void
	150	race_test(const char *filename, int nchildren, int reps)
	151	{
	152	int i, j, status, nsuccess;
	153	uint8_t tag[TAG_LEN] = { 0 };
	154	pid_t pid;
	155
	156	for (i = 0; i < reps; i++) {
	157	store_32_be(i, tag);
	158	for (j = 0; j < nchildren; j++) {
	159	pid = fork();
	160	assert(pid != -1);
	161	if (pid == 0)
	162	_exit(test_store(filename, tag, 1000, 100) != 0);
	163	}
	164
	165	nsuccess = 0;
	166	for (j = 0; j < nchildren; j++) {
	167	pid = wait(&status);
	168	assert(pid != -1);
	169	if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
	170	nsuccess++;
	171	}
	172	assert(nsuccess == 1);
	173	}
	174	}
	175
	176	int
	177	main(int argc, char **argv)
	178	{
	179	const char filename, cmd;
	180
	181	argv++;
	182	assert(*argv != NULL);
	183
	184	if (krb5_init_context(&ctx) != 0)
	185	abort();
	186
	187	assert(*argv != NULL);
	188	filename = *argv++;
	189	unlink(filename);
	190
	191	assert(*argv != NULL);
	192	cmd = *argv++;
	193	if (strcmp(cmd, "expiry") == 0) {
	194	assert(argv[0] != NULL);
	195	expiry_test(filename, atoi(argv[0]));
	196	} else if (strcmp(cmd, "concurrent") == 0) {
	197	assert(argv[0] != NULL && argv[1] != NULL);
	198	concurrency_test(filename, atoi(argv[0]), atoi(argv[1]));
	199	} else if (strcmp(cmd, "race") == 0) {
	200	assert(argv[0] != NULL && argv[1] != NULL);
	201	race_test(filename, atoi(argv[0]), atoi(argv[1]));
	202	} else {
	203	abort();
	204	}
	205
	206	krb5_free_context(ctx);
	207	return 0;
	208	}

+0

-265

~~src/lib/krb5/rcache/t_replay.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* lib/krb5/rcache/t_replay.c - Test harness for replay cache */
2		/*
3		* Copyright (C) 2009 by the Massachusetts Institute of Technology.
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "k5-int.h"
27
28		static void
29		usage(const char *progname)
30		{
31		fprintf(stderr, "%s: Usage:\n", progname);
32		fprintf(stderr, " %s dump <filename>\n", progname);
33		fprintf(stderr, " %s store <rc> <cli> <srv> <msg> <tstamp> <usec>"
34		" <now> <now-usec>\n", progname);
35		fprintf(stderr, " %s expunge <rc> <now> <now-usec>\n", progname);
36		exit(1);
37		}
38
39		static char *
40		read_counted_string(FILE *fp)
41		{
42		unsigned int len;
43		char *str;
44
45		if (fread(&len, sizeof(len), 1, fp) != 1)
46		return NULL;
47		if (len == 0 \|\| len > 10000)
48		return NULL;
49		if ((str = malloc(len)) == NULL)
50		return NULL;
51		if (fread(str, 1, len, fp) != len)
52		return NULL;
53		if (str[len - 1] != 0)
54		return NULL;
55		return str;
56		}
57
58		static void
59		dump_rcache(const char *filename)
60		{
61		FILE *fp;
62		krb5_deltat lifespan;
63		krb5_int16 vno;
64		char *str;
65		krb5_int32 usec;
66		krb5_timestamp timestamp;
67
68		fp = fopen(filename, "r");
69		if (!fp) {
70		fprintf(stderr, "Can't open filename: %s\n", strerror(errno));
71		return;
72		}
73		if (fread(&vno, sizeof(vno), 1, fp) != 1)
74		return;
75		if (fread(&lifespan, sizeof(lifespan), 1, fp) != 1)
76		return;
77		printf("Lifespan: %ld\n", (long) lifespan);
78		while (1) {
79		printf("---\n");
80
81		if (!(str = read_counted_string(fp)))
82		return;
83		printf("Client: %s\n", str);
84		free(str);
85
86		if (!(str = read_counted_string(fp)))
87		return;
88		printf("Server: %s\n", str);
89		free(str);
90
91		if (fread(&usec, sizeof(usec), 1, fp) != 1)
92		return;
93		printf("Microseconds: %ld\n", (long) usec);
94
95		if (fread(&timestamp, sizeof(timestamp), 1, fp) != 1)
96		return;
97		printf("Timestamp: %ld\n", (long) timestamp);
98		}
99		}
100
101		static void
102		store(krb5_context ctx, char rcspec, char client, char server, char msg,
103		krb5_timestamp timestamp, krb5_int32 usec, krb5_timestamp now_timestamp,
104		krb5_int32 now_usec)
105		{
106		krb5_rcache rc = NULL;
107		krb5_error_code retval = 0;
108		char *hash = NULL;
109		krb5_donot_replay rep;
110		krb5_data d;
111
112		if (now_timestamp != 0)
113		krb5_set_debugging_time(ctx, now_timestamp, now_usec);
114		if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec)))
115		goto cleanup;
116		if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
117		goto cleanup;
118		if (msg) {
119		d.data = msg;
120		d.length = strlen(msg);
121		if ((retval = krb5_rc_hash_message(ctx, &d, &hash)))
122		goto cleanup;
123		}
124		rep.client = client;
125		rep.server = server;
126		rep.msghash = hash;
127		rep.cusec = usec;
128		rep.ctime = timestamp;
129		retval = krb5_rc_store(ctx, rc, &rep);
130		cleanup:
131		if (retval == KRB5KRB_AP_ERR_REPEAT)
132		printf("Replay\n");
133		else if (!retval)
134		printf("Entry successfully stored\n");
135		else
136		fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval));
137		if (rc)
138		krb5_rc_close(ctx, rc);
139		if (hash)
140		free(hash);
141		}
142
143		static void
144		expunge(krb5_context ctx, char *rcspec, krb5_timestamp now_timestamp,
145		krb5_int32 now_usec)
146		{
147		krb5_rcache rc = NULL;
148		krb5_error_code retval = 0;
149
150		if (now_timestamp > 0)
151		krb5_set_debugging_time(ctx, now_timestamp, now_usec);
152		if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec)))
153		goto cleanup;
154		if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
155		goto cleanup;
156		retval = krb5_rc_expunge(ctx, rc);
157		cleanup:
158		if (!retval)
159		printf("Cache successfully expunged\n");
160		else
161		fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval));
162		if (rc)
163		krb5_rc_close(ctx, rc);
164		}
165
166		int
167		main(int argc, char **argv)
168		{
169		krb5_context ctx;
170		krb5_error_code retval;
171		const char *progname;
172
173		retval = krb5_init_context(&ctx);
174		if (retval) {
175		fprintf(stderr, "krb5_init_context returned error %ld\n",
176		(long) retval);
177		exit(1);
178		}
179		progname = argv[0];
180
181		/* Parse arguments. */
182		argc--; argv++;
183		while (argc) {
184		if (strcmp(*argv, "dump") == 0) {
185		/*
186		* Without going through the rcache interface, dump a
187		* named dfl-format rcache file to stdout. Takes a full
188		* pathname argument.
189		*/
190		const char *filename;
191
192		argc--; argv++;
193		if (!argc) usage(progname);
194		filename = *argv;
195		dump_rcache(filename);
196		} else if (strcmp(*argv, "store") == 0) {
197		/*
198		* Using the rcache interface, store a replay record.
199		* Takes an rcache spec like dfl:host as the first
200		* argument. If non-empty, the "msg" argument will be
201		* hashed and provided in the replay record. The
202		* now-timestamp argument can be 0 to use the current
203		* time.
204		*/
205		char rcspec, client, server, msg;
206		krb5_timestamp timestamp, now_timestamp;
207		krb5_int32 usec, now_usec;
208
209		argc--; argv++;
210		if (!argc) usage(progname);
211		rcspec = *argv;
212		argc--; argv++;
213		if (!argc) usage(progname);
214		client = *argv;
215		argc--; argv++;
216		if (!argc) usage(progname);
217		server = *argv;
218		argc--; argv++;
219		if (!argc) usage(progname);
220		msg = (*argv) ? argv : NULL;
221		argc--; argv++;
222		if (!argc) usage(progname);
223		timestamp = (krb5_timestamp) atoll(*argv);
224		argc--; argv++;
225		if (!argc) usage(progname);
226		usec = (krb5_int32) atol(*argv);
227		argc--; argv++;
228		if (!argc) usage(progname);
229		now_timestamp = (krb5_timestamp) atoll(*argv);
230		argc--; argv++;
231		if (!argc) usage(progname);
232		now_usec = (krb5_int32) atol(*argv);
233
234		store(ctx, rcspec, client, server, msg, timestamp, usec,
235		now_timestamp, now_usec);
236		} else if (strcmp(*argv, "expunge") == 0) {
237		/*
238		* Using the rcache interface, expunge a replay cache.
239		* The now-timestamp argument can be 0 to use the current
240		* time.
241		*/
242		char *rcspec;
243		krb5_timestamp now_timestamp;
244		krb5_int32 now_usec;
245
246		argc--; argv++;
247		if (!argc) usage(progname);
248		rcspec = *argv;
249		argc--; argv++;
250		if (!argc) usage(progname);
251		now_timestamp = (krb5_timestamp) atoll(*argv);
252		argc--; argv++;
253		if (!argc) usage(progname);
254		now_usec = (krb5_int32) atol(*argv);
255		expunge(ctx, rcspec, now_timestamp, now_usec);
256		} else
257		usage(progname);
258		argc--; argv++;
259		}
260
261		krb5_free_context(ctx);
262
263		return 0;
264		}

+1

-1

src/lib/krb5/unicode/CompositionExclusions.txt less more

7	7	# version and this one is the addition of U+2ADC FORKING.
8	8	#
9	9	# For more information, see
10		# http://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table
	10	# https://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table
11	11	# ================================================
12	12
13	13	# (1) Script Specifics

+1

-1

src/lib/krb5/unicode/UCD-Terms less more

0		UCD Terms of Use (http://www.unicode.org/Public/UNIDATA/UCD.html)
	0	UCD Terms of Use (https://www.unicode.org/Public/UNIDATA/UCD.html)
1	1
2	2	Disclaimer
3	3

+2

-2

src/lib/krb5/unicode/ucdata/ucdata.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 2001 Computing Research Labs, New Mexico State University
13	13	*

31	31	*/
32	32
33	33	/*
34		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	34	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
35	35	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.36 2008/01/07 23:20:05 kurt Exp $
36	36	* $Id: ucdata.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $"
37	37	*/

+2

-2

src/lib/krb5/unicode/ucdata/ucdata.h less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 2001 Computing Research Labs, New Mexico State University
13	13	*

31	31	*/
32	32
33	33	/*
34		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	34	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
35	35	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.21 2008/01/07 23:20:05 kurt Exp $
36	36	* $Id: ucdata.h,v 1.6 2001/01/02 18:46:20 mleisher Exp $
37	37	*/

+2

-2

src/lib/krb5/unicode/ucdata/ucgendat.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 2001 Computing Research Labs, New Mexico State University
13	13	*

31	31	*/
32	32
33	33	/*
34		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	34	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
35	35	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.43 2008/01/07 23:20:05 kurt Exp $
36	36	* $Id: ucgendat.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $"
37	37	*/

+2

-2

src/lib/krb5/unicode/ucdata/ucpgba.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 2001 Computing Research Labs, New Mexico State University
13	13	*

31	31	*/
32	32
33	33	/*
34		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	34	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
35	35	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.9 2008/01/07 23:20:05 kurt Exp $
36	36	* $Id: ucpgba.c,v 1.5 2001/01/02 18:46:20 mleisher Exp $
37	37	*/

+2

-2

src/lib/krb5/unicode/ucdata/ucpgba.h less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 1999 Computing Research Labs, New Mexico State University
13	13	*

31	31	*/
32	32
33	33	/*
34		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	34	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
35	35	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.10 2008/01/07 23:20:05 kurt Exp $
36	36	* $Id: ucpgba.h,v 1.4 1999/11/19 15:24:30 mleisher Exp $
37	37	*/

+2

-2

src/lib/krb5/unicode/ucstr.c less more

6	6	*
7	7	* A copy of this license is available in file LICENSE in the top-level
8	8	* directory of the distribution or, alternatively, at
9		* <http://www.OpenLDAP.org/license.html>.
	9	* <https://www.OpenLDAP.org/license.html>.
10	10	*/
11	11
12	12	/*
13		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	13	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
14	14	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.40 2008/03/04 06:24:05 hyc Exp $
15	15	*/
16	16

+3

-3

src/lib/krb5/unicode/ure/ure.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 1997, 1998, 1999 Computing Research Labs,
13	13	* New Mexico State University

32	32	*/
33	33
34	34	/*
35		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	35	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
36	36	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.19 2008/01/07 23:20:05 kurt Exp $
37	37	* $Id: ure.c,v 1.2 1999/09/21 15:47:43 mleisher Exp $"
38	38	*/

1724	1724	buf->states.states_used = 0;
1725	1725
1726	1726	/*
1727		* Construct the NFA. If this stage returns a 0, then an error occured or
	1727	* Construct the NFA. If this stage returns a 0, then an error occurred or
1728	1728	* an empty expression was passed.
1729	1729	*/
1730	1730	if ((state = _ure_re2nfa(re, relen, buf)) == _URE_NOOP)

+2

-2

src/lib/krb5/unicode/ure/urestubs.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/*
13	13	* Copyright 1997, 1998, 1999 Computing Research Labs,

33	33	*/
34	34
35	35	/*
36		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	36	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
37	37	* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.16 2008/01/07 23:20:05 kurt Exp $
38	38	* $Id: urestubs.c,v 1.2 1999/09/21 15:47:44 mleisher Exp $"
39	39	*/

+2

-2

src/lib/krb5/unicode/utbm/utbm.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 1997, 1998, 1999 Computing Research Labs,
13	13	* New Mexico State University

32	32	*/
33	33
34	34	/*
35		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	35	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
36	36	* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.9 2008/01/07 23:20:05 kurt Exp $
37	37	* $Id: utbm.c,v 1.1 1999/09/21 15:45:17 mleisher Exp $
38	38	*/

+2

-2

src/lib/krb5/unicode/utbm/utbm.h less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 1997, 1998, 1999 Computing Research Labs,
13	13	* New Mexico State University

32	32	*/
33	33
34	34	/*
35		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	35	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
36	36	* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.10 2008/01/07 23:20:05 kurt Exp $
37	37	* $Id: utbm.h,v 1.1 1999/09/21 15:45:18 mleisher Exp $
38	38	*/

+2

-2

src/lib/krb5/unicode/utbm/utbmstub.c less more

7	7	*
8	8	* A copy of this license is available in file LICENSE in the
9	9	* top-level directory of the distribution or, alternatively, at
10		* <http://www.OpenLDAP.org/license.html>.
	10	* <https://www.OpenLDAP.org/license.html>.
11	11	*/
12	12	/* Copyright 1997, 1998, 1999 Computing Research Labs,
13	13	* New Mexico State University

32	32	*/
33	33
34	34	/*
35		* This work is part of OpenLDAP Software <http://www.openldap.org/>.
	35	* This work is part of OpenLDAP Software <https://www.openldap.org/>.
36	36	* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.8 2008/01/07 23:20:05 kurt Exp $
37	37	* $Id: utbmstub.c,v 1.1 1999/09/21 15:45:18 mleisher Exp $
38	38	*/

+25

-13

src/lib/krb5_32.def less more

258	258
259	259	; DO NOT USE -- Currently required to implement gssapi32.dll
260	260	decode_krb5_ap_req @2 ; PRIVATE GSSAPI k5-int.h KRB5_CALLCONV_WRONG
261		krb5_externalize_opaque @114 ; PRIVATE GSSAPI k5-int.h
262		krb5_internalize_opaque @184 ; PRIVATE GSSAPI k5-int.h
263		krb5_ser_auth_context_init @230 ; PRIVATE GSSAPI k5-int.h
264		krb5_ser_ccache_init @231 ; PRIVATE GSSAPI k5-int.h
265		krb5_ser_context_init @232 ; PRIVATE GSSAPI k5-int.h
266		krb5_ser_keytab_init @233 ; PRIVATE GSSAPI k5-int.h
267	261	krb5_ser_pack_bytes @234 ; PRIVATE GSSAPI k5-int.h
268	262	krb5_ser_pack_int32 @235 ; PRIVATE GSSAPI k5-int.h
269		krb5_ser_rcache_init @236 ; PRIVATE GSSAPI k5-int.h
270	263	krb5_ser_unpack_bytes @237 ; PRIVATE GSSAPI k5-int.h
271	264	krb5_ser_unpack_int32 @238 ; PRIVATE GSSAPI k5-int.h
272		krb5_size_opaque @247 ; PRIVATE GSSAPI k5-int.h
273	265	krb5int_cc_default @268 ; PRIVATE GSSAPI k5-int.h
274	266
275	267	krb5_free_ap_req @119 ; PRIVATE GSSAPI krb5.hin
276	268	krb5_get_tgs_ktypes @177 ; PRIVATE GSSAPI krb5.hin
277	269	krb5_auth_con_set_req_cksumtype @36 ; PRIVATE GSSAPI krb5.hin
278	270	krb5_kt_free_entry @192 ; PRIVATE GSSAPI krb5.hin
279		krb5_rc_close @217 ; PRIVATE GSSAPI krb5.hin
	271	k5_rc_close @217 ; PRIVATE GSSAPI krb5.hin
280	272	krb5_free_enc_tkt_part @132 ; PRIVATE GSSAPI krb5.hin
281	273	krb5_decrypt_tkt_part @108 ; PRIVATE GSSAPI krb5.hin
282	274

433	425	krb5_responder_get_challenge @406
434	426	krb5_responder_list_questions @407
435	427	krb5_responder_set_answer @408
436		krb5_rc_recover_or_initialize @409 ; PRIVATE GSSAPI
437		krb5_rc_resolve_full @410 ; PRIVATE GSSAPI
438		krb5_rc_get_name @411 ; PRIVATE GSSAPI
439		krb5_rc_get_type @412 ; PRIVATE GSSAPI
	428	k5_rc_resolve @410 ; PRIVATE GSSAPI
	429	k5_rc_get_name @411 ; PRIVATE GSSAPI
440	430	krb5_responder_otp_get_challenge @413
441	431	krb5_responder_otp_set_answer @414
442	432	krb5_responder_otp_challenge_free @415

486	476	encode_krb5_pa_spake @444 ; PRIVATE
487	477	decode_krb5_pa_spake @445 ; PRIVATE
488	478	k5_free_pa_spake @446 ; PRIVATE
	479
	480	; new in 1.18
	481	krb5int_c_deprecated_enctype @450 ; PRIVATE
	482	krb5_pac_get_client_info @451
	483	k5_externalize_auth_context @452 ; PRIVATE GSSAPI
	484	k5_externalize_authdata @453 ; PRIVATE GSSAPI
	485	k5_externalize_authdata_context @454 ; PRIVATE GSSAPI
	486	k5_externalize_context @455 ; PRIVATE GSSAPI
	487	k5_externalize_keyblock @456 ; PRIVATE GSSAPI
	488	k5_externalize_principal @457 ; PRIVATE GSSAPI
	489	k5_internalize_auth_context @458 ; PRIVATE GSSAPI
	490	k5_internalize_authdata @459 ; PRIVATE GSSAPI
	491	k5_internalize_authdata_context @460 ; PRIVATE GSSAPI
	492	k5_internalize_context @461 ; PRIVATE GSSAPI
	493	k5_internalize_keyblock @462 ; PRIVATE GSSAPI
	494	k5_internalize_principal @463 ; PRIVATE GSSAPI
	495	k5_size_auth_context @464 ; PRIVATE GSSAPI
	496	k5_size_authdata @465 ; PRIVATE GSSAPI
	497	k5_size_authdata_context @466 ; PRIVATE GSSAPI
	498	k5_size_context @467 ; PRIVATE GSSAPI
	499	k5_size_keyblock @468 ; PRIVATE GSSAPI
	500	k5_size_principal @469 ; PRIVATE GSSAPI

+13

-8

src/lib/rpc/auth_gssapi_misc.c less more

44	44	bool_t result;
45	45	/* Fix type mismatches between APIs. */
46	46	unsigned int length = buf->length;
47		result = xdr_bytes(xdrs, (char **) &buf->value, &length,
	47	char *cp = buf->value;
	48	result = xdr_bytes(xdrs, &cp, &length,
48	49	(xdrs->x_op == XDR_DECODE && buf->value == NULL)
49	50	? (unsigned int) -1 : (unsigned int) buf->length);
	51	buf->value = cp;
50	52	buf->length = length;
51	53	return result;
52	54	}

203	205	XDR temp_xdrs;
204	206	int conf_state;
205	207	unsigned int length;
	208	char *cp;
206	209
207	210	PRINTF(("gssapi_wrap_data: starting\n"));
208	211

242	245
243	246	/* write the token */
244	247	length = out_buf.length;
245		if (! xdr_bytes(out_xdrs, (char **) &out_buf.value,
246		(unsigned int *) &length,
247		out_buf.length)) {
	248	cp = out_buf.value;
	249	if (! xdr_bytes(out_xdrs, &cp, &length, out_buf.length)) {
248	250	PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n"));
249	251	XDR_DESTROY(&temp_xdrs);
250	252	return FALSE;
251	253	}
	254	out_buf.value = cp;
252	255
253	256	*major = gss_release_buffer(minor, &out_buf);
254	257

271	274	uint32_t verf_seq_num;
272	275	int conf, qop;
273	276	unsigned int length;
	277	char *cp;
274	278
275	279	PRINTF(("gssapi_unwrap_data: starting\n"));
276	280

279	283
280	284	in_buf.value = NULL;
281	285	out_buf.value = NULL;
282		if (! xdr_bytes(in_xdrs, (char **) &in_buf.value,
283		&length, (unsigned int) -1)) {
	286	cp = in_buf.value;
	287	if (! xdr_bytes(in_xdrs, &cp, &length, (unsigned int) -1)) {
284	288	PRINTF(("gssapi_unwrap_data: deserializing encrypted data failed\n"));
285	289	temp_xdrs.x_op = XDR_FREE;
286		(void)xdr_bytes(&temp_xdrs, (char **) &in_buf.value, &length,
287		(unsigned int) -1);
	290	(void)xdr_bytes(&temp_xdrs, &cp, &length, (unsigned int) -1);
	291	in_buf.value = NULL;
288	292	return FALSE;
289	293	}
	294	in_buf.value = cp;
290	295	in_buf.length = length;
291	296
292	297	*major = gss_unseal(minor, context, &in_buf, &out_buf, &conf,

+1

-1

src/lib/rpc/auth_unix.c less more

37	37	/*
38	38	* auth_unix.c, Implements UNIX style authentication parameters.
39	39	*
40		* The system is very weak. The client uses no encryption for it's
	40	* The system is very weak. The client uses no encryption for its
41	41	* credentials and only sends null verifiers. The server sends backs
42	42	* null verifiers or optionally a verifier that suggests a new short hand
43	43	* for the credentials.

+4

-1

src/lib/rpc/authgss_prot.c less more

49	49	{
50	50	bool_t xdr_stat;
51	51	u_int tmplen;
	52	char *cp;
52	53
53	54	if (xdrs->x_op != XDR_DECODE) {
54	55	if (buf->length > UINT_MAX)

56	57	else
57	58	tmplen = buf->length;
58	59	}
59		xdr_stat = xdr_bytes(xdrs, (char **)&buf->value, &tmplen, maxsize);
	60	cp = buf->value;
	61	xdr_stat = xdr_bytes(xdrs, &cp, &tmplen, maxsize);
	62	buf->value = cp;
60	63
61	64	if (xdr_stat && xdrs->x_op == XDR_DECODE)
62	65	buf->length = tmplen;

+3

-3

src/lib/rpc/clnt_tcp.c less more

167	167	if (*sockp < 0) {
168	168	*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
169	169	(void)bindresvport_sa(*sockp, NULL);
170		if ((*sockp < 0)
171		\|\| (connect(sockp, (struct sockaddr )raddr,
172		sizeof(*raddr)) < 0)) {
	170	if (*sockp < 0 \|\| raddr == NULL \|\|
	171	connect(sockp, (struct sockaddr )raddr,
	172	sizeof(*raddr)) < 0) {
173	173	rpc_createerr.cf_stat = RPC_SYSTEMERROR;
174	174	rpc_createerr.cf_error.re_errno = errno;
175	175	(void)closesocket(*sockp);

+9

-5

src/lib/rpc/unit-test/Makefile.in less more

14	14	$(GSSRPC_LIBS) $(KRB5_BASE_LIBS)
15	15
16	16	client.o server.o: rpc_test.h
	17
	18	runenv.exp: Makefile
	19	$(RUN_SETUP); for i in $(RUN_VARS); do \
	20	eval echo "set env$$$i$ \$$$$i"; done > runenv.exp
17	21
18	22	# If rpc_test.h and rpc_test_*.c do not work on your system, you can
19	23	# try using rpcgen by uncommenting these lines (be sure to uncomment

41	45	unit-test-ok: unit-test-body
42	46
43	47	PASS=@PASS@
44		unit-test-body:
	48	unit-test-body: runenv.sh runenv.exp
45	49	$(RM) krb5cc_rpc_test_*
46	50	$(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
47		RPC_TEST_SRVTAB=/tmp/rpc_test_v5srvtab.$$$$ ; export RPC_TEST_SRVTAB ; \
48		trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_SRVTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
	51	RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \
	52	trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
49	53	if $(ENV_SETUP) \
50	54	$(RUNTEST) SERVER=./server CLIENT=./client \
51	55	KINIT=$(BUILDTOP)/clients/kinit/kinit \

54	58	PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \
55	59	then \
56	60	echo Cleaning up... ; \
57		rm -f $$RPC_TEST_SRVTAB krb5cc_rpc_test_* ; \
	61	rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \
58	62	$(ENV_SETUP) $(STOP_SERVERS) ; \
59	63	trap 0 ; exit 0 ; \
60	64	else exit 1 ; fi
61	65
62	66	clean:
63	67	$(RM) server client
64		$(RM) dbg.log rpc_test.log rpc_test.sum
	68	$(RM) dbg.log rpc_test.log rpc_test.sum runenv.exp
65	69

+3

-1

src/lib/rpc/unit-test/config/unix.exp less more

0	0	#
1	1	# $Id$
2	2	#
	3
	4	source runenv.exp
3	5
4	6	set kill /bin/kill
5	7	set sleep /bin/sleep

138	140
139	141	if [info exists server_pid] { rpc_test_exit }
140	142
141		set env(KRB5_KTNAME) FILE:$env(RPC_TEST_SRVTAB)
	143	set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB)
142	144
143	145	verbose "% $SERVER" 1
144	146	set server_pid [spawn $SERVER $PROT]

+4

-6

src/lib/rpc/unit-test/lib/helpers.exp less more

58	58	default { perror "didn't get ok back" }
59	59	}
60	60	}
61		# trying to translate rpc_test_setup.sh into inline tcl...
62	61	proc setup_database {} {
63		global env spawn_id kadmin_tcl_spawn_id TESTDIR MAKE_KEYTAB CANON_HOST
	62	global env spawn_id kadmin_tcl_spawn_id TESTDIR CANON_HOST
64	63
65	64	# XXXXX
66	65	set_from_env TOP {/x/x/x/x/x}

70	69	set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
71	70	set_from_env TCLUTIL $TESTDIR/tcl/util.t
72	71	set env(TCLUTIL) $TCLUTIL
73		set_from_env MAKE_KEYTAB $TESTDIR/scripts/make-host-keytab.pl
74	72	set env(PATH) "$TOP/install/admin:$env(PATH)"
75	73
76	74	# $VERBOSE ?

118	116	}
119	117
120	118	if ![info exists CANON_HOST] {
121		set CANON_HOST [exec $env(QUALNAME)]
	119	set CANON_HOST $env(QUALNAME)
122	120	setup_database
123		file delete $env(RPC_TEST_SRVTAB)
124		exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_SRVTAB)
	121	file delete $env(RPC_TEST_KEYTAB)
	122	exec $env(TOP)/cli/kadmin -p admin -w admin ktadd -k $env(RPC_TEST_KEYTAB) server/$CANON_HOST
125	123	}
126	124
127	125

+0

-59

~~src/lib/rpc/unit-test/rpc_test_setup.sh~~ less more

0		#!/bin/sh
1		#
2		# This script performs additional setup for the RPC unit test. It
3		# assumes that gmake has put TOP and RPC_TEST_SRVTAB into the
4		# environment.
5		#
6		# $Id$
7		# $Source$
8
9		DUMMY=${TESTDIR=$TOP/testing}
10		DUMMY=${CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl}
11		DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL
12		DUMMY=${MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
13
14		if $VERBOSE; then
15		REDIRECT=
16		else
17		REDIRECT='>/dev/null'
18		fi
19
20		PATH=$TOP/install/admin:$PATH; export PATH
21
22		CANON_HOST=`$QUALNAME`
23		export CANON_HOST
24
25		cat - > /tmp/rpc_test_setup$$ <<\EOF
26		source $env(TCLUTIL)
27		set h $env(CANON_HOST)
28		puts stdout [kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
29		if ![info exists server_handle] { exit 1 }
30		puts stdout [kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin]
31		puts stdout [kadm5_randkey_principal $server_handle server/$h key null]
32		puts stdout [kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin]
33		puts stdout [kadm5_randkey_principal $server_handle notserver/$h key null]
34		puts stdout [kadm5_destroy $server_handle]
35		EOF
36		eval "$CLNTTCL $REDIRECT < /tmp/rpc_test_setup$$"
37		if test $? != 0 ; then
38		rm /tmp/rpc_test_setup$$
39		echo 1>&2 error setting up database for tests
40		exit 1
41		fi
42		rm /tmp/rpc_test_setup$$
43
44		rm -f $RPC_TEST_SRVTAB
45
46		eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_SRVTAB $REDIRECT
47
48		# grep -s "$CANON_HOST SECURE-TEST.OV.COM" /etc/krb.realms
49		# if [ $? != 0 ]; then
50		# eval echo \"Adding \$CANON_HOST SECURE-TEST.OV.COM to /etc/krb.realms\" $REDIRECT
51		# ed /etc/krb.realms <<EOF >/dev/null
52		# 1i
53		# $CANON_HOST SECURE-TEST.OV.COM
54		# .
55		# w
56		# q
57		# EOF
58		# fi

+2

-2

src/man/k5identity.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "K5IDENTITY" "5" " " "1.17" "MIT Kerberos"
	2	.TH "K5IDENTITY" "5" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	k5identity \- Kerberos V5 client principal selection rules
5	5	.

97	97	.SH AUTHOR
98	98	MIT
99	99	.SH COPYRIGHT
100		1985-2019, MIT
	100	1985-2020, MIT
101	101	.\" Generated by docutils manpage writer.
102	102	.

+2

-2

src/man/k5login.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "K5LOGIN" "5" " " "1.17" "MIT Kerberos"
	2	.TH "K5LOGIN" "5" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	k5login \- Kerberos V5 acl file for host access
5	5	.

90	90	.SH AUTHOR
91	91	MIT
92	92	.SH COPYRIGHT
93		1985-2019, MIT
	93	1985-2020, MIT
94	94	.\" Generated by docutils manpage writer.
95	95	.

+2

-2

src/man/k5srvutil.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "K5SRVUTIL" "1" " " "1.17" "MIT Kerberos"
	2	.TH "K5SRVUTIL" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	k5srvutil \- host key table (keytab) manipulation utility
5	5	.

89	89	.SH AUTHOR
90	90	MIT
91	91	.SH COPYRIGHT
92		1985-2019, MIT
	92	1985-2020, MIT
93	93	.\" Generated by docutils manpage writer.
94	94	.

+2

-2

src/man/kadm5.acl.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KADM5.ACL" "5" " " "1.17" "MIT Kerberos"
	2	.TH "KADM5.ACL" "5" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kadm5.acl \- Kerberos ACL file
5	5	.

273	273	.SH AUTHOR
274	274	MIT
275	275	.SH COPYRIGHT
276		1985-2019, MIT
	276	1985-2020, MIT
277	277	.\" Generated by docutils manpage writer.
278	278	.

+7

-7

src/man/kadmin.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KADMIN" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kadmin \- Kerberos V5 database administration program
5	5	.

457	457	.nf
458	458	.ft C
459	459	kadmin: addprinc jennifer
460		WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU";
	460	No policy specified for "jennifer@ATHENA.MIT.EDU";
461	461	defaulting to no policy.
462	462	Enter password for principal jennifer@ATHENA.MIT.EDU:
463	463	Re\-enter password for principal jennifer@ATHENA.MIT.EDU:

609	609	Principal: tlyu/admin@BLEEP.COM
610	610	Expiration date: [never]
611	611	Last password change: Mon Aug 12 14:16:47 EDT 1996
612		Password expiration date: [none]
	612	Password expiration date: [never]
613	613	Maximum ticket life: 0 days 10:00:00
614	614	Maximum renewable life: 7 days 00:00:00
615	615	Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
616	616	Last successful authentication: [never]
617	617	Last failed authentication: [never]
618	618	Failed password attempts: 0
619		Number of keys: 2
620		Key: vno 1, des\-cbc\-crc
621		Key: vno 1, des\-cbc\-crc:v4
	619	Number of keys: 1
	620	Key: vno 1, aes256\-cts\-hmac\-sha384\-192
	621	MKey: vno 1
622	622	Attributes:
623	623	Policy: [none]
624	624

1080	1080	.SH AUTHOR
1081	1081	MIT
1082	1082	.SH COPYRIGHT
1083		1985-2019, MIT
	1083	1985-2020, MIT
1084	1084	.\" Generated by docutils manpage writer.
1085	1085	.

+3

-4

src/man/kadmind.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KADMIND" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KADMIND" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kadmind \- KADM5 administration server
5	5	.

97	97	.TP
98	98	\fB\-nofork\fP
99	99	causes the server to remain in the foreground and remain
100		associated to the terminal. In normal operation, you should allow
101		the server to place itself in the background.
	100	associated to the terminal.
102	101	.TP
103	102	\fB\-proponly\fP
104	103	causes the server to only listen and respond to Kerberos replica

148	147	.SH AUTHOR
149	148	MIT
150	149	.SH COPYRIGHT
151		1985-2019, MIT
	150	1985-2020, MIT
152	151	.\" Generated by docutils manpage writer.
153	152	.

+49

-75

src/man/kdb5_ldap_util.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KDB5_LDAP_UTIL" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KDB5_LDAP_UTIL" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kdb5_ldap_util \- Kerberos configuration utility
5	5	.

43	43	.SH COMMAND-LINE OPTIONS
44	44	.INDENT 0.0
45	45	.TP
	46	\fB\-r\fP \fIrealm\fP
	47	Specifies the realm to be operated on.
	48	.TP
46	49	\fB\-D\fP \fIuser_dn\fP
47	50	Specifies the Distinguished Name (DN) of the user who has
48	51	sufficient rights to perform the operation on the LDAP server.

52	55	recommended.
53	56	.TP
54	57	\fB\-H\fP \fIldapuri\fP
55		Specifies the URI of the LDAP server. It is recommended to use
56		\fBldapi://\fP or \fBldaps://\fP to connect to the LDAP server.
57		.UNINDENT
	58	Specifies the URI of the LDAP server.
	59	.UNINDENT
	60	.sp
	61	By default, kdb5_ldap_util operates on the default realm (as specified
	62	in krb5.conf(5)) and connects and authenticates to the LDAP
	63	server in the same manner as :ref:kadmind(8)\(ga would given the
	64	parameters in dbdefaults in kdc.conf(5)\&.
58	65	.SH COMMANDS
59	66	.SS create
60	67	.INDENT 0.0

65	72	[\fB\-containerref\fP \fIcontainer_reference_dn\fP]
66	73	[\fB\-k\fP \fImkeytype\fP]
67	74	[\fB\-kv\fP \fImkeyVNO\fP]
	75	[\fB\-M\fP \fImkeyname\fP]
68	76	[\fB\-m\|\-P\fP \fIpassword\fP\|\fB\-sf\fP \fIstashfilename\fP]
69	77	[\fB\-s\fP]
70		[\fB\-r\fP \fIrealm\fP]
71	78	[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
72	79	[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
73	80	[\fIticket_flags\fP]

102	109	Specifies the version number of the master key in the database;
103	110	the default is 1. Note that 0 is not allowed.
104	111	.TP
	112	\fB\-M\fP \fImkeyname\fP
	113	Specifies the principal name for the master key in the database.
	114	If not specified, the name is determined by the
	115	\fBmaster_key_name\fP variable in kdc.conf(5)\&.
	116	.TP
105	117	\fB\-m\fP
106	118	Specifies that the master database password should be read from
107	119	the TTY rather than fetched from a file on the disk.

109	121	\fB\-P\fP \fIpassword\fP
110	122	Specifies the master database password. This option is not
111	123	recommended.
112		.TP
113		\fB\-r\fP \fIrealm\fP
114		Specifies the Kerberos realm of the database.
115	124	.TP
116	125	\fB\-sf\fP \fIstashfilename\fP
117	126	Specifies the stash file of the master database password.

140	149	.nf
141	150	.ft C
142	151	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
143		create \-subtrees o=org \-sscope SUB \-r ATHENA.MIT.EDU
	152	\-r ATHENA.MIT.EDU create \-subtrees o=org \-sscope SUB
144	153	Password for "cn=admin,o=org":
145	154	Initializing database for realm \(aqATHENA.MIT.EDU\(aq
146	155	You will be prompted for the database Master Password.

158	167	[\fB\-subtrees\fP \fIsubtree_dn_list\fP]
159	168	[\fB\-sscope\fP \fIsearch_scope\fP]
160	169	[\fB\-containerref\fP \fIcontainer_reference_dn\fP]
161		[\fB\-r\fP \fIrealm\fP]
162	170	[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
163	171	[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
164	172	[\fIticket_flags\fP]

182	190	container object in which the principals of a realm will be
183	191	created.
184	192	.TP
185		\fB\-r\fP \fIrealm\fP
186		Specifies the Kerberos realm of the database.
187		.TP
188	193	\fB\-maxtktlife\fP \fImax_ticket_life\fP
189	194	(getdate string) Specifies maximum ticket life for
190	195	principals in this realm.

205	210	.sp
206	211	.nf
207	212	.ft C
208		shell% kdb5_ldap_util \-D cn=admin,o=org \-H
209		ldaps://ldap\-server1.mit.edu modify +requires_preauth \-r
210		ATHENA.MIT.EDU
	213	shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H
	214	ldaps://ldap\-server1.mit.edu modify +requires_preauth
211	215	Password for "cn=admin,o=org":
212	216	shell%
213	217	.ft P

217	221	.SS view
218	222	.INDENT 0.0
219	223	.INDENT 3.5
220		\fBview\fP [\fB\-r\fP \fIrealm\fP]
221		.UNINDENT
222		.UNINDENT
223		.sp
224		Displays the attributes of a realm. Options:
225		.INDENT 0.0
226		.TP
227		\fB\-r\fP \fIrealm\fP
228		Specifies the Kerberos realm of the database.
229		.UNINDENT
	224	\fBview\fP
	225	.UNINDENT
	226	.UNINDENT
	227	.sp
	228	Displays the attributes of a realm.
230	229	.sp
231	230	Example:
232	231	.INDENT 0.0

235	234	.nf
236	235	.ft C
237	236	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
238		view \-r ATHENA.MIT.EDU
	237	\-r ATHENA.MIT.EDU view
239	238	Password for "cn=admin,o=org":
240	239	Realm Name: ATHENA.MIT.EDU
241	240	Subtree: ou=users,o=org

251	250	.SS destroy
252	251	.INDENT 0.0
253	252	.INDENT 3.5
254		\fBdestroy\fP [\fB\-f\fP] [\fB\-r\fP \fIrealm\fP]
	253	\fBdestroy\fP [\fB\-f\fP]
255	254	.UNINDENT
256	255	.UNINDENT
257	256	.sp

260	259	.TP
261	260	\fB\-f\fP
262	261	If specified, will not prompt the user for confirmation.
263		.TP
264		\fB\-r\fP \fIrealm\fP
265		Specifies the Kerberos realm of the database.
266		.UNINDENT
267		.sp
268		Example:
269		.INDENT 0.0
270		.INDENT 3.5
271		.sp
272		.nf
273		.ft C
274		shell% kdb5_ldap_util \-D cn=admin,o=org \-H
275		ldaps://ldap\-server1.mit.edu destroy \-r ATHENA.MIT.EDU
	262	.UNINDENT
	263	.sp
	264	Example:
	265	.INDENT 0.0
	266	.INDENT 3.5
	267	.sp
	268	.nf
	269	.ft C
	270	shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H
	271	ldaps://ldap\-server1.mit.edu destroy
276	272	Password for "cn=admin,o=org":
277	273	Deleting KDC database of \(aqATHENA.MIT.EDU\(aq, are you sure?
278	274	(type \(aqyes\(aq to confirm)? yes

289	285	.UNINDENT
290	286	.UNINDENT
291	287	.sp
292		Lists the name of realms.
	288	Lists the names of realms under the container.
293	289	.sp
294	290	Example:
295	291	.INDENT 0.0

355	351	.INDENT 0.0
356	352	.INDENT 3.5
357	353	\fBcreate_policy\fP
358		[\fB\-r\fP \fIrealm\fP]
359	354	[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
360	355	[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
361	356	[\fIticket_flags\fP]

365	360	.sp
366	361	Creates a ticket policy in the directory. Options:
367	362	.INDENT 0.0
368		.TP
369		\fB\-r\fP \fIrealm\fP
370		Specifies the Kerberos realm of the database.
371	363	.TP
372	364	\fB\-maxtktlife\fP \fImax_ticket_life\fP
373	365	(getdate string) Specifies maximum ticket life for

394	386	.nf
395	387	.ft C
396	388	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
397		create_policy \-r ATHENA.MIT.EDU \-maxtktlife "1 day"
	389	\-r ATHENA.MIT.EDU create_policy \-maxtktlife "1 day"
398	390	\-maxrenewlife "1 week" \-allow_postdated +needchange
399	391	\-allow_forwardable tktpolicy
400	392	Password for "cn=admin,o=org":

406	398	.INDENT 0.0
407	399	.INDENT 3.5
408	400	\fBmodify_policy\fP
409		[\fB\-r\fP \fIrealm\fP]
410	401	[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
411	402	[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
412	403	[\fIticket_flags\fP]

424	415	.nf
425	416	.ft C
426	417	kdb5_ldap_util \-D cn=admin,o=org \-H
427		ldaps://ldap\-server1.mit.edu modify_policy \-r ATHENA.MIT.EDU
	418	ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU modify_policy
428	419	\-maxtktlife "60 minutes" \-maxrenewlife "10 hours"
429	420	+allow_postdated \-requires_preauth tktpolicy
430	421	Password for "cn=admin,o=org":

436	427	.INDENT 0.0
437	428	.INDENT 3.5
438	429	\fBview_policy\fP
439		[\fB\-r\fP \fIrealm\fP]
440	430	\fIpolicy_name\fP
441	431	.UNINDENT
442	432	.UNINDENT
443	433	.sp
444		Displays the attributes of a ticket policy. Options:
445		.INDENT 0.0
446		.TP
447		.B \fIpolicy_name\fP
448		Specifies the name of the ticket policy.
449		.UNINDENT
	434	Displays the attributes of the named ticket policy.
450	435	.sp
451	436	Example:
452	437	.INDENT 0.0

455	440	.nf
456	441	.ft C
457	442	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
458		view_policy \-r ATHENA.MIT.EDU tktpolicy
	443	\-r ATHENA.MIT.EDU view_policy tktpolicy
459	444	Password for "cn=admin,o=org":
460	445	Ticket policy: tktpolicy
461	446	Maximum ticket life: 0 days 01:00:00

469	454	.INDENT 0.0
470	455	.INDENT 3.5
471	456	\fBdestroy_policy\fP
472		[\fB\-r\fP \fIrealm\fP]
473	457	[\fB\-force\fP]
474	458	\fIpolicy_name\fP
475	459	.UNINDENT

477	461	.sp
478	462	Destroys an existing ticket policy. Options:
479	463	.INDENT 0.0
480		.TP
481		\fB\-r\fP \fIrealm\fP
482		Specifies the Kerberos realm of the database.
483	464	.TP
484	465	\fB\-force\fP
485	466	Forces the deletion of the policy object. If not specified, the

496	477	.nf
497	478	.ft C
498	479	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
499		destroy_policy \-r ATHENA.MIT.EDU tktpolicy
	480	\-r ATHENA.MIT.EDU destroy_policy tktpolicy
500	481	Password for "cn=admin,o=org":
501	482	This will delete the policy object \(aqtktpolicy\(aq, are you sure?
502	483	(type \(aqyes\(aq to confirm)? yes

509	490	.INDENT 0.0
510	491	.INDENT 3.5
511	492	\fBlist_policy\fP
512		[\fB\-r\fP \fIrealm\fP]
513		.UNINDENT
514		.UNINDENT
515		.sp
516		Lists the ticket policies in realm if specified or in the default
517		realm. Options:
518		.INDENT 0.0
519		.TP
520		\fB\-r\fP \fIrealm\fP
521		Specifies the Kerberos realm of the database.
522		.UNINDENT
	493	.UNINDENT
	494	.UNINDENT
	495	.sp
	496	Lists ticket policies.
523	497	.sp
524	498	Example:
525	499	.INDENT 0.0

528	502	.nf
529	503	.ft C
530	504	kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
531		list_policy \-r ATHENA.MIT.EDU
	505	\-r ATHENA.MIT.EDU list_policy
532	506	Password for "cn=admin,o=org":
533	507	tktpolicy
534	508	tmppolicy

547	521	.SH AUTHOR
548	522	MIT
549	523	.SH COPYRIGHT
550		1985-2019, MIT
	524	1985-2020, MIT
551	525	.\" Generated by docutils manpage writer.
552	526	.

+9

-16

src/man/kdb5_util.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KDB5_UTIL" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KDB5_UTIL" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kdb5_util \- Kerberos database maintenance utility
5	5	.

135	135	.SS dump
136	136	.INDENT 0.0
137	137	.INDENT 3.5
138		\fBdump\fP [\fB\-b7\fP\|\fB\-ov\fP\|\fB\-r13\fP\|\fB\-r18\fP]
	138	\fBdump\fP [\fB\-b7\fP\|\fB\-r13\fP\|\fB\-r18\fP]
139	139	[\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP
140	140	\fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP
141	141	[\fIprincipals\fP\&...]]

152	152	causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util
153	153	load_dump version 4"). This was the dump format produced on
154	154	releases prior to 1.2.2.
155		.TP
156		\fB\-ov\fP
157		causes the dump to be in "ovsec_adm_export" format.
158	155	.TP
159	156	\fB\-r13\fP
160	157	causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util

202	199	.SS load
203	200	.INDENT 0.0
204	201	.INDENT 3.5
205		\fBload\fP [\fB\-b7\fP\|\fB\-ov\fP\|\fB\-r13\fP\|\fB\-r18\fP] [\fB\-hash\fP]
	202	\fBload\fP [\fB\-b7\fP\|\fB\-r13\fP\|\fB\-r18\fP] [\fB\-hash\fP]
206	203	[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP
207	204	.UNINDENT
208	205	.UNINDENT

222	219	requires the database to be in the Kerberos 5 Beta 7 format
223	220	("kdb5_util load_dump version 4"). This was the dump format
224	221	produced on releases prior to 1.2.2.
225		.TP
226		\fB\-ov\fP
227		requires the database to be in "ovsec_adm_import" format. Must be
228		used with the \fB\-update\fP option.
229	222	.TP
230	223	\fB\-r13\fP
231	224	requires the database to be in Kerberos 5 1.3 format ("kdb5_util

535	528	$ kdb5_util tabdump \-o keyinfo.txt keyinfo
536	529	$ cat keyinfo.txt
537	530	name keyindex kvno enctype salttype salt
	531	K/M@EXAMPLE.COM 0 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
538	532	foo@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
539	533	bar@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
540		bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
541	534	$ sqlite3
542	535	sqlite> .mode tabs
543	536	sqlite> .import keyinfo.txt keyinfo
544		sqlite> select * from keyinfo where enctype like \(aqdes\-cbc\-%\(aq;
545		bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
	537	sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
	538	K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
546	539	sqlite> .quit
547		$ awk \-F\(aq\et\(aq \(aq$4 ~ /des\-cbc\-/ { print }\(aq keyinfo.txt
548		bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
	540	$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
	541	K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
549	542	.ft P
550	543	.fi
551	544	.UNINDENT

560	553	.SH AUTHOR
561	554	MIT
562	555	.SH COPYRIGHT
563		1985-2019, MIT
	556	1985-2020, MIT
564	557	.\" Generated by docutils manpage writer.
565	558	.

+12

-66

src/man/kdc.conf.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KDC.CONF" "5" " " "1.17" "MIT Kerberos"
	2	.TH "KDC.CONF" "5" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kdc.conf \- Kerberos V5 KDC configuration file
5	5	.

440	440	listed in \fBhost_based_services\fP\&. \fBno_host_referral = *\fP will
441	441	disable referral processing altogether.
442	442	.TP
443		\fBdes_crc_session_supported\fP
444		(Boolean value). If set to true, the KDC will assume that service
445		principals support des\-cbc\-crc for session key enctype negotiation
446		purposes. If \fBallow_weak_crypto\fP in libdefaults is
447		false, or if des\-cbc\-crc is not a permitted enctype, then this
448		variable has no effect. Defaults to true. New in release 1.11.
449		.TP
450	443	\fBreject_bad_transit\fP
451	444	(Boolean value.) If set to true, the KDC will check the list of
452	445	transited realms for cross\-realm tickets against the transit path

486	479	(List of \fIkey\fP:\fIsalt\fP strings.) Specifies the default key/salt
487	480	combinations of principals for this realm. Any principals created
488	481	through kadmin(1) will have keys of these types. The
489		default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal des3\-cbc\-sha1:normal arcfour\-hmac\-md5:normal\fP\&. For lists of
	482	default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal\fP\&. For lists of
490	483	possible values, see \fI\%Keysalt lists\fP\&.
491	484	.UNINDENT
492	485	.SS [dbdefaults]

520	513	\fBldap_kadmind_sasl_realm\fP
521	514	.IP \(bu 2
522	515	\fBldap_service_password_file\fP
523		.IP \(bu 2
524		\fBldap_servers\fP
525	516	.IP \(bu 2
526	517	\fBldap_conns_per_server\fP
527	518	.UNINDENT

726	717	.UNINDENT
727	718	.sp
728	719	In the following example, the logging messages from the KDC will go to
729		the console and to the system log under the facility LOG_DAEMON with
730		default severity of LOG_INFO; and the logging messages from the
731		administrative server will be appended to the file
732		\fB/var/adm/kadmin.log\fP and sent to the device \fB/dev/tty04\fP\&.
	720	the console and to the system log under the facility LOG_DAEMON, and
	721	the logging messages from the administrative server will be appended
	722	to the file \fB/var/adm/kadmin.log\fP and sent to the device
	723	\fB/dev/tty04\fP\&.
733	724	.INDENT 0.0
734	725	.INDENT 3.5
735	726	.sp

744	735	.fi
745	736	.UNINDENT
746	737	.UNINDENT
	738	.sp
	739	If no logging specification is given, the default is to use syslog.
	740	To disable logging entirely, specify \fBdefault = DEVICE=/dev/null\fP\&.
747	741	.SS [otp]
748	742	.sp
749	743	Each subsection of [otp] is the name of an OTP token type. The tags

968	962	\|l\|l\|.
969	963	_
970	964	T{
971		des\-cbc\-crc
972		T} T{
973		DES cbc mode with CRC\-32 (weak)
974		T}
975		_
976		T{
977		des\-cbc\-md4
978		T} T{
979		DES cbc mode with RSA\-MD4 (weak)
980		T}
981		_
982		T{
983		des\-cbc\-md5
984		T} T{
985		DES cbc mode with RSA\-MD5 (weak)
986		T}
987		_
988		T{
989		des\-cbc\-raw
990		T} T{
991		DES cbc mode raw (weak)
992		T}
993		_
994		T{
995	965	des3\-cbc\-raw
996	966	T} T{
997	967	Triple DES cbc mode raw (weak)

1004	974	T}
1005	975	_
1006	976	T{
1007		des\-hmac\-sha1
1008		T} T{
1009		DES with HMAC/sha1 (weak)
1010		T}
1011		_
1012		T{
1013	977	aes256\-cts\-hmac\-sha1\-96 aes256\-cts aes256\-sha1
1014	978	T} T{
1015	979	AES\-256 CTS mode with 96\-bit SHA\-1 HMAC

1055	1019	camellia128\-cts\-cmac camellia128\-cts
1056	1020	T} T{
1057	1021	Camellia\-128 CTS mode with CMAC
1058		T}
1059		_
1060		T{
1061		des
1062		T} T{
1063		The DES family: des\-cbc\-crc, des\-cbc\-md5, and des\-cbc\-md4 (weak)
1064	1022	T}
1065	1023	_
1066	1024	T{

1094	1052	from the current list by prefixing them with a minus sign ("\-").
1095	1053	Types or families can be prefixed with a plus sign ("+") for symmetry;
1096	1054	it has the same meaning as just listing the type or family. For
1097		example, "\fBDEFAULT \-des\fP" would be the default set of encryption
1098		types with DES types removed, and "\fBdes3 DEFAULT\fP" would be the
	1055	example, "\fBDEFAULT \-rc4\fP" would be the default set of encryption
	1056	types with RC4 types removed, and "\fBdes3 DEFAULT\fP" would be the
1099	1057	default set of encryption types with triple DES types moved to the
1100	1058	front.
1101	1059	.sp

1147	1105	T}
1148	1106	_
1149	1107	T{
1150		v4
1151		T} T{
1152		the only type used by Kerberos Version 4 (no salt)
1153		T}
1154		_
1155		T{
1156	1108	norealm
1157	1109	T} T{
1158	1110	same as the default, without using realm information

1162	1114	onlyrealm
1163	1115	T} T{
1164	1116	uses only realm information as the salt
1165		T}
1166		_
1167		T{
1168		afs3
1169		T} T{
1170		AFS version 3, only used for compatibility with Kerberos 4 in AFS
1171	1117	T}
1172	1118	_
1173	1119	T{

1232	1178	.SH AUTHOR
1233	1179	MIT
1234	1180	.SH COPYRIGHT
1235		1985-2019, MIT
	1181	1985-2020, MIT
1236	1182	.\" Generated by docutils manpage writer.
1237	1183	.

+2

-2

src/man/kdestroy.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KDESTROY" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KDESTROY" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kdestroy \- destroy Kerberos tickets
5	5	.

88	88	.SH AUTHOR
89	89	MIT
90	90	.SH COPYRIGHT
91		1985-2019, MIT
	91	1985-2020, MIT
92	92	.\" Generated by docutils manpage writer.
93	93	.

+21

-6

src/man/kerberos.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KERBEROS" "7" " " "1.17" "MIT Kerberos"
	2	.TH "KERBEROS" "7" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kerberos \- Overview of using Kerberos
5	5	.

140	140	Distribution Center daemon and associated programs. The default
141	141	is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP\&.
142	142	.TP
	143	\fBKRB5RCACHENAME\fP
	144	(New in release 1.18) Specifies the location of the default replay
	145	cache, in the form \fItype\fP:\fIresidual\fP\&. The \fBfile2\fP type with a
	146	pathname residual specifies a replay cache file in the version\-2
	147	format in the specified location. The \fBnone\fP type (residual is
	148	ignored) disables the replay cache. The \fBdfl\fP type (residual is
	149	ignored) indicates the default, which uses a file2 replay cache in
	150	a temporary directory. The default is \fBdfl:\fP\&.
	151	.TP
143	152	\fBKRB5RCACHETYPE\fP
144		Specifies the default type of replay cache to use for servers.
145		Valid types include \fBdfl\fP for the normal file type and \fBnone\fP
146		for no replay cache. The default is \fBdfl\fP\&.
	153	Specifies the type of the default replay cache, if
	154	\fBKRB5RCACHENAME\fP is unspecified. No residual can be specified,
	155	so \fBnone\fP and \fBdfl\fP are the only useful types.
147	156	.TP
148	157	\fBKRB5RCACHEDIR\fP
149		Specifies the default directory for replay caches used by servers.
	158	Specifies the directory used by the \fBdfl\fP replay cache type.
150	159	The default is the value of the \fBTMPDIR\fP environment variable,
151	160	or \fB/var/tmp\fP if \fBTMPDIR\fP is not set.
152	161	.TP

164	173	.TP
165	174	\fBKPROP_PORT\fP
166	175	kprop(8) port to use. Defaults to 754.
	176	.TP
	177	\fBGSS_MECH_CONFIG\fP
	178	Specifies a filename containing GSSAPI mechanism module
	179	configuration. The default is to read \fB@SYSCONFDIR@\fP\fB/gss/mech\fP
	180	and files with a \fB\&.conf\fP suffix within the directory
	181	\fB@SYSCONFDIR@\fP\fB/gss/mech.d\fP\&.
167	182	.UNINDENT
168	183	.sp
169	184	Most environment variables are disabled for certain programs, such as

196	211	.SH AUTHOR
197	212	MIT
198	213	.SH COPYRIGHT
199		1985-2019, MIT
	214	1985-2020, MIT
200	215	.\" Generated by docutils manpage writer.
201	216	.

+3

-4

src/man/kinit.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KINIT" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kinit \- obtain and cache Kerberos ticket-granting ticket
5	5	.

112	112	requested.
113	113	.TP
114	114	\fB\-E\fP
115		treats the principal name as an enterprise name (implies the
116		\fB\-C\fP option).
	115	treats the principal name as an enterprise name.
117	116	.TP
118	117	\fB\-v\fP
119	118	requests that the ticket\-granting ticket in the cache (with the

246	245	.SH AUTHOR
247	246	MIT
248	247	.SH COPYRIGHT
249		1985-2019, MIT
	248	1985-2020, MIT
250	249	.\" Generated by docutils manpage writer.
251	250	.

+2

-2

src/man/klist.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KLIST" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KLIST" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	klist \- list cached Kerberos tickets
5	5	.

148	148	.SH AUTHOR
149	149	MIT
150	150	.SH COPYRIGHT
151		1985-2019, MIT
	151	1985-2020, MIT
152	152	.\" Generated by docutils manpage writer.
153	153	.

+2

-2

src/man/kpasswd.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KPASSWD" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KPASSWD" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kpasswd \- change a user's Kerberos password
5	5	.

62	62	.SH AUTHOR
63	63	MIT
64	64	.SH COPYRIGHT
65		1985-2019, MIT
	65	1985-2020, MIT
66	66	.\" Generated by docutils manpage writer.
67	67	.

+2

-2

src/man/kprop.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KPROP" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KPROP" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kprop \- propagate a Kerberos V5 principal database to a replica server
5	5	.

76	76	.SH AUTHOR
77	77	MIT
78	78	.SH COPYRIGHT
79		1985-2019, MIT
	79	1985-2020, MIT
80	80	.\" Generated by docutils manpage writer.
81	81	.

+2

-2

src/man/kpropd.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KPROPD" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KPROPD" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kpropd \- Kerberos V5 replica KDC update server
5	5	.

166	166	.SH AUTHOR
167	167	MIT
168	168	.SH COPYRIGHT
169		1985-2019, MIT
	169	1985-2020, MIT
170	170	.\" Generated by docutils manpage writer.
171	171	.

+2

-2

src/man/kproplog.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KPROPLOG" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KPROPLOG" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kproplog \- display the contents of the Kerberos principal update log
5	5	.

108	108	.SH AUTHOR
109	109	MIT
110	110	.SH COPYRIGHT
111		1985-2019, MIT
	111	1985-2020, MIT
112	112	.\" Generated by docutils manpage writer.
113	113	.

+2

-2

src/man/krb5-config.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KRB5-CONFIG" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KRB5-CONFIG" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	krb5-config \- tool for linking against MIT Kerberos libraries
5	5	.

135	135	.SH AUTHOR
136	136	MIT
137	137	.SH COPYRIGHT
138		1985-2019, MIT
	138	1985-2020, MIT
139	139	.\" Generated by docutils manpage writer.
140	140	.

+48

-122

src/man/krb5.conf.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KRB5.CONF" "5" " " "1.17" "MIT Kerberos"
	2	.TH "KRB5.CONF" "5" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	krb5.conf \- Kerberos configuration file
5	5	.

75	75	.UNINDENT
76	76	.UNINDENT
77	77	.sp
78		Placing a \(aq*\(aq at the end of a line indicates that this is the \fIfinal\fP
79		value for the tag. This means that neither the remainder of this
80		configuration file nor any other configuration file will be checked
81		for any other values for this tag.
82		.sp
83		For example, if you have the following lines:
84		.INDENT 0.0
85		.INDENT 3.5
86		.sp
87		.nf
88		.ft C
89		foo = bar*
90		foo = baz
91		.ft P
92		.fi
93		.UNINDENT
94		.UNINDENT
95		.sp
96		then the second value of \fBfoo\fP (\fBbaz\fP) would never be read.
	78	Placing a \(aq*\(aq after the closing bracket of a section name indicates
	79	that the section is \fIfinal\fP, meaning that if the same section appears
	80	within a later file specified in \fBKRB5_CONFIG\fP, it will be ignored.
	81	A subsection can be marked as final by placing a \(aq*\(aq after either the
	82	tag name or the closing brace.
97	83	.sp
98	84	The krb5.conf file can include other files using either of the
99	85	following directives at the beginning of a line:

196	182	in Encryption_types in kdc.conf(5)) will be filtered
197	183	out of the lists \fBdefault_tgs_enctypes\fP,
198	184	\fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&. The default
199		value for this tag is false, which may cause authentication
200		failures in existing Kerberos infrastructures that do not support
201		strong crypto. Users in affected environments should set this tag
202		to true until their infrastructure adopts stronger ciphers.
203		.TP
204		\fBap_req_checksum_type\fP
205		An integer which specifies the type of AP\-REQ checksum to use in
206		authenticators. This variable should be unset so the appropriate
207		checksum for the encryption key in use will be used. This can be
208		set if backward compatibility requires a specific checksum type.
209		See the \fBkdc_req_checksum_type\fP configuration option for the
210		possible values and their meanings.
	185	value for this tag is false.
211	186	.TP
212	187	\fBcanonicalize\fP
213	188	If this flag is set to true, initial ticket requests to the KDC

249	224	application servers such as sshd. The default is \fB@KTNAME@\fP\&. This
250	225	relation is subject to parameter expansion (see below).
251	226	.TP
	227	\fBdefault_rcache_name\fP
	228	This relation specifies the name of the default replay cache.
	229	The default is \fBdfl:\fP\&. This relation is subject to parameter
	230	expansion (see below). New in release 1.18.
	231	.TP
252	232	\fBdefault_realm\fP
253	233	Identifies the default Kerberos realm for the client. Set its
254	234	value to your Kerberos realm. If this value is not set, then a

261	241	preference from highest to lowest. The list may be delimited with
262	242	commas or whitespace. See Encryption_types in
263	243	kdc.conf(5) for a list of the accepted values for this tag.
264		The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
265		will be implicitly removed from this list if the value of
266		\fBallow_weak_crypto\fP is false.
	244	Starting in release 1.18, the default value is the value of
	245	\fBpermitted_enctypes\fP\&. For previous releases or if
	246	\fBpermitted_enctypes\fP is not set, the default value is
	247	\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
267	248	.sp
268	249	Do not set this unless required for specific backward
269	250	compatibility purposes; stale values of this setting can prevent

274	255	Identifies the supported list of session key encryption types that
275	256	the client should request when making an AS\-REQ, in order of
276	257	preference from highest to lowest. The format is the same as for
277		default_tgs_enctypes. The default value for this tag is
278		\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
279		removed from this list if the value of \fBallow_weak_crypto\fP is
280		false.
	258	default_tgs_enctypes. Starting in release 1.18, the default
	259	value is the value of \fBpermitted_enctypes\fP\&. For previous
	260	releases or if \fBpermitted_enctypes\fP is not set, the default
	261	value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
281	262	.sp
282	263	Do not set this unless required for specific backward
283	264	compatibility purposes; stale values of this setting can prevent

290	271	to false can improve security by reducing reliance on DNS, but
291	272	means that short hostnames will not be canonicalized to
292	273	fully\-qualified hostnames. The default value is true.
	274	.sp
	275	If this option is set to \fBfallback\fP (new in release 1.18), DNS
	276	canonicalization will only be performed the server hostname is not
	277	found with the original name when requesting credentials.
293	278	.TP
294	279	\fBdns_lookup_kdc\fP
295	280	Indicate whether DNS SRV records should be used to locate the KDCs

313	298	krb5.conf information for the realm. SRV records are used as a
314	299	fallback if no URI records were found. The default value is true.
315	300	New in release 1.15.
	301	.TP
	302	\fBenforce_ok_as_delegate\fP
	303	If this flag to true, GSSAPI credential delegation will be
	304	disabled when the \fBok\-as\-delegate\fP flag is not set in the
	305	service ticket. If this flag is false, the \fBok\-as\-delegate\fP
	306	ticket flag is only enforced when an application specifically
	307	requests enforcement. The default value is false.
316	308	.TP
317	309	\fBerr_fmt\fP
318	310	This relation allows for custom error message formatting. If a

383	375	corrective factor is only used by the Kerberos library; it is not
384	376	used to change the system clock. The default value is 1.
385	377	.TP
386		\fBkdc_req_checksum_type\fP
387		An integer which specifies the type of checksum to use for the KDC
388		requests, for compatibility with very old KDC implementations.
389		This value is only used for DES keys; other keys use the preferred
390		checksum type for those keys.
391		.sp
392		The possible values and their meanings are as follows.
393		.TS
394		center;
395		\|l\|l\|.
396		_
397		T{
398		1
399		T} T{
400		CRC32
401		T}
402		_
403		T{
404		2
405		T} T{
406		RSA MD4
407		T}
408		_
409		T{
410		3
411		T} T{
412		RSA MD4 DES
413		T}
414		_
415		T{
416		4
417		T} T{
418		DES CBC
419		T}
420		_
421		T{
422		7
423		T} T{
424		RSA MD5
425		T}
426		_
427		T{
428		8
429		T} T{
430		RSA MD5 DES
431		T}
432		_
433		T{
434		9
435		T} T{
436		NIST SHA
437		T}
438		_
439		T{
440		12
441		T} T{
442		HMAC SHA1 DES3
443		T}
444		_
445		T{
446		\-138
447		T} T{
448		Microsoft MD5 HMAC checksum type
449		T}
450		_
451		.TE
452		.TP
453	378	\fBnoaddresses\fP
454	379	If this flag is true, requests for initial tickets will not be
455	380	made with address restrictions set, allowing the tickets to be
456	381	used across NATs. The default value is true.
457	382	.TP
458	383	\fBpermitted_enctypes\fP
459		Identifies all encryption types that are permitted for use in
460		session key encryption. The default value for this tag is
461		\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
462		removed from this list if the value of \fBallow_weak_crypto\fP is
463		false.
	384	Identifies the encryption types that servers will permit for
	385	session keys and for ticket and authenticator encryption, ordered
	386	by preference from highest to lowest. Starting in release 1.18,
	387	this tag also acts as the default value for
	388	\fBdefault_tgs_enctypes\fP and \fBdefault_tkt_enctypes\fP\&. The
	389	default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
464	390	.TP
465	391	\fBplugin_base_dir\fP
466	392	If set, determines the base directory where krb5 plugins are

477	403	\fBproxiable\fP
478	404	If this flag is true, initial tickets will be proxiable by
479	405	default, if allowed by the KDC. The default value is false.
	406	.TP
	407	\fBqualify_shortname\fP
	408	If this string is set, it determines the domain suffix for
	409	single\-component hostnames when DNS canonicalization is not used
	410	(either because \fBdns_canonicalize_hostname\fP is false or because
	411	forward canonicalization failed). The default value is the first
	412	search domain of the system\(aqs DNS configuration. To disable
	413	qualification of shortnames, set this relation to the empty string
	414	with \fBqualify_shortname = ""\fP\&. (New in release 1.18.)
480	415	.TP
481	416	\fBrdns\fP
482	417	If this flag is true, reverse name lookup will be used in addition

497	432	\fBrenew_lifetime\fP
498	433	(duration string.) Sets the default renewable lifetime
499	434	for initial ticket requests. The default value is 0.
500		.TP
501		\fBsafe_checksum_type\fP
502		An integer which specifies the type of checksum to use for the
503		KRB\-SAFE requests. By default it is set to 8 (RSA MD5 DES). For
504		compatibility with applications linked against DCE version 1.1 or
505		earlier Kerberos libraries, use a value of 3 to use the RSA MD4
506		DES instead. This field is ignored when its value is incompatible
507		with the session key type. See the \fBkdc_req_checksum_type\fP
508		configuration option for the possible values and their meanings.
509	435	.TP
510	436	\fBspake_preauth_groups\fP
511	437	A whitespace or comma\-separated list of words which specifies the

1361	1287	specifies \fBX509_user_identity\fP on the command line.
1362	1288	.TP
1363	1289	\fBpkinit_kdc_hostname\fP
1364		The presense of this option indicates that the client is willing
	1290	The presence of this option indicates that the client is willing
1365	1291	to accept a KDC certificate with a dNSName SAN (Subject
1366	1292	Alternative Name) rather than requiring the id\-pkinit\-san as
1367	1293	defined in \fI\%RFC 4556\fP\&. This option may be specified multiple

1556	1482	.SH AUTHOR
1557	1483	MIT
1558	1484	.SH COPYRIGHT
1559		1985-2019, MIT
	1485	1985-2020, MIT
1560	1486	.\" Generated by docutils manpage writer.
1561	1487	.

+7

-7

src/man/krb5kdc.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KRB5KDC" "8" " " "1.17" "MIT Kerberos"
	2	.TH "KRB5KDC" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	krb5kdc \- Kerberos V5 KDC
5	5	.

50	50	.SH OPTIONS
51	51	.sp
52	52	The \fB\-r\fP \fIrealm\fP option specifies the realm for which the server
53		should provide service.
	53	should provide service. This option may be specified multiple times
	54	to serve multiple realms. If no \fB\-r\fP option is given, the default
	55	realm (as specified in krb5.conf(5)) will be served.
54	56	.sp
55	57	The \fB\-d\fP \fIdbname\fP option specifies the name under which the
56	58	principal database can be found. This option does not apply to the

58	60	.sp
59	61	The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
60	62	to be entered manually as a password when \fB\-m\fP is given; the default
61		is \fBdes\-cbc\-crc\fP\&.
	63	is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
62	64	.sp
63	65	The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
64	66	master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).

67	69	be fetched from the keyboard rather than from a stash file.
68	70	.sp
69	71	The \fB\-n\fP option specifies that the KDC does not put itself in the
70		background and does not disassociate itself from the terminal. In
71		normal operation, you should always allow the KDC to place itself in
72		the background.
	72	background and does not disassociate itself from the terminal.
73	73	.sp
74	74	The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into
75	75	\fIpid_file\fP after it starts up. This can be used to identify whether

134	134	.SH AUTHOR
135	135	MIT
136	136	.SH COPYRIGHT
137		1985-2019, MIT
	137	1985-2020, MIT
138	138	.\" Generated by docutils manpage writer.
139	139	.

+15

-4

src/man/ksu.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KSU" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KSU" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	ksu \- Kerberized super-user
5	5	.

37	37	[ \fB\-c\fP \fIsource_cache_name\fP ]
38	38	[ \fB\-k\fP ]
39	39	[ \fB\-r\fP time ]
40		[ \fB\-pf\fP ]
	40	[ \fB\-p\fP \| \fB\-P\fP]
	41	[ \fB\-f\fP \| \fB\-F\fP]
41	42	[ \fB\-l\fP \fIlifetime\fP ]
42	43	[ \fB\-z \| Z\fP ]
43	44	[ \fB\-q\fP ]

288	289	Ticket granting ticket options:
289	290	.INDENT 0.0
290	291	.TP
291		\fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-pf\fP
	292	\fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-p\fP \fB\-P\fP \fB\-f\fP \fB\-F\fP
292	293	The ticket granting ticket options only apply to the case where
293	294	there are no appropriate tickets in the cache to authenticate the
294	295	source user. In this case if ksu is configured to prompt users

310	311	specifies that the \fBproxiable\fP option should be requested for
311	312	the ticket.
312	313	.TP
	314	\fB\-P\fP
	315	specifies that the \fBproxiable\fP option should not be requested
	316	for the ticket, even if the default configuration is to ask for
	317	proxiable tickets.
	318	.TP
313	319	\fB\-f\fP
314	320	option specifies that the \fBforwardable\fP option should be
315	321	requested for the ticket.
	322	.TP
	323	\fB\-F\fP
	324	option specifies that the \fBforwardable\fP option should not be
	325	requested for the ticket, even if the default configuration is to
	326	ask for forwardable tickets.
316	327	.TP
317	328	\fB\-e\fP \fIcommand\fP [\fIargs\fP ...]
318	329	ksu proceeds exactly the same as if it was invoked without the

462	473	.SH AUTHOR
463	474	MIT
464	475	.SH COPYRIGHT
465		1985-2019, MIT
	476	1985-2020, MIT
466	477	.\" Generated by docutils manpage writer.
467	478	.

+2

-2

src/man/kswitch.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KSWITCH" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KSWITCH" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kswitch \- switch primary ticket cache
5	5	.

65	65	.SH AUTHOR
66	66	MIT
67	67	.SH COPYRIGHT
68		1985-2019, MIT
	68	1985-2020, MIT
69	69	.\" Generated by docutils manpage writer.
70	70	.

+4

-24

src/man/ktutil.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KTUTIL" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KTUTIL" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	ktutil \- Kerberos keytab file maintenance utility
5	5	.

35	35	.SH DESCRIPTION
36	36	.sp
37	37	The ktutil command invokes a command interface from which an
38		administrator can read, write, or edit entries in a keytab or Kerberos
39		V4 srvtab file.
	38	administrator can read, write, or edit entries in a keytab. (Kerberos
	39	V4 srvtab files are no longer supported.)
40	40	.SH COMMANDS
41	41	.SS list
42	42	.INDENT 0.0

58	58	Read the Kerberos V5 keytab file \fIkeytab\fP into the current keylist.
59	59	.sp
60	60	Alias: \fBrkt\fP
61		.SS read_st
62		.INDENT 0.0
63		.INDENT 3.5
64		\fBread_st\fP \fIsrvtab\fP
65		.UNINDENT
66		.UNINDENT
67		.sp
68		Read the Kerberos V4 srvtab file \fIsrvtab\fP into the current keylist.
69		.sp
70		Alias: \fBrst\fP
71	61	.SS write_kt
72	62	.INDENT 0.0
73	63	.INDENT 3.5

78	68	Write the current keylist into the Kerberos V5 keytab file \fIkeytab\fP\&.
79	69	.sp
80	70	Alias: \fBwkt\fP
81		.SS write_st
82		.INDENT 0.0
83		.INDENT 3.5
84		\fBwrite_st\fP \fIsrvtab\fP
85		.UNINDENT
86		.UNINDENT
87		.sp
88		Write the current keylist into the Kerberos V4 srvtab file \fIsrvtab\fP\&.
89		.sp
90		Alias: \fBwst\fP
91	71	.SS clear_list
92	72	.INDENT 0.0
93	73	.INDENT 3.5

176	156	.SH AUTHOR
177	157	MIT
178	158	.SH COPYRIGHT
179		1985-2019, MIT
	159	1985-2020, MIT
180	160	.\" Generated by docutils manpage writer.
181	161	.

+13

-3

src/man/kvno.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "KVNO" "1" " " "1.17" "MIT Kerberos"
	2	.TH "KVNO" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	kvno \- print key version numbers of Kerberos principals
5	5	.

38	38	[\fB\-h\fP]
39	39	[\fB\-P\fP]
40	40	[\fB\-S\fP \fIsname\fP]
	41	[\fB\-I\fP \fIfor_user\fP]
41	42	[\fB\-U\fP \fIfor_user\fP]
	43	[\fB\-F\fP \fIcert_file\fP]
42	44	[\fB\-\-u2u\fP \fIccache\fP]
43	45	\fIservice1 service2\fP ...
44	46	.SH DESCRIPTION

78	80	The service hostnames will be canonicalized according to the usual
79	81	rules for constructing service principals.
80	82	.TP
81		\fB\-U\fP \fIfor_user\fP
	83	\fB\-I\fP \fIfor_user\fP
82	84	Specifies that protocol transition (S4U2Self) is to be used to
83	85	acquire a ticket on behalf of \fIfor_user\fP\&. If constrained
84	86	delegation is not requested, the service name must match the
85	87	credentials cache client principal.
	88	.TP
	89	\fB\-U\fP \fIfor_user\fP
	90	Same as \-I, but treats \fIfor_user\fP as an enterprise name.
	91	.TP
	92	\fB\-F\fP \fIcert_file\fP
	93	Specifies that protocol transition is to be used, identifying the
	94	client principal with the X.509 certificate in \fIcert_file\fP\&. The
	95	certificate file must be in PEM format.
86	96	.TP
87	97	\fB\-\-u2u\fP \fIccache\fP
88	98	Requests a user\-to\-user ticket. \fIccache\fP must contain a local

106	116	.SH AUTHOR
107	117	MIT
108	118	.SH COPYRIGHT
109		1985-2019, MIT
	119	1985-2020, MIT
110	120	.\" Generated by docutils manpage writer.
111	121	.

+2

-2

src/man/sclient.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "SCLIENT" "1" " " "1.17" "MIT Kerberos"
	2	.TH "SCLIENT" "1" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	sclient \- sample Kerberos version 5 client
5	5	.

48	48	.SH AUTHOR
49	49	MIT
50	50	.SH COPYRIGHT
51		1985-2019, MIT
	51	1985-2020, MIT
52	52	.\" Generated by docutils manpage writer.
53	53	.

+2

-2

src/man/sserver.man less more

0	0	.\" Man page generated from reStructuredText.
1	1	.
2		.TH "SSERVER" "8" " " "1.17" "MIT Kerberos"
	2	.TH "SSERVER" "8" " " "1.18.2" "MIT Kerberos"
3	3	.SH NAME
4	4	sserver \- sample Kerberos version 5 server
5	5	.

192	192	.SH AUTHOR
193	193	MIT
194	194	.SH COPYRIGHT
195		1985-2019, MIT
	195	1985-2020, MIT
196	196	.\" Generated by docutils manpage writer.
197	197	.

+4

-4

src/patchlevel.h less more

49	49	* organization.
50	50	*/
51	51	#define KRB5_MAJOR_RELEASE 1
52		#define KRB5_MINOR_RELEASE 17
53		#define KRB5_PATCHLEVEL 0
	52	#define KRB5_MINOR_RELEASE 18
	53	#define KRB5_PATCHLEVEL 2
54	54	/* #undef KRB5_RELTAIL */
55		#define KRB5_RELDATE "20190108"
56		#define KRB5_RELTAG "krb5-1.17-final"
	55	#define KRB5_RELDATE "20200521"
	56	#define KRB5_RELTAG "krb5-1.18.2-final"

+20

-0

src/plugins/gssapi/negoextest/Makefile.in less more

	0	mydir=plugins$(S)gssapi$(S)negoextest
	1	BUILDTOP=$(REL)..$(S)..$(S)..
	2
	3	LIBBASE=gss_negoextest
	4	LIBMAJOR=0
	5	LIBMINOR=0
	6	RELDIR=../plugins/gssapi/negoextest
	7	SHLIB_EXPDEPS=$(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
	8	SHLIB_EXPLIBS=$(GSS_LIBS) $(KRB5_BASE_LIBS)
	9
	10	STLIBOBJS=main.o
	11
	12	SRCS=$(srcdir)/main.c
	13
	14	all-unix: all-libs
	15	install-unix:
	16	clean-unix:: clean-libs clean-libobjs
	17
	18	@libnover_frag@
	19	@libobj_frag@

+15

-0

src/plugins/gssapi/negoextest/deps less more

	0	#
	1	# Generated makefile dependencies follow.
	2	#
	3	main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	4	$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
	5	$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
	6	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
	7	$(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
	8	$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
	9	$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
	10	$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
	11	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
	12	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
	13	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
	14	main.c

+13

-0

src/plugins/gssapi/negoextest/gss_negoextest.exports less more

	0	gss_accept_sec_context
	1	gss_acquire_cred
	2	gss_acquire_cred_with_password
	3	gss_delete_sec_context
	4	gss_display_status
	5	gss_import_name
	6	gss_init_sec_context
	7	gss_inquire_sec_context_by_oid
	8	gss_release_cred
	9	gss_release_name
	10	gssspi_exchange_meta_data
	11	gssspi_query_mechanism_info
	12	gssspi_query_meta_data

+340

-0

src/plugins/gssapi/negoextest/main.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* plugins/gssapi/negoextest/main.c - GSS test module for NegoEx */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "k5-int.h"
	33	#include <gssapi/gssapi.h>
	34	#include <gssapi/gssapi_ext.h>
	35	#include <gssapi/gssapi_alloc.h>
	36
	37	struct test_context {
	38	int initiator;
	39	uint8_t hops; /* hops remaining; 0 means established */
	40	};
	41
	42	OM_uint32 KRB5_CALLCONV
	43	gss_init_sec_context(OM_uint32 *minor_status,
	44	gss_cred_id_t claimant_cred_handle,
	45	gss_ctx_id_t *context_handle, gss_name_t target_name,
	46	gss_OID mech_type, OM_uint32 req_flags,
	47	OM_uint32 time_req,
	48	gss_channel_bindings_t input_chan_bindings,
	49	gss_buffer_t input_token, gss_OID *actual_mech,
	50	gss_buffer_t output_token, OM_uint32 *ret_flags,
	51	OM_uint32 *time_rec)
	52	{
	53	struct test_context ctx = (struct test_context )*context_handle;
	54	OM_uint32 major;
	55	gss_buffer_desc tok;
	56	const char *envstr;
	57	uint8_t hops, mech_last_octet;
	58
	59	if (input_token == GSS_C_NO_BUFFER \|\| input_token->length == 0) {
	60	envstr = getenv("HOPS");
	61	hops = (envstr != NULL) ? atoi(envstr) : 1;
	62	assert(hops > 0);
	63	} else if (input_token->length == 4 &&
	64	memcmp(input_token->value, "fail", 4) == 0) {
	65	*minor_status = 12345;
	66	return GSS_S_FAILURE;
	67	} else {
	68	hops = ((uint8_t *)input_token->value)[0];
	69	}
	70
	71	mech_last_octet = ((uint8_t *)mech_type->elements)[mech_type->length - 1];
	72	envstr = getenv("INIT_FAIL");
	73	if (envstr != NULL && atoi(envstr) == mech_last_octet)
	74	return GSS_S_FAILURE;
	75
	76	if (ctx == NULL) {
	77	ctx = malloc(sizeof(*ctx));
	78	assert(ctx != NULL);
	79	ctx->initiator = 1;
	80	ctx->hops = hops;
	81	*context_handle = (gss_ctx_id_t)ctx;
	82	} else if (ctx != NULL) {
	83	assert(ctx->initiator);
	84	ctx->hops--;
	85	assert(ctx->hops == hops);
	86	}
	87
	88	if (ctx->hops > 0) {
	89	/* Generate a token containing the remaining hop count. */
	90	ctx->hops--;
	91	tok.value = &ctx->hops;
	92	tok.length = 1;
	93	major = gss_encapsulate_token(&tok, mech_type, output_token);
	94	assert(major == GSS_S_COMPLETE);
	95	}
	96
	97	return (ctx->hops > 0) ? GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
	98	}
	99
	100	OM_uint32 KRB5_CALLCONV
	101	gss_accept_sec_context(OM_uint32 minor_status, gss_ctx_id_t context_handle,
	102	gss_cred_id_t verifier_cred_handle,
	103	gss_buffer_t input_token,
	104	gss_channel_bindings_t input_chan_bindings,
	105	gss_name_t src_name, gss_OID mech_type,
	106	gss_buffer_t output_token, OM_uint32 *ret_flags,
	107	OM_uint32 *time_rec,
	108	gss_cred_id_t *delegated_cred_handle)
	109	{
	110	struct test_context ctx = (struct test_context )*context_handle;
	111	uint8_t hops, mech_last_octet;
	112	const char *envstr;
	113
	114	/*
	115	* The unwrapped token sits at the end and is just one byte giving the
	116	* remaining number of hops. The final octet of the mech encoding should
	117	* be just prior to it.
	118	*/
	119	assert(input_token->length >= 2);
	120	hops = ((uint8_t *)input_token->value)[input_token->length - 1];
	121	mech_last_octet = ((uint8_t *)input_token->value)[input_token->length - 2];
	122
	123	envstr = getenv("ACCEPT_FAIL");
	124	if (envstr != NULL && atoi(envstr) == mech_last_octet) {
	125	output_token->value = gssalloc_strdup("fail");
	126	assert(output_token->value != NULL);
	127	output_token->length = 4;
	128	return GSS_S_FAILURE;
	129	}
	130
	131	if (*context_handle == GSS_C_NO_CONTEXT) {
	132	ctx = malloc(sizeof(*ctx));
	133	assert(ctx != NULL);
	134	ctx->initiator = 0;
	135	ctx->hops = hops;
	136	*context_handle = (gss_ctx_id_t)ctx;
	137	} else {
	138	assert(!ctx->initiator);
	139	ctx->hops--;
	140	assert(ctx->hops == hops);
	141	}
	142
	143	if (ctx->hops > 0) {
	144	/* Generate a token containing the remaining hop count. */
	145	ctx->hops--;
	146	output_token->value = gssalloc_malloc(1);
	147	assert(output_token->value != NULL);
	148	memcpy(output_token->value, &ctx->hops, 1);
	149	output_token->length = 1;
	150	}
	151
	152	return (ctx->hops > 0) ? GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
	153	}
	154
	155	OM_uint32 KRB5_CALLCONV
	156	gss_delete_sec_context(OM_uint32 minor_status, gss_ctx_id_t context_handle,
	157	gss_buffer_t output_token)
	158	{
	159	free(*context_handle);
	160	*context_handle = GSS_C_NO_CONTEXT;
	161	return GSS_S_COMPLETE;
	162	}
	163
	164	OM_uint32 KRB5_CALLCONV
	165	gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
	166	OM_uint32 time_req, gss_OID_set desired_mechs,
	167	gss_cred_usage_t cred_usage,
	168	gss_cred_id_t output_cred_handle, gss_OID_set actual_mechs,
	169	OM_uint32 *time_rec)
	170	{
	171	return GSS_S_COMPLETE;
	172	}
	173
	174	OM_uint32 KRB5_CALLCONV
	175	gss_acquire_cred_with_password(OM_uint32 *minor_status,
	176	const gss_name_t desired_name,
	177	const gss_buffer_t password, OM_uint32 time_req,
	178	const gss_OID_set desired_mechs,
	179	gss_cred_usage_t cred_usage,
	180	gss_cred_id_t *output_cred_handle,
	181	gss_OID_set actual_mechs, OM_uint32 time_rec)
	182	{
	183	return GSS_S_COMPLETE;
	184	}
	185
	186	OM_uint32 KRB5_CALLCONV
	187	gss_release_cred(OM_uint32 minor_status, gss_cred_id_t cred_handle)
	188	{
	189	return GSS_S_COMPLETE;
	190	}
	191
	192	OM_uint32 KRB5_CALLCONV
	193	gss_import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer,
	194	gss_OID input_name_type, gss_name_t *output_name)
	195	{
	196	static int dummy;
	197
	198	/*
	199	* We don't need to remember anything about names, but we do need to
	200	* distinguish them from GSS_C_NO_NAME (to determine the direction of
	201	* gss_query_meta_data() and gss_exchange_meta_data()), so assign an
	202	* arbitrary data pointer.
	203	*/
	204	*output_name = (gss_name_t)&dummy;
	205	return GSS_S_COMPLETE;
	206	}
	207
	208	OM_uint32 KRB5_CALLCONV
	209	gss_release_name(OM_uint32 minor_status, gss_name_t input_name)
	210	{
	211	return GSS_S_COMPLETE;
	212	}
	213
	214	OM_uint32 KRB5_CALLCONV
	215	gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
	216	int status_type, gss_OID mech_type,
	217	OM_uint32 *message_context, gss_buffer_t status_string)
	218	{
	219	if (status_type == GSS_C_MECH_CODE && status_value == 12345) {
	220	status_string->value = gssalloc_strdup("failure from acceptor");
	221	assert(status_string->value != NULL);
	222	status_string->length = strlen(status_string->value);
	223	return GSS_S_COMPLETE;
	224	}
	225	return GSS_S_BAD_STATUS;
	226	}
	227
	228	OM_uint32 KRB5_CALLCONV
	229	gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
	230	gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle,
	231	const gss_name_t targ_name, OM_uint32 req_flags,
	232	gss_buffer_t meta_data)
	233	{
	234	const char *envstr;
	235	uint8_t mech_last_octet;
	236	int initiator = (targ_name != GSS_C_NO_NAME);
	237
	238	mech_last_octet = ((uint8_t *)mech_oid->elements)[mech_oid->length - 1];
	239	envstr = getenv(initiator ? "INIT_QUERY_FAIL" : "ACCEPT_QUERY_FAIL");
	240	if (envstr != NULL && atoi(envstr) == mech_last_octet)
	241	return GSS_S_FAILURE;
	242	envstr = getenv(initiator ? "INIT_QUERY_NONE" : "ACCEPT_QUERY_NONE");
	243	if (envstr != NULL && atoi(envstr) == mech_last_octet)
	244	return GSS_S_COMPLETE;
	245
	246	meta_data->value = gssalloc_strdup("X");
	247	meta_data->length = 1;
	248	return GSS_S_COMPLETE;
	249	}
	250
	251	OM_uint32 KRB5_CALLCONV
	252	gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
	253	gss_cred_id_t cred_handle,
	254	gss_ctx_id_t *context_handle,
	255	const gss_name_t targ_name, OM_uint32 req_flags,
	256	gss_const_buffer_t meta_data)
	257	{
	258	const char *envstr;
	259	uint8_t mech_last_octet;
	260	int initiator = (targ_name != GSS_C_NO_NAME);
	261
	262	mech_last_octet = ((uint8_t *)mech_oid->elements)[mech_oid->length - 1];
	263	envstr = getenv(initiator ? "INIT_EXCHANGE_FAIL" : "ACCEPT_EXCHANGE_FAIL");
	264	if (envstr != NULL && atoi(envstr) == mech_last_octet)
	265	return GSS_S_FAILURE;
	266
	267	assert(meta_data->length == 1 && memcmp(meta_data->value, "X", 1) == 0);
	268	return GSS_S_COMPLETE;
	269	}
	270
	271	OM_uint32 KRB5_CALLCONV
	272	gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid,
	273	unsigned char auth_scheme[16])
	274	{
	275	/* Copy the mech OID encoding and right-pad it with zeros. */
	276	memset(auth_scheme, 0, 16);
	277	assert(mech_oid->length <= 16);
	278	memcpy(auth_scheme, mech_oid->elements, mech_oid->length);
	279	return GSS_S_COMPLETE;
	280	}
	281
	282	OM_uint32 KRB5_CALLCONV
	283	gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
	284	const gss_ctx_id_t context_handle,
	285	const gss_OID desired_object,
	286	gss_buffer_set_t *data_set)
	287	{
	288	struct test_context ctx = (struct test_context )context_handle;
	289	OM_uint32 major;
	290	uint8_t keybytes[32] = { 0 };
	291	uint8_t typebytes[4];
	292	gss_buffer_desc key, type;
	293	const char *envstr;
	294	int ask_verify;
	295
	296	if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_KEY))
	297	ask_verify = 0;
	298	else if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_VERIFY_KEY))
	299	ask_verify = 1;
	300	else
	301	return GSS_S_UNAVAILABLE;
	302
	303	/*
	304	* By default, make a key available only if the context is established.
	305	* This can be overridden to "always", "init-always", "accept-always",
	306	* or "never".
	307	*/
	308	envstr = getenv("KEY");
	309	if (envstr != NULL && strcmp(envstr, "never") == 0) {
	310	return GSS_S_UNAVAILABLE;
	311	} else if (ctx->hops > 0) {
	312	if (envstr == NULL)
	313	return GSS_S_UNAVAILABLE;
	314	else if (strcmp(envstr, "init-always") == 0 && !ctx->initiator)
	315	return GSS_S_UNAVAILABLE;
	316	else if (strcmp(envstr, "accept-always") == 0 && ctx->initiator)
	317	return GSS_S_UNAVAILABLE;
	318	}
	319
	320	/* Perturb the key so that each side's verifier key is equal to the other's
	321	* checksum key. */
	322	keybytes[0] = ask_verify ^ ctx->initiator;
	323
	324	/* Supply an all-zeros aes256-sha1 negoex key. */
	325	if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_KEY) \|\|
	326	gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_VERIFY_KEY)) {
	327	store_32_le(ENCTYPE_AES256_CTS_HMAC_SHA1_96, typebytes);
	328	key.value = keybytes;
	329	key.length = sizeof(keybytes);
	330	type.value = typebytes;
	331	type.length = sizeof(typebytes);
	332	major = gss_add_buffer_set_member(minor_status, &key, data_set);
	333	if (major != GSS_S_COMPLETE)
	334	return major;
	335	return gss_add_buffer_set_member(minor_status, &type, data_set);
	336	}
	337
	338	return GSS_S_UNAVAILABLE;
	339	}

+4

-4

src/plugins/kdb/db2/kdb_xdr.c less more

152	152	krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
153	153	nextloc += 4;
154	154
155		/* # tl_data strutures */
	155	/* # tl_data structures */
156	156	krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
157	157	nextloc += 2;
158	158
159		/* # key_data strutures */
	159	/* # key_data structures */
160	160	krb5_kdb_encode_int16(entry->n_key_data, nextloc);
161	161	nextloc += 2;
162	162

291	291	krb5_kdb_decode_int32(nextloc, entry->fail_auth_count);
292	292	nextloc += 4;
293	293
294		/* # tl_data strutures */
	294	/* # tl_data structures */
295	295	krb5_kdb_decode_int16(nextloc, entry->n_tl_data);
296	296	nextloc += 2;
297	297

300	300	goto error_out;
301	301	}
302	302
303		/* # key_data strutures */
	303	/* # key_data structures */
304	304	krb5_kdb_decode_int16(nextloc, entry->n_key_data);
305	305	nextloc += 2;
306	306

+1

-1

src/plugins/kdb/db2/libdb2/README less more

7	7
8	8	It is believed that this "db" code originated from Berkeley DB 1.85
9	9	and was further modified by Cygnus and the MIT Kerberos team. Some
10		significant changes to the hash code occured at some point.
	10	significant changes to the hash code occurred at some point.
11	11
12	12	The file README.db2 contains the README file provided with the
13	13	2.0-alpha release of Berkeley/Sleepycat DB, which may contain

+1

-1

src/plugins/kdb/db2/libdb2/hash/dbm.c less more

51	51
52	52	/* If the two size fields of datum and DBMT are not equal, then
53	53	* casting between structures will result in stack garbage being
54		* transfered. Has been observed for DEC Alpha OSF, but will handle
	54	* transferred. Has been observed for DEC Alpha OSF, but will handle
55	55	* the general case.
56	56	*/
57	57

+1

-1

src/plugins/kdb/db2/libdb2/hash/hash.h less more

93	93	u_int8_t bigkey_buf; / Temporary Buffer for BIG keys */
94	94	u_int16_t split_buf; / Temporary buffer for splits */
95	95	CURSOR seq_cursor; / Cursor used for hash_seq */
96		int32_t local_errno; /* Error Number -- for DBM compatability */
	96	int32_t local_errno; /* Error Number -- for DBM compatibility */
97	97	int32_t new_file; /* Indicates if fd is backing store or no */
98	98	int32_t save_file; /* Indicates whether we need to flush file at
99	99	* exit */

+1

-1

src/plugins/kdb/db2/libdb2/test/Makefile.in less more

21	21	t.be.db t.le.db:
22	22	$(PERL) -ne 'chomp; print pack("H*", $$_);' $? > $@
23	23
24		check: dbtest t.be.db t.le.db
	24	check: dbtest t.be.db t.le.db runenv.sh
25	25	$(RUN_SETUP) srcdir=$(srcdir) TMPDIR=$(TMPDIR) $(VALGRIND) $(FCTSH) $(srcdir)/run.test
26	26
27	27	bttest.o: $(srcdir)/btree.tests/main.c

+2

-0

src/plugins/kdb/db2/libdb2/test/run.test less more

1	1	#
2	2	# @(#)run.test 8.13 (Berkeley) 11/2/95
3	3	#
	4
	5	. ./runenv.sh
4	6
5	7	# db regression tests
6	8	main()

+0

-1

src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c less more

90	90	extern time_t get_date(char ); / kadmin/cli/getdate.o */
91	91
92	92	char yes = "yes\n"; / \n to compare against result of fgets */
93		krb5_key_salt_tuple def_kslist = {ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL};
94	93
95	94	krb5_data tgt_princ_entries[] = {
96	95	{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},

+0

-4

src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c less more

134	134	print_usage = TRUE;
135	135	goto cleanup;
136	136	}
137		if (file_name == NULL) {
138		com_err(me, ENOMEM, _("while setting service object password"));
139		goto cleanup;
140		}
141	137	} else { /* argc == 2 */
142	138	service_object = strdup (argv[1]);
143	139	if (service_object == NULL) {

+19

-15

src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c less more

101	101	usage(void)
102	102	{
103	103	fprintf(stderr,
104		_("Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
	104	_("Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri] "
	105	"[-r realm]\n"
105	106	"\tcmd [cmd_options]\n"
106	107
107	108	/* Create realm */
108		"create [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
109		"\t\t[-m\|-P password\|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
110		"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
111		"\t\t[ticket_flags] [-r realm]\n"
	109	"create [-subtrees subtree_dn_list] [-sscope search_scope]\n"
	110	"\t\t[-containerref container_reference_dn]\n"
	111	"\t\t[-m\|-P password\|-sf stashfilename] [-s]\n"
	112	"\t\t[-k mkeytype] [-kv mkeyVNO] [-M mkeyname]\n"
	113	"\t\t[-maxtktlife max_ticket_life]\n"
	114	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
112	115
113	116	/* modify realm */
114		"modify [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
115		"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
116		"\t\t[ticket_flags] [-r realm]\n"
	117	"modify [-subtrees subtree_dn_list] [-sscope search_scope]\n"
	118	"\t\t[-containerref container_reference_dn]\n"
	119	"\t\t[-maxtktlife max_ticket_life]\n"
	120	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
117	121	/* View realm */
118		"view [-r realm]\n"
	122	"view\n"
119	123
120	124	/* Destroy realm */
121		"destroy [-f] [-r realm]\n"
	125	"destroy [-f]\n"
122	126
123	127	/* List realms */
124	128	"list\n"

127	131	"stashsrvpw [-f filename] service_dn\n"
128	132
129	133	/* Create policy */
130		"create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
	134	"create_policy [-maxtktlife max_ticket_life]\n"
131	135	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
132	136
133	137	/* Modify policy */
134		"modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
	138	"modify_policy [-maxtktlife max_ticket_life]\n"
135	139	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
136	140
137	141	/* View policy */
138		"view_policy [-r realm] policy\n"
	142	"view_policy policy\n"
139	143
140	144	/* Destroy policy */
141		"destroy_policy [-r realm] [-force] policy\n"
	145	"destroy_policy [-force] policy\n"
142	146
143	147	/* List policies */
144		"list_policy [-r realm]\n"));
	148	"list_policy\n"));
145	149	}
146	150
147	151	void

+2

-2

src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif less more

511	511
512	512	##### Holds the default encryption/salt type combinations of principals for
513	513	##### the Realm. Stores in the form of key:salt strings.
514		##### Example: des-cbc-crc:normal
	514	##### Example: aes256-cts-hmac-sha384-192:normal
515	515
516	516	dn: cn=schema
517	517	changetype: modify

532	532	##### ONLYREALM
533	533	##### SPECIAL
534	534	##### AFS3
535		##### Example: des-cbc-crc:normal
	535	##### Example: aes256-cts-hmac-sha384-192:normal
536	536	#####
537	537	##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
538	538	##### attributes.

+2

-2

src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema less more

409	409	##### Holds the default encryption/salt type combinations of principals for
410	410	##### the Realm. Stores in the form of key:salt strings. This will be
411	411	##### subset of the supported encryption/salt types.
412		##### Example: des-cbc-crc:normal
	412	##### Example: aes256-cts-hmac-sha384-192:normal
413	413
414	414	attributetype ( 2.16.840.1.113719.1.301.4.42.1
415	415	NAME 'krbDefaultEncSaltTypes'

427	427	##### ONLYREALM
428	428	##### SPECIAL
429	429	##### AFS3
430		##### Example: des-cbc-crc:normal
	430	##### Example: aes256-cts-hmac-sha384-192:normal
431	431
432	432	attributetype ( 2.16.840.1.113719.1.301.4.43.1
433	433	NAME 'krbSupportedEncSaltTypes'

+0

-10

src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c less more

55	55	krb5_ldap_realm_params *rparams = NULL;
56	56	krb5_ldap_context *ldap_context=NULL;
57	57	krb5_boolean realm_obj_created = FALSE;
58		krb5_boolean krbcontainer_obj_created = FALSE;
59	58	int mask = 0;
60	59
61	60	/* Clear the global error string */

120	119	goto cleanup;
121	120
122	121	cleanup:
123		/* If the krbcontainer/realm creation is not complete, do the roll-back here */
124		if ((krbcontainer_obj_created) && (!realm_obj_created)) {
125		int rc;
126		rc = krb5_ldap_delete_krbcontainer(context,
127		ldap_context->container_dn);
128		k5_setmsg(context, rc, _("could not complete roll-back, error "
129		"deleting Kerberos Container"));
130		}
131
132	122	if (rparams)
133	123	krb5_ldap_free_realm_params(rparams);
134	124

+21

-1

src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c less more

720	720	void *ptr;
721	721	int *intptr;
722	722
	723	*intval = 0;
	724
723	725	tl_data.tl_data_type = KDB_TL_USER_INFO;
724	726	ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
725	727	if (ret \|\| tl_data.tl_data_length == 0)

1376	1378
1377	1379	k5_buf_init_dynamic(&buf);
1378	1380
1379		/* Make a space seperated list of indicators. */
	1381	/* Make a space-separated list of indicators. */
1380	1382	for (i = 0; auth_inds[i] != NULL; i++) {
1381	1383	k5_buf_add(&buf, auth_inds[i]);
1382	1384	if (auth_inds[i + 1] != NULL)

1419	1421	struct berval ber_key_data = NULL, ber_tl_data = NULL;
1420	1422	krb5_tl_data userinfo_tl_data = { NULL }, *endp, tl;
1421	1423	osa_princ_ent_rec princ_ent;
	1424	char *is_login_disabled = NULL;
1422	1425
1423	1426	memset(&princ_ent, 0, sizeof(princ_ent));
1424	1427

1652	1655	if (ret)
1653	1656	goto cleanup;
1654	1657
	1658	/*
	1659	* 389ds and other Netscape directory server derivatives support an
	1660	* attribute "nsAccountLock" which functions similarly to eDirectory's
	1661	* "loginDisabled". When the user's account object is also a
	1662	* krbPrincipalAux object, the kdb entry should be treated as if
	1663	* DISALLOW_ALL_TIX has been set.
	1664	*/
	1665	ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled,
	1666	&attr_present);
	1667	if (ret)
	1668	goto cleanup;
	1669	if (attr_present == TRUE) {
	1670	if (strcasecmp(is_login_disabled, "TRUE") == 0)
	1671	entry->attributes \|= KRB5_KDB_DISALLOW_ALL_TIX;
	1672	free(is_login_disabled);
	1673	}
	1674
1655	1675	ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
1656	1676	if (ret)
1657	1677	goto cleanup;

+1

-0

src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c less more

53	53	"krbLastFailedAuth",
54	54	"krbLoginFailedCount",
55	55	"krbLastSuccessfulAuth",
	56	"nsAccountLock",
56	57	"krbLastPwdChange",
57	58	"krbLastAdminUnlock",
58	59	"krbPrincipalAuthInd",

+26

-33

src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c less more

188	188	if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
189	189	if (values[0] && strcmp(values[0], user) != 0) {
190	190	/* We matched an alias, not the canonical name. */
191		if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
192		st = krb5_ldap_parse_principal_name(values[0], &cname);
193		if (st != 0)
194		goto cleanup;
195		st = krb5_parse_name(context, cname, &cprinc);
196		if (st != 0)
197		goto cleanup;
198		} else /* No canonicalization, so don't return aliases. */
199		found = FALSE;
	191	st = krb5_ldap_parse_principal_name(values[0], &cname);
	192	if (st != 0)
	193	goto cleanup;
	194	st = krb5_parse_name(context, cname, &cprinc);
	195	if (st != 0)
	196	goto cleanup;
200	197	}
201	198	ldap_value_free(values);
202	199	if (!found)

629	626	char *auth_ind = NULL;
630	627	char *strval[10] = { 0 };
631	628	char ai, ai_save = NULL;
632		int sv_num = sizeof(strval) / sizeof(*strval);
	629	int mask, sv_num = sizeof(strval) / sizeof(*strval);
633	630
634	631	ret = krb5_dbe_get_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
635	632	&auth_ind);
636		if (ret \|\| auth_ind == NULL)
637		goto cleanup;
	633	if (ret)
	634	return ret;
	635	if (auth_ind == NULL) {
	636	/* If we know krbPrincipalAuthInd attributes are present from loading
	637	* the entry, delete them. */
	638	ret = krb5_get_attributes_mask(context, entry, &mask);
	639	if (!ret && (mask & KDB_AUTH_IND_ATTR)) {
	640	return krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
	641	LDAP_MOD_DELETE, NULL);
	642	}
	643	return 0;
	644	}
638	645
639	646	ai = strtok_r(auth_ind, " ", &ai_save);
640	647	while (ai != NULL && i < sv_num) {

644	651
645	652	ret = krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
646	653	LDAP_MOD_REPLACE, strval);
647
648		cleanup:
649	654	krb5_dbe_free_string(context, auth_ind);
650	655	return ret;
651	656	}

1232	1237	goto cleanup;
1233	1238	}
1234	1239
1235		if (!(entry->mask & KADM5_PRINCIPAL)) {
1236		memset(strval, 0, sizeof(strval));
1237		if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL)
1238		goto cleanup;
1239		if ((st=krb5_add_str_mem_ldap_mod(&mods,
1240		"krbpasswordexpiration",
1241		LDAP_MOD_REPLACE, strval)) != 0) {
1242		free (strval[0]);
1243		goto cleanup;
1244		}
1245		free (strval[0]);
1246		}
1247
1248	1240	/* Update last password change whenever a new key is set */
1249	1241	{
1250	1242	krb5_timestamp last_pw_changed;

1265	1257	}
1266	1258
1267	1259	} /* Modify Key data ends here */
1268
1269		/* Auth indicators will also be stored in krbExtraData when processing
1270		* tl_data. */
1271		st = update_ldap_mod_auth_ind(context, entry, &mods);
1272		if (st != 0)
1273		goto cleanup;
1274	1260
1275	1261	/* Set tl_data */
1276	1262	if (entry->tl_data != NULL) {

1278	1264	struct berval **ber_tl_data = NULL;
1279	1265	krb5_tl_data *ptr;
1280	1266	krb5_timestamp unlock_time;
	1267
	1268	/* Normalize required auth indicators, but also store them as string
	1269	* attributes within krbExtraData. */
	1270	st = update_ldap_mod_auth_ind(context, entry, &mods);
	1271	if (st != 0)
	1272	goto cleanup;
	1273
1281	1274	for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
1282	1275	if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
1283	1276	#ifdef SECURID

+27

-45

src/plugins/kdb/lmdb/marshal.c less more

35	35	#include "klmdb-int.h"
36	36
37	37	static void
38		put16(struct k5buf *buf, uint16_t num)
39		{
40		uint8_t n[2];
41
42		store_16_le(num, n);
43		k5_buf_add_len(buf, n, 2);
44		}
45
46		static void
47		put32(struct k5buf *buf, uint32_t num)
48		{
49		uint8_t n[4];
50
51		store_32_le(num, n);
52		k5_buf_add_len(buf, n, 4);
53		}
54
55		static void
56	38	put_tl_data(struct k5buf buf, const krb5_tl_data tl)
57	39	{
58	40	for (; tl != NULL; tl = tl->tl_data_next) {
59		put16(buf, tl->tl_data_type);
60		put16(buf, tl->tl_data_length);
	41	k5_buf_add_uint16_le(buf, tl->tl_data_type);
	42	k5_buf_add_uint16_le(buf, tl->tl_data_length);
61	43	k5_buf_add_len(buf, tl->tl_data_contents, tl->tl_data_length);
62	44	}
63	45	}

75	57
76	58	k5_buf_init_dynamic(&buf);
77	59
78		put32(&buf, entry->attributes);
79		put32(&buf, entry->max_life);
80		put32(&buf, entry->max_renewable_life);
81		put32(&buf, entry->expiration);
82		put32(&buf, entry->pw_expiration);
83		put16(&buf, entry->n_tl_data);
84		put16(&buf, entry->n_key_data);
	60	k5_buf_add_uint32_le(&buf, entry->attributes);
	61	k5_buf_add_uint32_le(&buf, entry->max_life);
	62	k5_buf_add_uint32_le(&buf, entry->max_renewable_life);
	63	k5_buf_add_uint32_le(&buf, entry->expiration);
	64	k5_buf_add_uint32_le(&buf, entry->pw_expiration);
	65	k5_buf_add_uint16_le(&buf, entry->n_tl_data);
	66	k5_buf_add_uint16_le(&buf, entry->n_key_data);
85	67	put_tl_data(&buf, entry->tl_data);
86	68	for (i = 0; i < entry->n_key_data; i++) {
87	69	kd = &entry->key_data[i];
88		put16(&buf, kd->key_data_ver);
89		put16(&buf, kd->key_data_kvno);
	70	k5_buf_add_uint16_le(&buf, kd->key_data_ver);
	71	k5_buf_add_uint16_le(&buf, kd->key_data_kvno);
90	72	for (j = 0; j < kd->key_data_ver; j++) {
91		put16(&buf, kd->key_data_type[j]);
92		put16(&buf, kd->key_data_length[j]);
	73	k5_buf_add_uint16_le(&buf, kd->key_data_type[j]);
	74	k5_buf_add_uint16_le(&buf, kd->key_data_length[j]);
93	75	if (kd->key_data_length[j] > 0) {
94	76	k5_buf_add_len(&buf, kd->key_data_contents[j],
95	77	kd->key_data_length[j]);

124	106	*len_out = 0;
125	107
126	108	k5_buf_init_dynamic(&buf);
127		put32(&buf, pol->pw_min_life);
128		put32(&buf, pol->pw_max_life);
129		put32(&buf, pol->pw_min_length);
130		put32(&buf, pol->pw_min_classes);
131		put32(&buf, pol->pw_history_num);
132		put32(&buf, pol->pw_max_fail);
133		put32(&buf, pol->pw_failcnt_interval);
134		put32(&buf, pol->pw_lockout_duration);
135		put32(&buf, pol->attributes);
136		put32(&buf, pol->max_life);
137		put32(&buf, pol->max_renewable_life);
	109	k5_buf_add_uint32_le(&buf, pol->pw_min_life);
	110	k5_buf_add_uint32_le(&buf, pol->pw_max_life);
	111	k5_buf_add_uint32_le(&buf, pol->pw_min_length);
	112	k5_buf_add_uint32_le(&buf, pol->pw_min_classes);
	113	k5_buf_add_uint32_le(&buf, pol->pw_history_num);
	114	k5_buf_add_uint32_le(&buf, pol->pw_max_fail);
	115	k5_buf_add_uint32_le(&buf, pol->pw_failcnt_interval);
	116	k5_buf_add_uint32_le(&buf, pol->pw_lockout_duration);
	117	k5_buf_add_uint32_le(&buf, pol->attributes);
	118	k5_buf_add_uint32_le(&buf, pol->max_life);
	119	k5_buf_add_uint32_le(&buf, pol->max_renewable_life);
138	120
139	121	if (pol->allowed_keysalts == NULL) {
140		put32(&buf, 0);
	122	k5_buf_add_uint32_le(&buf, 0);
141	123	} else {
142		put32(&buf, strlen(pol->allowed_keysalts));
	124	k5_buf_add_uint32_le(&buf, strlen(pol->allowed_keysalts));
143	125	k5_buf_add(&buf, pol->allowed_keysalts);
144	126	}
145	127
146		put16(&buf, pol->n_tl_data);
	128	k5_buf_add_uint16_le(&buf, pol->n_tl_data);
147	129	put_tl_data(&buf, pol->tl_data);
148	130
149	131	if (k5_buf_status(&buf) != 0)

+624

-49

src/plugins/kdb/test/kdb_test.c less more

53	53	* # Initial number is kvno; defaults to 1.
54	54	* keys = 3 aes256-cts aes128-cts:normal
55	55	* keys = 2 rc4-hmac
	56	* strings = key1:value1
	57	* strings = key2:value2
56	58	* }
57	59	* }
58	60	* delegation = {
	61	* # Traditional constrained delegation; target_service
	62	* # must be in the same realm.
59	63	* intermediate_service = target_service
	64	* }
	65	* rbcd = {
	66	* # Resource-based constrained delegation;
	67	* # intermediate_service may be in a different realm.
	68	* target_service = intermediate_service
60	69	* }
61	70	* }
62	71	*
63		* Key values are generated using a hash of the kvno, enctype, salt type, and
64		* principal name. This module does not use master key encryption, so it
65		* serves as a partial test of the DAL's ability to avoid that.
	72	* Key values are generated using a hash of the kvno, enctype, salt type,
	73	* principal name, and lookup realm. This module does not use master key
	74	* encryption, so it serves as a partial test of the DAL's ability to avoid
	75	* that.
66	76	*
67		* For cross realm, just add outbound 'krbtgt/OTHER_REALM' principal to each
68		* kdc configuration, while for inbound trust the local krbtgt will be used.
	77	* Inbound cross-realm TGT entries are currently implicit; they will use the
	78	* same configuration and key enctypes as the local krbtgt principal, although
	79	* they will use different keys (because the lookup realm is hashed in).
	80	* Outgoing cross-realm TGT entries must be added explicitly
	81	* (krbtgt/OTHER_REALM).
69	82	*/
70	83
71	84	#include "k5-int.h"

74	87	#include <ctype.h>
75	88
76	89	#define TEST_AD_TYPE -456
	90
	91	#define IS_TGS_PRINC(p) ((p)->length == 2 && \
	92	data_eq_string((p)->data[0], KRB5_TGS_NAME))
77	93
78	94	typedef struct {
79	95	void *profile;

172	188	* salttype, and princstr for the key bytes. */
173	189	static void
174	190	make_keyblock(krb5_kvno kvno, krb5_enctype etype, int32_t salttype,
175		const char princstr, krb5_keyblock kb_out)
	191	const char princstr, const krb5_data realm,
	192	krb5_keyblock *kb_out)
176	193	{
177	194	size_t keybytes, keylength, pos, n;
178	195	char *hashstr;

183	200	alloc_data(&rndin, keybytes);
184	201
185	202	/* Hash the kvno, enctype, salt type, and principal name together. */
186		if (asprintf(&hashstr, "%d %d %d %s", (int)kvno, (int)etype,
187		(int)salttype, princstr) < 0)
	203	if (asprintf(&hashstr, "%d %d %d %s %.*s", (int)kvno, (int)etype,
	204	(int)salttype, princstr, (int)realm->length, realm->data) < 0)
188	205	abort();
189	206	d = string2data(hashstr);
190	207	check(krb5_c_make_checksum(NULL, CKSUMTYPE_NIST_SHA, NULL, 0, &d, &cksum));

207	224	/* Return key data for the given key/salt tuple strings, using hashes of the
208	225	* enctypes, salts, and princstr for the key contents. */
209	226	static void
210		make_keys(char *strings, const char princstr, krb5_db_entry *ent)
	227	make_keys(char *strings, const char princstr, const krb5_data *realm,
	228	krb5_db_entry *ent)
211	229	{
212	230	krb5_key_data key_data, kd;
213	231	krb5_keyblock kb;

245	263	ks = ks_lists[i];
246	264	for (j = 0; j < ks_list_sizes[i]; j++) {
247	265	make_keyblock(kvnos[i], ks[j].ks_enctype, ks[j].ks_salttype,
248		princstr, &kb);
	266	princstr, realm, &kb);
249	267	kd->key_data_ver = 2;
250	268	kd->key_data_kvno = kvnos[i];
251	269	kd->key_data_type[0] = ks[j].ks_enctype;

265	283	ent->n_key_data = nkeys;
266	284	}
267	285
	286	static void
	287	make_strings(char *stringattrs, krb5_db_entry ent)
	288	{
	289	struct k5buf buf;
	290	char **p;
	291	const char str, sep;
	292	krb5_tl_data *tl;
	293
	294	k5_buf_init_dynamic(&buf);
	295	for (p = stringattrs; *p != NULL; p++) {
	296	str = *p;
	297	sep = strchr(str, ':');
	298	assert(sep != NULL);
	299	k5_buf_add_len(&buf, str, sep - str);
	300	k5_buf_add_len(&buf, "\0", 1);
	301	k5_buf_add_len(&buf, sep + 1, strlen(sep + 1) + 1);
	302	}
	303	assert(buf.data != NULL);
	304
	305	tl = ealloc(sizeof(*ent->tl_data));
	306	tl->tl_data_next = NULL;
	307	tl->tl_data_type = KRB5_TL_STRING_ATTRS;
	308	tl->tl_data_length = buf.len;
	309	tl->tl_data_contents = buf.data;
	310	ent->tl_data = tl;
	311	}
	312
268	313	static krb5_error_code
269	314	test_init()
270	315	{

322	367	krb5_principal princ = NULL, tgtprinc;
323	368	krb5_principal_data empty_princ = { KV5M_PRINCIPAL };
324	369	testhandle h = context->dal_handle->db_context;
325		char search_name = NULL, canon = NULL, flagstr, names, *key_strings;
	370	char search_name = NULL, canon = NULL, *flagstr;
	371	char names, key_strings, **stringattrs;
326	372	const char *ename;
327	373	krb5_db_entry *ent;
328	374

333	379	&search_name));
334	380	canon = get_string(h, "alias", search_name, NULL);
335	381	if (canon != NULL) {
336		if (!(flags & KRB5_KDB_FLAG_ALIAS_OK) &&
337		search_for->type != KRB5_NT_ENTERPRISE_PRINCIPAL) {
338		ret = KRB5_KDB_NOENTRY;
339		goto cleanup;
340		}
341	382	check(krb5_parse_name(context, canon, &princ));
342	383	if (!krb5_realm_compare(context, search_for, princ)) {
343		if (flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) {
	384	/* Out of realm */
	385	if ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) &&
	386	((flags & KRB5_KDB_FLAG_CANONICALIZE) \|\|
	387	search_for->type == KRB5_NT_ENTERPRISE_PRINCIPAL)) {
344	388	/* Return a client referral by creating an entry with only the
345	389	* principal set. */
346	390	entry = ealloc(sizeof(*entry));

400	444	ent->pw_expiration = get_time(h, "princs", ename, "pwexpiration");
401	445
402	446	/* Leave last_success, last_failed, fail_auth_count zeroed. */
403		/* Leave tl_data and e_data empty. */
	447	/* Leave e_data empty. */
404	448
405	449	set_names(h, "princs", ename, "keys");
406	450	ret = profile_get_values(h->profile, h->names, &key_strings);
407	451	if (ret != PROF_NO_RELATION) {
408		make_keys(key_strings, ename, ent);
	452	make_keys(key_strings, ename, &search_for->realm, ent);
409	453	profile_free_list(key_strings);
	454	}
	455
	456	set_names(h, "princs", ename, "strings");
	457	ret = profile_get_values(h->profile, h->names, &stringattrs);
	458	if (ret != PROF_NO_RELATION) {
	459	make_strings(stringattrs, ent);
	460	profile_free_list(stringattrs);
410	461	}
411	462
412	463	/* We must include mod-princ data or kadm5_get_principal() won't work and

414	465	check(krb5_dbe_update_mod_princ_data(context, ent, 0, &empty_princ));
415	466
416	467	*entry = ent;
	468	ret = 0;
417	469
418	470	cleanup:
419	471	krb5_free_unparsed_name(context, search_name);
420	472	krb5_free_principal(context, princ);
421	473	free(canon);
422	474	return ret;
	475	}
	476
	477	static void
	478	lookup_princ_by_cert(krb5_context context, const krb5_data *client_cert,
	479	krb5_principal *princ)
	480	{
	481	krb5_error_code ret;
	482	char *cert_princ_name;
	483
	484	/* The test client sends a principal string instead of a cert. */
	485	cert_princ_name = k5memdup0(client_cert->data, client_cert->length, &ret);
	486	check(ret);
	487
	488	check(krb5_parse_name(context, cert_princ_name, princ));
	489	free(cert_princ_name);
	490	}
	491
	492	static krb5_error_code
	493	test_get_s4u_x509_principal(krb5_context context, const krb5_data *client_cert,
	494	krb5_const_principal princ, unsigned int flags,
	495	krb5_db_entry **entry)
	496	{
	497	krb5_error_code ret;
	498	krb5_principal cert_princ, canon_princ;
	499	testhandle h = context->dal_handle->db_context;
	500	krb5_boolean match;
	501	char canon, princ_name;
	502
	503	lookup_princ_by_cert(context, client_cert, &cert_princ);
	504
	505	ret = test_get_principal(context, cert_princ, flags, entry);
	506	krb5_free_principal(context, cert_princ);
	507	if (ret \|\| (flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY))
	508	return ret;
	509
	510	if (!krb5_realm_compare(context, princ, (*entry)->princ))
	511	abort();
	512
	513	if (princ->length == 0 \|\|
	514	krb5_principal_compare(context, princ, (*entry)->princ))
	515	return 0;
	516
	517	match = FALSE;
	518	check(krb5_unparse_name_flags(context, princ,
	519	KRB5_PRINCIPAL_UNPARSE_NO_REALM,
	520	&princ_name));
	521	canon = get_string(h, "alias", princ_name, NULL);
	522	krb5_free_unparsed_name(context, princ_name);
	523	if (canon != NULL) {
	524	check(krb5_parse_name(context, canon, &canon_princ));
	525	match = krb5_principal_compare(context, canon_princ, (*entry)->princ);
	526	krb5_free_principal(context, canon_princ);
	527	}
	528
	529	free(canon);
	530	return match ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
423	531	}
424	532
425	533	static krb5_error_code

478	586	return 0;
479	587	}
480	588
	589	typedef struct {
	590	char *pac_princ;
	591	struct {
	592	char *proxy_target;
	593	char *impersonator;
	594	} deleg_info;
	595	krb5_boolean not_delegated;
	596	krb5_pac pac;
	597	} pac_info;
	598
	599	static void
	600	free_pac_info(krb5_context context, pac_info *info)
	601	{
	602	if (info == NULL)
	603	return;
	604
	605	free(info->pac_princ);
	606	free(info->deleg_info.proxy_target);
	607	free(info->deleg_info.impersonator);
	608	krb5_pac_free(context, info->pac);
	609	free(info);
	610	}
	611
	612	/*
	613	* Create a PAC object with a fake logon-info blob. Instead of a real
	614	* KERB_VALIDATION_INFO structure, store a byte indicating whether the
	615	* USER_NOT_DELEGATED bit is set.
	616	*/
	617	static krb5_error_code
	618	create_pac(krb5_context context, krb5_boolean not_delegated, krb5_pac *pac_out)
	619	{
	620	krb5_data data;
	621	krb5_pac pac;
	622	char nd;
	623
	624	nd = not_delegated ? 1 : 0;
	625	data = make_data(&nd, 1);
	626	check(krb5_pac_init(context, &pac));
	627	check(krb5_pac_add_buffer(context, pac, KRB5_PAC_LOGON_INFO, &data));
	628
	629	*pac_out = pac;
	630	return 0;
	631	}
	632
	633	/* Create a fake PAC, setting the USER_NOT_DELEGATED bit if the client DB entry
	634	* disallows forwardable tickets. */
	635	static krb5_error_code
	636	create_pac_db(krb5_context context, krb5_db_entry client, krb5_pac pac_out)
	637	{
	638	krb5_boolean not_delegated;
	639	/* Use disallow_forwardable as delegation_not_allowed attribute */
	640	not_delegated = (client->attributes & KRB5_KDB_DISALLOW_FORWARDABLE);
	641	return create_pac(context, not_delegated, pac_out);
	642	}
	643
	644	/* Locate the PAC in tgt_authdata and set *pac_out to its PAC object
	645	* representation. Set it to NULL if no PAC is present. */
	646	static void
	647	parse_ticket_pac(krb5_context context, krb5_authdata **tgt_auth_data,
	648	krb5_pac *pac_out)
	649	{
	650	krb5_authdata **authdata;
	651
	652	*pac_out = NULL;
	653
	654	check(krb5_find_authdata(context, tgt_auth_data, NULL,
	655	KRB5_AUTHDATA_WIN2K_PAC, &authdata));
	656	if (authdata == NULL)
	657	return;
	658	assert(authdata[1] == NULL);
	659	check(krb5_pac_parse(context, authdata[0]->contents, authdata[0]->length,
	660	pac_out));
	661	krb5_free_authdata(context, authdata);
	662	}
	663
	664	/* Verify the KDC signature against the local TGT key. tgt_key must be the
	665	* decrypted first key data entry of tgt. */
	666	static krb5_error_code
	667	verify_kdc_signature(krb5_context context, krb5_pac pac,
	668	krb5_keyblock tgt_key, krb5_db_entry tgt)
	669	{
	670	krb5_error_code ret;
	671	krb5_key_data *kd;
	672	krb5_keyblock old_key;
	673	krb5_kvno kvno;
	674	int tries;
	675
	676	ret = krb5_pac_verify(context, pac, 0, NULL, NULL, tgt_key);
	677	if (ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
	678	return ret;
	679
	680	kvno = tgt->key_data[0].key_data_kvno - 1;
	681
	682	/* There is no kvno in PAC signatures, so try two previous versions. */
	683	for (tries = 2; tries > 0 && kvno > 0; tries--, kvno--) {
	684	ret = krb5_dbe_find_enctype(context, tgt, -1, -1, kvno, &kd);
	685	if (ret)
	686	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
	687	ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &old_key, NULL);
	688	if (ret)
	689	return ret;
	690	ret = krb5_pac_verify(context, pac, 0, NULL, NULL, &old_key);
	691	krb5_free_keyblock_contents(context, &old_key);
	692	if (!ret)
	693	return 0;
	694
	695	/* Try the next lower kvno on the next iteration. */
	696	kvno = kd->key_data_kvno - 1;
	697	}
	698
	699	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
	700	}
	701
	702	static krb5_error_code
	703	verify_ticket_pac(krb5_context context, krb5_pac pac, unsigned int flags,
	704	krb5_const_principal client_princ, krb5_boolean check_realm,
	705	krb5_keyblock server_key, krb5_keyblock local_tgt_key,
	706	krb5_db_entry *local_tgt, krb5_timestamp authtime)
	707	{
	708	check(krb5_pac_verify_ext(context, pac, authtime, client_princ, server_key,
	709	NULL, check_realm));
	710	if (flags & KRB5_KDB_FLAG_CROSS_REALM)
	711	return 0;
	712	return verify_kdc_signature(context, pac, local_tgt_key, local_tgt);
	713	}
	714
	715	static void
	716	get_pac_info(krb5_context context, krb5_authdata **in_authdata,
	717	pac_info **info_out)
	718	{
	719	krb5_error_code ret;
	720	krb5_pac pac = NULL;
	721	krb5_data data;
	722	char *sep = NULL;
	723	pac_info *info;
	724
	725	*info_out = NULL;
	726
	727	parse_ticket_pac(context, in_authdata, &pac);
	728	if (pac == NULL)
	729	return;
	730
	731	info = ealloc(sizeof(*info));
	732
	733	/* Read the fake logon-info buffer from the PAC and set not_delegated
	734	* according to the byte value. */
	735	check(krb5_pac_get_client_info(context, pac, NULL, &info->pac_princ));
	736	check(krb5_pac_get_buffer(context, pac, KRB5_PAC_LOGON_INFO, &data));
	737	assert(data.length == 1);
	738	info->not_delegated = *data.data;
	739	krb5_free_data_contents(context, &data);
	740
	741	ret = krb5_pac_get_buffer(context, pac, KRB5_PAC_DELEGATION_INFO, &data);
	742	if (ret && ret != ENOENT)
	743	abort();
	744	if (!ret) {
	745	sep = memchr(data.data, ':', data.length);
	746	assert(sep != NULL);
	747	info->deleg_info.proxy_target = k5memdup0(data.data, sep - data.data,
	748	&ret);
	749	check(ret);
	750	info->deleg_info.impersonator = k5memdup0(sep + 1, data.length - 1 -
	751	(sep - data.data), &ret);
	752	check(ret);
	753	krb5_free_data_contents(context, &data);
	754	}
	755
	756	info->pac = pac;
	757	*info_out = info;
	758	}
	759
	760	/* Add a fake delegation-info buffer to pac containing the proxy target and
	761	* impersonator from info. */
	762	static void
	763	add_delegation_info(krb5_context context, krb5_pac pac, pac_info *info)
	764	{
	765	krb5_data data;
	766	char *str;
	767
	768	if (info->deleg_info.proxy_target == NULL)
	769	return;
	770
	771	if (asprintf(&str, "%s:%s", info->deleg_info.proxy_target,
	772	info->deleg_info.impersonator) < 0)
	773	abort();
	774	data = string2data(str);
	775	check(krb5_pac_add_buffer(context, pac, KRB5_PAC_DELEGATION_INFO, &data));
	776	free(str);
	777	}
	778
	779	/* Set *out to an AD-IF-RELEVANT authdata element containing a PAC authdata
	780	* element with contents pac_data. */
	781	static void
	782	encode_pac_ad(krb5_context context, krb5_data pac_data, krb5_authdata *out)
	783	{
	784	krb5_authdata pac_ad, list[2], *ifrel;
	785
	786	pac_ad.magic = KV5M_AUTHDATA;
	787	pac_ad.ad_type = KRB5_AUTHDATA_WIN2K_PAC;
	788	pac_ad.contents = (krb5_octet *)pac_data->data;;
	789	pac_ad.length = pac_data->length;
	790	list[0] = &pac_ad;
	791	list[1] = NULL;
	792
	793	check(krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT,
	794	list, &ifrel));
	795	assert(ifrel[1] == NULL);
	796	*out = ifrel[0];
	797	free(ifrel);
	798	}
	799
	800	/* Parse a PAC client-info string into a principal name. If xrealm_s4u is
	801	* true, expect a realm in the string. */
	802	static krb5_error_code
	803	parse_pac_princ(krb5_context context, krb5_boolean xrealm_s4u, char *pac_princ,
	804	krb5_principal *client_out)
	805	{
	806	int n_atsigns = 0, flags = 0;
	807	char *p = pac_princ;
	808
	809	while (*p++) {
	810	if (*p == '@')
	811	n_atsigns++;
	812	}
	813	if (xrealm_s4u) {
	814	flags \|= KRB5_PRINCIPAL_PARSE_REQUIRE_REALM;
	815	n_atsigns--;
	816	} else {
	817	flags \|= KRB5_PRINCIPAL_PARSE_NO_REALM;
	818	}
	819	assert(n_atsigns == 0 \|\| n_atsigns == 1);
	820	if (n_atsigns == 1)
	821	flags \|= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
	822	check(krb5_parse_name_flags(context, pac_princ, flags, client_out));
	823	(*client_out)->type = KRB5_NT_MS_PRINCIPAL;
	824	return 0;
	825	}
	826
	827	/* Set *ad_out to a fake PAC for testing, or to NULL if it doesn't make sense
	828	* to generate a PAC for the request. */
	829	static void
	830	generate_pac(krb5_context context, unsigned int flags,
	831	krb5_const_principal client_princ,
	832	krb5_const_principal server_princ, krb5_db_entry *client,
	833	krb5_db_entry header_server, krb5_db_entry local_tgt,
	834	krb5_keyblock server_key, krb5_keyblock header_key,
	835	krb5_keyblock *local_tgt_key, krb5_timestamp authtime,
	836	pac_info info, krb5_authdata *ad_out)
	837	{
	838	krb5_boolean sign_realm, check_realm;
	839	krb5_data pac_data;
	840	krb5_pac pac = NULL;
	841	krb5_principal pac_princ = NULL;
	842
	843	*ad_out = NULL;
	844
	845	check_realm = ((flags & KRB5_KDB_FLAGS_S4U) &&
	846	(flags & KRB5_KDB_FLAG_CROSS_REALM));
	847	sign_realm = ((flags & KRB5_KDB_FLAGS_S4U) &&
	848	(flags & KRB5_KDB_FLAG_ISSUING_REFERRAL));
	849
	850	if (client != NULL &&
	851	((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) \|\|
	852	(flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
	853	/* For AS or local-realm S4U2Self, generate an initial PAC. */
	854	check(create_pac_db(context, client, &pac));
	855	} else if (info == NULL) {
	856	/* If there is no input PAC, do not generate one. */
	857	assert((flags & KRB5_KDB_FLAGS_S4U) == 0);
	858	return;
	859	} else {
	860	if (IS_TGS_PRINC(server_princ) &&
	861	info->deleg_info.proxy_target != NULL) {
	862	/* RBCD transitive trust. */
	863	assert(flags & KRB5_KDB_FLAG_CROSS_REALM);
	864	assert(!(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION));
	865	check(parse_pac_princ(context, TRUE, info->pac_princ, &pac_princ));
	866	client_princ = pac_princ;
	867	check_realm = TRUE;
	868	sign_realm = TRUE;
	869	} else if ((flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) &&
	870	!(flags & KRB5_KDB_FLAG_CROSS_REALM)) {
	871	/*
	872	* Initial RBCD and old constrained delegation requests to
	873	* impersonator realm; create delegation info blob. We cannot
	874	* assume that proxy_target is NULL as the evidence ticket could
	875	* have been acquired via constrained delegation.
	876	*/
	877	free(info->deleg_info.proxy_target);
	878	check(krb5_unparse_name_flags(context, server_princ,
	879	KRB5_PRINCIPAL_UNPARSE_NO_REALM,
	880	&info->deleg_info.proxy_target));
	881	/* This is supposed to be a list of impersonators, but we currently
	882	* only deal with one. */
	883	free(info->deleg_info.impersonator);
	884	check(krb5_unparse_name(context, header_server->princ,
	885	&info->deleg_info.impersonator));
	886	} else if (flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
	887	/* Last cross realm RBCD request to proxy realm. */
	888	assert(info->deleg_info.proxy_target != NULL);
	889	}
	890
	891	/* We have already verified the PAC in get_authdata_info, but we should
	892	* be able to verify the signatures here as well. */
	893	check(verify_ticket_pac(context, info->pac, flags, client_princ,
	894	check_realm, header_key, local_tgt_key,
	895	local_tgt, authtime));
	896
	897	/* Create a new pac as we may be altering pac principal's realm */
	898	check(create_pac(context, info->not_delegated, &pac));
	899	add_delegation_info(context, pac, info);
	900	}
	901	check(krb5_pac_sign_ext(context, pac, authtime, client_princ, server_key,
	902	local_tgt_key, sign_realm, &pac_data));
	903	krb5_pac_free(context, pac);
	904	krb5_free_principal(context, pac_princ);
	905	encode_pac_ad(context, &pac_data, ad_out);
	906	krb5_free_data_contents(context, &pac_data);
	907	}
	908
481	909	static krb5_error_code
482	910	test_sign_authdata(krb5_context context, unsigned int flags,
483		krb5_const_principal client_princ, krb5_db_entry *client,
484		krb5_db_entry server, krb5_db_entry krbtgt,
485		krb5_keyblock client_key, krb5_keyblock server_key,
486		krb5_keyblock krbtgt_key, krb5_keyblock session_key,
	911	krb5_const_principal client_princ,
	912	krb5_const_principal server_princ, krb5_db_entry *client,
	913	krb5_db_entry server, krb5_db_entry header_server,
	914	krb5_db_entry local_tgt, krb5_keyblock client_key,
	915	krb5_keyblock server_key, krb5_keyblock header_key,
	916	krb5_keyblock local_tgt_key, krb5_keyblock session_key,
487	917	krb5_timestamp authtime, krb5_authdata **tgt_auth_data,
	918	void ad_info, krb5_data **auth_indicators,
488	919	krb5_authdata ***signed_auth_data)
489	920	{
490		krb5_authdata *list, ad;
491
492		ad = ealloc(sizeof(*ad));
493		ad->magic = KV5M_AUTHDATA;
494		ad->ad_type = TEST_AD_TYPE;
495		ad->contents = (uint8_t *)estrdup("db-authdata-test");
496		ad->length = strlen((char *)ad->contents);
497		list = ealloc(2 * sizeof(*list));
498		list[0] = ad;
499		list[1] = NULL;
	921	krb5_authdata pac_ad = NULL, test_ad = NULL, **list;
	922	krb5_data **inds, d;
	923	int i, val;
	924
	925	/* Possibly create a PAC authdata element. */
	926	generate_pac(context, flags, client_princ, server_princ, client,
	927	header_server, local_tgt, server_key, header_key,
	928	local_tgt_key, authtime, ad_info, &pac_ad);
	929
	930	/* Always create a TEST_AD_TYPE element. */
	931	test_ad = ealloc(sizeof(*test_ad));
	932	test_ad->magic = KV5M_AUTHDATA;
	933	test_ad->ad_type = TEST_AD_TYPE;
	934	test_ad->contents = (uint8_t *)estrdup("db-authdata-test");
	935	test_ad->length = strlen((char *)test_ad->contents);
	936
	937	/* Assemble the authdata into a one-element or two-element list.
	938	* The PAC must be the first element. */
	939	list = ealloc(3 * sizeof(*list));
	940	list[0] = (pac_ad != NULL) ? pac_ad : test_ad;
	941	list[1] = (pac_ad != NULL) ? test_ad : NULL;
	942	list[2] = NULL;
500	943	*signed_auth_data = list;
	944
	945	/* If we see an auth indicator "dbincrX", replace the whole indicator list
	946	* with "dbincr{X+1}". */
	947	inds = *auth_indicators;
	948	for (i = 0; inds != NULL && inds[i] != NULL; i++) {
	949	if (inds[i]->length == 7 && memcmp(inds[i]->data, "dbincr", 6) == 0) {
	950	val = inds[i]->data[6];
	951	k5_free_data_ptr_list(inds);
	952	inds = ealloc(2 * sizeof(*inds));
	953	d = string2data("dbincr0");
	954	check(krb5_copy_data(context, &d, &inds[0]));
	955	inds[0]->data[6] = val + 1;
	956	inds[1] = NULL;
	957	*auth_indicators = inds;
	958	break;
	959	}
	960	}
	961
501	962	return 0;
	963	}
	964
	965	static krb5_boolean
	966	match_in_table(krb5_context context, const char table, const char sprinc,
	967	const char *tprinc)
	968	{
	969	testhandle h = context->dal_handle->db_context;
	970	krb5_error_code ret;
	971	char values, v;
	972	krb5_boolean found = FALSE;
	973
	974	set_names(h, table, sprinc, NULL);
	975	ret = profile_get_values(h->profile, h->names, &values);
	976	assert(ret == 0 \|\| ret == PROF_NO_RELATION);
	977	if (ret)
	978	return FALSE;
	979	for (v = values; *v != NULL; v++) {
	980	if (strcmp(*v, tprinc) == 0) {
	981	found = TRUE;
	982	break;
	983	}
	984	}
	985	profile_free_list(values);
	986	return found;
502	987	}
503	988
504	989	static krb5_error_code

507	992	const krb5_db_entry *server,
508	993	krb5_const_principal proxy)
509	994	{
510		krb5_error_code ret;
511		testhandle h = context->dal_handle->db_context;
512		char sprinc, tprinc, values, v;
	995	char sprinc, tprinc;
513	996	krb5_boolean found = FALSE;
514	997
515	998	check(krb5_unparse_name_flags(context, server->princ,
516	999	KRB5_PRINCIPAL_UNPARSE_NO_REALM, &sprinc));
517	1000	check(krb5_unparse_name_flags(context, proxy,
518	1001	KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tprinc));
519		set_names(h, "delegation", sprinc, NULL);
520		ret = profile_get_values(h->profile, h->names, &values);
521		if (ret != PROF_NO_RELATION) {
522		for (v = values; *v != NULL; v++) {
523		if (strcmp(*v, tprinc) == 0) {
524		found = TRUE;
525		break;
526		}
527		}
528		profile_free_list(values);
529		}
	1002	found = match_in_table(context, "delegation", sprinc, tprinc);
530	1003	krb5_free_unparsed_name(context, sprinc);
531	1004	krb5_free_unparsed_name(context, tprinc);
532	1005	return found ? 0 : KRB5KDC_ERR_POLICY;
533	1006	}
534	1007
	1008	static krb5_error_code
	1009	test_allowed_to_delegate_from(krb5_context context,
	1010	krb5_const_principal client,
	1011	krb5_const_principal server,
	1012	void server_ad_info, const krb5_db_entry proxy)
	1013	{
	1014	char sprinc, tprinc;
	1015	pac_info info = (pac_info )server_ad_info;
	1016	krb5_boolean found = FALSE;
	1017
	1018	check(krb5_unparse_name(context, proxy->princ, &sprinc));
	1019	check(krb5_unparse_name(context, server, &tprinc));
	1020	assert(strncmp(info->pac_princ, tprinc, strlen(info->pac_princ)) == 0);
	1021	found = match_in_table(context, "rbcd", sprinc, tprinc);
	1022	krb5_free_unparsed_name(context, sprinc);
	1023	krb5_free_unparsed_name(context, tprinc);
	1024	return found ? 0 : KRB5KDC_ERR_POLICY;
	1025	}
	1026
	1027	static krb5_error_code
	1028	test_get_authdata_info(krb5_context context, unsigned int flags,
	1029	krb5_authdata **in_authdata,
	1030	krb5_const_principal client_princ,
	1031	krb5_const_principal server_princ,
	1032	krb5_keyblock server_key, krb5_keyblock krbtgt_key,
	1033	krb5_db_entry *krbtgt, krb5_timestamp authtime,
	1034	void *ad_info_out, krb5_principal client_out)
	1035	{
	1036	pac_info *info = NULL;
	1037	krb5_boolean rbcd_transitive, xrealm_s4u;
	1038	krb5_principal pac_princ = NULL;
	1039	char proxy_name = NULL, impersonator_name = NULL;
	1040
	1041	get_pac_info(context, in_authdata, &info);
	1042	if (info == NULL)
	1043	return 0;
	1044
	1045	/* Transitive RBCD requests are not flagged as constrained delegation */
	1046	if (info->not_delegated &&
	1047	(info->deleg_info.proxy_target \|\|
	1048	(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))) {
	1049	free_pac_info(context, info);
	1050	return KRB5KDC_ERR_BADOPTION;
	1051	}
	1052
	1053	rbcd_transitive = IS_TGS_PRINC(server_princ) &&
	1054	(flags & KRB5_KDB_FLAG_CROSS_REALM) && info->deleg_info.proxy_target &&
	1055	!(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
	1056
	1057	xrealm_s4u = rbcd_transitive \|\| ((flags & KRB5_KDB_FLAG_CROSS_REALM) &&
	1058	(flags & KRB5_KDB_FLAGS_S4U));
	1059
	1060	check(parse_pac_princ(context, xrealm_s4u, info->pac_princ, &pac_princ));
	1061
	1062	/* Cross-realm and transitive trust RBCD requests */
	1063	if (rbcd_transitive \|\| ((flags & KRB5_KDB_FLAG_CROSS_REALM) &&
	1064	(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))) {
	1065	assert(info->deleg_info.proxy_target != NULL);
	1066	assert(info->deleg_info.impersonator != NULL);
	1067	/* We must be able to find the impersonator in the delegation info. */
	1068	assert(!krb5_principal_compare(context, client_princ, pac_princ));
	1069	check(krb5_unparse_name(context, client_princ, &impersonator_name));
	1070	assert(strcmp(info->deleg_info.impersonator, impersonator_name) == 0);
	1071	krb5_free_unparsed_name(context, impersonator_name);
	1072	client_princ = pac_princ;
	1073	/* In the non-transitive case we can match the proxy too. */
	1074	if (!rbcd_transitive) {
	1075	check(krb5_unparse_name_flags(context, server_princ,
	1076	KRB5_PRINCIPAL_UNPARSE_NO_REALM,
	1077	&proxy_name));
	1078	assert(info->deleg_info.proxy_target != NULL);
	1079	assert(strcmp(info->deleg_info.proxy_target, proxy_name) == 0);
	1080	krb5_free_unparsed_name(context, proxy_name);
	1081	}
	1082	}
	1083
	1084	check(verify_ticket_pac(context, info->pac, flags, client_princ,
	1085	xrealm_s4u, server_key, krbtgt_key, krbtgt,
	1086	authtime));
	1087
	1088	*ad_info_out = info;
	1089	if (client_out != NULL)
	1090	*client_out = pac_princ;
	1091	else
	1092	krb5_free_principal(context, pac_princ);
	1093
	1094	return 0;
	1095	}
	1096
	1097	static void
	1098	test_free_authdata_info(krb5_context context, void *ad_info)
	1099	{
	1100	pac_info info = (pac_info )ad_info;
	1101
	1102	free_pac_info(context, info);
	1103	}
	1104
535	1105	kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_test, kdb_function_table) = {
536	1106	KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */
537		0, /* minor version number 0 */
	1107	0, /* minor version number */
538	1108	test_init,
539	1109	test_cleanup,
540	1110	test_open,

568	1138	NULL, /* check_policy_tgs */
569	1139	NULL, /* audit_as_req */
570	1140	NULL, /* refresh_config */
571		test_check_allowed_to_delegate
	1141	test_check_allowed_to_delegate,
	1142	NULL, /* free_principal_e_data */
	1143	test_get_s4u_x509_principal,
	1144	test_allowed_to_delegate_from,
	1145	test_get_authdata_info,
	1146	test_free_authdata_info
572	1147	};

+1

-1

src/plugins/preauth/pkinit/pkcs11.h less more

11	11	PURPOSE. */
12	12
13	13	/* Please submit changes back to the Scute project at
14		http://www.scute.org/ (or send them to marcus@g10code.com), so that
	14	https://www.scute.org/ (or send them to marcus@g10code.com), so that
15	15	they can be picked up by other projects from there as well. */
16	16
17	17	/* This file is a modified implementation of the PKCS #11 standard by

+0

-9

src/plugins/preauth/pkinit/pkinit.h less more

212	212	pkinit_identity_opts *idopts;
213	213	int do_identity_matching;
214	214	krb5_preauthtype pa_type;
215		int rfc4556_kdc;
216	215	int rfc6112_kdc;
217	216	int identity_initialized;
218	217	int identity_prompted;

243	242	int magic;
244	243	pkinit_req_crypto_context cryptoctx;
245	244	krb5_auth_pack *rcv_auth_pack;
246		krb5_auth_pack_draft9 *rcv_auth_pack9;
247	245	krb5_preauthtype pa_type;
248	246	};
249	247	typedef struct _pkinit_kdc_req_context *pkinit_kdc_req_context;

328	326	* initialization and free functions
329	327	*/
330	328	void init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
331		void init_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in);
332	329	void init_krb5_reply_key_pack(krb5_reply_key_pack **in);
333		void init_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in);
334	330
335	331	void init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
336		void init_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in);
337	332	void init_krb5_subject_pk_info(krb5_subject_pk_info **in);
338	333
339	334	void free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
340		void free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in);
341	335	void free_krb5_reply_key_pack(krb5_reply_key_pack **in);
342		void free_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in);
343	336	void free_krb5_auth_pack(krb5_auth_pack **in);
344		void free_krb5_auth_pack_draft9(krb5_context, krb5_auth_pack_draft9 **in);
345	337	void free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
346		void free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in);
347	338	void free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in);
348	339	void free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in);
349	340	void free_krb5_algorithm_identifier(krb5_algorithm_identifier *in);

+0

-12

src/plugins/preauth/pkinit/pkinit_accessor.c less more

40	40	krb5_error_code (k5int_decode_##type)(const krb5_data , type ***)
41	41
42	42	DEF_FUNC_PTRS(krb5_auth_pack);
43		DEF_FUNC_PTRS(krb5_auth_pack_draft9);
44	43	DEF_FUNC_PTRS(krb5_kdc_dh_key_info);
45	44	DEF_FUNC_PTRS(krb5_pa_pk_as_rep);
46	45	DEF_FUNC_PTRS(krb5_pa_pk_as_req);
47		DEF_FUNC_PTRS(krb5_pa_pk_as_req_draft9);
48	46	DEF_FUNC_PTRS(krb5_reply_key_pack);
49		DEF_FUNC_PTRS(krb5_reply_key_pack_draft9);
50	47
51	48	/* special cases... */
52	49	krb5_error_code
53	50	(k5int_decode_krb5_principal_name)(const krb5_data , krb5_principal_data **);
54
55		krb5_error_code
56		(k5int_encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 ,
57		krb5_data **code);
58	51
59	52	krb5_error_code
60	53	(k5int_encode_krb5_td_dh_parameters)(krb5_algorithm_identifier const *,

100	93	k5int_decode_##type = k5int.decode_##type;
101	94
102	95	SET_PTRS(krb5_auth_pack);
103		SET_PTRS(krb5_auth_pack_draft9);
104	96	SET_PTRS(krb5_kdc_dh_key_info);
105	97	SET_PTRS(krb5_pa_pk_as_rep);
106	98	SET_PTRS(krb5_pa_pk_as_req);
107		SET_PTRS(krb5_pa_pk_as_req_draft9);
108	99	SET_PTRS(krb5_reply_key_pack);
109		SET_PTRS(krb5_reply_key_pack_draft9);
110	100	SET_PTRS(krb5_td_dh_parameters);
111	101	SET_PTRS(krb5_td_trusted_certifiers);
112	102
113	103	/* special cases... */
114	104	k5int_decode_krb5_principal_name = k5int.decode_krb5_principal_name;
115	105	k5int_encode_krb5_kdc_req_body = k5int.encode_krb5_kdc_req_body;
116		k5int_encode_krb5_pa_pk_as_rep_draft9 = \
117		k5int.encode_krb5_pa_pk_as_rep_draft9;
118	106	k5int_krb5_free_kdc_req = k5int.free_kdc_req;
119	107	k5int_set_prompt_types = k5int.set_prompt_types;
120	108	return 0;

+0

-6

src/plugins/preauth/pkinit/pkinit_accessor.h less more

44	44	extern krb5_error_code (k5int_decode_##type)(const krb5_data , type ***)
45	45
46	46	DEF_EXT_FUNC_PTRS(krb5_auth_pack);
47		DEF_EXT_FUNC_PTRS(krb5_auth_pack_draft9);
48	47	DEF_EXT_FUNC_PTRS(krb5_kdc_dh_key_info);
49	48	DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_rep);
50	49	DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_req);
51		DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_req_draft9);
52	50	DEF_EXT_FUNC_PTRS(krb5_reply_key_pack);
53		DEF_EXT_FUNC_PTRS(krb5_reply_key_pack_draft9);
54	51
55	52	/* special cases... */
56	53	extern krb5_error_code (*k5int_decode_krb5_principal_name)
57	54	(const krb5_data , krb5_principal_data *);
58
59		extern krb5_error_code (*k5int_encode_krb5_pa_pk_as_rep_draft9)
60		(const krb5_pa_pk_as_rep_draft9 , krb5_data *code);
61	55
62	56	extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
63	57	(krb5_algorithm_identifier const , krb5_data **code);

+66

-169

src/plugins/preauth/pkinit/pkinit_clnt.c less more

147	147	goto cleanup;
148	148	}
149	149
150		/*
151		* The most we'll return is two pa_data, normally just one.
152		* We need to make room for the NULL terminator.
153		*/
154		return_pa_data = k5calloc(3, sizeof(*return_pa_data), &retval);
	150	return_pa_data = k5calloc(2, sizeof(*return_pa_data), &retval);
155	151	if (return_pa_data == NULL)
156	152	goto cleanup;
157	153

161	157
162	158	return_pa_data[0]->magic = KV5M_PA_DATA;
163	159
164		if (pa_type == KRB5_PADATA_PK_AS_REQ_OLD)
165		return_pa_data[0]->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
166		else
167		return_pa_data[0]->pa_type = pa_type;
	160	return_pa_data[0]->pa_type = pa_type;
168	161	return_pa_data[0]->length = out_data->length;
169	162	return_pa_data[0]->contents = (krb5_octet *) out_data->data;
170	163	*out_data = empty_data();
171
172		if (return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD) {
173		return_pa_data[1] = k5alloc(sizeof(*return_pa_data[1]), &retval);
174		if (return_pa_data[1] == NULL)
175		goto cleanup;
176		return_pa_data[1]->pa_type = KRB5_PADATA_AS_CHECKSUM;
177		}
178	164
179	165	*out_padata = return_pa_data;
180	166	return_pa_data = NULL;

205	191	krb5_data *coded_auth_pack = NULL;
206	192	krb5_auth_pack auth_pack;
207	193	krb5_pa_pk_as_req *req = NULL;
208		krb5_auth_pack_draft9 auth_pack9;
209		krb5_pa_pk_as_req_draft9 *req9 = NULL;
210	194	krb5_algorithm_identifier **cmstypes = NULL;
211	195	int protocol = reqctx->opts->dh_or_rsa;
212	196	unsigned char dh_params = NULL, dh_pubkey = NULL;

215	199	pkiDebug("pkinit_as_req_create pa_type = %d\n", reqctx->pa_type);
216	200
217	201	/* Create the authpack */
218		switch((int)reqctx->pa_type) {
219		case KRB5_PADATA_PK_AS_REQ_OLD:
220		protocol = RSA_PROTOCOL;
221		memset(&auth_pack9, 0, sizeof(auth_pack9));
222		auth_pack9.pkAuthenticator.ctime = ctsec;
223		auth_pack9.pkAuthenticator.cusec = cusec;
224		auth_pack9.pkAuthenticator.nonce = nonce;
225		auth_pack9.pkAuthenticator.kdcName = server;
226		break;
227		case KRB5_PADATA_PK_AS_REQ:
228		memset(&info, 0, sizeof(info));
229		memset(&auth_pack, 0, sizeof(auth_pack));
230		auth_pack.pkAuthenticator.ctime = ctsec;
231		auth_pack.pkAuthenticator.cusec = cusec;
232		auth_pack.pkAuthenticator.nonce = nonce;
233		auth_pack.pkAuthenticator.paChecksum = *cksum;
234		if (!reqctx->opts->disable_freshness)
235		auth_pack.pkAuthenticator.freshnessToken = reqctx->freshness_token;
236		auth_pack.clientDHNonce.length = 0;
237		auth_pack.clientPublicValue = &info;
238		auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids;
239
240		/* add List of CMS algorithms */
241		retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
242		reqctx->cryptoctx,
243		reqctx->idctx, &cmstypes);
244		auth_pack.supportedCMSTypes = cmstypes;
245		if (retval)
246		goto cleanup;
247		break;
248		default:
249		pkiDebug("as_req: unrecognized pa_type = %d\n",
250		(int)reqctx->pa_type);
251		retval = -1;
252		goto cleanup;
253		}
	202	memset(&info, 0, sizeof(info));
	203	memset(&auth_pack, 0, sizeof(auth_pack));
	204	auth_pack.pkAuthenticator.ctime = ctsec;
	205	auth_pack.pkAuthenticator.cusec = cusec;
	206	auth_pack.pkAuthenticator.nonce = nonce;
	207	auth_pack.pkAuthenticator.paChecksum = *cksum;
	208	if (!reqctx->opts->disable_freshness)
	209	auth_pack.pkAuthenticator.freshnessToken = reqctx->freshness_token;
	210	auth_pack.clientDHNonce.length = 0;
	211	auth_pack.clientPublicValue = &info;
	212	auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids;
	213
	214	/* add List of CMS algorithms */
	215	retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
	216	reqctx->cryptoctx,
	217	reqctx->idctx, &cmstypes);
	218	auth_pack.supportedCMSTypes = cmstypes;
	219	if (retval)
	220	goto cleanup;
254	221
255	222	switch(protocol) {
256	223	case DH_PROTOCOL:

273	240	case RSA_PROTOCOL:
274	241	TRACE_PKINIT_CLIENT_REQ_RSA(context);
275	242	pkiDebug("as_req: RSA key transport algorithm\n");
276		switch((int)reqctx->pa_type) {
277		case KRB5_PADATA_PK_AS_REQ_OLD:
278		auth_pack9.clientPublicValue = NULL;
279		break;
280		case KRB5_PADATA_PK_AS_REQ:
281		auth_pack.clientPublicValue = NULL;
282		break;
283		}
	243	auth_pack.clientPublicValue = NULL;
284	244	break;
285	245	default:
286	246	pkiDebug("as_req: unknown key transport protocol %d\n",

289	249	goto cleanup;
290	250	}
291	251
292		/* Encode the authpack */
293		switch((int)reqctx->pa_type) {
294		case KRB5_PADATA_PK_AS_REQ:
295		retval = k5int_encode_krb5_auth_pack(&auth_pack, &coded_auth_pack);
296		break;
297		case KRB5_PADATA_PK_AS_REQ_OLD:
298		retval = k5int_encode_krb5_auth_pack_draft9(&auth_pack9,
299		&coded_auth_pack);
300		break;
301		}
	252	retval = k5int_encode_krb5_auth_pack(&auth_pack, &coded_auth_pack);
302	253	if (retval) {
303	254	pkiDebug("failed to encode the AuthPack %d\n", retval);
304	255	goto cleanup;

310	261	#endif
311	262
312	263	/* create PKCS7 object from authpack */
313		switch((int)reqctx->pa_type) {
314		case KRB5_PADATA_PK_AS_REQ:
315		init_krb5_pa_pk_as_req(&req);
316		if (req == NULL) {
317		retval = ENOMEM;
318		goto cleanup;
319		}
320		if (use_content_info(context, reqctx, client)) {
321		retval = cms_contentinfo_create(context, plgctx->cryptoctx,
322		reqctx->cryptoctx, reqctx->idctx,
323		CMS_SIGN_CLIENT,
324		(unsigned char *)
325		coded_auth_pack->data,
326		coded_auth_pack->length,
327		(unsigned char **)
328		&req->signedAuthPack.data,
329		&req->signedAuthPack.length);
330		} else {
331		retval = cms_signeddata_create(context, plgctx->cryptoctx,
332		reqctx->cryptoctx, reqctx->idctx,
333		CMS_SIGN_CLIENT, 1,
334		(unsigned char *)
335		coded_auth_pack->data,
336		coded_auth_pack->length,
337		(unsigned char **)
338		&req->signedAuthPack.data,
339		&req->signedAuthPack.length);
340		}
341		#ifdef DEBUG_ASN1
342		print_buffer_bin((unsigned char *)req->signedAuthPack.data,
343		req->signedAuthPack.length,
344		"/tmp/client_signed_data");
345		#endif
346		break;
347		case KRB5_PADATA_PK_AS_REQ_OLD:
348		init_krb5_pa_pk_as_req_draft9(&req9);
349		if (req9 == NULL) {
350		retval = ENOMEM;
351		goto cleanup;
352		}
	264	init_krb5_pa_pk_as_req(&req);
	265	if (req == NULL) {
	266	retval = ENOMEM;
	267	goto cleanup;
	268	}
	269	if (use_content_info(context, reqctx, client)) {
	270	retval = cms_contentinfo_create(context, plgctx->cryptoctx,
	271	reqctx->cryptoctx, reqctx->idctx,
	272	CMS_SIGN_CLIENT,
	273	(unsigned char *)
	274	coded_auth_pack->data,
	275	coded_auth_pack->length,
	276	(unsigned char **)
	277	&req->signedAuthPack.data,
	278	&req->signedAuthPack.length);
	279	} else {
353	280	retval = cms_signeddata_create(context, plgctx->cryptoctx,
354		reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_DRAFT9, 1,
355		(unsigned char *)coded_auth_pack->data,
	281	reqctx->cryptoctx, reqctx->idctx,
	282	CMS_SIGN_CLIENT, 1,
	283	(unsigned char *)
	284	coded_auth_pack->data,
356	285	coded_auth_pack->length,
357	286	(unsigned char **)
358		&req9->signedAuthPack.data,
359		&req9->signedAuthPack.length);
360		break;
	287	&req->signedAuthPack.data,
	288	&req->signedAuthPack.length);
	289	}
	290
361	291	#ifdef DEBUG_ASN1
362		print_buffer_bin((unsigned char *)req9->signedAuthPack.data,
363		req9->signedAuthPack.length,
364		"/tmp/client_signed_data_draft9");
	292	print_buffer_bin((unsigned char *)req->signedAuthPack.data,
	293	req->signedAuthPack.length,
	294	"/tmp/client_signed_data");
365	295	#endif
366		}
	296
367	297	krb5_free_data(context, coded_auth_pack);
368	298	if (retval) {
369	299	pkiDebug("failed to create pkcs7 signed data\n");

371	301	}
372	302
373	303	/* create a list of trusted CAs */
374		switch((int)reqctx->pa_type) {
375		case KRB5_PADATA_PK_AS_REQ:
376		retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
377		reqctx->cryptoctx, reqctx->idctx, &req->trustedCertifiers);
378		if (retval)
379		goto cleanup;
380		retval = create_issuerAndSerial(context, plgctx->cryptoctx,
381		reqctx->cryptoctx, reqctx->idctx,
382		(unsigned char **)&req->kdcPkId.data,
383		&req->kdcPkId.length);
384		if (retval)
385		goto cleanup;
386
387		/* Encode the as-req */
388		retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
389		break;
390		case KRB5_PADATA_PK_AS_REQ_OLD:
391		retval = create_issuerAndSerial(context, plgctx->cryptoctx,
392		reqctx->cryptoctx, reqctx->idctx,
393		(unsigned char **)&req9->kdcCert.data,
394		&req9->kdcCert.length);
395		if (retval)
396		goto cleanup;
397		/* Encode the as-req */
398		retval = k5int_encode_krb5_pa_pk_as_req_draft9(req9, as_req);
399		break;
400		}
	304	retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
	305	reqctx->cryptoctx, reqctx->idctx,
	306	&req->trustedCertifiers);
	307	if (retval)
	308	goto cleanup;
	309	retval = create_issuerAndSerial(context, plgctx->cryptoctx,
	310	reqctx->cryptoctx, reqctx->idctx,
	311	(unsigned char **)&req->kdcPkId.data,
	312	&req->kdcPkId.length);
	313	if (retval)
	314	goto cleanup;
	315
	316	/* Encode the as-req */
	317	retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
	318
401	319	#ifdef DEBUG_ASN1
402	320	if (!retval)
403	321	print_buffer_bin((unsigned char )(as_req)->data, (*as_req)->length,

409	327	free(dh_params);
410	328	free(dh_pubkey);
411	329	free_krb5_pa_pk_as_req(&req);
412		free_krb5_pa_pk_as_req_draft9(&req9);
413	330
414	331	pkiDebug("pkinit_as_req_create retval=%d\n", (int) retval);
415	332

1164	1081	d = make_data(in_padata->contents, in_padata->length);
1165	1082	return krb5_copy_data(context, &d, &reqctx->freshness_token);
1166	1083	case KRB5_PADATA_PK_AS_REQ:
1167		reqctx->rfc4556_kdc = 1;
1168	1084	pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
1169	1085	processing_request = 1;
1170	1086	break;
1171	1087
1172	1088	case KRB5_PADATA_PK_AS_REP:
1173		reqctx->rfc4556_kdc = 1;
1174	1089	pkiDebug("processing KRB5_PADATA_PK_AS_REP\n");
1175		break;
1176		case KRB5_PADATA_PK_AS_REP_OLD:
1177		case KRB5_PADATA_PK_AS_REQ_OLD:
1178		/* Don't fall back to draft9 code if the KDC supports RFC 4556. */
1179		if (reqctx->rfc4556_kdc) {
1180		TRACE_PKINIT_CLIENT_NO_DRAFT9(context);
1181		return KRB5KDC_ERR_PREAUTH_FAILED;
1182		}
1183		if (in_padata->length == 0) {
1184		pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
1185		in_padata->pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
1186		processing_request = 1;
1187		} else {
1188		pkiDebug("processing KRB5_PADATA_PK_AS_REP_OLD\n");
1189		in_padata->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
1190		}
1191	1090	break;
1192	1091	default:
1193	1092	pkiDebug("unrecognized patype = %d for PKINIT\n",

1362	1261	static krb5_preauthtype supported_client_pa_types[] = {
1363	1262	KRB5_PADATA_PK_AS_REP,
1364	1263	KRB5_PADATA_PK_AS_REQ,
1365		KRB5_PADATA_PK_AS_REP_OLD,
1366		KRB5_PADATA_PK_AS_REQ_OLD,
1367	1264	KRB5_PADATA_PKINIT_KX,
1368	1265	KRB5_PADATA_AS_FRESHNESS,
1369	1266	0

+0

-1

src/plugins/preauth/pkinit/pkinit_crypto.h less more

45	45	*/
46	46	enum cms_msg_types {
47	47	CMS_SIGN_CLIENT,
48		CMS_SIGN_DRAFT9,
49	48	CMS_SIGN_SERVER,
50	49	CMS_ENVEL_SERVER
51	50	};

+135

-331

src/plugins/preauth/pkinit/pkinit_crypto_openssl.c less more

80	80	static int openssl_callback_ignore_crls (int, X509_STORE_CTX *);
81	81
82	82	static int pkcs7_decrypt
83		(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
84		PKCS7 p7, BIO bio);
85
86		static BIO * pkcs7_dataDecode
87		(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
88		PKCS7 *p7);
	83	(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7,
	84	unsigned char *data_out, unsigned int len_out);
89	85
90	86	static ASN1_OBJECT * pkinit_pkcs7type2oid
91	87	(pkinit_plg_crypto_context plg_cryptoctx, int pkcs7_type);

1053	1049	if (p7->type == NULL)
1054	1050	goto oom;
1055	1051
1056		if (OBJ_obj2nid(oid) == NID_pkcs7_data) {
1057		/* Draft 9 uses id-pkcs7-data for signed data. For this type OpenSSL
1058		* expects an octet string in d.data. */
1059		p7->d.data = ostr;
1060		} else {
1061		p7->d.other = ASN1_TYPE_new();
1062		if (p7->d.other == NULL)
1063		goto oom;
1064		p7->d.other->type = V_ASN1_OCTET_STRING;
1065		p7->d.other->value.octet_string = ostr;
1066		}
	1052	p7->d.other = ASN1_TYPE_new();
	1053	if (p7->d.other == NULL)
	1054	goto oom;
	1055	p7->d.other->type = V_ASN1_OCTET_STRING;
	1056	p7->d.other->value.octet_string = ostr;
1067	1057
1068	1058	*p7_out = p7;
1069	1059	return 0;

1252	1242	goto cleanup;
1253	1243	p7si->digest_enc_alg->parameter->type = V_ASN1_NULL;
1254	1244
1255		if (cms_msg_type == CMS_SIGN_DRAFT9){
1256		/* don't include signed attributes for pa-type 15 request */
1257		abuf = data;
1258		alen = data_len;
1259		} else {
1260		/* add signed attributes */
1261		/* compute sha1 digest over the EncapsulatedContentInfo */
1262		ctx = EVP_MD_CTX_new();
1263		if (ctx == NULL)
1264		goto cleanup;
1265		EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
1266		EVP_DigestUpdate(ctx, data, data_len);
1267		md_tmp = EVP_MD_CTX_md(ctx);
1268		EVP_DigestFinal_ex(ctx, md_data, &md_len);
1269		EVP_MD_CTX_free(ctx);
1270
1271		/* create a message digest attr */
1272		digest_attr = ASN1_OCTET_STRING_new();
1273		ASN1_OCTET_STRING_set(digest_attr, md_data, (int)md_len);
1274		PKCS7_add_signed_attribute(p7si, NID_pkcs9_messageDigest,
1275		V_ASN1_OCTET_STRING, (char *) digest_attr);
1276
1277		/* create a content-type attr */
1278		oid_copy = OBJ_dup(oid);
1279		if (oid_copy == NULL)
1280		goto cleanup2;
1281		PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
1282		V_ASN1_OBJECT, oid_copy);
1283
1284		/* create the signature over signed attributes. get DER encoded value */
1285		/* This is the place where smartcard signature needs to be calculated */
1286		sk = p7si->auth_attr;
1287		alen = ASN1_item_i2d((ASN1_VALUE *) sk, &abuf,
1288		ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
1289		if (abuf == NULL)
1290		goto cleanup2;
1291		} /* signed attributes */
	1245	/* add signed attributes */
	1246	/* compute sha1 digest over the EncapsulatedContentInfo */
	1247	ctx = EVP_MD_CTX_new();
	1248	if (ctx == NULL)
	1249	goto cleanup;
	1250	EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
	1251	EVP_DigestUpdate(ctx, data, data_len);
	1252	md_tmp = EVP_MD_CTX_md(ctx);
	1253	EVP_DigestFinal_ex(ctx, md_data, &md_len);
	1254	EVP_MD_CTX_free(ctx);
	1255
	1256	/* create a message digest attr */
	1257	digest_attr = ASN1_OCTET_STRING_new();
	1258	ASN1_OCTET_STRING_set(digest_attr, md_data, (int)md_len);
	1259	PKCS7_add_signed_attribute(p7si, NID_pkcs9_messageDigest,
	1260	V_ASN1_OCTET_STRING, (char *)digest_attr);
	1261
	1262	/* create a content-type attr */
	1263	oid_copy = OBJ_dup(oid);
	1264	if (oid_copy == NULL)
	1265	goto cleanup2;
	1266	PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
	1267	V_ASN1_OBJECT, oid_copy);
	1268
	1269	/* create the signature over signed attributes. get DER encoded value */
	1270	/* This is the place where smartcard signature needs to be calculated */
	1271	sk = p7si->auth_attr;
	1272	alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
	1273	ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
	1274	if (abuf == NULL)
	1275	goto cleanup2;
1292	1276
1293	1277	#ifndef WITHOUT_PKCS11
1294	1278	/* Some tokens can only do RSAEncryption without sha1 hash */

1304	1288	ctx = EVP_MD_CTX_new();
1305	1289	if (ctx == NULL)
1306	1290	goto cleanup;
1307		/* if this is not draft9 request, include digest signed attribute */
1308		if (cms_msg_type != CMS_SIGN_DRAFT9)
1309		EVP_DigestInit_ex(ctx, md_tmp, NULL);
1310		else
1311		EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
	1291	EVP_DigestInit_ex(ctx, md_tmp, NULL);
1312	1292	EVP_DigestUpdate(ctx, abuf, alen);
1313	1293	EVP_DigestFinal_ex(ctx, md_data2, &md_len2);
1314	1294	EVP_MD_CTX_free(ctx);

1352	1332	#ifdef DEBUG_SIG
1353	1333	print_buffer(sig, sig_len);
1354	1334	#endif
1355		if (cms_msg_type != CMS_SIGN_DRAFT9 )
1356		free(abuf);
	1335	free(abuf);
1357	1336	if (retval)
1358	1337	goto cleanup2;
1359	1338

1396	1375	print_buffer_bin(signed_data, signed_data_len,
1397	1376	"/tmp/client_pkcs7_signeddata");
1398	1377	} else {
1399		if (cms_msg_type == CMS_SIGN_SERVER) {
1400		print_buffer_bin(signed_data, signed_data_len,
1401		"/tmp/kdc_pkcs7_signeddata");
1402		} else {
1403		print_buffer_bin(signed_data, signed_data_len,
1404		"/tmp/draft9_pkcs7_signeddata");
1405		}
	1378	print_buffer_bin(signed_data, signed_data_len,
	1379	"/tmp/kdc_pkcs7_signeddata");
1406	1380	}
1407	1381	#endif
1408	1382
1409	1383	cleanup2:
1410	1384	if (p7si) {
1411		if (cms_msg_type != CMS_SIGN_DRAFT9)
1412	1385	#ifndef WITHOUT_PKCS11
1413	1386	if (id_cryptoctx->pkcs11_method == 1 &&
1414	1387	id_cryptoctx->mech == CKM_RSA_PKCS) {

1695	1668	#endif
1696	1669	} else {
1697	1670	/* retrieve verified certificate chain */
1698		if (cms_msg_type == CMS_SIGN_CLIENT \|\| cms_msg_type == CMS_SIGN_DRAFT9)
	1671	if (cms_msg_type == CMS_SIGN_CLIENT)
1699	1672	verified_chain = X509_STORE_CTX_get1_chain(cert_ctx);
1700	1673	}
1701	1674	X509_STORE_CTX_free(cert_ctx);
1702	1675	if (i <= 0)
1703	1676	goto cleanup;
1704	1677	out = BIO_new(BIO_s_mem());
1705		if (cms_msg_type == CMS_SIGN_DRAFT9)
1706		flags \|= CMS_NOATTR;
1707	1678	if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) {
1708	1679	unsigned long err = ERR_peek_error();
1709	1680	switch(ERR_GET_REASON(err)) {

1720	1691	} /* message was signed */
1721	1692	if (!OBJ_cmp(etype, oid))
1722	1693	valid_oid = 1;
1723		else if (cms_msg_type == CMS_SIGN_DRAFT9) {
1724		/*
1725		* Various implementations of the pa-type 15 request use
1726		* different OIDS. We check that the returned object
1727		* has any of the acceptable OIDs
1728		*/
1729		ASN1_OBJECT client_oid = NULL, server_oid = NULL, *rsa_oid = NULL;
1730		client_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_CLIENT);
1731		server_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_SERVER);
1732		rsa_oid = pkinit_pkcs7type2oid(plgctx, CMS_ENVEL_SERVER);
1733		if (!OBJ_cmp(etype, client_oid) \|\|
1734		!OBJ_cmp(etype, server_oid) \|\|
1735		!OBJ_cmp(etype, rsa_oid))
1736		valid_oid = 1;
1737		}
1738	1694
1739	1695	if (valid_oid)
1740	1696	pkiDebug("CMS Verification successful\n");

1764	1720	reqctx->received_cert = X509_dup(x);
1765	1721
1766	1722	/* generate authorization data */
1767		if (cms_msg_type == CMS_SIGN_CLIENT \|\| cms_msg_type == CMS_SIGN_DRAFT9) {
	1723	if (cms_msg_type == CMS_SIGN_CLIENT) {
1768	1724
1769	1725	if (authz_data == NULL \|\| authz_data_len == NULL)
1770	1726	goto out;

1844	1800	int signed_data_len = 0, enc_data_len = 0, flags = PKCS7_BINARY;
1845	1801	STACK_OF(X509) *encerts = NULL;
1846	1802	const EVP_CIPHER *cipher = NULL;
1847		int cms_msg_type;
1848
1849		/* create the PKCS7 SignedData portion of the PKCS7 EnvelopedData */
1850		switch ((int)pa_type) {
1851		case KRB5_PADATA_PK_AS_REQ_OLD:
1852		case KRB5_PADATA_PK_AS_REP_OLD:
1853		cms_msg_type = CMS_SIGN_DRAFT9;
1854		break;
1855		case KRB5_PADATA_PK_AS_REQ:
1856		cms_msg_type = CMS_ENVEL_SERVER;
1857		break;
1858		default:
1859		goto cleanup;
1860		}
1861	1803
1862	1804	retval = cms_signeddata_create(context, plgctx, reqctx, idctx,
1863		cms_msg_type, include_certchain, key_pack, key_pack_len,
1864		&signed_data, (unsigned int *)&signed_data_len);
	1805	CMS_ENVEL_SERVER, include_certchain,
	1806	key_pack, key_pack_len, &signed_data,
	1807	(unsigned int *)&signed_data_len);
1865	1808	if (retval) {
1866	1809	pkiDebug("failed to create pkcs7 signed data\n");
1867	1810	goto cleanup;

1877	1820
1878	1821	cipher = EVP_des_ede3_cbc();
1879	1822	in = BIO_new(BIO_s_mem());
1880		switch (pa_type) {
1881		case KRB5_PADATA_PK_AS_REQ:
1882		prepare_enc_data(signed_data, signed_data_len, &enc_data,
1883		&enc_data_len);
1884		retval = BIO_write(in, enc_data, enc_data_len);
1885		if (retval != enc_data_len) {
1886		pkiDebug("BIO_write only wrote %d\n", retval);
1887		goto cleanup;
1888		}
1889		break;
1890		case KRB5_PADATA_PK_AS_REP_OLD:
1891		case KRB5_PADATA_PK_AS_REQ_OLD:
1892		retval = BIO_write(in, signed_data, signed_data_len);
1893		if (retval != signed_data_len) {
1894		pkiDebug("BIO_write only wrote %d\n", retval);
1895		goto cleanup;
1896		}
1897		break;
1898		default:
1899		retval = -1;
	1823	prepare_enc_data(signed_data, signed_data_len, &enc_data,
	1824	&enc_data_len);
	1825	retval = BIO_write(in, enc_data, enc_data_len);
	1826	if (retval != enc_data_len) {
	1827	pkiDebug("BIO_write only wrote %d\n", retval);
1900	1828	goto cleanup;
1901	1829	}
1902	1830

1905	1833	retval = oerr(context, 0, _("Failed to encrypt PKCS7 object"));
1906	1834	goto cleanup;
1907	1835	}
1908		switch (pa_type) {
1909		case KRB5_PADATA_PK_AS_REQ:
1910		p7->d.enveloped->enc_data->content_type =
1911		OBJ_nid2obj(NID_pkcs7_signed);
1912		break;
1913		case KRB5_PADATA_PK_AS_REP_OLD:
1914		case KRB5_PADATA_PK_AS_REQ_OLD:
1915		p7->d.enveloped->enc_data->content_type =
1916		OBJ_nid2obj(NID_pkcs7_data);
1917		break;
1918		break;
1919		break;
1920		break;
1921		}
	1836	p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_signed);
1922	1837
1923	1838	*out_len = i2d_PKCS7(p7, NULL);
1924	1839	if (!out_len \|\| (p = out = malloc(*out_len)) == NULL) {

1963	1878	{
1964	1879	krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
1965	1880	PKCS7 *p7 = NULL;
1966		BIO *out = NULL;
1967		int i = 0;
1968		unsigned int size = 0;
1969	1881	const unsigned char *p = enveloped_data;
1970	1882	unsigned int tmp_buf_len = 0, tmp_buf2_len = 0, vfy_buf_len = 0;
1971	1883	unsigned char tmp_buf = NULL, tmp_buf2 = NULL, *vfy_buf = NULL;
1972		int msg_type = 0;
1973	1884
1974	1885	#ifdef DEBUG_ASN1
1975	1886	print_buffer_bin(enveloped_data, enveloped_data_len,

1990	1901	}
1991	1902
1992	1903	/* decrypt received PKCS7 message */
1993		out = BIO_new(BIO_s_mem());
1994		if (pkcs7_decrypt(context, id_cryptoctx, p7, out)) {
	1904	if (pkcs7_decrypt(context, id_cryptoctx, p7, &tmp_buf, &tmp_buf_len)) {
1995	1905	pkiDebug("PKCS7 decryption successful\n");
1996	1906	} else {
1997	1907	retval = oerr(context, 0, _("Failed to decrypt PKCS7 message"));
1998	1908	goto cleanup;
1999	1909	}
2000
2001		/* transfer the decoded PKCS7 SignedData message into a separate buffer */
2002		for (;;) {
2003		if ((tmp_buf = realloc(tmp_buf, size + 1024 * 10)) == NULL)
2004		goto cleanup;
2005		i = BIO_read(out, &(tmp_buf[size]), 1024 * 10);
2006		if (i <= 0)
2007		break;
2008		else
2009		size += i;
2010		}
2011		tmp_buf_len = size;
2012	1910
2013	1911	#ifdef DEBUG_ASN1
2014	1912	print_buffer_bin(tmp_buf, tmp_buf_len, "/tmp/client_enc_keypack");
2015	1913	#endif
2016	1914	/* verify PKCS7 SignedData message */
2017		switch (pa_type) {
2018		case KRB5_PADATA_PK_AS_REP:
2019		msg_type = CMS_ENVEL_SERVER;
2020
2021		break;
2022		case KRB5_PADATA_PK_AS_REP_OLD:
2023		msg_type = CMS_SIGN_DRAFT9;
2024		break;
2025		default:
2026		pkiDebug("%s: unrecognized pa_type = %d\n", __FUNCTION__, pa_type);
2027		retval = KRB5KDC_ERR_PREAUTH_FAILED;
2028		goto cleanup;
2029		}
2030		/*
2031		* If this is the RFC style, wrap the signed data to make
2032		* decoding easier in the verify routine.
2033		* For draft9-compatible, we don't do anything because it
2034		* is already wrapped.
2035		*/
2036		if (msg_type == CMS_ENVEL_SERVER) {
2037		retval = wrap_signeddata(tmp_buf, tmp_buf_len,
2038		&tmp_buf2, &tmp_buf2_len);
2039		if (retval) {
2040		pkiDebug("failed to encode signeddata\n");
2041		goto cleanup;
2042		}
2043		vfy_buf = tmp_buf2;
2044		vfy_buf_len = tmp_buf2_len;
2045
2046		} else {
2047		vfy_buf = tmp_buf;
2048		vfy_buf_len = tmp_buf_len;
2049		}
	1915	/* Wrap the signed data to make decoding easier in the verify routine. */
	1916	retval = wrap_signeddata(tmp_buf, tmp_buf_len, &tmp_buf2, &tmp_buf2_len);
	1917	if (retval) {
	1918	pkiDebug("failed to encode signeddata\n");
	1919	goto cleanup;
	1920	}
	1921	vfy_buf = tmp_buf2;
	1922	vfy_buf_len = tmp_buf2_len;
2050	1923
2051	1924	#ifdef DEBUG_ASN1
2052	1925	print_buffer_bin(vfy_buf, vfy_buf_len, "/tmp/client_enc_keypack2");
2053	1926	#endif
2054	1927
2055	1928	retval = cms_signeddata_verify(context, plg_cryptoctx, req_cryptoctx,
2056		id_cryptoctx, msg_type,
	1929	id_cryptoctx, CMS_ENVEL_SERVER,
2057	1930	require_crl_checking,
2058	1931	vfy_buf, vfy_buf_len,
2059	1932	data, data_len, NULL, NULL, NULL);

2071	1944
2072	1945	if (p7 != NULL)
2073	1946	PKCS7_free(p7);
2074		if (out != NULL)
2075		BIO_free(out);
2076	1947	free(tmp_buf);
2077	1948	free(tmp_buf2);
2078	1949

3601	3472	switch (pkcs7_type) {
3602	3473	case CMS_SIGN_CLIENT:
3603	3474	return cryptoctx->id_pkinit_authData;
3604		case CMS_SIGN_DRAFT9:
3605		return OBJ_nid2obj(NID_pkcs7_data);
3606	3475	case CMS_SIGN_SERVER:
3607	3476	return cryptoctx->id_pkinit_DHKeyData;
3608	3477	case CMS_ENVEL_SERVER:

5713	5582	return retval;
5714	5583	}
5715	5584
5716		static int
5717		pkcs7_decrypt(krb5_context context,
5718		pkinit_identity_crypto_context id_cryptoctx,
5719		PKCS7 *p7,
5720		BIO *data)
5721		{
5722		BIO *tmpmem = NULL;
5723		int retval = 0, i = 0;
5724		char buf[4096];
5725
5726		if(p7 == NULL)
5727		return 0;
5728
5729		if(!PKCS7_type_is_enveloped(p7)) {
5730		pkiDebug("wrong pkcs7 content type\n");
5731		return 0;
5732		}
5733
5734		if(!(tmpmem = pkcs7_dataDecode(context, id_cryptoctx, p7))) {
5735		pkiDebug("unable to decrypt pkcs7 object\n");
5736		return 0;
5737		}
5738
5739		for(;;) {
5740		i = BIO_read(tmpmem, buf, sizeof(buf));
5741		if (i <= 0) break;
5742		BIO_write(data, buf, i);
5743		BIO_free_all(tmpmem);
5744		return 1;
5745		}
5746		return retval;
5747		}
5748
5749	5585	krb5_error_code
5750	5586	pkinit_process_td_trusted_certifiers(
5751	5587	krb5_context context,

5826	5662	return retval;
5827	5663	}
5828	5664
5829		static BIO *
5830		pkcs7_dataDecode(krb5_context context,
5831		pkinit_identity_crypto_context id_cryptoctx,
5832		PKCS7 *p7)
5833		{
5834		unsigned int eklen=0, tkeylen=0;
5835		BIO out=NULL,etmp=NULL,*bio=NULL;
5836		unsigned char ek=NULL, tkey=NULL;
5837		ASN1_OCTET_STRING *data_body=NULL;
5838		const EVP_CIPHER *evp_cipher=NULL;
5839		EVP_CIPHER_CTX *evp_ctx=NULL;
5840		X509_ALGOR *enc_alg=NULL;
5841		STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
5842		PKCS7_RECIP_INFO *ri=NULL;
5843
5844		p7->state=PKCS7_S_HEADER;
5845
5846		rsk=p7->d.enveloped->recipientinfo;
5847		enc_alg=p7->d.enveloped->enc_data->algorithm;
5848		data_body=p7->d.enveloped->enc_data->enc_data;
5849		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
5850		if (evp_cipher == NULL) {
5851		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
5852		goto cleanup;
5853		}
5854
5855		if ((etmp=BIO_new(BIO_f_cipher())) == NULL) {
5856		PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
5857		goto cleanup;
5858		}
5859
5860		/* It was encrypted, we need to decrypt the secret key
5861		* with the private key */
	5665	/* Originally based on OpenSSL's PKCS7_dataDecode(), now modified to remove the
	5666	* use of BIO objects and to fit the PKINIT internal interfaces. */
	5667	static int
	5668	pkcs7_decrypt(krb5_context context,
	5669	pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7,
	5670	unsigned char *data_out, unsigned int len_out)
	5671	{
	5672	krb5_error_code ret;
	5673	int ok = 0, plaintext_len = 0, final_len;
	5674	unsigned int keylen = 0, eklen = 0, blocksize;
	5675	unsigned char ek = NULL, tkey = NULL, plaintext = NULL, use_key;
	5676	ASN1_OCTET_STRING *data_body = p7->d.enveloped->enc_data->enc_data;
	5677	const EVP_CIPHER *evp_cipher;
	5678	EVP_CIPHER_CTX *evp_ctx = NULL;
	5679	X509_ALGOR *enc_alg = p7->d.enveloped->enc_data->algorithm;
	5680	STACK_OF(PKCS7_RECIP_INFO) *rsk = p7->d.enveloped->recipientinfo;
	5681	PKCS7_RECIP_INFO *ri = NULL;
	5682
	5683	*data_out = NULL;
	5684	*len_out = 0;
	5685
	5686	p7->state = PKCS7_S_HEADER;
5862	5687
5863	5688	/* RFC 4556 section 3.2.3.2 requires that there be exactly one
5864	5689	* recipientInfo. */
5865	5690	if (sk_PKCS7_RECIP_INFO_num(rsk) != 1) {
5866	5691	pkiDebug("invalid number of EnvelopedData RecipientInfos\n");
5867		goto cleanup;
5868		}
5869
	5692	return 0;
	5693	}
5870	5694	ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
5871		(void)pkinit_decode_data(context, id_cryptoctx,
	5695
	5696	evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
	5697	if (evp_cipher == NULL)
	5698	goto cleanup;
	5699	keylen = EVP_CIPHER_key_length(evp_cipher);
	5700	blocksize = EVP_CIPHER_block_size(evp_cipher);
	5701
	5702	evp_ctx = EVP_CIPHER_CTX_new();
	5703	if (evp_ctx == NULL)
	5704	goto cleanup;
	5705	if (!EVP_DecryptInit(evp_ctx, evp_cipher, NULL, NULL) \|\|
	5706	EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
	5707	goto cleanup;
	5708
	5709	/* Generate a random symmetric key to avoid exposing timing data if RSA
	5710	* decryption fails the padding check. */
	5711	tkey = malloc(keylen);
	5712	if (tkey == NULL \|\| !EVP_CIPHER_CTX_rand_key(evp_ctx, tkey))
	5713	goto cleanup;
	5714
	5715	/* Decrypt the secret key with the private key. */
	5716	ret = pkinit_decode_data(context, id_cryptoctx,
5872	5717	ASN1_STRING_get0_data(ri->enc_key),
5873	5718	ASN1_STRING_length(ri->enc_key), &ek, &eklen);
5874
5875		evp_ctx=NULL;
5876		BIO_get_cipher_ctx(etmp,&evp_ctx);
5877		if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
5878		goto cleanup;
5879		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
5880		goto cleanup;
5881
5882		/* Generate a random symmetric key to avoid exposing timing data if RSA
5883		* decryption fails the padding check. */
5884		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
5885		tkey = OPENSSL_malloc(tkeylen);
5886		if (tkey == NULL)
5887		goto cleanup;
5888		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
5889		goto cleanup;
5890		if (ek == NULL) {
5891		ek = tkey;
5892		eklen = tkeylen;
5893		tkey = NULL;
5894		}
5895
5896		if (eklen != (unsigned)EVP_CIPHER_CTX_key_length(evp_ctx)) {
5897		/* Some S/MIME clients don't use the same key
5898		* and effective key length. The key length is
5899		* determined by the size of the decrypted RSA key.
5900		*/
5901		if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, (int)eklen)) {
5902		ek = tkey;
5903		eklen = tkeylen;
5904		tkey = NULL;
5905		}
5906		}
5907		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
5908		goto cleanup;
5909
5910		if (out == NULL)
5911		out=etmp;
5912		else
5913		BIO_push(out,etmp);
5914		etmp=NULL;
5915
5916		if (data_body->length > 0)
5917		bio = BIO_new_mem_buf(data_body->data, data_body->length);
5918		else {
5919		bio=BIO_new(BIO_s_mem());
5920		BIO_set_mem_eof_return(bio,0);
5921		}
5922		BIO_push(out,bio);
5923		bio=NULL;
5924
5925		if (0) {
5926		cleanup:
5927		if (out != NULL) BIO_free_all(out);
5928		if (etmp != NULL) BIO_free_all(etmp);
5929		if (bio != NULL) BIO_free_all(bio);
5930		out=NULL;
5931		}
5932		if (ek != NULL) {
5933		OPENSSL_cleanse(ek, eklen);
5934		OPENSSL_free(ek);
5935		}
5936		if (tkey != NULL) {
5937		OPENSSL_cleanse(tkey, tkeylen);
5938		OPENSSL_free(tkey);
5939		}
5940		return(out);
	5719	use_key = (ret \|\| eklen != keylen) ? tkey : ek;
	5720
	5721	/* Allocate a plaintext buffer and decrypt data_body into it. */
	5722	plaintext = malloc(data_body->length + blocksize);
	5723	if (plaintext == NULL)
	5724	goto cleanup;
	5725	if (!EVP_DecryptInit(evp_ctx, NULL, use_key, NULL))
	5726	goto cleanup;
	5727	if (!EVP_DecryptUpdate(evp_ctx, plaintext, &plaintext_len,
	5728	data_body->data, data_body->length))
	5729	goto cleanup;
	5730	if (!EVP_DecryptFinal(evp_ctx, plaintext + plaintext_len, &final_len))
	5731	goto cleanup;
	5732	plaintext_len += final_len;
	5733
	5734	*len_out = plaintext_len;
	5735	*data_out = plaintext;
	5736	plaintext = NULL;
	5737	ok = 1;
	5738
	5739	cleanup:
	5740	EVP_CIPHER_CTX_free(evp_ctx);
	5741	zapfree(plaintext, plaintext_len);
	5742	zapfree(ek, eklen);
	5743	zapfree(tkey, keylen);
	5744	return ok;
5941	5745	}
5942	5746
5943	5747	#ifdef DEBUG_DH

+3

-8

src/plugins/preauth/pkinit/pkinit_identity.c less more

28	28	* SUCH DAMAGES.
29	29	*/
30	30
31		#include <errno.h>
32		#include <string.h>
33		#include <stdio.h>
34		#include <stdlib.h>
	31	#include "pkinit.h"
35	32	#include <dlfcn.h>
36		#include <unistd.h>
37	33	#include <dirent.h>
38
39		#include "pkinit.h"
40	34
41	35	static void
42	36	free_list(char **list)

429	423	switch (idtype) {
430	424	case IDTYPE_ENVVAR:
431	425	return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
432		idopts, id_cryptoctx, getenv(residual));
	426	idopts, id_cryptoctx,
	427	secure_getenv(residual));
433	428	break;
434	429	case IDTYPE_FILE:
435	430	retval = parse_fs_options(context, idopts, residual);

+0

-65

src/plugins/preauth/pkinit/pkinit_lib.c less more

110	110	}
111	111
112	112	void
113		free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in)
114		{
115		if (*in == NULL) return;
116		free((*in)->signedAuthPack.data);
117		free((*in)->kdcCert.data);
118		free(*in);
119		}
120
121		void
122	113	free_krb5_reply_key_pack(krb5_reply_key_pack **in)
123	114	{
124	115	if (*in == NULL) return;
125	116	free((*in)->replyKey.contents);
126	117	free((*in)->asChecksum.contents);
127		free(*in);
128		}
129
130		void
131		free_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in)
132		{
133		if (*in == NULL) return;
134		free((*in)->replyKey.contents);
135	118	free(*in);
136	119	}
137	120

160	143	}
161	144
162	145	void
163		free_krb5_auth_pack_draft9(krb5_context context,
164		krb5_auth_pack_draft9 **in)
165		{
166		if ((*in) == NULL) return;
167		krb5_free_principal(context, (*in)->pkAuthenticator.kdcName);
168		free(*in);
169		}
170
171		void
172	146	free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
173	147	{
174	148	if (*in == NULL) return;

187	161	}
188	162
189	163	void
190		free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in)
191		{
192		if (*in == NULL) return;
193		free((*in)->u.encKeyPack.data);
194		free(*in);
195		}
196
197		void
198	164	free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in)
199	165	{
200	166	int i = 0;

261	227	}
262	228
263	229	void
264		init_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in)
265		{
266		(*in) = malloc(sizeof(krb5_pa_pk_as_req_draft9));
267		if ((*in) == NULL) return;
268		(*in)->signedAuthPack.data = NULL;
269		(*in)->signedAuthPack.length = 0;
270		(*in)->kdcCert.data = NULL;
271		(*in)->kdcCert.length = 0;
272		}
273
274		void
275	230	init_krb5_reply_key_pack(krb5_reply_key_pack **in)
276	231	{
277	232	(*in) = malloc(sizeof(krb5_reply_key_pack));

280	235	(*in)->replyKey.length = 0;
281	236	(*in)->asChecksum.contents = NULL;
282	237	(*in)->asChecksum.length = 0;
283		}
284
285		void
286		init_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in)
287		{
288		(*in) = malloc(sizeof(krb5_reply_key_pack_draft9));
289		if ((*in) == NULL) return;
290		(*in)->replyKey.contents = NULL;
291		(*in)->replyKey.length = 0;
292	238	}
293	239
294	240	void

306	252	}
307	253
308	254	void
309		init_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in)
310		{
311		(*in) = malloc(sizeof(krb5_pa_pk_as_rep_draft9));
312		if ((*in) == NULL) return;
313		(*in)->u.dhSignedData.length = 0;
314		(*in)->u.dhSignedData.data = NULL;
315		(*in)->u.encKeyPack.length = 0;
316		(*in)->u.encKeyPack.data = NULL;
317		}
318
319		void
320	255	init_krb5_subject_pk_info(krb5_subject_pk_info **in)
321	256	{
322	257	(*in) = malloc(sizeof(krb5_subject_pk_info));

+173

-402

src/plugins/preauth/pkinit/pkinit_srv.c less more

257	257	}
258	258	pkiDebug("%s: no upn san match found\n", __FUNCTION__);
259	259
260		/* We found no match */
261		if (princs != NULL \|\| upns != NULL) {
262		*valid_san = 0;
263		/* XXX ??? If there was one or more name in the cert, but
264		* none matched the client name, then return mismatch? */
265		retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
266		}
267	260	retval = 0;
268
269	261	out:
270	262	if (princs != NULL) {
271	263	for (i = 0; princs[i] != NULL; i++)

428	420	krb5_error_code retval = 0;
429	421	krb5_data authp_data = {0, 0, NULL}, krb5_authz = {0, 0, NULL};
430	422	krb5_pa_pk_as_req *reqp = NULL;
431		krb5_pa_pk_as_req_draft9 *reqp9 = NULL;
432	423	krb5_auth_pack *auth_pack = NULL;
433		krb5_auth_pack_draft9 *auth_pack9 = NULL;
434	424	pkinit_kdc_context plgctx = NULL;
435	425	pkinit_kdc_req_context reqctx = NULL;
436	426	krb5_checksum cksum = {0, 0, 0, NULL};

471	461
472	462	PADATA_TO_KRB5DATA(data, &k5data);
473	463
474		switch ((int)data->pa_type) {
475		case KRB5_PADATA_PK_AS_REQ:
476		TRACE_PKINIT_SERVER_PADATA_VERIFY(context);
477		retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp);
478		if (retval) {
479		pkiDebug("decode_krb5_pa_pk_as_req failed\n");
480		goto cleanup;
481		}
482		#ifdef DEBUG_ASN1
483		print_buffer_bin(reqp->signedAuthPack.data,
484		reqp->signedAuthPack.length,
485		"/tmp/kdc_signed_data");
486		#endif
487		retval = cms_signeddata_verify(context, plgctx->cryptoctx,
488		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_CLIENT,
489		plgctx->opts->require_crl_checking,
490		(unsigned char *)
491		reqp->signedAuthPack.data, reqp->signedAuthPack.length,
492		(unsigned char **)&authp_data.data,
493		&authp_data.length,
494		(unsigned char **)&krb5_authz.data,
495		&krb5_authz.length, &is_signed);
496		break;
497		case KRB5_PADATA_PK_AS_REP_OLD:
498		case KRB5_PADATA_PK_AS_REQ_OLD:
499		TRACE_PKINIT_SERVER_PADATA_VERIFY_OLD(context);
500		retval = k5int_decode_krb5_pa_pk_as_req_draft9(&k5data, &reqp9);
501		if (retval) {
502		pkiDebug("decode_krb5_pa_pk_as_req_draft9 failed\n");
503		goto cleanup;
504		}
505		#ifdef DEBUG_ASN1
506		print_buffer_bin(reqp9->signedAuthPack.data,
507		reqp9->signedAuthPack.length,
508		"/tmp/kdc_signed_data_draft9");
509		#endif
510
511		retval = cms_signeddata_verify(context, plgctx->cryptoctx,
512		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9,
513		plgctx->opts->require_crl_checking,
514		(unsigned char *)
515		reqp9->signedAuthPack.data, reqp9->signedAuthPack.length,
516		(unsigned char **)&authp_data.data,
517		&authp_data.length,
518		(unsigned char **)&krb5_authz.data,
519		&krb5_authz.length, NULL);
520		break;
521		default:
	464	if (data->pa_type != KRB5_PADATA_PK_AS_REQ) {
522	465	pkiDebug("unrecognized pa_type = %d\n", data->pa_type);
523	466	retval = EINVAL;
524	467	goto cleanup;
525	468	}
	469
	470	TRACE_PKINIT_SERVER_PADATA_VERIFY(context);
	471	retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp);
	472	if (retval) {
	473	pkiDebug("decode_krb5_pa_pk_as_req failed\n");
	474	goto cleanup;
	475	}
	476	#ifdef DEBUG_ASN1
	477	print_buffer_bin(reqp->signedAuthPack.data, reqp->signedAuthPack.length,
	478	"/tmp/kdc_signed_data");
	479	#endif
	480	retval = cms_signeddata_verify(context, plgctx->cryptoctx,
	481	reqctx->cryptoctx, plgctx->idctx,
	482	CMS_SIGN_CLIENT,
	483	plgctx->opts->require_crl_checking,
	484	(unsigned char *)reqp->signedAuthPack.data,
	485	reqp->signedAuthPack.length,
	486	(unsigned char **)&authp_data.data,
	487	&authp_data.length,
	488	(unsigned char **)&krb5_authz.data,
	489	&krb5_authz.length, &is_signed);
526	490	if (retval) {
527	491	TRACE_PKINIT_SERVER_PADATA_VERIFY_FAIL(context);
528	492	goto cleanup;

548	512	#endif
549	513
550	514	OCTETDATA_TO_KRB5DATA(&authp_data, &k5data);
551		switch ((int)data->pa_type) {
552		case KRB5_PADATA_PK_AS_REQ:
553		retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack);
	515	retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack);
	516	if (retval) {
	517	pkiDebug("failed to decode krb5_auth_pack\n");
	518	goto cleanup;
	519	}
	520
	521	retval = krb5_check_clockskew(context, auth_pack->pkAuthenticator.ctime);
	522	if (retval)
	523	goto cleanup;
	524
	525	/* check dh parameters */
	526	if (auth_pack->clientPublicValue != NULL) {
	527	retval = server_check_dh(context, plgctx->cryptoctx,
	528	reqctx->cryptoctx, plgctx->idctx,
	529	&auth_pack->clientPublicValue->algorithm.parameters,
	530	plgctx->opts->dh_min_bits);
554	531	if (retval) {
555		pkiDebug("failed to decode krb5_auth_pack\n");
	532	pkiDebug("bad dh parameters\n");
556	533	goto cleanup;
557	534	}
558
559		retval = krb5_check_clockskew(context,
560		auth_pack->pkAuthenticator.ctime);
	535	} else if (!is_signed) {
	536	/Anonymous pkinit requires DH/
	537	retval = KRB5KDC_ERR_PREAUTH_FAILED;
	538	krb5_set_error_message(context, retval,
	539	_("Anonymous pkinit without DH public "
	540	"value not supported."));
	541	goto cleanup;
	542	}
	543	der_req = cb->request_body(context, rock);
	544	retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0,
	545	der_req, &cksum);
	546	if (retval) {
	547	pkiDebug("unable to calculate AS REQ checksum\n");
	548	goto cleanup;
	549	}
	550	if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length \|\|
	551	k5_bcmp(cksum.contents, auth_pack->pkAuthenticator.paChecksum.contents,
	552	cksum.length) != 0) {
	553	pkiDebug("failed to match the checksum\n");
	554	#ifdef DEBUG_CKSUM
	555	pkiDebug("calculating checksum on buf size (%d)\n", req_pkt->length);
	556	print_buffer(req_pkt->data, req_pkt->length);
	557	pkiDebug("received checksum type=%d size=%d ",
	558	auth_pack->pkAuthenticator.paChecksum.checksum_type,
	559	auth_pack->pkAuthenticator.paChecksum.length);
	560	print_buffer(auth_pack->pkAuthenticator.paChecksum.contents,
	561	auth_pack->pkAuthenticator.paChecksum.length);
	562	pkiDebug("expected checksum type=%d size=%d ",
	563	cksum.checksum_type, cksum.length);
	564	print_buffer(cksum.contents, cksum.length);
	565	#endif
	566
	567	retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
	568	goto cleanup;
	569	}
	570
	571	ftoken = auth_pack->pkAuthenticator.freshnessToken;
	572	if (ftoken != NULL) {
	573	retval = cb->check_freshness_token(context, rock, ftoken);
561	574	if (retval)
562	575	goto cleanup;
563
564		/* check dh parameters */
565		if (auth_pack->clientPublicValue != NULL) {
566		retval = server_check_dh(context, plgctx->cryptoctx,
567		reqctx->cryptoctx, plgctx->idctx,
568		&auth_pack->clientPublicValue->algorithm.parameters,
569		plgctx->opts->dh_min_bits);
570
571		if (retval) {
572		pkiDebug("bad dh parameters\n");
573		goto cleanup;
574		}
575		} else if (!is_signed) {
576		/Anonymous pkinit requires DH/
577		retval = KRB5KDC_ERR_PREAUTH_FAILED;
578		krb5_set_error_message(context, retval,
579		_("Anonymous pkinit without DH public "
580		"value not supported."));
	576	valid_freshness_token = TRUE;
	577	}
	578
	579	/* check if kdcPkId present and match KDC's subjectIdentifier */
	580	if (reqp->kdcPkId.data != NULL) {
	581	int valid_kdcPkId = 0;
	582	retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx,
	583	reqctx->cryptoctx, plgctx->idctx,
	584	(unsigned char *)reqp->kdcPkId.data,
	585	reqp->kdcPkId.length, &valid_kdcPkId);
	586	if (retval)
581	587	goto cleanup;
582		}
583		der_req = cb->request_body(context, rock);
584		retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL,
585		0, der_req, &cksum);
586		if (retval) {
587		pkiDebug("unable to calculate AS REQ checksum\n");
588		goto cleanup;
589		}
590		if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length \|\|
591		k5_bcmp(cksum.contents,
592		auth_pack->pkAuthenticator.paChecksum.contents,
593		cksum.length) != 0) {
594		pkiDebug("failed to match the checksum\n");
595		#ifdef DEBUG_CKSUM
596		pkiDebug("calculating checksum on buf size (%d)\n",
597		req_pkt->length);
598		print_buffer(req_pkt->data, req_pkt->length);
599		pkiDebug("received checksum type=%d size=%d ",
600		auth_pack->pkAuthenticator.paChecksum.checksum_type,
601		auth_pack->pkAuthenticator.paChecksum.length);
602		print_buffer(auth_pack->pkAuthenticator.paChecksum.contents,
603		auth_pack->pkAuthenticator.paChecksum.length);
604		pkiDebug("expected checksum type=%d size=%d ",
605		cksum.checksum_type, cksum.length);
606		print_buffer(cksum.contents, cksum.length);
607		#endif
608
609		retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
610		goto cleanup;
611		}
612
613		ftoken = auth_pack->pkAuthenticator.freshnessToken;
614		if (ftoken != NULL) {
615		retval = cb->check_freshness_token(context, rock, ftoken);
616		if (retval)
617		goto cleanup;
618		valid_freshness_token = TRUE;
619		}
620
621		/* check if kdcPkId present and match KDC's subjectIdentifier */
622		if (reqp->kdcPkId.data != NULL) {
623		int valid_kdcPkId = 0;
624		retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx,
625		reqctx->cryptoctx, plgctx->idctx,
626		(unsigned char *)reqp->kdcPkId.data,
627		reqp->kdcPkId.length, &valid_kdcPkId);
628		if (retval)
629		goto cleanup;
630		if (!valid_kdcPkId)
631		pkiDebug("kdcPkId in AS_REQ does not match KDC's cert"
632		"RFC says to ignore and proceed\n");
633
634		}
635		/* remember the decoded auth_pack for verify_padata routine */
636		reqctx->rcv_auth_pack = auth_pack;
637		auth_pack = NULL;
638		break;
639		case KRB5_PADATA_PK_AS_REP_OLD:
640		case KRB5_PADATA_PK_AS_REQ_OLD:
641		retval = k5int_decode_krb5_auth_pack_draft9(&k5data, &auth_pack9);
642		if (retval) {
643		pkiDebug("failed to decode krb5_auth_pack_draft9\n");
644		goto cleanup;
645		}
646		if (auth_pack9->clientPublicValue != NULL) {
647		retval = server_check_dh(context, plgctx->cryptoctx,
648		reqctx->cryptoctx, plgctx->idctx,
649		&auth_pack9->clientPublicValue->algorithm.parameters,
650		plgctx->opts->dh_min_bits);
651
652		if (retval) {
653		pkiDebug("bad dh parameters\n");
654		goto cleanup;
655		}
656		}
657		/* remember the decoded auth_pack for verify_padata routine */
658		reqctx->rcv_auth_pack9 = auth_pack9;
659		auth_pack9 = NULL;
660		break;
661		}
	588	if (!valid_kdcPkId) {
	589	pkiDebug("kdcPkId in AS_REQ does not match KDC's cert; "
	590	"RFC says to ignore and proceed\n");
	591	}
	592	}
	593	/* remember the decoded auth_pack for verify_padata routine */
	594	reqctx->rcv_auth_pack = auth_pack;
	595	auth_pack = NULL;
662	596
663	597	if (is_signed) {
664	598	retval = check_log_freshness(context, plgctx, request,

689	623	pkiDebug("pkinit_create_edata failed\n");
690	624	}
691	625
692		switch ((int)data->pa_type) {
693		case KRB5_PADATA_PK_AS_REQ:
694		free_krb5_pa_pk_as_req(&reqp);
695		free(cksum.contents);
696		break;
697		case KRB5_PADATA_PK_AS_REP_OLD:
698		case KRB5_PADATA_PK_AS_REQ_OLD:
699		free_krb5_pa_pk_as_req_draft9(&reqp9);
700		}
	626	free_krb5_pa_pk_as_req(&reqp);
	627	free(cksum.contents);
701	628	free(authp_data.data);
702	629	free(krb5_authz.data);
703	630	if (reqctx != NULL)
704	631	pkinit_fini_kdc_req_context(context, reqctx);
705	632	free_krb5_auth_pack(&auth_pack);
706		free_krb5_auth_pack_draft9(context, &auth_pack9);
707	633
708	634	(*respond)(arg, retval, modreq, e_data, NULL);
709	635	}

824	750	krb5_error_code retval = 0;
825	751	krb5_data scratch = {0, 0, NULL};
826	752	krb5_pa_pk_as_req *reqp = NULL;
827		krb5_pa_pk_as_req_draft9 *reqp9 = NULL;
828	753	int i = 0;
829	754
830	755	unsigned char *subjectPublicKey = NULL;

835	760	krb5_kdc_dh_key_info dhkey_info;
836	761	krb5_data *encoded_dhkey_info = NULL;
837	762	krb5_pa_pk_as_rep *rep = NULL;
838		krb5_pa_pk_as_rep_draft9 *rep9 = NULL;
839	763	krb5_data *out_data = NULL;
840	764	krb5_data secret;
841	765
842	766	krb5_enctype enctype = -1;
843	767
844	768	krb5_reply_key_pack *key_pack = NULL;
845		krb5_reply_key_pack_draft9 *key_pack9 = NULL;
846	769	krb5_data *encoded_key_pack = NULL;
847	770
848	771	pkinit_kdc_context plgctx;
849	772	pkinit_kdc_req_context reqctx;
850
851		int fixed_keypack = 0;
852	773
853	774	*send_pa = NULL;
854	775	if (padata->pa_type == KRB5_PADATA_PKINIT_KX) {

893	814	goto cleanup;
894	815	}
895	816
896		switch((int)reqctx->pa_type) {
897		case KRB5_PADATA_PK_AS_REQ:
898		init_krb5_pa_pk_as_rep(&rep);
899		if (rep == NULL) {
900		retval = ENOMEM;
901		goto cleanup;
902		}
903		/* let's assume it's RSA. we'll reset it to DH if needed */
904		rep->choice = choice_pa_pk_as_rep_encKeyPack;
905		break;
906		case KRB5_PADATA_PK_AS_REP_OLD:
907		case KRB5_PADATA_PK_AS_REQ_OLD:
908		init_krb5_pa_pk_as_rep_draft9(&rep9);
909		if (rep9 == NULL) {
910		retval = ENOMEM;
911		goto cleanup;
912		}
913		rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
914		break;
915		default:
916		retval = KRB5KDC_ERR_PREAUTH_FAILED;
917		goto cleanup;
918		}
	817	init_krb5_pa_pk_as_rep(&rep);
	818	if (rep == NULL) {
	819	retval = ENOMEM;
	820	goto cleanup;
	821	}
	822	/* let's assume it's RSA. we'll reset it to DH if needed */
	823	rep->choice = choice_pa_pk_as_rep_encKeyPack;
919	824
920	825	if (reqctx->rcv_auth_pack != NULL &&
921	826	reqctx->rcv_auth_pack->clientPublicValue != NULL) {

924	829	subjectPublicKey_len =
925	830	reqctx->rcv_auth_pack->clientPublicValue->subjectPublicKey.length;
926	831	rep->choice = choice_pa_pk_as_rep_dhInfo;
927		} else if (reqctx->rcv_auth_pack9 != NULL &&
928		reqctx->rcv_auth_pack9->clientPublicValue != NULL) {
929		subjectPublicKey = (unsigned char *)
930		reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.data;
931		subjectPublicKey_len =
932		reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.length;
933		rep9->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
934		}
935
936		/* if this DH, then process finish computing DH key */
937		if (rep != NULL && (rep->choice == choice_pa_pk_as_rep_dhInfo \|\|
938		rep->choice == choice_pa_pk_as_rep_draft9_dhSignedData)) {
	832
939	833	pkiDebug("received DH key delivery AS REQ\n");
940	834	retval = server_process_dh(context, plgctx->cryptoctx,
941	835	reqctx->cryptoctx, plgctx->idctx, subjectPublicKey,
942	836	subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len,
943	837	&server_key, &server_key_len);
944	838	if (retval) {
945		pkiDebug("failed to process/create dh paramters\n");
	839	pkiDebug("failed to process/create dh parameters\n");
946	840	goto cleanup;
947	841	}
948		}
949		if ((rep9 != NULL &&
950		rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) \|\|
951		(rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
952	842
953	843	/*
954	844	* This is DH, so don't generate the key until after we

973	863	"/tmp/kdc_dh_key_info");
974	864	#endif
975	865
976		switch ((int)padata->pa_type) {
977		case KRB5_PADATA_PK_AS_REQ:
978		retval = cms_signeddata_create(context, plgctx->cryptoctx,
979		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_SERVER, 1,
980		(unsigned char *)
981		encoded_dhkey_info->data,
982		encoded_dhkey_info->length,
983		(unsigned char **)
984		&rep->u.dh_Info.dhSignedData.data,
985		&rep->u.dh_Info.dhSignedData.length);
986		if (retval) {
987		pkiDebug("failed to create pkcs7 signed data\n");
988		goto cleanup;
989		}
990		break;
991		case KRB5_PADATA_PK_AS_REP_OLD:
992		case KRB5_PADATA_PK_AS_REQ_OLD:
993		retval = cms_signeddata_create(context, plgctx->cryptoctx,
994		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9, 1,
995		(unsigned char *)
996		encoded_dhkey_info->data,
997		encoded_dhkey_info->length,
998		(unsigned char **)
999		&rep9->u.dhSignedData.data,
1000		&rep9->u.dhSignedData.length);
1001		if (retval) {
1002		pkiDebug("failed to create pkcs7 signed data\n");
1003		goto cleanup;
1004		}
1005		break;
	866	retval = cms_signeddata_create(context, plgctx->cryptoctx,
	867	reqctx->cryptoctx, plgctx->idctx,
	868	CMS_SIGN_SERVER, 1,
	869	(unsigned char *)
	870	encoded_dhkey_info->data,
	871	encoded_dhkey_info->length,
	872	(unsigned char **)
	873	&rep->u.dh_Info.dhSignedData.data,
	874	&rep->u.dh_Info.dhSignedData.length);
	875	if (retval) {
	876	pkiDebug("failed to create pkcs7 signed data\n");
	877	goto cleanup;
1006	878	}
1007	879
1008	880	} else {

1014	886	goto cleanup;
1015	887	}
1016	888
1017		/* check if PA_TYPE of KRB5_PADATA_AS_CHECKSUM (132) is present which
1018		* means the client is requesting that a checksum is send back instead
1019		* of the nonce.
1020		*/
1021		for (i = 0; request->padata[i] != NULL; i++) {
1022		pkiDebug("%s: Checking pa_type 0x%08x\n",
1023		__FUNCTION__, request->padata[i]->pa_type);
1024		if (request->padata[i]->pa_type == KRB5_PADATA_AS_CHECKSUM)
1025		fixed_keypack = 1;
1026		}
1027		pkiDebug("%s: return checksum instead of nonce = %d\n",
1028		__FUNCTION__, fixed_keypack);
1029
1030		/* if this is an RFC reply or draft9 client requested a checksum
1031		* in the reply instead of the nonce, create an RFC-style keypack
1032		*/
1033		if ((int)padata->pa_type == KRB5_PADATA_PK_AS_REQ \|\| fixed_keypack) {
1034		init_krb5_reply_key_pack(&key_pack);
1035		if (key_pack == NULL) {
1036		retval = ENOMEM;
1037		goto cleanup;
1038		}
1039
1040		retval = krb5_c_make_checksum(context, 0,
1041		encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
1042		req_pkt, &key_pack->asChecksum);
1043		if (retval) {
1044		pkiDebug("unable to calculate AS REQ checksum\n");
1045		goto cleanup;
1046		}
	889	init_krb5_reply_key_pack(&key_pack);
	890	if (key_pack == NULL) {
	891	retval = ENOMEM;
	892	goto cleanup;
	893	}
	894
	895	retval = krb5_c_make_checksum(context, 0, encrypting_key,
	896	KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
	897	req_pkt, &key_pack->asChecksum);
	898	if (retval) {
	899	pkiDebug("unable to calculate AS REQ checksum\n");
	900	goto cleanup;
	901	}
1047	902	#ifdef DEBUG_CKSUM
1048		pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
1049		print_buffer(req_pkt->data, req_pkt->length);
1050		pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
1051		print_buffer(key_pack->asChecksum.contents,
1052		key_pack->asChecksum.length);
1053		pkiDebug("encrypting key (%d)\n", encrypting_key->length);
1054		print_buffer(encrypting_key->contents, encrypting_key->length);
	903	pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
	904	print_buffer(req_pkt->data, req_pkt->length);
	905	pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
	906	print_buffer(key_pack->asChecksum.contents,
	907	key_pack->asChecksum.length);
	908	pkiDebug("encrypting key (%d)\n", encrypting_key->length);
	909	print_buffer(encrypting_key->contents, encrypting_key->length);
1055	910	#endif
1056	911
1057		krb5_copy_keyblock_contents(context, encrypting_key,
1058		&key_pack->replyKey);
1059
1060		retval = k5int_encode_krb5_reply_key_pack(key_pack,
1061		&encoded_key_pack);
1062		if (retval) {
1063		pkiDebug("failed to encode reply_key_pack\n");
1064		goto cleanup;
1065		}
1066		}
1067
1068		switch ((int)padata->pa_type) {
1069		case KRB5_PADATA_PK_AS_REQ:
1070		rep->choice = choice_pa_pk_as_rep_encKeyPack;
1071		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
1072		reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
1073		(unsigned char *)
1074		encoded_key_pack->data,
1075		encoded_key_pack->length,
1076		(unsigned char **)
1077		&rep->u.encKeyPack.data,
1078		&rep->u.encKeyPack.length);
1079		break;
1080		case KRB5_PADATA_PK_AS_REP_OLD:
1081		case KRB5_PADATA_PK_AS_REQ_OLD:
1082		/* if the request is from the broken draft9 client that
1083		* expects back a nonce, create it now
1084		*/
1085		if (!fixed_keypack) {
1086		init_krb5_reply_key_pack_draft9(&key_pack9);
1087		if (key_pack9 == NULL) {
1088		retval = ENOMEM;
1089		goto cleanup;
1090		}
1091		key_pack9->nonce = reqctx->rcv_auth_pack9->pkAuthenticator.nonce;
1092		krb5_copy_keyblock_contents(context, encrypting_key,
1093		&key_pack9->replyKey);
1094
1095		retval = k5int_encode_krb5_reply_key_pack_draft9(key_pack9,
1096		&encoded_key_pack);
1097		if (retval) {
1098		pkiDebug("failed to encode reply_key_pack\n");
1099		goto cleanup;
1100		}
1101		}
1102
1103		rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
1104		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
1105		reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
1106		(unsigned char *)
1107		encoded_key_pack->data,
1108		encoded_key_pack->length,
1109		(unsigned char **)
1110		&rep9->u.encKeyPack.data, &rep9->u.encKeyPack.length);
1111		break;
1112		}
	912	krb5_copy_keyblock_contents(context, encrypting_key,
	913	&key_pack->replyKey);
	914
	915	retval = k5int_encode_krb5_reply_key_pack(key_pack,
	916	&encoded_key_pack);
	917	if (retval) {
	918	pkiDebug("failed to encode reply_key_pack\n");
	919	goto cleanup;
	920	}
	921
	922	rep->choice = choice_pa_pk_as_rep_encKeyPack;
	923	retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
	924	reqctx->cryptoctx, plgctx->idctx,
	925	padata->pa_type, 1,
	926	(unsigned char *)
	927	encoded_key_pack->data,
	928	encoded_key_pack->length,
	929	(unsigned char **)
	930	&rep->u.encKeyPack.data,
	931	&rep->u.encKeyPack.length);
1113	932	if (retval) {
1114	933	pkiDebug("failed to create pkcs7 enveloped data: %s\n",
1115	934	error_message(retval));

1119	938	print_buffer_bin((unsigned char *)encoded_key_pack->data,
1120	939	encoded_key_pack->length,
1121	940	"/tmp/kdc_key_pack");
1122		switch ((int)padata->pa_type) {
1123		case KRB5_PADATA_PK_AS_REQ:
1124		print_buffer_bin(rep->u.encKeyPack.data,
1125		rep->u.encKeyPack.length,
1126		"/tmp/kdc_enc_key_pack");
1127		break;
1128		case KRB5_PADATA_PK_AS_REP_OLD:
1129		case KRB5_PADATA_PK_AS_REQ_OLD:
1130		print_buffer_bin(rep9->u.encKeyPack.data,
1131		rep9->u.encKeyPack.length,
1132		"/tmp/kdc_enc_key_pack");
1133		break;
1134		}
	941	print_buffer_bin(rep->u.encKeyPack.data, rep->u.encKeyPack.length,
	942	"/tmp/kdc_enc_key_pack");
1135	943	#endif
1136	944	}
1137	945
1138		if ((rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo) &&
	946	if (rep->choice == choice_pa_pk_as_rep_dhInfo &&
1139	947	((reqctx->rcv_auth_pack != NULL &&
1140	948	reqctx->rcv_auth_pack->supportedKDFs != NULL))) {
1141	949

1154	962	}
1155	963	}
1156	964
1157		switch ((int)padata->pa_type) {
1158		case KRB5_PADATA_PK_AS_REQ:
1159		retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data);
1160		break;
1161		case KRB5_PADATA_PK_AS_REP_OLD:
1162		case KRB5_PADATA_PK_AS_REQ_OLD:
1163		retval = k5int_encode_krb5_pa_pk_as_rep_draft9(rep9, &out_data);
1164		break;
1165		}
	965	retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data);
1166	966	if (retval) {
1167	967	pkiDebug("failed to encode AS_REP\n");
1168	968	goto cleanup;

1174	974	#endif
1175	975
1176	976	/* If this is DH, we haven't computed the key yet, so do it now. */
1177		if ((rep9 != NULL &&
1178		rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) \|\|
1179		(rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
1180
1181		/* If we're not doing draft 9, and mutually supported KDFs were found,
1182		* use the algorithm agility KDF. */
1183		if (rep != NULL && rep->u.dh_Info.kdfID) {
	977	if (rep->choice == choice_pa_pk_as_rep_dhInfo) {
	978
	979	/* If mutually supported KDFs were found, use the algorithm agility
	980	* KDF. */
	981	if (rep->u.dh_Info.kdfID) {
1184	982	secret.data = (char *)server_key;
1185	983	secret.length = server_key_len;
1186	984

1216	1014	goto cleanup;
1217	1015	}
1218	1016	(*send_pa)->magic = KV5M_PA_DATA;
1219		switch ((int)padata->pa_type) {
1220		case KRB5_PADATA_PK_AS_REQ:
1221		(*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
1222		break;
1223		case KRB5_PADATA_PK_AS_REQ_OLD:
1224		case KRB5_PADATA_PK_AS_REP_OLD:
1225		(*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
1226		break;
1227		}
	1017	(*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
1228	1018	(*send_pa)->length = out_data->length;
1229	1019	(send_pa)->contents = (krb5_octet ) out_data->data;
1230	1020

1238	1028	krb5_free_data(context, encoded_key_pack);
1239	1029	free(dh_pubkey);
1240	1030	free(server_key);
1241
1242		switch ((int)padata->pa_type) {
1243		case KRB5_PADATA_PK_AS_REQ:
1244		free_krb5_pa_pk_as_req(&reqp);
1245		free_krb5_pa_pk_as_rep(&rep);
1246		free_krb5_reply_key_pack(&key_pack);
1247		break;
1248		case KRB5_PADATA_PK_AS_REP_OLD:
1249		case KRB5_PADATA_PK_AS_REQ_OLD:
1250		free_krb5_pa_pk_as_req_draft9(&reqp9);
1251		free_krb5_pa_pk_as_rep_draft9(&rep9);
1252		if (!fixed_keypack)
1253		free_krb5_reply_key_pack_draft9(&key_pack9);
1254		else
1255		free_krb5_reply_key_pack(&key_pack);
1256		break;
1257		}
	1031	free_krb5_pa_pk_as_req(&reqp);
	1032	free_krb5_pa_pk_as_rep(&rep);
	1033	free_krb5_reply_key_pack(&key_pack);
1258	1034
1259	1035	if (retval)
1260	1036	pkiDebug("pkinit_verify_padata failure");

1272	1048
1273	1049	static krb5_preauthtype supported_server_pa_types[] = {
1274	1050	KRB5_PADATA_PK_AS_REQ,
1275		KRB5_PADATA_PK_AS_REQ_OLD,
1276		KRB5_PADATA_PK_AS_REP_OLD,
1277	1051	KRB5_PADATA_PKINIT_KX,
1278	1052	0
1279	1053	};

1803	1577	if (retval)
1804	1578	goto cleanup;
1805	1579	reqctx->rcv_auth_pack = NULL;
1806		reqctx->rcv_auth_pack9 = NULL;
1807	1580
1808	1581	pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
1809	1582	*ctx = reqctx;

1829	1602	pkinit_fini_req_crypto(reqctx->cryptoctx);
1830	1603	if (reqctx->rcv_auth_pack != NULL)
1831	1604	free_krb5_auth_pack(&reqctx->rcv_auth_pack);
1832		if (reqctx->rcv_auth_pack9 != NULL)
1833		free_krb5_auth_pack_draft9(context, &reqctx->rcv_auth_pack9);
1834	1605
1835	1606	free(reqctx);
1836	1607	}

+0

-4

src/plugins/preauth/pkinit/pkinit_trace.h less more

48	48	#define TRACE_PKINIT_CLIENT_KDF_OS2K(c, keyblock) \
49	49	TRACE(c, "PKINIT client used octetstring2key to compute reply key " \
50	50	"{keyblock}", keyblock)
51		#define TRACE_PKINIT_CLIENT_NO_DRAFT9(c) \
52		TRACE(c, "PKINIT client ignoring draft 9 offer from RFC 4556 KDC")
53	51	#define TRACE_PKINIT_CLIENT_NO_IDENTITY(c) \
54	52	TRACE(c, "PKINIT client has no configured identity; giving up")
55	53	#define TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(c, expected, received) \

114	112	TRACE(c, "PKINIT server found no SAN in client cert")
115	113	#define TRACE_PKINIT_SERVER_PADATA_VERIFY(c) \
116	114	TRACE(c, "PKINIT server verifying KRB5_PADATA_PK_AS_REQ")
117		#define TRACE_PKINIT_SERVER_PADATA_VERIFY_OLD(c) \
118		TRACE(c, "PKINIT server verifying KRB5_PADATA_PK_AS_REQ_OLD")
119	115	#define TRACE_PKINIT_SERVER_PADATA_VERIFY_FAIL(c) \
120	116	TRACE(c, "PKINIT server failed to verify PA data")
121	117	#define TRACE_PKINIT_SERVER_RETURN_PADATA(c) \

+2

-1

src/plugins/preauth/spake/deps less more

44	44	$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
45	45	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
46	46	$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
47		edwards25519.c edwards25519_tables.h groups.h iana.h
	47	edwards25519.c edwards25519_fiat.h edwards25519_tables.h \
	48	groups.h iana.h
48	49	spake_client.so spake_client.po $(OUTPRE)spake_client.$(OBJEXT): \
49	50	$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
50	51	$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \

+193

-1084

src/plugins/preauth/spake/edwards25519.c less more

60	60	* the generator point table, which is still in a separate header), so all of
61	61	* the functions are declared static.
62	62	*
63		* - BORINGSSL_CURVE25519_64BIT is defined here using preprocessor conditionals
64		* derived from the BoringSSL headers.
	63	* - BORINGSSL_CURVE25519_64BIT is defined here using autoconf tests.
	64	*
	65	* - curve25519_32.h and curve25519_64.h are combined into edwards25519_fiat.h
	66	* (conditionalized on BORINGSSL_CURVE25519_64BIT) for predictable dependency
	67	* generation. The fiat_25519_selectznz and fiat_25519_carry_scmul_121666
	68	* functions were removed from both branches as they are not used here (the
	69	* former because it is not used by the BoringSSL code and the latter because
	70	* it is only used by the X25519 code). The fiat_25519_int128 and
	71	* fiat_25519_uint128 typedefs were adjusted to work with older versions of
	72	* gcc.
	73	*
	74	* - fe_cmov() has the initial "Silence an unused function warning" part
	75	* removed, as we removed fiat_25519_selectznz instead.
65	76	*
66	77	* - The field element bounds assertion checks are disabled by default, as they
67	78	* slow the code down by roughly a factor of two. The

89	100	*/
90	101
91	102	// Some of this code is taken from the ref10 version of Ed25519 in SUPERCOP
92		// 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as
	103	// 20141124 (https://bench.cr.yp.to/supercop.html). That code is released as
93	104	// public domain but parts have been replaced with code generated by Fiat
94	105	// (https://github.com/mit-plv/fiat-crypto), which is MIT licensed.
95	106

104	115	#define BORINGSSL_CURVE25519_64BIT
105	116	typedef __int128_t int128_t;
106	117	typedef __uint128_t uint128_t;
107		#endif
108
109		#ifndef EDWARDS25519_ASSERTS
110		#define assert_fe(f)
111		#define assert_fe_loose(f)
112		#define assert_fe_frozen(f)
113	118	#endif
114	119
115	120	/* From BoringSSL third-party/fiat/internal.h */

184	189	} ge_cached;
185	190
186	191	#include "edwards25519_tables.h"
	192	#include "edwards25519_fiat.h"
187	193
188	194	/* From BoringSSL third-party/fiat/curve25519.c */
189	195

204	210	return result;
205	211	}
206	212
	213
	214	// Field operations.
	215
207	216	#if defined(BORINGSSL_CURVE25519_64BIT)
208		static uint64_t load_8(const uint8_t *in) {
209		uint64_t result;
210		result = (uint64_t)in[0];
211		result \|= ((uint64_t)in[1]) << 8;
212		result \|= ((uint64_t)in[2]) << 16;
213		result \|= ((uint64_t)in[3]) << 24;
214		result \|= ((uint64_t)in[4]) << 32;
215		result \|= ((uint64_t)in[5]) << 40;
216		result \|= ((uint64_t)in[6]) << 48;
217		result \|= ((uint64_t)in[7]) << 56;
218		return result;
219		}
220
221		static uint8_t /bool/ addcarryx_u51(uint8_t /bool/ c, uint64_t a,
222		uint64_t b, uint64_t *low) {
223		// This function extracts 51 bits of result and 1 bit of carry (52 total), so
224		// a 64-bit intermediate is sufficient.
225		uint64_t x = a + b + c;
226		*low = x & ((UINT64_C(1) << 51) - 1);
227		return (x >> 51) & 1;
228		}
229
230		static uint8_t /bool/ subborrow_u51(uint8_t /bool/ c, uint64_t a,
231		uint64_t b, uint64_t *low) {
232		// This function extracts 51 bits of result and 1 bit of borrow (52 total), so
233		// a 64-bit intermediate is sufficient.
234		uint64_t x = a - b - c;
235		*low = x & ((UINT64_C(1) << 51) - 1);
236		return x >> 63;
237		}
238
239		static uint64_t cmovznz64(uint64_t t, uint64_t z, uint64_t nz) {
240		t = -!!t; // all set if nonzero, 0 if 0
241		return (t&nz) \| ((~t)&z);
242		}
	217
	218	typedef uint64_t fe_limb_t;
	219	#define FE_NUM_LIMBS 5
	220
	221	// assert_fe asserts that \|f\| satisfies bounds:
	222	//
	223	// [[0x0 ~> 0x8cccccccccccc],
	224	// [0x0 ~> 0x8cccccccccccc],
	225	// [0x0 ~> 0x8cccccccccccc],
	226	// [0x0 ~> 0x8cccccccccccc],
	227	// [0x0 ~> 0x8cccccccccccc]]
	228	//
	229	// See comments in edwards25519_fiat.h for which functions use these bounds for
	230	// inputs or outputs.
	231	#define assert_fe(f) \
	232	do { \
	233	for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \
	234	assert(f[_assert_fe_i] <= UINT64_C(0x8cccccccccccc)); \
	235	} \
	236	} while (0)
	237
	238	// assert_fe_loose asserts that \|f\| satisfies bounds:
	239	//
	240	// [[0x0 ~> 0x1a666666666664],
	241	// [0x0 ~> 0x1a666666666664],
	242	// [0x0 ~> 0x1a666666666664],
	243	// [0x0 ~> 0x1a666666666664],
	244	// [0x0 ~> 0x1a666666666664]]
	245	//
	246	// See comments in edwards25519_fiat.h for which functions use these bounds for
	247	// inputs or outputs.
	248	#define assert_fe_loose(f) \
	249	do { \
	250	for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \
	251	assert(f[_assert_fe_i] <= UINT64_C(0x1a666666666664)); \
	252	} \
	253	} while (0)
243	254
244	255	#else
245	256
246		static uint8_t /bool/ addcarryx_u25(uint8_t /bool/ c, uint32_t a,
247		uint32_t b, uint32_t *low) {
248		// This function extracts 25 bits of result and 1 bit of carry (26 total), so
249		// a 32-bit intermediate is sufficient.
250		uint32_t x = a + b + c;
251		*low = x & ((1 << 25) - 1);
252		return (x >> 25) & 1;
253		}
254
255		static uint8_t /bool/ addcarryx_u26(uint8_t /bool/ c, uint32_t a,
256		uint32_t b, uint32_t *low) {
257		// This function extracts 26 bits of result and 1 bit of carry (27 total), so
258		// a 32-bit intermediate is sufficient.
259		uint32_t x = a + b + c;
260		*low = x & ((1 << 26) - 1);
261		return (x >> 26) & 1;
262		}
263
264		static uint8_t /bool/ subborrow_u25(uint8_t /bool/ c, uint32_t a,
265		uint32_t b, uint32_t *low) {
266		// This function extracts 25 bits of result and 1 bit of borrow (26 total), so
267		// a 32-bit intermediate is sufficient.
268		uint32_t x = a - b - c;
269		*low = x & ((1 << 25) - 1);
270		return x >> 31;
271		}
272
273		static uint8_t /bool/ subborrow_u26(uint8_t /bool/ c, uint32_t a,
274		uint32_t b, uint32_t *low) {
275		// This function extracts 26 bits of result and 1 bit of borrow (27 total), so
276		// a 32-bit intermediate is sufficient.
277		uint32_t x = a - b - c;
278		*low = x & ((1 << 26) - 1);
279		return x >> 31;
280		}
281
282		static uint32_t cmovznz32(uint32_t t, uint32_t z, uint32_t nz) {
283		t = -!!t; // all set if nonzero, 0 if 0
284		return (t&nz) \| ((~t)&z);
285		}
286
	257	typedef uint32_t fe_limb_t;
	258	#define FE_NUM_LIMBS 10
	259
	260	// assert_fe asserts that \|f\| satisfies bounds:
	261	//
	262	// [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
	263	// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
	264	// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
	265	// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
	266	// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	267	//
	268	// See comments in edwards25519_fiat.h for which functions use these bounds for
	269	// inputs or outputs.
	270	#define assert_fe(f) \
	271	do { \
	272	for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
	273	assert(f[_assert_fe_i] <= \
	274	((_assert_fe_i & 1) ? 0x2333333u : 0x4666666u)); \
	275	} \
	276	} while (0)
	277
	278	// assert_fe_loose asserts that \|f\| satisfies bounds:
	279	//
	280	// [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
	281	// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
	282	// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
	283	// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
	284	// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	285	//
	286	// See comments in edwards25519_fiat.h for which functions use these bounds for
	287	// inputs or outputs.
	288	#define assert_fe_loose(f) \
	289	do { \
	290	for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
	291	assert(f[_assert_fe_i] <= \
	292	((_assert_fe_i & 1) ? 0x6999999u : 0xd333332u)); \
	293	} \
	294	} while (0)
	295
	296	#endif // BORINGSSL_CURVE25519_64BIT
	297
	298	#ifndef EDWARDS25519_ASSERTS
	299	#undef assert_fe
	300	#undef assert_fe_loose
	301	#define assert_fe(f)
	302	#define assert_fe_loose(f)
287	303	#endif
288	304
289
290		// Field operations.
291
292		#if defined(BORINGSSL_CURVE25519_64BIT)
293
294		#ifdef EDWARDS25519_ASSERTS
295		#define assert_fe(f) do { \
296		unsigned _assert_fe_i; \
297		for (_assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
298		assert(f[_assert_fe_i] < 1.125*(UINT64_C(1)<<51)); \
299		} \
300		} while (0)
301
302		#define assert_fe_loose(f) do { \
303		unsigned _assert_fe_i; \
304		for (_assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
305		assert(f[_assert_fe_i] < 3.375*(UINT64_C(1)<<51)); \
306		} \
307		} while (0)
308
309		#define assert_fe_frozen(f) do { \
310		unsigned _assert_fe_i; \
311		for (_assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \
312		assert(f[_assert_fe_i] < (UINT64_C(1)<<51)); \
313		} \
314		} while (0)
315		#endif /* EDWARDS25519_ASSERTS */
316
317		static void fe_frombytes_impl(uint64_t h[5], const uint8_t *s) {
318		// Ignores top bit of s.
319		uint64_t a0 = load_8(s);
320		uint64_t a1 = load_8(s+8);
321		uint64_t a2 = load_8(s+16);
322		uint64_t a3 = load_8(s+24);
323		// Use 51 bits, 64-51 = 13 left.
324		h[0] = a0 & ((UINT64_C(1) << 51) - 1);
325		// (64-51) + 38 = 13 + 38 = 51
326		h[1] = (a0 >> 51) \| ((a1 & ((UINT64_C(1) << 38) - 1)) << 13);
327		// (64-38) + 25 = 26 + 25 = 51
328		h[2] = (a1 >> 38) \| ((a2 & ((UINT64_C(1) << 25) - 1)) << 26);
329		// (64-25) + 12 = 39 + 12 = 51
330		h[3] = (a2 >> 25) \| ((a3 & ((UINT64_C(1) << 12) - 1)) << 39);
331		// (64-12) = 52, ignore top bit
332		h[4] = (a3 >> 12) & ((UINT64_C(1) << 51) - 1);
333		assert_fe(h);
334		}
335
336		static void fe_frombytes(fe h, const uint8_t s) {
337		fe_frombytes_impl(h->v, s);
338		}
339
340		static void fe_freeze(uint64_t out[5], const uint64_t in1[5]) {
341		{ const uint64_t x7 = in1[4];
342		{ const uint64_t x8 = in1[3];
343		{ const uint64_t x6 = in1[2];
344		{ const uint64_t x4 = in1[1];
345		{ const uint64_t x2 = in1[0];
346		{ uint64_t x10; uint8_t/bool/ x11 = subborrow_u51(0x0, x2, 0x7ffffffffffed, &x10);
347		{ uint64_t x13; uint8_t/bool/ x14 = subborrow_u51(x11, x4, 0x7ffffffffffff, &x13);
348		{ uint64_t x16; uint8_t/bool/ x17 = subborrow_u51(x14, x6, 0x7ffffffffffff, &x16);
349		{ uint64_t x19; uint8_t/bool/ x20 = subborrow_u51(x17, x8, 0x7ffffffffffff, &x19);
350		{ uint64_t x22; uint8_t/bool/ x23 = subborrow_u51(x20, x7, 0x7ffffffffffff, &x22);
351		{ uint64_t x24 = cmovznz64(x23, 0x0, 0xffffffffffffffffL);
352		{ uint64_t x25 = (x24 & 0x7ffffffffffed);
353		{ uint64_t x27; uint8_t/bool/ x28 = addcarryx_u51(0x0, x10, x25, &x27);
354		{ uint64_t x29 = (x24 & 0x7ffffffffffff);
355		{ uint64_t x31; uint8_t/bool/ x32 = addcarryx_u51(x28, x13, x29, &x31);
356		{ uint64_t x33 = (x24 & 0x7ffffffffffff);
357		{ uint64_t x35; uint8_t/bool/ x36 = addcarryx_u51(x32, x16, x33, &x35);
358		{ uint64_t x37 = (x24 & 0x7ffffffffffff);
359		{ uint64_t x39; uint8_t/bool/ x40 = addcarryx_u51(x36, x19, x37, &x39);
360		{ uint64_t x41 = (x24 & 0x7ffffffffffff);
361		{ uint64_t x43; addcarryx_u51(x40, x22, x41, &x43);
362		out[0] = x27;
363		out[1] = x31;
364		out[2] = x35;
365		out[3] = x39;
366		out[4] = x43;
367		}}}}}}}}}}}}}}}}}}}}}
	305	static void fe_frombytes_strict(fe *h, const uint8_t s[32]) {
	306	// \|fiat_25519_from_bytes\| requires the top-most bit be clear.
	307	assert((s[31] & 0x80) == 0);
	308	fiat_25519_from_bytes(h->v, s);
	309	assert_fe(h->v);
	310	}
	311
	312	static void fe_frombytes(fe *h, const uint8_t s[32]) {
	313	uint8_t s_copy[32];
	314	memcpy(s_copy, s, 32);
	315	s_copy[31] &= 0x7f;
	316	fe_frombytes_strict(h, s_copy);
368	317	}
369	318
370	319	static void fe_tobytes(uint8_t s[32], const fe *f) {
371	320	assert_fe(f->v);
372		uint64_t h[5];
373		fe_freeze(h, f->v);
374		assert_fe_frozen(h);
375
376		s[0] = h[0] >> 0;
377		s[1] = h[0] >> 8;
378		s[2] = h[0] >> 16;
379		s[3] = h[0] >> 24;
380		s[4] = h[0] >> 32;
381		s[5] = h[0] >> 40;
382		s[6] = (h[0] >> 48) \| (h[1] << 3);
383		s[7] = h[1] >> 5;
384		s[8] = h[1] >> 13;
385		s[9] = h[1] >> 21;
386		s[10] = h[1] >> 29;
387		s[11] = h[1] >> 37;
388		s[12] = (h[1] >> 45) \| (h[2] << 6);
389		s[13] = h[2] >> 2;
390		s[14] = h[2] >> 10;
391		s[15] = h[2] >> 18;
392		s[16] = h[2] >> 26;
393		s[17] = h[2] >> 34;
394		s[18] = h[2] >> 42;
395		s[19] = (h[2] >> 50) \| (h[3] << 1);
396		s[20] = h[3] >> 7;
397		s[21] = h[3] >> 15;
398		s[22] = h[3] >> 23;
399		s[23] = h[3] >> 31;
400		s[24] = h[3] >> 39;
401		s[25] = (h[3] >> 47) \| (h[4] << 4);
402		s[26] = h[4] >> 4;
403		s[27] = h[4] >> 12;
404		s[28] = h[4] >> 20;
405		s[29] = h[4] >> 28;
406		s[30] = h[4] >> 36;
407		s[31] = h[4] >> 44;
	321	fiat_25519_to_bytes(s, f->v);
408	322	}
409	323
410	324	// h = 0

425	339	static void fe_loose_1(fe_loose *h) {
426	340	memset(h, 0, sizeof(fe_loose));
427	341	h->v[0] = 1;
428		}
429
430		static void fe_add_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
431		{ const uint64_t x10 = in1[4];
432		{ const uint64_t x11 = in1[3];
433		{ const uint64_t x9 = in1[2];
434		{ const uint64_t x7 = in1[1];
435		{ const uint64_t x5 = in1[0];
436		{ const uint64_t x18 = in2[4];
437		{ const uint64_t x19 = in2[3];
438		{ const uint64_t x17 = in2[2];
439		{ const uint64_t x15 = in2[1];
440		{ const uint64_t x13 = in2[0];
441		out[0] = (x5 + x13);
442		out[1] = (x7 + x15);
443		out[2] = (x9 + x17);
444		out[3] = (x11 + x19);
445		out[4] = (x10 + x18);
446		}}}}}}}}}}
447	342	}
448	343
449	344	// h = f + g

451	346	static void fe_add(fe_loose h, const fe f, const fe *g) {
452	347	assert_fe(f->v);
453	348	assert_fe(g->v);
454		fe_add_impl(h->v, f->v, g->v);
	349	fiat_25519_add(h->v, f->v, g->v);
455	350	assert_fe_loose(h->v);
456		}
457
458		static void fe_sub_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
459		{ const uint64_t x10 = in1[4];
460		{ const uint64_t x11 = in1[3];
461		{ const uint64_t x9 = in1[2];
462		{ const uint64_t x7 = in1[1];
463		{ const uint64_t x5 = in1[0];
464		{ const uint64_t x18 = in2[4];
465		{ const uint64_t x19 = in2[3];
466		{ const uint64_t x17 = in2[2];
467		{ const uint64_t x15 = in2[1];
468		{ const uint64_t x13 = in2[0];
469		out[0] = ((0xfffffffffffda + x5) - x13);
470		out[1] = ((0xffffffffffffe + x7) - x15);
471		out[2] = ((0xffffffffffffe + x9) - x17);
472		out[3] = ((0xffffffffffffe + x11) - x19);
473		out[4] = ((0xffffffffffffe + x10) - x18);
474		}}}}}}}}}}
475	351	}
476	352
477	353	// h = f - g

479	355	static void fe_sub(fe_loose h, const fe f, const fe *g) {
480	356	assert_fe(f->v);
481	357	assert_fe(g->v);
482		fe_sub_impl(h->v, f->v, g->v);
	358	fiat_25519_sub(h->v, f->v, g->v);
483	359	assert_fe_loose(h->v);
484		}
485
486		static void fe_carry_impl(uint64_t out[5], const uint64_t in1[5]) {
487		{ const uint64_t x7 = in1[4];
488		{ const uint64_t x8 = in1[3];
489		{ const uint64_t x6 = in1[2];
490		{ const uint64_t x4 = in1[1];
491		{ const uint64_t x2 = in1[0];
492		{ uint64_t x9 = (x2 >> 0x33);
493		{ uint64_t x10 = (x2 & 0x7ffffffffffff);
494		{ uint64_t x11 = (x9 + x4);
495		{ uint64_t x12 = (x11 >> 0x33);
496		{ uint64_t x13 = (x11 & 0x7ffffffffffff);
497		{ uint64_t x14 = (x12 + x6);
498		{ uint64_t x15 = (x14 >> 0x33);
499		{ uint64_t x16 = (x14 & 0x7ffffffffffff);
500		{ uint64_t x17 = (x15 + x8);
501		{ uint64_t x18 = (x17 >> 0x33);
502		{ uint64_t x19 = (x17 & 0x7ffffffffffff);
503		{ uint64_t x20 = (x18 + x7);
504		{ uint64_t x21 = (x20 >> 0x33);
505		{ uint64_t x22 = (x20 & 0x7ffffffffffff);
506		{ uint64_t x23 = (x10 + (0x13 * x21));
507		{ uint64_t x24 = (x23 >> 0x33);
508		{ uint64_t x25 = (x23 & 0x7ffffffffffff);
509		{ uint64_t x26 = (x24 + x13);
510		{ uint64_t x27 = (x26 >> 0x33);
511		{ uint64_t x28 = (x26 & 0x7ffffffffffff);
512		out[0] = x25;
513		out[1] = x28;
514		out[2] = (x27 + x16);
515		out[3] = x19;
516		out[4] = x22;
517		}}}}}}}}}}}}}}}}}}}}}}}}}
518	360	}
519	361
520	362	static void fe_carry(fe h, const fe_loose f) {
521	363	assert_fe_loose(f->v);
522		fe_carry_impl(h->v, f->v);
	364	fiat_25519_carry(h->v, f->v);
523	365	assert_fe(h->v);
524	366	}
525	367
526		static void fe_mul_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) {
	368	static void fe_mul_impl(fe_limb_t out[FE_NUM_LIMBS],
	369	const fe_limb_t in1[FE_NUM_LIMBS],
	370	const fe_limb_t in2[FE_NUM_LIMBS]) {
527	371	assert_fe_loose(in1);
528	372	assert_fe_loose(in2);
529		{ const uint64_t x10 = in1[4];
530		{ const uint64_t x11 = in1[3];
531		{ const uint64_t x9 = in1[2];
532		{ const uint64_t x7 = in1[1];
533		{ const uint64_t x5 = in1[0];
534		{ const uint64_t x18 = in2[4];
535		{ const uint64_t x19 = in2[3];
536		{ const uint64_t x17 = in2[2];
537		{ const uint64_t x15 = in2[1];
538		{ const uint64_t x13 = in2[0];
539		{ uint128_t x20 = ((uint128_t)x5 * x13);
540		{ uint128_t x21 = (((uint128_t)x5 * x15) + ((uint128_t)x7 * x13));
541		{ uint128_t x22 = ((((uint128_t)x5 * x17) + ((uint128_t)x9 * x13)) + ((uint128_t)x7 * x15));
542		{ uint128_t x23 = (((((uint128_t)x5 * x19) + ((uint128_t)x11 * x13)) + ((uint128_t)x7 * x17)) + ((uint128_t)x9 * x15));
543		{ uint128_t x24 = ((((((uint128_t)x5 * x18) + ((uint128_t)x10 * x13)) + ((uint128_t)x11 * x15)) + ((uint128_t)x7 * x19)) + ((uint128_t)x9 * x17));
544		{ uint64_t x25 = (x10 * 0x13);
545		{ uint64_t x26 = (x7 * 0x13);
546		{ uint64_t x27 = (x9 * 0x13);
547		{ uint64_t x28 = (x11 * 0x13);
548		{ uint128_t x29 = ((((x20 + ((uint128_t)x25 * x15)) + ((uint128_t)x26 * x18)) + ((uint128_t)x27 * x19)) + ((uint128_t)x28 * x17));
549		{ uint128_t x30 = (((x21 + ((uint128_t)x25 * x17)) + ((uint128_t)x27 * x18)) + ((uint128_t)x28 * x19));
550		{ uint128_t x31 = ((x22 + ((uint128_t)x25 * x19)) + ((uint128_t)x28 * x18));
551		{ uint128_t x32 = (x23 + ((uint128_t)x25 * x18));
552		{ uint64_t x33 = (uint64_t) (x29 >> 0x33);
553		{ uint64_t x34 = ((uint64_t)x29 & 0x7ffffffffffff);
554		{ uint128_t x35 = (x33 + x30);
555		{ uint64_t x36 = (uint64_t) (x35 >> 0x33);
556		{ uint64_t x37 = ((uint64_t)x35 & 0x7ffffffffffff);
557		{ uint128_t x38 = (x36 + x31);
558		{ uint64_t x39 = (uint64_t) (x38 >> 0x33);
559		{ uint64_t x40 = ((uint64_t)x38 & 0x7ffffffffffff);
560		{ uint128_t x41 = (x39 + x32);
561		{ uint64_t x42 = (uint64_t) (x41 >> 0x33);
562		{ uint64_t x43 = ((uint64_t)x41 & 0x7ffffffffffff);
563		{ uint128_t x44 = (x42 + x24);
564		{ uint64_t x45 = (uint64_t) (x44 >> 0x33);
565		{ uint64_t x46 = ((uint64_t)x44 & 0x7ffffffffffff);
566		{ uint64_t x47 = (x34 + (0x13 * x45));
567		{ uint64_t x48 = (x47 >> 0x33);
568		{ uint64_t x49 = (x47 & 0x7ffffffffffff);
569		{ uint64_t x50 = (x48 + x37);
570		{ uint64_t x51 = (x50 >> 0x33);
571		{ uint64_t x52 = (x50 & 0x7ffffffffffff);
572		out[0] = x49;
573		out[1] = x52;
574		out[2] = (x51 + x40);
575		out[3] = x43;
576		out[4] = x46;
577		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
	373	fiat_25519_carry_mul(out, in1, in2);
578	374	assert_fe(out);
579	375	}
580	376

602	398	fe_mul_impl(h->v, f->v, g->v);
603	399	}
604	400
605		static void fe_sqr_impl(uint64_t out[5], const uint64_t in1[5]) {
606		assert_fe_loose(in1);
607		{ const uint64_t x7 = in1[4];
608		{ const uint64_t x8 = in1[3];
609		{ const uint64_t x6 = in1[2];
610		{ const uint64_t x4 = in1[1];
611		{ const uint64_t x2 = in1[0];
612		{ uint64_t x9 = (x2 * 0x2);
613		{ uint64_t x10 = (x4 * 0x2);
614		{ uint64_t x11 = ((x6 * 0x2) * 0x13);
615		{ uint64_t x12 = (x7 * 0x13);
616		{ uint64_t x13 = (x12 * 0x2);
617		{ uint128_t x14 = ((((uint128_t)x2 * x2) + ((uint128_t)x13 * x4)) + ((uint128_t)x11 * x8));
618		{ uint128_t x15 = ((((uint128_t)x9 * x4) + ((uint128_t)x13 * x6)) + ((uint128_t)x8 * (x8 * 0x13)));
619		{ uint128_t x16 = ((((uint128_t)x9 * x6) + ((uint128_t)x4 * x4)) + ((uint128_t)x13 * x8));
620		{ uint128_t x17 = ((((uint128_t)x9 * x8) + ((uint128_t)x10 * x6)) + ((uint128_t)x7 * x12));
621		{ uint128_t x18 = ((((uint128_t)x9 * x7) + ((uint128_t)x10 * x8)) + ((uint128_t)x6 * x6));
622		{ uint64_t x19 = (uint64_t) (x14 >> 0x33);
623		{ uint64_t x20 = ((uint64_t)x14 & 0x7ffffffffffff);
624		{ uint128_t x21 = (x19 + x15);
625		{ uint64_t x22 = (uint64_t) (x21 >> 0x33);
626		{ uint64_t x23 = ((uint64_t)x21 & 0x7ffffffffffff);
627		{ uint128_t x24 = (x22 + x16);
628		{ uint64_t x25 = (uint64_t) (x24 >> 0x33);
629		{ uint64_t x26 = ((uint64_t)x24 & 0x7ffffffffffff);
630		{ uint128_t x27 = (x25 + x17);
631		{ uint64_t x28 = (uint64_t) (x27 >> 0x33);
632		{ uint64_t x29 = ((uint64_t)x27 & 0x7ffffffffffff);
633		{ uint128_t x30 = (x28 + x18);
634		{ uint64_t x31 = (uint64_t) (x30 >> 0x33);
635		{ uint64_t x32 = ((uint64_t)x30 & 0x7ffffffffffff);
636		{ uint64_t x33 = (x20 + (0x13 * x31));
637		{ uint64_t x34 = (x33 >> 0x33);
638		{ uint64_t x35 = (x33 & 0x7ffffffffffff);
639		{ uint64_t x36 = (x34 + x23);
640		{ uint64_t x37 = (x36 >> 0x33);
641		{ uint64_t x38 = (x36 & 0x7ffffffffffff);
642		out[0] = x35;
643		out[1] = x38;
644		out[2] = (x37 + x26);
645		out[3] = x29;
646		out[4] = x32;
647		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
648		assert_fe(out);
649		}
650
651	401	static void fe_sq_tl(fe h, const fe_loose f) {
652		fe_sqr_impl(h->v, f->v);
	402	assert_fe_loose(f->v);
	403	fiat_25519_carry_square(h->v, f->v);
	404	assert_fe(h->v);
653	405	}
654	406
655	407	static void fe_sq_tt(fe h, const fe f) {
656		fe_sqr_impl(h->v, f->v);
657		}
658
659		// Adapted from Fiat-synthesized \|fe_sub_impl\| with \|out\| = 0.
660		static void fe_neg_impl(uint64_t out[5], const uint64_t in2[5]) {
661		{ const uint64_t x10 = 0;
662		{ const uint64_t x11 = 0;
663		{ const uint64_t x9 = 0;
664		{ const uint64_t x7 = 0;
665		{ const uint64_t x5 = 0;
666		{ const uint64_t x18 = in2[4];
667		{ const uint64_t x19 = in2[3];
668		{ const uint64_t x17 = in2[2];
669		{ const uint64_t x15 = in2[1];
670		{ const uint64_t x13 = in2[0];
671		out[0] = ((0xfffffffffffda + x5) - x13);
672		out[1] = ((0xffffffffffffe + x7) - x15);
673		out[2] = ((0xffffffffffffe + x9) - x17);
674		out[3] = ((0xffffffffffffe + x11) - x19);
675		out[4] = ((0xffffffffffffe + x10) - x18);
676		}}}}}}}}}}
	408	assert_fe_loose(f->v);
	409	fiat_25519_carry_square(h->v, f->v);
	410	assert_fe(h->v);
677	411	}
678	412
679	413	// h = -f
680	414	static void fe_neg(fe_loose h, const fe f) {
681	415	assert_fe(f->v);
682		fe_neg_impl(h->v, f->v);
	416	fiat_25519_opp(h->v, f->v);
683	417	assert_fe_loose(h->v);
684	418	}
685	419

687	421	// replace (f,g) with (f,g) if b == 0.
688	422	//
689	423	// Preconditions: b in {0,1}.
690		static void fe_cmov(fe_loose f, const fe_loose g, uint64_t b) {
	424	static void fe_cmov(fe_loose f, const fe_loose g, fe_limb_t b) {
	425	b = 0-b;
691	426	unsigned i;
692		b = 0-b;
693		for (i = 0; i < 5; i++) {
694		uint64_t x = f->v[i] ^ g->v[i];
	427	for (i = 0; i < FE_NUM_LIMBS; i++) {
	428	fe_limb_t x = f->v[i] ^ g->v[i];
695	429	x &= b;
696	430	f->v[i] ^= x;
697	431	}
698	432	}
699
700		#else
701
702		#ifdef EDWARDS25519_ASSERTS
703		#define assert_fe(f) do { \
704		unsigned _assert_fe_i; \
705		for (_assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
706		assert(f[_assert_fe_i] < 1.125*(1<<(26-(_assert_fe_i&1)))); \
707		} \
708		} while (0)
709
710		#define assert_fe_loose(f) do { \
711		unsigned _assert_fe_i; \
712		for (_assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
713		assert(f[_assert_fe_i] < 3.375*(1<<(26-(_assert_fe_i&1)))); \
714		} \
715		} while (0)
716
717		#define assert_fe_frozen(f) do { \
718		unsigned _assert_fe_i; \
719		for (_assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \
720		assert(f[_assert_fe_i] < (1u<<(26-(_assert_fe_i&1)))); \
721		} \
722		} while (0)
723		#endif /* EDWARDS25519_ASSERTS */
724
725		static void fe_frombytes_impl(uint32_t h[10], const uint8_t *s) {
726		// Ignores top bit of s.
727		uint32_t a0 = load_4(s);
728		uint32_t a1 = load_4(s+4);
729		uint32_t a2 = load_4(s+8);
730		uint32_t a3 = load_4(s+12);
731		uint32_t a4 = load_4(s+16);
732		uint32_t a5 = load_4(s+20);
733		uint32_t a6 = load_4(s+24);
734		uint32_t a7 = load_4(s+28);
735		h[0] = a0&((1<<26)-1); // 26 used, 32-26 left. 26
736		h[1] = (a0>>26) \| ((a1&((1<<19)-1))<< 6); // (32-26) + 19 = 6+19 = 25
737		h[2] = (a1>>19) \| ((a2&((1<<13)-1))<<13); // (32-19) + 13 = 13+13 = 26
738		h[3] = (a2>>13) \| ((a3&((1<< 6)-1))<<19); // (32-13) + 6 = 19+ 6 = 25
739		h[4] = (a3>> 6); // (32- 6) = 26
740		h[5] = a4&((1<<25)-1); // 25
741		h[6] = (a4>>25) \| ((a5&((1<<19)-1))<< 7); // (32-25) + 19 = 7+19 = 26
742		h[7] = (a5>>19) \| ((a6&((1<<12)-1))<<13); // (32-19) + 12 = 13+12 = 25
743		h[8] = (a6>>12) \| ((a7&((1<< 6)-1))<<20); // (32-12) + 6 = 20+ 6 = 26
744		h[9] = (a7>> 6)&((1<<25)-1); // 25
745		assert_fe(h);
746		}
747
748		static void fe_frombytes(fe h, const uint8_t s) {
749		fe_frombytes_impl(h->v, s);
750		}
751
752		static void fe_freeze(uint32_t out[10], const uint32_t in1[10]) {
753		{ const uint32_t x17 = in1[9];
754		{ const uint32_t x18 = in1[8];
755		{ const uint32_t x16 = in1[7];
756		{ const uint32_t x14 = in1[6];
757		{ const uint32_t x12 = in1[5];
758		{ const uint32_t x10 = in1[4];
759		{ const uint32_t x8 = in1[3];
760		{ const uint32_t x6 = in1[2];
761		{ const uint32_t x4 = in1[1];
762		{ const uint32_t x2 = in1[0];
763		{ uint32_t x20; uint8_t/bool/ x21 = subborrow_u26(0x0, x2, 0x3ffffed, &x20);
764		{ uint32_t x23; uint8_t/bool/ x24 = subborrow_u25(x21, x4, 0x1ffffff, &x23);
765		{ uint32_t x26; uint8_t/bool/ x27 = subborrow_u26(x24, x6, 0x3ffffff, &x26);
766		{ uint32_t x29; uint8_t/bool/ x30 = subborrow_u25(x27, x8, 0x1ffffff, &x29);
767		{ uint32_t x32; uint8_t/bool/ x33 = subborrow_u26(x30, x10, 0x3ffffff, &x32);
768		{ uint32_t x35; uint8_t/bool/ x36 = subborrow_u25(x33, x12, 0x1ffffff, &x35);
769		{ uint32_t x38; uint8_t/bool/ x39 = subborrow_u26(x36, x14, 0x3ffffff, &x38);
770		{ uint32_t x41; uint8_t/bool/ x42 = subborrow_u25(x39, x16, 0x1ffffff, &x41);
771		{ uint32_t x44; uint8_t/bool/ x45 = subborrow_u26(x42, x18, 0x3ffffff, &x44);
772		{ uint32_t x47; uint8_t/bool/ x48 = subborrow_u25(x45, x17, 0x1ffffff, &x47);
773		{ uint32_t x49 = cmovznz32(x48, 0x0, 0xffffffff);
774		{ uint32_t x50 = (x49 & 0x3ffffed);
775		{ uint32_t x52; uint8_t/bool/ x53 = addcarryx_u26(0x0, x20, x50, &x52);
776		{ uint32_t x54 = (x49 & 0x1ffffff);
777		{ uint32_t x56; uint8_t/bool/ x57 = addcarryx_u25(x53, x23, x54, &x56);
778		{ uint32_t x58 = (x49 & 0x3ffffff);
779		{ uint32_t x60; uint8_t/bool/ x61 = addcarryx_u26(x57, x26, x58, &x60);
780		{ uint32_t x62 = (x49 & 0x1ffffff);
781		{ uint32_t x64; uint8_t/bool/ x65 = addcarryx_u25(x61, x29, x62, &x64);
782		{ uint32_t x66 = (x49 & 0x3ffffff);
783		{ uint32_t x68; uint8_t/bool/ x69 = addcarryx_u26(x65, x32, x66, &x68);
784		{ uint32_t x70 = (x49 & 0x1ffffff);
785		{ uint32_t x72; uint8_t/bool/ x73 = addcarryx_u25(x69, x35, x70, &x72);
786		{ uint32_t x74 = (x49 & 0x3ffffff);
787		{ uint32_t x76; uint8_t/bool/ x77 = addcarryx_u26(x73, x38, x74, &x76);
788		{ uint32_t x78 = (x49 & 0x1ffffff);
789		{ uint32_t x80; uint8_t/bool/ x81 = addcarryx_u25(x77, x41, x78, &x80);
790		{ uint32_t x82 = (x49 & 0x3ffffff);
791		{ uint32_t x84; uint8_t/bool/ x85 = addcarryx_u26(x81, x44, x82, &x84);
792		{ uint32_t x86 = (x49 & 0x1ffffff);
793		{ uint32_t x88; addcarryx_u25(x85, x47, x86, &x88);
794		out[0] = x52;
795		out[1] = x56;
796		out[2] = x60;
797		out[3] = x64;
798		out[4] = x68;
799		out[5] = x72;
800		out[6] = x76;
801		out[7] = x80;
802		out[8] = x84;
803		out[9] = x88;
804		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
805		}
806
807		static void fe_tobytes(uint8_t s[32], const fe *f) {
808		assert_fe(f->v);
809		uint32_t h[10];
810		fe_freeze(h, f->v);
811		assert_fe_frozen(h);
812
813		s[0] = h[0] >> 0;
814		s[1] = h[0] >> 8;
815		s[2] = h[0] >> 16;
816		s[3] = (h[0] >> 24) \| (h[1] << 2);
817		s[4] = h[1] >> 6;
818		s[5] = h[1] >> 14;
819		s[6] = (h[1] >> 22) \| (h[2] << 3);
820		s[7] = h[2] >> 5;
821		s[8] = h[2] >> 13;
822		s[9] = (h[2] >> 21) \| (h[3] << 5);
823		s[10] = h[3] >> 3;
824		s[11] = h[3] >> 11;
825		s[12] = (h[3] >> 19) \| (h[4] << 6);
826		s[13] = h[4] >> 2;
827		s[14] = h[4] >> 10;
828		s[15] = h[4] >> 18;
829		s[16] = h[5] >> 0;
830		s[17] = h[5] >> 8;
831		s[18] = h[5] >> 16;
832		s[19] = (h[5] >> 24) \| (h[6] << 1);
833		s[20] = h[6] >> 7;
834		s[21] = h[6] >> 15;
835		s[22] = (h[6] >> 23) \| (h[7] << 3);
836		s[23] = h[7] >> 5;
837		s[24] = h[7] >> 13;
838		s[25] = (h[7] >> 21) \| (h[8] << 4);
839		s[26] = h[8] >> 4;
840		s[27] = h[8] >> 12;
841		s[28] = (h[8] >> 20) \| (h[9] << 6);
842		s[29] = h[9] >> 2;
843		s[30] = h[9] >> 10;
844		s[31] = h[9] >> 18;
845		}
846
847		// h = 0
848		static void fe_0(fe *h) {
849		memset(h, 0, sizeof(fe));
850		}
851
852		static void fe_loose_0(fe_loose *h) {
853		memset(h, 0, sizeof(fe_loose));
854		}
855
856		// h = 1
857		static void fe_1(fe *h) {
858		memset(h, 0, sizeof(fe));
859		h->v[0] = 1;
860		}
861
862		static void fe_loose_1(fe_loose *h) {
863		memset(h, 0, sizeof(fe_loose));
864		h->v[0] = 1;
865		}
866
867		static void fe_add_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
868		{ const uint32_t x20 = in1[9];
869		{ const uint32_t x21 = in1[8];
870		{ const uint32_t x19 = in1[7];
871		{ const uint32_t x17 = in1[6];
872		{ const uint32_t x15 = in1[5];
873		{ const uint32_t x13 = in1[4];
874		{ const uint32_t x11 = in1[3];
875		{ const uint32_t x9 = in1[2];
876		{ const uint32_t x7 = in1[1];
877		{ const uint32_t x5 = in1[0];
878		{ const uint32_t x38 = in2[9];
879		{ const uint32_t x39 = in2[8];
880		{ const uint32_t x37 = in2[7];
881		{ const uint32_t x35 = in2[6];
882		{ const uint32_t x33 = in2[5];
883		{ const uint32_t x31 = in2[4];
884		{ const uint32_t x29 = in2[3];
885		{ const uint32_t x27 = in2[2];
886		{ const uint32_t x25 = in2[1];
887		{ const uint32_t x23 = in2[0];
888		out[0] = (x5 + x23);
889		out[1] = (x7 + x25);
890		out[2] = (x9 + x27);
891		out[3] = (x11 + x29);
892		out[4] = (x13 + x31);
893		out[5] = (x15 + x33);
894		out[6] = (x17 + x35);
895		out[7] = (x19 + x37);
896		out[8] = (x21 + x39);
897		out[9] = (x20 + x38);
898		}}}}}}}}}}}}}}}}}}}}
899		}
900
901		// h = f + g
902		// Can overlap h with f or g.
903		static void fe_add(fe_loose h, const fe f, const fe *g) {
904		assert_fe(f->v);
905		assert_fe(g->v);
906		fe_add_impl(h->v, f->v, g->v);
907		assert_fe_loose(h->v);
908		}
909
910		static void fe_sub_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
911		{ const uint32_t x20 = in1[9];
912		{ const uint32_t x21 = in1[8];
913		{ const uint32_t x19 = in1[7];
914		{ const uint32_t x17 = in1[6];
915		{ const uint32_t x15 = in1[5];
916		{ const uint32_t x13 = in1[4];
917		{ const uint32_t x11 = in1[3];
918		{ const uint32_t x9 = in1[2];
919		{ const uint32_t x7 = in1[1];
920		{ const uint32_t x5 = in1[0];
921		{ const uint32_t x38 = in2[9];
922		{ const uint32_t x39 = in2[8];
923		{ const uint32_t x37 = in2[7];
924		{ const uint32_t x35 = in2[6];
925		{ const uint32_t x33 = in2[5];
926		{ const uint32_t x31 = in2[4];
927		{ const uint32_t x29 = in2[3];
928		{ const uint32_t x27 = in2[2];
929		{ const uint32_t x25 = in2[1];
930		{ const uint32_t x23 = in2[0];
931		out[0] = ((0x7ffffda + x5) - x23);
932		out[1] = ((0x3fffffe + x7) - x25);
933		out[2] = ((0x7fffffe + x9) - x27);
934		out[3] = ((0x3fffffe + x11) - x29);
935		out[4] = ((0x7fffffe + x13) - x31);
936		out[5] = ((0x3fffffe + x15) - x33);
937		out[6] = ((0x7fffffe + x17) - x35);
938		out[7] = ((0x3fffffe + x19) - x37);
939		out[8] = ((0x7fffffe + x21) - x39);
940		out[9] = ((0x3fffffe + x20) - x38);
941		}}}}}}}}}}}}}}}}}}}}
942		}
943
944		// h = f - g
945		// Can overlap h with f or g.
946		static void fe_sub(fe_loose h, const fe f, const fe *g) {
947		assert_fe(f->v);
948		assert_fe(g->v);
949		fe_sub_impl(h->v, f->v, g->v);
950		assert_fe_loose(h->v);
951		}
952
953		static void fe_carry_impl(uint32_t out[10], const uint32_t in1[10]) {
954		{ const uint32_t x17 = in1[9];
955		{ const uint32_t x18 = in1[8];
956		{ const uint32_t x16 = in1[7];
957		{ const uint32_t x14 = in1[6];
958		{ const uint32_t x12 = in1[5];
959		{ const uint32_t x10 = in1[4];
960		{ const uint32_t x8 = in1[3];
961		{ const uint32_t x6 = in1[2];
962		{ const uint32_t x4 = in1[1];
963		{ const uint32_t x2 = in1[0];
964		{ uint32_t x19 = (x2 >> 0x1a);
965		{ uint32_t x20 = (x2 & 0x3ffffff);
966		{ uint32_t x21 = (x19 + x4);
967		{ uint32_t x22 = (x21 >> 0x19);
968		{ uint32_t x23 = (x21 & 0x1ffffff);
969		{ uint32_t x24 = (x22 + x6);
970		{ uint32_t x25 = (x24 >> 0x1a);
971		{ uint32_t x26 = (x24 & 0x3ffffff);
972		{ uint32_t x27 = (x25 + x8);
973		{ uint32_t x28 = (x27 >> 0x19);
974		{ uint32_t x29 = (x27 & 0x1ffffff);
975		{ uint32_t x30 = (x28 + x10);
976		{ uint32_t x31 = (x30 >> 0x1a);
977		{ uint32_t x32 = (x30 & 0x3ffffff);
978		{ uint32_t x33 = (x31 + x12);
979		{ uint32_t x34 = (x33 >> 0x19);
980		{ uint32_t x35 = (x33 & 0x1ffffff);
981		{ uint32_t x36 = (x34 + x14);
982		{ uint32_t x37 = (x36 >> 0x1a);
983		{ uint32_t x38 = (x36 & 0x3ffffff);
984		{ uint32_t x39 = (x37 + x16);
985		{ uint32_t x40 = (x39 >> 0x19);
986		{ uint32_t x41 = (x39 & 0x1ffffff);
987		{ uint32_t x42 = (x40 + x18);
988		{ uint32_t x43 = (x42 >> 0x1a);
989		{ uint32_t x44 = (x42 & 0x3ffffff);
990		{ uint32_t x45 = (x43 + x17);
991		{ uint32_t x46 = (x45 >> 0x19);
992		{ uint32_t x47 = (x45 & 0x1ffffff);
993		{ uint32_t x48 = (x20 + (0x13 * x46));
994		{ uint32_t x49 = (x48 >> 0x1a);
995		{ uint32_t x50 = (x48 & 0x3ffffff);
996		{ uint32_t x51 = (x49 + x23);
997		{ uint32_t x52 = (x51 >> 0x19);
998		{ uint32_t x53 = (x51 & 0x1ffffff);
999		out[0] = x50;
1000		out[1] = x53;
1001		out[2] = (x52 + x26);
1002		out[3] = x29;
1003		out[4] = x32;
1004		out[5] = x35;
1005		out[6] = x38;
1006		out[7] = x41;
1007		out[8] = x44;
1008		out[9] = x47;
1009		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
1010		}
1011
1012		static void fe_carry(fe h, const fe_loose f) {
1013		assert_fe_loose(f->v);
1014		fe_carry_impl(h->v, f->v);
1015		assert_fe(h->v);
1016		}
1017
1018		static void fe_mul_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) {
1019		assert_fe_loose(in1);
1020		assert_fe_loose(in2);
1021		{ const uint32_t x20 = in1[9];
1022		{ const uint32_t x21 = in1[8];
1023		{ const uint32_t x19 = in1[7];
1024		{ const uint32_t x17 = in1[6];
1025		{ const uint32_t x15 = in1[5];
1026		{ const uint32_t x13 = in1[4];
1027		{ const uint32_t x11 = in1[3];
1028		{ const uint32_t x9 = in1[2];
1029		{ const uint32_t x7 = in1[1];
1030		{ const uint32_t x5 = in1[0];
1031		{ const uint32_t x38 = in2[9];
1032		{ const uint32_t x39 = in2[8];
1033		{ const uint32_t x37 = in2[7];
1034		{ const uint32_t x35 = in2[6];
1035		{ const uint32_t x33 = in2[5];
1036		{ const uint32_t x31 = in2[4];
1037		{ const uint32_t x29 = in2[3];
1038		{ const uint32_t x27 = in2[2];
1039		{ const uint32_t x25 = in2[1];
1040		{ const uint32_t x23 = in2[0];
1041		{ uint64_t x40 = ((uint64_t)x23 * x5);
1042		{ uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5));
1043		{ uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5));
1044		{ uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5));
1045		{ uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5));
1046		{ uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5));
1047		{ uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5));
1048		{ uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5));
1049		{ uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5));
1050		{ uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5));
1051		{ uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9));
1052		{ uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9));
1053		{ uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13));
1054		{ uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13));
1055		{ uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17));
1056		{ uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17));
1057		{ uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19))));
1058		{ uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21));
1059		{ uint64_t x58 = ((uint64_t)(0x2 * x38) * x20);
1060		{ uint64_t x59 = (x48 + (x58 << 0x4));
1061		{ uint64_t x60 = (x59 + (x58 << 0x1));
1062		{ uint64_t x61 = (x60 + x58);
1063		{ uint64_t x62 = (x47 + (x57 << 0x4));
1064		{ uint64_t x63 = (x62 + (x57 << 0x1));
1065		{ uint64_t x64 = (x63 + x57);
1066		{ uint64_t x65 = (x46 + (x56 << 0x4));
1067		{ uint64_t x66 = (x65 + (x56 << 0x1));
1068		{ uint64_t x67 = (x66 + x56);
1069		{ uint64_t x68 = (x45 + (x55 << 0x4));
1070		{ uint64_t x69 = (x68 + (x55 << 0x1));
1071		{ uint64_t x70 = (x69 + x55);
1072		{ uint64_t x71 = (x44 + (x54 << 0x4));
1073		{ uint64_t x72 = (x71 + (x54 << 0x1));
1074		{ uint64_t x73 = (x72 + x54);
1075		{ uint64_t x74 = (x43 + (x53 << 0x4));
1076		{ uint64_t x75 = (x74 + (x53 << 0x1));
1077		{ uint64_t x76 = (x75 + x53);
1078		{ uint64_t x77 = (x42 + (x52 << 0x4));
1079		{ uint64_t x78 = (x77 + (x52 << 0x1));
1080		{ uint64_t x79 = (x78 + x52);
1081		{ uint64_t x80 = (x41 + (x51 << 0x4));
1082		{ uint64_t x81 = (x80 + (x51 << 0x1));
1083		{ uint64_t x82 = (x81 + x51);
1084		{ uint64_t x83 = (x40 + (x50 << 0x4));
1085		{ uint64_t x84 = (x83 + (x50 << 0x1));
1086		{ uint64_t x85 = (x84 + x50);
1087		{ uint64_t x86 = (x85 >> 0x1a);
1088		{ uint32_t x87 = ((uint32_t)x85 & 0x3ffffff);
1089		{ uint64_t x88 = (x86 + x82);
1090		{ uint64_t x89 = (x88 >> 0x19);
1091		{ uint32_t x90 = ((uint32_t)x88 & 0x1ffffff);
1092		{ uint64_t x91 = (x89 + x79);
1093		{ uint64_t x92 = (x91 >> 0x1a);
1094		{ uint32_t x93 = ((uint32_t)x91 & 0x3ffffff);
1095		{ uint64_t x94 = (x92 + x76);
1096		{ uint64_t x95 = (x94 >> 0x19);
1097		{ uint32_t x96 = ((uint32_t)x94 & 0x1ffffff);
1098		{ uint64_t x97 = (x95 + x73);
1099		{ uint64_t x98 = (x97 >> 0x1a);
1100		{ uint32_t x99 = ((uint32_t)x97 & 0x3ffffff);
1101		{ uint64_t x100 = (x98 + x70);
1102		{ uint64_t x101 = (x100 >> 0x19);
1103		{ uint32_t x102 = ((uint32_t)x100 & 0x1ffffff);
1104		{ uint64_t x103 = (x101 + x67);
1105		{ uint64_t x104 = (x103 >> 0x1a);
1106		{ uint32_t x105 = ((uint32_t)x103 & 0x3ffffff);
1107		{ uint64_t x106 = (x104 + x64);
1108		{ uint64_t x107 = (x106 >> 0x19);
1109		{ uint32_t x108 = ((uint32_t)x106 & 0x1ffffff);
1110		{ uint64_t x109 = (x107 + x61);
1111		{ uint64_t x110 = (x109 >> 0x1a);
1112		{ uint32_t x111 = ((uint32_t)x109 & 0x3ffffff);
1113		{ uint64_t x112 = (x110 + x49);
1114		{ uint64_t x113 = (x112 >> 0x19);
1115		{ uint32_t x114 = ((uint32_t)x112 & 0x1ffffff);
1116		{ uint64_t x115 = (x87 + (0x13 * x113));
1117		{ uint32_t x116 = (uint32_t) (x115 >> 0x1a);
1118		{ uint32_t x117 = ((uint32_t)x115 & 0x3ffffff);
1119		{ uint32_t x118 = (x116 + x90);
1120		{ uint32_t x119 = (x118 >> 0x19);
1121		{ uint32_t x120 = (x118 & 0x1ffffff);
1122		out[0] = x117;
1123		out[1] = x120;
1124		out[2] = (x119 + x93);
1125		out[3] = x96;
1126		out[4] = x99;
1127		out[5] = x102;
1128		out[6] = x105;
1129		out[7] = x108;
1130		out[8] = x111;
1131		out[9] = x114;
1132		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
1133		assert_fe(out);
1134		}
1135
1136		static void fe_mul_ltt(fe_loose h, const fe f, const fe *g) {
1137		fe_mul_impl(h->v, f->v, g->v);
1138		}
1139
1140		static void fe_mul_llt(fe_loose h, const fe_loose f, const fe *g) {
1141		fe_mul_impl(h->v, f->v, g->v);
1142		}
1143
1144		static void fe_mul_ttt(fe h, const fe f, const fe *g) {
1145		fe_mul_impl(h->v, f->v, g->v);
1146		}
1147
1148		static void fe_mul_tlt(fe h, const fe_loose f, const fe *g) {
1149		fe_mul_impl(h->v, f->v, g->v);
1150		}
1151
1152		static void fe_mul_ttl(fe h, const fe f, const fe_loose *g) {
1153		fe_mul_impl(h->v, f->v, g->v);
1154		}
1155
1156		static void fe_mul_tll(fe h, const fe_loose f, const fe_loose *g) {
1157		fe_mul_impl(h->v, f->v, g->v);
1158		}
1159
1160		static void fe_sqr_impl(uint32_t out[10], const uint32_t in1[10]) {
1161		assert_fe_loose(in1);
1162		{ const uint32_t x17 = in1[9];
1163		{ const uint32_t x18 = in1[8];
1164		{ const uint32_t x16 = in1[7];
1165		{ const uint32_t x14 = in1[6];
1166		{ const uint32_t x12 = in1[5];
1167		{ const uint32_t x10 = in1[4];
1168		{ const uint32_t x8 = in1[3];
1169		{ const uint32_t x6 = in1[2];
1170		{ const uint32_t x4 = in1[1];
1171		{ const uint32_t x2 = in1[0];
1172		{ uint64_t x19 = ((uint64_t)x2 * x2);
1173		{ uint64_t x20 = ((uint64_t)(0x2 * x2) * x4);
1174		{ uint64_t x21 = (0x2 * (((uint64_t)x4 * x4) + ((uint64_t)x2 * x6)));
1175		{ uint64_t x22 = (0x2 * (((uint64_t)x4 * x6) + ((uint64_t)x2 * x8)));
1176		{ uint64_t x23 = ((((uint64_t)x6 * x6) + ((uint64_t)(0x4 * x4) * x8)) + ((uint64_t)(0x2 * x2) * x10));
1177		{ uint64_t x24 = (0x2 * ((((uint64_t)x6 * x8) + ((uint64_t)x4 * x10)) + ((uint64_t)x2 * x12)));
1178		{ uint64_t x25 = (0x2 * (((((uint64_t)x8 * x8) + ((uint64_t)x6 * x10)) + ((uint64_t)x2 * x14)) + ((uint64_t)(0x2 * x4) * x12)));
1179		{ uint64_t x26 = (0x2 * (((((uint64_t)x8 * x10) + ((uint64_t)x6 * x12)) + ((uint64_t)x4 * x14)) + ((uint64_t)x2 * x16)));
1180		{ uint64_t x27 = (((uint64_t)x10 * x10) + (0x2 * ((((uint64_t)x6 * x14) + ((uint64_t)x2 * x18)) + (0x2 * (((uint64_t)x4 * x16) + ((uint64_t)x8 * x12))))));
1181		{ uint64_t x28 = (0x2 * ((((((uint64_t)x10 * x12) + ((uint64_t)x8 * x14)) + ((uint64_t)x6 * x16)) + ((uint64_t)x4 * x18)) + ((uint64_t)x2 * x17)));
1182		{ uint64_t x29 = (0x2 * (((((uint64_t)x12 * x12) + ((uint64_t)x10 * x14)) + ((uint64_t)x6 * x18)) + (0x2 * (((uint64_t)x8 * x16) + ((uint64_t)x4 * x17)))));
1183		{ uint64_t x30 = (0x2 * (((((uint64_t)x12 * x14) + ((uint64_t)x10 * x16)) + ((uint64_t)x8 * x18)) + ((uint64_t)x6 * x17)));
1184		{ uint64_t x31 = (((uint64_t)x14 * x14) + (0x2 * (((uint64_t)x10 * x18) + (0x2 * (((uint64_t)x12 * x16) + ((uint64_t)x8 * x17))))));
1185		{ uint64_t x32 = (0x2 * ((((uint64_t)x14 * x16) + ((uint64_t)x12 * x18)) + ((uint64_t)x10 * x17)));
1186		{ uint64_t x33 = (0x2 * ((((uint64_t)x16 * x16) + ((uint64_t)x14 * x18)) + ((uint64_t)(0x2 * x12) * x17)));
1187		{ uint64_t x34 = (0x2 * (((uint64_t)x16 * x18) + ((uint64_t)x14 * x17)));
1188		{ uint64_t x35 = (((uint64_t)x18 * x18) + ((uint64_t)(0x4 * x16) * x17));
1189		{ uint64_t x36 = ((uint64_t)(0x2 * x18) * x17);
1190		{ uint64_t x37 = ((uint64_t)(0x2 * x17) * x17);
1191		{ uint64_t x38 = (x27 + (x37 << 0x4));
1192		{ uint64_t x39 = (x38 + (x37 << 0x1));
1193		{ uint64_t x40 = (x39 + x37);
1194		{ uint64_t x41 = (x26 + (x36 << 0x4));
1195		{ uint64_t x42 = (x41 + (x36 << 0x1));
1196		{ uint64_t x43 = (x42 + x36);
1197		{ uint64_t x44 = (x25 + (x35 << 0x4));
1198		{ uint64_t x45 = (x44 + (x35 << 0x1));
1199		{ uint64_t x46 = (x45 + x35);
1200		{ uint64_t x47 = (x24 + (x34 << 0x4));
1201		{ uint64_t x48 = (x47 + (x34 << 0x1));
1202		{ uint64_t x49 = (x48 + x34);
1203		{ uint64_t x50 = (x23 + (x33 << 0x4));
1204		{ uint64_t x51 = (x50 + (x33 << 0x1));
1205		{ uint64_t x52 = (x51 + x33);
1206		{ uint64_t x53 = (x22 + (x32 << 0x4));
1207		{ uint64_t x54 = (x53 + (x32 << 0x1));
1208		{ uint64_t x55 = (x54 + x32);
1209		{ uint64_t x56 = (x21 + (x31 << 0x4));
1210		{ uint64_t x57 = (x56 + (x31 << 0x1));
1211		{ uint64_t x58 = (x57 + x31);
1212		{ uint64_t x59 = (x20 + (x30 << 0x4));
1213		{ uint64_t x60 = (x59 + (x30 << 0x1));
1214		{ uint64_t x61 = (x60 + x30);
1215		{ uint64_t x62 = (x19 + (x29 << 0x4));
1216		{ uint64_t x63 = (x62 + (x29 << 0x1));
1217		{ uint64_t x64 = (x63 + x29);
1218		{ uint64_t x65 = (x64 >> 0x1a);
1219		{ uint32_t x66 = ((uint32_t)x64 & 0x3ffffff);
1220		{ uint64_t x67 = (x65 + x61);
1221		{ uint64_t x68 = (x67 >> 0x19);
1222		{ uint32_t x69 = ((uint32_t)x67 & 0x1ffffff);
1223		{ uint64_t x70 = (x68 + x58);
1224		{ uint64_t x71 = (x70 >> 0x1a);
1225		{ uint32_t x72 = ((uint32_t)x70 & 0x3ffffff);
1226		{ uint64_t x73 = (x71 + x55);
1227		{ uint64_t x74 = (x73 >> 0x19);
1228		{ uint32_t x75 = ((uint32_t)x73 & 0x1ffffff);
1229		{ uint64_t x76 = (x74 + x52);
1230		{ uint64_t x77 = (x76 >> 0x1a);
1231		{ uint32_t x78 = ((uint32_t)x76 & 0x3ffffff);
1232		{ uint64_t x79 = (x77 + x49);
1233		{ uint64_t x80 = (x79 >> 0x19);
1234		{ uint32_t x81 = ((uint32_t)x79 & 0x1ffffff);
1235		{ uint64_t x82 = (x80 + x46);
1236		{ uint64_t x83 = (x82 >> 0x1a);
1237		{ uint32_t x84 = ((uint32_t)x82 & 0x3ffffff);
1238		{ uint64_t x85 = (x83 + x43);
1239		{ uint64_t x86 = (x85 >> 0x19);
1240		{ uint32_t x87 = ((uint32_t)x85 & 0x1ffffff);
1241		{ uint64_t x88 = (x86 + x40);
1242		{ uint64_t x89 = (x88 >> 0x1a);
1243		{ uint32_t x90 = ((uint32_t)x88 & 0x3ffffff);
1244		{ uint64_t x91 = (x89 + x28);
1245		{ uint64_t x92 = (x91 >> 0x19);
1246		{ uint32_t x93 = ((uint32_t)x91 & 0x1ffffff);
1247		{ uint64_t x94 = (x66 + (0x13 * x92));
1248		{ uint32_t x95 = (uint32_t) (x94 >> 0x1a);
1249		{ uint32_t x96 = ((uint32_t)x94 & 0x3ffffff);
1250		{ uint32_t x97 = (x95 + x69);
1251		{ uint32_t x98 = (x97 >> 0x19);
1252		{ uint32_t x99 = (x97 & 0x1ffffff);
1253		out[0] = x96;
1254		out[1] = x99;
1255		out[2] = (x98 + x72);
1256		out[3] = x75;
1257		out[4] = x78;
1258		out[5] = x81;
1259		out[6] = x84;
1260		out[7] = x87;
1261		out[8] = x90;
1262		out[9] = x93;
1263		}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
1264		assert_fe(out);
1265		}
1266
1267		static void fe_sq_tl(fe h, const fe_loose f) {
1268		fe_sqr_impl(h->v, f->v);
1269		}
1270
1271		static void fe_sq_tt(fe h, const fe f) {
1272		fe_sqr_impl(h->v, f->v);
1273		}
1274
1275		// Adapted from Fiat-synthesized \|fe_sub_impl\| with \|out\| = 0.
1276		static void fe_neg_impl(uint32_t out[10], const uint32_t in2[10]) {
1277		{ const uint32_t x20 = 0;
1278		{ const uint32_t x21 = 0;
1279		{ const uint32_t x19 = 0;
1280		{ const uint32_t x17 = 0;
1281		{ const uint32_t x15 = 0;
1282		{ const uint32_t x13 = 0;
1283		{ const uint32_t x11 = 0;
1284		{ const uint32_t x9 = 0;
1285		{ const uint32_t x7 = 0;
1286		{ const uint32_t x5 = 0;
1287		{ const uint32_t x38 = in2[9];
1288		{ const uint32_t x39 = in2[8];
1289		{ const uint32_t x37 = in2[7];
1290		{ const uint32_t x35 = in2[6];
1291		{ const uint32_t x33 = in2[5];
1292		{ const uint32_t x31 = in2[4];
1293		{ const uint32_t x29 = in2[3];
1294		{ const uint32_t x27 = in2[2];
1295		{ const uint32_t x25 = in2[1];
1296		{ const uint32_t x23 = in2[0];
1297		out[0] = ((0x7ffffda + x5) - x23);
1298		out[1] = ((0x3fffffe + x7) - x25);
1299		out[2] = ((0x7fffffe + x9) - x27);
1300		out[3] = ((0x3fffffe + x11) - x29);
1301		out[4] = ((0x7fffffe + x13) - x31);
1302		out[5] = ((0x3fffffe + x15) - x33);
1303		out[6] = ((0x7fffffe + x17) - x35);
1304		out[7] = ((0x3fffffe + x19) - x37);
1305		out[8] = ((0x7fffffe + x21) - x39);
1306		out[9] = ((0x3fffffe + x20) - x38);
1307		}}}}}}}}}}}}}}}}}}}}
1308		}
1309
1310		// h = -f
1311		static void fe_neg(fe_loose h, const fe f) {
1312		assert_fe(f->v);
1313		fe_neg_impl(h->v, f->v);
1314		assert_fe_loose(h->v);
1315		}
1316
1317		// Replace (f,g) with (g,g) if b == 1;
1318		// replace (f,g) with (f,g) if b == 0.
1319		//
1320		// Preconditions: b in {0,1}.
1321		static void fe_cmov(fe_loose f, const fe_loose g, unsigned b) {
1322		b = 0-b;
1323		unsigned i;
1324		for (i = 0; i < 10; i++) {
1325		uint32_t x = f->v[i] ^ g->v[i];
1326		x &= b;
1327		f->v[i] ^= x;
1328		}
1329		}
1330
1331		#endif // BORINGSSL_CURVE25519_64BIT
1332	433
1333	434	// h = f
1334	435	static void fe_copy(fe h, const fe f) {

1513	614	s[31] ^= fe_isnegative(&x) << 7;
1514	615	}
1515	616
1516		static int x25519_ge_frombytes_vartime(ge_p3 h, const uint8_t s) {
	617	static int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) {
1517	618	fe u;
1518	619	fe_loose v;
1519	620	fe v3;

1544	645	if (fe_isnonzero(&check)) {
1545	646	fe_add(&check, &vxx, &u);
1546	647	if (fe_isnonzero(&check)) {
1547		return -1;
	648	return 0;
1548	649	}
1549	650	fe_mul_ttt(&h->X, &h->X, &sqrtm1);
1550	651	}

1556	657	}
1557	658
1558	659	fe_mul_ttt(&h->T, &h->X, &h->Y);
1559		return 0;
	660	return 1;
1560	661	}
1561	662
1562	663	static void ge_p2_0(ge_p2 *h) {

1727	828
1728	829	unsigned i;
1729	830	for (i = 0; i < 15; i++) {
	831	// The precomputed table is assumed to already clear the top bit, so
	832	// \|fe_frombytes_strict\| may be used directly.
1730	833	const uint8_t bytes = &precomp_table[i(2 * 32)];
1731	834	fe x, y;
1732		fe_frombytes(&x, bytes);
1733		fe_frombytes(&y, bytes + 32);
	835	fe_frombytes_strict(&x, bytes);
	836	fe_frombytes_strict(&y, bytes + 32);
1734	837
1735	838	ge_precomp *out = &multiples[i];
1736	839	fe_add(&out->yplusx, &y, &x);

1926	1029	x25519_ge_add(&t, &u, &selected);
1927	1030	x25519_ge_p1p1_to_p2(r, &t);
1928	1031	}
	1032	}
	1033
	1034	// int64_lshift21 returns \|a << 21\| but is defined when shifting bits into the
	1035	// sign bit. This works around a language flaw in C.
	1036	static inline int64_t int64_lshift21(int64_t a) {
	1037	return (int64_t)((uint64_t)a << 21);
1929	1038	}
1930	1039
1931	1040	// The set of scalars is \Z/l

2031	1140
2032	1141	carry6 = (s6 + (1 << 20)) >> 21;
2033	1142	s7 += carry6;
2034		s6 -= carry6 << 21;
	1143	s6 -= int64_lshift21(carry6);
2035	1144	carry8 = (s8 + (1 << 20)) >> 21;
2036	1145	s9 += carry8;
2037		s8 -= carry8 << 21;
	1146	s8 -= int64_lshift21(carry8);
2038	1147	carry10 = (s10 + (1 << 20)) >> 21;
2039	1148	s11 += carry10;
2040		s10 -= carry10 << 21;
	1149	s10 -= int64_lshift21(carry10);
2041	1150	carry12 = (s12 + (1 << 20)) >> 21;
2042	1151	s13 += carry12;
2043		s12 -= carry12 << 21;
	1152	s12 -= int64_lshift21(carry12);
2044	1153	carry14 = (s14 + (1 << 20)) >> 21;
2045	1154	s15 += carry14;
2046		s14 -= carry14 << 21;
	1155	s14 -= int64_lshift21(carry14);
2047	1156	carry16 = (s16 + (1 << 20)) >> 21;
2048	1157	s17 += carry16;
2049		s16 -= carry16 << 21;
	1158	s16 -= int64_lshift21(carry16);
2050	1159
2051	1160	carry7 = (s7 + (1 << 20)) >> 21;
2052	1161	s8 += carry7;
2053		s7 -= carry7 << 21;
	1162	s7 -= int64_lshift21(carry7);
2054	1163	carry9 = (s9 + (1 << 20)) >> 21;
2055	1164	s10 += carry9;
2056		s9 -= carry9 << 21;
	1165	s9 -= int64_lshift21(carry9);
2057	1166	carry11 = (s11 + (1 << 20)) >> 21;
2058	1167	s12 += carry11;
2059		s11 -= carry11 << 21;
	1168	s11 -= int64_lshift21(carry11);
2060	1169	carry13 = (s13 + (1 << 20)) >> 21;
2061	1170	s14 += carry13;
2062		s13 -= carry13 << 21;
	1171	s13 -= int64_lshift21(carry13);
2063	1172	carry15 = (s15 + (1 << 20)) >> 21;
2064	1173	s16 += carry15;
2065		s15 -= carry15 << 21;
	1174	s15 -= int64_lshift21(carry15);
2066	1175
2067	1176	s5 += s17 * 666643;
2068	1177	s6 += s17 * 470296;

2114	1223
2115	1224	carry0 = (s0 + (1 << 20)) >> 21;
2116	1225	s1 += carry0;
2117		s0 -= carry0 << 21;
	1226	s0 -= int64_lshift21(carry0);
2118	1227	carry2 = (s2 + (1 << 20)) >> 21;
2119	1228	s3 += carry2;
2120		s2 -= carry2 << 21;
	1229	s2 -= int64_lshift21(carry2);
2121	1230	carry4 = (s4 + (1 << 20)) >> 21;
2122	1231	s5 += carry4;
2123		s4 -= carry4 << 21;
	1232	s4 -= int64_lshift21(carry4);
2124	1233	carry6 = (s6 + (1 << 20)) >> 21;
2125	1234	s7 += carry6;
2126		s6 -= carry6 << 21;
	1235	s6 -= int64_lshift21(carry6);
2127	1236	carry8 = (s8 + (1 << 20)) >> 21;
2128	1237	s9 += carry8;
2129		s8 -= carry8 << 21;
	1238	s8 -= int64_lshift21(carry8);
2130	1239	carry10 = (s10 + (1 << 20)) >> 21;
2131	1240	s11 += carry10;
2132		s10 -= carry10 << 21;
	1241	s10 -= int64_lshift21(carry10);
2133	1242
2134	1243	carry1 = (s1 + (1 << 20)) >> 21;
2135	1244	s2 += carry1;
2136		s1 -= carry1 << 21;
	1245	s1 -= int64_lshift21(carry1);
2137	1246	carry3 = (s3 + (1 << 20)) >> 21;
2138	1247	s4 += carry3;
2139		s3 -= carry3 << 21;
	1248	s3 -= int64_lshift21(carry3);
2140	1249	carry5 = (s5 + (1 << 20)) >> 21;
2141	1250	s6 += carry5;
2142		s5 -= carry5 << 21;
	1251	s5 -= int64_lshift21(carry5);
2143	1252	carry7 = (s7 + (1 << 20)) >> 21;
2144	1253	s8 += carry7;
2145		s7 -= carry7 << 21;
	1254	s7 -= int64_lshift21(carry7);
2146	1255	carry9 = (s9 + (1 << 20)) >> 21;
2147	1256	s10 += carry9;
2148		s9 -= carry9 << 21;
	1257	s9 -= int64_lshift21(carry9);
2149	1258	carry11 = (s11 + (1 << 20)) >> 21;
2150	1259	s12 += carry11;
2151		s11 -= carry11 << 21;
	1260	s11 -= int64_lshift21(carry11);
2152	1261
2153	1262	s0 += s12 * 666643;
2154	1263	s1 += s12 * 470296;

2160	1269
2161	1270	carry0 = s0 >> 21;
2162	1271	s1 += carry0;
2163		s0 -= carry0 << 21;
	1272	s0 -= int64_lshift21(carry0);
2164	1273	carry1 = s1 >> 21;
2165	1274	s2 += carry1;
2166		s1 -= carry1 << 21;
	1275	s1 -= int64_lshift21(carry1);
2167	1276	carry2 = s2 >> 21;
2168	1277	s3 += carry2;
2169		s2 -= carry2 << 21;
	1278	s2 -= int64_lshift21(carry2);
2170	1279	carry3 = s3 >> 21;
2171	1280	s4 += carry3;
2172		s3 -= carry3 << 21;
	1281	s3 -= int64_lshift21(carry3);
2173	1282	carry4 = s4 >> 21;
2174	1283	s5 += carry4;
2175		s4 -= carry4 << 21;
	1284	s4 -= int64_lshift21(carry4);
2176	1285	carry5 = s5 >> 21;
2177	1286	s6 += carry5;
2178		s5 -= carry5 << 21;
	1287	s5 -= int64_lshift21(carry5);
2179	1288	carry6 = s6 >> 21;
2180	1289	s7 += carry6;
2181		s6 -= carry6 << 21;
	1290	s6 -= int64_lshift21(carry6);
2182	1291	carry7 = s7 >> 21;
2183	1292	s8 += carry7;
2184		s7 -= carry7 << 21;
	1293	s7 -= int64_lshift21(carry7);
2185	1294	carry8 = s8 >> 21;
2186	1295	s9 += carry8;
2187		s8 -= carry8 << 21;
	1296	s8 -= int64_lshift21(carry8);
2188	1297	carry9 = s9 >> 21;
2189	1298	s10 += carry9;
2190		s9 -= carry9 << 21;
	1299	s9 -= int64_lshift21(carry9);
2191	1300	carry10 = s10 >> 21;
2192	1301	s11 += carry10;
2193		s10 -= carry10 << 21;
	1302	s10 -= int64_lshift21(carry10);
2194	1303	carry11 = s11 >> 21;
2195	1304	s12 += carry11;
2196		s11 -= carry11 << 21;
	1305	s11 -= int64_lshift21(carry11);
2197	1306
2198	1307	s0 += s12 * 666643;
2199	1308	s1 += s12 * 470296;

2205	1314
2206	1315	carry0 = s0 >> 21;
2207	1316	s1 += carry0;
2208		s0 -= carry0 << 21;
	1317	s0 -= int64_lshift21(carry0);
2209	1318	carry1 = s1 >> 21;
2210	1319	s2 += carry1;
2211		s1 -= carry1 << 21;
	1320	s1 -= int64_lshift21(carry1);
2212	1321	carry2 = s2 >> 21;
2213	1322	s3 += carry2;
2214		s2 -= carry2 << 21;
	1323	s2 -= int64_lshift21(carry2);
2215	1324	carry3 = s3 >> 21;
2216	1325	s4 += carry3;
2217		s3 -= carry3 << 21;
	1326	s3 -= int64_lshift21(carry3);
2218	1327	carry4 = s4 >> 21;
2219	1328	s5 += carry4;
2220		s4 -= carry4 << 21;
	1329	s4 -= int64_lshift21(carry4);
2221	1330	carry5 = s5 >> 21;
2222	1331	s6 += carry5;
2223		s5 -= carry5 << 21;
	1332	s5 -= int64_lshift21(carry5);
2224	1333	carry6 = s6 >> 21;
2225	1334	s7 += carry6;
2226		s6 -= carry6 << 21;
	1335	s6 -= int64_lshift21(carry6);
2227	1336	carry7 = s7 >> 21;
2228	1337	s8 += carry7;
2229		s7 -= carry7 << 21;
	1338	s7 -= int64_lshift21(carry7);
2230	1339	carry8 = s8 >> 21;
2231	1340	s9 += carry8;
2232		s8 -= carry8 << 21;
	1341	s8 -= int64_lshift21(carry8);
2233	1342	carry9 = s9 >> 21;
2234	1343	s10 += carry9;
2235		s9 -= carry9 << 21;
	1344	s9 -= int64_lshift21(carry9);
2236	1345	carry10 = s10 >> 21;
2237	1346	s11 += carry10;
2238		s10 -= carry10 << 21;
	1347	s10 -= int64_lshift21(carry10);
2239	1348
2240	1349	s[0] = s0 >> 0;
2241	1350	s[1] = s0 >> 8;

2297	1406
2298	1407	/*
2299	1408	import hashlib
2300		import ed25519 as E # http://ed25519.cr.yp.to/python/ed25519.py
	1409	import ed25519 as E # https://ed25519.cr.yp.to/python/ed25519.py
2301	1410
2302	1411	SEED_N = 'edwards25519 point generation seed (N)'
2303	1412	SEED_M = 'edwards25519 point generation seed (M)'

2595	1704	* subgroup even if a rogue peer sends a point which is not.
2596	1705	*/
2597	1706	ge_p3 Qmasked;
2598		if (x25519_ge_frombytes_vartime(&Qmasked, theirpub) != 0)
	1707	if (!x25519_ge_frombytes_vartime(&Qmasked, theirpub))
2599	1708	return EINVAL;
2600	1709
2601	1710	/* Compute w mod p. */

+1289

-0

src/plugins/preauth/spake/edwards25519_fiat.h less more

	0	#if defined(BORINGSSL_CURVE25519_64BIT)
	1
	2	/* Autogenerated */
	3	/* curve description: 25519 */
	4	/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */
	5	/* n = 5 (from "5") */
	6	/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */
	7	/* c = [(1, 19)] (from "1,19") */
	8	/* machine_wordsize = 64 (from "64") */
	9
	10	#include <stdint.h>
	11	typedef unsigned char fiat_25519_uint1;
	12	typedef signed char fiat_25519_int1;
	13	typedef int128_t fiat_25519_int128;
	14	typedef uint128_t fiat_25519_uint128;
	15
	16
	17	/*
	18	* Input Bounds:
	19	* arg1: [0x0 ~> 0x1]
	20	* arg2: [0x0 ~> 0x7ffffffffffff]
	21	* arg3: [0x0 ~> 0x7ffffffffffff]
	22	* Output Bounds:
	23	* out1: [0x0 ~> 0x7ffffffffffff]
	24	* out2: [0x0 ~> 0x1]
	25	*/
	26	static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
	27	uint64_t x1 = ((arg1 + arg2) + arg3);
	28	uint64_t x2 = (x1 & UINT64_C(0x7ffffffffffff));
	29	fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 51);
	30	*out1 = x2;
	31	*out2 = x3;
	32	}
	33
	34	/*
	35	* Input Bounds:
	36	* arg1: [0x0 ~> 0x1]
	37	* arg2: [0x0 ~> 0x7ffffffffffff]
	38	* arg3: [0x0 ~> 0x7ffffffffffff]
	39	* Output Bounds:
	40	* out1: [0x0 ~> 0x7ffffffffffff]
	41	* out2: [0x0 ~> 0x1]
	42	*/
	43	static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
	44	int64_t x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3);
	45	fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 51);
	46	uint64_t x3 = (x1 & UINT64_C(0x7ffffffffffff));
	47	*out1 = x3;
	48	*out2 = (fiat_25519_uint1)(0x0 - x2);
	49	}
	50
	51	/*
	52	* Input Bounds:
	53	* arg1: [0x0 ~> 0x1]
	54	* arg2: [0x0 ~> 0xffffffffffffffff]
	55	* arg3: [0x0 ~> 0xffffffffffffffff]
	56	* Output Bounds:
	57	* out1: [0x0 ~> 0xffffffffffffffff]
	58	*/
	59	static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
	60	fiat_25519_uint1 x1 = (!(!arg1));
	61	uint64_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff));
	62	uint64_t x3 = ((x2 & arg3) \| ((~x2) & arg2));
	63	*out1 = x3;
	64	}
	65
	66	/*
	67	* Input Bounds:
	68	* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	69	* arg2: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	70	* Output Bounds:
	71	* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	72	*/
	73	static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
	74	fiat_25519_uint128 x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
	75	fiat_25519_uint128 x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
	76	fiat_25519_uint128 x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13)));
	77	fiat_25519_uint128 x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * (uint64_t)UINT8_C(0x13)));
	78	fiat_25519_uint128 x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
	79	fiat_25519_uint128 x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
	80	fiat_25519_uint128 x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13)));
	81	fiat_25519_uint128 x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
	82	fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
	83	fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
	84	fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0]));
	85	fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1]));
	86	fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0]));
	87	fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg2[2]));
	88	fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[2]) * (arg2[1]));
	89	fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[2]) * (arg2[0]));
	90	fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * (arg2[3]));
	91	fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg2[2]));
	92	fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[1]) * (arg2[1]));
	93	fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[1]) * (arg2[0]));
	94	fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * (arg2[4]));
	95	fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * (arg2[3]));
	96	fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg2[2]));
	97	fiat_25519_uint128 x24 = ((fiat_25519_uint128)(arg1[0]) * (arg2[1]));
	98	fiat_25519_uint128 x25 = ((fiat_25519_uint128)(arg1[0]) * (arg2[0]));
	99	fiat_25519_uint128 x26 = (x25 + (x10 + (x9 + (x7 + x4))));
	100	uint64_t x27 = (uint64_t)(x26 >> 51);
	101	uint64_t x28 = (uint64_t)(x26 & UINT64_C(0x7ffffffffffff));
	102	fiat_25519_uint128 x29 = (x21 + (x17 + (x14 + (x12 + x11))));
	103	fiat_25519_uint128 x30 = (x22 + (x18 + (x15 + (x13 + x1))));
	104	fiat_25519_uint128 x31 = (x23 + (x19 + (x16 + (x5 + x2))));
	105	fiat_25519_uint128 x32 = (x24 + (x20 + (x8 + (x6 + x3))));
	106	fiat_25519_uint128 x33 = (x27 + x32);
	107	uint64_t x34 = (uint64_t)(x33 >> 51);
	108	uint64_t x35 = (uint64_t)(x33 & UINT64_C(0x7ffffffffffff));
	109	fiat_25519_uint128 x36 = (x34 + x31);
	110	uint64_t x37 = (uint64_t)(x36 >> 51);
	111	uint64_t x38 = (uint64_t)(x36 & UINT64_C(0x7ffffffffffff));
	112	fiat_25519_uint128 x39 = (x37 + x30);
	113	uint64_t x40 = (uint64_t)(x39 >> 51);
	114	uint64_t x41 = (uint64_t)(x39 & UINT64_C(0x7ffffffffffff));
	115	fiat_25519_uint128 x42 = (x40 + x29);
	116	uint64_t x43 = (uint64_t)(x42 >> 51);
	117	uint64_t x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff));
	118	uint64_t x45 = (x43 * (uint64_t)UINT8_C(0x13));
	119	uint64_t x46 = (x28 + x45);
	120	uint64_t x47 = (x46 >> 51);
	121	uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff));
	122	uint64_t x49 = (x47 + x35);
	123	uint64_t x50 = (x49 >> 51);
	124	uint64_t x51 = (x49 & UINT64_C(0x7ffffffffffff));
	125	uint64_t x52 = (x50 + x38);
	126	out1[0] = x48;
	127	out1[1] = x51;
	128	out1[2] = x52;
	129	out1[3] = x41;
	130	out1[4] = x44;
	131	}
	132
	133	/*
	134	* Input Bounds:
	135	* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	136	* Output Bounds:
	137	* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	138	*/
	139	static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) {
	140	uint64_t x1 = ((arg1[4]) * (uint64_t)UINT8_C(0x13));
	141	uint64_t x2 = (x1 * (uint64_t)0x2);
	142	uint64_t x3 = ((arg1[4]) * (uint64_t)0x2);
	143	uint64_t x4 = ((arg1[3]) * (uint64_t)UINT8_C(0x13));
	144	uint64_t x5 = (x4 * (uint64_t)0x2);
	145	uint64_t x6 = ((arg1[3]) * (uint64_t)0x2);
	146	uint64_t x7 = ((arg1[2]) * (uint64_t)0x2);
	147	uint64_t x8 = ((arg1[1]) * (uint64_t)0x2);
	148	fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[4]) * x1);
	149	fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[3]) * x2);
	150	fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[3]) * x4);
	151	fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[2]) * x2);
	152	fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[2]) * x5);
	153	fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg1[2]));
	154	fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[1]) * x2);
	155	fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[1]) * x6);
	156	fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * x7);
	157	fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg1[1]));
	158	fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[0]) * x3);
	159	fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[0]) * x6);
	160	fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * x7);
	161	fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * x8);
	162	fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg1[0]));
	163	fiat_25519_uint128 x24 = (x23 + (x15 + x13));
	164	uint64_t x25 = (uint64_t)(x24 >> 51);
	165	uint64_t x26 = (uint64_t)(x24 & UINT64_C(0x7ffffffffffff));
	166	fiat_25519_uint128 x27 = (x19 + (x16 + x14));
	167	fiat_25519_uint128 x28 = (x20 + (x17 + x9));
	168	fiat_25519_uint128 x29 = (x21 + (x18 + x10));
	169	fiat_25519_uint128 x30 = (x22 + (x12 + x11));
	170	fiat_25519_uint128 x31 = (x25 + x30);
	171	uint64_t x32 = (uint64_t)(x31 >> 51);
	172	uint64_t x33 = (uint64_t)(x31 & UINT64_C(0x7ffffffffffff));
	173	fiat_25519_uint128 x34 = (x32 + x29);
	174	uint64_t x35 = (uint64_t)(x34 >> 51);
	175	uint64_t x36 = (uint64_t)(x34 & UINT64_C(0x7ffffffffffff));
	176	fiat_25519_uint128 x37 = (x35 + x28);
	177	uint64_t x38 = (uint64_t)(x37 >> 51);
	178	uint64_t x39 = (uint64_t)(x37 & UINT64_C(0x7ffffffffffff));
	179	fiat_25519_uint128 x40 = (x38 + x27);
	180	uint64_t x41 = (uint64_t)(x40 >> 51);
	181	uint64_t x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff));
	182	uint64_t x43 = (x41 * (uint64_t)UINT8_C(0x13));
	183	uint64_t x44 = (x26 + x43);
	184	uint64_t x45 = (x44 >> 51);
	185	uint64_t x46 = (x44 & UINT64_C(0x7ffffffffffff));
	186	uint64_t x47 = (x45 + x33);
	187	uint64_t x48 = (x47 >> 51);
	188	uint64_t x49 = (x47 & UINT64_C(0x7ffffffffffff));
	189	uint64_t x50 = (x48 + x36);
	190	out1[0] = x46;
	191	out1[1] = x49;
	192	out1[2] = x50;
	193	out1[3] = x39;
	194	out1[4] = x42;
	195	}
	196
	197	/*
	198	* Input Bounds:
	199	* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	200	* Output Bounds:
	201	* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	202	*/
	203	static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) {
	204	uint64_t x1 = (arg1[0]);
	205	uint64_t x2 = ((x1 >> 51) + (arg1[1]));
	206	uint64_t x3 = ((x2 >> 51) + (arg1[2]));
	207	uint64_t x4 = ((x3 >> 51) + (arg1[3]));
	208	uint64_t x5 = ((x4 >> 51) + (arg1[4]));
	209	uint64_t x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * (uint64_t)UINT8_C(0x13)));
	210	uint64_t x7 = ((x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff)));
	211	uint64_t x8 = (x6 & UINT64_C(0x7ffffffffffff));
	212	uint64_t x9 = (x7 & UINT64_C(0x7ffffffffffff));
	213	uint64_t x10 = ((x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff)));
	214	uint64_t x11 = (x4 & UINT64_C(0x7ffffffffffff));
	215	uint64_t x12 = (x5 & UINT64_C(0x7ffffffffffff));
	216	out1[0] = x8;
	217	out1[1] = x9;
	218	out1[2] = x10;
	219	out1[3] = x11;
	220	out1[4] = x12;
	221	}
	222
	223	/*
	224	* Input Bounds:
	225	* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	226	* arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	227	* Output Bounds:
	228	* out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	229	*/
	230	static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
	231	uint64_t x1 = ((arg1[0]) + (arg2[0]));
	232	uint64_t x2 = ((arg1[1]) + (arg2[1]));
	233	uint64_t x3 = ((arg1[2]) + (arg2[2]));
	234	uint64_t x4 = ((arg1[3]) + (arg2[3]));
	235	uint64_t x5 = ((arg1[4]) + (arg2[4]));
	236	out1[0] = x1;
	237	out1[1] = x2;
	238	out1[2] = x3;
	239	out1[3] = x4;
	240	out1[4] = x5;
	241	}
	242
	243	/*
	244	* Input Bounds:
	245	* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	246	* arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	247	* Output Bounds:
	248	* out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	249	*/
	250	static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
	251	uint64_t x1 = ((UINT64_C(0xfffffffffffda) + (arg1[0])) - (arg2[0]));
	252	uint64_t x2 = ((UINT64_C(0xffffffffffffe) + (arg1[1])) - (arg2[1]));
	253	uint64_t x3 = ((UINT64_C(0xffffffffffffe) + (arg1[2])) - (arg2[2]));
	254	uint64_t x4 = ((UINT64_C(0xffffffffffffe) + (arg1[3])) - (arg2[3]));
	255	uint64_t x5 = ((UINT64_C(0xffffffffffffe) + (arg1[4])) - (arg2[4]));
	256	out1[0] = x1;
	257	out1[1] = x2;
	258	out1[2] = x3;
	259	out1[3] = x4;
	260	out1[4] = x5;
	261	}
	262
	263	/*
	264	* Input Bounds:
	265	* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	266	* Output Bounds:
	267	* out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
	268	*/
	269	static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) {
	270	uint64_t x1 = (UINT64_C(0xfffffffffffda) - (arg1[0]));
	271	uint64_t x2 = (UINT64_C(0xffffffffffffe) - (arg1[1]));
	272	uint64_t x3 = (UINT64_C(0xffffffffffffe) - (arg1[2]));
	273	uint64_t x4 = (UINT64_C(0xffffffffffffe) - (arg1[3]));
	274	uint64_t x5 = (UINT64_C(0xffffffffffffe) - (arg1[4]));
	275	out1[0] = x1;
	276	out1[1] = x2;
	277	out1[2] = x3;
	278	out1[3] = x4;
	279	out1[4] = x5;
	280	}
	281
	282	/*
	283	* Input Bounds:
	284	* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	285	* Output Bounds:
	286	* out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
	287	*/
	288	static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) {
	289	uint64_t x1;
	290	fiat_25519_uint1 x2;
	291	fiat_25519_subborrowx_u51(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x7ffffffffffed));
	292	uint64_t x3;
	293	fiat_25519_uint1 x4;
	294	fiat_25519_subborrowx_u51(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffffff));
	295	uint64_t x5;
	296	fiat_25519_uint1 x6;
	297	fiat_25519_subborrowx_u51(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffffff));
	298	uint64_t x7;
	299	fiat_25519_uint1 x8;
	300	fiat_25519_subborrowx_u51(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7ffffffffffff));
	301	uint64_t x9;
	302	fiat_25519_uint1 x10;
	303	fiat_25519_subborrowx_u51(&x9, &x10, x8, (arg1[4]), UINT64_C(0x7ffffffffffff));
	304	uint64_t x11;
	305	fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff));
	306	uint64_t x12;
	307	fiat_25519_uint1 x13;
	308	fiat_25519_addcarryx_u51(&x12, &x13, 0x0, (x11 & UINT64_C(0x7ffffffffffed)), x1);
	309	uint64_t x14;
	310	fiat_25519_uint1 x15;
	311	fiat_25519_addcarryx_u51(&x14, &x15, x13, (x11 & UINT64_C(0x7ffffffffffff)), x3);
	312	uint64_t x16;
	313	fiat_25519_uint1 x17;
	314	fiat_25519_addcarryx_u51(&x16, &x17, x15, (x11 & UINT64_C(0x7ffffffffffff)), x5);
	315	uint64_t x18;
	316	fiat_25519_uint1 x19;
	317	fiat_25519_addcarryx_u51(&x18, &x19, x17, (x11 & UINT64_C(0x7ffffffffffff)), x7);
	318	uint64_t x20;
	319	fiat_25519_uint1 x21;
	320	fiat_25519_addcarryx_u51(&x20, &x21, x19, (x11 & UINT64_C(0x7ffffffffffff)), x9);
	321	uint64_t x22 = (x20 << 4);
	322	uint64_t x23 = (x18 * (uint64_t)0x2);
	323	uint64_t x24 = (x16 << 6);
	324	uint64_t x25 = (x14 << 3);
	325	uint64_t x26 = (x12 >> 8);
	326	uint8_t x27 = (uint8_t)(x12 & UINT8_C(0xff));
	327	uint64_t x28 = (x26 >> 8);
	328	uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff));
	329	uint64_t x30 = (x28 >> 8);
	330	uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff));
	331	uint64_t x32 = (x30 >> 8);
	332	uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff));
	333	uint64_t x34 = (x32 >> 8);
	334	uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff));
	335	uint8_t x36 = (uint8_t)(x34 >> 8);
	336	uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff));
	337	uint64_t x38 = (x36 + x25);
	338	uint64_t x39 = (x38 >> 8);
	339	uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff));
	340	uint64_t x41 = (x39 >> 8);
	341	uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff));
	342	uint64_t x43 = (x41 >> 8);
	343	uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff));
	344	uint64_t x45 = (x43 >> 8);
	345	uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff));
	346	uint64_t x47 = (x45 >> 8);
	347	uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff));
	348	uint8_t x49 = (uint8_t)(x47 >> 8);
	349	uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff));
	350	uint64_t x51 = (x49 + x24);
	351	uint64_t x52 = (x51 >> 8);
	352	uint8_t x53 = (uint8_t)(x51 & UINT8_C(0xff));
	353	uint64_t x54 = (x52 >> 8);
	354	uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
	355	uint64_t x56 = (x54 >> 8);
	356	uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff));
	357	uint64_t x58 = (x56 >> 8);
	358	uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff));
	359	uint64_t x60 = (x58 >> 8);
	360	uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff));
	361	uint64_t x62 = (x60 >> 8);
	362	uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff));
	363	fiat_25519_uint1 x64 = (fiat_25519_uint1)(x62 >> 8);
	364	uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff));
	365	uint64_t x66 = (x64 + x23);
	366	uint64_t x67 = (x66 >> 8);
	367	uint8_t x68 = (uint8_t)(x66 & UINT8_C(0xff));
	368	uint64_t x69 = (x67 >> 8);
	369	uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff));
	370	uint64_t x71 = (x69 >> 8);
	371	uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff));
	372	uint64_t x73 = (x71 >> 8);
	373	uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff));
	374	uint64_t x75 = (x73 >> 8);
	375	uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff));
	376	uint8_t x77 = (uint8_t)(x75 >> 8);
	377	uint8_t x78 = (uint8_t)(x75 & UINT8_C(0xff));
	378	uint64_t x79 = (x77 + x22);
	379	uint64_t x80 = (x79 >> 8);
	380	uint8_t x81 = (uint8_t)(x79 & UINT8_C(0xff));
	381	uint64_t x82 = (x80 >> 8);
	382	uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff));
	383	uint64_t x84 = (x82 >> 8);
	384	uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff));
	385	uint64_t x86 = (x84 >> 8);
	386	uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff));
	387	uint64_t x88 = (x86 >> 8);
	388	uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff));
	389	uint8_t x90 = (uint8_t)(x88 >> 8);
	390	uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff));
	391	out1[0] = x27;
	392	out1[1] = x29;
	393	out1[2] = x31;
	394	out1[3] = x33;
	395	out1[4] = x35;
	396	out1[5] = x37;
	397	out1[6] = x40;
	398	out1[7] = x42;
	399	out1[8] = x44;
	400	out1[9] = x46;
	401	out1[10] = x48;
	402	out1[11] = x50;
	403	out1[12] = x53;
	404	out1[13] = x55;
	405	out1[14] = x57;
	406	out1[15] = x59;
	407	out1[16] = x61;
	408	out1[17] = x63;
	409	out1[18] = x65;
	410	out1[19] = x68;
	411	out1[20] = x70;
	412	out1[21] = x72;
	413	out1[22] = x74;
	414	out1[23] = x76;
	415	out1[24] = x78;
	416	out1[25] = x81;
	417	out1[26] = x83;
	418	out1[27] = x85;
	419	out1[28] = x87;
	420	out1[29] = x89;
	421	out1[30] = x91;
	422	out1[31] = x90;
	423	}
	424
	425	/*
	426	* Input Bounds:
	427	* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
	428	* Output Bounds:
	429	* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
	430	*/
	431	static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) {
	432	uint64_t x1 = ((uint64_t)(arg1[31]) << 44);
	433	uint64_t x2 = ((uint64_t)(arg1[30]) << 36);
	434	uint64_t x3 = ((uint64_t)(arg1[29]) << 28);
	435	uint64_t x4 = ((uint64_t)(arg1[28]) << 20);
	436	uint64_t x5 = ((uint64_t)(arg1[27]) << 12);
	437	uint64_t x6 = ((uint64_t)(arg1[26]) << 4);
	438	uint64_t x7 = ((uint64_t)(arg1[25]) << 47);
	439	uint64_t x8 = ((uint64_t)(arg1[24]) << 39);
	440	uint64_t x9 = ((uint64_t)(arg1[23]) << 31);
	441	uint64_t x10 = ((uint64_t)(arg1[22]) << 23);
	442	uint64_t x11 = ((uint64_t)(arg1[21]) << 15);
	443	uint64_t x12 = ((uint64_t)(arg1[20]) << 7);
	444	uint64_t x13 = ((uint64_t)(arg1[19]) << 50);
	445	uint64_t x14 = ((uint64_t)(arg1[18]) << 42);
	446	uint64_t x15 = ((uint64_t)(arg1[17]) << 34);
	447	uint64_t x16 = ((uint64_t)(arg1[16]) << 26);
	448	uint64_t x17 = ((uint64_t)(arg1[15]) << 18);
	449	uint64_t x18 = ((uint64_t)(arg1[14]) << 10);
	450	uint64_t x19 = ((uint64_t)(arg1[13]) << 2);
	451	uint64_t x20 = ((uint64_t)(arg1[12]) << 45);
	452	uint64_t x21 = ((uint64_t)(arg1[11]) << 37);
	453	uint64_t x22 = ((uint64_t)(arg1[10]) << 29);
	454	uint64_t x23 = ((uint64_t)(arg1[9]) << 21);
	455	uint64_t x24 = ((uint64_t)(arg1[8]) << 13);
	456	uint64_t x25 = ((uint64_t)(arg1[7]) << 5);
	457	uint64_t x26 = ((uint64_t)(arg1[6]) << 48);
	458	uint64_t x27 = ((uint64_t)(arg1[5]) << 40);
	459	uint64_t x28 = ((uint64_t)(arg1[4]) << 32);
	460	uint64_t x29 = ((uint64_t)(arg1[3]) << 24);
	461	uint64_t x30 = ((uint64_t)(arg1[2]) << 16);
	462	uint64_t x31 = ((uint64_t)(arg1[1]) << 8);
	463	uint8_t x32 = (arg1[0]);
	464	uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + x26))))));
	465	uint8_t x34 = (uint8_t)(x33 >> 51);
	466	uint64_t x35 = (x33 & UINT64_C(0x7ffffffffffff));
	467	uint64_t x36 = (x6 + (x5 + (x4 + (x3 + (x2 + x1)))));
	468	uint64_t x37 = (x12 + (x11 + (x10 + (x9 + (x8 + x7)))));
	469	uint64_t x38 = (x19 + (x18 + (x17 + (x16 + (x15 + (x14 + x13))))));
	470	uint64_t x39 = (x25 + (x24 + (x23 + (x22 + (x21 + x20)))));
	471	uint64_t x40 = (x34 + x39);
	472	uint8_t x41 = (uint8_t)(x40 >> 51);
	473	uint64_t x42 = (x40 & UINT64_C(0x7ffffffffffff));
	474	uint64_t x43 = (x41 + x38);
	475	uint8_t x44 = (uint8_t)(x43 >> 51);
	476	uint64_t x45 = (x43 & UINT64_C(0x7ffffffffffff));
	477	uint64_t x46 = (x44 + x37);
	478	uint8_t x47 = (uint8_t)(x46 >> 51);
	479	uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff));
	480	uint64_t x49 = (x47 + x36);
	481	out1[0] = x35;
	482	out1[1] = x42;
	483	out1[2] = x45;
	484	out1[3] = x48;
	485	out1[4] = x49;
	486	}
	487
	488	#else /* defined(BORINGSSL_CURVE25519_64BIT) */
	489
	490	/* Autogenerated */
	491	/* curve description: 25519 */
	492	/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */
	493	/* n = 10 (from "10") */
	494	/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */
	495	/* c = [(1, 19)] (from "1,19") */
	496	/* machine_wordsize = 32 (from "32") */
	497
	498	#include <stdint.h>
	499	typedef unsigned char fiat_25519_uint1;
	500	typedef signed char fiat_25519_int1;
	501
	502
	503	/*
	504	* Input Bounds:
	505	* arg1: [0x0 ~> 0x1]
	506	* arg2: [0x0 ~> 0x3ffffff]
	507	* arg3: [0x0 ~> 0x3ffffff]
	508	* Output Bounds:
	509	* out1: [0x0 ~> 0x3ffffff]
	510	* out2: [0x0 ~> 0x1]
	511	*/
	512	static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
	513	uint32_t x1 = ((arg1 + arg2) + arg3);
	514	uint32_t x2 = (x1 & UINT32_C(0x3ffffff));
	515	fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 26);
	516	*out1 = x2;
	517	*out2 = x3;
	518	}
	519
	520	/*
	521	* Input Bounds:
	522	* arg1: [0x0 ~> 0x1]
	523	* arg2: [0x0 ~> 0x3ffffff]
	524	* arg3: [0x0 ~> 0x3ffffff]
	525	* Output Bounds:
	526	* out1: [0x0 ~> 0x3ffffff]
	527	* out2: [0x0 ~> 0x1]
	528	*/
	529	static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
	530	int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
	531	fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 26);
	532	uint32_t x3 = (x1 & UINT32_C(0x3ffffff));
	533	*out1 = x3;
	534	*out2 = (fiat_25519_uint1)(0x0 - x2);
	535	}
	536
	537	/*
	538	* Input Bounds:
	539	* arg1: [0x0 ~> 0x1]
	540	* arg2: [0x0 ~> 0x1ffffff]
	541	* arg3: [0x0 ~> 0x1ffffff]
	542	* Output Bounds:
	543	* out1: [0x0 ~> 0x1ffffff]
	544	* out2: [0x0 ~> 0x1]
	545	*/
	546	static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
	547	uint32_t x1 = ((arg1 + arg2) + arg3);
	548	uint32_t x2 = (x1 & UINT32_C(0x1ffffff));
	549	fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 25);
	550	*out1 = x2;
	551	*out2 = x3;
	552	}
	553
	554	/*
	555	* Input Bounds:
	556	* arg1: [0x0 ~> 0x1]
	557	* arg2: [0x0 ~> 0x1ffffff]
	558	* arg3: [0x0 ~> 0x1ffffff]
	559	* Output Bounds:
	560	* out1: [0x0 ~> 0x1ffffff]
	561	* out2: [0x0 ~> 0x1]
	562	*/
	563	static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
	564	int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
	565	fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 25);
	566	uint32_t x3 = (x1 & UINT32_C(0x1ffffff));
	567	*out1 = x3;
	568	*out2 = (fiat_25519_uint1)(0x0 - x2);
	569	}
	570
	571	/*
	572	* Input Bounds:
	573	* arg1: [0x0 ~> 0x1]
	574	* arg2: [0x0 ~> 0xffffffff]
	575	* arg3: [0x0 ~> 0xffffffff]
	576	* Output Bounds:
	577	* out1: [0x0 ~> 0xffffffff]
	578	*/
	579	static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
	580	fiat_25519_uint1 x1 = (!(!arg1));
	581	uint32_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff));
	582	uint32_t x3 = ((x2 & arg3) \| ((~x2) & arg2));
	583	*out1 = x3;
	584	}
	585
	586	/*
	587	* Input Bounds:
	588	* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	589	* arg2: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	590	* Output Bounds:
	591	* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	592	*/
	593	static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
	594	uint64_t x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	595	uint64_t x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	596	uint64_t x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	597	uint64_t x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	598	uint64_t x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	599	uint64_t x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
	600	uint64_t x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	601	uint64_t x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
	602	uint64_t x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	603	uint64_t x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
	604	uint64_t x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	605	uint64_t x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
	606	uint64_t x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	607	uint64_t x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
	608	uint64_t x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
	609	uint64_t x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * (uint32_t)UINT8_C(0x13)));
	610	uint64_t x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
	611	uint64_t x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	612	uint64_t x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	613	uint64_t x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	614	uint64_t x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	615	uint64_t x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	616	uint64_t x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
	617	uint64_t x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	618	uint64_t x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
	619	uint64_t x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	620	uint64_t x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
	621	uint64_t x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	622	uint64_t x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
	623	uint64_t x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
	624	uint64_t x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	625	uint64_t x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	626	uint64_t x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	627	uint64_t x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	628	uint64_t x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	629	uint64_t x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
	630	uint64_t x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	631	uint64_t x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
	632	uint64_t x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
	633	uint64_t x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	634	uint64_t x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	635	uint64_t x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	636	uint64_t x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
	637	uint64_t x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
	638	uint64_t x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
	639	uint64_t x46 = ((uint64_t)(arg1[9]) * (arg2[0]));
	640	uint64_t x47 = ((uint64_t)(arg1[8]) * (arg2[1]));
	641	uint64_t x48 = ((uint64_t)(arg1[8]) * (arg2[0]));
	642	uint64_t x49 = ((uint64_t)(arg1[7]) * (arg2[2]));
	643	uint64_t x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * (uint32_t)0x2));
	644	uint64_t x51 = ((uint64_t)(arg1[7]) * (arg2[0]));
	645	uint64_t x52 = ((uint64_t)(arg1[6]) * (arg2[3]));
	646	uint64_t x53 = ((uint64_t)(arg1[6]) * (arg2[2]));
	647	uint64_t x54 = ((uint64_t)(arg1[6]) * (arg2[1]));
	648	uint64_t x55 = ((uint64_t)(arg1[6]) * (arg2[0]));
	649	uint64_t x56 = ((uint64_t)(arg1[5]) * (arg2[4]));
	650	uint64_t x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * (uint32_t)0x2));
	651	uint64_t x58 = ((uint64_t)(arg1[5]) * (arg2[2]));
	652	uint64_t x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * (uint32_t)0x2));
	653	uint64_t x60 = ((uint64_t)(arg1[5]) * (arg2[0]));
	654	uint64_t x61 = ((uint64_t)(arg1[4]) * (arg2[5]));
	655	uint64_t x62 = ((uint64_t)(arg1[4]) * (arg2[4]));
	656	uint64_t x63 = ((uint64_t)(arg1[4]) * (arg2[3]));
	657	uint64_t x64 = ((uint64_t)(arg1[4]) * (arg2[2]));
	658	uint64_t x65 = ((uint64_t)(arg1[4]) * (arg2[1]));
	659	uint64_t x66 = ((uint64_t)(arg1[4]) * (arg2[0]));
	660	uint64_t x67 = ((uint64_t)(arg1[3]) * (arg2[6]));
	661	uint64_t x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * (uint32_t)0x2));
	662	uint64_t x69 = ((uint64_t)(arg1[3]) * (arg2[4]));
	663	uint64_t x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * (uint32_t)0x2));
	664	uint64_t x71 = ((uint64_t)(arg1[3]) * (arg2[2]));
	665	uint64_t x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * (uint32_t)0x2));
	666	uint64_t x73 = ((uint64_t)(arg1[3]) * (arg2[0]));
	667	uint64_t x74 = ((uint64_t)(arg1[2]) * (arg2[7]));
	668	uint64_t x75 = ((uint64_t)(arg1[2]) * (arg2[6]));
	669	uint64_t x76 = ((uint64_t)(arg1[2]) * (arg2[5]));
	670	uint64_t x77 = ((uint64_t)(arg1[2]) * (arg2[4]));
	671	uint64_t x78 = ((uint64_t)(arg1[2]) * (arg2[3]));
	672	uint64_t x79 = ((uint64_t)(arg1[2]) * (arg2[2]));
	673	uint64_t x80 = ((uint64_t)(arg1[2]) * (arg2[1]));
	674	uint64_t x81 = ((uint64_t)(arg1[2]) * (arg2[0]));
	675	uint64_t x82 = ((uint64_t)(arg1[1]) * (arg2[8]));
	676	uint64_t x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * (uint32_t)0x2));
	677	uint64_t x84 = ((uint64_t)(arg1[1]) * (arg2[6]));
	678	uint64_t x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * (uint32_t)0x2));
	679	uint64_t x86 = ((uint64_t)(arg1[1]) * (arg2[4]));
	680	uint64_t x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * (uint32_t)0x2));
	681	uint64_t x88 = ((uint64_t)(arg1[1]) * (arg2[2]));
	682	uint64_t x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * (uint32_t)0x2));
	683	uint64_t x90 = ((uint64_t)(arg1[1]) * (arg2[0]));
	684	uint64_t x91 = ((uint64_t)(arg1[0]) * (arg2[9]));
	685	uint64_t x92 = ((uint64_t)(arg1[0]) * (arg2[8]));
	686	uint64_t x93 = ((uint64_t)(arg1[0]) * (arg2[7]));
	687	uint64_t x94 = ((uint64_t)(arg1[0]) * (arg2[6]));
	688	uint64_t x95 = ((uint64_t)(arg1[0]) * (arg2[5]));
	689	uint64_t x96 = ((uint64_t)(arg1[0]) * (arg2[4]));
	690	uint64_t x97 = ((uint64_t)(arg1[0]) * (arg2[3]));
	691	uint64_t x98 = ((uint64_t)(arg1[0]) * (arg2[2]));
	692	uint64_t x99 = ((uint64_t)(arg1[0]) * (arg2[1]));
	693	uint64_t x100 = ((uint64_t)(arg1[0]) * (arg2[0]));
	694	uint64_t x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9)))))))));
	695	uint64_t x102 = (x101 >> 26);
	696	uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
	697	uint64_t x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46)))))))));
	698	uint64_t x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1)))))))));
	699	uint64_t x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2)))))))));
	700	uint64_t x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3)))))))));
	701	uint64_t x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4)))))))));
	702	uint64_t x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5)))))))));
	703	uint64_t x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6)))))))));
	704	uint64_t x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7)))))))));
	705	uint64_t x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8)))))))));
	706	uint64_t x113 = (x102 + x112);
	707	uint64_t x114 = (x113 >> 25);
	708	uint32_t x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff));
	709	uint64_t x116 = (x114 + x111);
	710	uint64_t x117 = (x116 >> 26);
	711	uint32_t x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff));
	712	uint64_t x119 = (x117 + x110);
	713	uint64_t x120 = (x119 >> 25);
	714	uint32_t x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff));
	715	uint64_t x122 = (x120 + x109);
	716	uint64_t x123 = (x122 >> 26);
	717	uint32_t x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff));
	718	uint64_t x125 = (x123 + x108);
	719	uint64_t x126 = (x125 >> 25);
	720	uint32_t x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff));
	721	uint64_t x128 = (x126 + x107);
	722	uint64_t x129 = (x128 >> 26);
	723	uint32_t x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff));
	724	uint64_t x131 = (x129 + x106);
	725	uint64_t x132 = (x131 >> 25);
	726	uint32_t x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff));
	727	uint64_t x134 = (x132 + x105);
	728	uint64_t x135 = (x134 >> 26);
	729	uint32_t x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff));
	730	uint64_t x137 = (x135 + x104);
	731	uint64_t x138 = (x137 >> 25);
	732	uint32_t x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff));
	733	uint64_t x140 = (x138 * (uint64_t)UINT8_C(0x13));
	734	uint64_t x141 = (x103 + x140);
	735	uint32_t x142 = (uint32_t)(x141 >> 26);
	736	uint32_t x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff));
	737	uint32_t x144 = (x142 + x115);
	738	uint32_t x145 = (x144 >> 25);
	739	uint32_t x146 = (x144 & UINT32_C(0x1ffffff));
	740	uint32_t x147 = (x145 + x118);
	741	out1[0] = x143;
	742	out1[1] = x146;
	743	out1[2] = x147;
	744	out1[3] = x121;
	745	out1[4] = x124;
	746	out1[5] = x127;
	747	out1[6] = x130;
	748	out1[7] = x133;
	749	out1[8] = x136;
	750	out1[9] = x139;
	751	}
	752
	753	/*
	754	* Input Bounds:
	755	* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	756	* Output Bounds:
	757	* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	758	*/
	759	static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) {
	760	uint32_t x1 = ((arg1[9]) * (uint32_t)UINT8_C(0x13));
	761	uint32_t x2 = (x1 * (uint32_t)0x2);
	762	uint32_t x3 = ((arg1[9]) * (uint32_t)0x2);
	763	uint32_t x4 = ((arg1[8]) * (uint32_t)UINT8_C(0x13));
	764	uint64_t x5 = (x4 * (uint64_t)0x2);
	765	uint32_t x6 = ((arg1[8]) * (uint32_t)0x2);
	766	uint32_t x7 = ((arg1[7]) * (uint32_t)UINT8_C(0x13));
	767	uint32_t x8 = (x7 * (uint32_t)0x2);
	768	uint32_t x9 = ((arg1[7]) * (uint32_t)0x2);
	769	uint32_t x10 = ((arg1[6]) * (uint32_t)UINT8_C(0x13));
	770	uint64_t x11 = (x10 * (uint64_t)0x2);
	771	uint32_t x12 = ((arg1[6]) * (uint32_t)0x2);
	772	uint32_t x13 = ((arg1[5]) * (uint32_t)UINT8_C(0x13));
	773	uint32_t x14 = ((arg1[5]) * (uint32_t)0x2);
	774	uint32_t x15 = ((arg1[4]) * (uint32_t)0x2);
	775	uint32_t x16 = ((arg1[3]) * (uint32_t)0x2);
	776	uint32_t x17 = ((arg1[2]) * (uint32_t)0x2);
	777	uint32_t x18 = ((arg1[1]) * (uint32_t)0x2);
	778	uint64_t x19 = ((uint64_t)(arg1[9]) * (x1 * (uint32_t)0x2));
	779	uint64_t x20 = ((uint64_t)(arg1[8]) * x2);
	780	uint64_t x21 = ((uint64_t)(arg1[8]) * x4);
	781	uint64_t x22 = ((arg1[7]) * (x2 * (uint64_t)0x2));
	782	uint64_t x23 = ((arg1[7]) * x5);
	783	uint64_t x24 = ((uint64_t)(arg1[7]) * (x7 * (uint32_t)0x2));
	784	uint64_t x25 = ((uint64_t)(arg1[6]) * x2);
	785	uint64_t x26 = ((arg1[6]) * x5);
	786	uint64_t x27 = ((uint64_t)(arg1[6]) * x8);
	787	uint64_t x28 = ((uint64_t)(arg1[6]) * x10);
	788	uint64_t x29 = ((arg1[5]) * (x2 * (uint64_t)0x2));
	789	uint64_t x30 = ((arg1[5]) * x5);
	790	uint64_t x31 = ((arg1[5]) * (x8 * (uint64_t)0x2));
	791	uint64_t x32 = ((arg1[5]) * x11);
	792	uint64_t x33 = ((uint64_t)(arg1[5]) * (x13 * (uint32_t)0x2));
	793	uint64_t x34 = ((uint64_t)(arg1[4]) * x2);
	794	uint64_t x35 = ((arg1[4]) * x5);
	795	uint64_t x36 = ((uint64_t)(arg1[4]) * x8);
	796	uint64_t x37 = ((arg1[4]) * x11);
	797	uint64_t x38 = ((uint64_t)(arg1[4]) * x14);
	798	uint64_t x39 = ((uint64_t)(arg1[4]) * (arg1[4]));
	799	uint64_t x40 = ((arg1[3]) * (x2 * (uint64_t)0x2));
	800	uint64_t x41 = ((arg1[3]) * x5);
	801	uint64_t x42 = ((arg1[3]) * (x8 * (uint64_t)0x2));
	802	uint64_t x43 = ((uint64_t)(arg1[3]) * x12);
	803	uint64_t x44 = ((uint64_t)(arg1[3]) * (x14 * (uint32_t)0x2));
	804	uint64_t x45 = ((uint64_t)(arg1[3]) * x15);
	805	uint64_t x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * (uint32_t)0x2));
	806	uint64_t x47 = ((uint64_t)(arg1[2]) * x2);
	807	uint64_t x48 = ((arg1[2]) * x5);
	808	uint64_t x49 = ((uint64_t)(arg1[2]) * x9);
	809	uint64_t x50 = ((uint64_t)(arg1[2]) * x12);
	810	uint64_t x51 = ((uint64_t)(arg1[2]) * x14);
	811	uint64_t x52 = ((uint64_t)(arg1[2]) * x15);
	812	uint64_t x53 = ((uint64_t)(arg1[2]) * x16);
	813	uint64_t x54 = ((uint64_t)(arg1[2]) * (arg1[2]));
	814	uint64_t x55 = ((arg1[1]) * (x2 * (uint64_t)0x2));
	815	uint64_t x56 = ((uint64_t)(arg1[1]) * x6);
	816	uint64_t x57 = ((uint64_t)(arg1[1]) * (x9 * (uint32_t)0x2));
	817	uint64_t x58 = ((uint64_t)(arg1[1]) * x12);
	818	uint64_t x59 = ((uint64_t)(arg1[1]) * (x14 * (uint32_t)0x2));
	819	uint64_t x60 = ((uint64_t)(arg1[1]) * x15);
	820	uint64_t x61 = ((uint64_t)(arg1[1]) * (x16 * (uint32_t)0x2));
	821	uint64_t x62 = ((uint64_t)(arg1[1]) * x17);
	822	uint64_t x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * (uint32_t)0x2));
	823	uint64_t x64 = ((uint64_t)(arg1[0]) * x3);
	824	uint64_t x65 = ((uint64_t)(arg1[0]) * x6);
	825	uint64_t x66 = ((uint64_t)(arg1[0]) * x9);
	826	uint64_t x67 = ((uint64_t)(arg1[0]) * x12);
	827	uint64_t x68 = ((uint64_t)(arg1[0]) * x14);
	828	uint64_t x69 = ((uint64_t)(arg1[0]) * x15);
	829	uint64_t x70 = ((uint64_t)(arg1[0]) * x16);
	830	uint64_t x71 = ((uint64_t)(arg1[0]) * x17);
	831	uint64_t x72 = ((uint64_t)(arg1[0]) * x18);
	832	uint64_t x73 = ((uint64_t)(arg1[0]) * (arg1[0]));
	833	uint64_t x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33)))));
	834	uint64_t x75 = (x74 >> 26);
	835	uint32_t x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff));
	836	uint64_t x77 = (x64 + (x56 + (x49 + (x43 + x38))));
	837	uint64_t x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19)))));
	838	uint64_t x79 = (x66 + (x58 + (x51 + (x45 + x20))));
	839	uint64_t x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21)))));
	840	uint64_t x81 = (x68 + (x60 + (x53 + (x25 + x23))));
	841	uint64_t x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24)))));
	842	uint64_t x83 = (x70 + (x62 + (x34 + (x30 + x27))));
	843	uint64_t x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28)))));
	844	uint64_t x85 = (x72 + (x47 + (x41 + (x36 + x32))));
	845	uint64_t x86 = (x75 + x85);
	846	uint64_t x87 = (x86 >> 25);
	847	uint32_t x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff));
	848	uint64_t x89 = (x87 + x84);
	849	uint64_t x90 = (x89 >> 26);
	850	uint32_t x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff));
	851	uint64_t x92 = (x90 + x83);
	852	uint64_t x93 = (x92 >> 25);
	853	uint32_t x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff));
	854	uint64_t x95 = (x93 + x82);
	855	uint64_t x96 = (x95 >> 26);
	856	uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff));
	857	uint64_t x98 = (x96 + x81);
	858	uint64_t x99 = (x98 >> 25);
	859	uint32_t x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff));
	860	uint64_t x101 = (x99 + x80);
	861	uint64_t x102 = (x101 >> 26);
	862	uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
	863	uint64_t x104 = (x102 + x79);
	864	uint64_t x105 = (x104 >> 25);
	865	uint32_t x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff));
	866	uint64_t x107 = (x105 + x78);
	867	uint64_t x108 = (x107 >> 26);
	868	uint32_t x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff));
	869	uint64_t x110 = (x108 + x77);
	870	uint64_t x111 = (x110 >> 25);
	871	uint32_t x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff));
	872	uint64_t x113 = (x111 * (uint64_t)UINT8_C(0x13));
	873	uint64_t x114 = (x76 + x113);
	874	uint32_t x115 = (uint32_t)(x114 >> 26);
	875	uint32_t x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff));
	876	uint32_t x117 = (x115 + x88);
	877	uint32_t x118 = (x117 >> 25);
	878	uint32_t x119 = (x117 & UINT32_C(0x1ffffff));
	879	uint32_t x120 = (x118 + x91);
	880	out1[0] = x116;
	881	out1[1] = x119;
	882	out1[2] = x120;
	883	out1[3] = x94;
	884	out1[4] = x97;
	885	out1[5] = x100;
	886	out1[6] = x103;
	887	out1[7] = x106;
	888	out1[8] = x109;
	889	out1[9] = x112;
	890	}
	891
	892	/*
	893	* Input Bounds:
	894	* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	895	* Output Bounds:
	896	* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	897	*/
	898	static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) {
	899	uint32_t x1 = (arg1[0]);
	900	uint32_t x2 = ((x1 >> 26) + (arg1[1]));
	901	uint32_t x3 = ((x2 >> 25) + (arg1[2]));
	902	uint32_t x4 = ((x3 >> 26) + (arg1[3]));
	903	uint32_t x5 = ((x4 >> 25) + (arg1[4]));
	904	uint32_t x6 = ((x5 >> 26) + (arg1[5]));
	905	uint32_t x7 = ((x6 >> 25) + (arg1[6]));
	906	uint32_t x8 = ((x7 >> 26) + (arg1[7]));
	907	uint32_t x9 = ((x8 >> 25) + (arg1[8]));
	908	uint32_t x10 = ((x9 >> 26) + (arg1[9]));
	909	uint32_t x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * (uint32_t)UINT8_C(0x13)));
	910	uint32_t x12 = ((x11 >> 26) + (x2 & UINT32_C(0x1ffffff)));
	911	uint32_t x13 = (x11 & UINT32_C(0x3ffffff));
	912	uint32_t x14 = (x12 & UINT32_C(0x1ffffff));
	913	uint32_t x15 = ((x12 >> 25) + (x3 & UINT32_C(0x3ffffff)));
	914	uint32_t x16 = (x4 & UINT32_C(0x1ffffff));
	915	uint32_t x17 = (x5 & UINT32_C(0x3ffffff));
	916	uint32_t x18 = (x6 & UINT32_C(0x1ffffff));
	917	uint32_t x19 = (x7 & UINT32_C(0x3ffffff));
	918	uint32_t x20 = (x8 & UINT32_C(0x1ffffff));
	919	uint32_t x21 = (x9 & UINT32_C(0x3ffffff));
	920	uint32_t x22 = (x10 & UINT32_C(0x1ffffff));
	921	out1[0] = x13;
	922	out1[1] = x14;
	923	out1[2] = x15;
	924	out1[3] = x16;
	925	out1[4] = x17;
	926	out1[5] = x18;
	927	out1[6] = x19;
	928	out1[7] = x20;
	929	out1[8] = x21;
	930	out1[9] = x22;
	931	}
	932
	933	/*
	934	* Input Bounds:
	935	* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	936	* arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	937	* Output Bounds:
	938	* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	939	*/
	940	static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
	941	uint32_t x1 = ((arg1[0]) + (arg2[0]));
	942	uint32_t x2 = ((arg1[1]) + (arg2[1]));
	943	uint32_t x3 = ((arg1[2]) + (arg2[2]));
	944	uint32_t x4 = ((arg1[3]) + (arg2[3]));
	945	uint32_t x5 = ((arg1[4]) + (arg2[4]));
	946	uint32_t x6 = ((arg1[5]) + (arg2[5]));
	947	uint32_t x7 = ((arg1[6]) + (arg2[6]));
	948	uint32_t x8 = ((arg1[7]) + (arg2[7]));
	949	uint32_t x9 = ((arg1[8]) + (arg2[8]));
	950	uint32_t x10 = ((arg1[9]) + (arg2[9]));
	951	out1[0] = x1;
	952	out1[1] = x2;
	953	out1[2] = x3;
	954	out1[3] = x4;
	955	out1[4] = x5;
	956	out1[5] = x6;
	957	out1[6] = x7;
	958	out1[7] = x8;
	959	out1[8] = x9;
	960	out1[9] = x10;
	961	}
	962
	963	/*
	964	* Input Bounds:
	965	* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	966	* arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	967	* Output Bounds:
	968	* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	969	*/
	970	static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
	971	uint32_t x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0]));
	972	uint32_t x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1]));
	973	uint32_t x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2]));
	974	uint32_t x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3]));
	975	uint32_t x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4]));
	976	uint32_t x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5]));
	977	uint32_t x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6]));
	978	uint32_t x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7]));
	979	uint32_t x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8]));
	980	uint32_t x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9]));
	981	out1[0] = x1;
	982	out1[1] = x2;
	983	out1[2] = x3;
	984	out1[3] = x4;
	985	out1[4] = x5;
	986	out1[5] = x6;
	987	out1[6] = x7;
	988	out1[7] = x8;
	989	out1[8] = x9;
	990	out1[9] = x10;
	991	}
	992
	993	/*
	994	* Input Bounds:
	995	* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	996	* Output Bounds:
	997	* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
	998	*/
	999	static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) {
	1000	uint32_t x1 = (UINT32_C(0x7ffffda) - (arg1[0]));
	1001	uint32_t x2 = (UINT32_C(0x3fffffe) - (arg1[1]));
	1002	uint32_t x3 = (UINT32_C(0x7fffffe) - (arg1[2]));
	1003	uint32_t x4 = (UINT32_C(0x3fffffe) - (arg1[3]));
	1004	uint32_t x5 = (UINT32_C(0x7fffffe) - (arg1[4]));
	1005	uint32_t x6 = (UINT32_C(0x3fffffe) - (arg1[5]));
	1006	uint32_t x7 = (UINT32_C(0x7fffffe) - (arg1[6]));
	1007	uint32_t x8 = (UINT32_C(0x3fffffe) - (arg1[7]));
	1008	uint32_t x9 = (UINT32_C(0x7fffffe) - (arg1[8]));
	1009	uint32_t x10 = (UINT32_C(0x3fffffe) - (arg1[9]));
	1010	out1[0] = x1;
	1011	out1[1] = x2;
	1012	out1[2] = x3;
	1013	out1[3] = x4;
	1014	out1[4] = x5;
	1015	out1[5] = x6;
	1016	out1[6] = x7;
	1017	out1[7] = x8;
	1018	out1[8] = x9;
	1019	out1[9] = x10;
	1020	}
	1021
	1022	/*
	1023	* Input Bounds:
	1024	* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	1025	* Output Bounds:
	1026	* out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
	1027	*/
	1028	static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) {
	1029	uint32_t x1;
	1030	fiat_25519_uint1 x2;
	1031	fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed));
	1032	uint32_t x3;
	1033	fiat_25519_uint1 x4;
	1034	fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff));
	1035	uint32_t x5;
	1036	fiat_25519_uint1 x6;
	1037	fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff));
	1038	uint32_t x7;
	1039	fiat_25519_uint1 x8;
	1040	fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff));
	1041	uint32_t x9;
	1042	fiat_25519_uint1 x10;
	1043	fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff));
	1044	uint32_t x11;
	1045	fiat_25519_uint1 x12;
	1046	fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff));
	1047	uint32_t x13;
	1048	fiat_25519_uint1 x14;
	1049	fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff));
	1050	uint32_t x15;
	1051	fiat_25519_uint1 x16;
	1052	fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff));
	1053	uint32_t x17;
	1054	fiat_25519_uint1 x18;
	1055	fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff));
	1056	uint32_t x19;
	1057	fiat_25519_uint1 x20;
	1058	fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff));
	1059	uint32_t x21;
	1060	fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff));
	1061	uint32_t x22;
	1062	fiat_25519_uint1 x23;
	1063	fiat_25519_addcarryx_u26(&x22, &x23, 0x0, (x21 & UINT32_C(0x3ffffed)), x1);
	1064	uint32_t x24;
	1065	fiat_25519_uint1 x25;
	1066	fiat_25519_addcarryx_u25(&x24, &x25, x23, (x21 & UINT32_C(0x1ffffff)), x3);
	1067	uint32_t x26;
	1068	fiat_25519_uint1 x27;
	1069	fiat_25519_addcarryx_u26(&x26, &x27, x25, (x21 & UINT32_C(0x3ffffff)), x5);
	1070	uint32_t x28;
	1071	fiat_25519_uint1 x29;
	1072	fiat_25519_addcarryx_u25(&x28, &x29, x27, (x21 & UINT32_C(0x1ffffff)), x7);
	1073	uint32_t x30;
	1074	fiat_25519_uint1 x31;
	1075	fiat_25519_addcarryx_u26(&x30, &x31, x29, (x21 & UINT32_C(0x3ffffff)), x9);
	1076	uint32_t x32;
	1077	fiat_25519_uint1 x33;
	1078	fiat_25519_addcarryx_u25(&x32, &x33, x31, (x21 & UINT32_C(0x1ffffff)), x11);
	1079	uint32_t x34;
	1080	fiat_25519_uint1 x35;
	1081	fiat_25519_addcarryx_u26(&x34, &x35, x33, (x21 & UINT32_C(0x3ffffff)), x13);
	1082	uint32_t x36;
	1083	fiat_25519_uint1 x37;
	1084	fiat_25519_addcarryx_u25(&x36, &x37, x35, (x21 & UINT32_C(0x1ffffff)), x15);
	1085	uint32_t x38;
	1086	fiat_25519_uint1 x39;
	1087	fiat_25519_addcarryx_u26(&x38, &x39, x37, (x21 & UINT32_C(0x3ffffff)), x17);
	1088	uint32_t x40;
	1089	fiat_25519_uint1 x41;
	1090	fiat_25519_addcarryx_u25(&x40, &x41, x39, (x21 & UINT32_C(0x1ffffff)), x19);
	1091	uint32_t x42 = (x40 << 6);
	1092	uint32_t x43 = (x38 << 4);
	1093	uint32_t x44 = (x36 << 3);
	1094	uint32_t x45 = (x34 * (uint32_t)0x2);
	1095	uint32_t x46 = (x30 << 6);
	1096	uint32_t x47 = (x28 << 5);
	1097	uint32_t x48 = (x26 << 3);
	1098	uint32_t x49 = (x24 << 2);
	1099	uint32_t x50 = (x22 >> 8);
	1100	uint8_t x51 = (uint8_t)(x22 & UINT8_C(0xff));
	1101	uint32_t x52 = (x50 >> 8);
	1102	uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff));
	1103	uint8_t x54 = (uint8_t)(x52 >> 8);
	1104	uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
	1105	uint32_t x56 = (x54 + x49);
	1106	uint32_t x57 = (x56 >> 8);
	1107	uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff));
	1108	uint32_t x59 = (x57 >> 8);
	1109	uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff));
	1110	uint8_t x61 = (uint8_t)(x59 >> 8);
	1111	uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff));
	1112	uint32_t x63 = (x61 + x48);
	1113	uint32_t x64 = (x63 >> 8);
	1114	uint8_t x65 = (uint8_t)(x63 & UINT8_C(0xff));
	1115	uint32_t x66 = (x64 >> 8);
	1116	uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff));
	1117	uint8_t x68 = (uint8_t)(x66 >> 8);
	1118	uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff));
	1119	uint32_t x70 = (x68 + x47);
	1120	uint32_t x71 = (x70 >> 8);
	1121	uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff));
	1122	uint32_t x73 = (x71 >> 8);
	1123	uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff));
	1124	uint8_t x75 = (uint8_t)(x73 >> 8);
	1125	uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff));
	1126	uint32_t x77 = (x75 + x46);
	1127	uint32_t x78 = (x77 >> 8);
	1128	uint8_t x79 = (uint8_t)(x77 & UINT8_C(0xff));
	1129	uint32_t x80 = (x78 >> 8);
	1130	uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff));
	1131	uint8_t x82 = (uint8_t)(x80 >> 8);
	1132	uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff));
	1133	uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff));
	1134	uint32_t x85 = (x32 >> 8);
	1135	uint8_t x86 = (uint8_t)(x32 & UINT8_C(0xff));
	1136	uint32_t x87 = (x85 >> 8);
	1137	uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff));
	1138	fiat_25519_uint1 x89 = (fiat_25519_uint1)(x87 >> 8);
	1139	uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff));
	1140	uint32_t x91 = (x89 + x45);
	1141	uint32_t x92 = (x91 >> 8);
	1142	uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff));
	1143	uint32_t x94 = (x92 >> 8);
	1144	uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff));
	1145	uint8_t x96 = (uint8_t)(x94 >> 8);
	1146	uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff));
	1147	uint32_t x98 = (x96 + x44);
	1148	uint32_t x99 = (x98 >> 8);
	1149	uint8_t x100 = (uint8_t)(x98 & UINT8_C(0xff));
	1150	uint32_t x101 = (x99 >> 8);
	1151	uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff));
	1152	uint8_t x103 = (uint8_t)(x101 >> 8);
	1153	uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff));
	1154	uint32_t x105 = (x103 + x43);
	1155	uint32_t x106 = (x105 >> 8);
	1156	uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff));
	1157	uint32_t x108 = (x106 >> 8);
	1158	uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff));
	1159	uint8_t x110 = (uint8_t)(x108 >> 8);
	1160	uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff));
	1161	uint32_t x112 = (x110 + x42);
	1162	uint32_t x113 = (x112 >> 8);
	1163	uint8_t x114 = (uint8_t)(x112 & UINT8_C(0xff));
	1164	uint32_t x115 = (x113 >> 8);
	1165	uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff));
	1166	uint8_t x117 = (uint8_t)(x115 >> 8);
	1167	uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff));
	1168	out1[0] = x51;
	1169	out1[1] = x53;
	1170	out1[2] = x55;
	1171	out1[3] = x58;
	1172	out1[4] = x60;
	1173	out1[5] = x62;
	1174	out1[6] = x65;
	1175	out1[7] = x67;
	1176	out1[8] = x69;
	1177	out1[9] = x72;
	1178	out1[10] = x74;
	1179	out1[11] = x76;
	1180	out1[12] = x79;
	1181	out1[13] = x81;
	1182	out1[14] = x83;
	1183	out1[15] = x84;
	1184	out1[16] = x86;
	1185	out1[17] = x88;
	1186	out1[18] = x90;
	1187	out1[19] = x93;
	1188	out1[20] = x95;
	1189	out1[21] = x97;
	1190	out1[22] = x100;
	1191	out1[23] = x102;
	1192	out1[24] = x104;
	1193	out1[25] = x107;
	1194	out1[26] = x109;
	1195	out1[27] = x111;
	1196	out1[28] = x114;
	1197	out1[29] = x116;
	1198	out1[30] = x118;
	1199	out1[31] = x117;
	1200	}
	1201
	1202	/*
	1203	* Input Bounds:
	1204	* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
	1205	* Output Bounds:
	1206	* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
	1207	*/
	1208	static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) {
	1209	uint32_t x1 = ((uint32_t)(arg1[31]) << 18);
	1210	uint32_t x2 = ((uint32_t)(arg1[30]) << 10);
	1211	uint32_t x3 = ((uint32_t)(arg1[29]) << 2);
	1212	uint32_t x4 = ((uint32_t)(arg1[28]) << 20);
	1213	uint32_t x5 = ((uint32_t)(arg1[27]) << 12);
	1214	uint32_t x6 = ((uint32_t)(arg1[26]) << 4);
	1215	uint32_t x7 = ((uint32_t)(arg1[25]) << 21);
	1216	uint32_t x8 = ((uint32_t)(arg1[24]) << 13);
	1217	uint32_t x9 = ((uint32_t)(arg1[23]) << 5);
	1218	uint32_t x10 = ((uint32_t)(arg1[22]) << 23);
	1219	uint32_t x11 = ((uint32_t)(arg1[21]) << 15);
	1220	uint32_t x12 = ((uint32_t)(arg1[20]) << 7);
	1221	uint32_t x13 = ((uint32_t)(arg1[19]) << 24);
	1222	uint32_t x14 = ((uint32_t)(arg1[18]) << 16);
	1223	uint32_t x15 = ((uint32_t)(arg1[17]) << 8);
	1224	uint8_t x16 = (arg1[16]);
	1225	uint32_t x17 = ((uint32_t)(arg1[15]) << 18);
	1226	uint32_t x18 = ((uint32_t)(arg1[14]) << 10);
	1227	uint32_t x19 = ((uint32_t)(arg1[13]) << 2);
	1228	uint32_t x20 = ((uint32_t)(arg1[12]) << 19);
	1229	uint32_t x21 = ((uint32_t)(arg1[11]) << 11);
	1230	uint32_t x22 = ((uint32_t)(arg1[10]) << 3);
	1231	uint32_t x23 = ((uint32_t)(arg1[9]) << 21);
	1232	uint32_t x24 = ((uint32_t)(arg1[8]) << 13);
	1233	uint32_t x25 = ((uint32_t)(arg1[7]) << 5);
	1234	uint32_t x26 = ((uint32_t)(arg1[6]) << 22);
	1235	uint32_t x27 = ((uint32_t)(arg1[5]) << 14);
	1236	uint32_t x28 = ((uint32_t)(arg1[4]) << 6);
	1237	uint32_t x29 = ((uint32_t)(arg1[3]) << 24);
	1238	uint32_t x30 = ((uint32_t)(arg1[2]) << 16);
	1239	uint32_t x31 = ((uint32_t)(arg1[1]) << 8);
	1240	uint8_t x32 = (arg1[0]);
	1241	uint32_t x33 = (x32 + (x31 + (x30 + x29)));
	1242	uint8_t x34 = (uint8_t)(x33 >> 26);
	1243	uint32_t x35 = (x33 & UINT32_C(0x3ffffff));
	1244	uint32_t x36 = (x3 + (x2 + x1));
	1245	uint32_t x37 = (x6 + (x5 + x4));
	1246	uint32_t x38 = (x9 + (x8 + x7));
	1247	uint32_t x39 = (x12 + (x11 + x10));
	1248	uint32_t x40 = (x16 + (x15 + (x14 + x13)));
	1249	uint32_t x41 = (x19 + (x18 + x17));
	1250	uint32_t x42 = (x22 + (x21 + x20));
	1251	uint32_t x43 = (x25 + (x24 + x23));
	1252	uint32_t x44 = (x28 + (x27 + x26));
	1253	uint32_t x45 = (x34 + x44);
	1254	uint8_t x46 = (uint8_t)(x45 >> 25);
	1255	uint32_t x47 = (x45 & UINT32_C(0x1ffffff));
	1256	uint32_t x48 = (x46 + x43);
	1257	uint8_t x49 = (uint8_t)(x48 >> 26);
	1258	uint32_t x50 = (x48 & UINT32_C(0x3ffffff));
	1259	uint32_t x51 = (x49 + x42);
	1260	uint8_t x52 = (uint8_t)(x51 >> 25);
	1261	uint32_t x53 = (x51 & UINT32_C(0x1ffffff));
	1262	uint32_t x54 = (x52 + x41);
	1263	uint32_t x55 = (x54 & UINT32_C(0x3ffffff));
	1264	uint8_t x56 = (uint8_t)(x40 >> 25);
	1265	uint32_t x57 = (x40 & UINT32_C(0x1ffffff));
	1266	uint32_t x58 = (x56 + x39);
	1267	uint8_t x59 = (uint8_t)(x58 >> 26);
	1268	uint32_t x60 = (x58 & UINT32_C(0x3ffffff));
	1269	uint32_t x61 = (x59 + x38);
	1270	uint8_t x62 = (uint8_t)(x61 >> 25);
	1271	uint32_t x63 = (x61 & UINT32_C(0x1ffffff));
	1272	uint32_t x64 = (x62 + x37);
	1273	uint8_t x65 = (uint8_t)(x64 >> 26);
	1274	uint32_t x66 = (x64 & UINT32_C(0x3ffffff));
	1275	uint32_t x67 = (x65 + x36);
	1276	out1[0] = x35;
	1277	out1[1] = x47;
	1278	out1[2] = x50;
	1279	out1[3] = x53;
	1280	out1[4] = x55;
	1281	out1[5] = x57;
	1282	out1[6] = x60;
	1283	out1[7] = x63;
	1284	out1[8] = x66;
	1285	out1[9] = x67;
	1286	}
	1287
	1288	#endif /* not defined(BORINGSSL_CURVE25519_64BIT) */

+4

-11

src/plugins/preauth/spake/spake_kdc.c less more

119	119	static void
120	120	marshal_data(struct k5buf buf, const krb5_data data)
121	121	{
122		uint8_t lenbuf[4];
123
124		store_32_be(data->length, lenbuf);
125		k5_buf_add_len(buf, lenbuf, 4);
	122	k5_buf_add_uint32_be(buf, data->length);
126	123	k5_buf_add_len(buf, data->data, data->length);
127	124	}
128	125

132	129	const krb5_data thash, krb5_data cookie_out)
133	130	{
134	131	struct k5buf buf;
135		uint8_t intbuf[4];
136	132
137	133	*cookie_out = empty_data();
138	134	k5_buf_init_dynamic_zap(&buf);
139	135
140	136	/* Marshal the version, stage, and group. */
141		store_16_be(1, intbuf);
142		k5_buf_add_len(&buf, intbuf, 2);
143		store_16_be(stage, intbuf);
144		k5_buf_add_len(&buf, intbuf, 2);
145		store_32_be(group, intbuf);
146		k5_buf_add_len(&buf, intbuf, 4);
	137	k5_buf_add_uint16_be(&buf, 1);
	138	k5_buf_add_uint16_be(&buf, stage);
	139	k5_buf_add_uint32_be(&buf, group);
147	140
148	141	/* Marshal the data fields. */
149	142	marshal_data(&buf, spake);

+1

-1

src/plugins/tls/k5tls/openssl.c less more

398	398	} else if (strncmp(location, "DIR:", 4) == 0) {
399	399	return load_anchor_dir(store, location + 4);
400	400	} else if (strncmp(location, "ENV:", 4) == 0) {
401		envloc = getenv(location + 4);
	401	envloc = secure_getenv(location + 4);
402	402	if (envloc == NULL)
403	403	return ENOENT;
404	404	return load_anchor(ctx, envloc);

+6

-7

src/po/de.po less more

1689	1689
1690	1690	#: ../../src/kadmin/cli/kadmin.c:1230
1691	1691	#, c-format
1692		msgid "NOTICE: no policy specified for %s; assigning \"default\"\n"
1693		msgstr ""
1694		"HINWEIS: Für %s wurde keine Richtlinie angegeben, es wird »default« "
	1692	msgid "No policy specified for %s; assigning \"default\"\n"
	1693	msgstr ""
	1694	"Für %s wurde keine Richtlinie angegeben, es wird »default« "
1695	1695	"zugewiesen\n"
1696	1696
1697	1697	#: ../../src/kadmin/cli/kadmin.c:1235
1698	1698	#, c-format
1699		msgid "WARNING: no policy specified for %s; defaulting to no policy\n"
1700		msgstr ""
1701		"WARNUNG: Für %s wurde keine Richtlinie angegeben, es wird die Vorgabe "
	1699	msgid "No policy specified for %s; defaulting to no policy\n"
	1700	msgstr ""
	1701	"Für %s wurde keine Richtlinie angegeben, es wird die Vorgabe "
1702	1702	"»keine\n"
1703	1703	"Richtlinie« verwandt.\n"
1704	1704

3847	3847	msgid "%s: cannot get memory for realm list\n"
3848	3848	msgstr "%s: Speicher für die Realm-Liste kann nicht erlangt werden\n"
3849	3849
3850		# http://www.oreilly.de/german/freebooks/linuxdrive2ger/getcache.html
3851	3850	#: ../../src/kdc/main.c:947
3852	3851	msgid "while initializing lookaside cache"
3853	3852	msgstr "beim Initialisieren des Lookaside-Zwischenspeichers"

+1121

-1082

src/po/mit-krb5.pot less more

5	5	#, fuzzy
6	6	msgid ""
7	7	msgstr ""
8		"Project-Id-Version: mit-krb5 1.17\n"
	8	"Project-Id-Version: mit-krb5 1.18.2\n"
9	9	"Report-Msgid-Bugs-To: \n"
10		"POT-Creation-Date: 2019-01-08 11:00-0500\n"
	10	"POT-Creation-Date: 2020-05-21 20:18-0400\n"
11	11	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12	12	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13	13	"Language-Team: LANGUAGE <LL@li.org>\n"

54	54	msgstr ""
55	55
56	56	#: ../../src/clients/kdestroy/kdestroy.c:110
57		#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:288
	57	#: ../../src/clients/kinit/kinit.c:346 ../../src/clients/ksu/main.c:296
58	58	#, c-format
59	59	msgid "Only one -c option allowed\n"
60	60	msgstr ""

76	76	msgstr ""
77	77
78	78	#: ../../src/clients/kdestroy/kdestroy.c:150
79		#: ../../src/clients/klist/klist.c:239 ../../src/clients/ksu/main.c:134
80		#: ../../src/clients/ksu/main.c:140 ../../src/clients/kswitch/kswitch.c:94
81		#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:939
82		#: ../../src/kprop/kprop.c:102 ../../src/kprop/kpropd.c:1058
	79	#: ../../src/clients/klist/klist.c:239 ../../src/clients/ksu/main.c:135
	80	#: ../../src/clients/ksu/main.c:141 ../../src/clients/kswitch/kswitch.c:94
	81	#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:953
	82	#: ../../src/kprop/kprop.c:102 ../../src/kprop/kpropd.c:1057
83	83	msgid "while initializing krb5"
84	84	msgstr ""
85	85

98	98	msgstr ""
99	99
100	100	#: ../../src/clients/kdestroy/kdestroy.c:190
101		#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:189
102		#: ../../src/clients/kvno/kvno.c:373 ../../src/kadmin/cli/keytab.c:373
103		#: ../../src/kadmin/dbutil/kdb5_util.c:547
	101	#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:295
	102	#: ../../src/clients/kvno/kvno.c:482 ../../src/kadmin/cli/keytab.c:373
	103	#: ../../src/kadmin/dbutil/kdb5_util.c:544
104	104	#, c-format
105	105	msgid "while parsing principal name %s"
106	106	msgstr ""

115	115	msgid "while resolving ccache"
116	116	msgstr ""
117	117
118		#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:990
	118	#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:1026
119	119	msgid "while destroying cache"
120	120	msgstr ""
121	121

322	322	msgstr ""
323	323
324	324	#: ../../src/clients/kinit/kinit.c:476 ../../src/clients/kinit/kinit.c:555
325		#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:241
	325	#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:249
326	326	#, c-format
327	327	msgid "when parsing name %s"
328	328	msgstr ""
329	329
330		#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:311
	330	#: ../../src/clients/kinit/kinit.c:484 ../../src/kadmin/dbutil/kdb5_util.c:309
331	331	#: ../../src/kprop/kprop.c:156
332		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391
	332	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395
333	333	msgid "while getting default realm"
334	334	msgstr ""
335	335

410	410	msgid "while setting up KDB keytab for realm %s"
411	411	msgstr ""
412	412
413		#: ../../src/clients/kinit/kinit.c:733 ../../src/clients/kvno/kvno.c:363
	413	#: ../../src/clients/kinit/kinit.c:733 ../../src/clients/kvno/kvno.c:473
414	414	#, c-format
415	415	msgid "resolving keytab %s"
416	416	msgstr ""

603	603	msgstr ""
604	604
605	605	#: ../../src/clients/klist/klist.c:326 ../../src/clients/klist/klist.c:482
606		#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:564
	606	#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:487
607	607	#: ../../src/kadmin/dbutil/tabdump.c:549
608	608	msgid "while unparsing principal name"
609	609	msgstr ""

644	644	msgid "while retrieving a ticket"
645	645	msgstr ""
646	646
647		#: ../../src/clients/klist/klist.c:665 ../../src/clients/ksu/ccache.c:440
648		#: ../../src/kprop/kpropd.c:1209 ../../src/kprop/kpropd.c:1269
	647	#: ../../src/clients/klist/klist.c:672 ../../src/clients/ksu/ccache.c:440
	648	#: ../../src/kprop/kpropd.c:1204 ../../src/kprop/kpropd.c:1269
649	649	msgid "while unparsing client name"
650	650	msgstr ""
651	651
652		#: ../../src/clients/klist/klist.c:670 ../../src/clients/ksu/ccache.c:445
	652	#: ../../src/clients/klist/klist.c:677 ../../src/clients/ksu/ccache.c:445
653	653	#: ../../src/kprop/kprop.c:190
654	654	msgid "while unparsing server name"
655	655	msgstr ""
656	656
657		#: ../../src/clients/klist/klist.c:700 ../../src/clients/ksu/ccache.c:470
	657	#: ../../src/clients/klist/klist.c:708 ../../src/clients/ksu/ccache.c:470
658	658	#, c-format
659	659	msgid "\tfor client %s"
660	660	msgstr ""
661	661
662		#: ../../src/clients/klist/klist.c:712 ../../src/clients/ksu/ccache.c:479
	662	#: ../../src/clients/klist/klist.c:720 ../../src/clients/ksu/ccache.c:479
663	663	msgid "renew until "
664	664	msgstr ""
665	665
666		#: ../../src/clients/klist/klist.c:729 ../../src/clients/ksu/ccache.c:489
	666	#: ../../src/clients/klist/klist.c:732 ../../src/clients/ksu/ccache.c:489
667	667	#, c-format
668	668	msgid "Flags: %s"
669	669	msgstr ""
670	670
671		#: ../../src/clients/klist/klist.c:748
	671	#: ../../src/clients/klist/klist.c:747
672	672	#, c-format
673	673	msgid "Etype (skey, tkt): %s, "
674	674	msgstr ""
675	675
676		#: ../../src/clients/klist/klist.c:764
	676	#: ../../src/clients/klist/klist.c:759
677	677	#, c-format
678	678	msgid "AD types: "
679	679	msgstr ""
680	680
681		#: ../../src/clients/klist/klist.c:780
	681	#: ../../src/clients/klist/klist.c:775
682	682	#, c-format
683	683	msgid "\tAddresses: (none)\n"
684	684	msgstr ""
685	685
686		#: ../../src/clients/klist/klist.c:782
	686	#: ../../src/clients/klist/klist.c:777
687	687	#, c-format
688	688	msgid "\tAddresses: "
689	689	msgstr ""
690	690
691		#: ../../src/clients/klist/klist.c:816 ../../src/clients/klist/klist.c:826
	691	#: ../../src/clients/klist/klist.c:795
	692	msgid "while unparsing ticket server name"
	693	msgstr ""
	694
	695	#: ../../src/clients/klist/klist.c:798
	696	#, c-format
	697	msgid "\tTicket server: %s\n"
	698	msgstr ""
	699
	700	#: ../../src/clients/klist/klist.c:826 ../../src/clients/klist/klist.c:836
692	701	#, c-format
693	702	msgid "broken address (type %d length %d)"
694	703	msgstr ""
695	704
696		#: ../../src/clients/klist/klist.c:835
	705	#: ../../src/clients/klist/klist.c:845
697	706	#, c-format
698	707	msgid "unknown addrtype %d"
699	708	msgstr ""
700	709
701		#: ../../src/clients/klist/klist.c:844
	710	#: ../../src/clients/klist/klist.c:854
702	711	#, c-format
703	712	msgid "unprintable address (type %d, error %d %s)"
704	713	msgstr ""

841	850	msgid " in remotely using an unsecure (non-encrypted) channel. \n"
842	851	msgstr ""
843	852
844		#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:473
	853	#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:481
845	854	msgid "while reclaiming root uid"
846	855	msgstr ""
847	856

873	882	msgid "while reading password for '%s'\n"
874	883	msgstr ""
875	884
876		#: ../../src/clients/ksu/krb_auth_su.c:191
	885	#: ../../src/clients/ksu/krb_auth_su.c:190
877	886	#, c-format
878	887	msgid "No password given\n"
879	888	msgstr ""
880	889
	890	#: ../../src/clients/ksu/krb_auth_su.c:203
	891	#, c-format
	892	msgid "%s: Password incorrect\n"
	893	msgstr ""
	894
881	895	#: ../../src/clients/ksu/krb_auth_su.c:205
882		#, c-format
883		msgid "%s: Password incorrect\n"
884		msgstr ""
885
886		#: ../../src/clients/ksu/krb_auth_su.c:207
887	896	msgid "while getting initial credentials"
888	897	msgstr ""
889	898
890		#: ../../src/clients/ksu/krb_auth_su.c:227
891		#: ../../src/clients/ksu/krb_auth_su.c:241
	899	#: ../../src/clients/ksu/krb_auth_su.c:225
	900	#: ../../src/clients/ksu/krb_auth_su.c:239
892	901	#, c-format
893	902	msgid " %s while unparsing name\n"
894	903	msgstr ""
895	904
896		#: ../../src/clients/ksu/main.c:68
	905	#: ../../src/clients/ksu/main.c:69
897	906	#, c-format
898	907	msgid ""
899	908	"Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-r time] "
900		"[-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n"
901		msgstr ""
902
903		#: ../../src/clients/ksu/main.c:150
	909	"[-p\|-P] [-f\|-F] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a "
	910	"[args... ] ]\n"
	911	msgstr ""
	912
	913	#: ../../src/clients/ksu/main.c:151
904	914	msgid ""
905	915	"program name too long - quitting to avoid triggering system logging bugs"
906	916	msgstr ""
907	917
908		#: ../../src/clients/ksu/main.c:176
	918	#: ../../src/clients/ksu/main.c:177
909	919	msgid "while allocating memory"
910	920	msgstr ""
911	921
912		#: ../../src/clients/ksu/main.c:189
	922	#: ../../src/clients/ksu/main.c:190
913	923	msgid "while setting euid to source user"
914	924	msgstr ""
915	925
916		#: ../../src/clients/ksu/main.c:199 ../../src/clients/ksu/main.c:234
	926	#: ../../src/clients/ksu/main.c:201 ../../src/clients/ksu/main.c:242
917	927	#, c-format
918	928	msgid "Bad lifetime value (%s hours?)\n"
919	929	msgstr ""
920	930
921		#: ../../src/clients/ksu/main.c:211 ../../src/clients/ksu/main.c:296
	931	#: ../../src/clients/ksu/main.c:213 ../../src/clients/ksu/main.c:304
922	932	msgid "when gathering parameters"
923	933	msgstr ""
924	934
925		#: ../../src/clients/ksu/main.c:255
	935	#: ../../src/clients/ksu/main.c:263
926	936	#, c-format
927	937	msgid "-z option is mutually exclusive with -Z.\n"
928	938	msgstr ""
929	939
930		#: ../../src/clients/ksu/main.c:263
	940	#: ../../src/clients/ksu/main.c:271
931	941	#, c-format
932	942	msgid "-Z option is mutually exclusive with -z.\n"
933	943	msgstr ""
934	944
935		#: ../../src/clients/ksu/main.c:276
	945	#: ../../src/clients/ksu/main.c:284
936	946	#, c-format
937	947	msgid "while looking for credentials cache %s"
938	948	msgstr ""
939	949
940		#: ../../src/clients/ksu/main.c:282
	950	#: ../../src/clients/ksu/main.c:290
941	951	#, c-format
942	952	msgid "malformed credential cache name %s\n"
943	953	msgstr ""
944	954
945		#: ../../src/clients/ksu/main.c:340
	955	#: ../../src/clients/ksu/main.c:348
946	956	#, c-format
947	957	msgid "ksu: who are you?\n"
948	958	msgstr ""
949	959
950		#: ../../src/clients/ksu/main.c:344
	960	#: ../../src/clients/ksu/main.c:352
951	961	#, c-format
952	962	msgid "Your uid doesn't match your passwd entry?!\n"
953	963	msgstr ""
954	964
955		#: ../../src/clients/ksu/main.c:359
	965	#: ../../src/clients/ksu/main.c:367
956	966	#, c-format
957	967	msgid "ksu: unknown login %s\n"
958	968	msgstr ""
959	969
960		#: ../../src/clients/ksu/main.c:379
	970	#: ../../src/clients/ksu/main.c:387
961	971	msgid "while getting source cache"
962	972	msgstr ""
963	973
964		#: ../../src/clients/ksu/main.c:388
	974	#: ../../src/clients/ksu/main.c:396
965	975	msgid "while selecting the best principal"
966	976	msgstr ""
967	977
968		#: ../../src/clients/ksu/main.c:396
	978	#: ../../src/clients/ksu/main.c:404
969	979	msgid "while returning to source uid after finding best principal"
970	980	msgstr ""
971	981
972		#: ../../src/clients/ksu/main.c:416
	982	#: ../../src/clients/ksu/main.c:424
973	983	#, c-format
974	984	msgid "account %s: authorization failed\n"
975	985	msgstr ""
976	986
977		#: ../../src/clients/ksu/main.c:451
	987	#: ../../src/clients/ksu/main.c:459
978	988	msgid "while parsing temporary name"
979	989	msgstr ""
980	990
981		#: ../../src/clients/ksu/main.c:456
	991	#: ../../src/clients/ksu/main.c:464
982	992	msgid "while creating temporary cache"
983	993	msgstr ""
984	994
985		#: ../../src/clients/ksu/main.c:462 ../../src/clients/ksu/main.c:702
	995	#: ../../src/clients/ksu/main.c:470 ../../src/clients/ksu/main.c:710
986	996	#, c-format
987	997	msgid "while copying cache %s to %s"
988	998	msgstr ""
989	999
990		#: ../../src/clients/ksu/main.c:480
	1000	#: ../../src/clients/ksu/main.c:488
991	1001	#, c-format
992	1002	msgid ""
993	1003	"WARNING: Your password may be exposed if you enter it here and are logged\n"
994	1004	msgstr ""
995	1005
996		#: ../../src/clients/ksu/main.c:482
	1006	#: ../../src/clients/ksu/main.c:490
997	1007	#, c-format
998	1008	msgid " in remotely using an unsecure (non-encrypted) channel.\n"
999	1009	msgstr ""
1000	1010
1001		#: ../../src/clients/ksu/main.c:488
	1011	#: ../../src/clients/ksu/main.c:496
1002	1012	#, c-format
1003	1013	msgid "Goodbye\n"
1004	1014	msgstr ""
1005	1015
1006		#: ../../src/clients/ksu/main.c:492
	1016	#: ../../src/clients/ksu/main.c:500
1007	1017	#, c-format
1008	1018	msgid "Could not get a tgt for "
1009	1019	msgstr ""
1010	1020
1011		#: ../../src/clients/ksu/main.c:514
	1021	#: ../../src/clients/ksu/main.c:522
1012	1022	#, c-format
1013	1023	msgid "Authentication failed.\n"
1014	1024	msgstr ""
1015	1025
1016		#: ../../src/clients/ksu/main.c:522
	1026	#: ../../src/clients/ksu/main.c:530
1017	1027	msgid "When unparsing name"
1018	1028	msgstr ""
1019	1029
1020		#: ../../src/clients/ksu/main.c:526
	1030	#: ../../src/clients/ksu/main.c:534
1021	1031	#, c-format
1022	1032	msgid "Authenticated %s\n"
1023	1033	msgstr ""
1024	1034
1025		#: ../../src/clients/ksu/main.c:533
	1035	#: ../../src/clients/ksu/main.c:541
1026	1036	msgid "while switching to target for authorization check"
1027	1037	msgstr ""
1028	1038
1029		#: ../../src/clients/ksu/main.c:540
	1039	#: ../../src/clients/ksu/main.c:548
1030	1040	msgid "while checking authorization"
1031	1041	msgstr ""
1032	1042
1033		#: ../../src/clients/ksu/main.c:546
	1043	#: ../../src/clients/ksu/main.c:554
1034	1044	msgid "while switching back from target after authorization check"
1035	1045	msgstr ""
1036	1046
1037		#: ../../src/clients/ksu/main.c:553
	1047	#: ../../src/clients/ksu/main.c:561
1038	1048	#, c-format
1039	1049	msgid "Account %s: authorization for %s for execution of\n"
1040	1050	msgstr ""
1041	1051
1042		#: ../../src/clients/ksu/main.c:555
	1052	#: ../../src/clients/ksu/main.c:563
1043	1053	#, c-format
1044	1054	msgid " %s successful\n"
1045	1055	msgstr ""
1046	1056
1047		#: ../../src/clients/ksu/main.c:561
	1057	#: ../../src/clients/ksu/main.c:569
1048	1058	#, c-format
1049	1059	msgid "Account %s: authorization for %s successful\n"
1050	1060	msgstr ""
1051	1061
1052		#: ../../src/clients/ksu/main.c:573
	1062	#: ../../src/clients/ksu/main.c:581
1053	1063	#, c-format
1054	1064	msgid "Account %s: authorization for %s for execution of %s failed\n"
1055	1065	msgstr ""
1056	1066
1057		#: ../../src/clients/ksu/main.c:581
	1067	#: ../../src/clients/ksu/main.c:589
1058	1068	#, c-format
1059	1069	msgid "Account %s: authorization of %s failed\n"
1060	1070	msgstr ""
1061	1071
1062		#: ../../src/clients/ksu/main.c:596
	1072	#: ../../src/clients/ksu/main.c:604
1063	1073	msgid "while calling cc_filter"
1064	1074	msgstr ""
1065	1075
1066		#: ../../src/clients/ksu/main.c:604
	1076	#: ../../src/clients/ksu/main.c:612
1067	1077	msgid "while erasing target cache"
1068	1078	msgstr ""
1069	1079
1070		#: ../../src/clients/ksu/main.c:624
	1080	#: ../../src/clients/ksu/main.c:632
1071	1081	#, c-format
1072	1082	msgid "ksu: permission denied (shell).\n"
1073	1083	msgstr ""
1074	1084
1075		#: ../../src/clients/ksu/main.c:633
	1085	#: ../../src/clients/ksu/main.c:641
1076	1086	#, c-format
1077	1087	msgid "ksu: couldn't set environment variable USER\n"
1078	1088	msgstr ""
1079	1089
1080		#: ../../src/clients/ksu/main.c:639
	1090	#: ../../src/clients/ksu/main.c:647
1081	1091	#, c-format
1082	1092	msgid "ksu: couldn't set environment variable HOME\n"
1083	1093	msgstr ""
1084	1094
1085		#: ../../src/clients/ksu/main.c:644
	1095	#: ../../src/clients/ksu/main.c:652
1086	1096	#, c-format
1087	1097	msgid "ksu: couldn't set environment variable SHELL\n"
1088	1098	msgstr ""
1089	1099
1090		#: ../../src/clients/ksu/main.c:655
	1100	#: ../../src/clients/ksu/main.c:663
1091	1101	#, c-format
1092	1102	msgid "ksu: initgroups failed.\n"
1093	1103	msgstr ""
1094	1104
1095		#: ../../src/clients/ksu/main.c:660
	1105	#: ../../src/clients/ksu/main.c:668
1096	1106	#, c-format
1097	1107	msgid "Leaving uid as %s (%ld)\n"
1098	1108	msgstr ""
1099	1109
1100		#: ../../src/clients/ksu/main.c:663
	1110	#: ../../src/clients/ksu/main.c:671
1101	1111	#, c-format
1102	1112	msgid "Changing uid to %s (%ld)\n"
1103	1113	msgstr ""
1104	1114
1105		#: ../../src/clients/ksu/main.c:689
	1115	#: ../../src/clients/ksu/main.c:697
1106	1116	msgid "while getting name of target ccache"
1107	1117	msgstr ""
1108	1118
1109		#: ../../src/clients/ksu/main.c:709
	1119	#: ../../src/clients/ksu/main.c:717
1110	1120	#, c-format
1111	1121	msgid "%s does not have correct permissions for %s, %s aborted"
1112	1122	msgstr ""
1113	1123
1114		#: ../../src/clients/ksu/main.c:730
	1124	#: ../../src/clients/ksu/main.c:738
1115	1125	#, c-format
1116	1126	msgid "Internal error: command %s did not get resolved\n"
1117	1127	msgstr ""
1118	1128
1119		#: ../../src/clients/ksu/main.c:747 ../../src/clients/ksu/main.c:783
	1129	#: ../../src/clients/ksu/main.c:755 ../../src/clients/ksu/main.c:791
1120	1130	#, c-format
1121	1131	msgid "while trying to execv %s"
1122	1132	msgstr ""
1123	1133
1124		#: ../../src/clients/ksu/main.c:773
	1134	#: ../../src/clients/ksu/main.c:781
1125	1135	msgid "while calling waitpid"
1126	1136	msgstr ""
1127	1137
1128		#: ../../src/clients/ksu/main.c:778
	1138	#: ../../src/clients/ksu/main.c:786
1129	1139	msgid "while trying to fork."
1130	1140	msgstr ""
1131	1141
1132		#: ../../src/clients/ksu/main.c:800
	1142	#: ../../src/clients/ksu/main.c:836
1133	1143	msgid "while reading cache name from ccache"
1134	1144	msgstr ""
1135	1145
1136		#: ../../src/clients/ksu/main.c:806
	1146	#: ../../src/clients/ksu/main.c:842
1137	1147	#, c-format
1138	1148	msgid "ksu: couldn't set environment variable %s\n"
1139	1149	msgstr ""
1140	1150
1141		#: ../../src/clients/ksu/main.c:832
	1151	#: ../../src/clients/ksu/main.c:868
1142	1152	msgid "while resetting target ccache name"
1143	1153	msgstr ""
1144	1154
1145		#: ../../src/clients/ksu/main.c:846
	1155	#: ../../src/clients/ksu/main.c:882
1146	1156	msgid "while determining target ccache name"
1147	1157	msgstr ""
1148	1158
1149		#: ../../src/clients/ksu/main.c:885
	1159	#: ../../src/clients/ksu/main.c:921
1150	1160	msgid "while generating part of the target ccache name"
1151	1161	msgstr ""
1152	1162
1153		#: ../../src/clients/ksu/main.c:891
	1163	#: ../../src/clients/ksu/main.c:927
1154	1164	msgid "while allocating memory for the target ccache name"
1155	1165	msgstr ""
1156	1166
1157		#: ../../src/clients/ksu/main.c:910
	1167	#: ../../src/clients/ksu/main.c:946
1158	1168	msgid "while creating new target ccache"
1159	1169	msgstr ""
1160	1170
1161		#: ../../src/clients/ksu/main.c:916
	1171	#: ../../src/clients/ksu/main.c:952
1162	1172	msgid "while initializing target cache"
1163	1173	msgstr ""
1164	1174
1165		#: ../../src/clients/ksu/main.c:956
	1175	#: ../../src/clients/ksu/main.c:992
1166	1176	#, c-format
1167	1177	msgid "terminal name %s too long\n"
1168	1178	msgstr ""
1169	1179
1170		#: ../../src/clients/ksu/main.c:984
	1180	#: ../../src/clients/ksu/main.c:1020
1171	1181	msgid "while changing to target uid for destroying ccache"
1172	1182	msgstr ""
1173	1183

1200	1210	msgid "while switching to credential cache"
1201	1211	msgstr ""
1202	1212
1203		#: ../../src/clients/kvno/kvno.c:41
	1213	#: ../../src/clients/kvno/kvno.c:44
1204	1214	#, c-format
1205	1215	msgid "usage: %s [-C] [-u] [-c ccache] [-e etype]\n"
1206	1216	msgstr ""
1207	1217
1208		#: ../../src/clients/kvno/kvno.c:42
1209		#, c-format
1210		msgid "\t[-k keytab] [-S sname] [-U for_user [-P]]\n"
1211		msgstr ""
1212
1213		#: ../../src/clients/kvno/kvno.c:43
	1218	#: ../../src/clients/kvno/kvno.c:45
	1219	#, c-format
	1220	msgid "\t[-k keytab] [-S sname] [{-I \| -U} for_user \| [-F cert_file] [-P]]\n"
	1221	msgstr ""
	1222
	1223	#: ../../src/clients/kvno/kvno.c:47
1214	1224	#, c-format
1215	1225	msgid "\t[--u2u ccache] service1 service2 ...\n"
1216	1226	msgstr ""
1217	1227
1218		#: ../../src/clients/kvno/kvno.c:102 ../../src/clients/kvno/kvno.c:110
	1228	#: ../../src/clients/kvno/kvno.c:110 ../../src/clients/kvno/kvno.c:118
1219	1229	#, c-format
1220	1230	msgid "Options -u and -S are mutually exclusive\n"
1221	1231	msgstr ""
1222	1232
1223		#: ../../src/clients/kvno/kvno.c:127
1224		#, c-format
1225		msgid "Options --u2u and -P are mutually exclusive\n"
1226		msgstr ""
1227
1228		#: ../../src/clients/kvno/kvno.c:133
1229		#, c-format
1230		msgid "Option -P (constrained delegation) requires keytab to be specified\n"
1231		msgstr ""
1232
1233		#: ../../src/clients/kvno/kvno.c:137
	1233	#: ../../src/clients/kvno/kvno.c:146
	1234	#, c-format
	1235	msgid "Options --u2u and -I\|-U\|-F are mutually exclusive\n"
	1236	msgstr ""
	1237
	1238	#: ../../src/clients/kvno/kvno.c:152
1234	1239	#, c-format
1235	1240	msgid ""
1236		"Option -P (constrained delegation) requires option -U (protocol transition)\n"
1237		msgstr ""
1238
1239		#: ../../src/clients/kvno/kvno.c:197
	1241	"Option -P (constrained delegation) requires option -I\|-U\|-F (protocol "
	1242	"transition)\n"
	1243	msgstr ""
	1244
	1245	#: ../../src/clients/kvno/kvno.c:226
	1246	msgid "No begin line not found"
	1247	msgstr ""
	1248
	1249	#: ../../src/clients/kvno/kvno.c:238
	1250	msgid "No end line found"
	1251	msgstr ""
	1252
	1253	#: ../../src/clients/kvno/kvno.c:249
	1254	msgid "Unexpected header line"
	1255	msgstr ""
	1256
	1257	#: ../../src/clients/kvno/kvno.c:259
	1258	msgid "Invalid base64"
	1259	msgstr ""
	1260
	1261	#: ../../src/clients/kvno/kvno.c:303
1240	1262	#, c-format
1241	1263	msgid "while formatting parsed principal name for '%s'"
1242	1264	msgstr ""
1243	1265
1244		#: ../../src/clients/kvno/kvno.c:211
	1266	#: ../../src/clients/kvno/kvno.c:317
1245	1267	msgid "client and server principal names must match"
1246	1268	msgstr ""
1247	1269
1248		#: ../../src/clients/kvno/kvno.c:227
	1270	#: ../../src/clients/kvno/kvno.c:334
1249	1271	#, c-format
1250	1272	msgid "while getting credentials for %s"
1251	1273	msgstr ""
1252	1274
1253		#: ../../src/clients/kvno/kvno.c:234
	1275	#: ../../src/clients/kvno/kvno.c:341
1254	1276	#, c-format
1255	1277	msgid "while decoding ticket for %s"
1256	1278	msgstr ""
1257	1279
1258		#: ../../src/clients/kvno/kvno.c:245
	1280	#: ../../src/clients/kvno/kvno.c:352
1259	1281	#, c-format
1260	1282	msgid "while decrypting ticket for %s"
1261	1283	msgstr ""
1262	1284
1263		#: ../../src/clients/kvno/kvno.c:249
	1285	#: ../../src/clients/kvno/kvno.c:356
1264	1286	#, c-format
1265	1287	msgid "%s: kvno = %d, keytab entry valid\n"
1266	1288	msgstr ""
1267	1289
1268		#: ../../src/clients/kvno/kvno.c:263
	1290	#: ../../src/clients/kvno/kvno.c:361
	1291	#, c-format
	1292	msgid "%s: kvno = %d\n"
	1293	msgstr ""
	1294
	1295	#: ../../src/clients/kvno/kvno.c:376
1269	1296	#, c-format
1270	1297	msgid "%s: constrained delegation failed"
1271	1298	msgstr ""
1272	1299
1273		#: ../../src/clients/kvno/kvno.c:270
1274		#, c-format
1275		msgid "%s: kvno = %d\n"
1276		msgstr ""
1277
1278		#: ../../src/clients/kvno/kvno.c:337 ../../src/kadmin/cli/kadmin.c:311
	1300	#: ../../src/clients/kvno/kvno.c:447 ../../src/kadmin/cli/kadmin.c:311
1279	1301	msgid "while initializing krb5 library"
1280	1302	msgstr ""
1281	1303
1282		#: ../../src/clients/kvno/kvno.c:344
	1304	#: ../../src/clients/kvno/kvno.c:454
1283	1305	msgid "while converting etype"
1284	1306	msgstr ""
1285	1307
1286		#: ../../src/clients/kvno/kvno.c:356
	1308	#: ../../src/clients/kvno/kvno.c:466
1287	1309	msgid "while opening ccache"
1288	1310	msgstr ""
1289	1311
1290		#: ../../src/clients/kvno/kvno.c:381
	1312	#: ../../src/clients/kvno/kvno.c:490
	1313	#, c-format
	1314	msgid "while reading certificate file %s"
	1315	msgstr ""
	1316
	1317	#: ../../src/clients/kvno/kvno.c:500
1291	1318	#, c-format
1292	1319	msgid "while getting user-to-user ticket from %s"
1293	1320	msgstr ""
1294	1321
1295		#: ../../src/clients/kvno/kvno.c:390
	1322	#: ../../src/clients/kvno/kvno.c:509
1296	1323	msgid "while getting client principal name"
1297	1324	msgstr ""
1298	1325

1323	1350	msgstr ""
1324	1351
1325	1352	#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840
1326		#: ../../src/kadmin/cli/kadmin.c:1105 ../../src/kadmin/cli/kadmin.c:1620
1327		#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:562
	1353	#: ../../src/kadmin/cli/kadmin.c:1109 ../../src/kadmin/cli/kadmin.c:1630
	1354	#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:559
1328	1355	#, c-format
1329	1356	msgid "while parsing keysalts %s"
1330	1357	msgstr ""

1355	1382	msgstr ""
1356	1383
1357	1384	#: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483
1358		#: ../../src/kprop/kpropd.c:680
	1385	#: ../../src/kprop/kpropd.c:679
1359	1386	msgid "while canonicalizing principal name"
1360	1387	msgstr ""
1361	1388

1402	1429	msgid "Authenticating as principal %s with password.\n"
1403	1430	msgstr ""
1404	1431
1405		#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:727
	1432	#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:726
1406	1433	#, c-format
1407	1434	msgid "while initializing %s interface"
1408	1435	msgstr ""

1428	1455	msgid "usage: delete_principal [-force] principal\n"
1429	1456	msgstr ""
1430	1457
1431		#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:855
	1458	#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:859
1432	1459	msgid "while parsing principal name"
1433	1460	msgstr ""
1434	1461
1435		#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:861
1436		#: ../../src/kadmin/cli/kadmin.c:1214 ../../src/kadmin/cli/kadmin.c:1339
1437		#: ../../src/kadmin/cli/kadmin.c:1409 ../../src/kadmin/cli/kadmin.c:1843
1438		#: ../../src/kadmin/cli/kadmin.c:1887 ../../src/kadmin/cli/kadmin.c:1933
1439		#: ../../src/kadmin/cli/kadmin.c:1973
	1462	#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:865
	1463	#: ../../src/kadmin/cli/kadmin.c:1218 ../../src/kadmin/cli/kadmin.c:1343
	1464	#: ../../src/kadmin/cli/kadmin.c:1413 ../../src/kadmin/cli/kadmin.c:1853
	1465	#: ../../src/kadmin/cli/kadmin.c:1897 ../../src/kadmin/cli/kadmin.c:1943
	1466	#: ../../src/kadmin/cli/kadmin.c:1983
1440	1467	msgid "while canonicalizing principal"
1441	1468	msgstr ""
1442	1469

1535	1562	msgid "change_password: missing keysaltlist arg"
1536	1563	msgstr ""
1537	1564
1538		#: ../../src/kadmin/cli/kadmin.c:849
	1565	#: ../../src/kadmin/cli/kadmin.c:844
	1566	#, c-format
	1567	msgid "unrecognized option %s"
	1568	msgstr ""
	1569
	1570	#: ../../src/kadmin/cli/kadmin.c:851
1539	1571	msgid "missing principal name"
1540	1572	msgstr ""
1541	1573
1542		#: ../../src/kadmin/cli/kadmin.c:873 ../../src/kadmin/cli/kadmin.c:910
	1574	#: ../../src/kadmin/cli/kadmin.c:853
	1575	msgid "too many arguments"
	1576	msgstr ""
	1577
	1578	#: ../../src/kadmin/cli/kadmin.c:877 ../../src/kadmin/cli/kadmin.c:914
1543	1579	#, c-format
1544	1580	msgid "while changing password for \"%s\"."
1545	1581	msgstr ""
1546	1582
1547		#: ../../src/kadmin/cli/kadmin.c:876 ../../src/kadmin/cli/kadmin.c:913
	1583	#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:917
1548	1584	#, c-format
1549	1585	msgid "Password for \"%s\" changed.\n"
1550	1586	msgstr ""
1551	1587
1552		#: ../../src/kadmin/cli/kadmin.c:882 ../../src/kadmin/cli/kadmin.c:1290
	1588	#: ../../src/kadmin/cli/kadmin.c:886 ../../src/kadmin/cli/kadmin.c:1294
1553	1589	#, c-format
1554	1590	msgid "while randomizing key for \"%s\"."
1555	1591	msgstr ""
1556	1592
1557		#: ../../src/kadmin/cli/kadmin.c:885
	1593	#: ../../src/kadmin/cli/kadmin.c:889
1558	1594	#, c-format
1559	1595	msgid "Key for \"%s\" randomized.\n"
1560	1596	msgstr ""
1561	1597
1562		#: ../../src/kadmin/cli/kadmin.c:890 ../../src/kadmin/cli/kadmin.c:1250
	1598	#: ../../src/kadmin/cli/kadmin.c:894 ../../src/kadmin/cli/kadmin.c:1254
1563	1599	#, c-format
1564	1600	msgid "Enter password for principal \"%s\""
1565	1601	msgstr ""
1566	1602
1567		#: ../../src/kadmin/cli/kadmin.c:892 ../../src/kadmin/cli/kadmin.c:1252
	1603	#: ../../src/kadmin/cli/kadmin.c:896 ../../src/kadmin/cli/kadmin.c:1256
1568	1604	#, c-format
1569	1605	msgid "Re-enter password for principal \"%s\""
1570	1606	msgstr ""
1571	1607
1572		#: ../../src/kadmin/cli/kadmin.c:897 ../../src/kadmin/cli/kadmin.c:1256
	1608	#: ../../src/kadmin/cli/kadmin.c:901 ../../src/kadmin/cli/kadmin.c:1260
1573	1609	#, c-format
1574	1610	msgid "while reading password for \"%s\"."
1575	1611	msgstr ""
1576	1612
1577		#: ../../src/kadmin/cli/kadmin.c:951
	1613	#: ../../src/kadmin/cli/kadmin.c:955
1578	1614	msgid "Not enough memory\n"
1579	1615	msgstr ""
1580	1616
1581		#: ../../src/kadmin/cli/kadmin.c:981 ../../src/kadmin/dbutil/kdb5_util.c:594
	1617	#: ../../src/kadmin/cli/kadmin.c:985 ../../src/kadmin/dbutil/kdb5_util.c:591
1582	1618	msgid "while getting time"
1583	1619	msgstr ""
1584	1620
1585		#: ../../src/kadmin/cli/kadmin.c:1122 ../../src/kadmin/cli/kadmin.c:1333
1586		#: ../../src/kadmin/cli/kadmin.c:1404 ../../src/kadmin/cli/kadmin.c:1837
1587		#: ../../src/kadmin/cli/kadmin.c:1881 ../../src/kadmin/cli/kadmin.c:1927
1588		#: ../../src/kadmin/cli/kadmin.c:1967
	1621	#: ../../src/kadmin/cli/kadmin.c:1126 ../../src/kadmin/cli/kadmin.c:1337
	1622	#: ../../src/kadmin/cli/kadmin.c:1408 ../../src/kadmin/cli/kadmin.c:1847
	1623	#: ../../src/kadmin/cli/kadmin.c:1891 ../../src/kadmin/cli/kadmin.c:1937
	1624	#: ../../src/kadmin/cli/kadmin.c:1977
1589	1625	msgid "while parsing principal"
1590	1626	msgstr ""
1591	1627
1592		#: ../../src/kadmin/cli/kadmin.c:1131
	1628	#: ../../src/kadmin/cli/kadmin.c:1135
1593	1629	msgid "usage: add_principal [options] principal\n"
1594	1630	msgstr ""
1595	1631
1596		#: ../../src/kadmin/cli/kadmin.c:1132 ../../src/kadmin/cli/kadmin.c:1156
1597		#: ../../src/kadmin/cli/kadmin.c:1643
	1632	#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1160
	1633	#: ../../src/kadmin/cli/kadmin.c:1653
1598	1634	msgid "\toptions are:\n"
1599	1635	msgstr ""
1600	1636
1601		#: ../../src/kadmin/cli/kadmin.c:1133
	1637	#: ../../src/kadmin/cli/kadmin.c:1137
1602	1638	msgid ""
1603	1639	"\t\t[-randkey\|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire "
1604	1640	"pwexpdate] [-maxlife maxtixlife]\n"

1608	1644	"\t\t[{+\|-}attribute]\n"
1609	1645	msgstr ""
1610	1646
1611		#: ../../src/kadmin/cli/kadmin.c:1138 ../../src/kadmin/cli/kadmin.c:1161
	1647	#: ../../src/kadmin/cli/kadmin.c:1142 ../../src/kadmin/cli/kadmin.c:1165
1612	1648	msgid "\tattributes are:\n"
1613	1649	msgstr ""
1614	1650
1615		#: ../../src/kadmin/cli/kadmin.c:1139 ../../src/kadmin/cli/kadmin.c:1162
	1651	#: ../../src/kadmin/cli/kadmin.c:1143 ../../src/kadmin/cli/kadmin.c:1166
1616	1652	msgid ""
1617	1653	"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
1618	1654	"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"

1625	1661	"\t\t\tLook at each database documentation for supported arguments\n"
1626	1662	msgstr ""
1627	1663
1628		#: ../../src/kadmin/cli/kadmin.c:1155
	1664	#: ../../src/kadmin/cli/kadmin.c:1159
1629	1665	msgid "usage: modify_principal [options] principal\n"
1630	1666	msgstr ""
1631	1667
1632		#: ../../src/kadmin/cli/kadmin.c:1157
	1668	#: ../../src/kadmin/cli/kadmin.c:1161
1633	1669	msgid ""
1634	1670	"\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife "
1635	1671	"maxtixlife]\n"

1637	1673	"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+\|-}attribute]\n"
1638	1674	msgstr ""
1639	1675
1640		#: ../../src/kadmin/cli/kadmin.c:1221 ../../src/kadmin/cli/kadmin.c:1362
	1676	#: ../../src/kadmin/cli/kadmin.c:1225 ../../src/kadmin/cli/kadmin.c:1366
1641	1677	#, c-format
1642	1678	msgid "WARNING: policy \"%s\" does not exist\n"
1643	1679	msgstr ""
1644	1680
1645		#: ../../src/kadmin/cli/kadmin.c:1228
1646		#, c-format
1647		msgid "NOTICE: no policy specified for %s; assigning \"default\"\n"
1648		msgstr ""
1649
1650		#: ../../src/kadmin/cli/kadmin.c:1234
1651		#, c-format
1652		msgid "WARNING: no policy specified for %s; defaulting to no policy\n"
1653		msgstr ""
1654
1655		#: ../../src/kadmin/cli/kadmin.c:1276
	1681	#: ../../src/kadmin/cli/kadmin.c:1232
	1682	#, c-format
	1683	msgid "No policy specified for %s; assigning \"default\"\n"
	1684	msgstr ""
	1685
	1686	#: ../../src/kadmin/cli/kadmin.c:1238
	1687	#, c-format
	1688	msgid "No policy specified for %s; defaulting to no policy\n"
	1689	msgstr ""
	1690
	1691	#: ../../src/kadmin/cli/kadmin.c:1280
1656	1692	#, c-format
1657	1693	msgid "Admin server does not support -nokey while creating \"%s\"\n"
1658	1694	msgstr ""
1659	1695
1660		#: ../../src/kadmin/cli/kadmin.c:1298
	1696	#: ../../src/kadmin/cli/kadmin.c:1302
1661	1697	#, c-format
1662	1698	msgid "while clearing DISALLOW_ALL_TIX for \"%s\"."
1663	1699	msgstr ""
1664	1700
1665		#: ../../src/kadmin/cli/kadmin.c:1345
	1701	#: ../../src/kadmin/cli/kadmin.c:1349
1666	1702	#, c-format
1667	1703	msgid "while getting \"%s\"."
1668	1704	msgstr ""
1669	1705
1670		#: ../../src/kadmin/cli/kadmin.c:1371
	1706	#: ../../src/kadmin/cli/kadmin.c:1375
1671	1707	#, c-format
1672	1708	msgid "while modifying \"%s\"."
1673	1709	msgstr ""
1674	1710
1675		#: ../../src/kadmin/cli/kadmin.c:1375
	1711	#: ../../src/kadmin/cli/kadmin.c:1379
1676	1712	#, c-format
1677	1713	msgid "Principal \"%s\" modified.\n"
1678	1714	msgstr ""
1679	1715
1680		#: ../../src/kadmin/cli/kadmin.c:1396
	1716	#: ../../src/kadmin/cli/kadmin.c:1400
1681	1717	msgid "usage: get_principal [-terse] principal\n"
1682	1718	msgstr ""
1683	1719
1684		#: ../../src/kadmin/cli/kadmin.c:1415
	1720	#: ../../src/kadmin/cli/kadmin.c:1419
1685	1721	#, c-format
1686	1722	msgid "while retrieving \"%s\"."
1687	1723	msgstr ""
1688	1724
1689		#: ../../src/kadmin/cli/kadmin.c:1420 ../../src/kadmin/cli/kadmin.c:1425
	1725	#: ../../src/kadmin/cli/kadmin.c:1424 ../../src/kadmin/cli/kadmin.c:1429
1690	1726	msgid "while unparsing principal"
1691	1727	msgstr ""
1692	1728
1693		#: ../../src/kadmin/cli/kadmin.c:1429
	1729	#: ../../src/kadmin/cli/kadmin.c:1433
1694	1730	#, c-format
1695	1731	msgid "Principal: %s\n"
1696	1732	msgstr ""
1697	1733
1698		#: ../../src/kadmin/cli/kadmin.c:1430
	1734	#: ../../src/kadmin/cli/kadmin.c:1434
1699	1735	#, c-format
1700	1736	msgid "Expiration date: %s\n"
1701	1737	msgstr ""
1702	1738
1703		#: ../../src/kadmin/cli/kadmin.c:1431 ../../src/kadmin/cli/kadmin.c:1433
1704		#: ../../src/kadmin/cli/kadmin.c:1436 ../../src/kadmin/cli/kadmin.c:1444
	1739	#: ../../src/kadmin/cli/kadmin.c:1435 ../../src/kadmin/cli/kadmin.c:1437
	1740	#: ../../src/kadmin/cli/kadmin.c:1440 ../../src/kadmin/cli/kadmin.c:1448
1705	1741	msgid "[never]"
1706	1742	msgstr ""
1707	1743
1708		#: ../../src/kadmin/cli/kadmin.c:1432
	1744	#: ../../src/kadmin/cli/kadmin.c:1436
1709	1745	#, c-format
1710	1746	msgid "Last password change: %s\n"
1711	1747	msgstr ""
1712	1748
1713		#: ../../src/kadmin/cli/kadmin.c:1434
	1749	#: ../../src/kadmin/cli/kadmin.c:1438
1714	1750	#, c-format
1715	1751	msgid "Password expiration date: %s\n"
1716	1752	msgstr ""
1717	1753
1718		#: ../../src/kadmin/cli/kadmin.c:1437
	1754	#: ../../src/kadmin/cli/kadmin.c:1441
1719	1755	#, c-format
1720	1756	msgid "Maximum ticket life: %s\n"
1721	1757	msgstr ""
1722	1758
1723		#: ../../src/kadmin/cli/kadmin.c:1438
	1759	#: ../../src/kadmin/cli/kadmin.c:1442
1724	1760	#, c-format
1725	1761	msgid "Maximum renewable life: %s\n"
1726	1762	msgstr ""
1727	1763
1728		#: ../../src/kadmin/cli/kadmin.c:1440
	1764	#: ../../src/kadmin/cli/kadmin.c:1444
1729	1765	#, c-format
1730	1766	msgid "Last modified: %s (%s)\n"
1731	1767	msgstr ""
1732	1768
1733		#: ../../src/kadmin/cli/kadmin.c:1442
	1769	#: ../../src/kadmin/cli/kadmin.c:1446
1734	1770	#, c-format
1735	1771	msgid "Last successful authentication: %s\n"
1736	1772	msgstr ""
1737	1773
1738		#: ../../src/kadmin/cli/kadmin.c:1448
	1774	#: ../../src/kadmin/cli/kadmin.c:1452
1739	1775	#, c-format
1740	1776	msgid "Failed password attempts: %d\n"
1741	1777	msgstr ""
1742	1778
1743		#: ../../src/kadmin/cli/kadmin.c:1450
	1779	#: ../../src/kadmin/cli/kadmin.c:1454
1744	1780	#, c-format
1745	1781	msgid "Number of keys: %d\n"
1746	1782	msgstr ""
1747	1783
1748		#: ../../src/kadmin/cli/kadmin.c:1457
	1784	#: ../../src/kadmin/cli/kadmin.c:1462
1749	1785	#, c-format
1750	1786	msgid "<Encryption type 0x%x>"
1751	1787	msgstr ""
1752	1788
1753		#: ../../src/kadmin/cli/kadmin.c:1464
	1789	#: ../../src/kadmin/cli/kadmin.c:1474
1754	1790	#, c-format
1755	1791	msgid "<Salt type 0x%x>"
1756	1792	msgstr ""
1757	1793
1758		#: ../../src/kadmin/cli/kadmin.c:1470
	1794	#: ../../src/kadmin/cli/kadmin.c:1480
1759	1795	#, c-format
1760	1796	msgid "MKey: vno %d\n"
1761	1797	msgstr ""
1762	1798
1763		#: ../../src/kadmin/cli/kadmin.c:1472
	1799	#: ../../src/kadmin/cli/kadmin.c:1482
1764	1800	#, c-format
1765	1801	msgid "Attributes:"
1766	1802	msgstr ""
1767	1803
1768		#: ../../src/kadmin/cli/kadmin.c:1475
	1804	#: ../../src/kadmin/cli/kadmin.c:1485
1769	1805	msgid "while printing flags"
1770	1806	msgstr ""
1771	1807
1772		#: ../../src/kadmin/cli/kadmin.c:1484
	1808	#: ../../src/kadmin/cli/kadmin.c:1494
1773	1809	msgid "[none]"
1774	1810	msgstr ""
1775	1811
1776		#: ../../src/kadmin/cli/kadmin.c:1486
	1812	#: ../../src/kadmin/cli/kadmin.c:1496
1777	1813	msgid " [does not exist]"
1778	1814	msgstr ""
1779	1815
1780		#: ../../src/kadmin/cli/kadmin.c:1487
	1816	#: ../../src/kadmin/cli/kadmin.c:1497
1781	1817	#, c-format
1782	1818	msgid "Policy: %s%s\n"
1783	1819	msgstr ""
1784	1820
1785		#: ../../src/kadmin/cli/kadmin.c:1523
	1821	#: ../../src/kadmin/cli/kadmin.c:1533
1786	1822	msgid "usage: get_principals [expression]\n"
1787	1823	msgstr ""
1788	1824
1789		#: ../../src/kadmin/cli/kadmin.c:1528 ../../src/kadmin/cli/kadmin.c:1779
	1825	#: ../../src/kadmin/cli/kadmin.c:1538 ../../src/kadmin/cli/kadmin.c:1789
1790	1826	msgid "while retrieving list."
1791	1827	msgstr ""
1792	1828
1793		#: ../../src/kadmin/cli/kadmin.c:1633
	1829	#: ../../src/kadmin/cli/kadmin.c:1643
1794	1830	#, c-format
1795	1831	msgid "%s: parser lost count!\n"
1796	1832	msgstr ""
1797	1833
1798		#: ../../src/kadmin/cli/kadmin.c:1642
	1834	#: ../../src/kadmin/cli/kadmin.c:1652
1799	1835	#, c-format
1800	1836	msgid "usage; %s [options] policy\n"
1801	1837	msgstr ""
1802	1838
1803		#: ../../src/kadmin/cli/kadmin.c:1644
	1839	#: ../../src/kadmin/cli/kadmin.c:1654
1804	1840	msgid ""
1805	1841	"\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
1806	1842	"\t\t[-minclasses number] [-history number]\n"

1808	1844	"\t\t[-allowedkeysalts keysalts]\n"
1809	1845	msgstr ""
1810	1846
1811		#: ../../src/kadmin/cli/kadmin.c:1648
	1847	#: ../../src/kadmin/cli/kadmin.c:1658
1812	1848	msgid "\t\t[-lockoutduration time]\n"
1813	1849	msgstr ""
1814	1850
1815		#: ../../src/kadmin/cli/kadmin.c:1667
	1851	#: ../../src/kadmin/cli/kadmin.c:1677
1816	1852	#, c-format
1817	1853	msgid "while creating policy \"%s\"."
1818	1854	msgstr ""
1819	1855
1820		#: ../../src/kadmin/cli/kadmin.c:1688
	1856	#: ../../src/kadmin/cli/kadmin.c:1698
1821	1857	#, c-format
1822	1858	msgid "while modifying policy \"%s\"."
1823	1859	msgstr ""
1824	1860
1825		#: ../../src/kadmin/cli/kadmin.c:1700
	1861	#: ../../src/kadmin/cli/kadmin.c:1710
1826	1862	msgid "usage: delete_policy [-force] policy\n"
1827	1863	msgstr ""
1828	1864
1829		#: ../../src/kadmin/cli/kadmin.c:1704
	1865	#: ../../src/kadmin/cli/kadmin.c:1714
1830	1866	#, c-format
1831	1867	msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): "
1832	1868	msgstr ""
1833	1869
1834		#: ../../src/kadmin/cli/kadmin.c:1708
	1870	#: ../../src/kadmin/cli/kadmin.c:1718
1835	1871	#, c-format
1836	1872	msgid "Policy \"%s\" not deleted.\n"
1837	1873	msgstr ""
1838	1874
1839		#: ../../src/kadmin/cli/kadmin.c:1714
	1875	#: ../../src/kadmin/cli/kadmin.c:1724
1840	1876	#, c-format
1841	1877	msgid "while deleting policy \"%s\""
1842	1878	msgstr ""
1843	1879
1844		#: ../../src/kadmin/cli/kadmin.c:1726
	1880	#: ../../src/kadmin/cli/kadmin.c:1736
1845	1881	msgid "usage: get_policy [-terse] policy\n"
1846	1882	msgstr ""
1847	1883
1848		#: ../../src/kadmin/cli/kadmin.c:1731
	1884	#: ../../src/kadmin/cli/kadmin.c:1741
1849	1885	#, c-format
1850	1886	msgid "while retrieving policy \"%s\"."
1851	1887	msgstr ""
1852	1888
1853		#: ../../src/kadmin/cli/kadmin.c:1736
	1889	#: ../../src/kadmin/cli/kadmin.c:1746
1854	1890	#, c-format
1855	1891	msgid "Policy: %s\n"
1856	1892	msgstr ""
1857	1893
1858		#: ../../src/kadmin/cli/kadmin.c:1737
	1894	#: ../../src/kadmin/cli/kadmin.c:1747
1859	1895	#, c-format
1860	1896	msgid "Maximum password life: %s\n"
1861	1897	msgstr ""
1862	1898
1863		#: ../../src/kadmin/cli/kadmin.c:1738
	1899	#: ../../src/kadmin/cli/kadmin.c:1748
1864	1900	#, c-format
1865	1901	msgid "Minimum password life: %s\n"
1866	1902	msgstr ""
1867	1903
1868		#: ../../src/kadmin/cli/kadmin.c:1739
	1904	#: ../../src/kadmin/cli/kadmin.c:1749
1869	1905	#, c-format
1870	1906	msgid "Minimum password length: %ld\n"
1871	1907	msgstr ""
1872	1908
1873		#: ../../src/kadmin/cli/kadmin.c:1740
	1909	#: ../../src/kadmin/cli/kadmin.c:1750
1874	1910	#, c-format
1875	1911	msgid "Minimum number of password character classes: %ld\n"
1876	1912	msgstr ""
1877	1913
1878		#: ../../src/kadmin/cli/kadmin.c:1742
	1914	#: ../../src/kadmin/cli/kadmin.c:1752
1879	1915	#, c-format
1880	1916	msgid "Number of old keys kept: %ld\n"
1881	1917	msgstr ""
1882	1918
1883		#: ../../src/kadmin/cli/kadmin.c:1743
	1919	#: ../../src/kadmin/cli/kadmin.c:1753
1884	1920	#, c-format
1885	1921	msgid "Maximum password failures before lockout: %lu\n"
1886	1922	msgstr ""
1887	1923
1888		#: ../../src/kadmin/cli/kadmin.c:1745
	1924	#: ../../src/kadmin/cli/kadmin.c:1755
1889	1925	#, c-format
1890	1926	msgid "Password failure count reset interval: %s\n"
1891	1927	msgstr ""
1892	1928
1893		#: ../../src/kadmin/cli/kadmin.c:1747
	1929	#: ../../src/kadmin/cli/kadmin.c:1757
1894	1930	#, c-format
1895	1931	msgid "Password lockout duration: %s\n"
1896	1932	msgstr ""
1897	1933
1898		#: ../../src/kadmin/cli/kadmin.c:1750
	1934	#: ../../src/kadmin/cli/kadmin.c:1760
1899	1935	#, c-format
1900	1936	msgid "Allowed key/salt types: %s\n"
1901	1937	msgstr ""
1902	1938
1903		#: ../../src/kadmin/cli/kadmin.c:1774
	1939	#: ../../src/kadmin/cli/kadmin.c:1784
1904	1940	msgid "usage: get_policies [expression]\n"
1905	1941	msgstr ""
1906	1942
1907		#: ../../src/kadmin/cli/kadmin.c:1796
	1943	#: ../../src/kadmin/cli/kadmin.c:1806
1908	1944	msgid "usage: get_privs\n"
1909	1945	msgstr ""
1910	1946
1911		#: ../../src/kadmin/cli/kadmin.c:1801
	1947	#: ../../src/kadmin/cli/kadmin.c:1811
1912	1948	msgid "while retrieving privileges"
1913	1949	msgstr ""
1914	1950
1915		#: ../../src/kadmin/cli/kadmin.c:1804
	1951	#: ../../src/kadmin/cli/kadmin.c:1814
1916	1952	#, c-format
1917	1953	msgid "current privileges:"
1918	1954	msgstr ""
1919	1955
1920		#: ../../src/kadmin/cli/kadmin.c:1830
	1956	#: ../../src/kadmin/cli/kadmin.c:1840
1921	1957	msgid "usage: purgekeys [-all\|-keepkvno oldest_kvno_to_keep] principal\n"
1922	1958	msgstr ""
1923	1959
1924		#: ../../src/kadmin/cli/kadmin.c:1850
	1960	#: ../../src/kadmin/cli/kadmin.c:1860
1925	1961	#, c-format
1926	1962	msgid "while purging keys for principal \"%s\""
1927	1963	msgstr ""
1928	1964
1929		#: ../../src/kadmin/cli/kadmin.c:1855
	1965	#: ../../src/kadmin/cli/kadmin.c:1865
1930	1966	#, c-format
1931	1967	msgid "All keys for principal \"%s\" removed.\n"
1932	1968	msgstr ""
1933	1969
1934		#: ../../src/kadmin/cli/kadmin.c:1857
	1970	#: ../../src/kadmin/cli/kadmin.c:1867
1935	1971	#, c-format
1936	1972	msgid "Old keys for principal \"%s\" purged.\n"
1937	1973	msgstr ""
1938	1974
1939		#: ../../src/kadmin/cli/kadmin.c:1874
	1975	#: ../../src/kadmin/cli/kadmin.c:1884
1940	1976	msgid "usage: get_strings principal\n"
1941	1977	msgstr ""
1942	1978
1943		#: ../../src/kadmin/cli/kadmin.c:1894
	1979	#: ../../src/kadmin/cli/kadmin.c:1904
1944	1980	#, c-format
1945	1981	msgid "while getting attributes for principal \"%s\""
1946	1982	msgstr ""
1947	1983
1948		#: ../../src/kadmin/cli/kadmin.c:1899
	1984	#: ../../src/kadmin/cli/kadmin.c:1909
1949	1985	#, c-format
1950	1986	msgid "(No string attributes.)\n"
1951	1987	msgstr ""
1952	1988
1953		#: ../../src/kadmin/cli/kadmin.c:1918
	1989	#: ../../src/kadmin/cli/kadmin.c:1928
1954	1990	msgid "usage: set_string principal key value\n"
1955	1991	msgstr ""
1956	1992
1957		#: ../../src/kadmin/cli/kadmin.c:1940
	1993	#: ../../src/kadmin/cli/kadmin.c:1950
1958	1994	#, c-format
1959	1995	msgid "while setting attribute on principal \"%s\""
1960	1996	msgstr ""
1961	1997
1962		#: ../../src/kadmin/cli/kadmin.c:1944
	1998	#: ../../src/kadmin/cli/kadmin.c:1954
1963	1999	#, c-format
1964	2000	msgid "Attribute set for principal \"%s\".\n"
1965	2001	msgstr ""
1966	2002
1967		#: ../../src/kadmin/cli/kadmin.c:1959
	2003	#: ../../src/kadmin/cli/kadmin.c:1969
1968	2004	msgid "usage: del_string principal key\n"
1969	2005	msgstr ""
1970	2006
1971		#: ../../src/kadmin/cli/kadmin.c:1980
	2007	#: ../../src/kadmin/cli/kadmin.c:1990
1972	2008	#, c-format
1973	2009	msgid "while deleting attribute from principal \"%s\""
1974	2010	msgstr ""
1975	2011
1976		#: ../../src/kadmin/cli/kadmin.c:1984
	2012	#: ../../src/kadmin/cli/kadmin.c:1994
1977	2013	#, c-format
1978	2014	msgid "Attribute removed from principal \"%s\".\n"
1979	2015	msgstr ""

2120	2156	msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
2121	2157	msgstr ""
2122	2158
2123		#: ../../src/kadmin/dbutil/dump.c:532
2124		#, c-format
2125		msgid ""
2126		"Warning! Multiple DES-CBC-CRC keys for principal %s; skipping duplicates.\n"
2127		msgstr ""
2128
2129		#: ../../src/kadmin/dbutil/dump.c:543
2130		#, c-format
2131		msgid ""
2132		"Warning! No DES-CBC-CRC key for principal %s, cannot generate OV-compatible "
2133		"record; skipping\n"
2134		msgstr ""
2135
2136		#: ../../src/kadmin/dbutil/dump.c:572
	2159	#: ../../src/kadmin/dbutil/dump.c:495
2137	2160	#, c-format
2138	2161	msgid "while converting %s to new master key"
2139	2162	msgstr ""
2140	2163
2141		#: ../../src/kadmin/dbutil/dump.c:593
	2164	#: ../../src/kadmin/dbutil/dump.c:516
2142	2165	#, c-format
2143	2166	msgid "%s(%d): %s\n"
2144	2167	msgstr ""
2145	2168
2146		#: ../../src/kadmin/dbutil/dump.c:636
	2169	#: ../../src/kadmin/dbutil/dump.c:559
2147	2170	#, c-format
2148	2171	msgid "%s(%d): ignoring trash at end of line: "
2149	2172	msgstr ""
2150	2173
	2174	#: ../../src/kadmin/dbutil/dump.c:622
	2175	msgid "cannot read tagged data type and length"
	2176	msgstr ""
	2177
	2178	#: ../../src/kadmin/dbutil/dump.c:626
	2179	msgid "data type or length overflowed"
	2180	msgstr ""
	2181
	2182	#: ../../src/kadmin/dbutil/dump.c:633
	2183	msgid "cannot read tagged data contents"
	2184	msgstr ""
	2185
	2186	#: ../../src/kadmin/dbutil/dump.c:666
	2187	msgid "cannot match size tokens"
	2188	msgstr ""
	2189
	2190	#: ../../src/kadmin/dbutil/dump.c:677
	2191	msgid "cannot allocate tl_data (too large)"
	2192	msgstr ""
	2193
2151	2194	#: ../../src/kadmin/dbutil/dump.c:699
2152		msgid "cannot read tagged data type and length"
2153		msgstr ""
2154
2155		#: ../../src/kadmin/dbutil/dump.c:703
2156		msgid "data type or length overflowed"
2157		msgstr ""
2158
2159		#: ../../src/kadmin/dbutil/dump.c:710
2160		msgid "cannot read tagged data contents"
2161		msgstr ""
2162
2163		#: ../../src/kadmin/dbutil/dump.c:743
2164		msgid "cannot match size tokens"
2165		msgstr ""
2166
2167		#: ../../src/kadmin/dbutil/dump.c:754
2168		msgid "cannot allocate tl_data (too large)"
2169		msgstr ""
2170
2171		#: ../../src/kadmin/dbutil/dump.c:776
2172	2195	msgid "cannot read name string"
2173	2196	msgstr ""
2174	2197
2175		#: ../../src/kadmin/dbutil/dump.c:781
	2198	#: ../../src/kadmin/dbutil/dump.c:704
2176	2199	#, c-format
2177	2200	msgid "while parsing name %s"
2178	2201	msgstr ""
2179	2202
2180		#: ../../src/kadmin/dbutil/dump.c:789
	2203	#: ../../src/kadmin/dbutil/dump.c:712
2181	2204	msgid "cannot read principal attributes"
2182	2205	msgstr ""
2183	2206
2184		#: ../../src/kadmin/dbutil/dump.c:842
	2207	#: ../../src/kadmin/dbutil/dump.c:765
2185	2208	msgid "cannot read key size and version"
2186	2209	msgstr ""
2187	2210
2188		#: ../../src/kadmin/dbutil/dump.c:846
	2211	#: ../../src/kadmin/dbutil/dump.c:769
2189	2212	msgid "unsupported key_data_ver version"
2190	2213	msgstr ""
2191	2214
2192		#: ../../src/kadmin/dbutil/dump.c:857
	2215	#: ../../src/kadmin/dbutil/dump.c:780
2193	2216	msgid "cannot read key type and length"
2194	2217	msgstr ""
2195	2218
2196		#: ../../src/kadmin/dbutil/dump.c:863
	2219	#: ../../src/kadmin/dbutil/dump.c:786
2197	2220	msgid "cannot read key data"
2198	2221	msgstr ""
2199	2222
2200		#: ../../src/kadmin/dbutil/dump.c:873
	2223	#: ../../src/kadmin/dbutil/dump.c:796
2201	2224	msgid "cannot read extra data"
2202	2225	msgstr ""
2203	2226
2204		#: ../../src/kadmin/dbutil/dump.c:882
	2227	#: ../../src/kadmin/dbutil/dump.c:805
2205	2228	#, c-format
2206	2229	msgid "while storing %s"
2207	2230	msgstr ""
2208	2231
2209		#: ../../src/kadmin/dbutil/dump.c:921 ../../src/kadmin/dbutil/dump.c:960
2210		#: ../../src/kadmin/dbutil/dump.c:1006 ../../src/kadmin/dbutil/dump.c:1025
	2232	#: ../../src/kadmin/dbutil/dump.c:844 ../../src/kadmin/dbutil/dump.c:883
	2233	#: ../../src/kadmin/dbutil/dump.c:929 ../../src/kadmin/dbutil/dump.c:948
2211	2234	#, c-format
2212	2235	msgid "cannot parse policy (%d read)\n"
2213	2236	msgstr ""
2214	2237
2215		#: ../../src/kadmin/dbutil/dump.c:929 ../../src/kadmin/dbutil/dump.c:968
2216		#: ../../src/kadmin/dbutil/dump.c:1046
	2238	#: ../../src/kadmin/dbutil/dump.c:852 ../../src/kadmin/dbutil/dump.c:891
	2239	#: ../../src/kadmin/dbutil/dump.c:969
2217	2240	msgid "while creating policy"
2218	2241	msgstr ""
2219	2242
2220		#: ../../src/kadmin/dbutil/dump.c:933
	2243	#: ../../src/kadmin/dbutil/dump.c:856
2221	2244	#, c-format
2222	2245	msgid "created policy %s\n"
2223	2246	msgstr ""
2224	2247
2225		#: ../../src/kadmin/dbutil/dump.c:1083
	2248	#: ../../src/kadmin/dbutil/dump.c:1006
2226	2249	#, c-format
2227	2250	msgid "unknown record type \"%s\"\n"
2228	2251	msgstr ""
2229	2252
2230		#: ../../src/kadmin/dbutil/dump.c:1212
	2253	#: ../../src/kadmin/dbutil/dump.c:1117
2231	2254	#, c-format
2232	2255	msgid "%s: Unknown iprop dump version %d\n"
2233	2256	msgstr ""
2234	2257
2235		#: ../../src/kadmin/dbutil/dump.c:1316 ../../src/kadmin/dbutil/dump.c:1544
	2258	#: ../../src/kadmin/dbutil/dump.c:1201 ../../src/kadmin/dbutil/dump.c:1439
	2259	#, c-format
	2260	msgid "OV dump format not supported\n"
	2261	msgstr ""
	2262
	2263	#: ../../src/kadmin/dbutil/dump.c:1222 ../../src/kadmin/dbutil/dump.c:1450
2236	2264	#, c-format
2237	2265	msgid "Iprop not enabled\n"
2238	2266	msgstr ""
2239	2267
2240		#: ../../src/kadmin/dbutil/dump.c:1353
	2268	#: ../../src/kadmin/dbutil/dump.c:1259
2241	2269	msgid "Conditional dump is an undocumented option for use only for iprop dumps"
2242	2270	msgstr ""
2243	2271
2244		#: ../../src/kadmin/dbutil/dump.c:1366
	2272	#: ../../src/kadmin/dbutil/dump.c:1272
2245	2273	msgid "Database not currently opened!"
2246	2274	msgstr ""
2247	2275
2248		#: ../../src/kadmin/dbutil/dump.c:1380 ../../src/kadmin/dbutil/kdb5_stash.c:116
2249		#: ../../src/kadmin/dbutil/kdb5_util.c:448
	2276	#: ../../src/kadmin/dbutil/dump.c:1286 ../../src/kadmin/dbutil/kdb5_stash.c:116
	2277	#: ../../src/kadmin/dbutil/kdb5_util.c:445
2250	2278	msgid "while reading master key"
2251	2279	msgstr ""
2252	2280
2253		#: ../../src/kadmin/dbutil/dump.c:1386
	2281	#: ../../src/kadmin/dbutil/dump.c:1292
2254	2282	msgid "while verifying master key"
2255	2283	msgstr ""
2256	2284
2257		#: ../../src/kadmin/dbutil/dump.c:1405 ../../src/kadmin/dbutil/dump.c:1415
	2285	#: ../../src/kadmin/dbutil/dump.c:1311 ../../src/kadmin/dbutil/dump.c:1321
2258	2286	msgid "while reading new master key"
2259	2287	msgstr ""
2260	2288
2261		#: ../../src/kadmin/dbutil/dump.c:1409
	2289	#: ../../src/kadmin/dbutil/dump.c:1315
2262	2290	#, c-format
2263	2291	msgid "Please enter new master key....\n"
2264	2292	msgstr ""
2265	2293
2266		#: ../../src/kadmin/dbutil/dump.c:1433
	2294	#: ../../src/kadmin/dbutil/dump.c:1339
2267	2295	#, c-format
2268	2296	msgid "while opening %s for writing"
2269	2297	msgstr ""
2270	2298
2271		#: ../../src/kadmin/dbutil/dump.c:1448
	2299	#: ../../src/kadmin/dbutil/dump.c:1354
2272	2300	msgid "while reading update log header"
2273	2301	msgstr ""
2274	2302
2275		#: ../../src/kadmin/dbutil/dump.c:1463 ../../src/kadmin/dbutil/dump.c:1471
	2303	#: ../../src/kadmin/dbutil/dump.c:1369 ../../src/kadmin/dbutil/dump.c:1377
2276	2304	#, c-format
2277	2305	msgid "performing %s dump"
2278	2306	msgstr ""
2279	2307
2280		#: ../../src/kadmin/dbutil/dump.c:1501
	2308	#: ../../src/kadmin/dbutil/dump.c:1407
2281	2309	#, c-format
2282	2310	msgid "%s: error processing line %d of %s\n"
2283	2311	msgstr ""
2284	2312
2285		#: ../../src/kadmin/dbutil/dump.c:1553
	2313	#: ../../src/kadmin/dbutil/dump.c:1459
2286	2314	msgid "while parsing options"
2287	2315	msgstr ""
2288	2316
2289		#: ../../src/kadmin/dbutil/dump.c:1568
	2317	#: ../../src/kadmin/dbutil/dump.c:1474
2290	2318	#, c-format
2291	2319	msgid "while opening %s"
2292	2320	msgstr ""
2293	2321
2294		#: ../../src/kadmin/dbutil/dump.c:1573 ../../src/kadmin/dbutil/dump.c:1672
	2322	#: ../../src/kadmin/dbutil/dump.c:1479 ../../src/kadmin/dbutil/dump.c:1575
2295	2323	msgid "standard input"
2296	2324	msgstr ""
2297	2325
2298		#: ../../src/kadmin/dbutil/dump.c:1578
	2326	#: ../../src/kadmin/dbutil/dump.c:1484
2299	2327	#, c-format
2300	2328	msgid "%s: can't read dump header in %s\n"
2301	2329	msgstr ""
2302	2330
2303		#: ../../src/kadmin/dbutil/dump.c:1586 ../../src/kadmin/dbutil/dump.c:1603
	2331	#: ../../src/kadmin/dbutil/dump.c:1492 ../../src/kadmin/dbutil/dump.c:1506
2304	2332	#, c-format
2305	2333	msgid "%s: dump header bad in %s\n"
2306	2334	msgstr ""
2307	2335
2308		#: ../../src/kadmin/dbutil/dump.c:1612
	2336	#: ../../src/kadmin/dbutil/dump.c:1515
2309	2337	#, c-format
2310	2338	msgid "Could not open iprop ulog\n"
2311	2339	msgstr ""
2312	2340
2313		#: ../../src/kadmin/dbutil/dump.c:1617
	2341	#: ../../src/kadmin/dbutil/dump.c:1520
2314	2342	#, c-format
2315	2343	msgid "%s: dump version %s can only be loaded with the -update flag\n"
2316	2344	msgstr ""
2317	2345
2318		#: ../../src/kadmin/dbutil/dump.c:1626 ../../src/kadmin/dbutil/dump.c:1631
	2346	#: ../../src/kadmin/dbutil/dump.c:1529 ../../src/kadmin/dbutil/dump.c:1534
2319	2347	msgid "computing parameters for database"
2320	2348	msgstr ""
2321	2349
2322		#: ../../src/kadmin/dbutil/dump.c:1637
	2350	#: ../../src/kadmin/dbutil/dump.c:1540
2323	2351	msgid "while creating database"
2324	2352	msgstr ""
2325	2353
2326		#: ../../src/kadmin/dbutil/dump.c:1646
	2354	#: ../../src/kadmin/dbutil/dump.c:1549
2327	2355	msgid "while opening database"
2328	2356	msgstr ""
2329	2357
2330		#: ../../src/kadmin/dbutil/dump.c:1656
	2358	#: ../../src/kadmin/dbutil/dump.c:1559
2331	2359	msgid "while permanently locking database"
2332	2360	msgstr ""
2333	2361
2334		#: ../../src/kadmin/dbutil/dump.c:1674
	2362	#: ../../src/kadmin/dbutil/dump.c:1577
2335	2363	#, c-format
2336	2364	msgid "%s: %s restore failed\n"
2337	2365	msgstr ""
2338	2366
2339		#: ../../src/kadmin/dbutil/dump.c:1679
	2367	#: ../../src/kadmin/dbutil/dump.c:1582
2340	2368	msgid "while unlocking database"
2341	2369	msgstr ""
2342	2370
2343		#: ../../src/kadmin/dbutil/dump.c:1689 ../../src/kadmin/dbutil/dump.c:1708
	2371	#: ../../src/kadmin/dbutil/dump.c:1592 ../../src/kadmin/dbutil/dump.c:1611
2344	2372	msgid "while reinitializing update log"
2345	2373	msgstr ""
2346	2374
2347		#: ../../src/kadmin/dbutil/dump.c:1699
	2375	#: ../../src/kadmin/dbutil/dump.c:1602
2348	2376	msgid "while making newly loaded database live"
2349	2377	msgstr ""
2350	2378
2351		#: ../../src/kadmin/dbutil/dump.c:1715
	2379	#: ../../src/kadmin/dbutil/dump.c:1618
2352	2380	msgid "while writing update log header"
2353	2381	msgstr ""
2354	2382
2355		#: ../../src/kadmin/dbutil/dump.c:1729
	2383	#: ../../src/kadmin/dbutil/dump.c:1632
2356	2384	#, c-format
2357	2385	msgid "while deleting bad database %s"
2358	2386	msgstr ""

2388	2416	msgid "while creating principal %s"
2389	2417	msgstr ""
2390	2418
2391		#: ../../src/kadmin/dbutil/kdb5_create.c:191
	2419	#: ../../src/kadmin/dbutil/kdb5_create.c:181
2392	2420	#, c-format
2393	2421	msgid "Loading random data\n"
2394	2422	msgstr ""
2395	2423
	2424	#: ../../src/kadmin/dbutil/kdb5_create.c:184
	2425	msgid "Loading random data"
	2426	msgstr ""
	2427
2396	2428	#: ../../src/kadmin/dbutil/kdb5_create.c:194
2397		msgid "Loading random data"
2398		msgstr ""
2399
2400		#: ../../src/kadmin/dbutil/kdb5_create.c:204
2401		#: ../../src/kadmin/dbutil/kdb5_util.c:392
2402		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:608
	2429	#: ../../src/kadmin/dbutil/kdb5_util.c:389
	2430	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:607
2403	2431	msgid "while setting up master key name"
2404	2432	msgstr ""
2405	2433
2406		#: ../../src/kadmin/dbutil/kdb5_create.c:215
	2434	#: ../../src/kadmin/dbutil/kdb5_create.c:205
2407	2435	#, c-format
2408	2436	msgid ""
2409	2437	"Initializing database '%s' for realm '%s',\n"
2410	2438	"master key name '%s'\n"
2411	2439	msgstr ""
2412	2440
2413		#: ../../src/kadmin/dbutil/kdb5_create.c:220
	2441	#: ../../src/kadmin/dbutil/kdb5_create.c:210
	2442	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:516
	2443	#, c-format
	2444	msgid "You will be prompted for the database Master Password.\n"
	2445	msgstr ""
	2446
	2447	#: ../../src/kadmin/dbutil/kdb5_create.c:211
	2448	#: ../../src/kadmin/dbutil/kdb5_mkey.c:255
2414	2449	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:517
2415	2450	#, c-format
2416		msgid "You will be prompted for the database Master Password.\n"
2417		msgstr ""
2418
2419		#: ../../src/kadmin/dbutil/kdb5_create.c:221
2420		#: ../../src/kadmin/dbutil/kdb5_mkey.c:255
2421		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:518
2422		#, c-format
2423	2451	msgid "It is important that you NOT FORGET this password.\n"
2424	2452	msgstr ""
2425	2453
2426		#: ../../src/kadmin/dbutil/kdb5_create.c:227
	2454	#: ../../src/kadmin/dbutil/kdb5_create.c:217
2427	2455	#: ../../src/kadmin/dbutil/kdb5_mkey.c:261
2428	2456	msgid "while creating new master key"
2429	2457	msgstr ""
2430	2458
	2459	#: ../../src/kadmin/dbutil/kdb5_create.c:225
	2460	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:527
	2461	msgid "while reading master key from keyboard"
	2462	msgstr ""
	2463
2431	2464	#: ../../src/kadmin/dbutil/kdb5_create.c:235
2432		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:528
2433		msgid "while reading master key from keyboard"
2434		msgstr ""
2435
2436		#: ../../src/kadmin/dbutil/kdb5_create.c:245
2437	2465	#: ../../src/kadmin/dbutil/kdb5_mkey.c:280
2438		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:620
	2466	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:619
2439	2467	msgid "while calculating master key salt"
2440	2468	msgstr ""
2441	2469
	2470	#: ../../src/kadmin/dbutil/kdb5_create.c:243
	2471	#: ../../src/kadmin/dbutil/kdb5_mkey.c:289
	2472	#: ../../src/kadmin/dbutil/kdb5_util.c:431
	2473	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:631
	2474	msgid "while transforming master key from password"
	2475	msgstr ""
	2476
2442	2477	#: ../../src/kadmin/dbutil/kdb5_create.c:253
2443		#: ../../src/kadmin/dbutil/kdb5_mkey.c:289
2444		#: ../../src/kadmin/dbutil/kdb5_util.c:434
2445		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:632
2446		msgid "while transforming master key from password"
2447		msgstr ""
2448
2449		#: ../../src/kadmin/dbutil/kdb5_create.c:263
2450	2478	msgid "while initializing random key generator"
2451	2479	msgstr ""
2452	2480
2453		#: ../../src/kadmin/dbutil/kdb5_create.c:268
	2481	#: ../../src/kadmin/dbutil/kdb5_create.c:258
2454	2482	#, c-format
2455	2483	msgid "while creating database '%s'"
2456	2484	msgstr ""
2457	2485
2458		#: ../../src/kadmin/dbutil/kdb5_create.c:286
	2486	#: ../../src/kadmin/dbutil/kdb5_create.c:276
2459	2487	msgid "while creating update log"
2460	2488	msgstr ""
2461	2489
2462		#: ../../src/kadmin/dbutil/kdb5_create.c:297
	2490	#: ../../src/kadmin/dbutil/kdb5_create.c:287
2463	2491	msgid "while initializing update log"
2464	2492	msgstr ""
2465	2493
2466		#: ../../src/kadmin/dbutil/kdb5_create.c:312
2467		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:644
	2494	#: ../../src/kadmin/dbutil/kdb5_create.c:302
	2495	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:643
2468	2496	msgid "while adding entries to the database"
2469	2497	msgstr ""
2470	2498
2471		#: ../../src/kadmin/dbutil/kdb5_create.c:340
	2499	#: ../../src/kadmin/dbutil/kdb5_create.c:330
2472	2500	#: ../../src/kadmin/dbutil/kdb5_mkey.c:333
2473	2501	#: ../../src/kadmin/dbutil/kdb5_stash.c:133
	2502	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:668
	2503	msgid "while storing key"
	2504	msgstr ""
	2505
	2506	#: ../../src/kadmin/dbutil/kdb5_create.c:331
	2507	#: ../../src/kadmin/dbutil/kdb5_mkey.c:334
2474	2508	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:669
2475		msgid "while storing key"
2476		msgstr ""
2477
2478		#: ../../src/kadmin/dbutil/kdb5_create.c:341
2479		#: ../../src/kadmin/dbutil/kdb5_mkey.c:334
2480		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:670
2481	2509	#, c-format
2482	2510	msgid "Warning: couldn't stash master key.\n"
2483	2511	msgstr ""

2490	2518	#: ../../src/kadmin/dbutil/kdb5_destroy.c:71
2491	2519	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111
2492	2520	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360
2493		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1476
	2521	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1475
2494	2522	#, c-format
2495	2523	msgid "(type 'yes' to confirm)? "
2496	2524	msgstr ""

2545	2573	#: ../../src/kadmin/dbutil/kdb5_mkey.c:305
2546	2574	#: ../../src/kadmin/dbutil/kdb5_mkey.c:390
2547	2575	#: ../../src/kadmin/dbutil/kdb5_mkey.c:806
2548		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1307
	2576	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1305
2549	2577	msgid "while getting current time"
2550	2578	msgstr ""
2551	2579
2552	2580	#: ../../src/kadmin/dbutil/kdb5_mkey.c:312
2553	2581	#: ../../src/kadmin/dbutil/kdb5_mkey.c:522
2554		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1314
	2582	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1312
2555	2583	msgid "while updating the master key principal modification time"
2556	2584	msgstr ""
2557	2585
2558	2586	#: ../../src/kadmin/dbutil/kdb5_mkey.c:319
2559	2587	#: ../../src/kadmin/dbutil/kdb5_mkey.c:530
2560		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1324
	2588	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1322
2561	2589	msgid "while adding master key entry to the database"
2562	2590	msgstr ""
2563	2591

2588	2616	msgstr ""
2589	2617
2590	2618	#: ../../src/kadmin/dbutil/kdb5_mkey.c:515
2591		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1293
	2619	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1291
2592	2620	msgid "while updating actkvno data for master principal entry"
2593	2621	msgstr ""
2594	2622

2791	2819	msgid "while allocating key_data"
2792	2820	msgstr ""
2793	2821
2794		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1301
	2822	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1299
2795	2823	msgid "while updating mkey_aux data for master principal entry"
2796	2824	msgstr ""
2797	2825
2798		#: ../../src/kadmin/dbutil/kdb5_mkey.c:1328
	2826	#: ../../src/kadmin/dbutil/kdb5_mkey.c:1326
2799	2827	#, c-format
2800	2828	msgid "%d key(s) purged.\n"
2801	2829	msgstr ""
2802	2830
2803	2831	#: ../../src/kadmin/dbutil/kdb5_stash.c:97
2804		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:538
	2832	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:542
2805	2833	#, c-format
2806	2834	msgid "while setting up enctype %d"
2807	2835	msgstr ""

2824	2852	"\tcreate [-s]\n"
2825	2853	"\tdestroy [-f]\n"
2826	2854	"\tstash [-f keyfile]\n"
2827		"\tdump [-old\|-ov\|-b6\|-b7\|-r13\|-r18] [-verbose]\n"
	2855	"\tdump [-old\|-b6\|-b7\|-r13\|-r18] [-verbose]\n"
2828	2856	"\t [-mkey_convert] [-new_mkey_file mkey_file]\n"
2829	2857	"\t [-rev] [-recurse] [filename [princs...]]\n"
2830		"\tload [-old\|-ov\|-b6\|-b7\|-r13\|-r18] [-verbose] [-update] filename\n"
	2858	"\tload [-old\|-b6\|-b7\|-r13\|-r18] [-verbose] [-update] filename\n"
2831	2859	"\tark [-e etype_list] principal\n"
2832	2860	"\tadd_mkey [-e etype] [-s]\n"
2833	2861	"\tuse_mkey kvno [time]\n"

2847	2875	msgstr ""
2848	2876
2849	2877	#: ../../src/kadmin/dbutil/kdb5_util.c:215
2850		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:260
	2878	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:264
2851	2879	msgid "while initializing Kerberos code"
2852	2880	msgstr ""
2853	2881
2854	2882	#: ../../src/kadmin/dbutil/kdb5_util.c:221
2855		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:267
	2883	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:271
2856	2884	msgid "while creating sub-command arguments"
2857	2885	msgstr ""
2858	2886

2866	2894	msgstr ""
2867	2895
2868	2896	#: ../../src/kadmin/dbutil/kdb5_util.c:263
2869		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:291
	2897	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:295
2870	2898	msgid "while setting default realm name"
2871	2899	msgstr ""
2872	2900
2873	2901	#: ../../src/kadmin/dbutil/kdb5_util.c:268
2874		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:298
	2902	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:302
2875	2903	#, c-format
2876	2904	msgid ": %s is an invalid enctype"
2877	2905	msgstr ""
2878	2906
2879	2907	#: ../../src/kadmin/dbutil/kdb5_util.c:276
2880		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:307
	2908	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:311
2881	2909	#, c-format
2882	2910	msgid ": %s is an invalid mkeyVNO"
2883	2911	msgstr ""
2884	2912
2885		#: ../../src/kadmin/dbutil/kdb5_util.c:321
2886		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:431
	2913	#: ../../src/kadmin/dbutil/kdb5_util.c:319
	2914	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:435
2887	2915	msgid "while retreiving configuration parameters"
2888	2916	msgstr ""
2889	2917
2890		#: ../../src/kadmin/dbutil/kdb5_util.c:381
2891		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:883
2892		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1491
2893		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:564
	2918	#: ../../src/kadmin/dbutil/kdb5_util.c:378
	2919	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:882
	2920	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1490
	2921	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:568
2894	2922	msgid "while initializing database"
2895	2923	msgstr ""
2896	2924
2897		#: ../../src/kadmin/dbutil/kdb5_util.c:398
	2925	#: ../../src/kadmin/dbutil/kdb5_util.c:395
2898	2926	msgid "while retrieving master entry"
2899	2927	msgstr ""
2900	2928
2901		#: ../../src/kadmin/dbutil/kdb5_util.c:417
	2929	#: ../../src/kadmin/dbutil/kdb5_util.c:414
2902	2930	msgid "while calculated master key salt"
2903	2931	msgstr ""
2904	2932
2905		#: ../../src/kadmin/dbutil/kdb5_util.c:449
	2933	#: ../../src/kadmin/dbutil/kdb5_util.c:446
2906	2934	msgid "Warning: proceeding without master key"
2907	2935	msgstr ""
2908	2936
2909		#: ../../src/kadmin/dbutil/kdb5_util.c:467
	2937	#: ../../src/kadmin/dbutil/kdb5_util.c:464
2910	2938	msgid "while seeding random number generator"
2911	2939	msgstr ""
2912	2940
2913		#: ../../src/kadmin/dbutil/kdb5_util.c:477
	2941	#: ../../src/kadmin/dbutil/kdb5_util.c:474
2914	2942	#, c-format
2915	2943	msgid "%s: Could not map log\n"
2916	2944	msgstr ""
2917	2945
2918		#: ../../src/kadmin/dbutil/kdb5_util.c:506
	2946	#: ../../src/kadmin/dbutil/kdb5_util.c:503
2919	2947	msgid "while closing database"
2920	2948	msgstr ""
2921	2949
2922		#: ../../src/kadmin/dbutil/kdb5_util.c:553
	2950	#: ../../src/kadmin/dbutil/kdb5_util.c:550
2923	2951	#, c-format
2924	2952	msgid "while fetching principal %s"
2925	2953	msgstr ""
2926	2954
2927		#: ../../src/kadmin/dbutil/kdb5_util.c:576
	2955	#: ../../src/kadmin/dbutil/kdb5_util.c:573
2928	2956	msgid "while finding mkey"
2929	2957	msgstr ""
2930	2958
2931		#: ../../src/kadmin/dbutil/kdb5_util.c:601
	2959	#: ../../src/kadmin/dbutil/kdb5_util.c:598
2932	2960	msgid "while setting changetime"
2933	2961	msgstr ""
2934	2962
2935		#: ../../src/kadmin/dbutil/kdb5_util.c:609
	2963	#: ../../src/kadmin/dbutil/kdb5_util.c:606
2936	2964	#, c-format
2937	2965	msgid "while saving principal %s"
2938	2966	msgstr ""
2939	2967
2940		#: ../../src/kadmin/dbutil/kdb5_util.c:613
	2968	#: ../../src/kadmin/dbutil/kdb5_util.c:610
2941	2969	#, c-format
2942	2970	msgid "%s changed\n"
2943	2971	msgstr ""

2970	2998	msgid "while reading keytab \"%s\""
2971	2999	msgstr ""
2972	3000
2973		#: ../../src/kadmin/ktutil/ktutil.c:104
2974		#, c-format
2975		msgid "%s: must specify the srvtab to read\n"
2976		msgstr ""
2977
2978		#: ../../src/kadmin/ktutil/ktutil.c:109
2979		#, c-format
2980		msgid "while reading srvtab \"%s\""
2981		msgstr ""
2982
2983		#: ../../src/kadmin/ktutil/ktutil.c:119
	3001	#: ../../src/kadmin/ktutil/ktutil.c:101
	3002	#, c-format
	3003	msgid "%s: reading srvtabs is no longer supported\n"
	3004	msgstr ""
	3005
	3006	#: ../../src/kadmin/ktutil/ktutil.c:112
2984	3007	#, c-format
2985	3008	msgid "%s: must specify keytab to write\n"
2986	3009	msgstr ""
2987	3010
	3011	#: ../../src/kadmin/ktutil/ktutil.c:117
	3012	#, c-format
	3013	msgid "while writing keytab \"%s\""
	3014	msgstr ""
	3015
2988	3016	#: ../../src/kadmin/ktutil/ktutil.c:124
2989	3017	#, c-format
2990		msgid "while writing keytab \"%s\""
2991		msgstr ""
2992
2993		#: ../../src/kadmin/ktutil/ktutil.c:131
2994		#, c-format
2995	3018	msgid "%s: writing srvtabs is no longer supported\n"
2996	3019	msgstr ""
2997	3020
2998		#: ../../src/kadmin/ktutil/ktutil.c:178
	3021	#: ../../src/kadmin/ktutil/ktutil.c:171
2999	3022	#, c-format
3000	3023	msgid ""
3001	3024	"usage: %s (-key \| -password) -p principal -k kvno [-e enctype] [-f\|-s salt]\n"
3002	3025	msgstr ""
3003	3026
	3027	#: ../../src/kadmin/ktutil/ktutil.c:176
	3028	#, c-format
	3029	msgid "enctype must be specified if not using -f\n"
	3030	msgstr ""
	3031
3004	3032	#: ../../src/kadmin/ktutil/ktutil.c:183
3005		#, c-format
3006		msgid "enctype must be specified if not using -f\n"
3007		msgstr ""
3008
3009		#: ../../src/kadmin/ktutil/ktutil.c:190
3010	3033	msgid "while adding new entry"
3011	3034	msgstr ""
3012	3035
3013		#: ../../src/kadmin/ktutil/ktutil.c:200
	3036	#: ../../src/kadmin/ktutil/ktutil.c:193
3014	3037	#, c-format
3015	3038	msgid "%s: must specify entry to delete\n"
3016	3039	msgstr ""
3017	3040
3018		#: ../../src/kadmin/ktutil/ktutil.c:205
	3041	#: ../../src/kadmin/ktutil/ktutil.c:198
3019	3042	#, c-format
3020	3043	msgid "while deleting entry %d"
3021	3044	msgstr ""
3022	3045
3023		#: ../../src/kadmin/ktutil/ktutil.c:233
	3046	#: ../../src/kadmin/ktutil/ktutil.c:226
3024	3047	#, c-format
3025	3048	msgid "%s: usage: %s [-t] [-k] [-e]\n"
3026	3049	msgstr ""
3027	3050
3028		#: ../../src/kadmin/ktutil/ktutil.c:272
	3051	#: ../../src/kadmin/ktutil/ktutil.c:265
3029	3052	msgid "While converting enctype to string"
3030	3053	msgstr ""
3031	3054

3097	3120	msgstr ""
3098	3121
3099	3122	#: ../../src/kadmin/server/ipropd_svc.c:164
3100		#: ../../src/kadmin/server/ipropd_svc.c:283
	3123	#: ../../src/kadmin/server/ipropd_svc.c:281
3101	3124	#, c-format
3102	3125	msgid "%s: server handle is NULL"
3103	3126	msgstr ""
3104	3127
3105	3128	#: ../../src/kadmin/server/ipropd_svc.c:174
3106		#: ../../src/kadmin/server/ipropd_svc.c:296
	3129	#: ../../src/kadmin/server/ipropd_svc.c:294
3107	3130	#, c-format
3108	3131	msgid "%s: setup_gss_names failed"
3109	3132	msgstr ""
3110	3133
3111	3134	#: ../../src/kadmin/server/ipropd_svc.c:182
3112		#: ../../src/kadmin/server/ipropd_svc.c:305
	3135	#: ../../src/kadmin/server/ipropd_svc.c:303
3113	3136	#, c-format
3114	3137	msgid "%s: out of memory recording principal names"
3115	3138	msgstr ""

3124	3147	msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=N/A"
3125	3148	msgstr ""
3126	3149
3127		#: ../../src/kadmin/server/ipropd_svc.c:326
	3150	#: ../../src/kadmin/server/ipropd_svc.c:324
3128	3151	#, c-format
3129	3152	msgid "%s: getclhoststr failed"
3130	3153	msgstr ""
3131	3154
3132		#: ../../src/kadmin/server/ipropd_svc.c:348
	3155	#: ../../src/kadmin/server/ipropd_svc.c:346
3133	3156	#, c-format
3134	3157	msgid "%s: cannot construct kdb5 util dump string too long; out of memory"
3135	3158	msgstr ""
3136	3159
3137		#: ../../src/kadmin/server/ipropd_svc.c:368
	3160	#: ../../src/kadmin/server/ipropd_svc.c:366
3138	3161	#, c-format
3139	3162	msgid "%s: fork failed: %s"
3140	3163	msgstr ""
3141	3164
3142		#: ../../src/kadmin/server/ipropd_svc.c:380
	3165	#: ../../src/kadmin/server/ipropd_svc.c:378
3143	3166	#, c-format
3144	3167	msgid "%s: popen failed: %s"
3145	3168	msgstr ""
3146	3169
3147		#: ../../src/kadmin/server/ipropd_svc.c:394
	3170	#: ../../src/kadmin/server/ipropd_svc.c:392
3148	3171	#, c-format
3149	3172	msgid "%s: pclose(popen) failed: %s"
3150	3173	msgstr ""
3151	3174
3152		#: ../../src/kadmin/server/ipropd_svc.c:414
	3175	#: ../../src/kadmin/server/ipropd_svc.c:412
3153	3176	#, c-format
3154	3177	msgid "%s: exec failed: %s"
3155	3178	msgstr ""
3156	3179
3157		#: ../../src/kadmin/server/ipropd_svc.c:430
	3180	#: ../../src/kadmin/server/ipropd_svc.c:428
3158	3181	#, c-format
3159	3182	msgid "Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"
3160	3183	msgstr ""
3161	3184
3162		#: ../../src/kadmin/server/ipropd_svc.c:494
3163		#: ../../src/kadmin/server/kadm_rpc_svc.c:306
	3185	#: ../../src/kadmin/server/ipropd_svc.c:490
	3186	#: ../../src/kadmin/server/kadm_rpc_svc.c:299
3164	3187	#, c-format
3165	3188	msgid "check_rpcsec_auth: failed inquire_context, stat=%u"
3166	3189	msgstr ""
3167	3190
3168		#: ../../src/kadmin/server/ipropd_svc.c:524
3169		#: ../../src/kadmin/server/kadm_rpc_svc.c:335
	3191	#: ../../src/kadmin/server/ipropd_svc.c:520
	3192	#: ../../src/kadmin/server/kadm_rpc_svc.c:328
3170	3193	#, c-format
3171	3194	msgid "bad service principal %.*s%s"
3172	3195	msgstr ""
3173	3196
3174		#: ../../src/kadmin/server/ipropd_svc.c:547
	3197	#: ../../src/kadmin/server/ipropd_svc.c:543
3175	3198	#, c-format
3176	3199	msgid "authentication attempt failed: %s, RPC authentication flavor %d"
3177	3200	msgstr ""
3178	3201
3179		#: ../../src/kadmin/server/ipropd_svc.c:581
	3202	#: ../../src/kadmin/server/ipropd_svc.c:577
3180	3203	#, c-format
3181	3204	msgid "RPC unknown request: %d (%s)"
3182	3205	msgstr ""
3183	3206
3184		#: ../../src/kadmin/server/ipropd_svc.c:589
	3207	#: ../../src/kadmin/server/ipropd_svc.c:585
3185	3208	#, c-format
3186	3209	msgid "RPC svc_getargs failed (%s)"
3187	3210	msgstr ""
3188	3211
3189		#: ../../src/kadmin/server/ipropd_svc.c:599
	3212	#: ../../src/kadmin/server/ipropd_svc.c:595
3190	3213	#, c-format
3191	3214	msgid "RPC svc_sendreply failed (%s)"
3192	3215	msgstr ""
3193	3216
3194		#: ../../src/kadmin/server/ipropd_svc.c:605
	3217	#: ../../src/kadmin/server/ipropd_svc.c:601
3195	3218	#, c-format
3196	3219	msgid "RPC svc_freeargs failed (%s)"
3197	3220	msgstr ""
3198	3221
3199		#: ../../src/kadmin/server/kadm_rpc_svc.c:356
	3222	#: ../../src/kadmin/server/kadm_rpc_svc.c:349
3200	3223	#, c-format
3201	3224	msgid "gss_to_krb5_name: failed display_name status %d"
3202	3225	msgstr ""

3349	3372	msgid "starting"
3350	3373	msgstr ""
3351	3374
3352		#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1047
	3375	#: ../../src/kadmin/server/ovsec_kadmd.c:546 ../../src/kdc/main.c:1061
3353	3376	#, c-format
3354	3377	msgid "%s: starting...\n"
3355	3378	msgstr ""

3381	3404
3382	3405	#: ../../src/kadmin/server/server_stubs.c:415
3383	3406	#: ../../src/kadmin/server/server_stubs.c:693
3384		#: ../../src/kadmin/server/server_stubs.c:1618
	3407	#: ../../src/kadmin/server/server_stubs.c:1568
3385	3408	msgid "success"
3386	3409	msgstr ""
3387	3410

3404	3427	"service=%.*s%s, addr=%s"
3405	3428	msgstr ""
3406	3429
3407		#: ../../src/kadmin/server/server_stubs.c:1614
	3430	#: ../../src/kadmin/server/server_stubs.c:1564
3408	3431	#, c-format
3409	3432	msgid ""
3410	3433	"Request: kadm5_init, %.s%s, %s, client=%.s%s, service=%.*s%s, addr=%s, "
3411	3434	"vers=%d, flavor=%d"
3412	3435	msgstr ""
3413	3436
3414		#: ../../src/kdc/do_as_req.c:301
	3437	#: ../../src/kdc/do_as_req.c:291
3415	3438	#, c-format
3416	3439	msgid "AS_REQ : handle_authdata (%d)"
3417	3440	msgstr ""
3418	3441
3419		#: ../../src/kdc/do_tgs_req.c:643
	3442	#: ../../src/kdc/do_tgs_req.c:631
3420	3443	msgid "not checking transit path"
3421	3444	msgstr ""
3422	3445
3423		#: ../../src/kdc/do_tgs_req.c:666
	3446	#: ../../src/kdc/do_tgs_req.c:648
3424	3447	#, c-format
3425	3448	msgid "TGS_REQ : handle_authdata (%d)"
3426	3449	msgstr ""
3427	3450
3428		#: ../../src/kdc/fast_util.c:55
	3451	#: ../../src/kdc/fast_util.c:56
3429	3452	#, c-format
3430	3453	msgid "%s while handling ap-request armor"
3431	3454	msgstr ""
3432	3455
3433		#: ../../src/kdc/fast_util.c:64
	3456	#: ../../src/kdc/fast_util.c:65
3434	3457	msgid "ap-request armor for something other than the local TGS"
3435	3458	msgstr ""
3436	3459
3437		#: ../../src/kdc/fast_util.c:73
	3460	#: ../../src/kdc/fast_util.c:74
3438	3461	msgid "ap-request armor without subkey"
3439	3462	msgstr ""
3440	3463
3441		#: ../../src/kdc/fast_util.c:161
	3464	#: ../../src/kdc/fast_util.c:162
3442	3465	msgid "Ap-request armor not permitted with TGS"
3443	3466	msgstr ""
3444	3467
3445		#: ../../src/kdc/fast_util.c:168
	3468	#: ../../src/kdc/fast_util.c:169
3446	3469	#, c-format
3447	3470	msgid "Unknown FAST armor type %d"
3448	3471	msgstr ""
3449	3472
3450		#: ../../src/kdc/fast_util.c:182
	3473	#: ../../src/kdc/fast_util.c:183
3451	3474	msgid "No armor key but FAST armored request present"
3452	3475	msgstr ""
3453	3476

3469	3492	msgid "while loading authdata module %s"
3470	3493	msgstr ""
3471	3494
3472		#: ../../src/kdc/kdc_log.c:84
	3495	#: ../../src/kdc/kdc_log.c:83
3473	3496	#, c-format
3474	3497	msgid "AS_REQ (%s) %s: ISSUE: authtime %u, %s, %s for %s"
3475	3498	msgstr ""
3476	3499
3477		#: ../../src/kdc/kdc_log.c:90
	3500	#: ../../src/kdc/kdc_log.c:91
3478	3501	#, c-format
3479	3502	msgid "AS_REQ (%s) %s: %s: %s for %s%s%s"
3480	3503	msgstr ""
3481	3504
3482		#: ../../src/kdc/kdc_log.c:154
	3505	#: ../../src/kdc/kdc_log.c:153
3483	3506	#, c-format
3484	3507	msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s"
3485	3508	msgstr ""
3486	3509
3487		#: ../../src/kdc/kdc_log.c:161
	3510	#: ../../src/kdc/kdc_log.c:162
3488	3511	#, c-format
3489	3512	msgid "... PROTOCOL-TRANSITION s4u-client=%s"
3490	3513	msgstr ""
3491	3514
3492		#: ../../src/kdc/kdc_log.c:165
	3515	#: ../../src/kdc/kdc_log.c:166
3493	3516	#, c-format
3494	3517	msgid "... CONSTRAINED-DELEGATION s4u-client=%s"
3495	3518	msgstr ""
3496	3519
3497		#: ../../src/kdc/kdc_log.c:169
	3520	#: ../../src/kdc/kdc_log.c:170
3498	3521	#, c-format
3499	3522	msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s"
3500	3523	msgstr ""

3528	3551	msgid "preauth %s failed to setup loop: %s"
3529	3552	msgstr ""
3530	3553
3531		#: ../../src/kdc/kdc_preauth.c:914
	3554	#: ../../src/kdc/kdc_preauth.c:894
3532	3555	#, c-format
3533	3556	msgid "%spreauth required but hint list is empty"
3534	3557	msgstr ""

3541	3564	msgid "Incorrect password in encrypted challenge"
3542	3565	msgstr ""
3543	3566
3544		#: ../../src/kdc/kdc_util.c:236
	3567	#: ../../src/kdc/kdc_util.c:247
3545	3568	msgid "TGS_REQ: SESSION KEY or MUTUAL"
3546	3569	msgstr ""
3547	3570
3548		#: ../../src/kdc/kdc_util.c:314
	3571	#: ../../src/kdc/kdc_util.c:322
3549	3572	msgid "PROCESS_TGS: failed lineage check"
3550	3573	msgstr ""
3551	3574
3552		#: ../../src/kdc/kdc_util.c:468
	3575	#: ../../src/kdc/kdc_util.c:474
3553	3576	#, c-format
3554	3577	msgid "TGS_REQ: UNKNOWN SERVER: server='%s'"
3555	3578	msgstr ""
3556	3579
3557		#: ../../src/kdc/kdc_util.c:798
	3580	#: ../../src/kdc/kdc_util.c:834
3558	3581	#, c-format
3559	3582	msgid "Required auth indicators not present in ticket: %s"
3560	3583	msgstr ""
3561	3584
3562		#: ../../src/kdc/main.c:230
	3585	#: ../../src/kdc/main.c:226
	3586	#, c-format
	3587	msgid "Requested master password enctype %s in %s is DEPRECATED!\n"
	3588	msgstr ""
	3589
	3590	#: ../../src/kdc/main.c:242
3563	3591	#, c-format
3564	3592	msgid "while getting context for realm %s"
3565	3593	msgstr ""
3566	3594
3567		#: ../../src/kdc/main.c:338
	3595	#: ../../src/kdc/main.c:344
3568	3596	#, c-format
3569	3597	msgid "while setting default realm to %s"
3570	3598	msgstr ""
3571	3599
3572		#: ../../src/kdc/main.c:346
	3600	#: ../../src/kdc/main.c:352
3573	3601	#, c-format
3574	3602	msgid "while initializing database for realm %s"
3575	3603	msgstr ""
3576	3604
3577		#: ../../src/kdc/main.c:355
	3605	#: ../../src/kdc/main.c:361
3578	3606	#, c-format
3579	3607	msgid "while setting up master key name %s for realm %s"
3580	3608	msgstr ""
3581	3609
3582		#: ../../src/kdc/main.c:368
	3610	#: ../../src/kdc/main.c:374
3583	3611	#, c-format
3584	3612	msgid "while fetching master key %s for realm %s"
3585	3613	msgstr ""
3586	3614
3587		#: ../../src/kdc/main.c:376
	3615	#: ../../src/kdc/main.c:383
	3616	#, c-format
	3617	msgid "Stash file %s uses DEPRECATED enctype %s!\n"
	3618	msgstr ""
	3619
	3620	#: ../../src/kdc/main.c:390
3588	3621	#, c-format
3589	3622	msgid "while fetching master keys list for realm %s"
3590	3623	msgstr ""
3591	3624
3592		#: ../../src/kdc/main.c:385
	3625	#: ../../src/kdc/main.c:399
3593	3626	#, c-format
3594	3627	msgid "while resolving kdb keytab for realm %s"
3595	3628	msgstr ""
3596	3629
3597		#: ../../src/kdc/main.c:394
	3630	#: ../../src/kdc/main.c:408
3598	3631	#, c-format
3599	3632	msgid "while building TGS name for realm %s"
3600	3633	msgstr ""
3601	3634
3602		#: ../../src/kdc/main.c:512
	3635	#: ../../src/kdc/main.c:526
3603	3636	#, c-format
3604	3637	msgid "creating %d worker processes"
3605	3638	msgstr ""
3606	3639
3607		#: ../../src/kdc/main.c:522
	3640	#: ../../src/kdc/main.c:536
3608	3641	msgid "Unable to reinitialize main loop"
3609	3642	msgstr ""
3610	3643
3611		#: ../../src/kdc/main.c:527
	3644	#: ../../src/kdc/main.c:541
3612	3645	#, c-format
3613	3646	msgid "Unable to initialize signal handlers in pid %d"
3614	3647	msgstr ""
3615	3648
3616		#: ../../src/kdc/main.c:557
	3649	#: ../../src/kdc/main.c:571
3617	3650	#, c-format
3618	3651	msgid "worker %ld exited with status %d"
3619	3652	msgstr ""
3620	3653
3621		#: ../../src/kdc/main.c:581
	3654	#: ../../src/kdc/main.c:595
3622	3655	#, c-format
3623	3656	msgid "signal %d received in supervisor"
3624	3657	msgstr ""
3625	3658
3626		#: ../../src/kdc/main.c:593
	3659	#: ../../src/kdc/main.c:607
3627	3660	#, c-format
3628	3661	msgid ""
3629	3662	"usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"

3637	3670	"arguments\n"
3638	3671	msgstr ""
3639	3672
3640		#: ../../src/kdc/main.c:668 ../../src/kdc/main.c:675 ../../src/kdc/main.c:790
	3673	#: ../../src/kdc/main.c:682 ../../src/kdc/main.c:689 ../../src/kdc/main.c:804
3641	3674	#, c-format
3642	3675	msgid " KDC cannot initialize. Not enough memory\n"
3643	3676	msgstr ""
3644	3677
3645		#: ../../src/kdc/main.c:694 ../../src/kdc/main.c:737 ../../src/kdc/main.c:748
	3678	#: ../../src/kdc/main.c:708 ../../src/kdc/main.c:751 ../../src/kdc/main.c:762
3646	3679	#, c-format
3647	3680	msgid "%s: KDC cannot initialize. Not enough memory\n"
3648	3681	msgstr ""
3649	3682
3650		#: ../../src/kdc/main.c:714 ../../src/kdc/main.c:827
	3683	#: ../../src/kdc/main.c:728 ../../src/kdc/main.c:841
3651	3684	#, c-format
3652	3685	msgid "%s: cannot initialize realm %s - see log file for details\n"
3653	3686	msgstr ""
3654	3687
3655		#: ../../src/kdc/main.c:725
	3688	#: ../../src/kdc/main.c:739
3656	3689	#, c-format
3657	3690	msgid "%s: cannot initialize realm %s. Not enough memory\n"
3658	3691	msgstr ""
3659	3692
3660		#: ../../src/kdc/main.c:776
	3693	#: ../../src/kdc/main.c:790
3661	3694	#, c-format
3662	3695	msgid "invalid enctype %s"
3663	3696	msgstr ""
3664	3697
3665		#: ../../src/kdc/main.c:815
	3698	#: ../../src/kdc/main.c:829
3666	3699	msgid "while attempting to retrieve default realm"
3667	3700	msgstr ""
3668	3701
3669		#: ../../src/kdc/main.c:817
	3702	#: ../../src/kdc/main.c:831
3670	3703	#, c-format
3671	3704	msgid "%s: %s, attempting to retrieve default realm\n"
3672	3705	msgstr ""
3673	3706
3674		#: ../../src/kdc/main.c:925
	3707	#: ../../src/kdc/main.c:939
3675	3708	#, c-format
3676	3709	msgid "%s: cannot get memory for realm list\n"
3677	3710	msgstr ""
3678	3711
3679		#: ../../src/kdc/main.c:960
	3712	#: ../../src/kdc/main.c:974
3680	3713	msgid "while initializing lookaside cache"
3681	3714	msgstr ""
3682	3715
3683		#: ../../src/kdc/main.c:968
	3716	#: ../../src/kdc/main.c:982
3684	3717	msgid "while creating main loop"
3685	3718	msgstr ""
3686	3719
3687		#: ../../src/kdc/main.c:977
	3720	#: ../../src/kdc/main.c:991
3688	3721	msgid "while loading KDC policy plugin"
3689	3722	msgstr ""
3690	3723
3691		#: ../../src/kdc/main.c:1002
	3724	#: ../../src/kdc/main.c:1016
3692	3725	msgid "while initializing signal handlers"
3693	3726	msgstr ""
3694	3727
3695		#: ../../src/kdc/main.c:1010
	3728	#: ../../src/kdc/main.c:1024
3696	3729	msgid "while initializing network"
3697	3730	msgstr ""
3698	3731
3699		#: ../../src/kdc/main.c:1015
	3732	#: ../../src/kdc/main.c:1029
3700	3733	msgid "while detaching from tty"
3701	3734	msgstr ""
3702	3735
3703		#: ../../src/kdc/main.c:1022
	3736	#: ../../src/kdc/main.c:1036
3704	3737	msgid "while creating PID file"
3705	3738	msgstr ""
3706	3739
3707		#: ../../src/kdc/main.c:1031
	3740	#: ../../src/kdc/main.c:1045
3708	3741	msgid "creating worker processes"
3709	3742	msgstr ""
3710	3743
3711		#: ../../src/kdc/main.c:1041
	3744	#: ../../src/kdc/main.c:1055
3712	3745	msgid "while loading audit plugin module(s)"
3713	3746	msgstr ""
3714	3747
3715		#: ../../src/kdc/main.c:1045
	3748	#: ../../src/kdc/main.c:1059
3716	3749	msgid "commencing operation"
3717	3750	msgstr ""
3718	3751
3719		#: ../../src/kdc/main.c:1053
	3752	#: ../../src/kdc/main.c:1067
3720	3753	msgid "shutting down"
3721	3754	msgstr ""
3722	3755

3729	3762	#, c-format
3730	3763	msgid ""
3731	3764	"\n"
3732		"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] replica_host\n"
	3765	"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s keytab] replica_host\n"
3733	3766	"\n"
3734	3767	msgstr ""
3735	3768

3766	3799	msgid "while connecting to server"
3767	3800	msgstr ""
3768	3801
3769		#: ../../src/kprop/kprop.c:274 ../../src/kprop/kpropd.c:1199
	3802	#: ../../src/kprop/kprop.c:274 ../../src/kprop/kpropd.c:1194
3770	3803	msgid "while getting local socket address"
3771	3804	msgstr ""
3772	3805

3783	3816	msgstr ""
3784	3817
3785	3818	#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:513
3786		#: ../../src/kprop/kpropd.c:1505
	3819	#: ../../src/kprop/kpropd.c:1506
3787	3820	#, c-format
3788	3821	msgid "Generic remote error: %s\n"
3789	3822	msgstr ""

3811	3844	msgid "database locked"
3812	3845	msgstr ""
3813	3846
3814		#: ../../src/kprop/kprop.c:366 ../../src/kprop/kpropd.c:552
	3847	#: ../../src/kprop/kprop.c:366 ../../src/kprop/kpropd.c:551
3815	3848	#, c-format
3816	3849	msgid "while trying to lock '%s'"
3817	3850	msgstr ""

3878	3911	msgid "while creating 'last_prop' file, '%s'"
3879	3912	msgstr ""
3880	3913
3881		#: ../../src/kprop/kpropd.c:171
	3914	#: ../../src/kprop/kpropd.c:170
3882	3915	#, c-format
3883	3916	msgid ""
3884	3917	"\n"
3885		"Usage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n"
	3918	"Usage: %s [-r realm] [-s keytab] [-dS] [-f replica_file]\n"
	3919	msgstr ""
	3920
	3921	#: ../../src/kprop/kpropd.c:172
	3922	#, c-format
	3923	msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"
3886	3924	msgstr ""
3887	3925
3888	3926	#: ../../src/kprop/kpropd.c:173
3889	3927	#, c-format
3890		msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"
	3928	msgid "\t[-x db_args]* [-P port] [-a acl_file]\n"
3891	3929	msgstr ""
3892	3930
3893	3931	#: ../../src/kprop/kpropd.c:174
3894	3932	#, c-format
3895		msgid "\t[-x db_args]* [-P port] [-a acl_file]\n"
3896		msgstr ""
3897
3898		#: ../../src/kprop/kpropd.c:175
3899		#, c-format
3900	3933	msgid "\t[-A admin_server] [--pid-file=pid_file]\n"
3901	3934	msgstr ""
3902	3935
3903		#: ../../src/kprop/kpropd.c:231
	3936	#: ../../src/kprop/kpropd.c:230
3904	3937	#, c-format
3905	3938	msgid "Killing fullprop child (%d)\n"
3906	3939	msgstr ""
3907	3940
3908		#: ../../src/kprop/kpropd.c:260
	3941	#: ../../src/kprop/kpropd.c:259
3909	3942	msgid "while checking if stdin is a socket"
3910	3943	msgstr ""
3911	3944
3912		#: ../../src/kprop/kpropd.c:278
	3945	#: ../../src/kprop/kpropd.c:277
3913	3946	#, c-format
3914	3947	msgid "ready\n"
3915	3948	msgstr ""
3916	3949
3917		#: ../../src/kprop/kpropd.c:284
	3950	#: ../../src/kprop/kpropd.c:283
3918	3951	#, c-format
3919	3952	msgid "Could not write pid file %s: %s"
3920	3953	msgstr ""
3921	3954
3922		#: ../../src/kprop/kpropd.c:296
	3955	#: ../../src/kprop/kpropd.c:295
3923	3956	#, c-format
3924	3957	msgid "Could not open /dev/null: %s"
3925	3958	msgstr ""
3926	3959
3927		#: ../../src/kprop/kpropd.c:303
	3960	#: ../../src/kprop/kpropd.c:302
3928	3961	#, c-format
3929	3962	msgid "Could not dup the inetd socket: %s"
3930	3963	msgstr ""
3931	3964
3932		#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351
	3965	#: ../../src/kprop/kpropd.c:337 ../../src/kprop/kpropd.c:350
3933	3966	msgid "do_iprop failed.\n"
3934	3967	msgstr ""
3935	3968
3936		#: ../../src/kprop/kpropd.c:390
	3969	#: ../../src/kprop/kpropd.c:389
3937	3970	#, c-format
3938	3971	msgid "getaddrinfo: %s\n"
3939	3972	msgstr ""
3940	3973
3941		#: ../../src/kprop/kpropd.c:396
	3974	#: ../../src/kprop/kpropd.c:395
3942	3975	msgid "while obtaining socket"
3943	3976	msgstr ""
3944	3977
3945		#: ../../src/kprop/kpropd.c:402
	3978	#: ../../src/kprop/kpropd.c:401
3946	3979	msgid "while setting SO_REUSEADDR option"
3947	3980	msgstr ""
3948	3981
3949		#: ../../src/kprop/kpropd.c:410
	3982	#: ../../src/kprop/kpropd.c:409
3950	3983	msgid "while unsetting IPV6_V6ONLY option"
3951	3984	msgstr ""
3952	3985
3953		#: ../../src/kprop/kpropd.c:415
	3986	#: ../../src/kprop/kpropd.c:414
3954	3987	msgid "while binding listener socket"
3955	3988	msgstr ""
3956	3989
3957		#: ../../src/kprop/kpropd.c:426
	3990	#: ../../src/kprop/kpropd.c:425
3958	3991	#, c-format
3959	3992	msgid "waiting for a kprop connection\n"
3960	3993	msgstr ""
3961	3994
3962		#: ../../src/kprop/kpropd.c:432
	3995	#: ../../src/kprop/kpropd.c:431
3963	3996	msgid "while accepting connection"
3964	3997	msgstr ""
3965	3998
3966		#: ../../src/kprop/kpropd.c:438
	3999	#: ../../src/kprop/kpropd.c:437
3967	4000	msgid "while forking"
3968	4001	msgstr ""
3969	4002
3970		#: ../../src/kprop/kpropd.c:453
	4003	#: ../../src/kprop/kpropd.c:452
3971	4004	#, c-format
3972	4005	msgid "waitpid() failed to wait for doit() (%d %s)\n"
3973	4006	msgstr ""
3974	4007
3975		#: ../../src/kprop/kpropd.c:457
	4008	#: ../../src/kprop/kpropd.c:456
3976	4009	msgid "while waiting to receive database"
3977	4010	msgstr ""
3978	4011
3979		#: ../../src/kprop/kpropd.c:461
	4012	#: ../../src/kprop/kpropd.c:460
3980	4013	#, c-format
3981	4014	msgid "Database load process for full propagation completed.\n"
3982	4015	msgstr ""
3983	4016
3984		#: ../../src/kprop/kpropd.c:499
	4017	#: ../../src/kprop/kpropd.c:498
3985	4018	#, c-format
3986	4019	msgid ""
3987	4020	"%s: Standard input does not appear to be a network socket.\n"
3988	4021	"\t(Not run from inetd, and missing the -S option?)\n"
3989	4022	msgstr ""
3990	4023
3991		#: ../../src/kprop/kpropd.c:512
	4024	#: ../../src/kprop/kpropd.c:511
3992	4025	msgid "while attempting setsockopt (SO_KEEPALIVE)"
3993	4026	msgstr ""
3994	4027
3995		#: ../../src/kprop/kpropd.c:517
	4028	#: ../../src/kprop/kpropd.c:516
3996	4029	#, c-format
3997	4030	msgid "Connection from %s"
3998	4031	msgstr ""
3999	4032
4000		#: ../../src/kprop/kpropd.c:537
	4033	#: ../../src/kprop/kpropd.c:536
4001	4034	#, c-format
4002	4035	msgid "Rejected connection from unauthorized principal %s\n"
4003	4036	msgstr ""
4004	4037
4005		#: ../../src/kprop/kpropd.c:541
	4038	#: ../../src/kprop/kpropd.c:540
4006	4039	#, c-format
4007	4040	msgid "Rejected connection from unauthorized principal %s"
4008	4041	msgstr ""
4009	4042
4010		#: ../../src/kprop/kpropd.c:558
	4043	#: ../../src/kprop/kpropd.c:557
4011	4044	#, c-format
4012	4045	msgid "while opening database file, '%s'"
4013	4046	msgstr ""
4014	4047
4015		#: ../../src/kprop/kpropd.c:564
	4048	#: ../../src/kprop/kpropd.c:563
4016	4049	#, c-format
4017	4050	msgid "while renaming %s to %s"
4018	4051	msgstr ""
4019	4052
4020		#: ../../src/kprop/kpropd.c:570
	4053	#: ../../src/kprop/kpropd.c:569
4021	4054	#, c-format
4022	4055	msgid "while downgrading lock on '%s'"
4023	4056	msgstr ""
4024	4057
4025		#: ../../src/kprop/kpropd.c:577
	4058	#: ../../src/kprop/kpropd.c:576
4026	4059	#, c-format
4027	4060	msgid "while unlocking '%s'"
4028	4061	msgstr ""
4029	4062
4030		#: ../../src/kprop/kpropd.c:589
	4063	#: ../../src/kprop/kpropd.c:588
4031	4064	msgid "while sending # of received bytes"
4032	4065	msgstr ""
4033	4066
4034		#: ../../src/kprop/kpropd.c:595
	4067	#: ../../src/kprop/kpropd.c:594
4035	4068	msgid "while trying to close database file"
4036	4069	msgstr ""
4037	4070
4038		#: ../../src/kprop/kpropd.c:650
	4071	#: ../../src/kprop/kpropd.c:649
4039	4072	#, c-format
4040	4073	msgid "Incremental propagation enabled\n"
4041	4074	msgstr ""
4042	4075
4043		#: ../../src/kprop/kpropd.c:661
	4076	#: ../../src/kprop/kpropd.c:660
4044	4077	#, c-format
4045	4078	msgid "%s: unable to get kiprop host based service name for realm %s\n"
4046	4079	msgstr ""
4047	4080
4048		#: ../../src/kprop/kpropd.c:672
	4081	#: ../../src/kprop/kpropd.c:671
4049	4082	msgid "while trying to construct host service principal"
4050	4083	msgstr ""
4051	4084
4052		#: ../../src/kprop/kpropd.c:691
	4085	#: ../../src/kprop/kpropd.c:690
4053	4086	#, c-format
4054	4087	msgid "Initializing kadm5 as client %s\n"
4055	4088	msgstr ""
4056	4089
4057		#: ../../src/kprop/kpropd.c:705
	4090	#: ../../src/kprop/kpropd.c:704
4058	4091	#, c-format
4059	4092	msgid "kadm5 initialization failed!\n"
4060	4093	msgstr ""
4061	4094
4062		#: ../../src/kprop/kpropd.c:714
	4095	#: ../../src/kprop/kpropd.c:713
4063	4096	msgid "while attempting to connect to master KDC ... retrying"
4064	4097	msgstr ""
4065	4098
4066		#: ../../src/kprop/kpropd.c:718
	4099	#: ../../src/kprop/kpropd.c:717
4067	4100	#, c-format
4068	4101	msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
4069	4102	msgstr ""
4070	4103
4071		#: ../../src/kprop/kpropd.c:734
	4104	#: ../../src/kprop/kpropd.c:733
4072	4105	#, c-format
4073	4106	msgid "while initializing %s interface, retrying"
4074	4107	msgstr ""
4075	4108
4076		#: ../../src/kprop/kpropd.c:738
	4109	#: ../../src/kprop/kpropd.c:737
4077	4110	#, c-format
4078	4111	msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
4079	4112	msgstr ""
4080	4113
4081		#: ../../src/kprop/kpropd.c:748
	4114	#: ../../src/kprop/kpropd.c:747
4082	4115	#, c-format
4083	4116	msgid "kadm5 initialization succeeded\n"
4084	4117	msgstr ""
4085	4118
4086		#: ../../src/kprop/kpropd.c:770
	4119	#: ../../src/kprop/kpropd.c:769
4087	4120	msgid "reading update log header"
4088	4121	msgstr ""
4089	4122
4090		#: ../../src/kprop/kpropd.c:781
	4123	#: ../../src/kprop/kpropd.c:780
4091	4124	#, c-format
4092	4125	msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
4093	4126	msgstr ""
4094	4127
4095		#: ../../src/kprop/kpropd.c:791
	4128	#: ../../src/kprop/kpropd.c:790
4096	4129	msgid "iprop_get_updates call failed"
4097	4130	msgstr ""
4098	4131
4099		#: ../../src/kprop/kpropd.c:797
	4132	#: ../../src/kprop/kpropd.c:796
4100	4133	#, c-format
4101	4134	msgid "Reinitializing iprop because get updates failed\n"
4102	4135	msgstr ""
4103	4136
4104		#: ../../src/kprop/kpropd.c:818
	4137	#: ../../src/kprop/kpropd.c:817
4105	4138	#, c-format
4106	4139	msgid "Still waiting for full resync\n"
4107	4140	msgstr ""
4108	4141
	4142	#: ../../src/kprop/kpropd.c:822
	4143	#, c-format
	4144	msgid "Full resync needed\n"
	4145	msgstr ""
	4146
4109	4147	#: ../../src/kprop/kpropd.c:823
4110		#, c-format
4111		msgid "Full resync needed\n"
4112		msgstr ""
4113
4114		#: ../../src/kprop/kpropd.c:824
4115	4148	msgid "kpropd: Full resync needed."
4116	4149	msgstr ""
4117	4150
4118		#: ../../src/kprop/kpropd.c:829
	4151	#: ../../src/kprop/kpropd.c:828
4119	4152	msgid "iprop_full_resync call failed"
4120	4153	msgstr ""
4121	4154
	4155	#: ../../src/kprop/kpropd.c:839
	4156	#, c-format
	4157	msgid "Full resync request granted\n"
	4158	msgstr ""
	4159
4122	4160	#: ../../src/kprop/kpropd.c:840
4123		#, c-format
4124		msgid "Full resync request granted\n"
4125		msgstr ""
4126
4127		#: ../../src/kprop/kpropd.c:841
4128	4161	msgid "Full resync request granted."
4129	4162	msgstr ""
4130	4163
4131		#: ../../src/kprop/kpropd.c:850
	4164	#: ../../src/kprop/kpropd.c:849
4132	4165	#, c-format
4133	4166	msgid "Exponential backoff\n"
4134	4167	msgstr ""
4135	4168
	4169	#: ../../src/kprop/kpropd.c:855
	4170	#, c-format
	4171	msgid "Full resync permission denied\n"
	4172	msgstr ""
	4173
4136	4174	#: ../../src/kprop/kpropd.c:856
4137		#, c-format
4138		msgid "Full resync permission denied\n"
4139		msgstr ""
4140
4141		#: ../../src/kprop/kpropd.c:857
4142	4175	msgid "Full resync, permission denied."
4143	4176	msgstr ""
4144	4177
	4178	#: ../../src/kprop/kpropd.c:861
	4179	#, c-format
	4180	msgid "Full resync error from master\n"
	4181	msgstr ""
	4182
4145	4183	#: ../../src/kprop/kpropd.c:862
4146		#, c-format
4147		msgid "Full resync error from master\n"
4148		msgstr ""
4149
4150		#: ../../src/kprop/kpropd.c:863
4151	4184	msgid " Full resync, error returned from master KDC."
4152	4185	msgstr ""
4153	4186
4154		#: ../../src/kprop/kpropd.c:871
	4187	#: ../../src/kprop/kpropd.c:870
4155	4188	#, c-format
4156	4189	msgid "Full resync invalid result from master\n"
4157	4190	msgstr ""
4158	4191
4159		#: ../../src/kprop/kpropd.c:873
	4192	#: ../../src/kprop/kpropd.c:872
4160	4193	msgid "Full resync, invalid return from master KDC."
4161	4194	msgstr ""
4162	4195
4163		#: ../../src/kprop/kpropd.c:889
	4196	#: ../../src/kprop/kpropd.c:888
4164	4197	#, c-format
4165	4198	msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
4166	4199	msgstr ""
4167	4200
4168		#: ../../src/kprop/kpropd.c:901
	4201	#: ../../src/kprop/kpropd.c:900
4169	4202	#, c-format
4170	4203	msgid "ulog_replay failed (%s), updates not registered\n"
4171	4204	msgstr ""
4172	4205
4173		#: ../../src/kprop/kpropd.c:904
	4206	#: ../../src/kprop/kpropd.c:903
4174	4207	#, c-format
4175	4208	msgid "ulog_replay failed (%s), updates not registered."
4176	4209	msgstr ""
4177	4210
4178		#: ../../src/kprop/kpropd.c:913
	4211	#: ../../src/kprop/kpropd.c:912
4179	4212	#, c-format
4180	4213	msgid "Incremental updates: %d updates / %lu us"
4181	4214	msgstr ""
4182	4215
4183		#: ../../src/kprop/kpropd.c:916
	4216	#: ../../src/kprop/kpropd.c:915
4184	4217	#, c-format
4185	4218	msgid "Incremental updates: %d updates / %lu us\n"
4186	4219	msgstr ""
4187	4220
	4221	#: ../../src/kprop/kpropd.c:923
	4222	#, c-format
	4223	msgid "get_updates permission denied\n"
	4224	msgstr ""
	4225
4188	4226	#: ../../src/kprop/kpropd.c:924
4189		#, c-format
4190		msgid "get_updates permission denied\n"
4191		msgstr ""
4192
4193		#: ../../src/kprop/kpropd.c:925
4194	4227	msgid "get_updates, permission denied."
4195	4228	msgstr ""
4196	4229
	4230	#: ../../src/kprop/kpropd.c:929
	4231	#, c-format
	4232	msgid "get_updates error from master\n"
	4233	msgstr ""
	4234
4197	4235	#: ../../src/kprop/kpropd.c:930
4198		#, c-format
4199		msgid "get_updates error from master\n"
4200		msgstr ""
4201
4202		#: ../../src/kprop/kpropd.c:931
4203	4236	msgid "get_updates, error returned from master KDC."
4204	4237	msgstr ""
4205	4238
4206		#: ../../src/kprop/kpropd.c:939
	4239	#: ../../src/kprop/kpropd.c:938
4207	4240	#, c-format
4208	4241	msgid "get_updates master busy; backoff\n"
4209	4242	msgstr ""
4210	4243
4211		#: ../../src/kprop/kpropd.c:948
	4244	#: ../../src/kprop/kpropd.c:947
4212	4245	#, c-format
4213	4246	msgid "KDC is synchronized with master.\n"
4214	4247	msgstr ""
4215	4248
	4249	#: ../../src/kprop/kpropd.c:955
	4250	#, c-format
	4251	msgid "get_updates invalid result from master\n"
	4252	msgstr ""
	4253
4216	4254	#: ../../src/kprop/kpropd.c:956
4217		#, c-format
4218		msgid "get_updates invalid result from master\n"
4219		msgstr ""
4220
4221		#: ../../src/kprop/kpropd.c:957
4222	4255	msgid "get_updates, invalid return from master KDC."
4223	4256	msgstr ""
4224	4257
4225		#: ../../src/kprop/kpropd.c:972
	4258	#: ../../src/kprop/kpropd.c:971
4226	4259	#, c-format
4227	4260	msgid "Busy signal received from master, backoff for %d secs\n"
4228	4261	msgstr ""
4229	4262
4230		#: ../../src/kprop/kpropd.c:979
	4263	#: ../../src/kprop/kpropd.c:978
4231	4264	#, c-format
4232	4265	msgid "Waiting for %d seconds before checking for updates again\n"
4233	4266	msgstr ""
4234	4267
	4268	#: ../../src/kprop/kpropd.c:989
	4269	#, c-format
	4270	msgid "ERROR returned by master, bailing\n"
	4271	msgstr ""
	4272
4235	4273	#: ../../src/kprop/kpropd.c:990
4236		#, c-format
4237		msgid "ERROR returned by master, bailing\n"
4238		msgstr ""
4239
4240		#: ../../src/kprop/kpropd.c:991
4241	4274	msgid "ERROR returned by master KDC, bailing.\n"
4242	4275	msgstr ""
4243	4276
4244		#: ../../src/kprop/kpropd.c:1108
	4277	#: ../../src/kprop/kpropd.c:1107
4245	4278	msgid "copying db args"
4246	4279	msgstr ""
4247	4280
4248		#: ../../src/kprop/kpropd.c:1133
	4281	#: ../../src/kprop/kpropd.c:1132
4249	4282	msgid "Unable to get default realm"
4250	4283	msgstr ""
4251	4284
4252		#: ../../src/kprop/kpropd.c:1140
	4285	#: ../../src/kprop/kpropd.c:1139
4253	4286	msgid "Unable to set default realm"
4254	4287	msgstr ""
4255	4288
4256		#: ../../src/kprop/kpropd.c:1150
	4289	#: ../../src/kprop/kpropd.c:1149
4257	4290	msgid "while trying to construct my service name"
4258	4291	msgstr ""
4259	4292
4260		#: ../../src/kprop/kpropd.c:1157
	4293	#: ../../src/kprop/kpropd.c:1156
4261	4294	msgid "while allocating filename for temp file"
4262	4295	msgstr ""
4263	4296
4264		#: ../../src/kprop/kpropd.c:1165
	4297	#: ../../src/kprop/kpropd.c:1164
4265	4298	msgid "while initializing"
4266	4299	msgstr ""
4267	4300
4268		#: ../../src/kprop/kpropd.c:1173
	4301	#: ../../src/kprop/kpropd.c:1172
4269	4302	msgid "Unable to map log!\n"
4270	4303	msgstr ""
4271	4304
4272		#: ../../src/kprop/kpropd.c:1219
	4305	#: ../../src/kprop/kpropd.c:1214
4273	4306	#, c-format
4274	4307	msgid "Error in krb5_auth_con_ini: %s"
4275	4308	msgstr ""
4276	4309
4277		#: ../../src/kprop/kpropd.c:1227
	4310	#: ../../src/kprop/kpropd.c:1222
4278	4311	#, c-format
4279	4312	msgid "Error in krb5_auth_con_setflags: %s"
4280	4313	msgstr ""

4299	4332	msgid "Error in krb5_copy_prinicpal: %s"
4300	4333	msgstr ""
4301	4334
4302		#: ../../src/kprop/kpropd.c:1275
	4335	#: ../../src/kprop/kpropd.c:1276
4303	4336	msgid "while unparsing ticket etype"
4304	4337	msgstr ""
4305	4338
4306		#: ../../src/kprop/kpropd.c:1279
	4339	#: ../../src/kprop/kpropd.c:1280
4307	4340	#, c-format
4308	4341	msgid "authenticated client: %s (etype == %s)\n"
4309	4342	msgstr ""
4310	4343
4311		#: ../../src/kprop/kpropd.c:1358
	4344	#: ../../src/kprop/kpropd.c:1359
4312	4345	msgid "while reading size of database from client"
4313	4346	msgstr ""
4314	4347
4315		#: ../../src/kprop/kpropd.c:1368
	4348	#: ../../src/kprop/kpropd.c:1369
4316	4349	msgid "while decoding database size from client"
4317	4350	msgstr ""
4318	4351
4319		#: ../../src/kprop/kpropd.c:1381
	4352	#: ../../src/kprop/kpropd.c:1382
4320	4353	msgid "while initializing i_vector"
4321	4354	msgstr ""
4322	4355
4323		#: ../../src/kprop/kpropd.c:1386
	4356	#: ../../src/kprop/kpropd.c:1387
4324	4357	#, c-format
4325	4358	msgid "Full propagation transfer started.\n"
4326	4359	msgstr ""
4327	4360
4328		#: ../../src/kprop/kpropd.c:1439
	4361	#: ../../src/kprop/kpropd.c:1440
4329	4362	#, c-format
4330	4363	msgid "Full propagation transfer finished.\n"
4331	4364	msgstr ""
4332	4365
4333		#: ../../src/kprop/kpropd.c:1500
	4366	#: ../../src/kprop/kpropd.c:1501
4334	4367	msgid "while decoding error packet from client"
4335	4368	msgstr ""
4336	4369
4337		#: ../../src/kprop/kpropd.c:1509
	4370	#: ../../src/kprop/kpropd.c:1510
4338	4371	msgid "signaled from server"
4339	4372	msgstr ""
4340	4373
4341		#: ../../src/kprop/kpropd.c:1511
	4374	#: ../../src/kprop/kpropd.c:1512
4342	4375	#, c-format
4343	4376	msgid "Error text from client: %s\n"
4344	4377	msgstr ""
4345	4378
4346		#: ../../src/kprop/kpropd.c:1560
	4379	#: ../../src/kprop/kpropd.c:1561
4347	4380	#, c-format
4348	4381	msgid "while trying to fork %s"
4349	4382	msgstr ""
4350	4383
4351		#: ../../src/kprop/kpropd.c:1564
	4384	#: ../../src/kprop/kpropd.c:1565
4352	4385	#, c-format
4353	4386	msgid "while trying to exec %s"
4354	4387	msgstr ""
4355	4388
4356		#: ../../src/kprop/kpropd.c:1571
	4389	#: ../../src/kprop/kpropd.c:1572
4357	4390	#, c-format
4358	4391	msgid "while waiting for %s"
4359	4392	msgstr ""
4360	4393
4361		#: ../../src/kprop/kpropd.c:1577
	4394	#: ../../src/kprop/kpropd.c:1578
4362	4395	#, c-format
4363	4396	msgid "%s load terminated"
4364	4397	msgstr ""
4365	4398
4366		#: ../../src/kprop/kpropd.c:1583
	4399	#: ../../src/kprop/kpropd.c:1584
4367	4400	#, c-format
4368	4401	msgid "%s returned a bad exit status (%d)"
4369	4402	msgstr ""
4370	4403
4371		#: ../../src/kprop/kproplog.c:28
	4404	#: ../../src/kprop/kproplog.c:29
4372	4405	#, c-format
4373	4406	msgid ""
4374	4407	"\n"

4377	4410	"\n"
4378	4411	msgstr ""
4379	4412
4380		#: ../../src/kprop/kproplog.c:132
	4413	#: ../../src/kprop/kproplog.c:112
4381	4414	#, c-format
4382	4415	msgid ""
4383	4416	"\n"
4384	4417	"Couldn't allocate memory"
4385	4418	msgstr ""
4386	4419
	4420	#: ../../src/kprop/kproplog.c:206
	4421	#, c-format
	4422	msgid "\t\tAttribute flags\n"
	4423	msgstr ""
	4424
	4425	#: ../../src/kprop/kproplog.c:211
	4426	#, c-format
	4427	msgid "\t\tMaximum ticket life\n"
	4428	msgstr ""
	4429
	4430	#: ../../src/kprop/kproplog.c:216
	4431	#, c-format
	4432	msgid "\t\tMaximum renewable life\n"
	4433	msgstr ""
	4434
	4435	#: ../../src/kprop/kproplog.c:221
	4436	#, c-format
	4437	msgid "\t\tPrincipal expiration\n"
	4438	msgstr ""
	4439
4387	4440	#: ../../src/kprop/kproplog.c:226
4388	4441	#, c-format
4389		msgid "\t\tAttribute flags\n"
	4442	msgid "\t\tPassword expiration\n"
4390	4443	msgstr ""
4391	4444
4392	4445	#: ../../src/kprop/kproplog.c:231
4393	4446	#, c-format
4394		msgid "\t\tMaximum ticket life\n"
	4447	msgid "\t\tLast successful auth\n"
4395	4448	msgstr ""
4396	4449
4397	4450	#: ../../src/kprop/kproplog.c:236
4398	4451	#, c-format
4399		msgid "\t\tMaximum renewable life\n"
	4452	msgid "\t\tLast failed auth\n"
4400	4453	msgstr ""
4401	4454
4402	4455	#: ../../src/kprop/kproplog.c:241
4403	4456	#, c-format
4404		msgid "\t\tPrincipal expiration\n"
	4457	msgid "\t\tFailed passwd attempt\n"
4405	4458	msgstr ""
4406	4459
4407	4460	#: ../../src/kprop/kproplog.c:246
4408	4461	#, c-format
4409		msgid "\t\tPassword expiration\n"
	4462	msgid "\t\tPrincipal\n"
4410	4463	msgstr ""
4411	4464
4412	4465	#: ../../src/kprop/kproplog.c:251
4413	4466	#, c-format
4414		msgid "\t\tLast successful auth\n"
4415		msgstr ""
4416
4417		#: ../../src/kprop/kproplog.c:256
4418		#, c-format
4419		msgid "\t\tLast failed auth\n"
4420		msgstr ""
4421
4422		#: ../../src/kprop/kproplog.c:261
4423		#, c-format
4424		msgid "\t\tFailed passwd attempt\n"
4425		msgstr ""
4426
4427		#: ../../src/kprop/kproplog.c:266
4428		#, c-format
4429		msgid "\t\tPrincipal\n"
4430		msgstr ""
4431
4432		#: ../../src/kprop/kproplog.c:271
4433		#, c-format
4434	4467	msgid "\t\tKey data\n"
4435	4468	msgstr ""
4436	4469
4437		#: ../../src/kprop/kproplog.c:278
	4470	#: ../../src/kprop/kproplog.c:258
4438	4471	#, c-format
4439	4472	msgid "\t\tTL data\n"
4440	4473	msgstr ""
4441	4474
	4475	#: ../../src/kprop/kproplog.c:265
	4476	#, c-format
	4477	msgid "\t\tLength\n"
	4478	msgstr ""
	4479
	4480	#: ../../src/kprop/kproplog.c:270
	4481	#, c-format
	4482	msgid "\t\tPassword last changed\n"
	4483	msgstr ""
	4484
	4485	#: ../../src/kprop/kproplog.c:275
	4486	#, c-format
	4487	msgid "\t\tModifying principal\n"
	4488	msgstr ""
	4489
	4490	#: ../../src/kprop/kproplog.c:280
	4491	#, c-format
	4492	msgid "\t\tModification time\n"
	4493	msgstr ""
	4494
4442	4495	#: ../../src/kprop/kproplog.c:285
4443	4496	#, c-format
4444		msgid "\t\tLength\n"
	4497	msgid "\t\tModified where\n"
4445	4498	msgstr ""
4446	4499
4447	4500	#: ../../src/kprop/kproplog.c:290
4448	4501	#, c-format
4449		msgid "\t\tPassword last changed\n"
	4502	msgid "\t\tPassword policy\n"
4450	4503	msgstr ""
4451	4504
4452	4505	#: ../../src/kprop/kproplog.c:295
4453	4506	#, c-format
4454		msgid "\t\tModifying principal\n"
	4507	msgid "\t\tPassword policy switch\n"
4455	4508	msgstr ""
4456	4509
4457	4510	#: ../../src/kprop/kproplog.c:300
4458	4511	#, c-format
4459		msgid "\t\tModification time\n"
	4512	msgid "\t\tPassword history KVNO\n"
4460	4513	msgstr ""
4461	4514
4462	4515	#: ../../src/kprop/kproplog.c:305
4463	4516	#, c-format
4464		msgid "\t\tModified where\n"
4465		msgstr ""
4466
4467		#: ../../src/kprop/kproplog.c:310
4468		#, c-format
4469		msgid "\t\tPassword policy\n"
4470		msgstr ""
4471
4472		#: ../../src/kprop/kproplog.c:315
4473		#, c-format
4474		msgid "\t\tPassword policy switch\n"
4475		msgstr ""
4476
4477		#: ../../src/kprop/kproplog.c:320
4478		#, c-format
4479		msgid "\t\tPassword history KVNO\n"
4480		msgstr ""
4481
4482		#: ../../src/kprop/kproplog.c:325
4483		#, c-format
4484	4517	msgid "\t\tPassword history\n"
4485	4518	msgstr ""
4486	4519
4487		#: ../../src/kprop/kproplog.c:359
	4520	#: ../../src/kprop/kproplog.c:339
4488	4521	#, c-format
4489	4522	msgid ""
4490	4523	"Corrupt update entry\n"
4491	4524	"\n"
4492	4525	msgstr ""
4493	4526
4494		#: ../../src/kprop/kproplog.c:364
	4527	#: ../../src/kprop/kproplog.c:344
4495	4528	#, c-format
4496	4529	msgid "Update Entry\n"
4497	4530	msgstr ""
4498	4531
4499		#: ../../src/kprop/kproplog.c:366
	4532	#: ../../src/kprop/kproplog.c:346
4500	4533	#, c-format
4501	4534	msgid "\tUpdate serial # : %u\n"
4502	4535	msgstr ""
4503	4536
4504		#: ../../src/kprop/kproplog.c:370
	4537	#: ../../src/kprop/kproplog.c:350
4505	4538	#, c-format
4506	4539	msgid "\tDummy entry\n"
4507	4540	msgstr ""
4508	4541
4509		#: ../../src/kprop/kproplog.c:378
	4542	#: ../../src/kprop/kproplog.c:358
4510	4543	#, c-format
4511	4544	msgid ""
4512	4545	"Entry data decode failure\n"
4513	4546	"\n"
4514	4547	msgstr ""
4515	4548
4516		#: ../../src/kprop/kproplog.c:382
	4549	#: ../../src/kprop/kproplog.c:362
4517	4550	#, c-format
4518	4551	msgid "\tUpdate operation : "
4519	4552	msgstr ""
4520	4553
4521		#: ../../src/kprop/kproplog.c:384
	4554	#: ../../src/kprop/kproplog.c:364
4522	4555	#, c-format
4523	4556	msgid "Delete\n"
4524	4557	msgstr ""
4525	4558
4526		#: ../../src/kprop/kproplog.c:386
	4559	#: ../../src/kprop/kproplog.c:366
4527	4560	#, c-format
4528	4561	msgid "Add\n"
4529	4562	msgstr ""
4530	4563
4531		#: ../../src/kprop/kproplog.c:390
	4564	#: ../../src/kprop/kproplog.c:370
4532	4565	#, c-format
4533	4566	msgid ""
4534	4567	"Could not allocate principal name\n"
4535	4568	"\n"
4536	4569	msgstr ""
4537	4570
4538		#: ../../src/kprop/kproplog.c:396
	4571	#: ../../src/kprop/kproplog.c:376
4539	4572	#, c-format
4540	4573	msgid "\tUpdate principal : %s\n"
4541	4574	msgstr ""
4542	4575
4543		#: ../../src/kprop/kproplog.c:398
	4576	#: ../../src/kprop/kproplog.c:378
4544	4577	#, c-format
4545	4578	msgid "\tUpdate size : %u\n"
4546	4579	msgstr ""
4547	4580
4548		#: ../../src/kprop/kproplog.c:399
	4581	#: ../../src/kprop/kproplog.c:379
4549	4582	#, c-format
4550	4583	msgid "\tUpdate committed : %s\n"
4551	4584	msgstr ""
4552	4585
4553		#: ../../src/kprop/kproplog.c:403
	4586	#: ../../src/kprop/kproplog.c:383
4554	4587	#, c-format
4555	4588	msgid "\tUpdate time stamp : None\n"
4556	4589	msgstr ""
4557	4590
4558		#: ../../src/kprop/kproplog.c:405
	4591	#: ../../src/kprop/kproplog.c:385
4559	4592	#, c-format
4560	4593	msgid "\tUpdate time stamp : %s"
4561	4594	msgstr ""
4562	4595
4563		#: ../../src/kprop/kproplog.c:409
	4596	#: ../../src/kprop/kproplog.c:389
4564	4597	#, c-format
4565	4598	msgid "\tAttributes changed : %d\n"
4566	4599	msgstr ""
4567	4600
4568		#: ../../src/kprop/kproplog.c:474
	4601	#: ../../src/kprop/kproplog.c:454
4569	4602	#, c-format
4570	4603	msgid ""
4571	4604	"Unable to initialize Kerberos\n"
4572	4605	"\n"
4573	4606	msgstr ""
4574	4607
4575		#: ../../src/kprop/kproplog.c:481
	4608	#: ../../src/kprop/kproplog.c:461
4576	4609	#, c-format
4577	4610	msgid ""
4578	4611	"Couldn't read database_name\n"
4579	4612	"\n"
4580	4613	msgstr ""
4581	4614
4582		#: ../../src/kprop/kproplog.c:485
	4615	#: ../../src/kprop/kproplog.c:465
4583	4616	#, c-format
4584	4617	msgid ""
4585	4618	"\n"
4586	4619	"Kerberos update log (%s)\n"
4587	4620	msgstr ""
4588	4621
4589		#: ../../src/kprop/kproplog.c:489 ../../src/kprop/kproplog.c:505
	4622	#: ../../src/kprop/kproplog.c:469 ../../src/kprop/kproplog.c:485
4590	4623	#, c-format
4591	4624	msgid ""
4592	4625	"Unable to map log file %s\n"
4593	4626	"\n"
4594	4627	msgstr ""
4595	4628
4596		#: ../../src/kprop/kproplog.c:494
	4629	#: ../../src/kprop/kproplog.c:474
4597	4630	#, c-format
4598	4631	msgid ""
4599	4632	"Couldn't reinitialize ulog file %s\n"
4600	4633	"\n"
4601	4634	msgstr ""
4602	4635
4603		#: ../../src/kprop/kproplog.c:498
	4636	#: ../../src/kprop/kproplog.c:478
4604	4637	#, c-format
4605	4638	msgid "Reinitialized the ulog.\n"
4606	4639	msgstr ""
4607	4640
4608		#: ../../src/kprop/kproplog.c:511
	4641	#: ../../src/kprop/kproplog.c:491
4609	4642	#, c-format
4610	4643	msgid ""
4611	4644	"Corrupt header log, exiting\n"
4612	4645	"\n"
4613	4646	msgstr ""
4614	4647
4615		#: ../../src/kprop/kproplog.c:515
	4648	#: ../../src/kprop/kproplog.c:495
4616	4649	#, c-format
4617	4650	msgid "Update log dump :\n"
4618	4651	msgstr ""
4619	4652
	4653	#: ../../src/kprop/kproplog.c:496
	4654	#, c-format
	4655	msgid "\tLog version # : %u\n"
	4656	msgstr ""
	4657
	4658	#: ../../src/kprop/kproplog.c:497
	4659	#, c-format
	4660	msgid "\tLog state : "
	4661	msgstr ""
	4662
	4663	#: ../../src/kprop/kproplog.c:500
	4664	#, c-format
	4665	msgid "Stable\n"
	4666	msgstr ""
	4667
	4668	#: ../../src/kprop/kproplog.c:503
	4669	#, c-format
	4670	msgid "Unstable\n"
	4671	msgstr ""
	4672
	4673	#: ../../src/kprop/kproplog.c:506
	4674	#, c-format
	4675	msgid "Corrupt\n"
	4676	msgstr ""
	4677
	4678	#: ../../src/kprop/kproplog.c:509
	4679	#, c-format
	4680	msgid "Unknown state: %d\n"
	4681	msgstr ""
	4682
	4683	#: ../../src/kprop/kproplog.c:512
	4684	#, c-format
	4685	msgid "\tEntry block size : %u\n"
	4686	msgstr ""
	4687
	4688	#: ../../src/kprop/kproplog.c:513
	4689	#, c-format
	4690	msgid "\tNumber of entries : %u\n"
	4691	msgstr ""
	4692
4620	4693	#: ../../src/kprop/kproplog.c:516
4621	4694	#, c-format
4622		msgid "\tLog version # : %u\n"
4623		msgstr ""
4624
4625		#: ../../src/kprop/kproplog.c:517
4626		#, c-format
4627		msgid "\tLog state : "
4628		msgstr ""
4629
4630		#: ../../src/kprop/kproplog.c:520
4631		#, c-format
4632		msgid "Stable\n"
4633		msgstr ""
4634
4635		#: ../../src/kprop/kproplog.c:523
4636		#, c-format
4637		msgid "Unstable\n"
4638		msgstr ""
4639
4640		#: ../../src/kprop/kproplog.c:526
4641		#, c-format
4642		msgid "Corrupt\n"
4643		msgstr ""
4644
4645		#: ../../src/kprop/kproplog.c:529
4646		#, c-format
4647		msgid "Unknown state: %d\n"
4648		msgstr ""
4649
4650		#: ../../src/kprop/kproplog.c:532
4651		#, c-format
4652		msgid "\tEntry block size : %u\n"
	4695	msgid "\tLast serial # : None\n"
	4696	msgstr ""
	4697
	4698	#: ../../src/kprop/kproplog.c:519
	4699	#, c-format
	4700	msgid "\tFirst serial # : None\n"
	4701	msgstr ""
	4702
	4703	#: ../../src/kprop/kproplog.c:521
	4704	#, c-format
	4705	msgid "\tFirst serial # : "
	4706	msgstr ""
	4707
	4708	#: ../../src/kprop/kproplog.c:525
	4709	#, c-format
	4710	msgid "\tLast serial # : "
	4711	msgstr ""
	4712
	4713	#: ../../src/kprop/kproplog.c:530
	4714	#, c-format
	4715	msgid "\tLast time stamp : None\n"
4653	4716	msgstr ""
4654	4717
4655	4718	#: ../../src/kprop/kproplog.c:533
4656	4719	#, c-format
4657		msgid "\tNumber of entries : %u\n"
4658		msgstr ""
4659
4660		#: ../../src/kprop/kproplog.c:536
4661		#, c-format
4662		msgid "\tLast serial # : None\n"
	4720	msgid "\tFirst time stamp : None\n"
	4721	msgstr ""
	4722
	4723	#: ../../src/kprop/kproplog.c:535
	4724	#, c-format
	4725	msgid "\tFirst time stamp : %s"
4663	4726	msgstr ""
4664	4727
4665	4728	#: ../../src/kprop/kproplog.c:539
4666	4729	#, c-format
4667		msgid "\tFirst serial # : None\n"
4668		msgstr ""
4669
4670		#: ../../src/kprop/kproplog.c:541
4671		#, c-format
4672		msgid "\tFirst serial # : "
4673		msgstr ""
4674
4675		#: ../../src/kprop/kproplog.c:545
4676		#, c-format
4677		msgid "\tLast serial # : "
4678		msgstr ""
4679
4680		#: ../../src/kprop/kproplog.c:550
4681		#, c-format
4682		msgid "\tLast time stamp : None\n"
4683		msgstr ""
4684
4685		#: ../../src/kprop/kproplog.c:553
4686		#, c-format
4687		msgid "\tFirst time stamp : None\n"
4688		msgstr ""
4689
4690		#: ../../src/kprop/kproplog.c:555
4691		#, c-format
4692		msgid "\tFirst time stamp : %s"
4693		msgstr ""
4694
4695		#: ../../src/kprop/kproplog.c:559
4696		#, c-format
4697	4730	msgid "\tLast time stamp : %s\n"
4698	4731	msgstr ""
4699	4732
4700		#: ../../src/lib/apputils/net-server.c:221
	4733	#: ../../src/lib/apputils/net-server.c:231
4701	4734	msgid "Got signal to request exit"
4702	4735	msgstr ""
4703	4736
4704		#: ../../src/lib/apputils/net-server.c:235
	4737	#: ../../src/lib/apputils/net-server.c:245
4705	4738	msgid "Got signal to reset"
4706	4739	msgstr ""
4707	4740
4708		#: ../../src/lib/apputils/net-server.c:301
	4741	#: ../../src/lib/apputils/net-server.c:311
4709	4742	#, c-format
4710	4743	msgid "Invalid port %d"
4711	4744	msgstr ""
4712	4745
4713		#: ../../src/lib/apputils/net-server.c:314
	4746	#: ../../src/lib/apputils/net-server.c:324
4714	4747	#, c-format
4715	4748	msgid "Removing address %s since wildcard address is being added"
4716	4749	msgstr ""
4717	4750
4718		#: ../../src/lib/apputils/net-server.c:321
	4751	#: ../../src/lib/apputils/net-server.c:331
4719	4752	msgid "Address already added to server"
4720	4753	msgstr ""
4721	4754
4722		#: ../../src/lib/apputils/net-server.c:484
	4755	#: ../../src/lib/apputils/net-server.c:494
4723	4756	#, c-format
4724	4757	msgid "closing down fd %d"
4725	4758	msgstr ""
4726	4759
4727		#: ../../src/lib/apputils/net-server.c:498
	4760	#: ../../src/lib/apputils/net-server.c:508
4728	4761	#, c-format
4729	4762	msgid "descriptor %d closed but still in svc_fdset"
4730	4763	msgstr ""
4731	4764
4732		#: ../../src/lib/apputils/net-server.c:524
	4765	#: ../../src/lib/apputils/net-server.c:534
4733	4766	msgid "cannot create io event"
4734	4767	msgstr ""
4735	4768
4736		#: ../../src/lib/apputils/net-server.c:529
	4769	#: ../../src/lib/apputils/net-server.c:539
4737	4770	msgid "cannot save event"
4738	4771	msgstr ""
4739	4772
4740		#: ../../src/lib/apputils/net-server.c:549
	4773	#: ../../src/lib/apputils/net-server.c:559
4741	4774	#, c-format
4742	4775	msgid "file descriptor number %d too high"
4743	4776	msgstr ""
4744	4777
4745		#: ../../src/lib/apputils/net-server.c:556
	4778	#: ../../src/lib/apputils/net-server.c:566
4746	4779	msgid "cannot allocate storage for connection info"
4747	4780	msgstr ""
4748	4781
4749		#: ../../src/lib/apputils/net-server.c:591
	4782	#: ../../src/lib/apputils/net-server.c:601
4750	4783	#, c-format
4751	4784	msgid "Cannot create TCP server socket on %s"
4752	4785	msgstr ""
4753	4786
4754		#: ../../src/lib/apputils/net-server.c:600
	4787	#: ../../src/lib/apputils/net-server.c:610
4755	4788	#, c-format
4756	4789	msgid "TCP socket fd number %d (for %s) too high"
4757	4790	msgstr ""
4758	4791
4759		#: ../../src/lib/apputils/net-server.c:607
	4792	#: ../../src/lib/apputils/net-server.c:617
4760	4793	#, c-format
4761	4794	msgid "Cannot enable SO_REUSEADDR on fd %d"
4762	4795	msgstr ""
4763	4796
4764		#: ../../src/lib/apputils/net-server.c:612
	4797	#: ../../src/lib/apputils/net-server.c:622
4765	4798	#, c-format
4766	4799	msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
4767	4800	msgstr ""
4768	4801
4769		#: ../../src/lib/apputils/net-server.c:615
	4802	#: ../../src/lib/apputils/net-server.c:625
4770	4803	#, c-format
4771	4804	msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
4772	4805	msgstr ""
4773	4806
4774		#: ../../src/lib/apputils/net-server.c:618
	4807	#: ../../src/lib/apputils/net-server.c:628
4775	4808	msgid "no IPV6_V6ONLY socket option support"
4776	4809	msgstr ""
4777	4810
4778		#: ../../src/lib/apputils/net-server.c:624
	4811	#: ../../src/lib/apputils/net-server.c:634
4779	4812	#, c-format
4780	4813	msgid "Cannot bind server socket on %s"
4781	4814	msgstr ""
4782	4815
4783		#: ../../src/lib/apputils/net-server.c:694
	4816	#: ../../src/lib/apputils/net-server.c:704
4784	4817	#, c-format
4785	4818	msgid "Setting up %s socket for address %s"
4786	4819	msgstr ""
4787	4820
4788		#: ../../src/lib/apputils/net-server.c:707
	4821	#: ../../src/lib/apputils/net-server.c:717
4789	4822	#, c-format
4790	4823	msgid "Cannot listen on %s server socket on %s"
4791	4824	msgstr ""
4792	4825
4793		#: ../../src/lib/apputils/net-server.c:716
	4826	#: ../../src/lib/apputils/net-server.c:726
4794	4827	#, c-format
4795	4828	msgid "cannot set listening %s socket on %s non-blocking"
4796	4829	msgstr ""
4797	4830
4798		#: ../../src/lib/apputils/net-server.c:724
	4831	#: ../../src/lib/apputils/net-server.c:734
4799	4832	#, c-format
4800	4833	msgid "cannot set SO_LINGER on %s socket on %s"
4801	4834	msgstr ""
4802	4835
4803		#: ../../src/lib/apputils/net-server.c:731
	4836	#: ../../src/lib/apputils/net-server.c:741
4804	4837	#, c-format
4805	4838	msgid "Setting pktinfo on socket %s"
4806	4839	msgstr ""
4807	4840
4808		#: ../../src/lib/apputils/net-server.c:736
	4841	#: ../../src/lib/apputils/net-server.c:746
4809	4842	#, c-format
4810	4843	msgid "Cannot request packet info for UDP socket address %s port %d"
4811	4844	msgstr ""
4812	4845
4813		#: ../../src/lib/apputils/net-server.c:738
	4846	#: ../../src/lib/apputils/net-server.c:748
4814	4847	msgid ""
4815	4848	"System does not support pktinfo yet binding to a wildcard address. Packets "
4816	4849	"are not guaranteed to return on the received address."
4817	4850	msgstr ""
4818	4851
4819		#: ../../src/lib/apputils/net-server.c:750
	4852	#: ../../src/lib/apputils/net-server.c:760
4820	4853	msgid "Error attempting to add verto event"
4821	4854	msgstr ""
4822	4855
4823		#: ../../src/lib/apputils/net-server.c:759
	4856	#: ../../src/lib/apputils/net-server.c:769
4824	4857	#, c-format
4825	4858	msgid "Cannot create RPC service: %s"
4826	4859	msgstr ""
4827	4860
4828		#: ../../src/lib/apputils/net-server.c:769
	4861	#: ../../src/lib/apputils/net-server.c:779
4829	4862	#, c-format
4830	4863	msgid "Cannot register RPC service: %s"
4831	4864	msgstr ""
4832	4865
4833		#: ../../src/lib/apputils/net-server.c:813
	4866	#: ../../src/lib/apputils/net-server.c:823
4834	4867	msgid "No addresses added to the net server"
4835	4868	msgstr ""
4836	4869
4837		#: ../../src/lib/apputils/net-server.c:832
	4870	#: ../../src/lib/apputils/net-server.c:842
4838	4871	#, c-format
4839	4872	msgid "Failed getting address info (for %s): %s"
4840	4873	msgstr ""
4841	4874
4842		#: ../../src/lib/apputils/net-server.c:862
	4875	#: ../../src/lib/apputils/net-server.c:872
4843	4876	#, c-format
4844	4877	msgid "Failed setting up a %s socket (for %s)"
4845	4878	msgstr ""
4846	4879
4847		#: ../../src/lib/apputils/net-server.c:903
	4880	#: ../../src/lib/apputils/net-server.c:913
4848	4881	msgid "setting up network..."
4849	4882	msgstr ""
4850	4883
4851		#: ../../src/lib/apputils/net-server.c:906
	4884	#: ../../src/lib/apputils/net-server.c:916
4852	4885	msgid "Error setting up network"
4853	4886	msgstr ""
4854	4887
4855		#: ../../src/lib/apputils/net-server.c:909
	4888	#: ../../src/lib/apputils/net-server.c:919
4856	4889	#, c-format
4857	4890	msgid "set up %d sockets"
4858	4891	msgstr ""
4859	4892
4860		#: ../../src/lib/apputils/net-server.c:912
	4893	#: ../../src/lib/apputils/net-server.c:922
4861	4894	msgid "no sockets set up?"
4862	4895	msgstr ""
4863	4896
4864		#: ../../src/lib/apputils/net-server.c:975
4865		#: ../../src/lib/apputils/net-server.c:1029
	4897	#: ../../src/lib/apputils/net-server.c:985
	4898	#: ../../src/lib/apputils/net-server.c:1039
4866	4899	msgid "while dispatching (udp)"
4867	4900	msgstr ""
4868	4901
4869		#: ../../src/lib/apputils/net-server.c:1004
	4902	#: ../../src/lib/apputils/net-server.c:1014
4870	4903	#, c-format
4871	4904	msgid "while sending reply to %s/%s from %s"
4872	4905	msgstr ""
4873	4906
4874		#: ../../src/lib/apputils/net-server.c:1009
	4907	#: ../../src/lib/apputils/net-server.c:1019
4875	4908	#, c-format
4876	4909	msgid "short reply write %d vs %d\n"
4877	4910	msgstr ""
4878	4911
4879		#: ../../src/lib/apputils/net-server.c:1054
	4912	#: ../../src/lib/apputils/net-server.c:1064
4880	4913	msgid "while receiving from network"
4881	4914	msgstr ""
4882	4915
4883		#: ../../src/lib/apputils/net-server.c:1097
	4916	#: ../../src/lib/apputils/net-server.c:1107
4884	4917	msgid "too many connections"
4885	4918	msgstr ""
4886	4919
4887		#: ../../src/lib/apputils/net-server.c:1115
	4920	#: ../../src/lib/apputils/net-server.c:1125
4888	4921	#, c-format
4889	4922	msgid "dropping %s fd %d from %s"
4890	4923	msgstr ""
4891	4924
4892		#: ../../src/lib/apputils/net-server.c:1185
	4925	#: ../../src/lib/apputils/net-server.c:1195
4893	4926	#, c-format
4894	4927	msgid "allocating buffer for new TCP session from %s"
4895	4928	msgstr ""
4896	4929
4897		#: ../../src/lib/apputils/net-server.c:1217
	4930	#: ../../src/lib/apputils/net-server.c:1227
4898	4931	msgid "while dispatching (tcp)"
4899	4932	msgstr ""
4900	4933
4901		#: ../../src/lib/apputils/net-server.c:1249
	4934	#: ../../src/lib/apputils/net-server.c:1259
4902	4935	msgid "error allocating tcp dispatch private!"
4903	4936	msgstr ""
4904	4937
4905		#: ../../src/lib/apputils/net-server.c:1296
	4938	#: ../../src/lib/apputils/net-server.c:1306
4906	4939	#, c-format
4907	4940	msgid "TCP client %s wants %lu bytes, cap is %lu"
4908	4941	msgstr ""
4909	4942
4910		#: ../../src/lib/apputils/net-server.c:1304
	4943	#: ../../src/lib/apputils/net-server.c:1314
4911	4944	#, c-format
4912	4945	msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
4913	4946	msgstr ""
4914	4947
4915		#: ../../src/lib/apputils/net-server.c:1343
	4948	#: ../../src/lib/apputils/net-server.c:1353
4916	4949	#, c-format
4917	4950	msgid "getsockname failed: %s"
4918	4951	msgstr ""

5116	5149	msgid "An expected per-message token was not received"
5117	5150	msgstr ""
5118	5151
5119		#: ../../src/lib/gssapi/spnego/spnego_mech.c:1813
	5152	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1822
5120	5153	msgid "SPNEGO cannot find mechanisms to negotiate"
5121	5154	msgstr ""
5122	5155
5123		#: ../../src/lib/gssapi/spnego/spnego_mech.c:1818
	5156	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1824
5124	5157	msgid "SPNEGO failed to acquire creds"
5125	5158	msgstr ""
5126	5159
5127		#: ../../src/lib/gssapi/spnego/spnego_mech.c:1823
	5160	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1826
5128	5161	msgid "SPNEGO acceptor did not select a mechanism"
5129	5162	msgstr ""
5130	5163

5132	5165	msgid "SPNEGO failed to negotiate a mechanism"
5133	5166	msgstr ""
5134	5167
5135		#: ../../src/lib/gssapi/spnego/spnego_mech.c:1833
	5168	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1830
5136	5169	msgid "SPNEGO acceptor did not return a valid token"
	5170	msgstr ""
	5171
	5172	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1832
	5173	msgid "Invalid NegoEx signature"
	5174	msgstr ""
	5175
	5176	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1834
	5177	msgid "Invalid NegoEx message type"
	5178	msgstr ""
	5179
	5180	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1836
	5181	msgid "Invalid NegoEx message size"
	5182	msgstr ""
	5183
	5184	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1838
	5185	msgid "Invalid NegoEx conversation ID"
	5186	msgstr ""
	5187
	5188	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1840
	5189	msgid "NegoEx authentication scheme not found"
	5190	msgstr ""
	5191
	5192	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1842
	5193	msgid "Missing NegoEx negotiate message"
	5194	msgstr ""
	5195
	5196	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1844
	5197	msgid "Missing NegoEx authentication protocol request message"
	5198	msgstr ""
	5199
	5200	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1846
	5201	msgid "No mutually supported NegoEx authentication schemes"
	5202	msgstr ""
	5203
	5204	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1848
	5205	msgid "No NegoEx verify key"
	5206	msgstr ""
	5207
	5208	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1850
	5209	msgid "Unknown NegoEx checksum scheme"
	5210	msgstr ""
	5211
	5212	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1852
	5213	msgid "Invalid NegoEx checksum"
	5214	msgstr ""
	5215
	5216	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1854
	5217	msgid "Unsupported critical NegoEx extension"
	5218	msgstr ""
	5219
	5220	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1856
	5221	msgid "Unsupported NegoEx version"
	5222	msgstr ""
	5223
	5224	#: ../../src/lib/gssapi/spnego/spnego_mech.c:1858
	5225	msgid "NegoEx message out of sequence"
5137	5226	msgstr ""
5138	5227
5139	5228	#: ../../src/lib/kadm5/logger.c:54

5232	5321	msgid "No default realm set; cannot initialize KDB"
5233	5322	msgstr ""
5234	5323
5235		#: ../../src/lib/kdb/kdb5.c:368
	5324	#: ../../src/lib/kdb/kdb5.c:372
5236	5325	#, c-format
5237	5326	msgid "Unable to find requested database type: %s"
5238	5327	msgstr ""
5239	5328
5240		#: ../../src/lib/kdb/kdb5.c:448 ../lib/krb5/error_tables/kdb5_err.c:55
	5329	#: ../../src/lib/kdb/kdb5.c:452 ../lib/krb5/error_tables/kdb5_err.c:55
5241	5330	msgid "Unable to find requested database type"
5242	5331	msgstr ""
5243	5332
5244		#: ../../src/lib/kdb/kdb5.c:456
	5333	#: ../../src/lib/kdb/kdb5.c:460
5245	5334	msgid "plugin symbol 'kdb_function_table' lookup failed"
5246	5335	msgstr ""
5247	5336
5248		#: ../../src/lib/kdb/kdb5.c:464
	5337	#: ../../src/lib/kdb/kdb5.c:468
5249	5338	#, c-format
5250	5339	msgid ""
5251	5340	"Unable to load requested database module '%s': plugin symbol "
5252	5341	"'kdb_function_table' not found"
5253	5342	msgstr ""
5254	5343
5255		#: ../../src/lib/kdb/kdb5.c:602
	5344	#: ../../src/lib/kdb/kdb5.c:606
5256	5345	msgid "Cannot initialize database library"
5257	5346	msgstr ""
5258	5347
5259		#: ../../src/lib/kdb/kdb5.c:1762
	5348	#: ../../src/lib/kdb/kdb5.c:1765
5260	5349	#, c-format
5261	5350	msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
5262	5351	msgstr ""
5263	5352
5264		#: ../../src/lib/kdb/kdb5.c:1934
	5353	#: ../../src/lib/kdb/kdb5.c:1937
5265	5354	#, c-format
5266	5355	msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
5267	5356	msgstr ""
5268	5357
5269		#: ../../src/lib/kdb/kdb_default.c:164
	5358	#: ../../src/lib/kdb/kdb_default.c:137
5270	5359	#, c-format
5271	5360	msgid "keyfile (%s) is not a regular file: %s"
5272	5361	msgstr ""
5273	5362
5274		#: ../../src/lib/kdb/kdb_default.c:177
	5363	#: ../../src/lib/kdb/kdb_default.c:150
5275	5364	msgid "Could not create temp keytab file name."
5276	5365	msgstr ""
5277	5366
5278		#: ../../src/lib/kdb/kdb_default.c:202
	5367	#: ../../src/lib/kdb/kdb_default.c:175
5279	5368	#, c-format
5280	5369	msgid "Temporary stash file already exists: %s."
5281	5370	msgstr ""
5282	5371
5283		#: ../../src/lib/kdb/kdb_default.c:230
	5372	#: ../../src/lib/kdb/kdb_default.c:203
5284	5373	#, c-format
5285	5374	msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
5286	5375	msgstr ""
5287	5376
5288		#: ../../src/lib/kdb/kdb_default.c:415
	5377	#: ../../src/lib/kdb/kdb_default.c:388
5289	5378	#, c-format
5290	5379	msgid "Can not fetch master key (error: %s)."
5291	5380	msgstr ""
5292	5381
5293		#: ../../src/lib/kdb/kdb_default.c:483
	5382	#: ../../src/lib/kdb/kdb_default.c:456
5294	5383	msgid "Unable to decrypt latest master key with the provided master key\n"
5295	5384	msgstr ""
5296	5385

5333	5422	"collection"
5334	5423	msgstr ""
5335	5424
5336		#: ../../src/lib/krb5/ccache/cc_kcm.c:756
	5425	#: ../../src/lib/krb5/ccache/cc_kcm.c:740
5337	5426	#, c-format
5338	5427	msgid "Credentials cache 'KCM:%s' not found"
5339	5428	msgstr ""
5340	5429
5341		#: ../../src/lib/krb5/ccache/cc_keyring.c:1151
	5430	#: ../../src/lib/krb5/ccache/cc_keyring.c:1149
5342	5431	msgid ""
5343	5432	"Can't create new subsidiary cache because default cache is already a "
5344	5433	"subsidiary"
5345	5434	msgstr ""
5346	5435
5347		#: ../../src/lib/krb5/ccache/cc_keyring.c:1219
	5436	#: ../../src/lib/krb5/ccache/cc_keyring.c:1217
5348	5437	#, c-format
5349	5438	msgid "Credentials cache keyring '%s' not found"
5350	5439	msgstr ""
5351	5440
5352		#: ../../src/lib/krb5/ccache/cccursor.c:213
	5441	#: ../../src/lib/krb5/ccache/cccursor.c:178
5353	5442	#, c-format
5354	5443	msgid "Can't find client principal %s in cache collection"
5355	5444	msgstr ""
5356	5445
5357		#: ../../src/lib/krb5/ccache/cccursor.c:293
	5446	#: ../../src/lib/krb5/ccache/cccursor.c:258
5358	5447	msgid "No Kerberos credentials available"
5359	5448	msgstr ""
5360	5449
5361		#: ../../src/lib/krb5/ccache/cccursor.c:299
	5450	#: ../../src/lib/krb5/ccache/cccursor.c:264
5362	5451	#, c-format
5363	5452	msgid "No Kerberos credentials available (default cache: %s)"
5364	5453	msgstr ""
5365	5454
5366		#: ../../src/lib/krb5/keytab/kt_file.c:406
	5455	#: ../../src/lib/krb5/keytab/kt_file.c:389
5367	5456	#, c-format
5368	5457	msgid "No key table entry found for %s"
5369	5458	msgstr ""
5370	5459
5371		#: ../../src/lib/krb5/keytab/kt_file.c:823
5372		#: ../../src/lib/krb5/keytab/kt_file.c:856
	5460	#: ../../src/lib/krb5/keytab/kt_file.c:537
	5461	#: ../../src/lib/krb5/keytab/kt_file.c:570
5373	5462	msgid "Cannot change keytab with keytab iterators active"
5374	5463	msgstr ""
5375	5464
5376		#: ../../src/lib/krb5/keytab/kt_file.c:1046
	5465	#: ../../src/lib/krb5/keytab/kt_file.c:757
5377	5466	#, c-format
5378	5467	msgid "Key table file '%s' not found"
5379	5468	msgstr ""

5488	5577	msgid "Reply has wrong form of session key for anonymous request"
5489	5578	msgstr ""
5490	5579
5491		#: ../../src/lib/krb5/krb/get_in_tkt.c:1704
	5580	#: ../../src/lib/krb5/krb/get_in_tkt.c:1689
5492	5581	msgid "Failed to store credentials"
5493	5582	msgstr ""
5494	5583
5495		#: ../../src/lib/krb5/krb/get_in_tkt.c:1793
	5584	#: ../../src/lib/krb5/krb/get_in_tkt.c:1778
5496	5585	#, c-format
5497	5586	msgid "Client '%s' not found in Kerberos database"
5498	5587	msgstr ""
5499	5588
5500		#: ../../src/lib/krb5/krb/gic_keytab.c:207
	5589	#: ../../src/lib/krb5/krb/gic_keytab.c:203
5501	5590	#, c-format
5502	5591	msgid "Keytab contains no suitable keys for %s"
5503	5592	msgstr ""

5564	5653	msgid "Pre-authentication failed"
5565	5654	msgstr ""
5566	5655
5567		#: ../../src/lib/krb5/krb/preauth2.c:1098
	5656	#: ../../src/lib/krb5/krb/preauth2.c:1046
5568	5657	msgid "Unable to initialize preauth context"
5569	5658	msgstr ""
5570	5659
5571		#: ../../src/lib/krb5/krb/preauth2.c:1111
	5660	#: ../../src/lib/krb5/krb/preauth2.c:1059
5572	5661	#, c-format
5573	5662	msgid "Preauth module %s"
5574	5663	msgstr ""

5638	5727	msgid "Challenge from authentication server"
5639	5728	msgstr ""
5640	5729
5641		#: ../../src/lib/krb5/krb/preauth_sam2.c:166
	5730	#: ../../src/lib/krb5/krb/preauth_sam2.c:164
5642	5731	msgid "SAM Authentication"
5643	5732	msgstr ""
5644	5733

5710	5799	"decrypt ticket"
5711	5800	msgstr ""
5712	5801
5713		#: ../../src/lib/krb5/krb/rd_req_dec.c:871
	5802	#: ../../src/lib/krb5/krb/rd_req_dec.c:856
5714	5803	#, c-format
5715	5804	msgid "Encryption type %s not permitted"
	5805	msgstr ""
	5806
	5807	#: ../../src/lib/krb5/krb/s4u_creds.c:1041
	5808	msgid "Realm specified but S4U2Proxy must use referral realm"
5716	5809	msgstr ""
5717	5810
5718	5811	#: ../../src/lib/krb5/os/expand_path.c:316

5739	5832	msgid "Cannot contact any KDC for realm '%.*s'"
5740	5833	msgstr ""
5741	5834
5742		#: ../../src/lib/krb5/rcache/rc_io.c:106
5743		#, c-format
5744		msgid "Cannot fstat replay cache file %s: %s"
5745		msgstr ""
5746
5747		#: ../../src/lib/krb5/rcache/rc_io.c:112
5748		#, c-format
5749		msgid ""
5750		"Insecure mkstemp() file mode for replay cache file %s; try running this "
5751		"program with umask 077"
5752		msgstr ""
5753
5754		#: ../../src/lib/krb5/rcache/rc_io.c:140
5755		#, c-format
5756		msgid "Cannot %s replay cache file %s: %s"
5757		msgstr ""
5758
5759		#: ../../src/lib/krb5/rcache/rc_io.c:145
5760		#, c-format
5761		msgid "Cannot %s replay cache: %s"
5762		msgstr ""
5763
5764		#: ../../src/lib/krb5/rcache/rc_io.c:268
5765		#, c-format
5766		msgid "Insecure file mode for replay cache file %s"
5767		msgstr ""
5768
5769		#: ../../src/lib/krb5/rcache/rc_io.c:274
5770		#, c-format
5771		msgid "rcache not owned by %d"
5772		msgstr ""
5773
5774		#: ../../src/lib/krb5/rcache/rc_io.c:398 ../../src/lib/krb5/rcache/rc_io.c:402
5775		#: ../../src/lib/krb5/rcache/rc_io.c:407
5776		#, c-format
5777		msgid "Can't write to replay cache: %s"
5778		msgstr ""
5779
5780		#: ../../src/lib/krb5/rcache/rc_io.c:428
5781		#, c-format
5782		msgid "Cannot sync replay cache file: %s"
5783		msgstr ""
5784
5785		#: ../../src/lib/krb5/rcache/rc_io.c:447
5786		#, c-format
5787		msgid "Can't read from replay cache: %s"
5788		msgstr ""
5789
5790		#: ../../src/lib/krb5/rcache/rc_io.c:478 ../../src/lib/krb5/rcache/rc_io.c:484
5791		#: ../../src/lib/krb5/rcache/rc_io.c:489
5792		#, c-format
5793		msgid "Can't destroy replay cache: %s"
5794		msgstr ""
5795
5796	5835	#: ../../src/plugins/kdb/db2/kdb_db2.c:245
5797	5836	#: ../../src/plugins/kdb/db2/kdb_db2.c:819
5798	5837	#, c-format

5813	5852	msgstr ""
5814	5853
5815	5854	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
5816		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:893
5817		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1094
5818		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1501
	5855	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:892
	5856	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1093
	5857	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1500
5819	5858	msgid "while reading kerberos container information"
5820	5859	msgstr ""
5821	5860

5823	5862	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
5824	5863	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
5825	5864	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
5826		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:151
5827		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:166
	5865	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:150
	5866	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:165
5828	5867	msgid "while providing time specification"
5829	5868	msgstr ""
5830	5869

5834	5873	msgstr ""
5835	5874
5836	5875	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
5837		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1509
	5876	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1508
5838	5877	msgid "while reading realm information"
5839	5878	msgstr ""
5840	5879

5871	5910	msgid "while listing policy objects"
5872	5911	msgstr ""
5873	5912
5874		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:453
	5913	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:452
5875	5914	#, c-format
5876	5915	msgid "for subtree while creating realm '%s'"
5877	5916	msgstr ""
5878	5917
5879		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:465
	5918	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:464
5880	5919	#, c-format
5881	5920	msgid "for container reference while creating realm '%s'"
5882	5921	msgstr ""
5883	5922
5884		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:490
	5923	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:489
5885	5924	#, c-format
5886	5925	msgid "invalid search scope while creating realm '%s'"
5887	5926	msgstr ""
5888	5927
5889		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:505
5890		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:829
	5928	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:504
	5929	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:828
5891	5930	#, c-format
5892	5931	msgid "'%s' is an invalid option\n"
5893	5932	msgstr ""
5894	5933
5895		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:513
	5934	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:512
5896	5935	#, c-format
5897	5936	msgid "Initializing database for realm '%s'\n"
5898	5937	msgstr ""
5899	5938
5900		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:537
5901		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:698
	5939	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:536
	5940	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:697
5902	5941	#, c-format
5903	5942	msgid "while creating realm '%s'"
5904	5943	msgstr ""
5905	5944
5906		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:557
	5945	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:556
5907	5946	#, c-format
5908	5947	msgid "Enter DN of Kerberos container: "
5909	5948	msgstr ""
5910	5949
5911		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:592
5912		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:900
	5950	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:591
	5951	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:899
5913	5952	#, c-format
5914	5953	msgid "while reading information of realm '%s'"
5915	5954	msgstr ""
5916	5955
5917		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:736
	5956	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:735
5918	5957	msgid "while reading Kerberos container information"
5919	5958	msgstr ""
5920	5959
5921		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:779
	5960	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:778
5922	5961	#, c-format
5923	5962	msgid "for subtree while modifying realm '%s'"
5924	5963	msgstr ""
5925	5964
5926		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:790
	5965	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:789
5927	5966	#, c-format
5928	5967	msgid "for container reference while modifying realm '%s'"
5929	5968	msgstr ""
5930	5969
5931		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:818
	5970	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:817
5932	5971	#, c-format
5933	5972	msgid "specified for search scope while modifying information of realm '%s'"
5934	5973	msgstr ""
5935	5974
5936		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:857
	5975	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:856
5937	5976	#, c-format
5938	5977	msgid "while modifying information of realm '%s'"
5939	5978	msgstr ""
5940	5979
5941		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:946
	5980	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:945
5942	5981	msgid "Realm Name"
5943	5982	msgstr ""
5944	5983
5945		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:949
	5984	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:948
5946	5985	msgid "Subtree"
5947	5986	msgstr ""
5948	5987
5949		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:952
	5988	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:951
5950	5989	msgid "Principal Container Reference"
5951	5990	msgstr ""
5952	5991
5953		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
5954		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:959
	5992	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:956
	5993	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:958
5955	5994	msgid "SearchScope"
5956	5995	msgstr ""
5957	5996
5958		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:957
	5997	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:956
5959	5998	msgid "Invalid !"
5960	5999	msgstr ""
5961	6000
5962		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:964
	6001	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:963
5963	6002	msgid "KDC Services"
5964	6003	msgstr ""
5965	6004
5966		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:979
	6005	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:978
5967	6006	msgid "Admin Services"
5968	6007	msgstr ""
5969	6008
5970		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:994
	6009	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:993
5971	6010	msgid "Passwd Services"
5972	6011	msgstr ""
5973	6012
5974		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1010
	6013	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1009
5975	6014	msgid "Maximum Ticket Life"
5976	6015	msgstr ""
5977	6016
5978		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1015
	6017	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1014
5979	6018	msgid "Maximum Renewable Life"
5980	6019	msgstr ""
5981	6020
5982		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1022
	6021	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1021
5983	6022	msgid "Ticket flags"
5984	6023	msgstr ""
5985	6024
5986		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1101
	6025	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1100
5987	6026	msgid "while listing realms"
5988	6027	msgstr ""
5989	6028
5990		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1433
	6029	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1432
5991	6030	msgid "while adding entries to database"
5992	6031	msgstr ""
5993	6032
5994		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1474
	6033	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1473
5995	6034	#, c-format
5996	6035	msgid "Deleting KDC database of '%s', are you sure?\n"
5997	6036	msgstr ""
5998	6037
5999		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1485
	6038	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1484
6000	6039	#, c-format
6001	6040	msgid "OK, deleting database of '%s'...\n"
6002	6041	msgstr ""
6003	6042
6004		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1518
	6043	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1517
6005	6044	#, c-format
6006	6045	msgid "deleting database of '%s'"
6007	6046	msgstr ""
6008	6047
6009		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1523
	6048	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1522
6010	6049	#, c-format
6011	6050	msgid "** Database of '%s' destroyed.\n"
6012	6051	msgstr ""

6017	6056
6018	6057	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:124
6019	6058	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:131
6020		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:139
6021		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:145
6022		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:173
6023		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:243
	6059	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:141
	6060	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:169
	6061	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:239
6024	6062	msgid "while setting service object password"
6025	6063	msgstr ""
6026	6064
6027		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:152
	6065	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:148
6028	6066	msgid "while getting service password filename"
6029	6067	msgstr ""
6030	6068
6031		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:165
6032		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:477
	6069	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:161
	6070	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:481
6033	6071	#, c-format
6034	6072	msgid "Password for \"%s\""
6035	6073	msgstr ""
6036	6074
6037		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168
	6075	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:164
6038	6076	#, c-format
6039	6077	msgid "Re-enter password for \"%s\""
6040	6078	msgstr ""
6041	6079
6042		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:179
	6080	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:175
6043	6081	#, c-format
6044	6082	msgid "%s: Invalid password\n"
6045	6083	msgstr ""
6046	6084
6047		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:189
	6085	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:185
6048	6086	msgid "Failed to convert the password to hexadecimal"
6049	6087	msgstr ""
6050	6088
6051		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199
	6089	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:195
6052	6090	#, c-format
6053	6091	msgid "Failed to open file %s: %s"
6054	6092	msgstr ""
6055	6093
6056		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:221
6057		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:263
6058		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:272
6059		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:299
	6094	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:217
	6095	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:259
	6096	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268
	6097	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:295
6060	6098	msgid "Failed to write service object password to file"
6061	6099	msgstr ""
6062	6100
6063		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:227
6064		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:284
	6101	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:223
	6102	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:280
6065	6103	msgid "Error reading service object password file"
6066	6104	msgstr ""
6067	6105
6068		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:252
	6106	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:248
6069	6107	#, c-format
6070	6108	msgid "Error creating file %s"
6071	6109	msgstr ""

6073	6111	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
6074	6112	#, c-format
6075	6113	msgid ""
6076		"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
	6114	"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri] [-r realm]\n"
6077	6115	"\tcmd [cmd_options]\n"
6078		"create [-subtrees subtree_dn_list] [-sscope search_scope] [-"
6079		"containerref container_reference_dn]\n"
6080		"\t\t[-m\|-P password\|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
6081		"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
6082		"\t\t[ticket_flags] [-r realm]\n"
6083		"modify [-subtrees subtree_dn_list] [-sscope search_scope] [-"
6084		"containerref container_reference_dn]\n"
6085		"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
6086		"\t\t[ticket_flags] [-r realm]\n"
6087		"view [-r realm]\n"
6088		"destroy [-f] [-r realm]\n"
	6116	"create [-subtrees subtree_dn_list] [-sscope search_scope]\n"
	6117	"\t\t[-containerref container_reference_dn]\n"
	6118	"\t\t[-m\|-P password\|-sf stashfilename] [-s]\n"
	6119	"\t\t[-k mkeytype] [-kv mkeyVNO] [-M mkeyname]\n"
	6120	"\t\t[-maxtktlife max_ticket_life]\n"
	6121	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
	6122	"modify [-subtrees subtree_dn_list] [-sscope search_scope]\n"
	6123	"\t\t[-containerref container_reference_dn]\n"
	6124	"\t\t[-maxtktlife max_ticket_life]\n"
	6125	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
	6126	"view\n"
	6127	"destroy [-f]\n"
6089	6128	"list\n"
6090	6129	"stashsrvpw [-f filename] service_dn\n"
6091		"create_policy [-r realm] [-maxtktlife max_ticket_life]\n"
	6130	"create_policy [-maxtktlife max_ticket_life]\n"
6092	6131	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
6093		"modify_policy [-r realm] [-maxtktlife max_ticket_life]\n"
	6132	"modify_policy [-maxtktlife max_ticket_life]\n"
6094	6133	"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
6095		"view_policy [-r realm] policy\n"
6096		"destroy_policy [-r realm] [-force] policy\n"
6097		"list_policy [-r realm]\n"
6098		msgstr ""
6099
6100		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:325
6101		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:333
6102		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:341
	6134	"view_policy policy\n"
	6135	"destroy_policy [-force] policy\n"
	6136	"list_policy\n"
	6137	msgstr ""
	6138
	6139	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:329
	6140	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337
	6141	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:345
6103	6142	msgid "while reading ldap parameters"
6104	6143	msgstr ""
6105	6144
6106		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:439
	6145	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:443
6107	6146	msgid "while initializing error handling"
6108	6147	msgstr ""
6109	6148
6110		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:447
	6149	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:451
6111	6150	msgid "while initializing ldap handle"
6112	6151	msgstr ""
6113	6152
6114		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:461
6115		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:470
6116		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:483
6117		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:525
	6153	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:465
	6154	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:474
	6155	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:487
	6156	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:529
6118	6157	msgid "while retrieving ldap configuration"
6119	6158	msgstr ""
6120	6159
6121		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:500
6122		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:507
6123		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:516
	6160	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:504
	6161	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:511
	6162	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:520
6124	6163	msgid "while initializing server list"
6125	6164	msgstr ""
6126	6165
6127		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:547
	6166	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:551
6128	6167	msgid "while setting up lib handle"
6129	6168	msgstr ""
6130	6169
6131		#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:556
	6170	#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:560
6132	6171	msgid "while reading ldap configuration"
6133	6172	msgstr ""
6134	6173

6141	6180	msgstr ""
6142	6181
6143	6182	#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214
6144		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:73
	6183	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:72
6145	6184	msgid "Error processing LDAP DB params"
6146	6185	msgstr ""
6147	6186
6148	6187	#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220
6149		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:79
	6188	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:78
6150	6189	msgid "Error reading LDAP server params"
6151	6190	msgstr ""
6152	6191

6179	6218	#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
6180	6219	#, c-format
6181	6220	msgid "Cannot create LDAP handle for '%s': %s"
6182		msgstr ""
6183
6184		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:129
6185		msgid "could not complete roll-back, error deleting Kerberos Container"
6186	6221	msgstr ""
6187	6222
6188	6223	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56

6217	6252	msgid "Minimum connections required per server is 2"
6218	6253	msgstr ""
6219	6254
6220		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:159
	6255	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:160
6221	6256	msgid "Default realm not set"
6222	6257	msgstr ""
6223	6258
6224		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:261
	6259	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:262
6225	6260	msgid "DN information missing"
6226	6261	msgstr ""
6227	6262
6228		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:473
	6263	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:474
6229	6264	msgid "dn information missing"
6230	6265	msgstr ""
6231	6266

6233	6268	msgid "Principal does not belong to realm"
6234	6269	msgstr ""
6235	6270
6236		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:308
6237		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:317
6238		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:325
	6271	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:305
	6272	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:314
	6273	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:322
6239	6274	#, c-format
6240	6275	msgid "%s option not supported"
6241	6276	msgstr ""
6242	6277
6243		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:332
	6278	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:329
6244	6279	#, c-format
6245	6280	msgid "unknown option: %s"
6246	6281	msgstr ""
6247	6282
6248		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:339
6249		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:346
	6283	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:336
	6284	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:343
6250	6285	#, c-format
6251	6286	msgid "%s option value missing"
6252	6287	msgstr ""
6253	6288
6254		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:671
	6289	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:676
6255	6290	msgid "DN is out of the realm subtree"
6256	6291	msgstr ""
6257	6292
6258		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:703
	6293	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:708
6259	6294	msgid "ldap object is already kerberized"
6260	6295	msgstr ""
6261	6296
6262		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:797
	6297	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:802
6263	6298	msgid "Principal does not belong to the default realm"
6264	6299	msgstr ""
6265	6300
6266		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:865
	6301	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:870
6267	6302	#, c-format
6268	6303	msgid ""
6269	6304	"operation can not continue, more than one entry with principal name \"%s\" "
6270	6305	"found"
6271	6306	msgstr ""
6272	6307
6273		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928
	6308	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:933
6274	6309	#, c-format
6275	6310	msgid "'%s' not found"
6276	6311	msgstr ""
6277	6312
6278		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992
	6313	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:997
6279	6314	#, c-format
6280	6315	msgid ""
6281	6316	"link information can not be set/updated as the kerberos principal belongs to "
6282	6317	"an ldap object"
6283	6318	msgstr ""
6284	6319
6285		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007
	6320	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1012
6286	6321	#, c-format
6287	6322	msgid "Failed getting object references"
6288	6323	msgstr ""
6289	6324
6290		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014
	6325	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1019
6291	6326	#, c-format
6292	6327	msgid "kerberos principal is already linked to a ldap object"
6293	6328	msgstr ""
6294	6329
6295		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1352
	6330	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1345
6296	6331	msgid "ticket policy object value: "
6297	6332	msgstr ""
6298	6333
6299		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1400
	6334	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1393
6300	6335	#, c-format
6301	6336	msgid "Principal delete failed (trying to replace entry): %s"
6302	6337	msgstr ""
6303	6338
6304		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1410
	6339	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1403
6305	6340	#, c-format
6306	6341	msgid "Principal add failed: %s"
6307	6342	msgstr ""
6308	6343
6309		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1448
	6344	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1441
6310	6345	#, c-format
6311	6346	msgid "User modification failed: %s"
6312	6347	msgstr ""
6313	6348
6314		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1521
	6349	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1514
6315	6350	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
6316	6351	msgid "Error reading ticket policy"
6317	6352	msgstr ""
6318	6353
6319		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1651
	6354	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1644
6320	6355	msgid "unable to decode stored principal key data"
6321	6356	msgstr ""
6322	6357
6323		#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1709
	6358	#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1702
6324	6359	msgid "unable to decode stored principal pw history"
6325	6360	msgstr ""
6326	6361

6482	6517	msgid "LMDB lockout update failure"
6483	6518	msgstr ""
6484	6519
6485		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:500
	6520	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:496
6486	6521	#, c-format
6487	6522	msgid "%s: %s"
6488	6523	msgstr ""
6489	6524
6490		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:530
	6525	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:526
6491	6526	#, c-format
6492	6527	msgid "%s (depth %d): %s"
6493	6528	msgstr ""
6494	6529
6495		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:773
6496		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4324
	6530	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:769
	6531	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4193
6497	6532	msgid "Pass phrase for"
6498	6533	msgstr ""
6499	6534
	6535	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1093
6500	6536	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1103
6501		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1113
6502		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1380
6503		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1390
6504		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1931
	6537	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1359
	6538	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1369
	6539	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1846
6505	6540	msgid "Failed to DER encode PKCS7"
6506	6541	msgstr ""
6507	6542
6508		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1204
	6543	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1194
6509	6544	msgid "Failed to verify own certificate"
6510	6545	msgstr ""
6511	6546
6512		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1364
	6547	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1343
6513	6548	msgid "Failed to add digest attribute"
6514	6549	msgstr ""
6515	6550
6516		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1492
	6551	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1465
6517	6552	msgid "Failed to decode CMS message"
6518	6553	msgstr ""
6519	6554
6520		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1510
	6555	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1483
6521	6556	msgid "Invalid pkinit packet: octet string expected"
6522	6557	msgstr ""
6523	6558
6524		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1528
	6559	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1501
6525	6560	msgid "wrong oid\n"
6526	6561	msgstr ""
6527	6562
6528		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1680
	6563	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1653
6529	6564	msgid "Failed to verify received certificate"
6530	6565	msgstr ""
6531	6566
6532		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1718
	6567	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1689
6533	6568	msgid "Failed to verify CMS message"
6534	6569	msgstr ""
6535	6570
6536		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1906
	6571	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1834
6537	6572	msgid "Failed to encrypt PKCS7 object"
6538	6573	msgstr ""
6539	6574
6540		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1981
	6575	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1892
6541	6576	msgid "Failed to decode PKCS7"
6542	6577	msgstr ""
6543	6578
6544		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1998
	6579	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1908
6545	6580	msgid "Failed to decrypt PKCS7 message"
6546	6581	msgstr ""
6547	6582
6548		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4444
	6583	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4313
6549	6584	#, c-format
6550	6585	msgid "Cannot read certificate file '%s'"
6551	6586	msgstr ""
6552	6587
6553		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4451
	6588	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4320
6554	6589	#, c-format
6555	6590	msgid "Cannot read key file '%s'"
6556	6591	msgstr ""
6557	6592
6558		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5313
	6593	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5182
6559	6594	#, c-format
6560	6595	msgid "Cannot open file '%s'"
6561	6596	msgstr ""
6562	6597
6563		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5320
	6598	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5189
6564	6599	#, c-format
6565	6600	msgid "Cannot read file '%s'"
6566	6601	msgstr ""
6567	6602
6568		#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5995
	6603	#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5799
6569	6604	#, c-format
6570	6605	msgid "unknown code 0x%x"
6571	6606	msgstr ""
6572	6607
6573		#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:419
	6608	#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:413
6574	6609	#, c-format
6575	6610	msgid "Unsupported type while processing '%s'\n"
6576	6611	msgstr ""
6577	6612
6578		#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:453
	6613	#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:448
6579	6614	msgid "Internal error parsing X509_user_identity\n"
6580	6615	msgstr ""
6581	6616
6582		#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:544
	6617	#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:539
6583	6618	msgid "No user identity options specified"
6584	6619	msgstr ""
6585	6620
6586		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:405
	6621	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:397
6587	6622	#, c-format
6588	6623	msgid "PKINIT: no freshness token, rejecting auth from %s"
6589	6624	msgstr ""
6590	6625
6591		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:409
	6626	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:401
6592	6627	#, c-format
6593	6628	msgid "PKINIT: freshness token received from %s"
6594	6629	msgstr ""
6595	6630
6596		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:411
	6631	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:403
6597	6632	#, c-format
6598	6633	msgid "PKINIT: no freshness token received from %s"
6599	6634	msgstr ""
6600	6635
6601		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:542
	6636	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:506
6602	6637	msgid "Pkinit request not signed, but client not anonymous."
6603	6638	msgstr ""
6604	6639
6605		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:580
	6640	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:540
6606	6641	msgid "Anonymous pkinit without DH public value not supported."
6607	6642	msgstr ""
6608	6643
6609		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1304
	6644	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1078
6610	6645	#, c-format
6611	6646	msgid "No pkinit_identity supplied for realm %s"
6612	6647	msgstr ""
6613	6648
6614		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1315
	6649	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1089
6615	6650	#, c-format
6616	6651	msgid "No pkinit_anchors supplied for realm %s"
6617	6652	msgstr ""
6618	6653
6619		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1335
	6654	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1109
6620	6655	#, c-format
6621	6656	msgid "OCSP is not supported: (realm: %s)"
6622	6657	msgstr ""
6623	6658
6624		#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1736
	6659	#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1510
6625	6660	msgid "No realms configured correctly for pkinit support"
6626	6661	msgstr ""
6627	6662

6634	6669	msgid "SPAKE challenge group not a permitted group: %s"
6635	6670	msgstr ""
6636	6671
6637		#: ../../src/plugins/preauth/spake/spake_kdc.c:536
	6672	#: ../../src/plugins/preauth/spake/spake_kdc.c:529
6638	6673	msgid "Unknown SPAKE request type"
6639	6674	msgstr ""
6640	6675

6642	6677	msgid "Kerberos library initialization failure"
6643	6678	msgstr ""
6644	6679
6645		#: ../../src/util/support/errors.c:93
	6680	#: ../../src/util/support/errors.c:83
	6681	msgid "Error code translation unavailable"
	6682	msgstr ""
	6683
	6684	#: ../../src/util/support/errors.c:92
6646	6685	#, c-format
6647	6686	msgid "error %ld"
6648	6687	msgstr ""
6649	6688
6650		#: ../../src/util/support/plugins.c:186
	6689	#: ../../src/util/support/plugins.c:200
6651	6690	#, c-format
6652	6691	msgid "unable to find plugin [%s]: %s"
6653	6692	msgstr ""
6654	6693
6655		#: ../../src/util/support/plugins.c:274
	6694	#: ../../src/util/support/plugins.c:288
6656	6695	msgid "unknown failure"
6657	6696	msgstr ""
6658	6697
6659		#: ../../src/util/support/plugins.c:277
	6698	#: ../../src/util/support/plugins.c:291
6660	6699	#, c-format
6661	6700	msgid "unable to load plugin [%s]: %s"
6662	6701	msgstr ""
6663	6702
6664		#: ../../src/util/support/plugins.c:300
	6703	#: ../../src/util/support/plugins.c:314
6665	6704	#, c-format
6666	6705	msgid "unable to load DLL [%s]"
6667	6706	msgstr ""
6668	6707
6669		#: ../../src/util/support/plugins.c:316
	6708	#: ../../src/util/support/plugins.c:330
6670	6709	#, c-format
6671	6710	msgid "plugin unavailable: %s"
6672	6711	msgstr ""

+1

-1

src/prototype/prototype.c less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1	1	/* prototype/prototype.c - <<< One-line description of file >>> */
2	2	/*
3		* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	3	* Copyright (C) 2020 by the Massachusetts Institute of Technology.
4	4	* All rights reserved.
5	5	*
6	6	* Redistribution and use in source and binary forms, with or without

+1

-1

src/prototype/prototype.h less more

0	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1	1	/* prototype/prototype.h - <<< One-line description of file >>> */
2	2	/*
3		* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	3	* Copyright (C) 2020 by the Massachusetts Institute of Technology.
4	4	* All rights reserved.
5	5	*
6	6	* Redistribution and use in source and binary forms, with or without

+17

-15

src/tests/Makefile.in less more

0	0	mydir=tests
1	1	BUILDTOP=$(REL)..
2	2	SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
3		gss-threads misc threads
	3	gss-threads misc threads softpkcs11
4	4
5	5	RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
6		LC_ALL=C $(VALGRIND)
	6	GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND)
7	7
8	8	OBJS= adata.o etinfo.o forward.o gcred.o hist.o hooks.o hrealm.o \
9	9	icinterleave.o icred.o kdbtest.o localauth.o plugorder.o rdreq.o \
10		responder.o s2p.o s4u2proxy.o unlockiter.o
	10	replay.o responder.o s2p.o s4u2self.o s4u2proxy.o unlockiter.o
11	11	EXTRADEPSRCS= adata.c etinfo.c forward.c gcred.c hist.c hooks.c hrealm.c \
12		icinterleave.c icred.c kdbtest.c localauth.c plugorder.c rdreq.o \
13		responder.c s2p.c s4u2proxy.c unlockiter.c
	12	icinterleave.c icred.c kdbtest.c localauth.c plugorder.c rdreq.c \
	13	replay.c responder.c s2p.c s4u2self.c s4u2proxy.c unlockiter.c
14	14
15	15	TEST_DB = ./testdb
16	16	TEST_REALM = FOO.TEST.REALM

62	62	rdreq: rdreq.o $(KRB5_BASE_DEPLIBS)
63	63	$(CC_LINK) -o $@ rdreq.o $(KRB5_BASE_LIBS)
64	64
	65	replay: replay.o $(KRB5_BASE_DEPLIBS)
	66	$(CC_LINK) -o $@ replay.o $(KRB5_BASE_LIBS)
	67
65	68	responder: responder.o $(KRB5_BASE_DEPLIBS)
66	69	$(CC_LINK) -o $@ responder.o $(KRB5_BASE_LIBS)
67	70
68	71	s2p: s2p.o $(KRB5_BASE_DEPLIBS)
69	72	$(CC_LINK) -o $@ s2p.o $(KRB5_BASE_LIBS)
	73
	74	s4u2self: s4u2self.o $(KRB5_BASE_DEPLIBS)
	75	$(CC_LINK) -o $@ s4u2self.o $(KRB5_BASE_LIBS)
70	76
71	77	s4u2proxy: s4u2proxy.o $(KRB5_BASE_DEPLIBS)
72	78	$(CC_LINK) -o $@ s4u2proxy.o $(KRB5_BASE_LIBS)

96	102	$(RUN_DB_TEST) ../tests/create/kdb5_mkdums $(KTEST_OPTS)
97	103	$(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
98	104	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump
99		$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -ov $(TEST_DB).ovdump
100	105	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
101	106	@echo "====> NOTE!"
102	107	@echo "The following 'create' command is needed due to a change"

104	109	@echo ====
105	110	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -W
106	111	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load $(TEST_DB).dump
107		$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load -update -ov $(TEST_DB).ovdump
108	112	$(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
109	113	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump2
110		$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -ov $(TEST_DB).ovdump2
111	114	sort $(TEST_DB).dump > $(TEST_DB).sort
112	115	sort $(TEST_DB).dump2 > $(TEST_DB).sort2
113		sort $(TEST_DB).ovdump > $(TEST_DB).ovsort
114		sort $(TEST_DB).ovdump2 > $(TEST_DB).ovsort2
115	116	cmp $(TEST_DB).sort $(TEST_DB).sort2
116		cmp $(TEST_DB).ovsort $(TEST_DB).ovsort2
117	117	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
118	118	$(RM) $(TEST_DB)* stash_file
119	119
120	120	check-pytests: adata etinfo forward gcred hist hooks hrealm icinterleave icred
121		check-pytests: kdbtest localauth plugorder rdreq responder s2p s4u2proxy
122		check-pytests: unlockiter
	121	check-pytests: kdbtest localauth plugorder rdreq replay responder s2p s4u2proxy
	122	check-pytests: unlockiter s4u2self
123	123	$(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS)
124	124	$(RUNPYTEST) $(srcdir)/t_hooks.py $(PYTESTFLAGS)
125	125	$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)

176	176	$(RUNPYTEST) $(srcdir)/t_y2038.py $(PYTESTFLAGS)
177	177	$(RUNPYTEST) $(srcdir)/t_kdcpolicy.py $(PYTESTFLAGS)
178	178	$(RUNPYTEST) $(srcdir)/t_u2u.py $(PYTESTFLAGS)
	179	$(RUNPYTEST) $(srcdir)/t_kdcoptions.py $(PYTESTFLAGS)
	180	$(RUNPYTEST) $(srcdir)/t_replay.py $(PYTESTFLAGS)
179	181
180	182	clean:
181	183	$(RM) adata etinfo forward gcred hist hooks hrealm icinterleave icred
182		$(RM) kdbtest localauth plugorder rdreq responder s2p s4u2proxy
183		$(RM) unlockiter
	184	$(RM) kdbtest localauth plugorder rdreq replay responder s2p s4u2proxy
	185	$(RM) unlockiter s4u2self
184	186	$(RM) krb5.conf kdc.conf
185	187	$(RM) -rf kdc_realm/sandbox ldap
186	188	$(RM) au.log

+50

-8

src/tests/adata.c less more

55	55	static krb5_context ctx;
56	56
57	57	static void display_authdata_list(krb5_authdata *list, krb5_keyblock skey,
58		krb5_keyblock *tktkey, char prefix_byte);
	58	krb5_keyblock *tktkey, char prefix_byte,
	59	krb5_boolean pac_expected);
59	60
60	61	static void
61	62	check(krb5_error_code code)

205	206	* must be the ticket session key. */
206	207	static void
207	208	display_authdata(krb5_authdata ad, krb5_keyblock skey, krb5_keyblock *tktkey,
208		int prefix_byte)
	209	int prefix_byte, krb5_boolean pac_expected)
209	210	{
210	211	krb5_authdata **inner_ad;
211	212

213	214	ad->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC \|\|
214	215	ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED \|\|
215	216	ad->ad_type == KRB5_AUTHDATA_CAMMAC) {
	217	if (ad->ad_type != KRB5_AUTHDATA_IF_RELEVANT)
	218	pac_expected = FALSE;
216	219	/* Decode and display the contents. */
217	220	inner_ad = get_container_contents(ad, skey, tktkey);
218		display_authdata_list(inner_ad, skey, tktkey, get_prefix_byte(ad));
	221	display_authdata_list(inner_ad, skey, tktkey, get_prefix_byte(ad),
	222	pac_expected);
219	223	krb5_free_authdata(ctx, inner_ad);
220	224	return;
221	225	}
	226
	227	assert(!pac_expected \|\| ad->ad_type == KRB5_AUTHDATA_WIN2K_PAC);
222	228
223	229	printf("%c", prefix_byte);
224	230	printf("%d: ", (int)ad->ad_type);

232	238
233	239	static void
234	240	display_authdata_list(krb5_authdata *list, krb5_keyblock skey,
235		krb5_keyblock *tktkey, char prefix_byte)
	241	krb5_keyblock *tktkey, char prefix_byte,
	242	krb5_boolean pac_expected)
236	243	{
237	244	if (list == NULL)
238	245	return;
239		for (; *list != NULL; list++)
240		display_authdata(*list, skey, tktkey, prefix_byte);
	246	/* Only expect a PAC in the first element, if at all. */
	247	for (; *list != NULL; list++) {
	248	display_authdata(*list, skey, tktkey, prefix_byte, pac_expected);
	249	pac_expected = FALSE;
	250	}
	251	}
	252
	253	/* If a PAC is present in enc_part2, verify its service signature with key and
	254	* set has_pac to true. /
	255	static void
	256	check_pac(krb5_context context, krb5_enc_tkt_part *enc_part2,
	257	const krb5_keyblock key, krb5_boolean has_pac)
	258	{
	259	krb5_authdata **authdata;
	260	krb5_pac pac;
	261
	262	*has_pac = FALSE;
	263
	264	check(krb5_find_authdata(context, enc_part2->authorization_data, NULL,
	265	KRB5_AUTHDATA_WIN2K_PAC, &authdata));
	266	if (authdata == NULL)
	267	return;
	268
	269	assert(authdata[1] == NULL);
	270	check(krb5_pac_parse(context, authdata[0]->contents, authdata[0]->length,
	271	&pac));
	272	krb5_free_authdata(context, authdata);
	273
	274	check(krb5_pac_verify(context, pac, enc_part2->times.authtime,
	275	enc_part2->client, key, NULL));
	276	krb5_pac_free(context, pac);
	277	*has_pac = TRUE;
241	278	}
242	279
243	280	int

251	288	krb5_ticket *ticket;
252	289	krb5_authdata *req_authdata = NULL, ad;
253	290	krb5_keytab_entry ktent;
	291	krb5_boolean with_pac;
254	292	size_t count;
255	293	int c;
256	294

302	340	check(krb5_get_credentials(ctx, KRB5_GC_NO_STORE, ccache, &in_creds,
303	341	&creds));
304	342
	343	assert(in_creds.authdata == NULL \|\| creds->authdata != NULL);
	344
305	345	check(krb5_decode_ticket(&creds->ticket, &ticket));
306	346	check(krb5_kt_default(ctx, &keytab));
307		check(krb5_kt_get_entry(ctx, keytab, server, ticket->enc_part.kvno,
	347	check(krb5_kt_get_entry(ctx, keytab, ticket->server, ticket->enc_part.kvno,
308	348	ticket->enc_part.enctype, &ktent));
309	349	check(krb5_decrypt_tkt_part(ctx, &ktent.key, ticket));
310	350
	351	check_pac(ctx, ticket->enc_part2, &ktent.key, &with_pac);
311	352	display_authdata_list(ticket->enc_part2->authorization_data,
312		ticket->enc_part2->session, &ktent.key, ' ');
	353	ticket->enc_part2->session, &ktent.key, ' ',
	354	with_pac);
313	355
314	356	while (count > 0) {
315	357	free(req_authdata[--count]->contents);

+1

-42

src/tests/asn.1/krb5_decode_test.c less more

41	41	#ifndef DISABLE_PKINIT
42	42	static int equal_principal(krb5_principal *ref, krb5_principal var);
43	43	static void ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val);
44		static void ktest_free_auth_pack_draft9(krb5_context context,
45		krb5_auth_pack_draft9 *val);
46	44	static void ktest_free_kdc_dh_key_info(krb5_context context,
47	45	krb5_kdc_dh_key_info *val);
48	46	static void ktest_free_pa_pk_as_req(krb5_context context,

51	49	krb5_pa_pk_as_rep *val);
52	50	static void ktest_free_reply_key_pack(krb5_context context,
53	51	krb5_reply_key_pack *val);
54		static void ktest_free_reply_key_pack_draft9(krb5_context context,
55		krb5_reply_key_pack_draft9 *val);
56	52	#endif
57	53	static void ktest_free_kkdcp_message(krb5_context context,
58	54	krb5_kkdcp_message *val);

933	929	/* decode_sam_challenge_2_body */
934	930	{
935	931	setup(krb5_sam_challenge_2_body,ktest_make_sample_sam_challenge_2_body);
936		decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
	932	decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
937	933	ktest_empty_sam_challenge_2_body(&ref);
938	934
939	935	}

1183	1179	}
1184	1180
1185	1181	/****************************************************************/
1186		/* decode_krb5_auth_pack_draft9 */
1187		{
1188		setup(krb5_auth_pack_draft9,ktest_make_sample_auth_pack_draft9);
1189		decode_run("krb5_auth_pack_draft9","","30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61",
1190		acc.decode_krb5_auth_pack_draft9,
1191		ktest_equal_auth_pack_draft9,ktest_free_auth_pack_draft9);
1192		ktest_empty_auth_pack_draft9(&ref);
1193		}
1194
1195		/****************************************************************/
1196	1182	/* decode_krb5_kdc_dh_key_info */
1197	1183	{
1198	1184	setup(krb5_kdc_dh_key_info,ktest_make_sample_kdc_dh_key_info);

1210	1196	acc.decode_krb5_reply_key_pack,
1211	1197	ktest_equal_reply_key_pack,ktest_free_reply_key_pack);
1212	1198	ktest_empty_reply_key_pack(&ref);
1213		}
1214
1215		/****************************************************************/
1216		/* decode_krb5_reply_key_pack_draft9 */
1217		{
1218		setup(krb5_reply_key_pack_draft9,ktest_make_sample_reply_key_pack_draft9);
1219		decode_run("krb5_reply_key_pack_draft9","","30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A",
1220		acc.decode_krb5_reply_key_pack_draft9,
1221		ktest_equal_reply_key_pack_draft9,ktest_free_reply_key_pack_draft9);
1222		ktest_empty_reply_key_pack_draft9(&ref);
1223	1199	}
1224	1200
1225	1201	/****************************************************************/

1279	1255	}
1280	1256
1281	1257	static void
1282		ktest_free_auth_pack_draft9(krb5_context context, krb5_auth_pack_draft9 *val)
1283		{
1284		if (val)
1285		ktest_empty_auth_pack_draft9(val);
1286		free(val);
1287		}
1288
1289		static void
1290	1258	ktest_free_kdc_dh_key_info(krb5_context context, krb5_kdc_dh_key_info *val)
1291	1259	{
1292	1260	if (val)

1315	1283	{
1316	1284	if (val)
1317	1285	ktest_empty_reply_key_pack(val);
1318		free(val);
1319		}
1320
1321		static void
1322		ktest_free_reply_key_pack_draft9(krb5_context context,
1323		krb5_reply_key_pack_draft9 *val)
1324		{
1325		if (val)
1326		ktest_empty_reply_key_pack_draft9(val);
1327	1286	free(val);
1328	1287	}
1329	1288

+0

-40

src/tests/asn.1/krb5_encode_test.c less more

797	797	ktest_empty_pa_pk_as_req(&req);
798	798	}
799	799	/****************************************************************/
800		/* encode_krb5_pa_pk_as_req_draft9 */
801		{
802		krb5_pa_pk_as_req_draft9 req;
803		ktest_make_sample_pa_pk_as_req_draft9(&req);
804		encode_run(req, "pa_pk_as_req_draft9", "",
805		acc.encode_krb5_pa_pk_as_req_draft9);
806		ktest_empty_pa_pk_as_req_draft9(&req);
807		}
808		/****************************************************************/
809	800	/* encode_krb5_pa_pk_as_rep */
810	801	{
811	802	krb5_pa_pk_as_rep rep;

819	810	ktest_empty_pa_pk_as_rep(&rep);
820	811	}
821	812	/****************************************************************/
822		/* encode_krb5_pa_pk_as_rep_draft9 */
823		{
824		krb5_pa_pk_as_rep_draft9 rep;
825		ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep);
826		encode_run(rep, "pa_pk_as_rep_draft9", "(dhSignedData)",
827		acc.encode_krb5_pa_pk_as_rep_draft9);
828		ktest_empty_pa_pk_as_rep_draft9(&rep);
829		ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep);
830		encode_run(rep, "pa_pk_as_rep_draft9", "(encKeyPack)",
831		acc.encode_krb5_pa_pk_as_rep_draft9);
832		ktest_empty_pa_pk_as_rep_draft9(&rep);
833		}
834		/****************************************************************/
835	813	/* encode_krb5_auth_pack */
836	814	{
837	815	krb5_auth_pack pack;

840	818	ktest_empty_auth_pack(&pack);
841	819	}
842	820	/****************************************************************/
843		/* encode_krb5_auth_pack_draft9_draft9 */
844		{
845		krb5_auth_pack_draft9 pack;
846		ktest_make_sample_auth_pack_draft9(&pack);
847		encode_run(pack, "auth_pack_draft9", "",
848		acc.encode_krb5_auth_pack_draft9);
849		ktest_empty_auth_pack_draft9(&pack);
850		}
851		/****************************************************************/
852	821	/* encode_krb5_kdc_dh_key_info */
853	822	{
854	823	krb5_kdc_dh_key_info ki;

863	832	ktest_make_sample_reply_key_pack(&pack);
864	833	encode_run(pack, "reply_key_pack", "", acc.encode_krb5_reply_key_pack);
865	834	ktest_empty_reply_key_pack(&pack);
866		}
867		/****************************************************************/
868		/* encode_krb5_reply_key_pack_draft9 */
869		{
870		krb5_reply_key_pack_draft9 pack;
871		ktest_make_sample_reply_key_pack_draft9(&pack);
872		encode_run(pack, "reply_key_pack_draft9", "",
873		acc.encode_krb5_reply_key_pack_draft9);
874		ktest_empty_reply_key_pack_draft9(&pack);
875	835	}
876	836	/****************************************************************/
877	837	/* encode_krb5_sp80056a_other_info */

+3

-88

src/tests/asn.1/ktest.c less more

506	506	krb5_data_parse(&p->sam_response_prompt, "response_prompt ipse");
507	507	p->sam_pk_for_sad = empty_data();
508	508	p->sam_nonce = 0x543210;
509		p->sam_etype = ENCTYPE_DES_CBC_CRC;
	509	p->sam_etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
510	510	}
511	511
512	512	void

517	517	p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
518	518	krb5_data_parse(&p->sam_track_id, "track data");
519	519	krb5_data_parse(&p->sam_enc_nonce_or_sad.ciphertext, "nonce or sad");
520		p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC;
	520	p->sam_enc_nonce_or_sad.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
521	521	p->sam_enc_nonce_or_sad.kvno = 3382;
522	522	p->sam_nonce = 0x543210;
523	523	}

729	729	}
730	730
731	731	static void
732		ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
733		{
734		ktest_make_sample_principal(&p->kdcName);
735		p->cusec = SAMPLE_USEC;
736		p->ctime = SAMPLE_TIME;
737		p->nonce = SAMPLE_NONCE;
738		}
739
740		static void
741	732	ktest_make_sample_oid(krb5_data *p)
742	733	{
743	734	krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");

787	778	ktest_make_sample_data(&p->kdcPkId);
788	779	}
789	780
790		void
791		ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
792		{
793		ktest_make_sample_data(&p->signedAuthPack);
794		ktest_make_sample_data(&p->kdcCert);
795		}
796
797	781	static void
798	782	ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
799	783	{

814	798	ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
815	799	{
816	800	p->choice = choice_pa_pk_as_rep_encKeyPack;
817		ktest_make_sample_data(&p->u.encKeyPack);
818		}
819
820		void
821		ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p)
822		{
823		p->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
824		ktest_make_sample_data(&p->u.dhSignedData);
825		}
826
827		void
828		ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p)
829		{
830		p->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
831	801	ktest_make_sample_data(&p->u.encKeyPack);
832	802	}
833	803

851	821	}
852	822
853	823	void
854		ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p)
855		{
856		ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator);
857		p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
858		ktest_make_sample_subject_pk_info(p->clientPublicValue);
859		}
860
861		void
862	824	ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
863	825	{
864	826	ktest_make_sample_data(&p->subjectPublicKey);

871	833	{
872	834	ktest_make_sample_keyblock(&p->replyKey);
873	835	ktest_make_sample_checksum(&p->asChecksum);
874		}
875
876		void
877		ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
878		{
879		ktest_make_sample_keyblock(&p->replyKey);
880		p->nonce = SAMPLE_NONCE;
881	836	}
882	837
883	838	void

892	847	void
893	848	ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
894	849	{
895		p->enctype = ENCTYPE_DES_CBC_CRC;
	850	p->enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
896	851	ktest_make_sample_data(&p->as_req);
897	852	ktest_make_sample_data(&p->pk_as_rep);
898	853	}

1717	1672	}
1718	1673
1719	1674	static void
1720		ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
1721		{
1722		ktest_destroy_principal(&p->kdcName);
1723		}
1724
1725		static void
1726	1675	ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
1727	1676	{
1728	1677	ktest_empty_algorithm_identifier(&p->algorithm);

1751	1700	free(p->trustedCertifiers);
1752	1701	p->trustedCertifiers = NULL;
1753	1702	ktest_empty_data(&p->kdcPkId);
1754		}
1755
1756		void
1757		ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
1758		{
1759		ktest_empty_data(&p->signedAuthPack);
1760		ktest_empty_data(&p->kdcCert);
1761	1703	}
1762	1704
1763	1705	static void

1776	1718	else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
1777	1719	ktest_empty_data(&p->u.encKeyPack);
1778	1720	p->choice = choice_pa_pk_as_rep_UNKNOWN;
1779		}
1780
1781		void
1782		ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p)
1783		{
1784		if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
1785		ktest_empty_data(&p->u.dhSignedData);
1786		else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
1787		ktest_empty_data(&p->u.encKeyPack);
1788		p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
1789	1721	}
1790	1722
1791	1723	void

1820	1752	}
1821	1753
1822	1754	void
1823		ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p)
1824		{
1825		ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator);
1826		if (p->clientPublicValue != NULL) {
1827		ktest_empty_subject_pk_info(p->clientPublicValue);
1828		free(p->clientPublicValue);
1829		p->clientPublicValue = NULL;
1830		}
1831		}
1832
1833		void
1834	1755	ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
1835	1756	{
1836	1757	ktest_empty_data(&p->subjectPublicKey);

1841	1762	{
1842	1763	ktest_empty_keyblock(&p->replyKey);
1843	1764	ktest_empty_checksum(&p->asChecksum);
1844		}
1845
1846		void
1847		ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
1848		{
1849		ktest_empty_keyblock(&p->replyKey);
1850	1765	}
1851	1766
1852	1767	void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)

+0

-11

src/tests/asn.1/ktest.h less more

100	100
101	101	#ifndef DISABLE_PKINIT
102	102	void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
103		void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
104	103	void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
105	104	void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
106		void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(
107		krb5_pa_pk_as_rep_draft9 *p);
108		void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(
109		krb5_pa_pk_as_rep_draft9 *p);
110	105	void ktest_make_sample_auth_pack(krb5_auth_pack *p);
111		void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p);
112	106	void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
113	107	void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
114		void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
115	108	void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
116	109	void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
117	110	#endif

196	189
197	190	#ifndef DISABLE_PKINIT
198	191	void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
199		void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
200	192	void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
201		void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p);
202	193	void ktest_empty_auth_pack(krb5_auth_pack *p);
203		void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p);
204	194	void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
205	195	void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
206		void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
207	196	void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
208	197	void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
209	198	#endif

+2

-53

src/tests/asn.1/ktest_equal.c less more

876	876	}
877	877
878	878	static int
879		ktest_equal_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *ref,
880		krb5_pk_authenticator_draft9 *var)
881		{
882		int p = TRUE;
883		if (ref == var) return TRUE;
884		else if (ref == NULL \|\| var == NULL) return FALSE;
885		p = p && ptr_equal(kdcName, ktest_equal_principal_data);
886		p = p && scalar_equal(cusec);
887		p = p && scalar_equal(ctime);
888		p = p && scalar_equal(nonce);
889		return p;
890		}
891
892		static int
893	879	ktest_equal_subject_pk_info(krb5_subject_pk_info *ref,
894	880	krb5_subject_pk_info *var)
895	881	{

933	919	p = p && ptr_equal(trustedCertifiers,
934	920	ktest_equal_sequence_of_external_principal_identifier);
935	921	p = p && equal_str(kdcPkId);
936		return p;
937		}
938
939		int
940		ktest_equal_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *ref,
941		krb5_pa_pk_as_req_draft9 *var)
942		{
943		int p = TRUE;
944		if (ref == var) return TRUE;
945		else if (ref == NULL \|\| var == NULL) return FALSE;
946		p = p && equal_str(signedAuthPack);
947		p = p && equal_str(kdcCert);
948	922	return p;
949	923	}
950	924

996	970	}
997	971
998	972	int
999		ktest_equal_auth_pack_draft9(krb5_auth_pack_draft9 *ref,
1000		krb5_auth_pack_draft9 *var)
1001		{
1002		int p = TRUE;
1003		if (ref == var) return TRUE;
1004		else if (ref == NULL \|\| var == NULL) return FALSE;
1005		p = p && struct_equal(pkAuthenticator,
1006		ktest_equal_pk_authenticator_draft9);
1007		p = p && ptr_equal(clientPublicValue, ktest_equal_subject_pk_info);
1008		return p;
1009		}
1010
1011		int
1012	973	ktest_equal_kdc_dh_key_info(krb5_kdc_dh_key_info *ref,
1013	974	krb5_kdc_dh_key_info *var)
1014	975	{

1032	993	return p;
1033	994	}
1034	995
1035		int
1036		ktest_equal_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *ref,
1037		krb5_reply_key_pack_draft9 *var)
1038		{
1039		int p = TRUE;
1040		if (ref == var) return TRUE;
1041		else if (ref == NULL \|\| var == NULL) return FALSE;
1042		p = p && struct_equal(replyKey, ktest_equal_keyblock);
1043		p = p && scalar_equal(nonce);
1044		return p;
1045		}
1046
1047	996	#endif /* not DISABLE_PKINIT */
1048	997
1049	998	int

1054	1003	else if (ref == NULL \|\| var == NULL) return FALSE;
1055	1004	p = p && data_eq(ref->kerb_message, var->kerb_message);
1056	1005	p = p && data_eq(ref->target_domain, var->target_domain);
1057		p = p && (ref->dclocator_hint == var->dclocator_hint);
	1006	p = p && scalar_equal(dclocator_hint);
1058	1007	return p;
1059	1008	}
1060	1009

1097	1046	if (ref == var) return TRUE;
1098	1047	else if (ref == NULL \|\| var == NULL) return FALSE;
1099	1048	p = p && ktest_equal_sequence_of_pa_data(ref->data, var->data);
1100		p = p && ref->time == ref->time;
	1049	p = p && scalar_equal(time);
1101	1050	return p;
1102	1051	}
1103	1052

+0

-3

src/tests/asn.1/ktest_equal.h less more

138	138
139	139	#ifndef DISABLE_PKINIT
140	140	generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req);
141		generic(ktest_equal_pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9);
142	141	generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep);
143	142	generic(ktest_equal_auth_pack, krb5_auth_pack);
144		generic(ktest_equal_auth_pack_draft9, krb5_auth_pack_draft9);
145	143	generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info);
146	144	generic(ktest_equal_reply_key_pack, krb5_reply_key_pack);
147		generic(ktest_equal_reply_key_pack_draft9, krb5_reply_key_pack_draft9);
148	145	#endif /* not DISABLE_PKINIT */
149	146
150	147	int ktest_equal_kkdcp_message(krb5_kkdcp_message *ref,

+1

-6

src/tests/asn.1/pkinit_encode.out less more

0	0	encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
1		encode_krb5_pa_pk_as_req_draft9: 30 14 80 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
2	1	encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
3	2	encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
4		encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
5		encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
6	3	encode_krb5_auth_pack: 30 81 9F A0 35 30 33 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A4 0A 04 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
7		encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61
8	4	encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
9	5	encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
10		encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A
11	6	encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
12		encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
	7	encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 14 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61

+1

-48

src/tests/asn.1/pkinit_trval.out less more

14	14	. [2] <8>
15	15	6b 72 62 35 64 61 74 61 krb5data
16	16
17		encode_krb5_pa_pk_as_req_draft9:
18
19		[Sequence/Sequence Of]
20		. [0] <8>
21		6b 72 62 35 64 61 74 61 krb5data
22		. [2] <8>
23		6b 72 62 35 64 61 74 61 krb5data
24
25	17	encode_krb5_pa_pk_as_rep(dhInfo):
26	18
27	19	[CONT 0]

34	26	6b 72 62 35 64 61 74 61 krb5data
35	27
36	28	encode_krb5_pa_pk_as_rep(encKeyPack):
37
38		[CONT 1] <8>
39		6b 72 62 35 64 61 74 61 krb5data
40
41		encode_krb5_pa_pk_as_rep_draft9(dhSignedData):
42
43		[CONT 0] <8>
44		6b 72 62 35 64 61 74 61 krb5data
45
46		encode_krb5_pa_pk_as_rep_draft9(encKeyPack):
47	29
48	30	[CONT 1] <8>
49	31	6b 72 62 35 64 61 74 61 krb5data

78	60	. . . [0] [Object Identifier] <8>
79	61	6b 72 62 35 64 61 74 61 krb5data
80	62
81		encode_krb5_auth_pack_draft9:
82
83		[Sequence/Sequence Of]
84		. [0] [Sequence/Sequence Of]
85		. . [0] [Sequence/Sequence Of]
86		. . . [0] [Integer] 1
87		. . . [1] [Sequence/Sequence Of]
88		. . . . [General string] "hftsai"
89		. . . . [General string] "extra"
90		. . [1] [General string] "ATHENA.MIT.EDU"
91		. . [2] [Integer] 123456
92		. . [3] [Generalized Time] "19940610060317Z"
93		. . [4] [Integer] 42
94		. [1] [Sequence/Sequence Of]
95		. . [Sequence/Sequence Of]
96		. . . [Object Identifier] <9>
97		2a 86 48 86 f7 12 01 02 02 *.H......
98		. . . [Octet String] "params"
99		. . [Bit String] <9>
100		00 6b 72 62 35 64 61 74 61 .krb5data
101
102	63	encode_krb5_kdc_dh_key_info:
103	64
104	65	[Sequence/Sequence Of]

116	77	. [1] [Sequence/Sequence Of]
117	78	. . [0] [Integer] 1
118	79	. . [1] [Octet String] "1234"
119
120		encode_krb5_reply_key_pack_draft9:
121
122		[Sequence/Sequence Of]
123		. [0] [Sequence/Sequence Of]
124		. . [0] [Integer] 1
125		. . [1] [Octet String] "12345678"
126		. [1] [Integer] 42
127	80
128	81	encode_krb5_sp80056a_other_info:
129	82

144	97	encode_krb5_pkinit_supp_pub_info:
145	98
146	99	[Sequence/Sequence Of]
147		. [0] [Integer] 1
	100	. [0] [Integer] 20
148	101	. [1] [Octet String] "krb5data"
149	102	. [2] [Octet String] "krb5data"

+2

-2

src/tests/asn.1/reference_encode.out less more

48	48	encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
49	49	encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
50	50	encode_krb5_sam_challenge_2: 30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
51		encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01
52		encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 01 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
	51	encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14
	52	encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 14 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
53	53	encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32
54	54	encode_krb5_pa_for_user: 30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61
55	55	encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34

+2

-2

src/tests/asn.1/trval_reference.out less more

1179	1179	. [5] [Octet String] "challenge ipse"
1180	1180	. [6] [Octet String] "response_prompt ipse"
1181	1181	. [8] [Integer] 5517840
1182		. [9] [Integer] 1
	1182	. [9] [Integer] 20
1183	1183
1184	1184	encode_krb5_sam_response_2:
1185	1185

1188	1188	. [1] [Bit String] 0x80000000
1189	1189	. [2] [Octet String] "track data"
1190	1190	. [3] [Sequence/Sequence Of]
1191		. . [0] [Integer] 1
	1191	. . [0] [Integer] 20
1192	1192	. . [1] [Integer] 3382
1193	1193	. . [2] [Octet String] "nonce or sad"
1194	1194	. [4] [Integer] 5517840

+71

-282

src/tests/dejagnu/config/default.exp less more

15	15	set env(TERM) dumb
16	16
17	17	set des3_krbtgt 0
18		set tgt_support_desmd5 0
19
20		# The names of the individual passes must be unique; lots of things
21		# depend on it. The PASSES variable may not contain comments; only
22		# small pieces get evaluated, so comments will do strange things.
23
24		# Most of the purpose of using multiple passes is to exercise the
25		# dependency of various bugs on configuration file settings,
26		# particularly with regards to encryption types.
27
28		# The des.no-kdc-md5 pass will fail if the KDC does not constrain
29		# session key enctypes to those in its permitted_enctypes list. It
30		# works by assuming enctype similarity, thus allowing the client to
31		# request a des-cbc-md4 session key. Since only des-cbc-crc is in the
32		# KDC's permitted_enctypes list, the TGT will be unusable.
33	18
34	19	if { [string length $VALGRIND] } {
35	20	rename spawn valgrind_aux_spawn

110	95	}
111	96	}
112	97
113		# The des.des3-tgt.no-kdc-des3 pass will fail if the KDC doesn't
114		# constrain ticket key enctypes to those in permitted_enctypes. It
115		# does this by not putting des3 in the permitted_enctypes, while
116		# creating a TGT princpal that has a des3 key as well as a des key.
117
118		# XXX -- master_key_type is fragile w.r.t. permitted_enctypes; it is
119		# possible to configure things such that you have a master_key_type
120		# that is not permitted, and the error message used to be cryptic.
	98	# The names of the individual passes must be unique; lots of things
	99	# depend on it. The PASSES variable may not contain comments; only
	100	# small pieces get evaluated, so comments will do strange things.
	101
	102	# Most of the purpose of using multiple passes is to exercise the
	103	# dependency of various bugs on configuration file settings,
	104	# particularly with regards to encryption types.
121	105
122	106	set passes {
123		{
124		des
125		mode=udp
126		des3_krbtgt=0
127		{supported_enctypes=des-cbc-crc:normal}
128		{dummy=[verbose -log "DES TGT, DES enctype"]}
129		}
130		{
131		des.des3tgt
132		mode=udp
133		des3_krbtgt=1
134		{supported_enctypes=des-cbc-crc:normal}
135		{dummy=[verbose -log "DES3 TGT, DES enctype"]}
136		}
137	107	{
138	108	des3
139	109	mode=udp
140	110	des3_krbtgt=1
141		{supported_enctypes=des3-cbc-sha1:normal des-cbc-crc:normal}
142		{dummy=[verbose -log "DES3 TGT, DES3 + DES enctypes"]}
143		}
144		{
145		aes-des
146		mode=udp
147		des3_krbtgt=0
148		{supported_enctypes=aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal}
149		{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des-cbc-crc}
150		{permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des-cbc-crc}
151		{permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des-cbc-crc}
152		{master_key_type=aes256-cts-hmac-sha1-96}
153		{dummy=[verbose -log "AES + DES enctypes"]}
	111	{supported_enctypes=des3-cbc-sha1:normal}
	112	{dummy=[verbose -log "DES3 TGT, DES3 enctype"]}
154	113	}
155	114	{
156	115	aes-only

176	135	{permitted_enctypes(replica)=aes256-sha2}
177	136	{permitted_enctypes(client)=aes256-sha2}
178	137	{permitted_enctypes(server)=aes256-sha2}
179		{default_tgs_enctypes(kdc)=aes256-sha2}
180		{default_tgs_enctypes(replica)=aes256-sha2}
181		{default_tgs_enctypes(client)=aes256-sha2}
182		{default_tgs_enctypes(server)=aes256-sha2}
183		{default_tkt_enctypes(kdc)=aes256-sha2}
184		{default_tkt_enctypes(replica)=aes256-sha2}
185		{default_tkt_enctypes(client)=aes256-sha2}
186		{default_tkt_enctypes(server)=aes256-sha2}
187	138	{allow_weak_crypto(kdc)=false}
188	139	{allow_weak_crypto(replica)=false}
189	140	{allow_weak_crypto(client)=false}

200	151	{permitted_enctypes(replica)=camellia256-cts}
201	152	{permitted_enctypes(client)=camellia256-cts}
202	153	{permitted_enctypes(server)=camellia256-cts}
203		{default_tgs_enctypes(kdc)=camellia256-cts}
204		{default_tgs_enctypes(replica)=camellia256-cts}
205		{default_tgs_enctypes(client)=camellia256-cts}
206		{default_tgs_enctypes(server)=camellia256-cts}
207		{default_tkt_enctypes(kdc)=camellia256-cts}
208		{default_tkt_enctypes(replica)=camellia256-cts}
209		{default_tkt_enctypes(client)=camellia256-cts}
210		{default_tkt_enctypes(server)=camellia256-cts}
211	154	{allow_weak_crypto(kdc)=false}
212	155	{allow_weak_crypto(replica)=false}
213	156	{allow_weak_crypto(client)=false}

219	162	aes-des3
220	163	mode=udp
221	164	des3_krbtgt=0
222		{supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
223		{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
224		{permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
225		{permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
	165	{supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal}
	166	{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
	167	{permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
	168	{permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
226	169	{master_key_type=aes256-cts-hmac-sha1-96}
227	170	{dummy=[verbose -log "AES + DES3 + DES enctypes"]}
228	171	}

230	173	aes-des3tgt
231	174	mode=udp
232	175	des3_krbtgt=1
233		{supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
234		{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
235		{permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
236		{permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
	176	{supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal}
	177	{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
	178	{permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
	179	{permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1}
237	180	{master_key_type=aes256-cts-hmac-sha1-96}
238		{dummy=[verbose -log "AES + DES enctypes, DES3 TGT"]}
239		}
240		{
241		des-v4
242		mode=udp
243		des3_krbtgt=0
244		{supported_enctypes=des-cbc-crc:v4}
245		{default_tkt_enctypes(client)=des-cbc-crc}
246		{dummy=[verbose -log "DES TGT, DES-CRC enctype, V4 salt"]}
247		}
248		{
249		des-md5-v4
250		mode=udp
251		des3_krbtgt=0
252		{supported_enctypes=des-cbc-md5:v4 des-cbc-crc:v4}
253		{default_tkt_enctypes(client)=des-cbc-md5 des-cbc-crc}
254		{dummy=[verbose -log "DES TGT, DES-MD5 and -CRC enctypes, V4 salt"]}
	181	{dummy=[verbose -log "AES enctypes, DES3 TGT"]}
255	182	}
256	183	{
257	184	all-enctypes

263	190	{allow_weak_crypto(server)=false}
264	191	{dummy=[verbose -log "all default enctypes"]}
265	192	}
266		{
267		des.no-kdc-md5
268		mode=udp
269		des3_krbtgt=0
270		tgt_support_desmd5=0
271		{permitted_enctypes(kdc)=des-cbc-crc}
272		{default_tgs_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
273		{default_tkt_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
274		{supported_enctypes=des-cbc-crc:normal}
275		{master_key_type=des-cbc-crc}
276		{dummy=[verbose -log \
277		"DES TGT, KDC permitting only des-cbc-crc"]}
278		}
279		{
280		des.des3-tgt.no-kdc-des3
281		mode=udp
282		tgt_support_desmd5=0
283		{permitted_enctypes(kdc)=des-cbc-crc}
284		{default_tgs_enctypes(client)=des-cbc-crc}
285		{default_tkt_enctypes(client)=des-cbc-crc}
286		{supported_enctypes=des3-cbc-sha1:normal des-cbc-crc:normal}
287		{master_key_type=des-cbc-crc}
288		{dummy=[verbose -log \
289		"DES3 TGT, KDC permitting only des-cbc-crc"]}
290		}
291		}
292
293		# des.md5-tgt is set as unused, since it won't trigger the error case
294		# if SUPPORT_DESMD5 isn't honored.
295
296		# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
297		# between 1.0.x and 1.1, the decrypt functions became more strict
298		# about matching enctypes, while the KDB retrieval functions didn't
299		# coerce the enctype to match what was requested. It works by setting
300		# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
301		# des-cbc-md5 on the TGT key. Since the database only contains a
302		# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
303
304		# des.no-kdc-md5.client-md4-skey is retained in unsed_passes, even
305		# though des.no-kdc-md5 is roughly equivalent, since the associated
306		# comment needs additional investigation at some point re the kadmin
307		# client.
308
309		# The des.no-kdc-md5.client-md4-skey will fail on TGS requests due to
310		# the KDC issuing session keys that it won't accept. It will also
311		# fail for a kadmin client, but for different reasons, since the kadm5
312		# library does some curious filtering of enctypes, and also uses
313		# get_in_tkt() rather than get_init_creds(); the former does an
314		# intersection of the enctypes provided by the caller and those listed
315		# in the config file!
316
317		set unused_passes {
318		{
319		des.md5-tgt
320		des3_krbtgt=0
321		tgt_support_desmd5=1
322		supported_enctypes=des-cbc-crc:normal
323		{permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
324		{permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
325		{dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
326		}
327		{
328		des.md5-tgt.no-kdc-md5
329		des3_krbtgt=0
330		tgt_support_desmd5=1
331		{permitted_enctypes(kdc)=des-cbc-crc}
332		{default_tgs_enctypes(client)=des-cbc-crc}
333		{default_tkt_enctypes(client)=des-cbc-crc}
334		{supported_enctypes=des-cbc-crc:normal}
335		{master_key_type=des-cbc-crc}
336		{dummy=[verbose -log \
337		"DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
338		}
339		{
340		des.no-kdc-md5.client-md4-skey
341		des3_krbtgt=0
342		{permitted_enctypes(kdc)=des-cbc-crc}
343		{permitted_enctypes(client)=des-cbc-crc des-cbc-md4}
344		{default_tgs_enctypes(client)=des-cbc-crc des-cbc-md4}
345		{default_tkt_enctypes(client)=des-cbc-md4}
346		{supported_enctypes=des-cbc-crc:normal}
347		{dummy=[verbose -log \
348		"DES TGT, DES enctype, KDC permitting only des-cbc-crc, client requests des-cbc-md4 session key"]}
349		}
350		{
351		all-enctypes
352		des3_krbtgt=1
353		{supported_enctypes=\
354		aes256-cts-hmac-sha1-96:normal aes256-cts-hmac-sha1-96:norealm \
355		aes128-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:norealm \
356		des3-cbc-sha1:normal des3-cbc-sha1:none \
357		des-cbc-md5:normal des-cbc-md4:normal des-cbc-crc:normal \
358		des-cbc-md5:v4 des-cbc-md4:v4 des-cbc-crc:v4 \
359		}
360		{dummy=[verbose -log "DES3 TGT, default enctypes"]}
361		}
362		{
363		aes-tcp
364		mode=tcp
365		des3_krbtgt=0
366		{supported_enctypes=aes256-cts-hmac-sha1-96:normal}
367		{permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
368		{permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
369		{permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
370		{master_key_type=aes256-cts-hmac-sha1-96}
371		{dummy=[verbose -log "AES via TCP"]}
372		}
373		}
374		# {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal }
	193	}
375	194
376	195	# This shouldn't be necessary on dejagnu-1.4 and later, but 1.3 seems
377	196	# to need it because its runtest.exp doesn't deal with PASS at all.

439	258	$tmppwd/kdc-db.ulog \
440	259	$tmppwd/replica-db $tmppwd/replica-db.ok $tmppwd/replica-db.kadm5 $tmppwd/replica-db.kadm5.lock \
441	260	$tmppwd/replica-db~ $tmppwd/replica-db~.ok $tmppwd/replica-db~.kadm5 $tmppwd/replica-db~.kadm5.lock
442		# Creating a new database means we need a new srvtab.
443		file delete $tmppwd/srvtab $tmppwd/cpw_srvtab
	261	# Creating a new database invalidates the keytab and ccache.
	262	file delete $tmppwd/keytab $tmppwd/tkt
444	263	}
445	264
446	265	delete_db

634	453	#
635	454	set envvars_tosave {
636	455	KRB5_CONFIG KRB5CCNAME KRB5_CLIENT_KTNAME KRB5RCACHEDIR KRB5_KDC_PROFILE
	456	GSS_MECH_CONFIG
637	457	}
638	458	set krb5_init_vars [list ]
639	459	# XXX -- fix me later!

671	491	}
672	492
673	493	# get_hostname
674		# This procedure sets the global variale hostname to the local
	494	# This procedure sets the global variable hostname to the local
675	495	# hostname as seen by krb5_sname_to_principal. Returns 1 on success,
676	496	# 0 on failure.
677	497

1017	837	catch "unset orig_krb5rcachedir"
1018	838	}
1019	839
	840	if [ info exists env(GSS_MECH_CONFIG)] {
	841	set orig_gss_mech_config $env(GSS_MECH_CONFIG)
	842	} else {
	843	catch "unset orig_gss_mech_config"
	844	}
	845
1020	846	# setup_kerberos_env
1021	847	# Set the environment variables needed to run Kerberos programs.
1022	848

1047	873	set env(KRB5RCACHEDIR) $tmppwd
1048	874	verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
1049	875
	876	# Direct the GSS library at a nonexistent file in the temporary
	877	# directory, to avoid interference from system configuration.
	878	set env(GSS_MECH_CONFIG) $tmppwd/mech.conf
	879	verbose "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)"
	880
1050	881	# Get the run time environment variables... (including LD_LIBRARY_PATH)
1051	882	setup_runtime_env
1052	883

1069	900	puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)"
1070	901	puts $envfile "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)"
1071	902	puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
	903	puts $envfile "GSS_MECH_CONFIG=$env(GSS_MECH_CONFIG)"
1072	904	if [info exists env(KRB5_KDC_PROFILE)] {
1073	905	puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)"
1074	906	} else {

1076	908	}
1077	909	puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR"
1078	910	puts $envfile "export KRB5_KDC_PROFILE KRB5_CLIENT_KTNAME"
	911	puts $envfile "export GSS_MECH_CONFIG"
1079	912	foreach i $krb5_init_vars {
1080	913	regexp "^(\[^=\])=(.)" $i foo evar evalue
1081	914	puts $envfile "$evar=$env($evar)"

1089	922	puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)"
1090	923	puts $envfile "setenv KRB5_CLIENT_KTNAME $env(KRB5_CLIENT_KTNAME)"
1091	924	puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)"
	925	puts $envfile "setenv GSS_MECH_CONFIG $env(GSS_MECH_CONFIG)"
1092	926	if [info exists env(KRB5_KDC_PROFILE)] {
1093	927	puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)"
1094	928	} else {

1111	945	global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY
1112	946	global tmppwd hostname
1113	947	global spawn_id
1114		global des3_krbtgt tgt_support_desmd5
	948	global des3_krbtgt
1115	949	global multipass_name last_passname_db
1116	950
1117	951	set failall 0

1350	1184	}
1351	1185	}
1352	1186	}
1353		if $tgt_support_desmd5 {
1354		# Make TGT support des-cbc-md5
1355		set test "kadmin.local TGT to SUPPORT_DESMD5"
1356		set body {
1357		if $failall {
1358		break
1359		}
1360		spawn $KADMIN_LOCAL -r $REALMNAME
1361		verbose "starting $test"
1362		expect_after $def_exp_after
1363
1364		expect "kadmin.local: "
1365		send "modprinc +support_desmd5 krbtgt/$REALMNAME@$REALMNAME\r"
1366		# It echos...
1367		expect "modprinc +support_desmd5 krbtgt/$REALMNAME@$REALMNAME\r"
1368		expect {
1369		"Principal \"krbtgt/$REALMNAME@$REALMNAME\" modified.\r\n" { }
1370		}
1371		expect "kadmin.local: "
1372		send "quit\r"
1373		expect eof
1374		catch expect_after
1375		if ![check_exit_status kadmin_local] {
1376		break
1377		}
1378		}
1379		set ret [catch $body]
1380		catch "expect eof"
1381		catch expect_after
1382		if $ret {
1383		set failall 1
1384		if $standalone {
1385		fail $test
1386		} else {
1387		delete_db
1388		}
1389		} else {
1390		if $standalone {
1391		pass $test
1392		}
1393		}
1394		}
1395	1187	envstack_pop
1396	1188
1397	1189	# create the admin database lock file

1509	1301
1510	1302	envstack_push
1511	1303	setup_kerberos_env replica
1512		spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
	1304	spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/keytab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
1513	1305	set kpropd_pid [exp_pid]
1514	1306	set kpropd_spawn_id $spawn_id
1515		# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
1516		# spawn_shell
1517	1307	envstack_pop
1518	1308	}
1519	1309

1526	1316	# success, 0 on failure.
1527	1317
1528	1318	proc start_kerberos_daemons { standalone } {
1529		global BINSH
1530	1319	global REALMNAME
1531	1320	global KRB5KDC
1532	1321	global KADMIND

1618	1407	envstack_push
1619	1408	setup_kerberos_env kdc
1620	1409	file delete $kadmind_pidfile
1621		spawn $BINSH -c "exec $KADMIND -r $REALMNAME -W -nofork -P $kadmind_pidfile"
	1410	spawn $KADMIND -r $REALMNAME -W -nofork -P $kadmind_pidfile
1622	1411	envstack_pop
1623	1412	set kadmind_pid [exp_pid]
1624	1413	set kadmind_spawn_id $spawn_id

1858	1647	}
1859	1648	}
1860	1649
1861		# setup_srvtab
1862		# Set up a srvtab file. start_kerberos_daemons and add_random_key
	1650	# setup_keytab
	1651	# Set up a keytab file. start_kerberos_daemons and add_random_key
1863	1652	# $id/$hostname must be called before this procedure. If the
1864	1653	# argument is non-zero, call pass at relevant points. Returns 1 on
1865	1654	# success, 0 on failure. If the id field is not provided, host is used.
1866	1655
1867		proc setup_srvtab { standalone {id host} } {
	1656	proc setup_keytab { standalone {id host} } {
1868	1657	global REALMNAME
1869	1658	global KADMIN_LOCAL
1870	1659	global KEY

1873	1662	global spawn_id
1874	1663	global last_service
1875	1664
1876		if {!$standalone && [file exists $tmppwd/srvtab] && $last_service == $id} {
	1665	if {!$standalone && [file exists $tmppwd/keytab] && $last_service == $id} {
1877	1666	return 1
1878	1667	}
1879	1668
1880		file delete $tmppwd/srvtab $tmppwd/srvtab.old
	1669	file delete $tmppwd/keytab $tmppwd/keytab.old
1881	1670
1882	1671	if ![get_hostname] {
1883	1672	return 0
1884	1673	}
1885	1674
1886		file delete $hostname-new-srvtab
	1675	file delete $hostname-new-keytab
1887	1676
1888	1677	envstack_push
1889	1678	setup_kerberos_env kdc

1891	1680	envstack_pop
1892	1681	expect_after {
1893	1682	-re "(.*)\r\nkadmin.local: " {
1894		fail "kadmin.local srvtab (unmatched output: $expect_out(1,string))"
	1683	fail "kadmin.local keytab (unmatched output: $expect_out(1,string))"
1895	1684	if {!$standalone} {
1896		file delete $tmppwd/srvtab
	1685	file delete $tmppwd/keytab
1897	1686	}
1898	1687	catch "expect_after"
1899	1688	return 0
1900	1689	}
1901	1690	timeout {
1902		fail "kadmin.local srvtab"
	1691	fail "kadmin.local keytab"
1903	1692	if {!$standalone} {
1904		file delete $tmppwd/srvtab
	1693	file delete $tmppwd/keytab
1905	1694	}
1906	1695	catch "expect_after"
1907	1696	return 0
1908	1697	}
1909	1698	eof {
1910		fail "kadmin.local srvtab"
	1699	fail "kadmin.local keytab"
1911	1700	if {!$standalone} {
1912		file delete $tmppwd/srvtab
	1701	file delete $tmppwd/keytab
1913	1702	}
1914	1703	catch "expect_after"
1915	1704	return 0
1916	1705	}
1917	1706	}
1918	1707	expect "kadmin.local: "
1919		send "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r"
1920		expect "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r\n"
	1708	send "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r"
	1709	expect "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r\n"
1921	1710	expect {
1922		-re ".Entry for principal $id/$hostname. added to keytab WRFILE:$hostname-new-srvtab." { }
	1711	-re ".Entry for principal $id/$hostname. added to keytab WRFILE:$hostname-new-keytab." { }
1923	1712	-re "\r\nkadmin.local: " {
1924	1713	if {$standalone} {
1925		fail "kadmin.local srvtab"
	1714	fail "kadmin.local keytab"
1926	1715	} else {
1927		file delete $tmppwd/srvtab
	1716	file delete $tmppwd/keytab
1928	1717	}
1929	1718	catch expect_after
1930	1719	return 0

1934	1723	send "quit\r"
1935	1724	expect eof
1936	1725	catch expect_after
1937		if ![check_exit_status "kadmin.local srvtab"] {
	1726	if ![check_exit_status "kadmin.local keytab"] {
1938	1727	if {!$standalone} {
1939		file delete $tmppwd/srvtab
1940		}
1941		return 0
1942		}
1943
1944		catch "exec mv -f $hostname-new-srvtab $tmppwd/srvtab" exec_output
	1728	file delete $tmppwd/keytab
	1729	}
	1730	return 0
	1731	}
	1732
	1733	catch "exec mv -f $hostname-new-keytab $tmppwd/keytab" exec_output
1945	1734	if ![string match "" $exec_output] {
1946	1735	verbose -log "$exec_output"
1947		perror "can't mv new srvtab"
	1736	perror "can't mv new keytab"
1948	1737	return 0
1949	1738	}
1950	1739
1951	1740	if {$standalone} {
1952		pass "kadmin.local srvtab"
1953		}
1954
1955		# Make the srvtab file globally readable in case we are using a
1956		# root shell and the srvtab is NFS mounted.
1957		catch "exec chmod a+r $tmppwd/srvtab"
	1741	pass "kadmin.local keytab"
	1742	}
	1743
	1744	# Make the keytab file globally readable in case we are using a
	1745	# root shell and the keytab is NFS mounted.
	1746	catch "exec chmod a+r $tmppwd/keytab"
1958	1747
1959	1748	# Remember what we just extracted
1960	1749	set last_service $id

+4

-4

src/tests/dejagnu/krb-standalone/gssapi.exp less more

237	237	perror "failed to set up gssservice/$hostname key"
238	238	}
239	239
240		# Use kdb5_edit to create a srvtab entry for gssservice
241		if ![setup_srvtab 0 gssservice] {
242		perror "failed to set up gssservice srvtab"
	240	# Use kdb5_edit to create a keytab entry for gssservice
	241	if ![setup_keytab 0 gssservice] {
	242	perror "failed to set up gssservice keytab"
243	243	}
244	244
245	245	catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"

277	277	#
278	278	# set KRB5CCNAME and KRB5_KTNAME
279	279	#
280		set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
	280	set env(KRB5_KTNAME) FILE:$tmppwd/keytab
281	281	verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
282	282
283	283	# Now start the gss-server.

+1

-47

src/tests/dejagnu/krb-standalone/kadmin.exp less more

456	456	expect -re "assword\[^\r\n\]: " {
457	457	send "adminpass$KEY\r"
458	458	}
459		# expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:$tmppwd/keytab."
460	459	expect_after
461	460	expect eof
462	461	set k_stat [wait -i $spawn_id]
463	462	verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
464	463	catch "close -i $spawn_id"
465		catch "exec rm -f $instance-new-srvtab"
	464	catch "exec rm -f $instance-new-keytab"
466	465	pass "kadmin xst $instance $name"
467	466	return 1
468	467	}
469
470		#++
471		# kadmin_extractv4 - Test extract service key in v4 format function of
472		# kadmin.
473		#
474		# Extracts service key for service name $name instance $instance in version
475		# 4 format. Returns 1 on success.
476		#--
477		#proc kadmin_extractv4 { instance name } {
478		# global REALMNAME
479		# global KADMIN
480		# global KEY
481		# global spawn_id
482		#
483		# spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst4 $instance $name"
484		# expect_after {
485		# "Cannot contact any KDC" {
486		# fail "kadmin xst4 $instance $name lost KDC"
487		# catch "expect_after"
488		# return 0
489		# }
490		# timeout {
491		# fail "kadmin xst4 $instance $name"
492		# catch "expect_after"
493		# return 0
494		# }
495		# eof {
496		# fail "kadmin xst4 $instance $name"
497		# catch "expect_after"
498		# return 0
499		# }
500		# }
501		# expect -re "assword\[^\r\n\]: " {
502		# send "adminpass$KEY\r"
503		# }
504		# expect "extracted entry $name to key table $instance-new-v4-srvtab"
505		# expect_after
506		# expect eof
507		# set k_stat [wait -i $spawn_id]
508		# verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
509		# catch "close -i $spawn_id"
510		# catch "exec rm -f $instance-new-v4-srvtab"
511		# pass "kadmin xst4 $instance $name"
512		# return 1
513		#}
514	468
515	469	#++
516	470	# kadmin_delete - Test delete principal function of kadmin.

+3

-3

src/tests/dejagnu/krb-standalone/kprop.exp less more

71	71	fail "kprop (host key)"
72	72	return
73	73	}
74		if ![setup_srvtab 0] {
75		fail "kprop (srvtab)"
	74	if ![setup_keytab 0] {
	75	fail "kprop (keytab)"
76	76	return
77	77	}
78	78

98	98	sleep 1
99	99
100	100	# Try a propagation.
101		spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/srvtab $hostname
	101	spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname
102	102	expect eof
103	103	set kprop_exit [check_exit_status "kprop (exit status)"]
104	104	# log output for debugging

+4

-4

src/tests/dejagnu/krb-standalone/sample.exp less more

41	41	# if inetd = 0, then we are running stand-alone
42	42	if !{$inetd} {
43	43	# Start the sserver
44		spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
	44	spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
45	45	set sserver_pid [exp_pid]
46	46	set sserver_spawn_id $spawn_id
47	47

51	51	sleep 2
52	52	} else {
53	53	# Start the sserver
54		spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/srvtab
	54	spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/keytab
55	55	set sserver_pid [exp_pid]
56	56	set sserver_spawn_id $spawn_id
57	57

165	165	return
166	166	}
167	167
168		# Use ksrvutil to create a srvtab entry for sample
169		if ![setup_srvtab 1 sample] {
	168	# Use ksrvutil to create a keytab entry for sample
	169	if ![setup_keytab 1 sample] {
170	170	return
171	171	}
172	172

+3

-3

src/tests/dejagnu/krb-standalone/simple.exp less more

39	39	global portbase
40	40
41	41	# Start the sim_server
42		spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
	42	spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
43	43	set sim_server_pid [exp_pid]
44	44	set sim_server_spawn_id $spawn_id
45	45

178	178	return
179	179	}
180	180
181		# Use ksrvutil to create a srvtab entry for sample
182		if ![setup_srvtab 1 sample] {
	181	# Use ksrvutil to create a keytab entry for sample
	182	if ![setup_keytab 1 sample] {
183	183	return
184	184	}
185	185

+2

-2

src/tests/dejagnu/krb-standalone/standalone.exp less more

165	165	verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
166	166	catch "close -i $spawn_id"
167	167
168		# Use ksrvutil to create a srvtab entry.
169		if ![setup_srvtab 1] {
	168	# Use ksrvutil to create a keytab entry.
	169	if ![setup_keytab 1] {
170	170	return
171	171	}
172	172

+0

-5

src/tests/dejagnu/krb-standalone/tcp.exp less more

31	31	if ![add_random_key host/$hostname 1] {
32	32	return
33	33	}
34
35		# Use ksrvutil to create a srvtab entry.
36		# if ![setup_srvtab 1] {
37		# return
38		# }
39	34
40	35	# Use kinit to get a ticket.
41	36	if ![kinit krbtest/admin adminpass$KEY 1] {

+16

-16

src/tests/dejagnu/pkinit-certs/ca.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMFoXDTI4MDgwNzE4MzIxMFowgacxCzAJ
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowgacxCzAJ
6	6	BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
7	7	cmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtl
8	8	cmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBk
9	9	byBub3QgdXNlIG90aGVyd2lzZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
10		ggEBAL8HFT/+Uia/TcSFIJJd7Z7ZFvMOYLhEkCyqRhW1ggDp0xrIAoh/fyxq4qId
11		S8f7Aurf39kzyS9NtDD2snKwfoLaZpunIXNLCujrlrqdhKsZdtl8aYLmjIhTLu4r
12		rN5WZIRQULbkLiuqc6ZFOjOZxkR0NkC/CyfQTJO5a2TaMrweLswmY0k5KlAoevps
13		h+LPXsLC66sqgYuWDD8c1Z9GlI8dW2abRPt+WUKskEgHqYJrCkjvPIZgS7UDAzpU
14		OCXopDDr/qQ9dnAYzt98r/pCx621/2R4JttZbdsXQDbQaHhV69iJqACqZB0lLyKO
15		Ka4Y2U5zy3++t6pd3oGlWCr96D0CAwEAAaOCARgwggEUMB0GA1UdDgQWBBSvEuBX
16		VNKtIomCkLcxpsKp9Ag9qzCB1AYDVR0jBIHMMIHJgBSvEuBXVNKtIomCkLcxpsKp
17		9Ag9q6GBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
	10	ggEBAL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4
	11	N3fYZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3
	12	t/2PtY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxI
	13	kjby4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514j
	14	xo1luZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9Y
	15	gfSjuWOLCx7PZ3l0J3Joba+pcxECAwEAAaOCARgwggEUMB0GA1UdDgQWBBRsTf69
	16	b/J43+2sVy3nOfj8nmyOFjCB1AYDVR0jBIHMMIHJgBRsTf69b/J43+2sVy3nOfj8
	17	nmyOFqGBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
18	18	dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoGA1UECgwDTUlUMSkwJwYDVQQLDCBJ
19	19	bnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVzdCBDQTEzMDEGA1UEAwwqcGtpbml0
20	20	IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQE
21		AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQArUoCjqxsY
22		/m3nx/5BQSkBAL4T5RgWIX+L4y4GXloYYlafpw+SxRq0QffFm5fpCJBnMd21MbPl
23		k/YA+oq0/76cKyQmJ6h/Wl4KHCKKMmvGuhCEXzmrevk/EJ8lJXNdPfbBueAuLeyU
24		7X9tO8i9fJ59AZ9YWD9d//puOF+8xeHPxJIxHcR2jHpUOJPtm4yVu1LreHiJJTu4
25		Xotp9yMpJu/uJM3aBKVS5N/5JreraLj9N6N8nZ/7nEw9Dj1zzGHcHCcqtcxz1oOH
26		Zbg5Jo8HhVhIHxKdKLvwEk60P+lkGFIE+IUmhWfcbbprTGs7VhxREwxaWyCapCOk
27		qlhbJdEcjHr2
	21	AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGdouyTbxO
	22	bnyMr6hEDnMLRrSqwozfLGnfJIrUxvwtn/9UAlFuCpnfNi1xQkwimW8zXOHlCoAF
	23	fpeE7zpotmN6xbg2u98J9QOo7vGfoADvVgiZaDMq+Tv52ZG0OtbzTe/LyCXnjanM
	24	G+Rgjhbmy2HW1orghyDUa5Qy9ISv4d72yOKGVjK8xxItnf9i7tRARVqqJk5p81QD
	25	WOBc7FUZNj5jYw38YPHqmZtwlr1DhCNeXwVi5GpwPrYwFAaqGuTnspfkpcDA8wEm
	26	iVvs7Gy69C0zy4Yz2I9ZzsDjmTV8PyZdMaZIhhpBHjQmBm+Pol/q5BubjFeAsPSU
	27	/YaKjpqk1jNg
28	28	-----END CERTIFICATE-----

src/tests/dejagnu/pkinit-certs/generic.p12 less more

Binary diff not shown

+13

-13

src/tests/dejagnu/pkinit-certs/generic.pem less more

2	2	VQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoM
3	3	A01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0Ex
4	4	MzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVy
5		d2lzZTAeFw0xNzA4MjUxODMyMTFaFw0yODA4MDcxODMyMTFaMEoxCzAJBgNVBAYT
	5	d2lzZTAeFw0xOTAyMTgwMDI1NTZaFw0zMDAxMzEwMDI1NTZaMEoxCzAJBgNVBAYT
6	6	AlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNP
7	7	TTENMAsGA1UEAwwEdXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
8		AL8HFT/+Uia/TcSFIJJd7Z7ZFvMOYLhEkCyqRhW1ggDp0xrIAoh/fyxq4qIdS8f7
9		Aurf39kzyS9NtDD2snKwfoLaZpunIXNLCujrlrqdhKsZdtl8aYLmjIhTLu4rrN5W
10		ZIRQULbkLiuqc6ZFOjOZxkR0NkC/CyfQTJO5a2TaMrweLswmY0k5KlAoevpsh+LP
11		XsLC66sqgYuWDD8c1Z9GlI8dW2abRPt+WUKskEgHqYJrCkjvPIZgS7UDAzpUOCXo
12		pDDr/qQ9dnAYzt98r/pCx621/2R4JttZbdsXQDbQaHhV69iJqACqZB0lLyKOKa4Y
13		2U5zy3++t6pd3oGlWCr96D0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAniIG+xJ
14		6rXbrH2kt40GE58fFzrIlzhG4VzncNnpFitvPEMzN0kMa5LBX5/zSYiMawQBQ7C0
15		FpCjz+n82VVW8iabCNoqUUNwOP7ZYmsoraHT9klSak/mLfAXOyOG3DUV9jntivnl
16		HUIiDO7Pf6GnVVROio9psQEVOX1+W1uq9Vs79+F5GI/s0QR9dG0qXvdJ0h5UdVee
17		8LVXQOi3cQKyBOwECwt0HA0pJwwcD6w9e8Y2NYTeOTamWGQVEV3NlcvtdSVuDJ8y
18		lTke2YbEKyHdcsQ1vrDHtdyfEmJcgO5c9EL5ptYJB7Yv1QiwWJOhLdT13IBYvOtO
19		ebOF6zAD73Bpkw==
	8	AL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4N3fY
	9	ZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3t/2P
	10	tY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxIkjby
	11	4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514jxo1l
	12	uZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9YgfSj
	13	uWOLCx7PZ3l0J3Joba+pcxECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAevA9z6cL
	14	a+qiNfp4ssOo3ub87vrQZnayulbrU9rcRoVuqFZGbIvH7+dbQwZE34RP/R1N/ZCR
	15	ElaU6VNqnMYv/1pqzGnk59b7Z00hiOSblfifPt7IM+uHZRUGrgQ37dC7SyHvjSi7
	16	kZsSCJRc6Fjv6O/qBBp2jui1B9ZBWXQ+FBmX6YMdD/VYiD1ivpacd9YueLrHnzCm
	17	iIM5V/uBAiUZHLoFhkhtWDMvRBJLNHqP2zWGffg4K7jKsCriAfCcp+VUfXRAZelo
	18	Hp1C5HFLID0UIXvSStOnhtM1HuQAROJS9eqqz6E4irl2ujxT8vEfbZFHDpD+Cdy1
	19	MgVZAqL7rPjILA==
20	20	-----END CERTIFICATE-----

+17

-17

src/tests/dejagnu/pkinit-certs/kdc.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMFoXDTI4MDgwNzE4MzIxMFowSTELMAkG
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSTELMAkG
6	6	A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
7	7	U1QuQ09NMQwwCgYDVQQDDANLREMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
8		AoIBAQC/BxU//lImv03EhSCSXe2e2RbzDmC4RJAsqkYVtYIA6dMayAKIf38sauKi
9		HUvH+wLq39/ZM8kvTbQw9rJysH6C2mabpyFzSwro65a6nYSrGXbZfGmC5oyIUy7u
10		K6zeVmSEUFC25C4rqnOmRTozmcZEdDZAvwsn0EyTuWtk2jK8Hi7MJmNJOSpQKHr6
11		bIfiz17CwuurKoGLlgw/HNWfRpSPHVtmm0T7fllCrJBIB6mCawpI7zyGYEu1AwM6
12		VDgl6KQw6/6kPXZwGM7ffK/6Qsettf9keCbbWW3bF0A20Gh4VevYiagAqmQdJS8i
13		jimuGNlOc8t/vreqXd6BpVgq/eg9AgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQUrxLg
14		V1TSrSKJgpC3MabCqfQIPaswgdQGA1UdIwSBzDCByYAUrxLgV1TSrSKJgpC3MabC
15		qfQIPauhga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl
	8	AoIBAQC+rp5nsKKB/l0fbb4+VbcA/rlMnfmCAbHlo0GX5eOO6nZjWod7aj+lQgRq
	9	+Dd32Ga6zyi+wkS5bGxfKj+dq+lJxI1RsFbmKDaOBKbNA4DUu/l3Mb4mAXvUQjyR
	10	97f9j7WOza52luwP4eO9TdCBk48M7nXiAYsS3xSnJ/Ka8EHPuiEOk890YP+Fwkxc
	11	SJI28uFVsigQ1jqXmt4DzPXb0ez4lbJwnwiZRQfvZu3pw/fjxa4ntFDO3s2sGede
	12	I8aNZbmX17BSQ6QemYt4gAPIDc1QBdgjjTCEmQ5Q+G0xbY+fMz0JgoWkJWHhIrHv
	13	WIH0o7ljiwsez2d5dCdyaG2vqXMRAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQUbE3+
	14	vW/yeN/trFct5zn4/J5sjhYwgdQGA1UdIwSBzDCByYAUbE3+vW/yeN/trFct5zn4
	15	/J5sjhahga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl
16	16	dHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwg
17	17	SW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5p
18	18	dCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZYIBATALBgNVHQ8E
19	19	BAMCA+gwDAYDVR0TAQH/BAIwADBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgDRsL
20		S1JCVEVTVC5DT02hIDAeoAMCAQGhFzAVGwZrcmJ0Z3QbC0tSQlRFU1QuQ09NMBIG
21		A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBAFMX7ZTpNPdzFwkE
22		hrab7fSDeoG+mN0yorY8e5Evx6sE7pXOtHgHIjQY2Ys0lk2mhbsIKptL/R6jTxWR
23		rbmU6jFNFeJgn5ba3NWdhlUiZ8WKe2knp6uc9ZDIK007XaKA4rRoHlJ3vHXoF+ga
24		JFOYwRzCtAlmsOCQ0UetoC3Ju6Y6NhCXIE8f81dsh6RMADoQT0n/fcLY/JtbbLXK
25		ANTIWHm0oSX9wvOU/yZkYGuwcPd91cc6Mea8f3J8D/OiatMZXc3719extmeR6Cv6
26		aba31kv9wtbxVuxkR7HhjlJhzhqfzfIp3tNREaIxPb/qKGWBOjwxGRqSUkdEqMvD
27		GjaSlyc=
	20	S1JCVEVTVC5DT02hIDAeoAMCAQKhFzAVGwZrcmJ0Z3QbC0tSQlRFU1QuQ09NMBIG
	21	A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBACoRg0+LnZehgdfM
	22	xy/zTXj3kH30W++NTErQAOEEOm8KscaWIF/GXNDX9G+C4tvT/LN3vHCd+hnGgvTr
	23	kkJlyYtLZZgkv7sa1PQW3yozhjOPRzdjiXitV6RsE4ujzwbcr3Zd0twZnf7nDbIt
	24	HmgjQJF5EMUprgPc1M3xdRVvi5FP/rvoUV03eI5/EmyvJ2046XfTD45pQgJdCWnO
	25	+KsFpaUIH6u4neWU4UdBxAsgo0/20pDYNM8GgPXY76wRi9yZ1Fgg2gJTS7QMpgyp
	26	ux0vuwbq3iuo4VFMhNyGmR2NeCF7OGUPSmjD/pCck9Vzk7Q7ainv58PHAyXIhM0E
	27	C+aVsEk=
28	28	-----END CERTIFICATE-----

+2

-1

src/tests/dejagnu/pkinit-certs/make-certs.sh less more

0	0	#!/bin/sh -e
1	1
2	2	NAMETYPE=1
	3	KRBTGT_NAMETYPE=2
3	4	KEYSIZE=2048
4	5	DAYS=4000
5	6	REALM=KRBTEST.COM

53	54	1.component=GeneralString:$REALM
54	55
55	56	[princ_kdc]
56		nametype=EXPLICIT:0,INTEGER:$NAMETYPE
	57	nametype=EXPLICIT:0,INTEGER:$KRBTGT_NAMETYPE
57	58	components=EXPLICIT:1,SEQUENCE:components_kdc
58	59
59	60	[krb5princ_kdc]

+26

-26

src/tests/dejagnu/pkinit-certs/privkey-enc.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1	1	Proc-Type: 4,ENCRYPTED
2		DEK-Info: DES-EDE3-CBC,7DF54DB740F92845
	2	DEK-Info: DES-EDE3-CBC,9F0F79BAC91A7D02
3	3
4		3I3F5dJkYmjX49YRQub+AzWPOJock699vQZV3oxcAabcZWtLVbQ75QBXXBPEtm3j
5		LAqb3gRxfETHNHsSIEwGtN3rYre1UdKs3Bu9ROQNTvlbCwRdss3JA1kGhJu2o5bu
6		hf5sjpfR+ivf2prJ4whfhb4+efCHE0Ll669V33D2kbPKX0VCokkRmxsIoVtHd2qu
7		d1HM/EkjxrOy/GHZ+93mkSeWC4hz56VL5ApGOV4wHuphdvKy121mU0mjtQRKF2El
8		N7DtM9/AIAkLPx5wxrTJXuELd+BBDPbRMwmvgqCX1m8sJLJT2fBzVKRKWexowp7T
9		d3j9hT+kMiWCTgd4vJ+i/KPkK460Cy9PzFrzCtWut4jh6rZ+F9Tdp1g4Np0ygWAg
10		q9tV4RC7ylW0DeseRTXTLuohngfu0h7mXuhutr1Xmq+SoRuhBllZyexV4jJMc1kZ
11		2nv9RJ+h7mCAQbLSVvWCZpngfK2IcZhi4hfNiiQ/wqc6rE3eaBIR9E60kaCeBpWB
12		rxZm4VHOrwJw0GsaCRLQez1F65Ulk4TA+7TYJWnW/MGrvBptuBamwxk28Ts6eOee
13		RVwb/AdY4QBVJKKT+/e3Lfy409evmdTAA2N+tbYzALC1cH4ex4sO0BifaLmKo3t1
14		fC2FLna4P9F17bbjcS1lSWVJKodofUEt4H03X7LaMhwe+sLRuKBIoTH2nLPHLIYg
15		B8NO1yFiJPFL0a8fi9kG8JJlCPkASQC5vcYg6BE40b7h7T4qw0HmkuH3i6TX6bsG
16		nQlryJ2BfQM+IT3MTEh/T1iHPZcTwFLPF9HMnZ/ydL/nM2kElF6YfMClFvuDGULQ
17		zmsvG4D/ndSisapJQeoevAwtCHybh8/3cy8CoAjBE9C1JlHOvP2+64rzvFVUAKfa
18		z5aZQQJKcdXcKcM8u8PgEyCN5x5tBqWQjSHR904k25KRkePAh8SoiSDuNQPwtzbB
19		RHesvkaSXuUaN7q1+oJzeQvzO8i79ud0Diu5y2KePrlB4HBSWCuWmvz9U+WvGBiw
20		KpEUAp/YpkqB1as4IUBDNjV1Y77cyUZ+/8EkPgAvB9wltCCAyQ5xi1h70cDJdabj
21		swabRD5JV1JLalFMDrOeOPZh1heaTNHXV8f7m8rMVeYVzVTM1JoQLlvKxcc3LVfN
22		9RLn/vTN7Ox//+385UiozC/PAo/Cep6Z1Wz+cwsd62HH0LVimVt2mrmHRKY983cw
23		U6cZyhvcTB5UOdJdhwbHfnxQipWRu//XRYY/yVdB6W2J4Gzh//adJfKOmHd8+cB+
24		y8Q1yZP3diTGkhyY9pkXS7Gv2Q9mcXlMJtoyb7rqBIL/osVTKdsZn7Cj6ZYB6ftF
25		+hKQKNs/bKXYs3PF09UOInfUf57pENSr1AQBQceAisAsr8znRYsFlpqZ5L8G6um7
26		XBneZ1RBj41wheB8g3kL6hj2UrXrE2rxDAw175a3BaxP/Wc2JgGcBWyJTVcZ35Ab
27		f24UNlrfcJdgEFETEiy12WY2VaqJCSY3J6YSimHDbffX+ku8QgU1shZf9z8K1l1A
28		OJQzbjlxPZT/k4cfw/Xi0rHdgWGcmL7tKLkTcrG/AixdEoI9KCSlQGSksI8CfFmj
	4	LiK+0vY3CKK7z7q/0576K/zcR/OzmiDMLdjQEN/en8Wk9fq9LkjbZ7xbnS5eNlZA
	5	6McUX32M5MvfJE5tVPcijdlenKg3LEVQh91Omb63DT9TJaM2I+zIwKmFS8l1qqbB
	6	tO5T3qChaHJ+vnmH24Ukn9wMZ/AgV7X0aSeIJ89B+kgYyBkfoh//h64dlWgqcd+L
	7	4+wo6azx6k9feFV2/WwdmEG+etMS4iw3kw7jdRVG6G1himsXc9AL35TD1CKX/OAj
	8	InMgrMaWmf7w8rO5LBNUj4i/lBjNjqElBRGZnfCmSpyoERDWv5JEBuSYjZaP6iPq
	9	XAisHkJmfubN9omah/y5aNsJ8jbMjZDhBxdzA1mGuteKfnkckOgZ1YXvAZGXGxd4
	10	cGFzVmRwgnktsycVGpAy2P1wnOdTgo+FUkMpRIwPc1EfiPiOscUTNyZKnkNbTBk0
	11	l51QXXvLaZaL/Q/9mF+QfdiBDXLtxu2ZU+miA7/srJSdSxqp1UQH9kO8t0UFv4tT
	12	Mc4JilR4W0+IxjTFvBqirpf64MJ6rL2f0ZdJ6k9l7nBnaIeT4G7KXhR3t0YbGqyK
	13	kOTeUibfdgMlj66R+KHg0mlDI6E5rM/1L5GchsKIsbJs4TgD1+fcEvJMTB1XCtWM
	14	usY3Y/JChquKbWngFrzqidcab0xO+RsFaxboMd/RoW3bsDOIiOmf+PQfPjXFpP23
	15	I3Plrm9DczQTbClt5YacW6g/aboMCHhjbCh8nBSEc5u0CssqmtHe2PST9XZZ/1ny
	16	t480up13b3rMX3QWr74gRQ4vGsBxmCbN1DdkglJYZzYtIoTH5qAeUk7oRrRCW8wj
	17	YkODoLLsb/1lJKHHlq8lj0h/ygn3aaYlmdXrXoPdnld0RwaS/35KjNZy6A6UEDGt
	18	z91615joi/m+V4GQr/OrJ+gWKp19Rs7qUViNPY/RkvdmWAlH7uz+kmo8hK5IeshD
	19	iWhZ179XIkX0YeeB8r2sRkO2qecVzRxhRtBFVt0MpuDUW3pZ+A6pB7utrKn2//TD
	20	ZqWbwpdVdolWjru5iDt88nLxXHEGSs7GprH2iL3/aNsOJ6BrUwNVx52YBEGeNhFW
	21	mH+E8nLQDaGgB68UnQUMzktrkmv2baAsPK1oQLDJSzN9nbhyE4ETiN2Ok1Kso30b
	22	fDRDUB3SbXldWUXtVmu+NzO8pJVFpQ1StXpWimrwjWB3Kbi8bs2VYai7+B4mTXYy
	23	8AVthJNuOnlvSB+FYMOaW9PrmuahgXT0wjsV2hkP+qe6mzj0AQHFpFJRuCtGuRog
	24	spA2SgQvMO4cceJ3cxh1p5Z2/s+oC3V3ikDSDvmcpU/4FF5H/4Th44RSmXABcr7L
	25	HFbYYKbJjfwlYh48feS7sJMAFlU41al8vCIJneNF8hSSFM05icZVBzqjDjzXHwb4
	26	kBvrIOtDf/CVZK9AzykvJRROIFI+2ifa+gPmTZ1Xgv0aqO8ibLSU8v2vx5RX2BCO
	27	Jq+lmYEr6PZn2X5C3iqE+xvdTz7Sh0+Ilq/lE4DEJqr4NtZaGxXBwFNixLHJlXfI
	28	u/LmbffnBsu2hf9zPxsmcm5yCqa9+XKtWNhx5PEcQsee6PXyGX/GHtek4pBOv/dd
29	29	-----END RSA PRIVATE KEY-----

+25

-25

src/tests/dejagnu/pkinit-certs/privkey.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpAIBAAKCAQEAvwcVP/5SJr9NxIUgkl3tntkW8w5guESQLKpGFbWCAOnTGsgC
2		iH9/LGrioh1Lx/sC6t/f2TPJL020MPaycrB+gtpmm6chc0sK6OuWup2Eqxl22Xxp
3		guaMiFMu7ius3lZkhFBQtuQuK6pzpkU6M5nGRHQ2QL8LJ9BMk7lrZNoyvB4uzCZj
4		STkqUCh6+myH4s9ewsLrqyqBi5YMPxzVn0aUjx1bZptE+35ZQqyQSAepgmsKSO88
5		hmBLtQMDOlQ4JeikMOv+pD12cBjO33yv+kLHrbX/ZHgm21lt2xdANtBoeFXr2Imo
6		AKpkHSUvIo4prhjZTnPLf763ql3egaVYKv3oPQIDAQABAoIBAEe7ACa8d9qm4SvX
7		FYkAjjakq/JuxrDKxhyPf6utMXjoVGXtDs50matzI1DekVMxlUHe+O5VfMkvc2cj
8		a5SXY5n9KqRuGKhzWFBoDnxao7Of5zn5dqE5szGJksjKS6pdZHcutXBHtHKfGbgo
9		rJctuf6AaNLdKfI0TFz4NjRznrN2NyFQGhXzPpq34Qm3Rg91hVlU3A8FYjE7ez6b
10		vlJBsbKqnvzxEQMWTk0z0bWC79zE1ElH3Hpwfwb2cG7H4EXf0j6N5k2zODg7C45I
11		xWtlES+OpZqdDH6mKFBQojU375j6rb2plZGkTA+qxX9GvG7GsF5aOM6Wkge7SUeT
12		NUY2lB0CgYEA83u0TtxCMye1p+ykZwQdcEKR+l4aSjNsM2V2s8Zy4eZseR7f5fgZ
13		71ggIpzK9pjT55OiYJOwsEkZAPB0gBgiEcqJgow52w3Hg8sUU5LBEahUpx3Qm64W
14		64WNIOL9oVXYQu1S/yJ3iWPMQcH1xIlDtPPC1LH+yHyEOnGe4szIeccCgYEAyNkN
15		K2JEbbfK7Wsh3/MOtx5KCkzJzFClTSQZ55IxRUf+myauljKt+kI99jYV6eoicAJv
16		SMHQeYurLtSkhuyptAHUqo5xgH0HZ7cE7LV1nfam2p588Yg21nIId9XLDPK4AvCx
17		Phz1oznaiGMu4jB7esozuW4FKxB1kRmUikM8bdsCgYEA23jMRLFhsr6+jclPP9SD
18		vKck8mtUg0Hq7EEvSEk/UMTlTiA4bhC/P/FNtiVjBfkoOXvoR+mYwK6DLUeRm80l
19		GKhaXySLGhtHllK91b9Y7NOwypqjaVD5M/9EATraqEy7DUjjITsuSNd+TF/LawbX
20		0wpOum5fXNRwVEYKlCFHLA0CgYApr3LeSDzvkK/batrTAj1RoEW5sYpIj4xfYFjI
21		CT2UpYagaPzfS5F0WX9GtJ8Dt4aCPN8f+KnuMCDNTXEAV+o45BBhfcLs6gY5bnDl
22		OBw7NtAWm8JO1viatXwwcvz7qPysD4yZ2aTZxc4ndH5sj6dxKrpliAIml/nuraJ4
23		t8+49QKBgQCxJ7ZDlM9J0quVivSui5aoZ7iLEiu6GSZ5yF1HSNXY69OnqQK3UxMl
24		aERCn/cKqtquJQK3v1IE6k6uAaoM7PXDVKqKSH0Z1Jpqciqjg+J/i7Vym6oCdjer
25		6zt6P7Q13f9X9uUlZBnNrT9jk5WjR9pSpxAc0vU78VKa0lZMZ3bROg==
	1	MIIEpQIBAAKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qH
	2	e2o/pUIEavg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+
	3	JgF71EI8kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPP
	4	dGD/hcJMXEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQ
	5	zt7NrBnnXiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKF
	6	pCVh4SKx71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABAoIBAQC0kY2F6ZnqeeLb
	7	eUQXqXnUYmM877gwacR6DqB15IgadWNI8JitwU6mAx9F4Oo9/lpB+xy9kCAea1Mw
	8	x0RY3kvbxFqDCfcwmtIWqMcAC5o7WgqB2kQTn4IQ3eyX2bqNTkKDCbl1qbO/0oyk
	9	XoTdv8tOVp6hOA7n/wKCzGyMVoor15PhlClBqbrAEIqBQUxfxthWibJXexlyX0ie
	10	MOCmEleQ4zPrQM0cY6yoz3RhM4PVybVSapPMv11czfLPc2o7s5tPgRU+rRSGeoJC
	11	Vp1EsaVVyZtYpNboKNsNojeJOoO3Gq5VRCjHImCa//05hnqBR1LWB+b1dvTRziwV
	12	z4985FBBAoGBAPqbs6bVLL2jDNEEmc+U+gEf5nh4GSlRUeioFDMM1Dd2fDTQAgiM
	13	0XI+a0NgZdjQI6fX3u+j5I9Ss1nfC09MzJsNxyKtjvAkQQsc6VDdZFEfHmC+qeTH
	14	E4oOsD3dEv8dHuopHUbguw9sztsONbF7Bc9fhBr3wU+bO5zrdM/ry3wZAoGBAMLI
	15	2zz+8NISHbSGE7mEJdAUdRyJVYXOp1NTzclgL6B3PD+hm8pCGQEVQa/SdWC6gJqJ
	16	w9sUhC+0chu9i/dl9nnES5hXJqE+fXmAsG+slv0WIATrwMzxWDYPTODe5AvEniIY
	17	RkQ1BDar0G7rcxxomREaPsteYBvh9DlIICgQu425AoGBAIQokjAb4VFMaBjeJULs
	18	HH91VDQZmaNJaDmaUbSuQkfRayTqwPfDUzy9IBHTB0K0WOlNlRqpQoI2qbBuSGeU
	19	Z54pQOfPwT5w0ABNSdlEN3/0Oi/ovG2ScoJuxpCJQlhZAhGYhwD2yI8U4W1x6+zh
	20	pKm8hE04dLBHe8OABAUWIyQZAoGAOUXh4O99U+drwJbj2dqXW7WIMdnXwb5fyMqN
	21	abbUijRFDNix/CivPXhIljAlv0lXYxk684H21CgUnT+Alj/u1yL2r1aAz0yWjFFg
	22	j5WJ1+TXiVrgl+Im885P5pbjKuqnLJNCpe+Iy6J9aP/mGuZOi47SA+4+CDTKIMWq
	23	Xt18qFECgYEAhVIGySQMn7u2MB7mywMQ0EQznxHBrFHDPUv0D6QuMvhUv70XUE8e
	24	jVad6Wev3+hTYaoELntMQaW0VmbMrhtP6WmviENkT0eV5CZJgLEVrzGAGtYQOut3
	25	HUO1wgqEEQK9iu4vTPddsUTj/zsXR3SzCBrqGu6p6Xl7YIiecYzACZ8=
26	26	-----END RSA PRIVATE KEY-----

src/tests/dejagnu/pkinit-certs/user-enc.p12 less more

Binary diff not shown

src/tests/dejagnu/pkinit-certs/user-upn.p12 less more

Binary diff not shown

+15

-15

src/tests/dejagnu/pkinit-certs/user-upn.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMVoXDTI4MDgwNzE4MzIxMVowSjELMAkG
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
6	6	A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
7	7	U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
8		CgKCAQEAvwcVP/5SJr9NxIUgkl3tntkW8w5guESQLKpGFbWCAOnTGsgCiH9/LGri
9		oh1Lx/sC6t/f2TPJL020MPaycrB+gtpmm6chc0sK6OuWup2Eqxl22XxpguaMiFMu
10		7ius3lZkhFBQtuQuK6pzpkU6M5nGRHQ2QL8LJ9BMk7lrZNoyvB4uzCZjSTkqUCh6
11		+myH4s9ewsLrqyqBi5YMPxzVn0aUjx1bZptE+35ZQqyQSAepgmsKSO88hmBLtQMD
12		OlQ4JeikMOv+pD12cBjO33yv+kLHrbX/ZHgm21lt2xdANtBoeFXr2ImoAKpkHSUv
13		Io4prhjZTnPLf763ql3egaVYKv3oPQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFK8S
14		4FdU0q0iiYKQtzGmwqn0CD2rMIHUBgNVHSMEgcwwgcmAFK8S4FdU0q0iiYKQtzGm
15		wqn0CD2roYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
	8	CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
	9	avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
	10	kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
	11	XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
	12	XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
	13	71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN
	14	/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
	15	+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
16	16	ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
17	17	IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
18	18	aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
19	19	BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
20	20	EHVzZXJAa3JidGVzdC5jb20wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
21		AQsFAAOCAQEAceeR7lFXkEEjcMGK/mvNOT5zXcq27ipYuV5HBgGGNLqiawc7NTxF
22		ocyZf9HujNOMvBNblTml2GJQ9wmyQesVTGgJFTGORS2sFizICq19jISxrv44cdeF
23		X/KQxNmnviClkL9jfA/6oKU0uSpvUAUet3MmDuo8O7ebVXVEmQdvLrhP9ycHGq8u
24		qG+5qjN4dpf/ejtCCMGGZdUdPxPosoXJzf17hpyt8/YQohKG2igLSy1O68tuHTXb
25		L4yiB52JQdnJfOU1a+vUSk425zMI00MU1aLcDxcjI64kxYBpWflDqn9Ky0N6vA1i
26		OoBZgRFeQSELxUp7SUsK4xO2gPM2w0zzvQ==
	21	AQsFAAOCAQEAeZXuyTRD2XQEcUoOYRXn6V1Glh61eHJ4e5ggp0QmTZoij8Y5YdmV
	22	jt4N8PE1wdXr0f7+a49Zh+YrKt7NZw4HlevYSMIyHVEeLe05zTFYL0w9R1P+16pf
	23	iSLmmwXZXBPX0biQq2wklD71GBFh/FF02uuetA/iPLMXvgfEUnbjVCcLpTc2/ISg
	24	tkGvWXtE06YXwSn3ANbCQPLifUKW2PZ8jGBOLLvslebvvJruWyfFLolkNsyA+ljr
	25	GvWZMxKTOD3LECHvLWFfl7xJsUNqL5qptz0baxeCrmaAdQdHvs4DApxebh1BZGn8
	26	KFV4g+N0Qz28tO0GSEA3cd2JHVz+wWQp7Q==
27	27	-----END CERTIFICATE-----

src/tests/dejagnu/pkinit-certs/user-upn2.p12 less more

Binary diff not shown

+16

-16

src/tests/dejagnu/pkinit-certs/user-upn2.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMVoXDTI4MDgwNzE4MzIxMVowSjELMAkG
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
6	6	A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
7	7	U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
8		CgKCAQEAvwcVP/5SJr9NxIUgkl3tntkW8w5guESQLKpGFbWCAOnTGsgCiH9/LGri
9		oh1Lx/sC6t/f2TPJL020MPaycrB+gtpmm6chc0sK6OuWup2Eqxl22XxpguaMiFMu
10		7ius3lZkhFBQtuQuK6pzpkU6M5nGRHQ2QL8LJ9BMk7lrZNoyvB4uzCZjSTkqUCh6
11		+myH4s9ewsLrqyqBi5YMPxzVn0aUjx1bZptE+35ZQqyQSAepgmsKSO88hmBLtQMD
12		OlQ4JeikMOv+pD12cBjO33yv+kLHrbX/ZHgm21lt2xdANtBoeFXr2ImoAKpkHSUv
13		Io4prhjZTnPLf763ql3egaVYKv3oPQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFK8S
14		4FdU0q0iiYKQtzGmwqn0CD2rMIHUBgNVHSMEgcwwgcmAFK8S4FdU0q0iiYKQtzGm
15		wqn0CD2roYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
	8	CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
	9	avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
	10	kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
	11	XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
	12	XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
	13	71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFGxN
	14	/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
	15	+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
16	16	ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
17	17	IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
18	18	aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
19	19	BAQDAgPoMAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFqAUBgorBgEEAYI3FAIDoAYM
20		BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAkYoU
21		bTCe61BRrB1yw8mIpnXlRrVLV91M8YEr07Jzk4qGfRLXbWf9BnMpxzbU4YVzEifh
22		w6+gYSWGjgq4kDmp6tcY3IDGvzXkglKMAZv2mpFnBa6ZooEQ96tgg9O9G5Lg8Sv0
23		kSkoySJq03xapucEZbhPrtGNHKwB/EDo3T0Iaby+Go9bqkObNfuIFXRXC6HqPBS4
24		khss6cJ+daEE3Yg21QZ1BUlncwYbkCzt+xp3YaHlY41gdaMdF0tn6iRJjANAM2Kg
25		6J45M4GKKT3yo5hJAWIS4lSCZX92g/uiT7BcBhE+vDzi3JuEc1QKajgnza1BMZMG
26		EEIPWkC+Lfg8scWS5g==
	20	BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAWf0/
	21	d0284FjoywSaPpXvy4sJ3N+Ts1bXmM9NtJT+pKDpyMEisNFQ/kqO2UURT+9dZP5o
	22	yzMttuNdi0lJ4W8gXE5CeMDJv1z9HUXl6blDOh7YYdqM9Y6rBIKwZHyFZzSlgGIQ
	23	KHfDbj2dmOJLVPfLZM+MA42G1nmfQPGUMcc4mLp8Xu8x7LXCxJBuXV/gxSEMbLrm
	24	YNj/mXQJhQwYIZdeBZIBUcdU2rD2bMbHcWAs183ddEg3+CSN8fdppsFT1ZX4ZlPk
	25	XGSrv9EYC4GLZpLOtB3FwUQ1TmEDMJqzifY8jcS03UdQ0gKZBm83rVMnXvU01CgA
	26	MI9PN0lFwPEutERN0g==
27	27	-----END CERTIFICATE-----

src/tests/dejagnu/pkinit-certs/user-upn3.p12 less more

Binary diff not shown

+15

-15

src/tests/dejagnu/pkinit-certs/user-upn3.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMVoXDTI4MDgwNzE4MzIxMVowSjELMAkG
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
6	6	A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
7	7	U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
8		CgKCAQEAvwcVP/5SJr9NxIUgkl3tntkW8w5guESQLKpGFbWCAOnTGsgCiH9/LGri
9		oh1Lx/sC6t/f2TPJL020MPaycrB+gtpmm6chc0sK6OuWup2Eqxl22XxpguaMiFMu
10		7ius3lZkhFBQtuQuK6pzpkU6M5nGRHQ2QL8LJ9BMk7lrZNoyvB4uzCZjSTkqUCh6
11		+myH4s9ewsLrqyqBi5YMPxzVn0aUjx1bZptE+35ZQqyQSAepgmsKSO88hmBLtQMD
12		OlQ4JeikMOv+pD12cBjO33yv+kLHrbX/ZHgm21lt2xdANtBoeFXr2ImoAKpkHSUv
13		Io4prhjZTnPLf763ql3egaVYKv3oPQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFK8S
14		4FdU0q0iiYKQtzGmwqn0CD2rMIHUBgNVHSMEgcwwgcmAFK8S4FdU0q0iiYKQtzGm
15		wqn0CD2roYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
	8	CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
	9	avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
	10	kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
	11	XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
	12	XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
	13	71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN
	14	/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
	15	+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
16	16	ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
17	17	IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
18	18	aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
19	19	BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
20	20	EHVzZXJAS1JCVEVTVC5DT00wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
21		AQsFAAOCAQEAurL26+vQNYFbJNAFJ3yHOt1nwAVO4/OlCtgqzOAq0nBs35HY10Qe
22		y8eRcxrLmm4O/Wy+Rwre2v3pIP0AclvIytDzEm6K3Pgj4yJfUUM3VhnSOlXQP6UG
23		D9Z9pVxNiDeykj5/SzxwOQAmJbPcMx9aRwP9wOLMwUxi5sKHQlL9YUTC1hffhuYY
24		Yccc2dHWd5IyaKaLp9yBVXQryNdVTBYrGA2ZqcwETmcXqU/wCo/Rmf10Ra1sj88X
25		VfTb4Sr0j9RaSKeXRZgbEu6kz9i2WK70dcDke08xRv4xVfrlbXrfIS+Va9WYKxrf
26		Xb0XCkKp32Q0EHqapeJrCcuQtnDMGvncTQ==
	21	AQsFAAOCAQEAF/V+Cx49jH70LMI7S7SGDFWr6/rtYwjJax7RgZN6JZlakd1R6GHa
	22	JHwUMmf67V/R3qVWfThhbKjxumEY+whxiszegDwBZC+fFiYbaQMCIchHkx8vkdmK
	23	ZJ9VznDiA/kp0Ty8JZKG6TMRkkxUo+csEXU4E6TZFZaz9pfPrhxHU21uPbeDeE3h
	24	sUiUqH7oZBjmSS+2OmAu0v4+/Ex0QkqJACvZYNA5zFpgV0Ux/26EQt/bKiYkXYZq
	25	CIWP7cd/MRfNqeqlbUVpKcIkk5WPpuqPVffA+f2B1Al5iJ8o1pzqN+awZBLLZv3F
	26	p1+AeVD5nvWpyHSXmst32OYPPTBL9Yk3uA==
27	27	-----END CERTIFICATE-----

src/tests/dejagnu/pkinit-certs/user.p12 less more

Binary diff not shown

+15

-15

src/tests/dejagnu/pkinit-certs/user.pem less more

2	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
3	3	A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
4	4	dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
5		b3RoZXJ3aXNlMB4XDTE3MDgyNTE4MzIxMVoXDTI4MDgwNzE4MzIxMVowSjELMAkG
	5	b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG
6	6	A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
7	7	U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
8		CgKCAQEAvwcVP/5SJr9NxIUgkl3tntkW8w5guESQLKpGFbWCAOnTGsgCiH9/LGri
9		oh1Lx/sC6t/f2TPJL020MPaycrB+gtpmm6chc0sK6OuWup2Eqxl22XxpguaMiFMu
10		7ius3lZkhFBQtuQuK6pzpkU6M5nGRHQ2QL8LJ9BMk7lrZNoyvB4uzCZjSTkqUCh6
11		+myH4s9ewsLrqyqBi5YMPxzVn0aUjx1bZptE+35ZQqyQSAepgmsKSO88hmBLtQMD
12		OlQ4JeikMOv+pD12cBjO33yv+kLHrbX/ZHgm21lt2xdANtBoeFXr2ImoAKpkHSUv
13		Io4prhjZTnPLf763ql3egaVYKv3oPQIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFK8S
14		4FdU0q0iiYKQtzGmwqn0CD2rMIHUBgNVHSMEgcwwgcmAFK8S4FdU0q0iiYKQtzGm
15		wqn0CD2roYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
	8	CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE
	9	avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8
	10	kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM
	11	XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn
	12	XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx
	13	71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFGxN
	14	/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5
	15	+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
16	16	ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
17	17	IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
18	18	aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
19	19	BAQDAgPoMAwGA1UdEwEB/wQCMAAwOQYDVR0RBDIwMKAuBgYrBgEFAgKgJDAioA0b
20	20	C0tSQlRFU1QuQ09NoREwD6ADAgEBoQgwBhsEdXNlcjASBgNVHSUECzAJBgcrBgEF
21		AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQClwfj6ACfmDie1YoKzr3zSWZJKZimv7wG1
22		iZMNPE6bw22ZmE+P+Vq6WrY5M5e4u7ZdvFmkVq3rUA0HoU6bk3YLGapgsEAG6W1R
23		LVzxwoYDf4poOMqjCL34eLFdlVeRDADiulROE8bJGrPLJIiqeii0c7Kzxxuh5nxl
24		QHDgNV0fHQQJlejgJssOqgGErsCXCq7k6kkqB8MnKVMErRjsYuY3YI2tpjxBq9nA
25		A9dXgIU1zEUVzfpxzBjL9+2pMctbL1y4/ePpTP1+PlfI81TwrQNvMGYjxKNZM1ab
26		lZt37n8GQUZQyZ2TacR4JyY+w20ivE/JPN0L3Ncmem6bO1CULpwO
	21	AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBmEbWERHmV5YfMrOIY36mevch2KJokw9
	22	LXZqnKI4oezajEMwx0Wv+M/Gb4ZuYrfobiHSvfzCPUXyyRVWPr8sFBvDXnoBSlos
	23	g+Y2O8+toyJ8u8gn63SrnPOHCdYkClkDeHI3EzuIcLfgn+Uyg9lkQOjBBNj5O42K
	24	GoTNCuhoB6IAa66JD2u7E7pfBnceSUYP1DTlCK9l+1C+zOAEuG2N8K4n0ZRZbVqd
	25	2euMypjorJwgebOzlk86TNzOb5IP8G6phs7D4tvhe7J6mfJ3tFmGbH8V7jY51iCT
	26	EFQgm39U4J+2uQ0LlEsE3v7wXGW3MLUBY6STcGPwkBrxcmsdKNmy
27	27	-----END CERTIFICATE-----

+26

-26

src/tests/dejagnu/proxy-certs/ca.pem less more

0	0	-----BEGIN CERTIFICATE-----
1		MIIEuzCCA6OgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
2		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
3		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
4		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
5		NDA1MDIxOTA2MDhaFw0yNTA0MTQxOTA2MDhaMIGZMQswCQYDVQQGEwJVUzEWMBQG
6		A1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQwwCgYDVQQK
7		EwNNSVQxIjAgBgNVBAsTGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNV
8		BAMUI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlMIIBIjANBgkq
9		hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6
10		zikHaMrVPjkjXPPUoCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJ
11		IkHtbYKdVsvw9b4INTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtq
12		fpAMOkf5TnS5GtqZFlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1Yd
13		pmlHBGfuwIRIJz5xNw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObS
14		g13QD/itrGoV2gtPzjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABo4IB
15		CjCCAQYwHQYDVR0OBBYEFHO5+DSYzq8rvQhUldyvn0y4AqlHMIHGBgNVHSMEgb4w
16		gbuAFHO5+DSYzq8rvQhUldyvn0y4AqlHoYGfpIGcMIGZMQswCQYDVQQGEwJVUzEW
17		MBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQwwCgYD
18		VQQKEwNNSVQxIjAgBgNVBAsTGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAq
19		BgNVBAMUI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsG
20		A1UdDwQEAwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAM
21		Mf4ptC6WoQBH3GoTfgBL0WlIeYeSFmLO7IaSjpK0FV6F/yF7iPFSXcpmu23m6USY
22		LRSxnAvxFTi+h1S5Za9O2Pjq88R9nHmesg4v8HJqOw4HpkDowYo2lumjIMfAutyR
23		MQUOujYJW1WyZ2PidN5M1exDeMgQN9nVjUCx/WKD9fnzOjOOR1Sc8Us2KpoyccIi
24		A+ABHubCvSO3cln0Sp7qjkssJScZtouzPu8FYiroTIR+1oSIKTpJiik1EptlsTea
25		L6fHTMHspFhZaiUJFHWTBAgn/dT+UkFntHdHGI6HWBThFVW05hKoarBA7N25W7FN
26		AHyfC0lKds4qFiBQkpdi
	1	MIIEuzCCA6OgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	2	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	3	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	4	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	5	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMIGZMQswCQYDVQQGEwJVUzEWMBQG
	6	A1UECAwNTWFzc2FjaHVzZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQK
	7	DANNSVQxIjAgBgNVBAsMGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNV
	8	BAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlMIIBIjANBgkq
	9	hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWK
	10	KayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9
	11	uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTH
	12	EO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9
	13	B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd
	14	3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABo4IB
	15	CjCCAQYwHQYDVR0OBBYEFPf/vJvFMCwrABeCC0sq7RGfYeIiMIHGBgNVHSMEgb4w
	16	gbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGfpIGcMIGZMQswCQYDVQQGEwJVUzEW
	17	MBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYD
	18	VQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAq
	19	BgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsG
	20	A1UdDwQEAwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBz
	21	q/t9amz4ahTFNc0v69NZrfCBgo7DWBHxXuE0Gov2/RBPwP/+Efrd4+1Tl5fSv6We
	22	N/cttEUTTM3Z7wtof3mkSQwkozwWpaHXm31St+0FbTuHNpN4i0Uae5lsO8/pTz/L
	23	VqsVLjGGpkZKP831BO9oJJbwUASNc2dpLs94pojlSlSZzf/u/T+k0wltgZexnQpU
	24	5IrdPIqteB32ym2XjZWSCS29jL3zoZ/y8UAPIOR/Zi77wNCehOuBx2bzc/P6RNLa
	25	CuuPMhDu8PPYVB3rfJInmF5wT5jQ9YX4UUb0qYXDRff5/l26fEjLHQSrA/iMqdIW
	26	dsDwkqTcy1lOjcP3xOMq
27	27	-----END CERTIFICATE-----

+1

-1

src/tests/dejagnu/proxy-certs/make-certs.sh less more

24	24	default_days = $DAYS
25	25	x509_extensions = exts_proxy
26	26	policy = proxyname
27		default_md = sha1
	27	default_md = sha256
28	28	unique_subject = no
29	29	email_in_dn = no
30	30

+48

-48

src/tests/dejagnu/proxy-certs/proxy-badsig.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpQIBAAKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPU
2		oCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4I
3		NTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZ
4		FlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5x
5		Nw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtP
6		zjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABAoIBAQCqvhpeMDXhGgoo
7		Q03wmfrGwPsrMv91aIK1hYrhMPdVs1JAbRYiKh8+pcq07FYa8udRaB4UwkVh/+oM
8		/nEs6niRsl/jjQ2l68TFrnNByroynvr6l9Q/EeGecF6Ygo7lY1OsFhcLQM5vjarS
9		XhxvdU/6hcRmfS8tGRpUaMWqfmpiN3YgJcgt8SoYhiwAYDTMJjNyWC61lO7IqNVR
10		4kntiM24sfAu1sdZynX8Gp2GrpNChapEuhilQ8RayjuStEYr2abcSIjfZFHQXN7o
11		TnjL+AQUzc/ZTXDGnIe9ZzZeFz8UCueeoN6KPxfrq9UUWRL6qt7gOIMdhYR6lFxt
12		6pj6kLhxAoGBAO5DTnTKDfCMY2/AsTzCJvMGSY0bT1rsdDxrpqjrbUSeMHV3s5Lm
13		vEPnnm+05FD/vi99+HZjHXAZFkhA3ubij2qWFPBnQ5YUoh17IW/Ae4bzY2uXikgL
14		tLZ+R+OrcGYQQlvPn//PLsxbfdk5vraqzm08kIX0T4o4Iz8ST5NFJ8hVAoGBAOdB
15		ahXr14563Cjeu0pSQ1nXoz3IXdnDwePXasYhxQHl8Ayk8qZS5pt7r07H3dqq6pvn
16		e09gZINJe47B9UhkR3H5bPyz/kujKS4zqo3Zlbryzm3V0BWqjNj+j8E2YuQKNQr+
17		c480jn2FzwW66w0i3n4U4KUn1w2/iq5AnVzyNkPDAoGAWLYEsyU79XE/4K79DqM3
18		P0r6/afKbw8U5B4syj4FzAOeBU6RNMPmGt5VNkBCtgnSdPpRFTsoDcG5cyN8GrkG
19		Lug8WZoJJwr9pT5gH6yqEX/zZ27f1J1PJpd0CsedLNMm8eonJ2arhPkXrVZ7tKV6
20		AGAJa2agatUmAmi96hZYjpUCgYEA32abJEgsedEIhFb/GYI03ELryRCaUXfCA+gj
21		lvoihn3qE1z5qGGns4adyX5dPRQmBqxtvDXDg+zl9vg6i0+MkXdCqTD8tXcOnjp9
22		RgFvmyVa9FI8beHPpQTuPNncWK3fpho/6pT8Hhi48LEsxwjrZWOnzQSaxQZH46Q6
23		IQNAFt8CgYEAkflxXvA2/2naix+riaBzv5EVJB7ilbfWiWtq2LEAtwrQ5XNFjrtK
24		g45jKrZ/ezAzTfPa5Dwn4xcImd0MIavnJhDu2ATxMGB0GATLlDH2HZvU7UwKLpTW
25		6Hlol4yRcX4GSEOxJ2ZpWYNIOYH0yDf1qLJXs1j8Fi3zWRe+V1kff4w=
	1	MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
	2	kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
	3	e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
	4	SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
	5	j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
	6	zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
	7	HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
	8	q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
	9	zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
	10	ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
	11	21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
	12	YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
	13	1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
	14	AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
	15	47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
	16	RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
	17	lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
	18	tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
	19	hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
	20	5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
	21	yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
	22	vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
	23	CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
	24	X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
	25	Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
26	26	-----END RSA PRIVATE KEY-----
27	27	-----BEGIN CERTIFICATE-----
28		MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
29		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
30		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
31		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
32		NDA1MDIxOTA2MDlaFw0yNTA0MTQxOTA2MDlaME8xCzAJBgNVBAYTAlVTMRYwFAYD
33		VQQIEw1NYXNzYWNodXNldHRzMRQwEgYDVQQKEwtLUkJURVNULkNPTTESMBAGA1UE
34		AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zud
35		npN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPUoCFpWS3eeI4aQFoj93L5
36		MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4INTWqV9/DOODO7UowyMpp
37		mO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZFlrYgZKE8vTC8BxDKM7F
38		YhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5xNw6KIcCy3Q0NNoKnh00W
39		VwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtPzjQgNPfTrjsMvyOWAAFr
40		WVR3QLTxnnmXsqnXvwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFHO5+DSYzq8rvQhU
41		ldyvn0y4AqlHMIHGBgNVHSMEgb4wgbuAFHO5+DSYzq8rvQhUldyvn0y4AqlHoYGf
42		pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAG
43		A1UEBxMJQ2FtYnJpZGdlMQwwCgYDVQQKEwNNSVQxIjAgBgNVBAsTGUluc2VjdXJl
44		IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMUI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
	28	MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	29	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	30	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	31	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	32	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
	33	VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
	34	AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
	35	eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
	36	b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
	37	Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
	38	3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
	39	ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
	40	GDy+ZCKmxf8Zu/8SwwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFPf/vJvFMCwrABeC
	41	C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
	42	pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
	43	A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
	44	IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
45	45	dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMFkG
46	46	A1UdEQRSMFCCFnByb3h5xaB1YmplY3TDhGx0w5FhbWWCE3Byb3h5U3ViamVjdEFs
47	47	dE5hbWWHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDATBgNVHSUE
48		DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAfTctgFjQSaevBi64q7yh
49		GNsK3PqeNEALZz4pSXRbOwm0E4RpYIS7uqg1C4zJ5Zbd4V/dOX7q+T/iBS7gErzS
50		rj21jH3Ggc92TmXzcFxMDCxLV0hO8xFkqg3P4sslJESOHxvEMTTf5s893yUb8vJ/
51		DCvZXXRoRwPot9MFozkmcQcaTNunREWFvn4i4JXcMCSAfWTd+/VkpVsy69u3tj68
52		7G2/K5nalvZikutEC+DyfyBuvDAoxIYzCi3VtQxCalW28Q5hzWV21QsvKTP5QBsh
53		RaU2r0O58lZPPvrOrtWQBCudUgsnoraVLrjJshEQ4z/ZAAAAAAAAAAAAAAAAAAAA
	48	DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAsMRJnxdbnpm5VlCFwNyU
	49	8ra1wCjj+ZH0POVCM4iXQ77bV6UBpcqlaQUvR7R/H1Bt5t3Cp0ycN/dy+RcXtj+5
	50	FA84bRM767rsakxTEwjOjWw6GiK6bGjBfQ4F6Q97ELmiM0OZgmW8D56UHZxrI+o7
	51	QrKWBpFf1UA8n/BmupHBtyW3gudtJS9a71u6lBRydPFqJ4l8YxHckbgPFceSRbRj
	52	x7E2pQVQ0p2nvG/NVyuC+2L29p81KAsG3vPzwOOfr1Tnpl1/B4R0+XEIy33KHpbz
	53	Ceyitz6k16fOVNxMI59W2OACPTQ/s99kygh+cARRPfEUAAAAAAAAAAAAAAAAAAAA
54	54	AA==
55	55	-----END CERTIFICATE-----

+49

-49

src/tests/dejagnu/proxy-certs/proxy-ideal.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpQIBAAKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPU
2		oCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4I
3		NTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZ
4		FlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5x
5		Nw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtP
6		zjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABAoIBAQCqvhpeMDXhGgoo
7		Q03wmfrGwPsrMv91aIK1hYrhMPdVs1JAbRYiKh8+pcq07FYa8udRaB4UwkVh/+oM
8		/nEs6niRsl/jjQ2l68TFrnNByroynvr6l9Q/EeGecF6Ygo7lY1OsFhcLQM5vjarS
9		XhxvdU/6hcRmfS8tGRpUaMWqfmpiN3YgJcgt8SoYhiwAYDTMJjNyWC61lO7IqNVR
10		4kntiM24sfAu1sdZynX8Gp2GrpNChapEuhilQ8RayjuStEYr2abcSIjfZFHQXN7o
11		TnjL+AQUzc/ZTXDGnIe9ZzZeFz8UCueeoN6KPxfrq9UUWRL6qt7gOIMdhYR6lFxt
12		6pj6kLhxAoGBAO5DTnTKDfCMY2/AsTzCJvMGSY0bT1rsdDxrpqjrbUSeMHV3s5Lm
13		vEPnnm+05FD/vi99+HZjHXAZFkhA3ubij2qWFPBnQ5YUoh17IW/Ae4bzY2uXikgL
14		tLZ+R+OrcGYQQlvPn//PLsxbfdk5vraqzm08kIX0T4o4Iz8ST5NFJ8hVAoGBAOdB
15		ahXr14563Cjeu0pSQ1nXoz3IXdnDwePXasYhxQHl8Ayk8qZS5pt7r07H3dqq6pvn
16		e09gZINJe47B9UhkR3H5bPyz/kujKS4zqo3Zlbryzm3V0BWqjNj+j8E2YuQKNQr+
17		c480jn2FzwW66w0i3n4U4KUn1w2/iq5AnVzyNkPDAoGAWLYEsyU79XE/4K79DqM3
18		P0r6/afKbw8U5B4syj4FzAOeBU6RNMPmGt5VNkBCtgnSdPpRFTsoDcG5cyN8GrkG
19		Lug8WZoJJwr9pT5gH6yqEX/zZ27f1J1PJpd0CsedLNMm8eonJ2arhPkXrVZ7tKV6
20		AGAJa2agatUmAmi96hZYjpUCgYEA32abJEgsedEIhFb/GYI03ELryRCaUXfCA+gj
21		lvoihn3qE1z5qGGns4adyX5dPRQmBqxtvDXDg+zl9vg6i0+MkXdCqTD8tXcOnjp9
22		RgFvmyVa9FI8beHPpQTuPNncWK3fpho/6pT8Hhi48LEsxwjrZWOnzQSaxQZH46Q6
23		IQNAFt8CgYEAkflxXvA2/2naix+riaBzv5EVJB7ilbfWiWtq2LEAtwrQ5XNFjrtK
24		g45jKrZ/ezAzTfPa5Dwn4xcImd0MIavnJhDu2ATxMGB0GATLlDH2HZvU7UwKLpTW
25		6Hlol4yRcX4GSEOxJ2ZpWYNIOYH0yDf1qLJXs1j8Fi3zWRe+V1kff4w=
	1	MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
	2	kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
	3	e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
	4	SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
	5	j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
	6	zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
	7	HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
	8	q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
	9	zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
	10	ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
	11	21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
	12	YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
	13	1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
	14	AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
	15	47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
	16	RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
	17	lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
	18	tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
	19	hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
	20	5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
	21	yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
	22	vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
	23	CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
	24	X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
	25	Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
26	26	-----END RSA PRIVATE KEY-----
27	27	-----BEGIN CERTIFICATE-----
28		MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
29		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
30		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
31		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
32		NDA1MDIxOTA2MDlaFw0yNTA0MTQxOTA2MDlaME8xCzAJBgNVBAYTAlVTMRYwFAYD
33		VQQIEw1NYXNzYWNodXNldHRzMRQwEgYDVQQKEwtLUkJURVNULkNPTTESMBAGA1UE
34		AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zud
35		npN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPUoCFpWS3eeI4aQFoj93L5
36		MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4INTWqV9/DOODO7UowyMpp
37		mO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZFlrYgZKE8vTC8BxDKM7F
38		YhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5xNw6KIcCy3Q0NNoKnh00W
39		VwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtPzjQgNPfTrjsMvyOWAAFr
40		WVR3QLTxnnmXsqnXvwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFHO5+DSYzq8rvQhU
41		ldyvn0y4AqlHMIHGBgNVHSMEgb4wgbuAFHO5+DSYzq8rvQhUldyvn0y4AqlHoYGf
42		pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAG
43		A1UEBxMJQ2FtYnJpZGdlMQwwCgYDVQQKEwNNSVQxIjAgBgNVBAsTGUluc2VjdXJl
44		IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMUI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
	28	MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	29	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	30	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	31	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	32	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
	33	VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
	34	AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
	35	eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
	36	b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
	37	Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
	38	3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
	39	ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
	40	GDy+ZCKmxf8Zu/8SwwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFPf/vJvFMCwrABeC
	41	C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
	42	pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
	43	A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
	44	IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
45	45	dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMFkG
46	46	A1UdEQRSMFCCFnByb3h5xaB1YmplY3TDhGx0w5FhbWWCE3Byb3h5U3ViamVjdEFs
47	47	dE5hbWWHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDATBgNVHSUE
48		DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAfTctgFjQSaevBi64q7yh
49		GNsK3PqeNEALZz4pSXRbOwm0E4RpYIS7uqg1C4zJ5Zbd4V/dOX7q+T/iBS7gErzS
50		rj21jH3Ggc92TmXzcFxMDCxLV0hO8xFkqg3P4sslJESOHxvEMTTf5s893yUb8vJ/
51		DCvZXXRoRwPot9MFozkmcQcaTNunREWFvn4i4JXcMCSAfWTd+/VkpVsy69u3tj68
52		7G2/K5nalvZikutEC+DyfyBuvDAoxIYzCi3VtQxCalW28Q5hzWV21QsvKTP5QBsh
53		RaU2r0O58lZPPvrOrtWQBCudUgsnoraVLrjJshEQ4z/ZA9fVtX2ndCSIoyWpWk01
54		gQ==
	48	DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAsMRJnxdbnpm5VlCFwNyU
	49	8ra1wCjj+ZH0POVCM4iXQ77bV6UBpcqlaQUvR7R/H1Bt5t3Cp0ycN/dy+RcXtj+5
	50	FA84bRM767rsakxTEwjOjWw6GiK6bGjBfQ4F6Q97ELmiM0OZgmW8D56UHZxrI+o7
	51	QrKWBpFf1UA8n/BmupHBtyW3gudtJS9a71u6lBRydPFqJ4l8YxHckbgPFceSRbRj
	52	x7E2pQVQ0p2nvG/NVyuC+2L29p81KAsG3vPzwOOfr1Tnpl1/B4R0+XEIy33KHpbz
	53	Ceyitz6k16fOVNxMI59W2OACPTQ/s99kygh+cARRPfEUPjDcJpS1gRZ6kDKRh6Np
	54	ig==
55	55	-----END CERTIFICATE-----

+49

-49

src/tests/dejagnu/proxy-certs/proxy-no-match.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpQIBAAKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPU
2		oCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4I
3		NTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZ
4		FlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5x
5		Nw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtP
6		zjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABAoIBAQCqvhpeMDXhGgoo
7		Q03wmfrGwPsrMv91aIK1hYrhMPdVs1JAbRYiKh8+pcq07FYa8udRaB4UwkVh/+oM
8		/nEs6niRsl/jjQ2l68TFrnNByroynvr6l9Q/EeGecF6Ygo7lY1OsFhcLQM5vjarS
9		XhxvdU/6hcRmfS8tGRpUaMWqfmpiN3YgJcgt8SoYhiwAYDTMJjNyWC61lO7IqNVR
10		4kntiM24sfAu1sdZynX8Gp2GrpNChapEuhilQ8RayjuStEYr2abcSIjfZFHQXN7o
11		TnjL+AQUzc/ZTXDGnIe9ZzZeFz8UCueeoN6KPxfrq9UUWRL6qt7gOIMdhYR6lFxt
12		6pj6kLhxAoGBAO5DTnTKDfCMY2/AsTzCJvMGSY0bT1rsdDxrpqjrbUSeMHV3s5Lm
13		vEPnnm+05FD/vi99+HZjHXAZFkhA3ubij2qWFPBnQ5YUoh17IW/Ae4bzY2uXikgL
14		tLZ+R+OrcGYQQlvPn//PLsxbfdk5vraqzm08kIX0T4o4Iz8ST5NFJ8hVAoGBAOdB
15		ahXr14563Cjeu0pSQ1nXoz3IXdnDwePXasYhxQHl8Ayk8qZS5pt7r07H3dqq6pvn
16		e09gZINJe47B9UhkR3H5bPyz/kujKS4zqo3Zlbryzm3V0BWqjNj+j8E2YuQKNQr+
17		c480jn2FzwW66w0i3n4U4KUn1w2/iq5AnVzyNkPDAoGAWLYEsyU79XE/4K79DqM3
18		P0r6/afKbw8U5B4syj4FzAOeBU6RNMPmGt5VNkBCtgnSdPpRFTsoDcG5cyN8GrkG
19		Lug8WZoJJwr9pT5gH6yqEX/zZ27f1J1PJpd0CsedLNMm8eonJ2arhPkXrVZ7tKV6
20		AGAJa2agatUmAmi96hZYjpUCgYEA32abJEgsedEIhFb/GYI03ELryRCaUXfCA+gj
21		lvoihn3qE1z5qGGns4adyX5dPRQmBqxtvDXDg+zl9vg6i0+MkXdCqTD8tXcOnjp9
22		RgFvmyVa9FI8beHPpQTuPNncWK3fpho/6pT8Hhi48LEsxwjrZWOnzQSaxQZH46Q6
23		IQNAFt8CgYEAkflxXvA2/2naix+riaBzv5EVJB7ilbfWiWtq2LEAtwrQ5XNFjrtK
24		g45jKrZ/ezAzTfPa5Dwn4xcImd0MIavnJhDu2ATxMGB0GATLlDH2HZvU7UwKLpTW
25		6Hlol4yRcX4GSEOxJ2ZpWYNIOYH0yDf1qLJXs1j8Fi3zWRe+V1kff4w=
	1	MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
	2	kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
	3	e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
	4	SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
	5	j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
	6	zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
	7	HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
	8	q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
	9	zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
	10	ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
	11	21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
	12	YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
	13	1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
	14	AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
	15	47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
	16	RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
	17	lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
	18	tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
	19	hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
	20	5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
	21	yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
	22	vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
	23	CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
	24	X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
	25	Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
26	26	-----END RSA PRIVATE KEY-----
27	27	-----BEGIN CERTIFICATE-----
28		MIIEhzCCA2+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
29		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
30		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
31		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
32		NDA1MDIxOTA2MDhaFw0yNTA0MTQxOTA2MDhaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
33		VQQIEw1NYXNzYWNodXNldHRzMRQwEgYDVQQKEwtLUkJURVNULkNPTTEXMBUGA1UE
34		AxMOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
35		AQDXO52ek3wU/uIufW+CTJNKf9FDFfHXK3rOKQdoytU+OSNc89SgIWlZLd54jhpA
36		WiP3cvkzBkOZLE5+UECovBXYAwBpytic08kiQe1tgp1Wy/D1vgg1NapX38M44M7t
37		SjDIymmY7fn+lRdosv4CMeMvDX8SFDdli2p+kAw6R/lOdLka2pkWWtiBkoTy9MLw
38		HEMozsViFZjPuSn+0bdLw79FOc/s136HVh2maUcEZ+7AhEgnPnE3DoohwLLdDQ02
39		gqeHTRZXAuZH7HXUEZKQyOJlmTAnkPRE5tKDXdAP+K2sahXaC0/ONCA099OuOwy/
40		I5YAAWtZVHdAtPGeeZeyqde/AgMBAAGjggEcMIIBGDAdBgNVHQ4EFgQUc7n4NJjO
41		ryu9CFSV3K+fTLgCqUcwgcYGA1UdIwSBvjCBu4AUc7n4NJjOryu9CFSV3K+fTLgC
42		qUehgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
43		MRIwEAYDVQQHEwlDYW1icmlkZ2UxDDAKBgNVBAoTA01JVDEiMCAGA1UECxMZSW5z
44		ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAxQjdGVzdCBzdWl0ZSBDQTsg
	28	MIIEhzCCA2+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	29	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	30	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	31	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	32	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
	33	VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTEXMBUGA1UE
	34	AwwOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
	35	AQDngcJ5NNR7XbumqMryvbw0YzDavbH6FYoprIfk2ao6qfCfNEeRkTlSORrND+H3
	36	tLotnphvzDeYkTJfU91w0BEPDaZs48WTk325ecFvoBmiDuGH3Ax7/+D1rs+kpqd/
	37	Dr19JWACvj1MUWIugq7JOAeIk4HtiA/RtMcQ7iUuq6w9AzXqVENJ2heDja50CHe4
	38	Fj5AOzbeyctKIH72+3yC3qBeJphvcEE5az0Hc8qzfvg32Q4+yByP7yTJH8z6r5F8
	39	rluKpLdx7+zG89XQqx6H//W4nGVtALA6IF3dMtYcuFb0XuvMRy/OfUx9yTfmzRcM
	40	NGUbFEYYPL5kIqbF/xm7/xLDAgMBAAGjggEcMIIBGDAdBgNVHQ4EFgQU9/+8m8Uw
	41	LCsAF4ILSyrtEZ9h4iIwgcYGA1UdIwSBvjCBu4AU9/+8m8UwLCsAF4ILSyrtEZ9h
	42	4iKhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRz
	43	MRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEiMCAGA1UECwwZSW5z
	44	ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAwwjdGVzdCBzdWl0ZSBDQTsg
45	45	ZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0PBAQDAgPoMAwGA1UdEwEB/wQC
46		MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBAMsP++r4
47		vki0mBJg3POpp0i+H6zNMimoYLLtM5NvwXinfFuFQKbwLm8QWuHVifjfCYxMUm+l
48		iL5cS/bq+SUWGDmrlOhsuu4+aYaxgNiEyki5Rol6miSOHbfOhzX8yp0EBPpq08dg
49		SEdrTd/FIl4qgkkb1A4RJYZRErn/fbsyjJN66KIfSOXJuC8XMBf03Vw9f2rdrHJa
50		r5lVGvqa4wjO2MPq9vVK52VFrbU/zuyyCUtggyIOwGLGSY0Axtbci+IHToDBQes+
51		6W4WwSUCssWfIZXQDLjFw1oRHnN43fXmX5vsVLi7YvOFHOAa1BDnDtCTZit26xVA
52		Mdic66hR2jHP0TE=
	46	MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAI0Ons8g
	47	6aXdZsKSmp1hbwNUvsY5GNl/QHVJIMQbe9zNVkW9Hp286fzkMar6peTB9MEnhzJ5
	48	5mbJM9DkugzgJeG0+HwsSdjAQCOcG4jSQ3SaASETOo58LsaG/yssIaZiZdJBrzNb
	49	1D5fJVVpopZMZ/mKUNB/2ofUVGVBZCdfyOoIbVSkkm1UHJ9liLFK1ZNPDTX60613
	50	YNl4BydTiXtEg+IOYgmFXuZj310dDZUMHuYdzAM5j+6i2JaIcK4PgDE+yG9Oj9N+
	51	uKjj0iHWyoZW49y9Hq/oiMegi2X4XZBtbZlEUu4OkpBJ1QG0MTaz/vN94sHiLOzS
	52	81b7+2BMgHd51+E=
53	53	-----END CERTIFICATE-----

+49

-49

src/tests/dejagnu/proxy-certs/proxy-san.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpQIBAAKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPU
2		oCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4I
3		NTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZ
4		FlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5x
5		Nw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtP
6		zjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABAoIBAQCqvhpeMDXhGgoo
7		Q03wmfrGwPsrMv91aIK1hYrhMPdVs1JAbRYiKh8+pcq07FYa8udRaB4UwkVh/+oM
8		/nEs6niRsl/jjQ2l68TFrnNByroynvr6l9Q/EeGecF6Ygo7lY1OsFhcLQM5vjarS
9		XhxvdU/6hcRmfS8tGRpUaMWqfmpiN3YgJcgt8SoYhiwAYDTMJjNyWC61lO7IqNVR
10		4kntiM24sfAu1sdZynX8Gp2GrpNChapEuhilQ8RayjuStEYr2abcSIjfZFHQXN7o
11		TnjL+AQUzc/ZTXDGnIe9ZzZeFz8UCueeoN6KPxfrq9UUWRL6qt7gOIMdhYR6lFxt
12		6pj6kLhxAoGBAO5DTnTKDfCMY2/AsTzCJvMGSY0bT1rsdDxrpqjrbUSeMHV3s5Lm
13		vEPnnm+05FD/vi99+HZjHXAZFkhA3ubij2qWFPBnQ5YUoh17IW/Ae4bzY2uXikgL
14		tLZ+R+OrcGYQQlvPn//PLsxbfdk5vraqzm08kIX0T4o4Iz8ST5NFJ8hVAoGBAOdB
15		ahXr14563Cjeu0pSQ1nXoz3IXdnDwePXasYhxQHl8Ayk8qZS5pt7r07H3dqq6pvn
16		e09gZINJe47B9UhkR3H5bPyz/kujKS4zqo3Zlbryzm3V0BWqjNj+j8E2YuQKNQr+
17		c480jn2FzwW66w0i3n4U4KUn1w2/iq5AnVzyNkPDAoGAWLYEsyU79XE/4K79DqM3
18		P0r6/afKbw8U5B4syj4FzAOeBU6RNMPmGt5VNkBCtgnSdPpRFTsoDcG5cyN8GrkG
19		Lug8WZoJJwr9pT5gH6yqEX/zZ27f1J1PJpd0CsedLNMm8eonJ2arhPkXrVZ7tKV6
20		AGAJa2agatUmAmi96hZYjpUCgYEA32abJEgsedEIhFb/GYI03ELryRCaUXfCA+gj
21		lvoihn3qE1z5qGGns4adyX5dPRQmBqxtvDXDg+zl9vg6i0+MkXdCqTD8tXcOnjp9
22		RgFvmyVa9FI8beHPpQTuPNncWK3fpho/6pT8Hhi48LEsxwjrZWOnzQSaxQZH46Q6
23		IQNAFt8CgYEAkflxXvA2/2naix+riaBzv5EVJB7ilbfWiWtq2LEAtwrQ5XNFjrtK
24		g45jKrZ/ezAzTfPa5Dwn4xcImd0MIavnJhDu2ATxMGB0GATLlDH2HZvU7UwKLpTW
25		6Hlol4yRcX4GSEOxJ2ZpWYNIOYH0yDf1qLJXs1j8Fi3zWRe+V1kff4w=
	1	MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
	2	kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
	3	e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
	4	SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
	5	j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
	6	zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
	7	HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
	8	q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
	9	zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
	10	ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
	11	21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
	12	YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
	13	1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
	14	AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
	15	47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
	16	RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
	17	lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
	18	tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
	19	hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
	20	5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
	21	yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
	22	vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
	23	CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
	24	X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
	25	Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
26	26	-----END RSA PRIVATE KEY-----
27	27	-----BEGIN CERTIFICATE-----
28		MIIE4jCCA8qgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
29		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
30		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
31		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
32		NDA1MDIxOTA2MDhaFw0yNTA0MTQxOTA2MDhaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
33		VQQIEw1NYXNzYWNodXNldHRzMRQwEgYDVQQKEwtLUkJURVNULkNPTTEXMBUGA1UE
34		AxMOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
35		AQDXO52ek3wU/uIufW+CTJNKf9FDFfHXK3rOKQdoytU+OSNc89SgIWlZLd54jhpA
36		WiP3cvkzBkOZLE5+UECovBXYAwBpytic08kiQe1tgp1Wy/D1vgg1NapX38M44M7t
37		SjDIymmY7fn+lRdosv4CMeMvDX8SFDdli2p+kAw6R/lOdLka2pkWWtiBkoTy9MLw
38		HEMozsViFZjPuSn+0bdLw79FOc/s136HVh2maUcEZ+7AhEgnPnE3DoohwLLdDQ02
39		gqeHTRZXAuZH7HXUEZKQyOJlmTAnkPRE5tKDXdAP+K2sahXaC0/ONCA099OuOwy/
40		I5YAAWtZVHdAtPGeeZeyqde/AgMBAAGjggF3MIIBczAdBgNVHQ4EFgQUc7n4NJjO
41		ryu9CFSV3K+fTLgCqUcwgcYGA1UdIwSBvjCBu4AUc7n4NJjOryu9CFSV3K+fTLgC
42		qUehgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRz
43		MRIwEAYDVQQHEwlDYW1icmlkZ2UxDDAKBgNVBAoTA01JVDEiMCAGA1UECxMZSW5z
44		ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAxQjdGVzdCBzdWl0ZSBDQTsg
	28	MIIE4jCCA8qgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	29	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	30	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	31	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	32	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
	33	VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTEXMBUGA1UE
	34	AwwOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
	35	AQDngcJ5NNR7XbumqMryvbw0YzDavbH6FYoprIfk2ao6qfCfNEeRkTlSORrND+H3
	36	tLotnphvzDeYkTJfU91w0BEPDaZs48WTk325ecFvoBmiDuGH3Ax7/+D1rs+kpqd/
	37	Dr19JWACvj1MUWIugq7JOAeIk4HtiA/RtMcQ7iUuq6w9AzXqVENJ2heDja50CHe4
	38	Fj5AOzbeyctKIH72+3yC3qBeJphvcEE5az0Hc8qzfvg32Q4+yByP7yTJH8z6r5F8
	39	rluKpLdx7+zG89XQqx6H//W4nGVtALA6IF3dMtYcuFb0XuvMRy/OfUx9yTfmzRcM
	40	NGUbFEYYPL5kIqbF/xm7/xLDAgMBAAGjggF3MIIBczAdBgNVHQ4EFgQU9/+8m8Uw
	41	LCsAF4ILSyrtEZ9h4iIwgcYGA1UdIwSBvjCBu4AU9/+8m8UwLCsAF4ILSyrtEZ9h
	42	4iKhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRz
	43	MRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEiMCAGA1UECwwZSW5z
	44	ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAwwjdGVzdCBzdWl0ZSBDQTsg
45	45	ZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0PBAQDAgPoMAwGA1UdEwEB/wQC
46	46	MAAwWQYDVR0RBFIwUIIWcHJveHnFoHViamVjdMOEbHTDkWFtZYITcHJveHlTdWJq
47	47	ZWN0QWx0TmFtZYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MBMG
48		A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQAH6AWuyRLzMbKq
49		MUlyg9ZIar8p0Ms0/UEaa6Xm3/cfm6HSujtgcYlDN3M86Z3zWzWdTrOHsRr/YSG3
50		H3YDhJToKqxcjgho+1xdBPm0xuFsJcypRqGj/mIaJSoa+wC2AdY1EdE+URsh87XC
51		SHYNbxAVo8qBHMjtROm6AKb2YusYqHnkT+U6nc4Pn9UnIzmu4wfoSB+X1vtY24TP
52		AtXNYQEG4BkgSrcsgoL+z/+wtZLU8QFk6JRO7Bedq711Oh/taEasZHjRAmnqC5TB
53		Ab2fnwWuoVZHqz2qydeywXUKrZlctuRVdjE++wOt9xuMPKFGo0PKDw/SymCe61Q8
54		Nc/d2mhz
	48	A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQDQI1/zeNAWvXAG
	49	CTJk+hFLNx7xzd28/vWGkumK60rSmLVLZNDlvfmNJZ/kd7d0YZFvZDvbzhugXigI
	50	5N54664XreRwXA7QkgD2laFd/Rzq+6NdhyMCno7V6j1VZUm6/FWgfYjfGEBvbGNv
	51	Ue50fyRSQBmFv3p87Av/Zc0OMjted0zOYUxUPH0OL+2e4BL/suo05Q5DZq+J8Dni
	52	7SJbDC0fp5mKVLQ500zIRwUF2y5TE4olBsYBoaMDxQl+HoG6XpzaVslTKXAvzFMk
	53	8beI2BmqUId1OSLa3TOKnbsK8K/MPnSnB5StINt1+ZtTjjV+dY3xB6ZC+G1Pl6Ta
	54	00C7EWul
55	55	-----END CERTIFICATE-----

+49

-49

src/tests/dejagnu/proxy-certs/proxy-subject.pem less more

0	0	-----BEGIN RSA PRIVATE KEY-----
1		MIIEpQIBAAKCAQEA1zudnpN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPU
2		oCFpWS3eeI4aQFoj93L5MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4I
3		NTWqV9/DOODO7UowyMppmO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZ
4		FlrYgZKE8vTC8BxDKM7FYhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5x
5		Nw6KIcCy3Q0NNoKnh00WVwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtP
6		zjQgNPfTrjsMvyOWAAFrWVR3QLTxnnmXsqnXvwIDAQABAoIBAQCqvhpeMDXhGgoo
7		Q03wmfrGwPsrMv91aIK1hYrhMPdVs1JAbRYiKh8+pcq07FYa8udRaB4UwkVh/+oM
8		/nEs6niRsl/jjQ2l68TFrnNByroynvr6l9Q/EeGecF6Ygo7lY1OsFhcLQM5vjarS
9		XhxvdU/6hcRmfS8tGRpUaMWqfmpiN3YgJcgt8SoYhiwAYDTMJjNyWC61lO7IqNVR
10		4kntiM24sfAu1sdZynX8Gp2GrpNChapEuhilQ8RayjuStEYr2abcSIjfZFHQXN7o
11		TnjL+AQUzc/ZTXDGnIe9ZzZeFz8UCueeoN6KPxfrq9UUWRL6qt7gOIMdhYR6lFxt
12		6pj6kLhxAoGBAO5DTnTKDfCMY2/AsTzCJvMGSY0bT1rsdDxrpqjrbUSeMHV3s5Lm
13		vEPnnm+05FD/vi99+HZjHXAZFkhA3ubij2qWFPBnQ5YUoh17IW/Ae4bzY2uXikgL
14		tLZ+R+OrcGYQQlvPn//PLsxbfdk5vraqzm08kIX0T4o4Iz8ST5NFJ8hVAoGBAOdB
15		ahXr14563Cjeu0pSQ1nXoz3IXdnDwePXasYhxQHl8Ayk8qZS5pt7r07H3dqq6pvn
16		e09gZINJe47B9UhkR3H5bPyz/kujKS4zqo3Zlbryzm3V0BWqjNj+j8E2YuQKNQr+
17		c480jn2FzwW66w0i3n4U4KUn1w2/iq5AnVzyNkPDAoGAWLYEsyU79XE/4K79DqM3
18		P0r6/afKbw8U5B4syj4FzAOeBU6RNMPmGt5VNkBCtgnSdPpRFTsoDcG5cyN8GrkG
19		Lug8WZoJJwr9pT5gH6yqEX/zZ27f1J1PJpd0CsedLNMm8eonJ2arhPkXrVZ7tKV6
20		AGAJa2agatUmAmi96hZYjpUCgYEA32abJEgsedEIhFb/GYI03ELryRCaUXfCA+gj
21		lvoihn3qE1z5qGGns4adyX5dPRQmBqxtvDXDg+zl9vg6i0+MkXdCqTD8tXcOnjp9
22		RgFvmyVa9FI8beHPpQTuPNncWK3fpho/6pT8Hhi48LEsxwjrZWOnzQSaxQZH46Q6
23		IQNAFt8CgYEAkflxXvA2/2naix+riaBzv5EVJB7ilbfWiWtq2LEAtwrQ5XNFjrtK
24		g45jKrZ/ezAzTfPa5Dwn4xcImd0MIavnJhDu2ATxMGB0GATLlDH2HZvU7UwKLpTW
25		6Hlol4yRcX4GSEOxJ2ZpWYNIOYH0yDf1qLJXs1j8Fi3zWRe+V1kff4w=
	1	MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
	2	kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
	3	e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
	4	SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
	5	j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
	6	zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
	7	HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
	8	q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
	9	zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
	10	ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
	11	21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
	12	YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
	13	1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
	14	AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
	15	47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
	16	RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
	17	lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
	18	tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
	19	hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
	20	5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
	21	yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
	22	vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
	23	CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
	24	X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
	25	Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
26	26	-----END RSA PRIVATE KEY-----
27	27	-----BEGIN CERTIFICATE-----
28		MIIEgjCCA2qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMx
29		FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEMMAoG
30		A1UEChMDTUlUMSIwIAYDVQQLExlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
31		KgYDVQQDFCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
32		NDA1MDIxOTA2MDhaFw0yNTA0MTQxOTA2MDhaME8xCzAJBgNVBAYTAlVTMRYwFAYD
33		VQQIEw1NYXNzYWNodXNldHRzMRQwEgYDVQQKEwtLUkJURVNULkNPTTESMBAGA1UE
34		AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zud
35		npN8FP7iLn1vgkyTSn/RQxXx1yt6zikHaMrVPjkjXPPUoCFpWS3eeI4aQFoj93L5
36		MwZDmSxOflBAqLwV2AMAacrYnNPJIkHtbYKdVsvw9b4INTWqV9/DOODO7UowyMpp
37		mO35/pUXaLL+AjHjLw1/EhQ3ZYtqfpAMOkf5TnS5GtqZFlrYgZKE8vTC8BxDKM7F
38		YhWYz7kp/tG3S8O/RTnP7Nd+h1YdpmlHBGfuwIRIJz5xNw6KIcCy3Q0NNoKnh00W
39		VwLmR+x11BGSkMjiZZkwJ5D0RObSg13QD/itrGoV2gtPzjQgNPfTrjsMvyOWAAFr
40		WVR3QLTxnnmXsqnXvwIDAQABo4IBHDCCARgwHQYDVR0OBBYEFHO5+DSYzq8rvQhU
41		ldyvn0y4AqlHMIHGBgNVHSMEgb4wgbuAFHO5+DSYzq8rvQhUldyvn0y4AqlHoYGf
42		pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAG
43		A1UEBxMJQ2FtYnJpZGdlMQwwCgYDVQQKEwNNSVQxIjAgBgNVBAsTGUluc2VjdXJl
44		IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMUI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
	28	MIIEgjCCA2qgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
	29	FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
	30	A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
	31	KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
	32	OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
	33	VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
	34	AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
	35	eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
	36	b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
	37	Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
	38	3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
	39	ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
	40	GDy+ZCKmxf8Zu/8SwwIDAQABo4IBHDCCARgwHQYDVR0OBBYEFPf/vJvFMCwrABeC
	41	C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
	42	pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
	43	A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
	44	IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
45	45	dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMBMG
46		A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQCzGPT+QOrl9mbJ
47		nsGlPlLUOF+PYz0a/9V/iznlofxwCXiRi2ryMpLFbjLeOvjLJ3UzyNKtmEeudTBM
48		yfR4i8tb9WA7Oh0BjK1+kD4688bAUXiIDhueKBjonmPvMd9kq3MDd4vDLkcZk6R4
49		4IcbdwhzSBmnJH8ha2J82XShPpRq5CZNR9+vTyFwGdGWdPDjTMiXoXAmpRemcEgO
50		iO4Gxvcrg/Z06Ys3eLze7QHNMAEwXhC4rUR34j5I2zgU7CEhff3AktLmnKVa8go8
51		4BJT/n3XGB+3gdAEihQmgCEZetHH+YxAR0Ppn3ty7fpAlOnbRJqpeu6TMN8x/lL8
52		c6JtDWRG
	46	A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdg7Gk/RqQpTfD
	47	vyFB1GPWRcLYpYW4GQh3e/dcesmwjwT8Nsd4Mzq9mA9TzJIXwffUQ8de85L5+9Oh
	48	k4yiwRS3vDCP0fr+GZMpBqkBVunJIHQnm+RWxT42+0kBxxmO/fqp5ztND8gGBLiW
	49	QPHb+mSCFgmgwnRuW+UI3TZ965oZfd2oRjjHjr51cgxcXndqnNws/kakMpxSM+KT
	50	+ICHNz5og79nC7zpVqu0Cd56stPXbrFeU+bnN5UT9sOZNOYstWZmS8u+ddDuJwhS
	51	ijJZgtQNOIuBfD2TLfDmg/QfLeh5hhgBVyXC5o8g6KEtjPgm+44OF3vNZeuwVPaf
	52	L58YyPcO
53	53	-----END CERTIFICATE-----

+22

-0

src/tests/deps less more

124	124	$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
125	125	$(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
126	126	$(top_srcdir)/include/socket-utils.h plugorder.c
	127	$(OUTPRE)rdreq.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
	128	$(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h rdreq.c
	129	$(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	130	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	131	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
	132	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	133	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	134	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	135	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	136	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	137	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	138	$(top_srcdir)/include/socket-utils.h replay.c
127	139	$(OUTPRE)responder.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
128	140	$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-json.h \
129	141	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
130	142	$(top_srcdir)/include/krb5.h responder.c
131	143	$(OUTPRE)s2p.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
132	144	$(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h s2p.c
	145	$(OUTPRE)s4u2self.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	146	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
	147	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
	148	$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
	149	$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
	150	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
	151	$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
	152	$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
	153	$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
	154	$(top_srcdir)/include/socket-utils.h s4u2self.c
133	155	$(OUTPRE)s4u2proxy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
134	156	$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
135	157	$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \

+31

-10

src/tests/gcred.c less more

32	32	/*
33	33	* This program is intended to be run from a python script as:
34	34	*
35		* gcred nametype princname
	35	* gcred [-f] [-t] nametype princname
36	36	*
37	37	* where nametype is one of "unknown", "principal", "srv-inst", and "srv-hst",
38	38	* and princname is the name of the service principal. gcred acquires

40	40	* the server principal name of the obtained credentials to stdout and exits
41	41	* with status 0. On failure, gcred displays the error message for the failed
42	42	* operation to stderr and exits with status 1.
	43	*
	44	* The -f and -t flags set the KRB5_GC_FORWARDABLE and KRB5_GC_NO_TRANSIT_CHECK
	45	* options respectively.
43	46	*/
44	47
45	48	#include "k5-int.h"

65	68	krb5_principal client, server;
66	69	krb5_ccache ccache;
67	70	krb5_creds in_creds, *creds;
	71	krb5_ticket *ticket;
	72	krb5_flags options = 0;
68	73	char *name;
	74	int c;
69	75
70	76	check(krb5_init_context(&ctx));
71	77
72		/* Parse arguments. */
73		assert(argc == 3);
74		check(krb5_parse_name(ctx, argv[2], &server));
75		if (strcmp(argv[1], "unknown") == 0)
	78	while ((c = getopt(argc, argv, "ft")) != -1) {
	79	switch (c) {
	80	case 'f':
	81	options \|= KRB5_GC_FORWARDABLE;
	82	break;
	83	case 't':
	84	options \|= KRB5_GC_NO_TRANSIT_CHECK;
	85	break;
	86	default:
	87	abort();
	88	}
	89	}
	90	argc -= optind;
	91	argv += optind;
	92	assert(argc == 2);
	93	check(krb5_parse_name(ctx, argv[1], &server));
	94	if (strcmp(argv[0], "unknown") == 0)
76	95	server->type = KRB5_NT_UNKNOWN;
77		else if (strcmp(argv[1], "principal") == 0)
	96	else if (strcmp(argv[0], "principal") == 0)
78	97	server->type = KRB5_NT_PRINCIPAL;
79		else if (strcmp(argv[1], "srv-inst") == 0)
	98	else if (strcmp(argv[0], "srv-inst") == 0)
80	99	server->type = KRB5_NT_SRV_INST;
81		else if (strcmp(argv[1], "srv-hst") == 0)
	100	else if (strcmp(argv[0], "srv-hst") == 0)
82	101	server->type = KRB5_NT_SRV_HST;
83	102	else
84	103	abort();

88	107	memset(&in_creds, 0, sizeof(in_creds));
89	108	in_creds.client = client;
90	109	in_creds.server = server;
91		check(krb5_get_credentials(ctx, 0, ccache, &in_creds, &creds));
92		check(krb5_unparse_name(ctx, creds->server, &name));
	110	check(krb5_get_credentials(ctx, options, ccache, &in_creds, &creds));
	111	check(krb5_decode_ticket(&creds->ticket, &ticket));
	112	check(krb5_unparse_name(ctx, ticket->server, &name));
93	113	printf("%s\n", name);
94	114
	115	krb5_free_ticket(ctx, ticket);
95	116	krb5_free_unparsed_name(ctx, name);
96	117	krb5_free_creds(ctx, creds);
97	118	krb5_free_principal(ctx, client);

+26

-21

src/tests/gssapi/Makefile.in less more

9	9
10	10	SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \
11	11	$(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_ccselect.c \
12		$(srcdir)/t_ciflags.c $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c \
13		$(srcdir)/t_err.c $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \
14		$(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \
15		$(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \
	12	$(srcdir)/t_ciflags.c $(srcdir)/t_context.c $(srcdir)/t_credstore.c \
	13	$(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \
	14	$(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \
	15	$(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_invalid.c \
	16	$(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \
16	17	$(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \
17	18	$(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \
18	19	$(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \

20	21	$(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c
21	22
22	23	OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_ccselect.o \
23		t_ciflags.o t_credstore.o t_enctypes.o t_err.o t_export_cred.o \
24		t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o t_invalid.o \
25		t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o t_lifetime.o \
26		t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o t_s4u2proxy_krb5.o \
27		t_saslname.o t_spnego.o t_srcattrs.o
	24	t_ciflags.o t_context.o t_credstore.o t_enctypes.o t_err.o \
	25	t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \
	26	t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o \
	27	t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o \
	28	t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o
28	29
29	30	COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
30	31	COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
31	32
32		all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_credstore \
33		t_enctypes t_err t_export_cred t_export_name t_gssexts t_imp_cred \
34		t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \
35		t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5 \
36		t_saslname t_spnego t_srcattrs
	33	all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_context \
	34	t_credstore t_enctypes t_err t_export_cred t_export_name t_gssexts \
	35	t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name \
	36	t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u \
	37	t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs
37	38
38	39	check-unix: t_oid
39	40	$(RUN_TEST) ./t_invalid

42	43	$(RUN_TEST) ./t_imp_name
43	44
44	45	check-pytests: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags \
45		t_credstore t_enctypes t_err t_export_cred t_export_name t_imp_cred \
46		t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime t_pcontok \
47		t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs
	46	t_context t_credstore t_enctypes t_err t_export_cred t_export_name \
	47	t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime \
	48	t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs
48	49	$(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS)
49	50	$(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS)
50	51	$(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS)

52	53	$(RUNPYTEST) $(srcdir)/t_export_cred.py $(PYTESTFLAGS)
53	54	$(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS)
54	55	$(RUNPYTEST) $(srcdir)/t_authind.py $(PYTESTFLAGS)
	56	$(RUNPYTEST) $(srcdir)/t_negoex.py $(PYTESTFLAGS)
55	57
56	58	ccinit: ccinit.o $(KRB5_BASE_DEPLIBS)
57	59	$(CC_LINK) -o ccinit ccinit.o $(KRB5_BASE_LIBS)

65	67	$(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS)
66	68	t_ciflags: t_ciflags.o $(COMMON_DEPS)
67	69	$(CC_LINK) -o $@ t_ciflags.o $(COMMON_LIBS)
	70	t_context: t_context.o $(COMMON_DEPS)
	71	$(CC_LINK) -o $@ t_context.o $(COMMON_LIBS)
68	72	t_credstore: t_credstore.o $(COMMON_DEPS)
69	73	$(CC_LINK) -o $@ t_credstore.o $(COMMON_LIBS)
70	74	t_enctypes: t_enctypes.o $(COMMON_DEPS)

114	118
115	119	clean:
116	120	$(RM) ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags
117		$(RM) t_credstore t_enctypes t_err t_export_cred t_export_name
118		$(RM) t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx
119		$(RM) t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok
120		$(RM) t_prf t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs
	121	$(RM) t_context t_credstore t_enctypes t_err t_export_cred
	122	$(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_invalid
	123	$(RM) t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime
	124	$(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5
	125	$(RM) t_saslname t_spnego t_srcattrs

+4

-0

src/tests/gssapi/deps less more

40	40	$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
41	41	$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
42	42	common.h t_ciflags.c
	43	$(OUTPRE)t_context.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
	44	$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
	45	$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
	46	common.h t_context.c
43	47	$(OUTPRE)t_credstore.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
44	48	$(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
45	49	$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \

+6

-4

src/tests/gssapi/t_ccselect.py less more

23	23
24	24	# Create two independent realms (no cross-realm TGTs). For the
25	25	# fallback realm tests we need to control the precise server hostname,
26		# so turn off DNS canonicalization.
27		conf = {'libdefaults': {'dns_canonicalize_hostname': 'false'}}
	26	# so turn off DNS canonicalization and shortname qualification.
	27	conf = {'libdefaults': {'dns_canonicalize_hostname': 'false',
	28	'qualify_shortname': ''}}
28	29	r1 = K5Realm(create_user=False, krb5_conf=conf)
29	30	r2 = K5Realm(create_user=False, krb5_conf=conf, realm='KRBTEST2.COM',
30	31	portbase=62000, testdir=os.path.join(r1.testdir, 'r2'))

75	76	r2.addprinc(zaphod, password('zaphod'))
76	77
77	78	# Create host principals and keytabs for fallback realm tests.
78		r1.addprinc('host/localhost')
79		r2.addprinc('host/localhost')
	79	if hostname != 'localhost':
	80	r1.addprinc('host/localhost')
	81	r2.addprinc('host/localhost')
80	82	r1.addprinc('host/' + foo)
81	83	r2.addprinc('host/' + foo2)
82	84	r1.addprinc('host/' + foobar)

+60

-0

src/tests/gssapi/t_context.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* tests/gssapi/t_context.c - Simple context establishment harness */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include <stdio.h>
	33	#include <stdlib.h>
	34
	35	#include "common.h"
	36
	37	int
	38	main(int argc, char *argv[])
	39	{
	40	OM_uint32 minor, flags;
	41	gss_name_t tname;
	42	gss_ctx_id_t ictx, actx;
	43
	44	if (argc < 2) {
	45	fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
	46	return 1;
	47	}
	48
	49	tname = import_name(argv[1]);
	50
	51	flags = GSS_C_REPLAY_FLAG \| GSS_C_SEQUENCE_FLAG;
	52	establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
	53	tname, flags, &ictx, &actx, NULL, NULL, NULL);
	54
	55	(void)gss_release_name(&minor, &tname);
	56	(void)gss_delete_sec_context(&minor, &ictx, NULL);
	57	(void)gss_delete_sec_context(&minor, &actx, NULL);
	58	return 0;
	59	}

+13

-13

src/tests/gssapi/t_enctypes.py less more

8	8	aes256 = 'aes256-cts-hmac-sha1-96'
9	9	aes128 = 'aes128-cts-hmac-sha1-96'
10	10	des3 = 'des3-cbc-sha1'
	11	d_des3 = 'DEPRECATED:des3-cbc-sha1'
11	12	des3raw = 'des3-cbc-raw'
	13	d_des3raw = 'DEPRECATED:des3-cbc-raw'
12	14	rc4 = 'arcfour-hmac'
	15	d_rc4 = 'DEPRECATED:arcfour-hmac'
13	16
14	17	# These tests make assumptions about the default enctype lists, so set
15	18	# them explicitly rather than relying on the library defaults.
16		enctypes='aes des3 rc4'
17	19	supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
18		conf = {'libdefaults': {
19		'default_tgs_enctypes': enctypes,
20		'default_tkt_enctypes': enctypes,
21		'permitted_enctypes': enctypes},
	20	conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'},
22	21	'realms': {'$realm': {'supported_enctypes': supp}}}
23	22	realm = K5Realm(krb5_conf=conf)
24	23	shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))

84	83	# If only the acceptor constrains the permitted session enctypes to
85	84	# aes128, subkey negotiation fails because the acceptor considers the
86	85	# aes256 session key to be non-permitted.
87		test_err('acc aes128', None, 'aes128-cts', 'Encryption type not permitted')
	86	test_err('acc aes128', None, 'aes128-cts',
	87	'Encryption type aes256-cts-hmac-sha1-96 not permitted')
88	88
89	89	# If the initiator constrains the permitted session enctypes to des3,
90	90	# no acceptor subkey will be generated because we can't upgrade to a
91	91	# CFX enctype.
92	92	test('init des3', 'des3', None,
93		tktenc=aes256, tktsession=des3,
	93	tktenc=aes256, tktsession=d_des3,
94	94	proto='rfc1964', isubkey=des3raw, asubkey=None)
95	95
96	96	# Force the ticket session key to be rc4, so we can test some subkey

101	101	# [aes256 aes128 des3] and the acceptor should upgrade to an aes256
102	102	# subkey.
103	103	test('upgrade noargs', None, None,
104		tktenc=aes256, tktsession=rc4,
	104	tktenc=aes256, tktsession=d_rc4,
105	105	proto='cfx', isubkey=rc4, asubkey=aes256)
106	106
107	107	# If the initiator won't permit rc4 as a session key, it won't be able

111	111	# If the initiator permits rc4 but prefers aes128, it will send an
112	112	# upgrade list of [aes128] and the acceptor will upgrade to aes128.
113	113	test('upgrade init aes128+rc4', 'aes128-cts rc4', None,
114		tktenc=aes256, tktsession=rc4,
	114	tktenc=aes256, tktsession=d_rc4,
115	115	proto='cfx', isubkey=rc4, asubkey=aes128)
116	116
117	117	# If the initiator permits rc4 but prefers des3, it will send an
118	118	# upgrade list of [des3], but the acceptor won't generate a subkey
119	119	# because des3 isn't a CFX enctype.
120	120	test('upgrade init des3+rc4', 'des3 rc4', None,
121		tktenc=aes256, tktsession=rc4,
	121	tktenc=aes256, tktsession=d_rc4,
122	122	proto='rfc1964', isubkey=rc4, asubkey=None)
123	123
124	124	# If the acceptor permits only aes128, subkey negotiation will fail

127	127	# is only for the sake of the kernel, since we could upgrade to an
128	128	# aes128 subkey, but it's the current semantics.)
129	129	test_err('upgrade acc aes128', None, 'aes128-cts',
130		'Encryption type ArcFour with HMAC/md5 not permitted')
	130	'Encryption type arcfour-hmac not permitted')
131	131
132	132	# If the acceptor permits rc4 but prefers aes128, it will negotiate an
133	133	# upgrade to aes128.
134	134	test('upgrade acc aes128 rc4', None, 'aes128-cts rc4',
135		tktenc=aes256, tktsession=rc4,
	135	tktenc=aes256, tktsession=d_rc4,
136	136	proto='cfx', isubkey=rc4, asubkey=aes128)
137	137
138	138	# In this test, the initiator and acceptor each prefer an AES enctype
139	139	# to rc4, but they can't agree on which one, so no subkey is
140	140	# generated.
141	141	test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4',
142		tktenc=aes256, tktsession=rc4,
	142	tktenc=aes256, tktsession=d_rc4,
143	143	proto='rfc1964', isubkey=rc4, asubkey=None)
144	144
145	145	success('gss_krb5_set_allowable_enctypes tests')

+8

-3

src/tests/gssapi/t_err.c less more

73	73	gss_buffer_desc itok, atok;
74	74	gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
75	75
76		if (argc != 2) {
77		fprintf(stderr, "Usage: %s targetname\n", argv[0]);
	76	argv++;
	77	if (argv != NULL && strcmp(argv, "--spnego") == 0) {
	78	mech = &mech_spnego;
	79	argv++;
	80	}
	81	if (*argv == NULL \|\| argv[1] != NULL) {
	82	fprintf(stderr, "Usage: t_err targetname\n");
78	83	return 1;
79	84	}
80		tname = import_name(argv[1]);
	85	tname = import_name(*argv);
81	86
82	87	/* Get the initial context token. */
83	88	flags = GSS_C_REPLAY_FLAG \| GSS_C_SEQUENCE_FLAG \| GSS_C_MUTUAL_FLAG;

+1

-0

src/tests/gssapi/t_gssapi.py less more

177	177	# Test that accept_sec_context can produce an error token and
178	178	# init_sec_context can interpret it.
179	179	realm.run(['./t_err', 'p:' + realm.host_princ])
	180	realm.run(['./t_err', '--spnego', 'p:' + realm.host_princ])
180	181
181	182	# Test the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option.
182	183	realm.run(['./t_ciflags', 'p:' + realm.host_princ])

+1

-19

src/tests/gssapi/t_invalid.c less more

83	83	size_t toklen;
84	84	const char *token;
85	85	} tests[] = {
86		{
87		ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_RAW,
88		SEAL_ALG_DES, SGN_ALG_DES_MAC_MD5, 8,
89		8,
90		"\x26\xEC\xBA\xB6\xFE\xBA\x91\xCE",
91		53,
92		"\x60\x33\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x00"
93		"\x00\x00\x00\xFF\xFF\xF0\x0B\x90\x7B\xC4\xFC\xEB\xF4\x84\x9C\x5A"
94		"\xA8\x56\x41\x3E\xE1\x62\xEE\x38\xD1\x34\x9A\xE3\xFB\xC9\xFD\x0A"
95		"\xDC\x83\xE1\x4A\xE4"
96		},
97	86	{
98	87	ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW,
99	88	SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20,

159	148	gss_union_ctx_id_t uctx;
160	149	krb5_gss_ctx_id_t kgctx;
161	150	krb5_keyblock kb;
162		unsigned char encbuf[8];
163		size_t i;
164	151
165	152	kgctx = calloc(1, sizeof(*kgctx));
166	153	if (kgctx == NULL)

183	170	if (krb5_k_create_key(NULL, &kb, &kgctx->seq) != 0)
184	171	abort();
185	172
186		if (kb.enctype == ENCTYPE_DES_CBC_RAW) {
187		for (i = 0; i < 8; i++)
188		encbuf[i] = kb.contents[i] ^ 0xF0;
189		kb.contents = encbuf;
190		}
191	173	if (krb5_k_create_key(NULL, &kb, &kgctx->enc) != 0)
192	174	abort();
193	175

247	229	gss_iov_buffer_desc iov;
248	230
249	231	store_16_be(KG_TOK_SIGN_MSG, tokbuf);
250		store_16_le(SGN_ALG_DES_MAC_MD5, tokbuf + 2);
	232	store_16_le(SGN_ALG_HMAC_MD5, tokbuf + 2);
251	233	store_16_le(SEAL_ALG_NONE, tokbuf + 4);
252	234	store_16_le(0xFFFF, tokbuf + 6);
253	235	memset(tokbuf + 8, 0, 16);

+142

-0

src/tests/gssapi/t_negoex.py less more

	0	from k5test import *
	1
	2	# The next arc after 2.25 is supposed to be a single-integer UUID, but
	3	# since our gss_str_to_oid() can't handle arc values that don't fit in
	4	# an unsigned long, we use random unsigned 32-bit integers instead.
	5	# The final octet if the OID encoding will be used to identify the
	6	# mechanism when changing the behavior of just one mech.
	7	nxtest_oid1 = '2.25.1414534758' # final octet is 102 (0x66)
	8	nxtest_oid2 = '2.25.1175737388' # final octet is 44 (0x2C)
	9	nxtest_path = os.path.join(buildtop, 'plugins', 'gssapi', 'negoextest',
	10	'gss_negoextest.so')
	11
	12	# Test gss_add_cred().
	13	realm = K5Realm(create_kdb=False)
	14	with open(realm.gss_mech_config, 'w') as f:
	15	f.write('negoextest %s %s\n' % (nxtest_oid1, nxtest_path))
	16	f.write('negoextest %s %s\n' % (nxtest_oid2, nxtest_path))
	17
	18	def test(envvars, **kw):
	19	# Python 3.5: e = {realm.env, vars}
	20	e = realm.env.copy()
	21	e.update(envvars)
	22	realm.run(['./t_context', 'h:host'], env=e, **kw)
	23
	24	# Test varying numbers of hops, and spot-check that messages are sent
	25	# in the appropriate sequence.
	26
	27	mark('One hop')
	28	msgs = ('sending [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
	29	'd1b08469-2ca8-0000-0000-000000000000',
	30	'sending [1]INITIATOR_META_DATA: c0a28569-66ac',
	31	'sending [2]INITIATOR_META_DATA: d1b08469-2ca8',
	32	'sending [3]AP_REQUEST: c0a28569-66ac',
	33	'sending [4]VERIFY: c0a28569-66ac',
	34	'received [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
	35	'd1b08469-2ca8-0000-0000-000000000000',
	36	'received [1]INITIATOR_META_DATA: c0a28569-66ac',
	37	'received [2]INITIATOR_META_DATA: d1b08469-2ca8',
	38	'received [3]AP_REQUEST: c0a28569-66ac',
	39	'received [4]VERIFY: c0a28569-66ac',
	40	'sending [5]ACCEPTOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
	41	'd1b08469-2ca8-0000-0000-000000000000',
	42	'sending [6]ACCEPTOR_META_DATA: c0a28569-66ac',
	43	'sending [7]ACCEPTOR_META_DATA: d1b08469-2ca8',
	44	'sending [8]VERIFY: c0a28569-66ac',
	45	'received [5]ACCEPTOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
	46	'd1b08469-2ca8-0000-0000-000000000000',
	47	'received [6]ACCEPTOR_META_DATA: c0a28569-66ac',
	48	'received [7]ACCEPTOR_META_DATA: d1b08469-2ca8',
	49	'received [8]VERIFY: c0a28569-66ac')
	50	test({'HOPS': '1'}, expected_trace=msgs)
	51
	52	mark('Two hops')
	53	msgs = ('sending [7]CHALLENGE', 'sending [8]VERIFY', 'received [8]VERIFY',
	54	'sending [9]VERIFY')
	55	test({'HOPS': '2'}, expected_trace=msgs)
	56
	57	mark('Three hops')
	58	msgs = ('sending [8]AP_REQUEST', 'sending [9]VERIFY', 'received [8]AP_REQUEST',
	59	'sending [10]VERIFY')
	60	test({'HOPS': '3'}, expected_trace=msgs)
	61
	62	mark('Four hops')
	63	msgs = ('sending [9]CHALLENGE', 'sending [10]VERIFY', 'received [9]CHALLENGE',
	64	'sending [11]VERIFY')
	65	test({'HOPS': '4'}, expected_trace=msgs)
	66
	67	mark('Early keys, three hops')
	68	msgs = ('sending [4]VERIFY', 'sending [9]VERIFY', 'sending [10]AP_REQUEST')
	69	test({'HOPS': '3', 'KEY': 'always'}, expected_trace=msgs)
	70
	71	mark('Early keys, four hops')
	72	msgs = ('sending [4]VERIFY', 'sending [9]VERIFY', 'sending [10]AP_REQUEST',
	73	'sending [11]CHALLENGE')
	74	test({'HOPS': '4', 'KEY': 'always'}, expected_trace=msgs)
	75
	76	mark('No keys')
	77	test({'KEY': 'never'}, expected_code=1, expected_msg='No NegoEx verify key')
	78
	79	mark('No optimistic token')
	80	msgs = ('sending [3]ACCEPTOR_NEGO', 'sending [6]AP_REQUEST',
	81	'sending [7]VERIFY', 'sending [8]VERIFY')
	82	test({'NEGOEX_NO_OPTIMISTIC_TOKEN': ''}, expected_trace=msgs)
	83
	84	mark('First mech initiator query fail')
	85	msgs = ('sending [0]INITIATOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
	86	'sending [2]AP_REQUEST', 'sending [3]VERIFY',
	87	'sending [4]ACCEPTOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
	88	'sending [6]VERIFY')
	89	test({'INIT_QUERY_FAIL': '102'}, expected_trace=msgs)
	90
	91	mark('First mech acceptor query fail')
	92	msgs = ('sending [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
	93	'd1b08469-2ca8-0000-0000-000000000000',
	94	'sending [3]AP_REQUEST: c0a28569-66ac',
	95	'sending [4]VERIFY: c0a28569-66ac',
	96	'sending [5]ACCEPTOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
	97	'sending [7]AP_REQUEST: d1b08469-2ca8',
	98	'sending [8]VERIFY: d1b08469-2ca8',
	99	'sending [9]VERIFY: d1b08469-2ca8')
	100	test({'ACCEPT_QUERY_FAIL': '102'}, expected_trace=msgs)
	101
	102	# Same messages as previous test.
	103	mark('First mech acceptor exchange fail')
	104	test({'ACCEPT_EXCHANGE_FAIL': '102'}, expected_trace=msgs)
	105
	106	# Fail the optimistic mech's gss_exchange_meta_data() in the
	107	# initiator. Since the acceptor has effectively selected the
	108	# optimistic mech, this causes the authentication to fail.
	109	mark('First mech initiator exchange fail, one hop')
	110	test({'HOPS': '1', 'INIT_EXCHANGE_FAIL': '102'}, expected_code=1,
	111	expected_msg='No mutually supported NegoEx authentication schemes')
	112	mark('First mech initiator exchange fail, two hops, early keys')
	113	test({'HOPS': '2', 'INIT_EXCHANGE_FAIL': '102', 'KEY': 'always'},
	114	expected_code=1,
	115	expected_msg='No mutually supported NegoEx authentication schemes')
	116	mark('First mech initiator exchange fail, two hops')
	117	test({'HOPS': '2', 'INIT_EXCHANGE_FAIL': '102'}, expected_code=1,
	118	expected_msg='No mutually supported NegoEx authentication schemes')
	119
	120	mark('First mech init_sec_context fail')
	121	msgs = ('sending [0]INITIATOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
	122	'sending [2]AP_REQUEST', 'sending [3]VERIFY', 'sending [6]VERIFY')
	123	test({'INIT_FAIL': '102'}, expected_trace=msgs)
	124
	125	mark('First mech accept_sec_context fail')
	126	test({'HOPS': '2', 'ACCEPT_FAIL': '102'}, expected_code=1,
	127	expected_msg='failure from acceptor')
	128
	129	mark('ALERT from acceptor to initiator')
	130	msgs = ('sending [3]AP_REQUEST', 'sending [4]VERIFY', 'sending [8]CHALLENGE',
	131	'sending [9]ALERT', 'received [9]ALERT', 'sending [10]AP_REQUEST',
	132	'sending [11]VERIFY', 'sending [12]VERIFY')
	133	test({'HOPS': '3', 'KEY': 'init-always'}, expected_trace=msgs)
	134
	135	mark('ALERT from initiator to acceptor')
	136	msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY',
	137	'sending [9]AP_REQUEST', 'sending [10]ALERT', 'received [10]ALERT',
	138	'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY')
	139	test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=())
	140
	141	success('NegoEx tests')

+2

-14

src/tests/gssapi/t_pcontok.c less more

42	42	#include "k5-int.h"
43	43	#include "common.h"
44	44
45		#define SGN_ALG_DES_MAC_MD5 0x00
46	45	#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04
47	46	#define SGN_ALG_HMAC_MD5 0x11
48	47

77	76	ret = krb5_k_create_key(context, &seqkb, &seq);
78	77	check_k5err(context, "krb5_k_create_key", ret);
79	78
80		if (signalg == SGN_ALG_DES_MAC_MD5) {
81		cktype = CKSUMTYPE_RSA_MD5;
82		cksize = 8;
83		ckusage = 0;
84		} else if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) {
	79	if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) {
85	80	cktype = CKSUMTYPE_HMAC_SHA1_DES3;
86	81	cksize = 20;
87	82	ckusage = 23;

121	116	d = make_data(ptr - 8, 8);
122	117	ret = krb5_k_make_checksum(context, cktype, seq, ckusage, &d, &cksum);
123	118	check_k5err(context, "krb5_k_make_checksum", ret);
124		if (signalg == SGN_ALG_DES_MAC_MD5) {
125		iov.flags = KRB5_CRYPTO_TYPE_DATA;
126		iov.data = make_data(cksum.contents, 16);
127		ret = krb5_k_encrypt_iov(context, seq, 0, NULL, &iov, 1);
128		memcpy(ptr + 8, cksum.contents + 8, 8);
129		} else {
130		memcpy(ptr + 8, cksum.contents, cksize);
131		}
	119	memcpy(ptr + 8, cksum.contents, cksize);
132	120
133	121	/* Create the sequence number (8 bytes). */
134	122	iov.flags = KRB5_CRYPTO_TYPE_DATA;

+0

-7

src/tests/gssapi/t_prf.c less more

40	40	const char *key2;
41	41	const char *out2;
42	42	} tests[] = {
43		{ ENCTYPE_DES_CBC_CRC,
44		"E607FE9DABB57AE0",
45		"803C4121379FC4B87CE413B67707C4632EBED2C6D6B7"
46		"2A55E878836E35E21600D915D590DED5B6D77BB30A1F",
47		"54758316B6257A75",
48		"279E4105F7ADC9BD6EF28ABE31D89B442FE0058388BA"
49		"33264ACB5729562DC637950F6BD144B654BE7700B2D6" },
50	43	{ ENCTYPE_DES3_CBC_SHA1,
51	44	"70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2",
52	45	"9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9"

+198

-24

src/tests/gssapi/t_s4u.py less more

0	0	from k5test import *
	1	from base64 import b64encode
	2	import shutil
1	3
2	4	realm = K5Realm(create_host=False, get_creds=False)
3	5	usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')

33	35	output = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
34	36	pservice1, pservice2], expected_code=1)
35	37	if ('auth1: ' + realm.user_princ not in output or
36		'NOT_ALLOWED_TO_DELEGATE' not in output):
	38	'KDC can\'t fulfill requested option' not in output):
37	39	fail('krb5 -> s4u2proxy')
38	40
39	41	# Again with SPNEGO.

41	43	'-', pservice1, pservice2],
42	44	expected_code=1)
43	45	if ('auth1: ' + realm.user_princ not in output or
44		'NOT_ALLOWED_TO_DELEGATE' not in output):
	46	'KDC can\'t fulfill requested option' not in output):
45	47	fail('krb5 -> s4u2proxy (SPNEGO)')
46	48
47		# Try krb5 -> S4U2Proxy without forwardable user creds. This should
48		# result in no delegated credential being created by
49		# accept_sec_context.
	49	# Try krb5 -> S4U2Proxy without forwardable user creds.
50	50	realm.kinit(realm.user_princ, password('user'), ['-c', usercache])
51		realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, pservice1,
52		pservice1, pservice2], expected_msg='no credential delegated')
53
54		# Try S4U2Self. Ask for an S4U2Proxy step; this won't happen because
	51	output = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, pservice1,
	52	pservice1, pservice2], expected_code=1)
	53	if ('auth1: ' + realm.user_princ not in output or
	54	'KDC can\'t fulfill requested option' not in output):
	55	fail('krb5 -> s4u2proxy not-forwardable')
	56
	57	# Try S4U2Self. Ask for an S4U2Proxy step; this won't succeed because
55	58	# service/1 isn't allowed to get a forwardable S4U2Self ticket.
56		output = realm.run(['./t_s4u', puser, pservice2])
57		if ('Warning: no delegated cred handle' not in output or
58		'Source name:\t' + realm.user_princ not in output):
59		fail('s4u2self')
60		output = realm.run(['./t_s4u', '--spnego', puser, pservice2])
61		if ('Warning: no delegated cred handle' not in output or
62		'Source name:\t' + realm.user_princ not in output):
63		fail('s4u2self (SPNEGO)')
	59	realm.run(['./t_s4u', puser, pservice2], expected_code=1,
	60	expected_msg='KDC can\'t fulfill requested option')
	61	realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1,
	62	expected_msg='KDC can\'t fulfill requested option')
64	63
65	64	# Correct that problem and try again. As above, the S4U2Proxy step
66	65	# won't actually succeed since we don't support that in DB2.
67	66	realm.run([kadminl, 'modprinc', '+ok_to_auth_as_delegate', service1])
68	67	realm.run(['./t_s4u', puser, pservice2], expected_code=1,
69		expected_msg='NOT_ALLOWED_TO_DELEGATE')
	68	expected_msg='KDC can\'t fulfill requested option')
70	69
71	70	# Again with SPNEGO. This uses SPNEGO for the initial authentication,
72	71	# but still uses krb5 for S4U2Proxy--the delegated cred is returned as
73	72	# a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred
74	73	# directly rather than saving and reacquiring it.
75	74	realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1,
76		expected_msg='NOT_ALLOWED_TO_DELEGATE')
	75	expected_msg='KDC can\'t fulfill requested option')
77	76
78	77	realm.stop()
79	78

158	157	mark('cross-realm S4U2Self')
159	158	testprincs = {'krbtgt/SREALM': {'keys': 'aes128-cts'},
160	159	'krbtgt/UREALM': {'keys': 'aes128-cts'},
161		'user': {'keys': 'aes128-cts', 'flags': '+preauth'}}
	160	'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
	161	'other': {'keys': 'aes128-cts'}}
162	162	kdcconf1 = {'realms': {'$realm': {'database_module': 'test'}},
163	163	'dbmodules': {'test': {'db_library': 'test',
164	164	'princs': testprincs,

177	177	r2.start_kdc()
178	178	r1.extract_keytab(r1.user_princ, r1.keytab)
179	179	r1.kinit(r1.user_princ, None, ['-k', '-t', r1.keytab])
	180	savefile = r1.ccache + '.save'
	181	shutil.copyfile(r1.ccache, savefile)
180	182
181	183	# Include a regression test for #8741 by unsetting the default realm.
182	184	remove_default = {'libdefaults': {'default_realm': None}}

192	194	r1.run(['./t_s4u', 'p:' + r2.user_princ, '-', r1.keytab], env=no_default,
193	195	expected_trace=msgs)
194	196
195		# Test realm identification of enterprise principal names ([MS-S4U]
	197	# Test realm identification of enterprise principal names ([MS-SFU]
196	198	# 3.1.5.1.1.1). Attach a bogus realm to the enterprise name to verify
197	199	# that we start at the server realm.
198	200	mark('cross-realm S4U2Self with enterprise name')
199	201	msgs = ('Getting initial credentials for enterprise\\@abc@SREALM',
200		'Processing preauth types: PA-FOR-X509-USER (130)',
201	202	'Sending unauthenticated request',
202	203	'/Realm not local to KDC',
203	204	'Following referral to realm UREALM',
204		'Processing preauth types: PA-FOR-X509-USER (130)',
205	205	'Sending unauthenticated request',
206	206	'/Additional pre-authentication required',
207		'/Generic preauthentication failure',
	207	'Identified realm of client principal as UREALM',
208	208	'Getting credentials enterprise\\@abc@UREALM -> user@SREALM',
209	209	'TGS reply is for enterprise\@abc@UREALM -> user@SREALM')
210	210	r1.run(['./t_s4u', 'e:enterprise@abc@NOREALM', '-', r1.keytab],
211	211	expected_trace=msgs)
212	212
	213	mark('S4U2Self using X509 certificate')
	214
	215	# Encode name as a PEM certificate file (sort of) for use by kvno.
	216	def princ_cert(name):
	217	enc = b64encode(name.encode('ascii')).decode('ascii')
	218	return '-----BEGIN CERTIFICATE-----\n%s\n-----END y\n' % enc
	219
	220	cert_path = os.path.join(r1.testdir, 'fake_cert')
	221	with open(cert_path, "w") as cert_file:
	222	cert_file.write(princ_cert('other'))
	223
	224	shutil.copyfile(savefile, r1.ccache)
	225	msgs = ('Getting initial credentials for @SREALM',
	226	'Identified realm of client principal as SREALM',
	227	'TGS reply is for other@SREALM',
	228	'Getting credentials other@SREALM',
	229	'Storing other@SREALM')
	230	r1.run([kvno, '-F', cert_path, r1.user_princ], expected_trace=msgs)
	231
	232	shutil.copyfile(savefile, r1.ccache)
	233	msgs = ('Getting credentials other@SREALM',
	234	'TGS reply is for other@SREALM',
	235	'Storing other@SREALM')
	236	r1.run([kvno, '-I', 'other', '-F', cert_path, r1.user_princ],
	237	expected_trace=msgs)
	238
	239	shutil.copyfile(savefile, r1.ccache)
	240	msgs = ('Getting initial credentials for other@SREALM',
	241	'Identified realm of client principal as SREALM',
	242	'Getting credentials other@SREALM',
	243	'TGS reply is for other@SREALM',
	244	'Storing other@SREALM')
	245	r1.run([kvno, '-U', 'other', '-F', cert_path, r1.user_princ],
	246	expected_trace=msgs)
	247
	248	mark('cross-realm S4U2Self using X509 certificate')
	249
	250	with open(cert_path, "w") as cert_file:
	251	cert_file.write(princ_cert('user@UREALM'))
	252
	253	shutil.copyfile(savefile, r1.ccache)
	254	msgs = ('Getting initial credentials for @SREALM',
	255	'Identified realm of client principal as UREALM',
	256	'TGS reply is for user@UREALM',
	257	'Getting credentials user@UREALM',
	258	'Storing user@UREALM')
	259	r1.run([kvno, '-F', cert_path, r1.user_princ], expected_trace=msgs)
	260
	261	shutil.copyfile(savefile, r1.ccache)
	262	msgs = ('Getting credentials user@UREALM',
	263	'TGS reply is for user@UREALM',
	264	'Storing user@UREALM')
	265	r1.run([kvno, '-I', 'user@UREALM', '-F', cert_path, r1.user_princ],
	266	expected_trace=msgs)
	267
	268	shutil.copyfile(savefile, r1.ccache)
	269	msgs = ('Getting initial credentials for enterprise\\@abc@SREALM',
	270	'Identified realm of client principal as UREALM',
	271	'Getting credentials enterprise\\@abc@UREALM',
	272	'TGS reply is for enterprise\\@abc@UREALM',
	273	'Storing enterprise\\@abc@UREALM')
	274	r1.run([kvno, '-U', 'enterprise@abc', '-F', cert_path, r1.user_princ],
	275	expected_trace=msgs)
	276
213	277	r1.stop()
214	278	r2.stop()
215	279
	280	mark('Resource-based constrained delegation')
	281
	282	a_princs = {'krbtgt/A': {'keys': 'aes128-cts'},
	283	'krbtgt/B': {'keys': 'aes128-cts'},
	284	'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
	285	'sensitive': {'keys': 'aes128-cts',
	286	'flags': '+disallow_forwardable'},
	287	'impersonator': {'keys': 'aes128-cts'},
	288	'service1': {'keys': 'aes128-cts',
	289	'flags': '+ok_to_auth_as_delegate'},
	290	'rb2': {'keys': 'aes128-cts'},
	291	'rb': {'keys': 'aes128-cts'}}
	292	a_kconf = {'realms': {'$realm': {'database_module': 'test'}},
	293	'dbmodules': {'test': {'db_library': 'test',
	294	'princs': a_princs,
	295	'rbcd': {'rb@A': 'impersonator@A',
	296	'rb2@A': 'service1@A'},
	297	'delegation': {'service1': 'rb2'},
	298	'alias': {'rb@A': 'rb',
	299	'rb@B': '@B',
	300	'rb@C': '@B',
	301	'rb2_alias': 'rb2',
	302	'service/rb.a': 'rb',
	303	'service/rb.b': '@B',
	304	'service/rb.c': '@B' }}}}
	305
	306	b_princs = {'krbtgt/B': {'keys': 'aes128-cts'},
	307	'krbtgt/A': {'keys': 'aes128-cts'},
	308	'krbtgt/C': {'keys': 'aes128-cts'},
	309	'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
	310	'rb': {'keys': 'aes128-cts'}}
	311	b_kconf = {'realms': {'$realm': {'database_module': 'test'}},
	312	'dbmodules': {'test': {'db_library': 'test',
	313	'princs': b_princs,
	314	'rbcd': {'rb@B': 'impersonator@A'},
	315	'alias': {'rb@B': 'rb',
	316	'service/rb.b': 'rb',
	317	'rb@C': '@C',
	318	'impersonator@A': '@A',
	319	'service/rb.c': '@C'}}}}
	320
	321	c_princs = {'krbtgt/C': {'keys': 'aes128-cts'},
	322	'krbtgt/B': {'keys': 'aes128-cts'},
	323	'rb': {'keys': 'aes128-cts'}}
	324	c_kconf = {'realms': {'$realm': {'database_module': 'test'}},
	325	'capaths': { 'A' : { 'C' : 'B' }},
	326	'dbmodules': {'test': {'db_library': 'test',
	327	'princs': c_princs,
	328	'rbcd': {'rb@C': 'impersonator@A'},
	329	'alias': {'rb@C': 'rb',
	330	'service/rb.c': 'rb' }}}}
	331
	332	ra, rb, rc = cross_realms(3, xtgts=(),
	333	args=({'realm': 'A', 'kdc_conf': a_kconf},
	334	{'realm': 'B', 'kdc_conf': b_kconf},
	335	{'realm': 'C', 'kdc_conf': c_kconf}),
	336	create_kdb=False)
	337
	338	ra.start_kdc()
	339	rb.start_kdc()
	340	rc.start_kdc()
	341
	342	domain_realm = {'domain_realm': {'.a':'A', '.b':'B', '.c':'C'}}
	343	domain_conf = ra.special_env('domain_conf', False, krb5_conf=domain_realm)
	344
	345	ra.extract_keytab('impersonator@A', ra.keytab)
	346	ra.kinit('impersonator@A', None, ['-F', '-k', '-t', ra.keytab])
	347
	348	mark('Local-realm RBCD')
	349	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb'])
	350	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb'])
	351	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb@A'])
	352	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A'])
	353	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A@'])
	354	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A@A'])
	355	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.a'])
	356	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.a'], env=domain_conf)
	357	ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.a'], expected_code=1)
	358	ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.a'])
	359
	360	mark('Cross-realm RBCD')
	361	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B'])
	362	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B@'])
	363	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B@A'])
	364	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.b'])
	365	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.b'], env=domain_conf)
	366	ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.b'], expected_code=1)
	367	ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.b'])
	368
	369	mark('RBCD transitive trust')
	370	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C'])
	371	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C@'])
	372	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C@A'])
	373	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.c'])
	374	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.c'], env=domain_conf)
	375	ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.c'], expected_code=1)
	376	ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.c'])
	377
	378	mark('With both delegation types, 2nd ticket must be forwardable')
	379	ra.extract_keytab('service1@A', ra.keytab)
	380	ra.kinit('service1@A', None, ['-F', '-k', '-t', ra.keytab])
	381	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb2'], expected_code=1)
	382	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb2_alias'])
	383	ra.kinit('service1@A', None, ['-f', '-k', '-t', ra.keytab])
	384	ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb2'])
	385
	386	ra.stop()
	387	rb.stop()
	388	rc.stop()
	389
216	390	success('S4U test cases')

+1

-3

src/tests/hammer/kdc5_hammer.c less more

438	438	krb5_principal *p_client;
439	439	krb5_ccache ccache;
440	440	{
441		char cache_name = NULL; / -f option */
442	441	long lifetime = KRB5_DEFAULT_LIFE; /* -l option */
443	442	krb5_error_code code;
444	443	krb5_creds my_creds;

463	462
464	463	code = krb5_cc_initialize (context, ccache, *p_client);
465	464	if (code != 0) {
466		com_err (prog, code, "when initializing cache %s",
467		cache_name?cache_name:"");
	465	com_err (prog, code, "when initializing cache");
468	466	return(-1);
469	467	}
470	468

+246

-0

src/tests/kcmserver.py less more

	0	# This is a simple KCM test server, used to exercise the KCM ccache
	1	# client code. It will generally throw an uncaught exception if the
	2	# client sends anything unexpected, so is unsuitable for production.
	3	# (It also imposes no namespace or access constraints, and blocks
	4	# while reading requests and writing responses.)
	5
	6	# This code knows nothing about how to marshal and unmarshal principal
	7	# names and credentials as is required in the KCM protocol; instead,
	8	# it just remembers the marshalled forms and replays them to the
	9	# client when asked. This works because marshalled creds and
	10	# principal names are always the last part of marshalled request
	11	# arguments, and because we don't need to implement remove_cred (which
	12	# would need to know how to match a cred tag against previously stored
	13	# credentials).
	14
	15	# The following code is useful for debugging if anything appears to be
	16	# going wrong in the server, since daemon output is generally not
	17	# visible in Python test scripts.
	18	#
	19	# import sys, traceback
	20	# def ehook(etype, value, tb):
	21	# with open('/tmp/exception', 'w') as f:
	22	# traceback.print_exception(etype, value, tb, file=f)
	23	# sys.excepthook = ehook
	24
	25	import select
	26	import socket
	27	import struct
	28	import sys
	29
	30	caches = {}
	31	cache_uuidmap = {}
	32	defname = b'default'
	33	next_unique = 1
	34	next_uuid = 1
	35
	36	class KCMOpcodes(object):
	37	GEN_NEW = 3
	38	INITIALIZE = 4
	39	DESTROY = 5
	40	STORE = 6
	41	GET_PRINCIPAL = 8
	42	GET_CRED_UUID_LIST = 9
	43	GET_CRED_BY_UUID = 10
	44	REMOVE_CRED = 11
	45	GET_CACHE_UUID_LIST = 18
	46	GET_CACHE_BY_UUID = 19
	47	GET_DEFAULT_CACHE = 20
	48	SET_DEFAULT_CACHE = 21
	49	GET_KDC_OFFSET = 22
	50	SET_KDC_OFFSET = 23
	51
	52
	53	class KRB5Errors(object):
	54	KRB5_CC_END = -1765328242
	55	KRB5_CC_NOSUPP = -1765328137
	56	KRB5_FCC_NOFILE = -1765328189
	57
	58
	59	def make_uuid():
	60	global next_uuid
	61	uuid = bytes(12) + struct.pack('>L', next_uuid)
	62	next_uuid = next_uuid + 1
	63	return uuid
	64
	65
	66	class Cache(object):
	67	def __init__(self, name):
	68	self.name = name
	69	self.princ = None
	70	self.uuid = make_uuid()
	71	self.cred_uuids = []
	72	self.creds = {}
	73	self.time_offset = 0
	74
	75
	76	def get_cache(name):
	77	if name in caches:
	78	return caches[name]
	79	cache = Cache(name)
	80	caches[name] = cache
	81	cache_uuidmap[cache.uuid] = cache
	82	return cache
	83
	84
	85	def unmarshal_name(argbytes):
	86	offset = argbytes.find(b'\0')
	87	return argbytes[0:offset], argbytes[offset+1:]
	88
	89
	90	def op_gen_new(argbytes):
	91	# Does not actually check for uniqueness.
	92	global next_unique
	93	name = b'unique' + str(next_unique).encode('ascii')
	94	next_unique += 1
	95	return 0, name + b'\0'
	96
	97
	98	def op_initialize(argbytes):
	99	name, princ = unmarshal_name(argbytes)
	100	cache = get_cache(name)
	101	cache.princ = princ
	102	cache.cred_uuids = []
	103	cache.creds = {}
	104	cache.time_offset = 0
	105	return 0, b''
	106
	107
	108	def op_destroy(argbytes):
	109	name, rest = unmarshal_name(argbytes)
	110	cache = get_cache(name)
	111	del cache_uuidmap[cache.uuid]
	112	del caches[name]
	113	return 0, b''
	114
	115
	116	def op_store(argbytes):
	117	name, cred = unmarshal_name(argbytes)
	118	cache = get_cache(name)
	119	uuid = make_uuid()
	120	cache.creds[uuid] = cred
	121	cache.cred_uuids.append(uuid)
	122	return 0, b''
	123
	124
	125	def op_get_principal(argbytes):
	126	name, rest = unmarshal_name(argbytes)
	127	cache = get_cache(name)
	128	if cache.princ is None:
	129	return KRB5Errors.KRB5_FCC_NOFILE, b''
	130	return 0, cache.princ + b'\0'
	131
	132
	133	def op_get_cred_uuid_list(argbytes):
	134	name, rest = unmarshal_name(argbytes)
	135	cache = get_cache(name)
	136	return 0, b''.join(cache.cred_uuids)
	137
	138
	139	def op_get_cred_by_uuid(argbytes):
	140	name, uuid = unmarshal_name(argbytes)
	141	cache = get_cache(name)
	142	if uuid not in cache.creds:
	143	return KRB5Errors.KRB5_CC_END, b''
	144	return 0, cache.creds[uuid]
	145
	146
	147	def op_remove_cred(argbytes):
	148	return KRB5Errors.KRB5_CC_NOSUPP, b''
	149
	150
	151	def op_get_cache_uuid_list(argbytes):
	152	return 0, b''.join(cache_uuidmap.keys())
	153
	154
	155	def op_get_cache_by_uuid(argbytes):
	156	uuid = argbytes
	157	if uuid not in cache_uuidmap:
	158	return KRB5Errors.KRB5_CC_END, b''
	159	return 0, cache_uuidmap[uuid].name + b'\0'
	160
	161
	162	def op_get_default_cache(argbytes):
	163	return 0, defname + b'\0'
	164
	165
	166	def op_set_default_cache(argbytes):
	167	global defname
	168	defname, rest = unmarshal_name(argbytes)
	169	return 0, b''
	170
	171
	172	def op_get_kdc_offset(argbytes):
	173	name, rest = unmarshal_name(argbytes)
	174	cache = get_cache(name)
	175	return 0, struct.pack('>l', cache.time_offset)
	176
	177
	178	def op_set_kdc_offset(argbytes):
	179	name, obytes = unmarshal_name(argbytes)
	180	cache = get_cache(name)
	181	cache.time_offset, = struct.unpack('>l', obytes)
	182	return 0, b''
	183
	184
	185	ophandlers = {
	186	KCMOpcodes.GEN_NEW : op_gen_new,
	187	KCMOpcodes.INITIALIZE : op_initialize,
	188	KCMOpcodes.DESTROY : op_destroy,
	189	KCMOpcodes.STORE : op_store,
	190	KCMOpcodes.GET_PRINCIPAL : op_get_principal,
	191	KCMOpcodes.GET_CRED_UUID_LIST : op_get_cred_uuid_list,
	192	KCMOpcodes.GET_CRED_BY_UUID : op_get_cred_by_uuid,
	193	KCMOpcodes.REMOVE_CRED : op_remove_cred,
	194	KCMOpcodes.GET_CACHE_UUID_LIST : op_get_cache_uuid_list,
	195	KCMOpcodes.GET_CACHE_BY_UUID : op_get_cache_by_uuid,
	196	KCMOpcodes.GET_DEFAULT_CACHE : op_get_default_cache,
	197	KCMOpcodes.SET_DEFAULT_CACHE : op_set_default_cache,
	198	KCMOpcodes.GET_KDC_OFFSET : op_get_kdc_offset,
	199	KCMOpcodes.SET_KDC_OFFSET : op_set_kdc_offset
	200	}
	201
	202	# Read and respond to a request from the socket s.
	203	def service_request(s):
	204	lenbytes = b''
	205	while len(lenbytes) < 4:
	206	lenbytes += s.recv(4 - len(lenbytes))
	207	if lenbytes == b'':
	208	return False
	209
	210	reqlen, = struct.unpack('>L', lenbytes)
	211	req = b''
	212	while len(req) < reqlen:
	213	req += s.recv(reqlen - len(req))
	214
	215	majver, minver, op = struct.unpack('>BBH', req[:4])
	216	argbytes = req[4:]
	217	code, payload = ophandlers[op](argbytes)
	218
	219	# The KCM response is the code (4 bytes) and the response payload.
	220	# The Heimdal IPC response is the length of the KCM response (4
	221	# bytes), a status code which is essentially always 0 (4 bytes),
	222	# and the KCM response.
	223	kcm_response = struct.pack('>l', code) + payload
	224	hipc_response = struct.pack('>LL', len(kcm_response), 0) + kcm_response
	225	s.sendall(hipc_response)
	226	return True
	227
	228
	229	server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
	230	server.bind(sys.argv[1])
	231	server.listen(5)
	232	select_input = [server,]
	233	sys.stderr.write('starting...\n')
	234	sys.stderr.flush()
	235
	236	while True:
	237	iready, oready, xready = select.select(select_input, [], [])
	238	for s in iready:
	239	if s == server:
	240	client, addr = server.accept()
	241	select_input.append(client)
	242	else:
	243	if not service_request(s):
	244	select_input.remove(s)
	245	s.close()

+172

-0

src/tests/replay.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* tests/replay.c - test replay cache using libkrb5 functions */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	#include "k5-int.h"
	33
	34	int
	35	main(int argc, char **argv)
	36	{
	37	krb5_error_code ret;
	38	krb5_context ctx;
	39	krb5_auth_context c_authcon, s_authcon, s_authcon2;
	40	krb5_rcache rc;
	41	krb5_ccache cc;
	42	krb5_principal client, server;
	43	krb5_creds mcred, cred, *tmpcreds;
	44	krb5_data der_apreq, der_krbsafe, der_krbpriv, *der_krbcred, tmpdata;
	45	krb5_address addr;
	46	struct in_addr inaddr;
	47	const char *server_name;
	48
	49	assert(argc == 2);
	50	server_name = argv[1];
	51
	52	/* Create client and server auth contexts. (They will use a replay cache
	53	* by default.) */
	54	ret = krb5_init_context(&ctx);
	55	assert(ret == 0);
	56	ret = krb5_auth_con_init(ctx, &c_authcon);
	57	assert(ret == 0);
	58	ret = krb5_auth_con_init(ctx, &s_authcon);
	59	assert(ret == 0);
	60
	61	/* Set dummy addresses for the auth contexts. */
	62	memset(&inaddr, 0, sizeof(inaddr));
	63	addr.addrtype = ADDRTYPE_INET;
	64	addr.length = sizeof(inaddr);
	65	addr.contents = (uint8_t *)&inaddr;
	66	ret = krb5_auth_con_setaddrs(ctx, c_authcon, &addr, &addr);
	67	assert(ret == 0);
	68	ret = krb5_auth_con_setaddrs(ctx, s_authcon, &addr, &addr);
	69	assert(ret == 0);
	70
	71	/* Set up replay caches for the auth contexts. */
	72	tmpdata = string2data("testclient");
	73	ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
	74	assert(ret == 0);
	75	ret = krb5_auth_con_setrcache(ctx, c_authcon, rc);
	76	assert(ret == 0);
	77	tmpdata = string2data("testserver");
	78	ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
	79	assert(ret == 0);
	80	ret = krb5_auth_con_setrcache(ctx, s_authcon, rc);
	81	assert(ret == 0);
	82
	83	/* Construct the client and server principal names. */
	84	ret = krb5_cc_default(ctx, &cc);
	85	assert(ret == 0);
	86	ret = krb5_cc_get_principal(ctx, cc, &client);
	87	assert(ret == 0);
	88	ret = krb5_parse_name(ctx, server_name, &server);
	89	assert(ret == 0);
	90
	91	/* Get credentials for the client. */
	92	memset(&mcred, 0, sizeof(mcred));
	93	mcred.client = client;
	94	mcred.server = server;
	95	ret = krb5_get_credentials(ctx, 0, cc, &mcred, &cred);
	96	assert(ret == 0);
	97
	98	/* Send an AP-REP to establish the sessions. */
	99	ret = krb5_mk_req_extended(ctx, &c_authcon, 0, NULL, cred, &der_apreq);
	100	assert(ret == 0);
	101	ret = krb5_rd_req(ctx, &s_authcon, &der_apreq, NULL, NULL, NULL, NULL);
	102	assert(ret == 0);
	103
	104	/* Set up another server auth context with the same rcache name and replay
	105	* the AP-REQ. */
	106	ret = krb5_auth_con_init(ctx, &s_authcon2);
	107	assert(ret == 0);
	108	tmpdata = string2data("testserver");
	109	ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
	110	assert(ret == 0);
	111	ret = krb5_auth_con_setrcache(ctx, s_authcon2, rc);
	112	assert(ret == 0);
	113	ret = krb5_rd_req(ctx, &s_authcon2, &der_apreq, NULL, NULL, NULL, NULL);
	114	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	115	krb5_auth_con_free(ctx, s_authcon2);
	116
	117	/* Make a KRB-SAFE message with the client auth context. */
	118	tmpdata = string2data("safemsg");
	119	ret = krb5_mk_safe(ctx, c_authcon, &tmpdata, &der_krbsafe, NULL);
	120	assert(ret == 0);
	121	/* Play it back to the client to detect a reflection. */
	122	ret = krb5_rd_safe(ctx, c_authcon, &der_krbsafe, &tmpdata, NULL);
	123	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	124	/* Send it to the server auth context twice, to detect a replay. */
	125	ret = krb5_rd_safe(ctx, s_authcon, &der_krbsafe, &tmpdata, NULL);
	126	assert(ret == 0);
	127	krb5_free_data_contents(ctx, &tmpdata);
	128	ret = krb5_rd_safe(ctx, s_authcon, &der_krbsafe, &tmpdata, NULL);
	129	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	130
	131	/* Make a KRB-PRIV message with the client auth context. */
	132	tmpdata = string2data("safemsg");
	133	ret = krb5_mk_priv(ctx, c_authcon, &tmpdata, &der_krbpriv, NULL);
	134	assert(ret == 0);
	135	/* Play it back to the client to detect a reflection. */
	136	ret = krb5_rd_priv(ctx, c_authcon, &der_krbpriv, &tmpdata, NULL);
	137	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	138	/* Send it to the server auth context twice, to detect a replay. */
	139	ret = krb5_rd_priv(ctx, s_authcon, &der_krbpriv, &tmpdata, NULL);
	140	assert(ret == 0);
	141	krb5_free_data_contents(ctx, &tmpdata);
	142	ret = krb5_rd_priv(ctx, s_authcon, &der_krbpriv, &tmpdata, NULL);
	143	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	144
	145	/* Make a KRB-CRED message with the client auth context. */
	146	tmpdata = string2data("safemsg");
	147	ret = krb5_mk_1cred(ctx, c_authcon, cred, &der_krbcred, NULL);
	148	assert(ret == 0);
	149	/* Play it back to the client to detect a reflection. */
	150	ret = krb5_rd_cred(ctx, c_authcon, der_krbcred, &tmpcreds, NULL);
	151	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	152	/* Send it to the server auth context twice, to detect a replay. */
	153	ret = krb5_rd_cred(ctx, s_authcon, der_krbcred, &tmpcreds, NULL);
	154	assert(ret == 0);
	155	krb5_free_tgt_creds(ctx, tmpcreds);
	156	ret = krb5_rd_cred(ctx, s_authcon, der_krbcred, &tmpcreds, NULL);
	157	assert(ret == KRB5KRB_AP_ERR_REPEAT);
	158
	159	krb5_free_data_contents(ctx, &der_apreq);
	160	krb5_free_data_contents(ctx, &der_krbsafe);
	161	krb5_free_data_contents(ctx, &der_krbpriv);
	162	krb5_free_data(ctx, der_krbcred);
	163	krb5_free_creds(ctx, cred);
	164	krb5_cc_close(ctx, cc);
	165	krb5_free_principal(ctx, client);
	166	krb5_free_principal(ctx, server);
	167	krb5_auth_con_free(ctx, c_authcon);
	168	krb5_auth_con_free(ctx, s_authcon);
	169	krb5_free_context(ctx);
	170	return 0;
	171	}

+1

-1

src/tests/resolve/Makefile.in less more

7	7	all: resolve addrinfo-test fake-addrinfo-test
8	8
9	9	resolve: resolve.o
10		$(CC_LINK) -o $@ resolve.o $(LIBS)
	10	$(CC_LINK) -o $@ resolve.o $(SUPPORT_LIB) $(LIBS)
11	11
12	12	addrinfo-test: addrinfo-test.o
13	13	$(CC_LINK) -o $@ addrinfo-test.o $(SUPPORT_LIB) $(LIBS)

+1

-0

src/tests/resolve/deps less more

1	1	# Generated makefile dependencies follow.
2	2	#
3	3	$(OUTPRE)resolve.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	4	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
4	5	resolve.c
5	6	$(OUTPRE)addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
6	7	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \

+26

-72

src/tests/resolve/resolve.c less more

41	41
42	42	/* This program tests the resolve library and sees if it is broken... */
43	43
44		#include "autoconf.h"
45		#include <stdio.h>
46
47		#if STDC_HEADERS
48		#include <string.h>
49		#else
50		#ifndef HAVE_STRCHR
51		#define strchr index
52		#endif
53		char *strchr();
54		#endif
55
	44	#include "k5-platform.h"
	45	#include <sys/types.h>
	46	#include <sys/socket.h>
	47	#include <arpa/inet.h>
	48	#include <netdb.h>
56	49	#ifdef HAVE_SYS_PARAM_H
57	50	#include <sys/param.h>
58	51	#endif
59	52
60		#ifdef HAVE_SYS_SOCKET_H
61		#include <sys/socket.h>
62		#endif
63
64		#ifdef HAVE_STDLIB_H
65		#include <stdlib.h>
66		#endif
67
68		#ifdef HAVE_UNISTD_H
69		#include <unistd.h>
70		#endif
71
72		#include <netinet/in.h>
73		#include <netdb.h>
74
75	53	int
76		main(argc, argv)
77		int argc;
78		char **argv;
	54	main(int argc, char **argv)
79	55	{
80		char myname[MAXHOSTNAMELEN+1];
81		char ptr, fqdn;
82		struct in_addr addrcopy;
83		struct hostent *host;
84		int quiet = 0;
	56	struct addrinfo *ai = NULL, hint;
	57	char myname[MAXHOSTNAMELEN + 1], namebuf[NI_MAXHOST], abuf[256];
	58	const char *addrstr;
	59	int err, quiet = 0;
85	60
86	61	argc--; argv++;
87	62	while (argc) {

94	69	}
95	70
96	71	if (argc >= 1) {
97		strncpy(myname, *argv, MAXHOSTNAMELEN);
	72	strlcpy(myname, *argv, sizeof(myname));
98	73	} else {
99	74	if(gethostname(myname, MAXHOSTNAMELEN)) {
100	75	perror("gethostname failure");

108	83	if (!quiet)
109	84	printf("Hostname: %s\n", myname);
110	85
111
112		/* Set the hosts db to close each time - effectively rewinding file */
113		sethostent(0);
114
115		if((host = gethostbyname (myname)) == NULL) {
	86	memset(&hint, 0, sizeof(hint));
	87	hint.ai_flags = AI_CANONNAME;
	88	err = getaddrinfo(myname, 0, &hint, &ai);
	89	if (err) {
116	90	fprintf(stderr,
117	91	"Could not look up address for hostname '%s' - fatal\n",
118	92	myname);
119	93	exit(2);
120	94	}
121	95
122		fqdn = strdup(host->h_name);
123		if (fqdn == NULL) {
124		perror("strdup");
125		exit(2);
	96	if (!quiet) {
	97	addrstr = inet_ntop(ai->ai_family, ai->ai_addr, abuf, sizeof(abuf));
	98	if (addrstr != NULL)
	99	printf("Host address: %s\n", addrstr);
126	100	}
127	101
128		ptr = host->h_addr_list[0];
129		#define UC(a) (((int)a)&0xff)
130		if (!quiet)
131		printf("Host address: %d.%d.%d.%d\n",
132		UC(ptr[0]), UC(ptr[1]), UC(ptr[2]), UC(ptr[3]));
	102	err = getnameinfo(ai->ai_addr, ai->ai_addrlen, namebuf, sizeof(namebuf),
	103	NULL, 0, NI_NAMEREQD);
	104	if (err && !quiet)
	105	fprintf(stderr, "Error looking up IP address\n");
133	106
134		memcpy(&addrcopy.s_addr, ptr, 4);
135
136		/* Convert back to full name */
137		if ((host = gethostbyaddr(&addrcopy.s_addr, 4, AF_INET)) == NULL) {
138		if (!quiet)
139		fprintf(stderr, "Error looking up IP address\n");
140		} else {
141		free(fqdn);
142		fqdn = strdup(host->h_name);
143		if (fqdn == NULL) {
144		perror("strdup");
145		exit (2);
146		}
147		}
148
149		if (quiet)
150		printf("%s\n", fqdn);
151		else
152		printf("FQDN: %s\n", fqdn);
	107	printf("%s%s\n", quiet ? "" : "FQDN: ", err ? ai->ai_canonname : namebuf);
153	108
154	109	if (!quiet)
155	110	printf("Resolve library appears to have passed the test\n");
156	111
157		/* All ok */
158		exit(0);
159
	112	freeaddrinfo(ai);
	113	return 0;
160	114	}

+35

-2

src/tests/s4u2proxy.c less more

30	30	*/
31	31
32	32	/*
33		* Usage: s4u2proxy evccname targetname
	33	* Usage: s4u2proxy evccname targetname [ad-type ad-contents]
34	34	*
35	35	* evccname contains an evidence ticket. The default ccache contains a TGT for
36	36	* the intermediate service. The default keytab contains a key for the

56	56	}
57	57	}
58	58
	59	static krb5_authdata **
	60	make_request_authdata(int type, const char *contents)
	61	{
	62	krb5_authdata *ad;
	63	krb5_authdata **req_authdata;
	64
	65	ad = malloc(sizeof(*ad));
	66	assert(ad != NULL);
	67	ad->magic = KV5M_AUTHDATA;
	68	ad->ad_type = type;
	69	ad->length = strlen(contents);
	70	ad->contents = (unsigned char *)strdup(contents);
	71	assert(ad->contents != NULL);
	72
	73	req_authdata = malloc(2 * sizeof(*req_authdata));
	74	assert(req_authdata != NULL);
	75	req_authdata[0] = ad;
	76	req_authdata[1] = NULL;
	77
	78	return req_authdata;
	79	}
	80
59	81	int
60	82	main(int argc, char **argv)
61	83	{

65	87	krb5_keytab defkt;
66	88	krb5_creds mcred, ev_cred, *new_cred;
67	89	krb5_ticket *ev_ticket;
	90	krb5_authdata **req_authdata = NULL;
	91
	92	if (argc == 5) {
	93	req_authdata = make_request_authdata(atoi(argv[3]), argv[4]);
	94	argc -= 2;
	95	}
68	96
69	97	assert(argc == 3);
70	98	check(krb5_init_context(&context));

90	118	/* Make an S4U2Proxy request for the target service. */
91	119	mcred.client = client_name;
92	120	mcred.server = target_name;
93		check(krb5_get_credentials_for_proxy(context, KRB5_GC_NO_STORE, defcc,
	121	mcred.authdata = req_authdata;
	122	check(krb5_get_credentials_for_proxy(context, KRB5_GC_NO_STORE \|
	123	KRB5_GC_CANONICALIZE, defcc,
94	124	&mcred, ev_ticket, &new_cred));
95	125
96	126	/* Store the new cred in the default ccache. */
97	127	check(krb5_cc_store_cred(context, defcc, new_cred));
	128
	129	assert(req_authdata == NULL \|\| new_cred->authdata != NULL);
98	130
99	131	krb5_cc_close(context, defcc);
100	132	krb5_cc_close(context, evcc);

105	137	krb5_free_cred_contents(context, &ev_cred);
106	138	krb5_free_ticket(context, ev_ticket);
107	139	krb5_free_creds(context, new_cred);
	140	krb5_free_authdata(context, req_authdata);
108	141	krb5_free_context(context);
109	142	return 0;
110	143	}

+128

-0

src/tests/s4u2self.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	3	* All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	*
	12	* * Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	18	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	19	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	20	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	21	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	22	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	23	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	24	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	26	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	28	* OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	/*
	32	* Usage: s4u2self user self out_cache [ad-type ad-contents]
	33	*
	34	* The default ccache contains a TGT for the intermediate service self. An
	35	* S4U2Self request is made to self. The resulting cred is stored in
	36	* out_cache.
	37	*/
	38
	39	#include <k5-int.h>
	40
	41	static krb5_context ctx;
	42
	43	static void
	44	check(krb5_error_code code)
	45	{
	46	const char *errmsg;
	47
	48	if (code) {
	49	errmsg = krb5_get_error_message(ctx, code);
	50	fprintf(stderr, "%s\n", errmsg);
	51	krb5_free_error_message(ctx, errmsg);
	52	exit(1);
	53	}
	54	}
	55
	56	static krb5_authdata **
	57	make_request_authdata(int type, const char *contents)
	58	{
	59	krb5_authdata *ad;
	60	krb5_authdata **req_authdata;
	61
	62	ad = malloc(sizeof(*ad));
	63	assert(ad != NULL);
	64	ad->magic = KV5M_AUTHDATA;
	65	ad->ad_type = type;
	66	ad->length = strlen(contents);
	67	ad->contents = (unsigned char *)strdup(contents);
	68	assert(ad->contents != NULL);
	69
	70	req_authdata = malloc(2 * sizeof(*req_authdata));
	71	assert(req_authdata != NULL);
	72	req_authdata[0] = ad;
	73	req_authdata[1] = NULL;
	74
	75	return req_authdata;
	76	}
	77
	78	int
	79	main(int argc, char **argv)
	80	{
	81	krb5_context context;
	82	krb5_ccache defcc, ocache;
	83	krb5_principal client, self;
	84	krb5_creds mcred, *new_cred;
	85	krb5_authdata **req_authdata = NULL;
	86
	87	if (argc == 6) {
	88	req_authdata = make_request_authdata(atoi(argv[4]), argv[5]);
	89	argc -= 2;
	90	}
	91
	92	assert(argc == 4);
	93	check(krb5_init_context(&context));
	94
	95	/* Open the default ccache. */
	96	check(krb5_cc_default(context, &defcc));
	97
	98	check(krb5_parse_name(context, argv[1], &client));
	99	check(krb5_parse_name(context, argv[2], &self));
	100
	101	memset(&mcred, 0, sizeof(mcred));
	102	mcred.client = client;
	103	mcred.server = self;
	104	mcred.authdata = req_authdata;
	105	check(krb5_get_credentials_for_user(context, KRB5_GC_NO_STORE \|
	106	KRB5_GC_CANONICALIZE, defcc,
	107	&mcred, NULL, &new_cred));
	108
	109	if (strcmp(argv[3], "-") == 0) {
	110	check(krb5_cc_store_cred(context, defcc, new_cred));
	111	} else {
	112	check(krb5_cc_resolve(context, argv[3], &ocache));
	113	check(krb5_cc_initialize(context, ocache, new_cred->client));
	114	check(krb5_cc_store_cred(context, ocache, new_cred));
	115	krb5_cc_close(context, ocache);
	116	}
	117
	118	assert(req_authdata == NULL \|\| new_cred->authdata != NULL);
	119
	120	krb5_cc_close(context, defcc);
	121	krb5_free_principal(context, client);
	122	krb5_free_principal(context, self);
	123	krb5_free_creds(context, new_cred);
	124	krb5_free_authdata(context, req_authdata);
	125	krb5_free_context(context);
	126	return 0;
	127	}

+21

-0

src/tests/softpkcs11/Makefile.in less more

	0	mydir=tests$(S)softpkcs11
	1	BUILDTOP=$(REL)..$(S)..
	2
	3	LOCALINCLUDES = -I$(top_srcdir)/plugins/preauth/pkinit
	4
	5	LIBBASE=softpkcs11
	6	LIBMAJOR=0
	7	LIBMINOR=0
	8
	9	SHLIB_EXPLIBS=$(SUPPORT_LIB) -lcrypto
	10	SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
	11
	12	STLIBOBJS=main.o
	13
	14	SRCS=$(srcdir)/main.c
	15
	16	all-unix: all-libs
	17	clean-unix:: clean-libs clean-libobjs
	18
	19	@libnover_frag@
	20	@libobj_frag@

+6

-0

src/tests/softpkcs11/deps less more

	0	#
	1	# Generated makefile dependencies follow.
	2	#
	3	main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
	4	$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
	5	$(top_srcdir)/plugins/preauth/pkinit/pkcs11.h main.c

+2146

-0

src/tests/softpkcs11/main.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/*
	2	* Copyright (c) 2004-2006, Stockholms universitet
	3	* (Stockholm University, Stockholm Sweden)
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* 2. Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in the
	15	* documentation and/or other materials provided with the distribution.
	16	*
	17	* 3. Neither the name of the university nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	22	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
	25	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	26	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	27	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	28	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	29	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	30	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	31	* POSSIBILITY OF SUCH DAMAGE.
	32	*/
	33
	34	#include "k5-platform.h"
	35
	36	#include <openssl/err.h>
	37	#include <openssl/evp.h>
	38	#include <openssl/pem.h>
	39	#include <openssl/rand.h>
	40	#include <openssl/x509.h>
	41
	42	#include <ctype.h>
	43	#include <pwd.h>
	44
	45	#include <pkcs11.h>
	46
	47	#if OPENSSL_VERSION_NUMBER < 0x10100000L
	48	#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
	49	#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
	50	#define RSA_get0_key compat_rsa_get0_key
	51	static void
	52	compat_rsa_get0_key(const RSA rsa, const BIGNUM n, const BIGNUM *e,
	53	const BIGNUM **d)
	54	{
	55	if (n != NULL)
	56	*n = rsa->n;
	57	if (e != NULL)
	58	*e = rsa->e;
	59	if (d != NULL)
	60	*d = rsa->d;
	61	}
	62	#endif
	63
	64	#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
	65	{ \
	66	unsigned char *p; \
	67	(BL) = i2d_##T((S), NULL); \
	68	if ((BL) <= 0) { \
	69	(R) = EINVAL; \
	70	} else { \
	71	(B) = malloc((BL)); \
	72	if ((B) == NULL) { \
	73	(R) = ENOMEM; \
	74	} else { \
	75	p = (B); \
	76	(R) = 0; \
	77	(BL) = i2d_##T((S), &p); \
	78	if ((BL) <= 0) { \
	79	free((B)); \
	80	(B) = NULL; \
	81	(R) = EINVAL; \
	82	} \
	83	} \
	84	} \
	85	}
	86
	87	/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */
	88
	89	#define OBJECT_ID_MASK 0xfff
	90	#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK)
	91	#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle)
	92
	93	struct st_attr {
	94	CK_ATTRIBUTE attribute;
	95	int secret;
	96	};
	97
	98	struct st_object {
	99	CK_OBJECT_HANDLE object_handle;
	100	struct st_attr *attrs;
	101	int num_attributes;
	102	enum {
	103	STO_T_CERTIFICATE,
	104	STO_T_PRIVATE_KEY,
	105	STO_T_PUBLIC_KEY
	106	} type;
	107	union {
	108	X509 *cert;
	109	EVP_PKEY *public_key;
	110	struct {
	111	char *file;
	112	EVP_PKEY *key;
	113	X509 *cert;
	114	} private_key;
	115	} u;
	116	};
	117
	118	static struct soft_token {
	119	CK_VOID_PTR application;
	120	CK_NOTIFY notify;
	121	struct {
	122	struct st_object **objs;
	123	int num_objs;
	124	} object;
	125	struct {
	126	int hardware_slot;
	127	int app_error_fatal;
	128	int login_done;
	129	} flags;
	130	int open_sessions;
	131	struct session_state {
	132	CK_SESSION_HANDLE session_handle;
	133
	134	struct {
	135	CK_ATTRIBUTE *attributes;
	136	CK_ULONG num_attributes;
	137	int next_object;
	138	} find;
	139
	140	int encrypt_object;
	141	CK_MECHANISM_PTR encrypt_mechanism;
	142	int decrypt_object;
	143	CK_MECHANISM_PTR decrypt_mechanism;
	144	int sign_object;
	145	CK_MECHANISM_PTR sign_mechanism;
	146	int verify_object;
	147	CK_MECHANISM_PTR verify_mechanism;
	148	int digest_object;
	149	} state[10];
	150	#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
	151	FILE *logfile;
	152	CK_SESSION_HANDLE next_session_handle;
	153	} soft_token;
	154
	155	static void
	156	application_error(const char *fmt, ...)
	157	{
	158	va_list ap;
	159	va_start(ap, fmt);
	160	vprintf(fmt, ap);
	161	va_end(ap);
	162	if (soft_token.flags.app_error_fatal)
	163	abort();
	164	}
	165
	166	static void
	167	st_logf(const char *fmt, ...)
	168	{
	169	va_list ap;
	170	if (soft_token.logfile == NULL)
	171	return;
	172	va_start(ap, fmt);
	173	vfprintf(soft_token.logfile, fmt, ap);
	174	va_end(ap);
	175	fflush(soft_token.logfile);
	176	}
	177
	178	static void
	179	snprintf_fill(char str, int size, char fillchar, const char fmt, ...)
	180	{
	181	int len;
	182	va_list ap;
	183	va_start(ap, fmt);
	184	len = vsnprintf(str, size, fmt, ap);
	185	va_end(ap);
	186	if (len < 0 \|\| len > size)
	187	return;
	188	while(len < size)
	189	str[len++] = fillchar;
	190	}
	191
	192	#ifndef TEST_APP
	193	#define printf error_use_st_logf
	194	#endif
	195
	196	#define VERIFY_SESSION_HANDLE(s, state) \
	197	{ \
	198	CK_RV vshret; \
	199	vshret = verify_session_handle(s, state); \
	200	if (vshret != CKR_OK) { \
	201	/* return CKR_OK */; \
	202	} \
	203	}
	204
	205	static CK_RV
	206	verify_session_handle(CK_SESSION_HANDLE hSession,
	207	struct session_state **state)
	208	{
	209	size_t i;
	210
	211	for (i = 0; i < MAX_NUM_SESSION; i++){
	212	if (soft_token.state[i].session_handle == hSession)
	213	break;
	214	}
	215	if (i == MAX_NUM_SESSION) {
	216	application_error("use of invalid handle: 0x%08lx\n",
	217	(unsigned long)hSession);
	218	return CKR_SESSION_HANDLE_INVALID;
	219	}
	220	if (state)
	221	*state = &soft_token.state[i];
	222	return CKR_OK;
	223	}
	224
	225	static CK_RV
	226	object_handle_to_object(CK_OBJECT_HANDLE handle,
	227	struct st_object **object)
	228	{
	229	int i = HANDLE_OBJECT_ID(handle);
	230
	231	*object = NULL;
	232	if (i >= soft_token.object.num_objs)
	233	return CKR_ARGUMENTS_BAD;
	234	if (soft_token.object.objs[i] == NULL)
	235	return CKR_ARGUMENTS_BAD;
	236	if (soft_token.object.objs[i]->object_handle != handle)
	237	return CKR_ARGUMENTS_BAD;
	238	*object = soft_token.object.objs[i];
	239	return CKR_OK;
	240	}
	241
	242	static int
	243	attributes_match(const struct st_object *obj,
	244	const CK_ATTRIBUTE *attributes,
	245	CK_ULONG num_attributes)
	246	{
	247	CK_ULONG i;
	248	int j;
	249	st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
	250
	251	for (i = 0; i < num_attributes; i++) {
	252	int match = 0;
	253	for (j = 0; j < obj->num_attributes; j++) {
	254	if (attributes[i].type == obj->attrs[j].attribute.type &&
	255	attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
	256	memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
	257	attributes[i].ulValueLen) == 0) {
	258	match = 1;
	259	break;
	260	}
	261	}
	262	if (match == 0) {
	263	st_logf("type %lu attribute have no match\n", attributes[i].type);
	264	return 0;
	265	}
	266	}
	267	st_logf("attribute matches\n");
	268	return 1;
	269	}
	270
	271	static void
	272	print_attributes(const CK_ATTRIBUTE *attributes,
	273	CK_ULONG num_attributes)
	274	{
	275	CK_ULONG i;
	276
	277	st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
	278
	279	for (i = 0; i < num_attributes; i++) {
	280	st_logf(" type: ");
	281	switch (attributes[i].type) {
	282	case CKA_TOKEN: {
	283	CK_BBOOL *ck_true;
	284	if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
	285	application_error("token attribute wrong length\n");
	286	break;
	287	}
	288	ck_true = attributes[i].pValue;
	289	st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
	290	break;
	291	}
	292	case CKA_CLASS: {
	293	CK_OBJECT_CLASS *class;
	294	if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
	295	application_error("class attribute wrong length\n");
	296	break;
	297	}
	298	class = attributes[i].pValue;
	299	st_logf("class ");
	300	switch (*class) {
	301	case CKO_CERTIFICATE:
	302	st_logf("certificate");
	303	break;
	304	case CKO_PUBLIC_KEY:
	305	st_logf("public key");
	306	break;
	307	case CKO_PRIVATE_KEY:
	308	st_logf("private key");
	309	break;
	310	case CKO_SECRET_KEY:
	311	st_logf("secret key");
	312	break;
	313	case CKO_DOMAIN_PARAMETERS:
	314	st_logf("domain parameters");
	315	break;
	316	default:
	317	st_logf("[class %lx]", (long unsigned)*class);
	318	break;
	319	}
	320	break;
	321	}
	322	case CKA_PRIVATE:
	323	st_logf("private");
	324	break;
	325	case CKA_LABEL:
	326	st_logf("label");
	327	break;
	328	case CKA_APPLICATION:
	329	st_logf("application");
	330	break;
	331	case CKA_VALUE:
	332	st_logf("value");
	333	break;
	334	case CKA_ID:
	335	st_logf("id");
	336	break;
	337	default:
	338	st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
	339	break;
	340	}
	341	st_logf("\n");
	342	}
	343	}
	344
	345	static void
	346	free_st_object(struct st_object *o)
	347	{
	348	int i;
	349
	350	for (i = 0; i < o->num_attributes; i++)
	351	free(o->attrs[i].attribute.pValue);
	352	free(o->attrs);
	353	if (o->type == STO_T_CERTIFICATE) {
	354	X509_free(o->u.cert);
	355	} else if (o->type == STO_T_PRIVATE_KEY) {
	356	free(o->u.private_key.file);
	357	EVP_PKEY_free(o->u.private_key.key);
	358	X509_free(o->u.private_key.cert);
	359	} else if (o->type == STO_T_PUBLIC_KEY) {
	360	EVP_PKEY_free(o->u.public_key);
	361	}
	362	free(o);
	363	}
	364
	365	static struct st_object *
	366	add_st_object(void)
	367	{
	368	struct st_object o, *objs;
	369
	370	objs = realloc(soft_token.object.objs,
	371	(soft_token.object.num_objs + 1) *
	372	sizeof(soft_token.object.objs[0]));
	373	if (objs == NULL)
	374	return NULL;
	375	soft_token.object.objs = objs;
	376
	377	o = malloc(sizeof(*o));
	378	if (o == NULL)
	379	return NULL;
	380	memset(o, 0, sizeof(*o));
	381	o->attrs = NULL;
	382	o->num_attributes = 0;
	383	o->object_handle = soft_token.object.num_objs;
	384
	385	soft_token.object.objs[soft_token.object.num_objs++] = o;
	386	return o;
	387	}
	388
	389	static CK_RV
	390	add_object_attribute(struct st_object *o,
	391	int secret,
	392	CK_ATTRIBUTE_TYPE type,
	393	CK_VOID_PTR pValue,
	394	CK_ULONG ulValueLen)
	395	{
	396	struct st_attr *a;
	397	int i;
	398
	399	i = o->num_attributes;
	400	a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
	401	if (a == NULL)
	402	return CKR_DEVICE_MEMORY;
	403	o->attrs = a;
	404	o->attrs[i].secret = secret;
	405	o->attrs[i].attribute.type = type;
	406	o->attrs[i].attribute.pValue = malloc(ulValueLen);
	407	if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
	408	return CKR_DEVICE_MEMORY;
	409	memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
	410	o->attrs[i].attribute.ulValueLen = ulValueLen;
	411	o->num_attributes++;
	412
	413	return CKR_OK;
	414	}
	415
	416	static CK_RV
	417	add_pubkey_info(struct st_object o, CK_KEY_TYPE key_type, EVP_PKEY key)
	418	{
	419	switch (key_type) {
	420	case CKK_RSA: {
	421	CK_BYTE *modulus = NULL;
	422	size_t modulus_len = 0;
	423	CK_ULONG modulus_bits = 0;
	424	CK_BYTE *exponent = NULL;
	425	size_t exponent_len = 0;
	426	RSA *rsa;
	427	const BIGNUM n, e;
	428
	429	rsa = EVP_PKEY_get0_RSA(key);
	430	RSA_get0_key(rsa, &n, &e, NULL);
	431	modulus_bits = BN_num_bits(n);
	432
	433	modulus_len = BN_num_bytes(n);
	434	modulus = malloc(modulus_len);
	435	BN_bn2bin(n, modulus);
	436
	437	exponent_len = BN_num_bytes(e);
	438	exponent = malloc(exponent_len);
	439	BN_bn2bin(e, exponent);
	440
	441	add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
	442	add_object_attribute(o, 0, CKA_MODULUS_BITS,
	443	&modulus_bits, sizeof(modulus_bits));
	444	add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
	445	exponent, exponent_len);
	446
	447	RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
	448
	449	free(modulus);
	450	free(exponent);
	451	}
	452	default:
	453	/* XXX */
	454	break;
	455	}
	456	return CKR_OK;
	457	}
	458
	459
	460	static int
	461	pem_callback(char buf, int num, int w, void key)
	462	{
	463	return -1;
	464	}
	465
	466
	467	static CK_RV
	468	add_certificate(char *label,
	469	const char *cert_file,
	470	const char *private_key_file,
	471	char *id,
	472	int anchor)
	473	{
	474	struct st_object *o = NULL;
	475	CK_BBOOL bool_true = CK_TRUE;
	476	CK_BBOOL bool_false = CK_FALSE;
	477	CK_OBJECT_CLASS c;
	478	CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
	479	CK_KEY_TYPE key_type;
	480	CK_MECHANISM_TYPE mech_type;
	481	void *cert_data = NULL;
	482	size_t cert_length;
	483	void *subject_data = NULL;
	484	size_t subject_length;
	485	void *issuer_data = NULL;
	486	size_t issuer_length;
	487	void *serial_data = NULL;
	488	size_t serial_length;
	489	CK_RV ret = CKR_GENERAL_ERROR;
	490	X509 *cert;
	491	EVP_PKEY *public_key;
	492
	493	size_t id_len = strlen(id);
	494
	495	{
	496	FILE *f;
	497
	498	f = fopen(cert_file, "r");
	499	if (f == NULL) {
	500	st_logf("failed to open file %s\n", cert_file);
	501	return CKR_GENERAL_ERROR;
	502	}
	503
	504	cert = PEM_read_X509(f, NULL, NULL, NULL);
	505	fclose(f);
	506	if (cert == NULL) {
	507	st_logf("failed reading PEM cert\n");
	508	return CKR_GENERAL_ERROR;
	509	}
	510
	511	OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret);
	512	if (ret)
	513	goto out;
	514
	515	OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length,
	516	X509_get_issuer_name(cert), ret);
	517	if (ret)
	518	goto out;
	519
	520	OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length,
	521	X509_get_subject_name(cert), ret);
	522	if (ret)
	523	goto out;
	524
	525	OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, serial_data, serial_length,
	526	X509_get_serialNumber(cert), ret);
	527	if (ret)
	528	goto out;
	529
	530	}
	531
	532	st_logf("done parsing, adding to internal structure\n");
	533
	534	o = add_st_object();
	535	if (o == NULL) {
	536	ret = CKR_DEVICE_MEMORY;
	537	goto out;
	538	}
	539	o->type = STO_T_CERTIFICATE;
	540	o->u.cert = X509_dup(cert);
	541	if (o->u.cert == NULL) {
	542	ret = CKR_DEVICE_MEMORY;
	543	goto out;
	544	}
	545	public_key = X509_get_pubkey(o->u.cert);
	546
	547	switch (EVP_PKEY_base_id(public_key)) {
	548	case EVP_PKEY_RSA:
	549	key_type = CKK_RSA;
	550	break;
	551	case EVP_PKEY_DSA:
	552	key_type = CKK_DSA;
	553	break;
	554	default:
	555	st_logf("invalid key_type\n");
	556	ret = CKR_GENERAL_ERROR;
	557	goto out;
	558	}
	559
	560	c = CKO_CERTIFICATE;
	561	add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
	562	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
	563	add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
	564	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
	565	add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
	566
	567	add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
	568	add_object_attribute(o, 0, CKA_ID, id, id_len);
	569
	570	add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
	571	add_object_attribute(o, 0, CKA_ISSUER, issuer_data, issuer_length);
	572	add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data, serial_length);
	573	add_object_attribute(o, 0, CKA_VALUE, cert_data, cert_length);
	574	if (anchor)
	575	add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
	576	else
	577	add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
	578
	579	st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
	580
	581	o = add_st_object();
	582	if (o == NULL) {
	583	ret = CKR_DEVICE_MEMORY;
	584	goto out;
	585	}
	586	o->type = STO_T_PUBLIC_KEY;
	587	o->u.public_key = public_key;
	588
	589	c = CKO_PUBLIC_KEY;
	590	add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
	591	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
	592	add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
	593	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
	594	add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
	595
	596	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
	597	add_object_attribute(o, 0, CKA_ID, id, id_len);
	598	add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
	599	add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
	600	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
	601	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
	602	mech_type = CKM_RSA_X_509;
	603	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
	604
	605	add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
	606	add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
	607	add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
	608	add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
	609	add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
	610	add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
	611
	612	add_pubkey_info(o, key_type, public_key);
	613
	614	st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
	615
	616	if (private_key_file) {
	617	CK_FLAGS flags;
	618	FILE *f;
	619
	620	o = add_st_object();
	621	if (o == NULL) {
	622	ret = CKR_DEVICE_MEMORY;
	623	goto out;
	624	}
	625	o->type = STO_T_PRIVATE_KEY;
	626	o->u.private_key.file = strdup(private_key_file);
	627	o->u.private_key.key = NULL;
	628
	629	o->u.private_key.cert = X509_dup(cert);
	630	if (o->u.private_key.cert == NULL) {
	631	ret = CKR_DEVICE_MEMORY;
	632	goto out;
	633	}
	634
	635	c = CKO_PRIVATE_KEY;
	636	add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
	637	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
	638	add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
	639	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
	640	add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
	641
	642	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
	643	add_object_attribute(o, 0, CKA_ID, id, id_len);
	644	add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
	645	add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
	646	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
	647	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
	648	mech_type = CKM_RSA_X_509;
	649	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
	650
	651	add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
	652	add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
	653	add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
	654	flags = 0;
	655	add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
	656
	657	add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
	658	add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
	659	add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
	660	add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
	661	add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
	662	add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
	663
	664	add_pubkey_info(o, key_type, public_key);
	665
	666	f = fopen(private_key_file, "r");
	667	if (f == NULL) {
	668	st_logf("failed to open private key\n");
	669	return CKR_GENERAL_ERROR;
	670	}
	671
	672	o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL);
	673	fclose(f);
	674	if (o->u.private_key.key == NULL) {
	675	st_logf("failed to read private key a startup\n");
	676	/* don't bother with this failure for now,
	677	fix it at C_Login time */;
	678	} else {
	679	/* XXX verify keytype */
	680
	681	if (key_type == CKK_RSA)
	682	RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
	683	RSA_PKCS1_OpenSSL());
	684
	685	if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
	686	EVP_PKEY_free(o->u.private_key.key);
	687	o->u.private_key.key = NULL;
	688	st_logf("private key doesn't verify\n");
	689	} else {
	690	st_logf("private key usable\n");
	691	soft_token.flags.login_done = 1;
	692	}
	693	}
	694	}
	695
	696	ret = CKR_OK;
	697	out:
	698	if (ret != CKR_OK) {
	699	st_logf("something went wrong when adding cert!\n");
	700
	701	/* XXX wack o */;
	702	}
	703	free(cert_data);
	704	free(serial_data);
	705	free(issuer_data);
	706	free(subject_data);
	707	X509_free(cert);
	708
	709	return ret;
	710	}
	711
	712	static void
	713	find_object_final(struct session_state *state)
	714	{
	715	if (state->find.attributes) {
	716	CK_ULONG i;
	717
	718	for (i = 0; i < state->find.num_attributes; i++) {
	719	if (state->find.attributes[i].pValue)
	720	free(state->find.attributes[i].pValue);
	721	}
	722	free(state->find.attributes);
	723	state->find.attributes = NULL;
	724	state->find.num_attributes = 0;
	725	state->find.next_object = -1;
	726	}
	727	}
	728
	729	static void
	730	reset_crypto_state(struct session_state *state)
	731	{
	732	state->encrypt_object = -1;
	733	if (state->encrypt_mechanism)
	734	free(state->encrypt_mechanism);
	735	state->encrypt_mechanism = NULL_PTR;
	736	state->decrypt_object = -1;
	737	if (state->decrypt_mechanism)
	738	free(state->decrypt_mechanism);
	739	state->decrypt_mechanism = NULL_PTR;
	740	state->sign_object = -1;
	741	if (state->sign_mechanism)
	742	free(state->sign_mechanism);
	743	state->sign_mechanism = NULL_PTR;
	744	state->verify_object = -1;
	745	if (state->verify_mechanism)
	746	free(state->verify_mechanism);
	747	state->verify_mechanism = NULL_PTR;
	748	state->digest_object = -1;
	749	}
	750
	751	static void
	752	close_session(struct session_state *state)
	753	{
	754	if (state->find.attributes) {
	755	application_error("application didn't do C_FindObjectsFinal\n");
	756	find_object_final(state);
	757	}
	758
	759	state->session_handle = CK_INVALID_HANDLE;
	760	soft_token.application = NULL_PTR;
	761	soft_token.notify = NULL_PTR;
	762	reset_crypto_state(state);
	763	}
	764
	765	static const char *
	766	has_session(void)
	767	{
	768	return soft_token.open_sessions > 0 ? "yes" : "no";
	769	}
	770
	771	static void
	772	read_conf_file(const char *fn)
	773	{
	774	char buf[1024], cert, key, id, label, s, p;
	775	int anchor;
	776	FILE *f;
	777
	778	f = fopen(fn, "r");
	779	if (f == NULL) {
	780	st_logf("can't open configuration file %s\n", fn);
	781	return;
	782	}
	783
	784	while(fgets(buf, sizeof(buf), f) != NULL) {
	785	buf[strcspn(buf, "\n")] = '\0';
	786
	787	anchor = 0;
	788
	789	st_logf("line: %s\n", buf);
	790
	791	p = buf;
	792	while (isspace(*p))
	793	p++;
	794	if (*p == '#')
	795	continue;
	796	while (isspace(*p))
	797	p++;
	798
	799	s = NULL;
	800	id = strtok_r(p, "\t", &s);
	801	if (id == NULL)
	802	continue;
	803	label = strtok_r(NULL, "\t", &s);
	804	if (label == NULL)
	805	continue;
	806	cert = strtok_r(NULL, "\t", &s);
	807	if (cert == NULL)
	808	continue;
	809	key = strtok_r(NULL, "\t", &s);
	810
	811	/* XXX */
	812	if (strcmp(id, "anchor") == 0) {
	813	id = "\x00\x00";
	814	anchor = 1;
	815	}
	816
	817	st_logf("adding: %s\n", label);
	818
	819	add_certificate(label, cert, key, id, anchor);
	820	}
	821
	822	fclose(f);
	823	}
	824
	825	static CK_RV
	826	func_not_supported(void)
	827	{
	828	st_logf("function not supported\n");
	829	return CKR_FUNCTION_NOT_SUPPORTED;
	830	}
	831
	832	static char *
	833	get_rcfilename()
	834	{
	835	struct passwd *pw;
	836	const char *home = NULL;
	837	char *fn;
	838
	839	if (getuid() == geteuid()) {
	840	fn = getenv("SOFTPKCS11RC");
	841	if (fn != NULL)
	842	return strdup(fn);
	843
	844	home = getenv("HOME");
	845	}
	846
	847	if (home == NULL) {
	848	pw = getpwuid(getuid());
	849	if (pw != NULL)
	850	home = pw->pw_dir;
	851	}
	852
	853	if (home == NULL)
	854	return strdup("/etc/soft-token.rc");
	855
	856	if (asprintf(&fn, "%s/.soft-token.rc", home) < 0)
	857	return NULL;
	858	return fn;
	859	}
	860
	861	CK_RV
	862	C_Initialize(CK_VOID_PTR a)
	863	{
	864	CK_C_INITIALIZE_ARGS_PTR args = a;
	865	size_t i;
	866	char *fn;
	867
	868	st_logf("Initialize\n");
	869
	870	OpenSSL_add_all_algorithms();
	871	ERR_load_crypto_strings();
	872
	873	for (i = 0; i < MAX_NUM_SESSION; i++) {
	874	soft_token.state[i].session_handle = CK_INVALID_HANDLE;
	875	soft_token.state[i].find.attributes = NULL;
	876	soft_token.state[i].find.num_attributes = 0;
	877	soft_token.state[i].find.next_object = -1;
	878	reset_crypto_state(&soft_token.state[i]);
	879	}
	880
	881	soft_token.flags.hardware_slot = 1;
	882	soft_token.flags.app_error_fatal = 0;
	883	soft_token.flags.login_done = 0;
	884
	885	soft_token.object.objs = NULL;
	886	soft_token.object.num_objs = 0;
	887
	888	soft_token.logfile = NULL;
	889	#if 0
	890	soft_token.logfile = stdout;
	891	#endif
	892	#if 0
	893	soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
	894	#endif
	895
	896	if (a != NULL_PTR) {
	897	st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
	898	st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
	899	st_logf("\tLockMutext\t%p\n", args->LockMutex);
	900	st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
	901	st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
	902	}
	903
	904	soft_token.next_session_handle = 1;
	905
	906	fn = get_rcfilename();
	907	if (fn == NULL)
	908	return CKR_DEVICE_MEMORY;
	909	read_conf_file(fn);
	910	free(fn);
	911	return CKR_OK;
	912	}
	913
	914	CK_RV
	915	C_Finalize(CK_VOID_PTR args)
	916	{
	917	size_t i;
	918	int j;
	919
	920	st_logf("Finalize\n");
	921
	922	for (i = 0; i < MAX_NUM_SESSION; i++) {
	923	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
	924	application_error("application finalized without "
	925	"closing session\n");
	926	close_session(&soft_token.state[i]);
	927	}
	928	}
	929
	930	for (j = 0; j < soft_token.object.num_objs; j++)
	931	free_st_object(soft_token.object.objs[j]);
	932	free(soft_token.object.objs);
	933	soft_token.object.objs = NULL;
	934	soft_token.object.num_objs = 0;
	935
	936	return CKR_OK;
	937	}
	938
	939	CK_RV
	940	C_GetInfo(CK_INFO_PTR args)
	941	{
	942	st_logf("GetInfo\n");
	943
	944	memset(args, 17, sizeof(*args));
	945	args->cryptokiVersion.major = 2;
	946	args->cryptokiVersion.minor = 10;
	947	snprintf_fill((char *)args->manufacturerID,
	948	sizeof(args->manufacturerID),
	949	' ',
	950	"SoftToken");
	951	snprintf_fill((char *)args->libraryDescription,
	952	sizeof(args->libraryDescription), ' ',
	953	"SoftToken");
	954	args->libraryVersion.major = 1;
	955	args->libraryVersion.minor = 8;
	956
	957	return CKR_OK;
	958	}
	959
	960	extern CK_FUNCTION_LIST funcs;
	961
	962	CK_RV
	963	C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
	964	{
	965	*ppFunctionList = &funcs;
	966	return CKR_OK;
	967	}
	968
	969	CK_RV
	970	C_GetSlotList(CK_BBOOL tokenPresent,
	971	CK_SLOT_ID_PTR pSlotList,
	972	CK_ULONG_PTR pulCount)
	973	{
	974	st_logf("GetSlotList: %s\n",
	975	tokenPresent ? "tokenPresent" : "token not Present");
	976	if (pSlotList)
	977	pSlotList[0] = 1;
	978	*pulCount = 1;
	979	return CKR_OK;
	980	}
	981
	982	CK_RV
	983	C_GetSlotInfo(CK_SLOT_ID slotID,
	984	CK_SLOT_INFO_PTR pInfo)
	985	{
	986	st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
	987
	988	memset(pInfo, 18, sizeof(*pInfo));
	989
	990	if (slotID != 1)
	991	return CKR_ARGUMENTS_BAD;
	992
	993	snprintf_fill((char *)pInfo->slotDescription,
	994	sizeof(pInfo->slotDescription),
	995	' ',
	996	"SoftToken (slot)");
	997	snprintf_fill((char *)pInfo->manufacturerID,
	998	sizeof(pInfo->manufacturerID),
	999	' ',
	1000	"SoftToken (slot)");
	1001	pInfo->flags = CKF_TOKEN_PRESENT;
	1002	if (soft_token.flags.hardware_slot)
	1003	pInfo->flags \|= CKF_HW_SLOT;
	1004	pInfo->hardwareVersion.major = 1;
	1005	pInfo->hardwareVersion.minor = 0;
	1006	pInfo->firmwareVersion.major = 1;
	1007	pInfo->firmwareVersion.minor = 0;
	1008
	1009	return CKR_OK;
	1010	}
	1011
	1012	CK_RV
	1013	C_GetTokenInfo(CK_SLOT_ID slotID,
	1014	CK_TOKEN_INFO_PTR pInfo)
	1015	{
	1016	st_logf("GetTokenInfo: %s\n", has_session());
	1017
	1018	memset(pInfo, 19, sizeof(*pInfo));
	1019
	1020	snprintf_fill((char *)pInfo->label,
	1021	sizeof(pInfo->label),
	1022	' ',
	1023	"SoftToken (token)");
	1024	snprintf_fill((char *)pInfo->manufacturerID,
	1025	sizeof(pInfo->manufacturerID),
	1026	' ',
	1027	"SoftToken (token)");
	1028	snprintf_fill((char *)pInfo->model,
	1029	sizeof(pInfo->model),
	1030	' ',
	1031	"SoftToken (token)");
	1032	snprintf_fill((char *)pInfo->serialNumber,
	1033	sizeof(pInfo->serialNumber),
	1034	' ',
	1035	"4711");
	1036	pInfo->flags =
	1037	CKF_TOKEN_INITIALIZED \|
	1038	CKF_USER_PIN_INITIALIZED;
	1039
	1040	if (soft_token.flags.login_done == 0)
	1041	pInfo->flags \|= CKF_LOGIN_REQUIRED;
	1042
	1043	/* CFK_RNG \|
	1044	CKF_RESTORE_KEY_NOT_NEEDED \|
	1045	*/
	1046	pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
	1047	pInfo->ulSessionCount = soft_token.open_sessions;
	1048	pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
	1049	pInfo->ulRwSessionCount = soft_token.open_sessions;
	1050	pInfo->ulMaxPinLen = 1024;
	1051	pInfo->ulMinPinLen = 0;
	1052	pInfo->ulTotalPublicMemory = 4711;
	1053	pInfo->ulFreePublicMemory = 4712;
	1054	pInfo->ulTotalPrivateMemory = 4713;
	1055	pInfo->ulFreePrivateMemory = 4714;
	1056	pInfo->hardwareVersion.major = 2;
	1057	pInfo->hardwareVersion.minor = 0;
	1058	pInfo->firmwareVersion.major = 2;
	1059	pInfo->firmwareVersion.minor = 0;
	1060
	1061	return CKR_OK;
	1062	}
	1063
	1064	CK_RV
	1065	C_GetMechanismList(CK_SLOT_ID slotID,
	1066	CK_MECHANISM_TYPE_PTR pMechanismList,
	1067	CK_ULONG_PTR pulCount)
	1068	{
	1069	st_logf("GetMechanismList\n");
	1070
	1071	*pulCount = 2;
	1072	if (pMechanismList == NULL_PTR)
	1073	return CKR_OK;
	1074	pMechanismList[0] = CKM_RSA_X_509;
	1075	pMechanismList[1] = CKM_RSA_PKCS;
	1076
	1077	return CKR_OK;
	1078	}
	1079
	1080	CK_RV
	1081	C_GetMechanismInfo(CK_SLOT_ID slotID,
	1082	CK_MECHANISM_TYPE type,
	1083	CK_MECHANISM_INFO_PTR pInfo)
	1084	{
	1085	st_logf("GetMechanismInfo: slot %d type: %d\n",
	1086	(int)slotID, (int)type);
	1087	return CKR_FUNCTION_NOT_SUPPORTED;
	1088	}
	1089
	1090	CK_RV
	1091	C_InitToken(CK_SLOT_ID slotID,
	1092	CK_UTF8CHAR_PTR pPin,
	1093	CK_ULONG ulPinLen,
	1094	CK_UTF8CHAR_PTR pLabel)
	1095	{
	1096	st_logf("InitToken: slot %d\n", (int)slotID);
	1097	return CKR_FUNCTION_NOT_SUPPORTED;
	1098	}
	1099
	1100	CK_RV
	1101	C_OpenSession(CK_SLOT_ID slotID,
	1102	CK_FLAGS flags,
	1103	CK_VOID_PTR pApplication,
	1104	CK_NOTIFY Notify,
	1105	CK_SESSION_HANDLE_PTR phSession)
	1106	{
	1107	size_t i;
	1108
	1109	st_logf("OpenSession: slot: %d\n", (int)slotID);
	1110
	1111	if (soft_token.open_sessions == MAX_NUM_SESSION)
	1112	return CKR_SESSION_COUNT;
	1113
	1114	soft_token.application = pApplication;
	1115	soft_token.notify = Notify;
	1116
	1117	for (i = 0; i < MAX_NUM_SESSION; i++)
	1118	if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
	1119	break;
	1120	if (i == MAX_NUM_SESSION)
	1121	abort();
	1122
	1123	soft_token.open_sessions++;
	1124
	1125	soft_token.state[i].session_handle = soft_token.next_session_handle++;
	1126	*phSession = soft_token.state[i].session_handle;
	1127
	1128	return CKR_OK;
	1129	}
	1130
	1131	CK_RV
	1132	C_CloseSession(CK_SESSION_HANDLE hSession)
	1133	{
	1134	struct session_state *state;
	1135	st_logf("CloseSession\n");
	1136
	1137	if (verify_session_handle(hSession, &state) != CKR_OK)
	1138	application_error("closed session not open");
	1139	else
	1140	close_session(state);
	1141
	1142	return CKR_OK;
	1143	}
	1144
	1145	CK_RV
	1146	C_CloseAllSessions(CK_SLOT_ID slotID)
	1147	{
	1148	size_t i;
	1149
	1150	st_logf("CloseAllSessions\n");
	1151
	1152	for (i = 0; i < MAX_NUM_SESSION; i++)
	1153	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
	1154	close_session(&soft_token.state[i]);
	1155
	1156	return CKR_OK;
	1157	}
	1158
	1159	CK_RV
	1160	C_GetSessionInfo(CK_SESSION_HANDLE hSession,
	1161	CK_SESSION_INFO_PTR pInfo)
	1162	{
	1163	st_logf("GetSessionInfo\n");
	1164
	1165	VERIFY_SESSION_HANDLE(hSession, NULL);
	1166
	1167	memset(pInfo, 20, sizeof(*pInfo));
	1168
	1169	pInfo->slotID = 1;
	1170	if (soft_token.flags.login_done)
	1171	pInfo->state = CKS_RO_USER_FUNCTIONS;
	1172	else
	1173	pInfo->state = CKS_RO_PUBLIC_SESSION;
	1174	pInfo->flags = CKF_SERIAL_SESSION;
	1175	pInfo->ulDeviceError = 0;
	1176
	1177	return CKR_OK;
	1178	}
	1179
	1180	CK_RV
	1181	C_Login(CK_SESSION_HANDLE hSession,
	1182	CK_USER_TYPE userType,
	1183	CK_UTF8CHAR_PTR pPin,
	1184	CK_ULONG ulPinLen)
	1185	{
	1186	char *pin = NULL;
	1187	int i;
	1188
	1189	st_logf("Login\n");
	1190
	1191	VERIFY_SESSION_HANDLE(hSession, NULL);
	1192
	1193	if (pPin != NULL_PTR) {
	1194	if (asprintf(&pin, "%.*s", (int)ulPinLen, pPin) < 0)
	1195	return CKR_DEVICE_MEMORY;
	1196	st_logf("type: %d password: %s\n", (int)userType, pin);
	1197	}
	1198
	1199	for (i = 0; i < soft_token.object.num_objs; i++) {
	1200	struct st_object *o = soft_token.object.objs[i];
	1201	FILE *f;
	1202
	1203	if (o->type != STO_T_PRIVATE_KEY)
	1204	continue;
	1205
	1206	if (o->u.private_key.key)
	1207	continue;
	1208
	1209	f = fopen(o->u.private_key.file, "r");
	1210	if (f == NULL) {
	1211	st_logf("can't open private file: %s\n", o->u.private_key.file);
	1212	continue;
	1213	}
	1214
	1215	o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin);
	1216	fclose(f);
	1217	if (o->u.private_key.key == NULL) {
	1218	st_logf("failed to read key: %s error: %s\n",
	1219	o->u.private_key.file,
	1220	ERR_error_string(ERR_get_error(), NULL));
	1221	/* just ignore failure */;
	1222	continue;
	1223	}
	1224
	1225	/* XXX check keytype */
	1226	RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
	1227	RSA_PKCS1_OpenSSL());
	1228
	1229	if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
	1230	EVP_PKEY_free(o->u.private_key.key);
	1231	o->u.private_key.key = NULL;
	1232	st_logf("private key %s doesn't verify\n", o->u.private_key.file);
	1233	continue;
	1234	}
	1235
	1236	soft_token.flags.login_done = 1;
	1237	}
	1238	free(pin);
	1239
	1240	return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
	1241	}
	1242
	1243	CK_RV
	1244	C_Logout(CK_SESSION_HANDLE hSession)
	1245	{
	1246	st_logf("Logout\n");
	1247	VERIFY_SESSION_HANDLE(hSession, NULL);
	1248	return CKR_FUNCTION_NOT_SUPPORTED;
	1249	}
	1250
	1251	CK_RV
	1252	C_GetObjectSize(CK_SESSION_HANDLE hSession,
	1253	CK_OBJECT_HANDLE hObject,
	1254	CK_ULONG_PTR pulSize)
	1255	{
	1256	st_logf("GetObjectSize\n");
	1257	VERIFY_SESSION_HANDLE(hSession, NULL);
	1258	return CKR_FUNCTION_NOT_SUPPORTED;
	1259	}
	1260
	1261	CK_RV
	1262	C_GetAttributeValue(CK_SESSION_HANDLE hSession,
	1263	CK_OBJECT_HANDLE hObject,
	1264	CK_ATTRIBUTE_PTR pTemplate,
	1265	CK_ULONG ulCount)
	1266	{
	1267	struct session_state *state;
	1268	struct st_object *obj;
	1269	CK_ULONG i;
	1270	CK_RV ret;
	1271	int j;
	1272
	1273	st_logf("GetAttributeValue: %lx\n",
	1274	(unsigned long)HANDLE_OBJECT_ID(hObject));
	1275	VERIFY_SESSION_HANDLE(hSession, &state);
	1276
	1277	if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
	1278	st_logf("object not found: %lx\n",
	1279	(unsigned long)HANDLE_OBJECT_ID(hObject));
	1280	return ret;
	1281	}
	1282
	1283	for (i = 0; i < ulCount; i++) {
	1284	st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
	1285	for (j = 0; j < obj->num_attributes; j++) {
	1286	if (obj->attrs[j].secret) {
	1287	pTemplate[i].ulValueLen = (CK_ULONG)-1;
	1288	break;
	1289	}
	1290	if (pTemplate[i].type == obj->attrs[j].attribute.type) {
	1291	if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
	1292	if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
	1293	memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
	1294	obj->attrs[j].attribute.ulValueLen);
	1295	}
	1296	pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
	1297	break;
	1298	}
	1299	}
	1300	if (j == obj->num_attributes) {
	1301	st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
	1302	pTemplate[i].ulValueLen = (CK_ULONG)-1;
	1303	}
	1304
	1305	}
	1306	return CKR_OK;
	1307	}
	1308
	1309	CK_RV
	1310	C_FindObjectsInit(CK_SESSION_HANDLE hSession,
	1311	CK_ATTRIBUTE_PTR pTemplate,
	1312	CK_ULONG ulCount)
	1313	{
	1314	struct session_state *state;
	1315
	1316	st_logf("FindObjectsInit\n");
	1317
	1318	VERIFY_SESSION_HANDLE(hSession, &state);
	1319
	1320	if (state->find.next_object != -1) {
	1321	application_error("application didn't do C_FindObjectsFinal\n");
	1322	find_object_final(state);
	1323	}
	1324	if (ulCount) {
	1325	CK_ULONG i;
	1326
	1327	print_attributes(pTemplate, ulCount);
	1328
	1329	state->find.attributes =
	1330	calloc(1, ulCount * sizeof(state->find.attributes[0]));
	1331	if (state->find.attributes == NULL)
	1332	return CKR_DEVICE_MEMORY;
	1333	for (i = 0; i < ulCount; i++) {
	1334	state->find.attributes[i].pValue =
	1335	malloc(pTemplate[i].ulValueLen);
	1336	if (state->find.attributes[i].pValue == NULL) {
	1337	find_object_final(state);
	1338	return CKR_DEVICE_MEMORY;
	1339	}
	1340	memcpy(state->find.attributes[i].pValue,
	1341	pTemplate[i].pValue, pTemplate[i].ulValueLen);
	1342	state->find.attributes[i].type = pTemplate[i].type;
	1343	state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
	1344	}
	1345	state->find.num_attributes = ulCount;
	1346	state->find.next_object = 0;
	1347	} else {
	1348	st_logf("find all objects\n");
	1349	state->find.attributes = NULL;
	1350	state->find.num_attributes = 0;
	1351	state->find.next_object = 0;
	1352	}
	1353
	1354	return CKR_OK;
	1355	}
	1356
	1357	CK_RV
	1358	C_FindObjects(CK_SESSION_HANDLE hSession,
	1359	CK_OBJECT_HANDLE_PTR phObject,
	1360	CK_ULONG ulMaxObjectCount,
	1361	CK_ULONG_PTR pulObjectCount)
	1362	{
	1363	struct session_state *state;
	1364	int i;
	1365
	1366	st_logf("FindObjects\n");
	1367
	1368	VERIFY_SESSION_HANDLE(hSession, &state);
	1369
	1370	if (state->find.next_object == -1) {
	1371	application_error("application didn't do C_FindObjectsInit\n");
	1372	return CKR_ARGUMENTS_BAD;
	1373	}
	1374	if (ulMaxObjectCount == 0) {
	1375	application_error("application asked for 0 objects\n");
	1376	return CKR_ARGUMENTS_BAD;
	1377	}
	1378	*pulObjectCount = 0;
	1379	for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
	1380	st_logf("FindObjects: %d\n", i);
	1381	state->find.next_object = i + 1;
	1382	if (attributes_match(soft_token.object.objs[i],
	1383	state->find.attributes,
	1384	state->find.num_attributes)) {
	1385	*phObject++ = soft_token.object.objs[i]->object_handle;
	1386	ulMaxObjectCount--;
	1387	(*pulObjectCount)++;
	1388	if (ulMaxObjectCount == 0)
	1389	break;
	1390	}
	1391	}
	1392	return CKR_OK;
	1393	}
	1394
	1395	CK_RV
	1396	C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
	1397	{
	1398	struct session_state *state;
	1399
	1400	st_logf("FindObjectsFinal\n");
	1401	VERIFY_SESSION_HANDLE(hSession, &state);
	1402	find_object_final(state);
	1403	return CKR_OK;
	1404	}
	1405
	1406	static CK_RV
	1407	commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
	1408	const CK_MECHANISM_TYPE *mechs, int mechs_len,
	1409	const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
	1410	struct st_object **o)
	1411	{
	1412	CK_RV ret;
	1413	int i;
	1414
	1415	*o = NULL;
	1416	if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
	1417	return ret;
	1418
	1419	ret = attributes_match(*o, attr_match, attr_match_len);
	1420	if (!ret) {
	1421	application_error("called commonInit on key that doesn't "
	1422	"support required attr");
	1423	return CKR_ARGUMENTS_BAD;
	1424	}
	1425
	1426	for (i = 0; i < mechs_len; i++)
	1427	if (mechs[i] == pMechanism->mechanism)
	1428	break;
	1429	if (i == mechs_len) {
	1430	application_error("called mech (%08lx) not supported\n",
	1431	pMechanism->mechanism);
	1432	return CKR_ARGUMENTS_BAD;
	1433	}
	1434	return CKR_OK;
	1435	}
	1436
	1437
	1438	static CK_RV
	1439	dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
	1440	{
	1441	CK_MECHANISM_PTR p;
	1442
	1443	p = malloc(sizeof(*p));
	1444	if (p == NULL)
	1445	return CKR_DEVICE_MEMORY;
	1446
	1447	if (*dup)
	1448	free(*dup);
	1449	*dup = p;
	1450	memcpy(p, pMechanism, sizeof(*p));
	1451
	1452	return CKR_OK;
	1453	}
	1454
	1455
	1456	CK_RV
	1457	C_EncryptInit(CK_SESSION_HANDLE hSession,
	1458	CK_MECHANISM_PTR pMechanism,
	1459	CK_OBJECT_HANDLE hKey)
	1460	{
	1461	struct session_state *state;
	1462	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
	1463	CK_BBOOL bool_true = CK_TRUE;
	1464	CK_ATTRIBUTE attr[] = {
	1465	{ CKA_ENCRYPT, &bool_true, sizeof(bool_true) }
	1466	};
	1467	struct st_object *o;
	1468	CK_RV ret;
	1469
	1470	st_logf("EncryptInit\n");
	1471	VERIFY_SESSION_HANDLE(hSession, &state);
	1472
	1473	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
	1474	mechs, sizeof(mechs)/sizeof(mechs[0]),
	1475	pMechanism, hKey, &o);
	1476	if (ret)
	1477	return ret;
	1478
	1479	ret = dup_mechanism(&state->encrypt_mechanism, pMechanism);
	1480	if (ret == CKR_OK)
	1481	state->encrypt_object = OBJECT_ID(o);
	1482
	1483	return ret;
	1484	}
	1485
	1486	CK_RV
	1487	C_Encrypt(CK_SESSION_HANDLE hSession,
	1488	CK_BYTE_PTR pData,
	1489	CK_ULONG ulDataLen,
	1490	CK_BYTE_PTR pEncryptedData,
	1491	CK_ULONG_PTR pulEncryptedDataLen)
	1492	{
	1493	struct session_state *state;
	1494	struct st_object *o;
	1495	void *buffer = NULL;
	1496	CK_RV ret;
	1497	RSA *rsa;
	1498	int padding, len, buffer_len, padding_len;
	1499
	1500	st_logf("Encrypt\n");
	1501
	1502	VERIFY_SESSION_HANDLE(hSession, &state);
	1503
	1504	if (state->encrypt_object == -1)
	1505	return CKR_ARGUMENTS_BAD;
	1506
	1507	o = soft_token.object.objs[state->encrypt_object];
	1508
	1509	if (o->u.public_key == NULL) {
	1510	st_logf("public key NULL\n");
	1511	return CKR_ARGUMENTS_BAD;
	1512	}
	1513
	1514	rsa = EVP_PKEY_get0_RSA(o->u.public_key);
	1515
	1516	if (rsa == NULL)
	1517	return CKR_ARGUMENTS_BAD;
	1518
	1519	RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
	1520
	1521	buffer_len = RSA_size(rsa);
	1522
	1523	buffer = malloc(buffer_len);
	1524	if (buffer == NULL) {
	1525	ret = CKR_DEVICE_MEMORY;
	1526	goto out;
	1527	}
	1528
	1529	ret = CKR_OK;
	1530	switch(state->encrypt_mechanism->mechanism) {
	1531	case CKM_RSA_PKCS:
	1532	padding = RSA_PKCS1_PADDING;
	1533	padding_len = RSA_PKCS1_PADDING_SIZE;
	1534	break;
	1535	case CKM_RSA_X_509:
	1536	padding = RSA_NO_PADDING;
	1537	padding_len = 0;
	1538	break;
	1539	default:
	1540	ret = CKR_FUNCTION_NOT_SUPPORTED;
	1541	goto out;
	1542	}
	1543
	1544	if ((CK_ULONG)buffer_len + padding_len < ulDataLen) {
	1545	ret = CKR_ARGUMENTS_BAD;
	1546	goto out;
	1547	}
	1548
	1549	if (pulEncryptedDataLen == NULL) {
	1550	st_logf("pulEncryptedDataLen NULL\n");
	1551	ret = CKR_ARGUMENTS_BAD;
	1552	goto out;
	1553	}
	1554
	1555	if (pData == NULL_PTR) {
	1556	st_logf("data NULL\n");
	1557	ret = CKR_ARGUMENTS_BAD;
	1558	goto out;
	1559	}
	1560
	1561	len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding);
	1562	if (len <= 0) {
	1563	ret = CKR_DEVICE_ERROR;
	1564	goto out;
	1565	}
	1566	if (len > buffer_len)
	1567	abort();
	1568
	1569	if (pEncryptedData != NULL_PTR)
	1570	memcpy(pEncryptedData, buffer, len);
	1571	*pulEncryptedDataLen = len;
	1572
	1573	out:
	1574	if (buffer) {
	1575	memset(buffer, 0, buffer_len);
	1576	free(buffer);
	1577	}
	1578	return ret;
	1579	}
	1580
	1581	CK_RV
	1582	C_EncryptUpdate(CK_SESSION_HANDLE hSession,
	1583	CK_BYTE_PTR pPart,
	1584	CK_ULONG ulPartLen,
	1585	CK_BYTE_PTR pEncryptedPart,
	1586	CK_ULONG_PTR pulEncryptedPartLen)
	1587	{
	1588	st_logf("EncryptUpdate\n");
	1589	VERIFY_SESSION_HANDLE(hSession, NULL);
	1590	return CKR_FUNCTION_NOT_SUPPORTED;
	1591	}
	1592
	1593
	1594	CK_RV
	1595	C_EncryptFinal(CK_SESSION_HANDLE hSession,
	1596	CK_BYTE_PTR pLastEncryptedPart,
	1597	CK_ULONG_PTR pulLastEncryptedPartLen)
	1598	{
	1599	st_logf("EncryptFinal\n");
	1600	VERIFY_SESSION_HANDLE(hSession, NULL);
	1601	return CKR_FUNCTION_NOT_SUPPORTED;
	1602	}
	1603
	1604
	1605	/* C_DecryptInit initializes a decryption operation. */
	1606	CK_RV
	1607	C_DecryptInit(CK_SESSION_HANDLE hSession,
	1608	CK_MECHANISM_PTR pMechanism,
	1609	CK_OBJECT_HANDLE hKey)
	1610	{
	1611	struct session_state *state;
	1612	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
	1613	CK_BBOOL bool_true = CK_TRUE;
	1614	CK_ATTRIBUTE attr[] = {
	1615	{ CKA_DECRYPT, &bool_true, sizeof(bool_true) }
	1616	};
	1617	struct st_object *o;
	1618	CK_RV ret;
	1619
	1620	st_logf("DecryptInit\n");
	1621	VERIFY_SESSION_HANDLE(hSession, &state);
	1622
	1623	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
	1624	mechs, sizeof(mechs)/sizeof(mechs[0]),
	1625	pMechanism, hKey, &o);
	1626	if (ret)
	1627	return ret;
	1628
	1629	ret = dup_mechanism(&state->decrypt_mechanism, pMechanism);
	1630	if (ret == CKR_OK)
	1631	state->decrypt_object = OBJECT_ID(o);
	1632
	1633	return CKR_OK;
	1634	}
	1635
	1636
	1637	CK_RV
	1638	C_Decrypt(CK_SESSION_HANDLE hSession,
	1639	CK_BYTE_PTR pEncryptedData,
	1640	CK_ULONG ulEncryptedDataLen,
	1641	CK_BYTE_PTR pData,
	1642	CK_ULONG_PTR pulDataLen)
	1643	{
	1644	struct session_state *state;
	1645	struct st_object *o;
	1646	void *buffer = NULL;
	1647	CK_RV ret;
	1648	RSA *rsa;
	1649	int padding, len, buffer_len, padding_len;
	1650
	1651	st_logf("Decrypt\n");
	1652
	1653	VERIFY_SESSION_HANDLE(hSession, &state);
	1654
	1655	if (state->decrypt_object == -1)
	1656	return CKR_ARGUMENTS_BAD;
	1657
	1658	o = soft_token.object.objs[state->decrypt_object];
	1659
	1660	if (o->u.private_key.key == NULL) {
	1661	st_logf("private key NULL\n");
	1662	return CKR_ARGUMENTS_BAD;
	1663	}
	1664
	1665	rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
	1666
	1667	if (rsa == NULL)
	1668	return CKR_ARGUMENTS_BAD;
	1669
	1670	RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
	1671
	1672	buffer_len = RSA_size(rsa);
	1673
	1674	buffer = malloc(buffer_len);
	1675	if (buffer == NULL) {
	1676	ret = CKR_DEVICE_MEMORY;
	1677	goto out;
	1678	}
	1679
	1680	ret = CKR_OK;
	1681	switch(state->decrypt_mechanism->mechanism) {
	1682	case CKM_RSA_PKCS:
	1683	padding = RSA_PKCS1_PADDING;
	1684	padding_len = RSA_PKCS1_PADDING_SIZE;
	1685	break;
	1686	case CKM_RSA_X_509:
	1687	padding = RSA_NO_PADDING;
	1688	padding_len = 0;
	1689	break;
	1690	default:
	1691	ret = CKR_FUNCTION_NOT_SUPPORTED;
	1692	goto out;
	1693	}
	1694
	1695	if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) {
	1696	ret = CKR_ARGUMENTS_BAD;
	1697	goto out;
	1698	}
	1699
	1700	if (pulDataLen == NULL) {
	1701	st_logf("pulDataLen NULL\n");
	1702	ret = CKR_ARGUMENTS_BAD;
	1703	goto out;
	1704	}
	1705
	1706	if (pEncryptedData == NULL_PTR) {
	1707	st_logf("data NULL\n");
	1708	ret = CKR_ARGUMENTS_BAD;
	1709	goto out;
	1710	}
	1711
	1712	len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer,
	1713	rsa, padding);
	1714	if (len <= 0) {
	1715	ret = CKR_DEVICE_ERROR;
	1716	goto out;
	1717	}
	1718	if (len > buffer_len)
	1719	abort();
	1720
	1721	if (pData != NULL_PTR)
	1722	memcpy(pData, buffer, len);
	1723	*pulDataLen = len;
	1724
	1725	out:
	1726	if (buffer) {
	1727	memset(buffer, 0, buffer_len);
	1728	free(buffer);
	1729	}
	1730	return ret;
	1731	}
	1732
	1733
	1734	CK_RV
	1735	C_DecryptUpdate(CK_SESSION_HANDLE hSession,
	1736	CK_BYTE_PTR pEncryptedPart,
	1737	CK_ULONG ulEncryptedPartLen,
	1738	CK_BYTE_PTR pPart,
	1739	CK_ULONG_PTR pulPartLen)
	1740
	1741	{
	1742	st_logf("DecryptUpdate\n");
	1743	VERIFY_SESSION_HANDLE(hSession, NULL);
	1744	return CKR_FUNCTION_NOT_SUPPORTED;
	1745	}
	1746
	1747
	1748	CK_RV
	1749	C_DecryptFinal(CK_SESSION_HANDLE hSession,
	1750	CK_BYTE_PTR pLastPart,
	1751	CK_ULONG_PTR pulLastPartLen)
	1752	{
	1753	st_logf("DecryptFinal\n");
	1754	VERIFY_SESSION_HANDLE(hSession, NULL);
	1755	return CKR_FUNCTION_NOT_SUPPORTED;
	1756	}
	1757
	1758	CK_RV
	1759	C_DigestInit(CK_SESSION_HANDLE hSession,
	1760	CK_MECHANISM_PTR pMechanism)
	1761	{
	1762	st_logf("DigestInit\n");
	1763	VERIFY_SESSION_HANDLE(hSession, NULL);
	1764	return CKR_FUNCTION_NOT_SUPPORTED;
	1765	}
	1766
	1767	CK_RV
	1768	C_SignInit(CK_SESSION_HANDLE hSession,
	1769	CK_MECHANISM_PTR pMechanism,
	1770	CK_OBJECT_HANDLE hKey)
	1771	{
	1772	struct session_state *state;
	1773	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
	1774	CK_BBOOL bool_true = CK_TRUE;
	1775	CK_ATTRIBUTE attr[] = {
	1776	{ CKA_SIGN, &bool_true, sizeof(bool_true) }
	1777	};
	1778	struct st_object *o;
	1779	CK_RV ret;
	1780
	1781	st_logf("SignInit\n");
	1782	VERIFY_SESSION_HANDLE(hSession, &state);
	1783
	1784	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
	1785	mechs, sizeof(mechs)/sizeof(mechs[0]),
	1786	pMechanism, hKey, &o);
	1787	if (ret)
	1788	return ret;
	1789
	1790	ret = dup_mechanism(&state->sign_mechanism, pMechanism);
	1791	if (ret == CKR_OK)
	1792	state->sign_object = OBJECT_ID(o);
	1793
	1794	return CKR_OK;
	1795	}
	1796
	1797	CK_RV
	1798	C_Sign(CK_SESSION_HANDLE hSession,
	1799	CK_BYTE_PTR pData,
	1800	CK_ULONG ulDataLen,
	1801	CK_BYTE_PTR pSignature,
	1802	CK_ULONG_PTR pulSignatureLen)
	1803	{
	1804	struct session_state *state;
	1805	struct st_object *o;
	1806	void *buffer = NULL;
	1807	CK_RV ret;
	1808	RSA *rsa;
	1809	int padding, len, buffer_len, padding_len;
	1810
	1811	st_logf("Sign\n");
	1812	VERIFY_SESSION_HANDLE(hSession, &state);
	1813
	1814	if (state->sign_object == -1)
	1815	return CKR_ARGUMENTS_BAD;
	1816
	1817	o = soft_token.object.objs[state->sign_object];
	1818
	1819	if (o->u.private_key.key == NULL) {
	1820	st_logf("private key NULL\n");
	1821	return CKR_ARGUMENTS_BAD;
	1822	}
	1823
	1824	rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
	1825
	1826	if (rsa == NULL)
	1827	return CKR_ARGUMENTS_BAD;
	1828
	1829	RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
	1830
	1831	buffer_len = RSA_size(rsa);
	1832
	1833	buffer = malloc(buffer_len);
	1834	if (buffer == NULL) {
	1835	ret = CKR_DEVICE_MEMORY;
	1836	goto out;
	1837	}
	1838
	1839	switch(state->sign_mechanism->mechanism) {
	1840	case CKM_RSA_PKCS:
	1841	padding = RSA_PKCS1_PADDING;
	1842	padding_len = RSA_PKCS1_PADDING_SIZE;
	1843	break;
	1844	case CKM_RSA_X_509:
	1845	padding = RSA_NO_PADDING;
	1846	padding_len = 0;
	1847	break;
	1848	default:
	1849	ret = CKR_FUNCTION_NOT_SUPPORTED;
	1850	goto out;
	1851	}
	1852
	1853	if ((CK_ULONG)buffer_len < ulDataLen + padding_len) {
	1854	ret = CKR_ARGUMENTS_BAD;
	1855	goto out;
	1856	}
	1857
	1858	if (pulSignatureLen == NULL) {
	1859	st_logf("signature len NULL\n");
	1860	ret = CKR_ARGUMENTS_BAD;
	1861	goto out;
	1862	}
	1863
	1864	if (pData == NULL_PTR) {
	1865	st_logf("data NULL\n");
	1866	ret = CKR_ARGUMENTS_BAD;
	1867	goto out;
	1868	}
	1869
	1870	len = RSA_private_encrypt(ulDataLen, pData, buffer, rsa, padding);
	1871	st_logf("private encrypt done\n");
	1872	if (len <= 0) {
	1873	ret = CKR_DEVICE_ERROR;
	1874	goto out;
	1875	}
	1876	if (len > buffer_len)
	1877	abort();
	1878
	1879	if (pSignature != NULL_PTR)
	1880	memcpy(pSignature, buffer, len);
	1881	*pulSignatureLen = len;
	1882
	1883	ret = CKR_OK;
	1884
	1885	out:
	1886	if (buffer) {
	1887	memset(buffer, 0, buffer_len);
	1888	free(buffer);
	1889	}
	1890	return ret;
	1891	}
	1892
	1893	CK_RV
	1894	C_SignUpdate(CK_SESSION_HANDLE hSession,
	1895	CK_BYTE_PTR pPart,
	1896	CK_ULONG ulPartLen)
	1897	{
	1898	st_logf("SignUpdate\n");
	1899	VERIFY_SESSION_HANDLE(hSession, NULL);
	1900	return CKR_FUNCTION_NOT_SUPPORTED;
	1901	}
	1902
	1903
	1904	CK_RV
	1905	C_SignFinal(CK_SESSION_HANDLE hSession,
	1906	CK_BYTE_PTR pSignature,
	1907	CK_ULONG_PTR pulSignatureLen)
	1908	{
	1909	st_logf("SignUpdate\n");
	1910	VERIFY_SESSION_HANDLE(hSession, NULL);
	1911	return CKR_FUNCTION_NOT_SUPPORTED;
	1912	}
	1913
	1914	CK_RV
	1915	C_VerifyInit(CK_SESSION_HANDLE hSession,
	1916	CK_MECHANISM_PTR pMechanism,
	1917	CK_OBJECT_HANDLE hKey)
	1918	{
	1919	struct session_state *state;
	1920	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
	1921	CK_BBOOL bool_true = CK_TRUE;
	1922	CK_ATTRIBUTE attr[] = {
	1923	{ CKA_VERIFY, &bool_true, sizeof(bool_true) }
	1924	};
	1925	struct st_object *o;
	1926	CK_RV ret;
	1927
	1928	st_logf("VerifyInit\n");
	1929	VERIFY_SESSION_HANDLE(hSession, &state);
	1930
	1931	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
	1932	mechs, sizeof(mechs)/sizeof(mechs[0]),
	1933	pMechanism, hKey, &o);
	1934	if (ret)
	1935	return ret;
	1936
	1937	ret = dup_mechanism(&state->verify_mechanism, pMechanism);
	1938	if (ret == CKR_OK)
	1939	state->verify_object = OBJECT_ID(o);
	1940
	1941	return ret;
	1942	}
	1943
	1944	CK_RV
	1945	C_Verify(CK_SESSION_HANDLE hSession,
	1946	CK_BYTE_PTR pData,
	1947	CK_ULONG ulDataLen,
	1948	CK_BYTE_PTR pSignature,
	1949	CK_ULONG ulSignatureLen)
	1950	{
	1951	struct session_state *state;
	1952	struct st_object *o;
	1953	void *buffer = NULL;
	1954	CK_RV ret;
	1955	RSA *rsa;
	1956	int padding, len, buffer_len;
	1957
	1958	st_logf("Verify\n");
	1959	VERIFY_SESSION_HANDLE(hSession, &state);
	1960
	1961	if (state->verify_object == -1)
	1962	return CKR_ARGUMENTS_BAD;
	1963
	1964	o = soft_token.object.objs[state->verify_object];
	1965
	1966	if (o->u.public_key == NULL) {
	1967	st_logf("public key NULL\n");
	1968	return CKR_ARGUMENTS_BAD;
	1969	}
	1970
	1971	rsa = EVP_PKEY_get0_RSA(o->u.public_key);
	1972
	1973	if (rsa == NULL)
	1974	return CKR_ARGUMENTS_BAD;
	1975
	1976	RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
	1977
	1978	buffer_len = RSA_size(rsa);
	1979
	1980	buffer = malloc(buffer_len);
	1981	if (buffer == NULL) {
	1982	ret = CKR_DEVICE_MEMORY;
	1983	goto out;
	1984	}
	1985
	1986	ret = CKR_OK;
	1987	switch(state->verify_mechanism->mechanism) {
	1988	case CKM_RSA_PKCS:
	1989	padding = RSA_PKCS1_PADDING;
	1990	break;
	1991	case CKM_RSA_X_509:
	1992	padding = RSA_NO_PADDING;
	1993	break;
	1994	default:
	1995	ret = CKR_FUNCTION_NOT_SUPPORTED;
	1996	goto out;
	1997	}
	1998
	1999	if ((CK_ULONG)buffer_len < ulDataLen) {
	2000	ret = CKR_ARGUMENTS_BAD;
	2001	goto out;
	2002	}
	2003
	2004	if (pSignature == NULL) {
	2005	st_logf("signature NULL\n");
	2006	ret = CKR_ARGUMENTS_BAD;
	2007	goto out;
	2008	}
	2009
	2010	if (pData == NULL_PTR) {
	2011	st_logf("data NULL\n");
	2012	ret = CKR_ARGUMENTS_BAD;
	2013	goto out;
	2014	}
	2015
	2016	len = RSA_public_decrypt(ulDataLen, pData, buffer, rsa, padding);
	2017	st_logf("private encrypt done\n");
	2018	if (len <= 0) {
	2019	ret = CKR_DEVICE_ERROR;
	2020	goto out;
	2021	}
	2022	if (len > buffer_len)
	2023	abort();
	2024
	2025	if ((CK_ULONG)len != ulSignatureLen) {
	2026	ret = CKR_GENERAL_ERROR;
	2027	goto out;
	2028	}
	2029
	2030	if (memcmp(pSignature, buffer, len) != 0) {
	2031	ret = CKR_GENERAL_ERROR;
	2032	goto out;
	2033	}
	2034
	2035	out:
	2036	if (buffer) {
	2037	memset(buffer, 0, buffer_len);
	2038	free(buffer);
	2039	}
	2040	return ret;
	2041	}
	2042
	2043
	2044	CK_RV
	2045	C_VerifyUpdate(CK_SESSION_HANDLE hSession,
	2046	CK_BYTE_PTR pPart,
	2047	CK_ULONG ulPartLen)
	2048	{
	2049	st_logf("VerifyUpdate\n");
	2050	VERIFY_SESSION_HANDLE(hSession, NULL);
	2051	return CKR_FUNCTION_NOT_SUPPORTED;
	2052	}
	2053
	2054	CK_RV
	2055	C_VerifyFinal(CK_SESSION_HANDLE hSession,
	2056	CK_BYTE_PTR pSignature,
	2057	CK_ULONG ulSignatureLen)
	2058	{
	2059	st_logf("VerifyFinal\n");
	2060	VERIFY_SESSION_HANDLE(hSession, NULL);
	2061	return CKR_FUNCTION_NOT_SUPPORTED;
	2062	}
	2063
	2064	CK_RV
	2065	C_GenerateRandom(CK_SESSION_HANDLE hSession,
	2066	CK_BYTE_PTR RandomData,
	2067	CK_ULONG ulRandomLen)
	2068	{
	2069	st_logf("GenerateRandom\n");
	2070	VERIFY_SESSION_HANDLE(hSession, NULL);
	2071	return CKR_FUNCTION_NOT_SUPPORTED;
	2072	}
	2073
	2074
	2075	CK_FUNCTION_LIST funcs = {
	2076	{ 2, 11 },
	2077	C_Initialize,
	2078	C_Finalize,
	2079	C_GetInfo,
	2080	C_GetFunctionList,
	2081	C_GetSlotList,
	2082	C_GetSlotInfo,
	2083	C_GetTokenInfo,
	2084	C_GetMechanismList,
	2085	C_GetMechanismInfo,
	2086	C_InitToken,
	2087	(void )func_not_supported, / C_InitPIN */
	2088	(void )func_not_supported, / C_SetPIN */
	2089	C_OpenSession,
	2090	C_CloseSession,
	2091	C_CloseAllSessions,
	2092	C_GetSessionInfo,
	2093	(void )func_not_supported, / C_GetOperationState */
	2094	(void )func_not_supported, / C_SetOperationState */
	2095	C_Login,
	2096	C_Logout,
	2097	(void )func_not_supported, / C_CreateObject */
	2098	(void )func_not_supported, / C_CopyObject */
	2099	(void )func_not_supported, / C_DestroyObject */
	2100	(void )func_not_supported, / C_GetObjectSize */
	2101	C_GetAttributeValue,
	2102	(void )func_not_supported, / C_SetAttributeValue */
	2103	C_FindObjectsInit,
	2104	C_FindObjects,
	2105	C_FindObjectsFinal,
	2106	C_EncryptInit,
	2107	C_Encrypt,
	2108	C_EncryptUpdate,
	2109	C_EncryptFinal,
	2110	C_DecryptInit,
	2111	C_Decrypt,
	2112	C_DecryptUpdate,
	2113	C_DecryptFinal,
	2114	C_DigestInit,
	2115	(void )func_not_supported, / C_Digest */
	2116	(void )func_not_supported, / C_DigestUpdate */
	2117	(void )func_not_supported, / C_DigestKey */
	2118	(void )func_not_supported, / C_DigestFinal */
	2119	C_SignInit,
	2120	C_Sign,
	2121	C_SignUpdate,
	2122	C_SignFinal,
	2123	(void )func_not_supported, / C_SignRecoverInit */
	2124	(void )func_not_supported, / C_SignRecover */
	2125	C_VerifyInit,
	2126	C_Verify,
	2127	C_VerifyUpdate,
	2128	C_VerifyFinal,
	2129	(void )func_not_supported, / C_VerifyRecoverInit */
	2130	(void )func_not_supported, / C_VerifyRecover */
	2131	(void )func_not_supported, / C_DigestEncryptUpdate */
	2132	(void )func_not_supported, / C_DecryptDigestUpdate */
	2133	(void )func_not_supported, / C_SignEncryptUpdate */
	2134	(void )func_not_supported, / C_DecryptVerifyUpdate */
	2135	(void )func_not_supported, / C_GenerateKey */
	2136	(void )func_not_supported, / C_GenerateKeyPair */
	2137	(void )func_not_supported, / C_WrapKey */
	2138	(void )func_not_supported, / C_UnwrapKey */
	2139	(void )func_not_supported, / C_DeriveKey */
	2140	(void )func_not_supported, / C_SeedRandom */
	2141	C_GenerateRandom,
	2142	(void )func_not_supported, / C_GetFunctionStatus */
	2143	(void )func_not_supported, / C_CancelFunction */
	2144	(void )func_not_supported / C_WaitForSlotEvent */
	2145	};

+39

-0

src/tests/softpkcs11/softpkcs11.exports less more

	0	C_CloseAllSessions
	1	C_CloseSession
	2	C_Decrypt
	3	C_DecryptFinal
	4	C_DecryptInit
	5	C_DecryptUpdate
	6	C_DigestInit
	7	C_Encrypt
	8	C_EncryptFinal
	9	C_EncryptInit
	10	C_EncryptUpdate
	11	C_Finalize
	12	C_FindObjects
	13	C_FindObjectsFinal
	14	C_FindObjectsInit
	15	C_GenerateRandom
	16	C_GetAttributeValue
	17	C_GetFunctionList
	18	C_GetInfo
	19	C_GetMechanismInfo
	20	C_GetMechanismList
	21	C_GetObjectSize
	22	C_GetSessionInfo
	23	C_GetSlotInfo
	24	C_GetSlotList
	25	C_GetTokenInfo
	26	C_Initialize
	27	C_InitToken
	28	C_Login
	29	C_Logout
	30	C_OpenSession
	31	C_Sign
	32	C_SignFinal
	33	C_SignInit
	34	C_SignUpdate
	35	C_Verify
	36	C_VerifyFinal
	37	C_VerifyInit
	38	C_VerifyUpdate

+1

-1

src/tests/t_audit.py less more

13	13	# Make S4U2Self and S4U2Proxy requests so they will be audited. The
14	14	# S4U2Proxy request is expected to fail.
15	15	realm.run([kvno, '-k', realm.keytab, '-U', 'user', '-P', 'target'],
16		expected_code=1, expected_msg='NOT_ALLOWED_TO_DELEGATE')
	16	expected_code=1, expected_msg='KDC can\'t fulfill requested option')
17	17
18	18	# Make a U2U request so it will be audited.
19	19	uuserver = os.path.join(buildtop, 'appl', 'user_user', 'uuserver')

+76

-1

src/tests/t_authdata.py less more

157	157	mark('auth indicator enforcement')
158	158	realm.addprinc('restricted')
159	159	realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'superstrong'])
	160	realm.kinit(realm.user_princ, password('user'), ['-S', 'restricted'],
	161	expected_code=1, expected_msg='KDC policy rejects request')
160	162	realm.run([kvno, 'restricted'], expected_code=1,
161	163	expected_msg='KDC policy rejects request')
162	164	realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'indcl'])

192	194	testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
193	195	'krbtgt/FOREIGN': {'keys': 'aes128-cts'},
194	196	'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
195		'service/1': {'keys': 'aes128-cts', 'flags': '+preauth'},
	197	'user2': {'keys': 'aes128-cts', 'flags': '+preauth'},
	198	'rservice': {'keys': 'aes128-cts',
	199	'strings': 'require_auth:strong'},
	200	'service/1': {'keys': 'aes128-cts',
	201	'flags': '+ok_to_auth_as_delegate'},
196	202	'service/2': {'keys': 'aes128-cts'},
197	203	'noauthdata': {'keys': 'aes128-cts',
198	204	'flags': '+no_auth_data_required'}}

205	211	realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
206	212	realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
207	213	realm.extract_keytab(realm.user_princ, realm.keytab)
	214	realm.extract_keytab('ruser', realm.keytab)
208	215	realm.extract_keytab('service/1', realm.keytab)
209	216	realm.extract_keytab('service/2', realm.keytab)
210	217	realm.extract_keytab('noauthdata', realm.keytab)

217	224	out = realm.run(['./adata', '-p', realm.user_princ, 'service/1'])
218	225	if '97:' in out:
219	226	fail('auth-indicator present in S4U2Self response')
	227
	228	# Get another S4U2Self ticket with requested authdata.
	229	realm.run(['./s4u2self', 'user', 'service/1', '-', '-2', 'self_ad'])
	230	realm.run(['./adata', '-p', realm.user_princ, 'service/1', '-2', 'self_ad'],
	231	expected_msg=' -2: self_ad')
220	232
221	233	# S4U2Proxy (indicators should come from evidence ticket, not TGT)
222	234	mark('S4U2Proxy (auth indicators from evidence ticket expected)')

226	238	out = realm.run(['./adata', '-p', realm.user_princ, 'service/2'])
227	239	if '+97: [indcl]' not in out or '[inds1]' in out:
228	240	fail('correct auth-indicator not seen for S4U2Proxy req')
	241
	242	# Get another S4U2Proxy ticket including request-authdata.
	243	realm.run(['./s4u2proxy', usercache, 'service/2', '-2', 'proxy_ad'])
	244	realm.run(['./adata', '-p', realm.user_princ, 'service/2', '-2', 'proxy_ad'],
	245	expected_msg=' -2: proxy_ad')
	246
	247	# Get an S4U2Proxy ticket using an evidence ticket obtained by S4U2Self,
	248	# with request authdata in both steps.
	249	realm.run(['./s4u2self', 'user2', 'service/1', usercache, '-2', 'self_ad'])
	250	realm.run(['./s4u2proxy', usercache, 'service/2', '-2', 'proxy_ad'])
	251	out = realm.run(['./adata', '-p', 'user2', 'service/2', '-2', 'proxy_ad'])
	252	if ' -2: self_ad' not in out or ' -2: proxy_ad' not in out:
	253	fail('expected authdata not seen in S4U2Proxy ticket')
	254
	255	# Test alteration of auth indicators by KDB module (AS and TGS).
	256	realm.kinit(realm.user_princ, None, ['-k', '-X', 'indicators=dummy dbincr1'])
	257	realm.run(['./adata', realm.krbtgt_princ], expected_msg='+97: [dbincr2]')
	258	realm.run(['./adata', 'service/1'], expected_msg='+97: [dbincr3]')
	259	realm.kinit(realm.user_princ, None,
	260	['-k', '-X', 'indicators=strong', '-S', 'rservice'])
	261	# Test enforcement of altered indicators during AS request.
	262	realm.kinit(realm.user_princ, None,
	263	['-k', '-X', 'indicators=strong dbincr1', '-S', 'rservice'],
	264	expected_code=1)
229	265
230	266	# Test that KDB module authdata is included in an AS request, by
231	267	# default or with an explicit PAC request.

256	292	if '-456: db-authdata-test' in out:
257	293	fail('DB authdata not suppressed by +no_auth_data_required')
258	294
	295	mark('S4U2Proxy with a foreign client')
	296
	297	a_princs = {'krbtgt/A': {'keys': 'aes128-cts'},
	298	'krbtgt/B': {'keys': 'aes128-cts'},
	299	'impersonator': {'keys': 'aes128-cts'},
	300	'resource': {'keys': 'aes128-cts'}}
	301	a_kconf = {'realms': {'$realm': {'database_module': 'test'}},
	302	'dbmodules': {'test': {'db_library': 'test',
	303	'delegation': {'impersonator' : 'resource'},
	304	'princs': a_princs}}}
	305
	306	b_princs = {'krbtgt/B': {'keys': 'aes128-cts'},
	307	'krbtgt/A': {'keys': 'aes128-cts'},
	308	'user': {'keys': 'aes128-cts', 'flags': '+preauth'}}
	309	b_kconf = {'realms': {'$realm': {'database_module': 'test'}},
	310	'dbmodules': {'test': {'db_library': 'test',
	311	'princs': b_princs}}}
	312
	313	ra, rb = cross_realms(2, xtgts=(),
	314	args=({'realm': 'A', 'kdc_conf': a_kconf},
	315	{'realm': 'B', 'kdc_conf': b_kconf}),
	316	create_kdb=False)
	317
	318	ra.start_kdc()
	319	rb.start_kdc()
	320
	321	ra.extract_keytab('impersonator@A', ra.keytab)
	322	rb.extract_keytab('user@B', rb.keytab)
	323
	324	usercache = 'FILE:' + os.path.join(rb.testdir, 'usercache')
	325	rb.kinit(rb.user_princ, None, ['-k', '-f', '-c', usercache])
	326	rb.run([kvno, '-C', 'impersonator@A', '-c', usercache])
	327
	328	ra.kinit('impersonator@A', None, ['-f', '-k', '-t', ra.keytab])
	329	ra.run(['./s4u2proxy', usercache, 'resource@A'])
	330
	331	ra.stop()
	332	rb.stop()
	333
259	334	# Additional KDB module authdata behavior we don't currently test:
260	335	# * KDB module authdata is suppressed in TGS requests if the TGT
261	336	# contains no authdata and the request is not cross-realm or S4U.

+8

-1

src/tests/t_ccache.py less more

21	21
22	22	from k5test import *
23	23
24		realm = K5Realm(create_host=False)
	24	kcm_socket_path = os.path.join(os.getcwd(), 'testdir', 'kcm')
	25	conf = {'libdefaults': {'kcm_socket': kcm_socket_path,
	26	'kcm_mach_service': '-'}}
	27	realm = K5Realm(create_host=False, krb5_conf=conf)
25	28
26	29	keyctl = which('keyctl')
27	30	out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1)

121	124
122	125
123	126	collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc'))
	127	kcmserver_path = os.path.join(srctop, 'tests', 'kcmserver.py')
	128	realm.start_server([sys.executable, kcmserver_path, kcm_socket_path],
	129	'starting...')
	130	collection_test(realm, 'KCM:')
124	131	if test_keyring:
125	132	def cleanup_keyring(anchor, name):
126	133	out = realm.run(['keyctl', 'list', anchor])

+2

-6

src/tests/t_changepw.py less more

12	12	# Do the same thing with FAST, with tracing turned on.
13	13	realm.run([kadminl, 'modprinc', '-pwexpire', '1 day ago', 'user'])
14	14	pwinput = 'abcd\nefgh\nefgh\n'
15		tracefile = os.path.join(realm.testdir, 'trace')
16		realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache,
17		realm.user_princ], input=pwinput)
	15	out, trace = realm.run([kinit, '-T', realm.ccache, realm.user_princ],
	16	input=pwinput, return_trace=True)
18	17
19	18	# Read the trace and check that FAST was used when getting the
20	19	# kadmin/changepw ticket.
21		f = open(tracefile, 'r')
22		trace = f.read()
23		f.close()
24	20	getting_changepw = fast_used_for_changepw = False
25	21	for line in trace.splitlines():
26	22	if 'Getting initial credentials for user@' in line:

+37

-6

src/tests/t_crossrealm.py less more

106	106	{'realm': 'B', 'krb5_conf': capaths},
107	107	{'realm': 'C', 'krb5_conf': capaths},
108	108	{'realm': 'D', 'krb5_conf': capaths}))
109		test_kvno(r1, r4.host_princ, 'KDC capaths')
110		check_klist(r1, (tgt(r1, r1), tgt(r4, r3), r4.host_princ))
	109	r1client = r1.special_env('client', False, krb5_conf={'capaths': None})
	110	test_kvno(r1, r4.host_princ, 'KDC capaths', r1client)
	111	check_klist(r1, (tgt(r1, r1), r4.host_princ))
111	112	stop(r1, r2, r3, r4)
112	113
113	114	# A capaths value of '.' should enforce direct cross-realm, with no

134	135	check_klist(r1, (tgt(r1, r1), tgt(r3, r2)))
135	136	stop(r1, r2, r3)
136	137
137		# Test a different kind of transited error. The KDC for D does not
138		# recognize B as an intermediate realm for A->C, so it refuses to
139		# verify the krbtgt/C@B ticket in the TGS AP-REQ.
	138	# Test server transited checking. The KDC for C recognizes B as an
	139	# intermediate realm for A->C, but the server environment does not.
	140	# The server should honor the ticket if the transited-policy-checked
	141	# flag is set, but not if it isn't. (It is only possible for our KDC
	142	# to issue a ticket without the transited-policy-checked flag with
	143	# reject_bad_transit=false.)
	144	mark('server transited checking')
	145	capaths = {'capaths': {'A': {'C': 'B'}}}
	146	noreject = {'realms': {'$realm': {'reject_bad_transit': 'false'}}}
	147	r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
	148	args=({'realm': 'A', 'krb5_conf': capaths},
	149	{'realm': 'B'},
	150	{'realm': 'C', 'krb5_conf': capaths,
	151	'kdc_conf': noreject}))
	152	r3server = r3.special_env('server', False, krb5_conf={'capaths': None})
	153	# Process a ticket with the transited-policy-checked flag set.
	154	shutil.copy(r1.ccache, r1.ccache + '.copy')
	155	r1.run(['./gcred', 'principal', r3.host_princ])
	156	os.rename(r1.ccache, r3.ccache)
	157	r3.run(['./rdreq', r3.host_princ], env=r3server, expected_msg='0 success')
	158	# Try again with the transited-policy-checked flag unset.
	159	os.rename(r1.ccache + '.copy', r1.ccache)
	160	r1.run(['./gcred', '-t', 'principal', r3.host_princ])
	161	os.rename(r1.ccache, r3.ccache)
	162	r3.run(['./rdreq', r3.host_princ], env=r3server,
	163	expected_msg='43 Illegal cross-realm ticket')
	164	stop(r1, r2, r3)
	165
	166	# Test a four-realm scenario. This test used to result in an "Illegal
	167	# cross-realm ticket" error as the KDC for D would refuse to process
	168	# the cross-realm ticket from C. Now that we honor the
	169	# transited-policy-checked flag in krb5_rd_req(), it instead issues a
	170	# policy error as in the three-realm scenario.
140	171	mark('transited error (four realms)')
141	172	capaths = {'capaths': {'A': {'D': ['B', 'C'], 'C': 'B'}, 'B': {'D': 'C'}}}
142	173	r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)),

145	176	{'realm': 'C', 'krb5_conf': capaths},
146	177	{'realm': 'D'}))
147	178	r1.run([kvno, r4.host_princ], expected_code=1,
148		expected_msg='Illegal cross-realm ticket')
	179	expected_msg='KDC policy rejects request')
149	180	check_klist(r1, (tgt(r1, r1), tgt(r4, r3)))
150	181	stop(r1, r2, r3, r4)
151	182

+0

-8

src/tests/t_dump.py less more

72	72	srcdump_r18 = os.path.join(srcdumpdir, 'dump.r18')
73	73	srcdump_r13 = os.path.join(srcdumpdir, 'dump.r13')
74	74	srcdump_b7 = os.path.join(srcdumpdir, 'dump.b7')
75		srcdump_ov = os.path.join(srcdumpdir, 'dump.ov')
76	75
77	76	# Load a dump file from the source directory.
78	77	realm.run([kdb5_util, 'destroy', '-f'])

85	84	dump_compare(realm, ['-r18'], srcdump_r18)
86	85	dump_compare(realm, ['-r13'], srcdump_r13)
87	86	dump_compare(realm, ['-b7'], srcdump_b7)
88		dump_compare(realm, ['-ov'], srcdump_ov)
89	87
90	88	# Load each format of dump, check it, re-dump it, and compare.
91	89	load_dump_check_compare(realm, ['-r18'], srcdump_r18)
92	90	load_dump_check_compare(realm, ['-r13'], srcdump_r13)
93	91	load_dump_check_compare(realm, ['-b7'], srcdump_b7)
94	92
95		# Loading the last (-b7 format) dump won't have loaded the
96		# per-principal kadm data. Load that incrementally with -ov.
97		realm.run([kadminl, 'getprinc', 'user'], expected_msg='Policy: [none]')
98		realm.run([kdb5_util, 'load', '-update', '-ov', srcdump_ov])
99		realm.run([kadminl, 'getprinc', 'user'], expected_msg='Policy: testpol')
100
101	93	success('Dump/load tests')

+3

-25

src/tests/t_etype_info.py less more

0	0	from k5test import *
1	1
2		supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac des-cbc-crc:afs3'
	2	supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac'
3	3	conf = {'libdefaults': {'allow_weak_crypto': 'true'},
4	4	'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
5	5	realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)

23	23	# With no newer enctypes in the request, PA-ETYPE-INFO2,
24	24	# PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one
25	25	# key for the most preferred matching enctype.
26		test_etinfo('user', 'rc4-hmac-exp des3 rc4 des-cbc-crc',
	26	test_etinfo('user', 'rc4-hmac-exp des3 rc4',
27	27	['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser',
28	28	'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser',
29	29	'asrep pw_salt KRBTEST.COMuser'])

36	36
37	37	# In preauth-required errors, PA-PW-SALT does not appear, but the same
38	38	# etype-info2 values are expected.
39		test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4 des-cbc-crc',
	39	test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4',
40	40	['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser',
41	41	'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser'])
42	42	test_etinfo('preauthuser', 'rc4 aes256-cts',
43	43	['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser'])
44
45		# AFS3 salt for DES enctypes is conveyed using s2kparams in
46		# PA-ETYPE-INFO2, not at all in PA-ETYPE-INFO, and with a special padata
47		# type instead of PA-PW-SALT.
48		test_etinfo('user', 'des-cbc-crc rc4',
49		['asrep etype_info2 des-cbc-crc KRBTEST.COM 01',
50		'asrep etype_info des-cbc-crc KRBTEST.COM',
51		'asrep afs3_salt KRBTEST.COM'])
52		test_etinfo('preauthuser', 'des-cbc-crc rc4',
53		['error etype_info2 des-cbc-crc KRBTEST.COM 01',
54		'error etype_info des-cbc-crc KRBTEST.COM'])
55
56		# DES keys can be used with other DES enctypes. The requested enctype
57		# shows up in the etype-info, not the database key enctype.
58		test_etinfo('user', 'des-cbc-md4 rc4',
59		['asrep etype_info2 des-cbc-md4 KRBTEST.COM 01',
60		'asrep etype_info des-cbc-md4 KRBTEST.COM',
61		'asrep afs3_salt KRBTEST.COM'])
62		test_etinfo('user', 'des-cbc-md5 rc4',
63		['asrep etype_info2 des KRBTEST.COM 01',
64		'asrep etype_info des KRBTEST.COM',
65		'asrep afs3_salt KRBTEST.COM'])
66	44
67	45	# If no keys are found matching the request enctypes, a
68	46	# preauth-required error can be generated with no etype-info at all

+10

-0

src/tests/t_iprop.py less more

1	1	import re
2	2
3	3	from k5test import *
	4
	5	# On macOS with System Integrity Protection enabled, this script hangs
	6	# in the wait_for_prop() call after starting the first kpropd process,
	7	# most likely due to signal restrictions preventing the listening
	8	# child from informing the parent that a full resync was processed.
	9	if which('csrutil'):
	10	out = subprocess.check_output(['csrutil', 'status'],
	11	universal_newlines=True)
	12	if 'status: enabled' in out:
	13	skip_rest('iprop tests', 'System Integrity Protection is enabled')
4	14
5	15	# Read lines from kpropd output until we are synchronized. Error if
6	16	# full_expected is true and we didn't see a full propagation or vice

+60

-3

src/tests/t_kdb.py less more

318	318
319	319	mark('LDAP auth indicator')
320	320
321		# Test auth indicator support
	321	# Test require_auth normalization.
322	322	realm.addprinc('authind', password('authind'))
323	323	realm.run([kadminl, 'setstr', 'authind', 'require_auth', 'otp radius'])
324	324
	325	# Check that krbPrincipalAuthInd attributes are set when the string
	326	# attribute it set.
325	327	out = ldap_search('(krbPrincipalName=authind*)')
326	328	if 'krbPrincipalAuthInd: otp' not in out:
327	329	fail('Expected krbPrincipalAuthInd value not in output')
328	330	if 'krbPrincipalAuthInd: radius' not in out:
329	331	fail('Expected krbPrincipalAuthInd value not in output')
330	332
	333	# Check that the string attribute still appears when the principal is
	334	# loaded.
331	335	realm.run([kadminl, 'getstrs', 'authind'],
332	336	expected_msg='require_auth: otp radius')
	337
	338	# Modify the LDAP attributes and check that the change is reflected in
	339	# the string attribute.
	340	ldap_modify('dn: krbPrincipalName=authind@KRBTEST.COM,cn=t1,cn=krb5\n'
	341	'changetype: modify\n'
	342	'replace: krbPrincipalAuthInd\n'
	343	'krbPrincipalAuthInd: radius\n'
	344	'krbPrincipalAuthInd: pkinit\n')
	345	realm.run([kadminl, 'getstrs', 'authind'],
	346	expected_msg='require_auth: radius pkinit')
	347
	348	# Regression test for #8877: remove the string attribute and check
	349	# that it is reflected in the LDAP attributes and by getstrs.
	350	realm.run([kadminl, 'delstr', 'authind', 'require_auth'])
	351	out = ldap_search('(krbPrincipalName=authind*)')
	352	if 'krbPrincipalAuthInd' in out:
	353	fail('krbPrincipalAuthInd attribute still present after delstr')
	354	out = realm.run([kadminl, 'getstrs', 'authind'])
	355	if 'require_auth' in out:
	356	fail('require_auth string attribute still visible after delstr')
333	357
334	358	mark('LDAP service principal aliases')
335	359

339	363	'changetype: modify\n'
340	364	'add: krbPrincipalName\n'
341	365	'krbPrincipalName: alias@KRBTEST.COM\n'
	366	'krbPrincipalName: ent@abc@KRBTEST.COM\n'
342	367	'-\n'
343	368	'add: krbCanonicalName\n'
344	369	'krbCanonicalName: canon@KRBTEST.COM\n')
345	370	realm.run([kadminl, 'getprinc', 'alias'],
	371	expected_msg='Principal: canon@KRBTEST.COM\n')
	372	realm.run([kadminl, 'getprinc', 'ent\@abc'],
346	373	expected_msg='Principal: canon@KRBTEST.COM\n')
347	374	realm.run([kadminl, 'getprinc', 'canon'],
348	375	expected_msg='Principal: canon@KRBTEST.COM\n')

379	406
380	407	# Test client principal aliases, with and without preauth.
381	408	realm.kinit('canon', password('canon'))
382		realm.kinit('alias', password('canon'), expected_code=1,
383		expected_msg='not found in Kerberos database')
	409	realm.kinit('alias', password('canon'))
	410	realm.run([kvno, 'alias'])
	411	realm.klist('alias@KRBTEST.COM', 'alias@KRBTEST.COM')
384	412	realm.kinit('alias', password('canon'), ['-C'])
385	413	realm.run([kvno, 'alias'])
386	414	realm.klist('canon@KRBTEST.COM', 'alias@KRBTEST.COM')
387	415	realm.run([kadminl, 'modprinc', '+requires_preauth', 'canon'])
388	416	realm.kinit('canon', password('canon'))
389	417	realm.kinit('alias', password('canon'), ['-C'])
	418
	419	# Test enterprise alias with and without canonicalization.
	420	realm.kinit('ent@abc', password('canon'), ['-E', '-C'])
	421	realm.run([kvno, 'alias'])
	422	realm.klist('canon@KRBTEST.COM', 'alias@KRBTEST.COM')
	423
	424	realm.kinit('ent@abc', password('canon'), ['-E'])
	425	realm.run([kvno, 'alias'])
	426	realm.klist('ent\@abc@KRBTEST.COM', 'alias@KRBTEST.COM')
	427
	428	# Test client name canonicalization in non-krbtgt AS reply
	429	realm.kinit('alias', password('canon'), ['-C', '-S', 'kadmin/changepw'])
390	430
391	431	mark('LDAP password history')
392	432

477	517	# Test storage of timestamps after y2038.
478	518	realm.run([kadminl, 'modprinc', '-pwexpire', '2040-02-03', 'user'])
479	519	realm.run([kadminl, 'getprinc', 'user'], expected_msg=' 2040\n')
	520
	521	# Regression test for #8861 (pw_expiration policy enforcement).
	522	mark('pw_expiration propogation')
	523	# Create a policy with a max life and verify its application.
	524	realm.run([kadminl, 'addpol', '-maxlife', '1s', 'pw_e'])
	525	realm.run([kadminl, 'addprinc', '-policy', 'pw_e', '-pw', 'password',
	526	'pwuser'])
	527	out = realm.run([kadminl, 'getprinc', 'pwuser'],
	528	expected_msg='Password expiration date: ')
	529	if 'Password expiration date: [never]' in out:
	530	fail('pw_expiration not applied at principal creation')
	531	# Unset the policy max life and verify its application during password
	532	# change.
	533	realm.run([kadminl, 'modpol', '-maxlife', '0', 'pw_e'])
	534	realm.run([kadminl, 'cpw', '-pw', 'password_', 'pwuser'])
	535	realm.run([kadminl, 'getprinc', 'pwuser'],
	536	expected_msg='Password expiration date: [never]')
480	537
481	538	realm.stop()
482	539

+100

-0

src/tests/t_kdcoptions.py less more

	0	from k5test import *
	1	import re
	2
	3	# KDC option test coverage notes:
	4	#
	5	# FORWARDABLE here
	6	# FORWARDED no test
	7	# PROXIABLE here
	8	# PROXY no test
	9	# ALLOW_POSTDATE no test
	10	# POSTDATED no test
	11	# RENEWABLE t_renew.py
	12	# CNAME_IN_ADDL_TKT gssapi/t_s4u.py
	13	# CANONICALIZE t_kdb.py and various other tests
	14	# REQUEST_ANONYMOUS t_pkinit.py
	15	# DISABLE_TRANSITED_CHECK no test
	16	# RENEWABLE_OK t_renew.py
	17	# ENC_TKT_IN_SKEY t_u2u.py
	18	# RENEW t_renew.py
	19	# VALIDATE no test
	20
	21	# Run klist -f and return the flags on the ticket for svcprinc.
	22	def get_flags(realm, svcprinc):
	23	grab_flags = False
	24	for line in realm.run([klist, '-f']).splitlines():
	25	if grab_flags:
	26	return re.findall(r'Flags: ([a-zA-Z]*)', line)[0]
	27	grab_flags = line.endswith(svcprinc)
	28
	29
	30	# Get the flags on the ticket for svcprinc, and check for an expected
	31	# element and an expected-absent element, either of which can be None.
	32	def check_flags(realm, svcprinc, expected_flag, expected_noflag):
	33	flags = get_flags(realm, svcprinc)
	34	if expected_flag is not None and not expected_flag in flags:
	35	fail('expected flag ' + expected_flag)
	36	if expected_noflag is not None and expected_noflag in flags:
	37	fail('did not expect flag ' + expected_noflag)
	38
	39
	40	# Run kinit with the given flags, and check the flags on the resulting
	41	# TGT.
	42	def kinit_check_flags(realm, flags, expected_flag, expected_noflag):
	43	realm.kinit(realm.user_princ, password('user'), flags)
	44	check_flags(realm, realm.krbtgt_princ, expected_flag, expected_noflag)
	45
	46
	47	# Run kinit with kflags. Then get credentials for the host principal
	48	# with gflags, and check the flags on the resulting ticket.
	49	def gcred_check_flags(realm, kflags, gflags, expected_flag, expected_noflag):
	50	realm.kinit(realm.user_princ, password('user'), kflags)
	51	realm.run(['./gcred'] + gflags + ['unknown', realm.host_princ])
	52	check_flags(realm, realm.host_princ, expected_flag, expected_noflag)
	53
	54
	55	realm = K5Realm()
	56
	57	mark('proxiable (AS)')
	58	kinit_check_flags(realm, [], None, 'P')
	59	kinit_check_flags(realm, ['-p'], 'P', None)
	60	realm.run([kadminl, 'modprinc', '-allow_proxiable', realm.user_princ])
	61	kinit_check_flags(realm, ['-p'], None, 'P')
	62	realm.run([kadminl, 'modprinc', '+allow_proxiable', realm.user_princ])
	63	realm.run([kadminl, 'modprinc', '-allow_proxiable', realm.krbtgt_princ])
	64	kinit_check_flags(realm, ['-p'], None, 'P')
	65	realm.run([kadminl, 'modprinc', '+allow_proxiable', realm.krbtgt_princ])
	66
	67	mark('proxiable (TGS)')
	68	gcred_check_flags(realm, [], [], None, 'P')
	69	gcred_check_flags(realm, ['-p'], [], 'P', None)
	70
	71	# Not tested: PROXIABLE option set with a non-proxiable TGT (because
	72	# there is no krb5_get_credentials() flag to request this; would
	73	# expect a non-proxiable ticket).
	74
	75	# Not tested: proxiable TGT but PROXIABLE flag not set (because we
	76	# internally set the PROXIABLE option when using a proxiable TGT;
	77	# would expect a non-proxiable ticket).
	78
	79	mark('forwardable (AS)')
	80	kinit_check_flags(realm, [], None, 'F')
	81	kinit_check_flags(realm, ['-f'], 'F', None)
	82	realm.run([kadminl, 'modprinc', '-allow_forwardable', realm.user_princ])
	83	kinit_check_flags(realm, ['-f'], None, 'F')
	84	realm.run([kadminl, 'modprinc', '+allow_forwardable', realm.user_princ])
	85	realm.run([kadminl, 'modprinc', '-allow_forwardable', realm.krbtgt_princ])
	86	kinit_check_flags(realm, ['-f'], None, 'F')
	87	realm.run([kadminl, 'modprinc', '+allow_forwardable', realm.krbtgt_princ])
	88
	89	mark('forwardable (TGS)')
	90	realm.kinit(realm.user_princ, password('user'))
	91	gcred_check_flags(realm, [], [], None, 'F')
	92	gcred_check_flags(realm, [], ['-f'], None, 'F')
	93	gcred_check_flags(realm, ['-f'], [], 'F', None)
	94
	95	# Not tested: forwardable TGT but FORWARDABLE flag not set (because we
	96	# internally set the FORWARDABLE option when using a forwardable TGT;
	97	# would expect a non-proxiable ticket).
	98
	99	success('KDC option tests')

+8

-12

src/tests/t_keydata.py less more

19	19
20	20	# Return true if patype appears to have been received in a hint list
21	21	# from a KDC error message, based on the trace file fname.
22		def preauth_type_received(fname, patype):
23		f = open(fname, 'r')
	22	def preauth_type_received(trace, patype):
24	23	found = False
25		for line in f:
	24	for line in trace.splitlines():
26	25	if 'Processing preauth types:' in line:
27	26	ind = line.find('types:')
28		patypes = line[ind + 6:].strip().split(', ')
	27	patypes = line[ind + 6:].split(', ')
29	28	if str(patype) in patypes:
30	29	found = True
31		f.close()
32	30	return found
33	31
34	32	# Make sure the KDC doesn't offer encrypted timestamp for a principal
35	33	# with no keys.
36		tracefile = os.path.join(realm.testdir, 'trace')
37	34	realm.run([kadminl, 'purgekeys', '-all', 'user'])
38	35	realm.run([kadminl, 'modprinc', '+requires_preauth', 'user'])
39		realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, 'user'], expected_code=1)
40		if preauth_type_received(tracefile, 2):
	36	out, trace = realm.run([kinit, 'user'], expected_code=1, return_trace=True)
	37	if preauth_type_received(trace, 2):
41	38	fail('encrypted timestamp')
42	39
43	40	# Make sure it doesn't offer encrypted challenge either.
44	41	realm.run([kadminl, 'addprinc', '-pw', 'fast', 'armor'])
45	42	realm.kinit('armor', 'fast')
46		os.remove(tracefile)
47		realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache,
48		'user'], expected_code=1)
49		if preauth_type_received(tracefile, 138):
	43	out, trace = realm.run([kinit, '-T', realm.ccache, 'user'], expected_code=1,
	44	return_trace=True)
	45	if preauth_type_received(trace, 138):
50	46	fail('encrypted challenge')
51	47
52	48	success('Key data tests')

+6

-4

src/tests/t_keyrollover.py less more

1	1
2	2	rollover_krb5_conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
3	3
4		realm = K5Realm(krbtgt_keysalt='des-cbc-crc:normal',
	4	realm = K5Realm(krbtgt_keysalt='aes128-cts-hmac-sha256-128:normal',
5	5	krb5_conf=rollover_krb5_conf)
6	6
7	7	princ1 = 'host/test1@%s' % (realm.realm,)

21	21	realm.run([kadminl, 'purgekeys', realm.krbtgt_princ])
22	22	# Make sure an old TGT fails after purging old TGS key.
23	23	realm.run([kvno, princ2], expected_code=1)
24		msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): des-cbc-crc, des-cbc-crc' % \
25		(realm.realm, realm.realm)
	24	et = "aes128-cts-hmac-sha256-128"
	25	msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): %s, %s' % \
	26	(realm.realm, realm.realm, et, et)
26	27	realm.run([klist, '-e'], expected_msg=msg)
27	28
28	29	# Check that new key actually works.

47	48	realm.krbtgt_princ])
48	49	realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ])
49	50	out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ])
50		if 'vno 1, aes256' not in out or 'vno 1, des3' not in out:
	51	if 'vno 1, aes256-cts' not in out or \
	52	'vno 1, DEPRECATED:des3-cbc-sha1' not in out:
51	53	fail('keyrollover: setup for TGS enctype test failed')
52	54	# Now present the DES3 ticket to the KDC and make sure it's rejected.
53	55	realm.run([kvno, realm.host_princ], expected_code=1)

+0

-5

src/tests/t_keytab.py less more

154	154	realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
155	155	realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
156	156	'pexp'])
157		realm.run([kadminl, 'ank', '-e', 'des-cbc-crc:afs3', '-pw', 'pw', 'afs'])
158		realm.run([kadminl, 'ank', '-e', 'des-cbc-crc:afs3', '-pw', 'pw', '+preauth',
159		'pafs'])
160	157
161	158	# Extract one of the explicit salt values from the database.
162	159	out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])

186	183	test_addent(realm, 'default', '-f -e aes128-cts')
187	184	test_addent(realm, 'exp', '-f')
188	185	test_addent(realm, 'pexp', '-f')
189		test_addent(realm, 'afs', '-f')
190		test_addent(realm, 'pafs', '-f')
191	186
192	187	success('Keytab-related tests')
193	188	success('Keytab-related tests')

+14

-11

src/tests/t_otp.py less more

29	29
30	30	from k5test import *
31	31	from queue import Empty
32		from io import StringIO
	32	import io
33	33	import struct
34	34
35	35	try:

46	46	radius_attributes = '''
47	47	ATTRIBUTE User-Name 1 string
48	48	ATTRIBUTE User-Password 2 octets
	49	ATTRIBUTE Service-Type 6 integer
49	50	ATTRIBUTE NAS-Identifier 32 string
50	51	'''
51	52
52	53	class RadiusDaemon(Process):
53	54	MAX_PACKET_SIZE = 4096
54		DICTIONARY = dictionary.Dictionary(StringIO.StringIO(radius_attributes))
	55	DICTIONARY = dictionary.Dictionary(io.StringIO(radius_attributes))
55	56
56	57	def listen(self, addr):
57	58	raise NotImplementedError()

61	62
62	63	def run(self):
63	64	addr = self._args[0]
64		secr = self._args[1]
	65	secrfile = self._args[1]
65	66	pswd = self._args[2]
66	67	outq = self._args[3]
67	68
68		if secr:
69		with open(secr) as file:
	69	if secrfile:
	70	with open(secrfile, 'rb') as file:
70	71	secr = file.read().strip()
	72	else:
	73	secr = b''
71	74
72	75	data = self.listen(addr)
73	76	outq.put("started")

80	83	passwd = []
81	84	for key in pkt.keys():
82	85	if key == 'User-Password':
83		passwd = map(pkt.PwDecrypt, pkt[key])
	86	passwd = list(map(pkt.PwDecrypt, pkt[key]))
84	87	elif key == 'User-Name':
85	88	usernm = pkt[key]
86	89

125	128	sock.close()
126	129	os.remove(addr)
127	130
128		buf = ""
	131	buf = b''
129	132	remain = RadiusDaemon.MAX_PACKET_SIZE
130	133	while True:
131	134	buf += conn.recv(remain)

225	228	# https://github.com/wichert/pyrad/pull/18
226	229	try:
227	230	auth = packet.Packet.CreateAuthenticator()
228		packet.Packet(authenticator=auth, secret="").ReplyPacket()
	231	packet.Packet(authenticator=auth, secret=b'').ReplyPacket()
229	232	except AssertionError:
230	233	skip_rest('OTP UNIX domain socket tests', 'pyrad assertion bug detected')
231	234
232	235	## Test Unix fail / custom username
233	236	mark('Unix socket fail / custom username')
234		daemon = UnixRadiusDaemon(args=(socket_file, '', 'accept', queue))
	237	daemon = UnixRadiusDaemon(args=(socket_file, None, 'accept', queue))
235	238	daemon.start()
236	239	queue.get()
237	240	realm.run([kadminl, 'setstr', realm.user_princ, 'otp',

241	244
242	245	## Test Unix success / standard username
243	246	mark('Unix socket success / standard username')
244		daemon = UnixRadiusDaemon(args=(socket_file, '', 'accept', queue))
	247	daemon = UnixRadiusDaemon(args=(socket_file, None, 'accept', queue))
245	248	daemon.start()
246	249	queue.get()
247	250	realm.run([kadminl, 'setstr', realm.user_princ, 'otp', otpconfig('unix')])

253	256	## accepting. With the bug, the KDC incorrectly rejects the request
254	257	## and then performs invalid memory accesses, most likely crashing.
255	258	daemon1 = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept1', queue))
256		daemon2 = UnixRadiusDaemon(args=(socket_file, '', 'accept2', queue))
	259	daemon2 = UnixRadiusDaemon(args=(socket_file, None, 'accept2', queue))
257	260	daemon1.start()
258	261	queue.get()
259	262	daemon2.start()

+6

-18

src/tests/t_pkinit.py less more

3	3	if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
4	4	skip_rest('PKINIT tests', 'PKINIT module not built')
5	5
6		# Check if soft-pkcs11.so is available.
7		try:
8		import ctypes
9		lib = ctypes.LibraryLoader(ctypes.CDLL).LoadLibrary('soft-pkcs11.so')
10		del lib
11		have_soft_pkcs11 = True
12		except:
13		have_soft_pkcs11 = False
	6	soft_pkcs11 = os.path.join(buildtop, 'tests', 'softpkcs11', 'softpkcs11.so')
14	7
15	8	# Construct a krb5.conf fragment configuring pkinit.
16	9	certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')

68	61	p12_upn3_identity = 'PKCS12:%s' % user_upn3_p12
69	62	p12_generic_identity = 'PKCS12:%s' % generic_p12
70	63	p12_enc_identity = 'PKCS12:%s' % user_enc_p12
71		p11_identity = 'PKCS11:soft-pkcs11.so'
72		p11_token_identity = ('PKCS11:module_name=soft-pkcs11.so:'
73		'slotid=1:token=SoftToken (token)')
	64	p11_identity = 'PKCS11:' + soft_pkcs11
	65	p11_token_identity = ('PKCS11:module_name=' + soft_pkcs11 +
	66	':slotid=1:token=SoftToken (token)')
74	67
75	68	# Start a realm with the test kdb module for the following UPN SAN tests.
76	69	realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=alias_kdc_conf,

397	390	realm.kinit(realm.user_princ, flags=['-X', 'X509_user_identity=,'],
398	391	expected_code=1, expected_msg='Preauthentication failed while')
399	392
400		if not have_soft_pkcs11:
401		skip_rest('PKINIT PKCS11 tests', 'soft-pkcs11.so not found')
402
403	393	softpkcs11rc = os.path.join(os.getcwd(), 'testdir', 'soft-pkcs11.rc')
404	394	realm.env['SOFTPKCS11RC'] = softpkcs11rc
405	395

431	421	realm.klist(realm.user_princ)
432	422	realm.run([kvno, realm.host_princ])
433	423
434		# Supply the wrong PIN, and verify that we ignore the draft9 padata offer
435		# in the KDC method data after RFC 4556 PKINIT fails.
	424	# Supply the wrong PIN.
436	425	mark('PKCS11 identity, wrong PIN')
437		expected_trace = ('PKINIT client has no configured identity; giving up',
438		'PKINIT client ignoring draft 9 offer from RFC 4556 KDC')
	426	expected_trace = ('PKINIT client has no configured identity; giving up',)
439	427	realm.kinit(realm.user_princ,
440	428	flags=['-X', 'X509_user_identity=%s' % p11_identity],
441	429	password='wrong', expected_code=1, expected_trace=expected_trace)

+1

-5

src/tests/t_proxy.py less more

2	2	# Skip this test if we're missing proxy functionality or parts of the proxy.
3	3	if runenv.tls_impl == 'no':
4	4	skip_rest('HTTP proxy tests', 'TLS build support not enabled')
5		try:
6		from paste import httpserver
7		except:
8		skip_rest('HTTP proxy tests', 'Python paste module not found')
9	5	try:
10	6	import kdcproxy
11	7	except:

53	49
54	50	def start_proxy(realm, keycertpem):
55	51	proxy_conf_path = os.path.join(realm.testdir, 'kdcproxy.conf')
56		proxy_exec_path = os.path.join(srctop, 'util', 'paste-kdcproxy.py')
	52	proxy_exec_path = os.path.join(srctop, 'util', 'wsgiref-kdcproxy.py')
57	53	conf = open(proxy_conf_path, 'w')
58	54	conf.write('[%s]\n' % realm.realm)
59	55	conf.write('kerberos = kerberos://localhost:%d\n' % realm.portbase)

+3

-7

src/tests/t_referral.py less more

19	19	out = realm.run([klist]).split('\n')
20	20	if len(out) != 8:
21	21	fail('unexpected number of lines in klist output')
22		if out[5].split()[4] != 'a/x.d@' or out[6].split()[4] != 'a/x.d@REFREALM':
	22	if out[5].split()[4] != 'a/x.d@' or out[6].split()[2] != 'a/x.d@REFREALM':
23	23	fail('unexpected service principals in klist output')
24	24
25	25	# Get credentials and check that we get an error, not a referral.

99	99	mark('#7483 regression test')
100	100	drealm = {'domain_realm': {'d': 'KRBTEST.COM'}}
101	101	realm = K5Realm(kdc_conf=drealm, create_host=False)
102		tracefile = os.path.join(realm.testdir, 'trace')
103		realm.run(['env', 'KRB5_TRACE=' + tracefile, './gcred', 'srv-hst', 'a/x.d@'],
104		expected_code=1)
105		f = open(tracefile, 'r')
106		trace = f.read()
107		f.close()
	102	out, trace = realm.run(['./gcred', 'srv-hst', 'a/x.d@'], expected_code=1,
	103	return_trace=True)
108	104	if 'back to same realm' in trace:
109	105	fail('KDC returned referral to service realm')
110	106	realm.stop()

+1

-1

src/tests/t_renprinc.py less more

24	24	enctype = "aes128-cts"
25	25
26	26	realm = K5Realm(create_host=False, create_user=False)
27		salttypes = ('normal', 'v4', 'norealm', 'onlyrealm')
	27	salttypes = ('normal', 'norealm', 'onlyrealm')
28	28
29	29	# For a variety of salt types, test that we can rename a principal and
30	30	# still get tickets with the same password.

+6

-0

src/tests/t_replay.py less more

	0	from k5test import *
	1
	2	realm = K5Realm()
	3	realm.run(['./replay', realm.host_princ])
	4
	5	success('Replay tests')

+3

-25

src/tests/t_salt.py less more

14	14	realm.run([kadminl, 'delprinc', 'user'])
15	15
16	16	# Enctype/salt pairs chosen with non-default salt types.
17		# The enctypes are mostly arbitrary, though afs3 must only be used with des.
18		# We do not enforce that v4 salts must only be used with des, but it seems
19		# like a good idea.
20		salts = [('des-cbc-crc', 'afs3'),
21		('des3-cbc-sha1', 'norealm'),
	17	# The enctypes are mostly arbitrary.
	18	salts = [('des3-cbc-sha1', 'norealm'),
22	19	('arcfour-hmac', 'onlyrealm'),
23		('des-cbc-crc', 'v4'),
24	20	('aes128-cts-hmac-sha1-96', 'special')]
25	21	# These enctypes are chosen to cover the different string-to-key routines.
26	22	# Omit ":normal" from aes256 to check that salttype defaulting works.
27	23	second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal',
28		'des3-cbc-sha1:normal', 'des-cbc-crc:normal']
	24	'des3-cbc-sha1:normal']
29	25
30	26	# Test using different salt types in a principal's key list.
31	27	# Parameters from one key in the list must not leak over to later ones.

55	51	for ks in dup_kstypes:
56	52	test_dup(realm, ks)
57	53
58		# Attempt to create a principal with a non-des enctype and the afs3 salt,
59		# verifying that the expected error is received and the principal creation
60		# fails.
61		def test_reject_afs3(realm, etype):
62		query = 'ank -e ' + etype + ':afs3 -pw password princ1'
63		realm.run([kadminl, 'ank', '-e', etype + ':afs3', '-pw', 'password',
64		'princ1'], expected_code=1,
65		expected_msg='Invalid key generation parameters from KDC')
66		realm.run([kadminl, 'getprinc', 'princ1'], expected_code=1,
67		expected_msg='Principal does not exist')
68
69		# Verify that the afs3 salt is rejected for arcfour and pbkdf2 enctypes.
70		# We do not currently do any verification on the key-generation parameters
71		# for the triple-DES enctypes, so that test is commented out.
72		test_reject_afs3(realm, 'arcfour-hmac')
73		test_reject_afs3(realm, 'aes256-cts-hmac-sha1-96')
74		#test_reject_afs3(realm, 'des3-cbc-sha1')
75
76	54	success("Salt types")

+8

-16

src/tests/t_sesskeynego.py less more

22	22	conf3 = {'libdefaults': {
23	23	'allow_weak_crypto': 'true',
24	24	'default_tkt_enctypes': 'aes128-cts',
25		'default_tgs_enctypes': 'rc4-hmac,aes128-cts,des-cbc-crc'}}
26		conf4 = {'libdefaults': {
27		'allow_weak_crypto': 'true',
28		'default_tkt_enctypes': 'aes256-cts',
29		'default_tgs_enctypes': 'des-cbc-crc,rc4-hmac,aes256-cts'},
30		'realms': {'$realm': {'des_crc_session_supported': 'false'}}}
31
	25	'default_tgs_enctypes': 'rc4-hmac,aes128-cts'}}
	26	conf4 = {'libdefaults': {'permitted_enctypes': 'aes256-cts'}}
32	27	# Test with client request and session_enctypes preferring aes128, but
33	28	# aes256 long-term key.
34	29	realm = K5Realm(krb5_conf=conf1, create_host=False, get_creds=False)

61	56	# 3b: Negotiate rc4-hmac session key when principal only has aes256 long-term.
62	57	realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
63	58	'rc4-hmac,aes128-cts,aes256-cts'])
64		test_kvno(realm, 'arcfour-hmac', 'aes256-cts-hmac-sha1-96')
65
66		# 3c: Test des-cbc-crc default assumption.
67		realm.run([kadminl, 'delstr', 'server', 'session_enctypes'])
68		test_kvno(realm, 'des-cbc-crc', 'aes256-cts-hmac-sha1-96')
	59	test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96')
69	60	realm.stop()
70	61
71		# Last go: test that we can disable the des-cbc-crc assumption
72		realm = K5Realm(krb5_conf=conf4, get_creds=False)
73		realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
74		test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
	62	# 4: Check that permitted_enctypes is a default for session key enctypes.
	63	realm = K5Realm(krb5_conf=conf4, create_host=False, get_creds=False)
	64	realm.kinit(realm.user_princ, password('user'))
	65	realm.run([kvno, 'user'],
	66	expected_trace=('etypes requested in TGS request: aes256-cts',))
75	67	realm.stop()
76	68
77	69	success('sesskeynego')

+41

-5

src/tests/t_sn2princ.py less more

5	5	'example.com': 'R2',
6	6	'mit.edu': 'R3'}}
7	7	no_rdns_conf = {'libdefaults': {'rdns': 'false'}}
8		no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false'}}
	8	no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false',
	9	'qualify_shortname': 'example.com'}}
	10	fallback_canon_conf = {'libdefaults':
	11	{'rdns': 'false',
	12	'dns_canonicalize_hostname': 'fallback'}}
9	13
10		realm = K5Realm(create_kdb=False, krb5_conf=conf)
	14	realm = K5Realm(realm='R1', create_host=False, krb5_conf=conf)
11	15	no_rdns = realm.special_env('no_rdns', False, krb5_conf=no_rdns_conf)
12	16	no_canon = realm.special_env('no_canon', False, krb5_conf=no_canon_conf)
	17	fallback_canon = realm.special_env('fallback_canon', False,
	18	krb5_conf=fallback_canon_conf)
13	19
14	20	def testbase(host, nametype, princhost, princrealm, env=None):
15	21	# Run the sn2princ harness with a specified host and name type and

36	42	# Test with the unknown name type.
37	43	testbase(host, 'unknown', princhost, princrealm)
38	44
	45	def testfc(host, princhost, princrealm):
	46	# Test with the host-based name type with canonicalization fallback.
	47	testbase(host, 'srv-hst', princhost, princrealm, env=fallback_canon)
	48
39	49	# With the unknown principal type, we do not canonicalize or downcase,
40	50	# but we do remove a trailing period and look up the realm.
41	51	mark('unknown type')

52	62	testu('example.com.::123', 'example.com.::123', '')
53	63
54	64	# With dns_canonicalize_hostname=false, we downcase and remove
55		# trailing dots but do not canonicalize the hostname. Trailers do not
56		# get downcased.
	65	# trailing dots but do not canonicalize the hostname.
	66	# Single-component names are qualified with the configured suffix
	67	# (defaulting to the first OS search domain, but Python cannot easily
	68	# retrieve that value so we don't test it). Trailers do not get
	69	# downcased.
57	70	mark('dns_canonicalize_host=false')
58	71	testnc('ptr-mismatch.kerberos.org', 'ptr-mismatch.kerberos.org', 'R1')
59	72	testnc('Example.COM', 'example.com', 'R2')
60		testnc('abcde', 'abcde', '')
	73	testnc('abcde', 'abcde.example.com', 'R2')
61	74	testnc('example.com.:123', 'example.com:123', 'R2')
62	75	testnc('Example.COM:xyZ', 'example.com:xyZ', 'R2')
63	76	testnc('example.com.::123', 'example.com.::123', '')

69	82	# and reverse resolving to these names.
70	83	oname = 'ptr-mismatch.kerberos.org'
71	84	fname = 'www.kerberos.org'
	85
	86	# Test fallback canonicalization krb5_sname_to_principal() results
	87	# (same as dns_canonicalize_hostname=false).
	88	mark('dns_canonicalize_host=fallback')
	89	testfc(oname, oname, 'R1')
	90
	91	# Test fallback canonicalization in krb5_get_credentials().
	92	oprinc = 'host/' + oname
	93	fprinc = 'host/' + fname
	94	shutil.copy(realm.ccache, realm.ccache + '.save')
	95	realm.addprinc(fprinc)
	96	# oprinc doesn't exist, so we get the canonicalized fprinc as a fallback.
	97	msgs = ('Falling back to canonicalized server hostname ' + fname,)
	98	realm.run(['./gcred', 'srv-hst', oprinc], env=fallback_canon,
	99	expected_msg=fprinc, expected_trace=msgs)
	100	realm.addprinc(oprinc)
	101	# oprinc now exists, but we still get the fprinc ticket from the cache.
	102	realm.run(['./gcred', 'srv-hst', oprinc], env=fallback_canon,
	103	expected_msg=fprinc)
	104	# Without the cached result, we sould get oprinc in preference to fprinc.
	105	os.rename(realm.ccache + '.save', realm.ccache)
	106	realm.run(['./gcred', 'srv-hst', oprinc], env=fallback_canon,
	107	expected_msg=oprinc)
72	108
73	109	# Verify forward resolution before testing for it.
74	110	try:

+5

-1

src/tests/threads/t_rcache.c less more

63	63	{
64	64	krb5_donot_replay r;
65	65	krb5_error_code err;
66		char buf[100], buf2[100];
	66	char buf[100], buf2[100], tag[8];
67	67	krb5_rcache my_rcache;
68	68
69	69	snprintf(buf, sizeof(buf), "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU",

71	71	r.server = buf;
72	72	r.client = (t->my_cusec & 7) + "abcdefgh@ATHENA.MIT.EDU";
73	73	r.msghash = NULL;
	74	r.tag = empty_data();
74	75	if (t->now != t->my_ctime) {
75	76	if (t->my_ctime != 0) {
76	77	snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx,

83	84	t->my_cusec++;
84	85	r.ctime = t->my_ctime;
85	86	r.cusec = t->my_cusec;
	87	store_32_be(r.ctime, tag);
	88	store_32_be(r.cusec, tag + 4);
	89	r.tag = make_data(tag, 8);
86	90	if (!init_once) {
87	91	err = krb5_get_server_rcache(ctx, &piece, &my_rcache);
88	92	if (err) {

+2

-2

src/util/check-ac-syms less more

2	2	# args: srcdir srctop-from-srcdir header-path
3	3
4	4	d=`pwd`
5		head -1 $1/configure.in > config-in.tmp
	5	head -1 $1/configure.ac > config-in.tmp
6	6	echo "AC_CONFIG_HEADER(fooconfig.h:$d/fooconfig-h.tmp)" >> config-in.tmp
7		tail +2 $1/configure.in \| grep -v AC_CONFIG_HEADER >> config-in.tmp
	7	tail +2 $1/configure.ac \| grep -v AC_CONFIG_HEADER >> config-in.tmp
8	8	mv -f config-in.tmp config-in.ac~
9	9
10	10	if (cd $1 && autoheader --include=$2 $d/config-in.ac~) > /dev/null; then

+0

-25

~~src/util/confvalidator/README~~ less more

0		validator.py is a command line tool for identifying invalid attributes, values and some formating problems in Kerberos configuration files.
1		The list of the valid attributes is created based on the “configuration variables” section in k5-int.h and user defined attributes from the rules file.
2
3		Usage:
4
5		validator.py path [-d defPath] [-r rulesPath] [-c validatorConfPath]
6
7		Options:
8
9		path – the path to the configuration file to validate
10
11		-d defPath – path to the k5-int.h file. Starting from the 1.7 release this header holds the profile attribute names in the form #define KRB5_CONF_xxx ”ZZZ”.
12
13		-r rulesPath - path the rules file in yaml format. It may be used to manage the list of the valid attributes and to define the additional validation rules.
14
15		-c validatorConfPath – the same as -r and -d options, but in validator configuration file format.
16
17		Example:
18
19		python validator.py src/config-files/krb5.conf -r rules.yml -d src/include/k5-int.h
20		or
21		python validator.py src/config-files/krb5.conf -c validator.conf
22
23		For more details please refer to the sample files validator.conf and rules.yml
24

+0

-144

~~src/util/confvalidator/confparser.py~~ less more

0		'''
1		Created on Jan 31, 2010
2
3		@author: tsitkova
4		'''
5		import re
6		import copy
7		import yaml
8
9		class ConfParser(object):
10		def __init__(self, path):
11		self.configuration = self._parse(path)
12
13		def walk(self):
14		for trio in self._walk(self.configuration):
15		yield trio
16
17		def _parse(self, path):
18		comment_pattern = re.compile(r'(\s[#].)')
19		section_pattern = re.compile(r'^\s*\[(?P<section>\w+)\]\s+$')
20		empty_pattern = re.compile(r'^\s*$')
21		equalsign_pattern = re.compile(r'=')
22
23		section = None
24		parser_stack = list()
25		result = dict()
26		value = None
27		f = open(path, 'r')
28		for (ln,line) in enumerate(f):
29		line = comment_pattern.sub('', line)
30		line = equalsign_pattern.sub(' = ',line,count=1)
31		if empty_pattern.match(line) is not None:
32		continue
33		m = section_pattern.match(line)
34		if m is not None:
35		section = m.group('section')
36		value = dict()
37		result[section] = value
38		continue
39		if section is None:
40		msg = 'Failed to determine section for line #%i' % ln
41		raise ValueError(msg)
42		try:
43		value = self._parseLine(value, line, parser_stack)
44		except:
45		print 'Error while parsing line %i: %s' % (ln+1, line)
46		raise
47		f.close()
48
49		if len(parser_stack):
50		raise 'Parsing error.'
51
52		return result
53
54		def _parseLine(self, value, content, stack):
55		token_pattern = re.compile(r'(?P<token>\S+)(?=\s+)')
56		attr = None
57		token_stack = list()
58
59		for m in token_pattern.finditer(content):
60		token = m.group('token')
61		if not self._validate(token):
62		raise ValueError('Invalid token %s' % token)
63		if token == '=':
64		if len(token_stack) == 0:
65		raise ValueError('Failed to find attribute.')
66		elif len(token_stack) == 1:
67		attr = token_stack.pop()
68		else:
69		value[attr] = token_stack[:-1]
70		attr = token_stack[-1]
71		token_stack = list()
72		elif token == '{':
73		if attr is None:
74		raise ValueError('Failed to find attribute.')
75		stack.append((attr,value))
76		value = dict()
77		elif token == '}':
78		if len(stack) == 0:
79		raise ValueError('Failed to parse: unbalanced braces')
80		if len(token_stack):
81		if attr is None:
82		raise ValueError('Missing attribute')
83		value[attr] = token_stack
84		attr = None
85		token_stack = list()
86		(attr,parent_value) = stack.pop()
87		parent_value[attr] = value
88		value = parent_value
89		else:
90		token_stack.append(token)
91		if len(token_stack):
92		if attr is None:
93		raise ValueError('Missing attribute')
94		value[attr] = token_stack
95
96		return value
97
98		def _validate(self, token):
99		result = True
100		for s in ['{','}']:
101		if s in token and s != token:
102		result = False
103
104		return result
105
106		def _walk(self, parsedData, path='root'):
107		dirs = list()
108		av = list()
109		for (key, value) in parsedData.iteritems():
110		if type(value) == dict:
111		new_path = path + '.' + key
112		for trio in self._walk(value, new_path):
113		yield trio
114		dirs.append(key)
115		else:
116		av.append((key,value))
117		yield (path, dirs, av)
118
119
120
121		class ConfParserTest(ConfParser):
122		def __init__(self):
123		self.conf_path = '../tests/krb5.conf'
124		super(ConfParserTest, self).__init__(self.conf_path)
125
126		def run_tests(self):
127		self._test_walk()
128
129		def _test_parse(self):
130		result = self._parse(self.conf_path)
131		print yaml.dump(result)
132
133		def _test_walk(self):
134		configuration = self._parse(self.conf_path)
135		for (path,dirs,av) in self.walk():
136		print path,dirs,av
137
138
139
140
141		if __name__ == '__main__':
142		tester = ConfParserTest()
143		tester.run_tests()

+0

-13

~~src/util/confvalidator/rules.yml~~ less more

0		# Extend the list of the allowed enctypes and salts as needed
1		Types:
2		supported_enctypes:
3		'(aes256-cts-hmac-sha1-96\|aes256-cts\|aes128-cts-hmac-sha1-96\|aes128-cts\|des3-hmac-sha1\|des3-cbc-raw\|des3-cbc-sha1\|des3-hmac-sha1\|rc4-hmac\|arcfour-hmac-md5)(:(normal\|v4))?$'
4		default_tgs_enctypes:
5		'(aes256-cts-hmac-sha1-96\|aes256-cts\|aes128-cts-hmac-sha1-96\|aes128-cts\|des3-hmac-sha1\|des3-cbc-raw\|des3-cbc-sha1\|des3-hmac-sha1\|rc4-hmac\|arcfour-hmac-md5)'
6		default_tkt_enctypes:
7		'(aes256-cts-hmac-sha1-96\|aes256-cts\|aes128-cts-hmac-sha1-96\|aes128-cts\|des3-hmac-sha1\|des3-cbc-raw\|des3-cbc-sha1\|des3-hmac-sha1\|rc4-hmac\|arcfour-hmac-md5)'
8
9		# Add all valid profile attributes that are not listed in k5-int.h
10		Attributes:
11		- logging
12		- dbmodules

+0

-2

~~src/util/confvalidator/validator.conf~~ less more

0		RulesPath=./rules.yml
1		HfilePath=../../include/k5-int.h

+0

-194

~~src/util/confvalidator/validator.py~~ less more

0		'''
1		Created on Jan 25, 2010
2
3		@author: tsitkova
4		'''
5		import os
6		import sys
7		import re
8		import yaml
9		from optparse import OptionParser
10		from confparser import ConfParser
11
12		class Rule(object):
13		def __init__(self):
14		pass
15
16		def validate(self,node):
17		(path,dirs,avs) = node
18
19
20		class Validator(object):
21		def __init__(self, kerberosPath, confPath=None, rulesPath=None, hfilePath=None):
22		self.parser = ConfParser(kerberosPath)
23		if confPath is not None:
24		content = self._readConfigFile(confPath)
25		rulesPath = content['RulesPath']
26		hfilePath = content['HfilePath']
27		if rulesPath is not None and hfilePath is not None:
28		self.rules = self._loadRules(rulesPath)
29		self.validKeys = SupportedKeys(hfilePath).validKeys.union(self.rules['Attributes'])
30		else:
31		raise ValueError('Invalid arguments for validator: no path to rules and definition files')
32
33		self._attribute_pattern = re.compile(r'^\w+$')
34		self._lowercase_pattern = re.compile(r'[a-z]')
35
36		def _readConfigFile(self,path):
37		f = open(path)
38		result = dict()
39		for line in f:
40		line = line.rstrip()
41		fields = line.split('=')
42		result[fields[0]] = fields[1]
43
44		return result
45
46		def _loadRules(self, path):
47		f = open(path)
48		rules = yaml.load(f)
49		f.close()
50
51		return rules
52
53		def validate(self):
54		typeInfo = self.rules['Types']
55
56		for node in self.parser.walk():
57		self._validateTypes(node, typeInfo)
58		self._validateAttrubutes(node, self.validKeys)
59		# self._validateRealm(node)
60
61
62		def _validateTypes(self, node, typeInfo):
63		(path, dirs, avs) = node
64		for (key, value) in avs:
65		valid_type_pattern = typeInfo.get(key)
66		if valid_type_pattern is not None:
67		for t in value:
68		if re.match(valid_type_pattern, t) is None:
69		print 'Wrong type %s for attribute %s.%s' % (t,path,key)
70
71		def _validateAttrubutes(self, node, validKeys):
72		(path, dirs, avs) = node
73		attributes = list()
74		for attr in dirs:
75		if self._attribute_pattern.match(attr) is not None:
76		attributes.append(attr)
77		for (attr, value) in avs:
78		if self._attribute_pattern.match(attr) is not None:
79		attributes.append(attr)
80
81		for attr in attributes:
82		if attr not in validKeys:
83		print 'Unrecognized attribute %s at %s' % (attr, path)
84
85		# def _validateRealm(self, node):
86		# (path, dirs, avs) = node
87		# if path == 'root.realms':
88		# for attr in dirs:
89		# if self._lowercase_pattern.search(attr) is not None:
90		# print 'Lower case letter in realm attribute: %s at %s' % (attr, path)
91
92		class SupportedKeys(object):
93		def __init__(self, path):
94		self.validKeys = self.getKeysFromHfile(path)
95
96		def getKeysFromHfile(self, path):
97		pattern = re.compile(r'^[#]define KRB5_CONF_\w+\s+["](\w+)["]')
98		f = open(path)
99		result = set()
100		for l in f:
101		l = l.rstrip()
102		m = pattern.match(l)
103		if m is not None:
104		result.add(m.groups()[0])
105		f.close()
106
107		return result
108
109
110		class ValidatorTest(Validator):
111		def __init__(self):
112		self.kerberosPath = '../tests/kdc1.conf'
113		self.rulesPath = '../tests/rules.yml'
114		self.hfilePath = '../tests/k5-int.h'
115		self.confPath = '../tests/validator.conf'
116
117		super(ValidatorTest, self).__init__(self.kerberosPath,
118		rulesPath=self.rulesPath,
119		hfilePath=self.hfilePath)
120
121		def run_tests(self):
122		self._test_validate()
123
124		def _test__loadRules(self):
125		result = self._loadRules(self.rulesPath)
126		print result
127
128		def _test_validate(self):
129		self.validate()
130
131		def _test__readConfigFile(self):
132		result = self._readConfigFile(self.confPath)
133		print result
134
135		class SupportedKeysTest(SupportedKeys):
136		def __init__(self):
137		self.path = '../tests/k5-int.h'
138
139		def run_tests(self):
140		self._test_getKeysFromHFile()
141
142		def _test_getKeysFromHFile(self):
143		result = set()
144		krb5keys = self.getKeysFromHfile(self.path)
145		for key in krb5keys:
146		print key
147		result.update(key)
148		print len(krb5keys)
149
150		return result
151
152		def _test():
153		tester = ValidatorTest()
154		krb5keys = tester.run_tests()
155
156		if __name__ == '__main__':
157		TEST = False
158		if TEST:
159		_test()
160		sys.exit()
161
162
163		usage = "\n\t%prog path [-d defPath] [-r rulesPath] [-c validatorConfPath]"
164		description = 'Description: validates kerberos configuration file'
165		parser = OptionParser(usage = usage, description = description)
166		parser.add_option("-c", dest="confPath",
167		help='path to validator config file')
168		parser.add_option("-d", dest="hfilePath",
169		help='path to h-file with attribute definition')
170		parser.add_option("-r", dest="rulesPath",
171		help='path to file with validation rules')
172		(options, args) = parser.parse_args()
173
174		if len(args) != 1 and len(sys.argv) <= 3:
175		print '\n%s' % parser.get_usage()
176		sys.exit()
177
178		validator = None
179		if options.confPath is not None:
180		validator = Validator(args[0], confPath=options.confPath)
181		elif options.hfilePath is not None and options.rulesPath is not None:
182		validator = Validator(args[0], hfilePath=options.hfilePath, rulesPath=options.rulesPath)
183		else:
184		print '\nMust specify either configuration file or paths to rules and definitions files'
185		print '%s' % parser.get_usage()
186		sys.exit()
187
188		validator.validate()
189
190
191
192
193

+2

-2

src/util/cstyle-file.py less more

56	56	from tempfile import NamedTemporaryFile
57	57
58	58	def warn(ln, msg):
59		print '%5d %s' % (ln, msg)
	59	print('%5d %s' % (ln, msg))
60	60
61	61
62	62	# If lines[0] indicates the krb5 C style, try to use emacs to reindent

69	69	util_dir = os.path.dirname(sys.argv[0])
70	70	cstyle_el = os.path.join(util_dir, 'krb5-c-style.el')
71	71	reindent_el = os.path.join(util_dir, 'krb5-batch-reindent.el')
72		with NamedTemporaryFile(suffix='.c') as f:
	72	with NamedTemporaryFile(suffix='.c', mode='w+') as f:
73	73	f.write(''.join(lines))
74	74	f.flush()
75	75	args = ['emacs', '-q', '-batch', '-l', cstyle_el, '-l', reindent_el,

+7

-7

src/util/cstyle.py less more

43	43	# Run a command and return a list of its output lines.
44	44	def run(args):
45	45	# subprocess.check_output would be ideal here, but requires Python 2.7.
46		p = Popen(args, stdout=PIPE, stderr=PIPE)
	46	p = Popen(args, stdout=PIPE, stderr=PIPE, universal_newlines=True)
47	47	out, err = p.communicate()
48	48	if p.returncode != 0:
49	49	sys.stderr.write('Failed command: ' + ' '.join(args) + '\n')

84	84	p1 = Popen(['cat', filename], stdout=PIPE)
85	85	else:
86	86	p1 = Popen(['git', 'show', rev + ':' + filename], stdout=PIPE)
87		p2 = Popen(['python', 'src/util/cstyle-file.py'], stdin=p1.stdout,
88		stdout=PIPE)
	87	p2 = Popen([sys.executable, 'src/util/cstyle-file.py'], stdin=p1.stdout,
	88	stdout=PIPE, universal_newlines=True)
89	89	p1.stdout.close()
90	90	out, err = p2.communicate()
91	91	if p2.returncode != 0:

96	96	m = line_re.match(line)
97	97	if int(m.group(1)) in new_lines:
98	98	if first:
99		print ' ' + dispname + ':'
	99	print(' ' + dispname + ':')
100	100	first = False
101		print ' ' + line
	101	print(' ' + line)
102	102
103	103
104	104	# Determine the lines of each file modified by diff (a sequence of

152	152	# Parse arguments.
153	153	try:
154	154	opts, args = getopt.getopt(sys.argv[1:], 'w')
155		except getopt.GetoptError, err:
156		print str(err)
	155	except getopt.GetoptError as err:
	156	print(str(err))
157	157	usage()
158	158	if len(args) > 1:
159	159	usage()

+1

-1

src/util/et/ISSUES less more

45	45
46	46	Values are currently computed as 32-bit values, sign-extended to
47	47	"long", and output with "L" suffixes. Type errcode_t is "long".
48		Kerberos uses a seperately chosen signed type of at least 32 bits for
	48	Kerberos uses a separately chosen signed type of at least 32 bits for
49	49	error codes. The com_err library only look at the low 32 bits, so
50	50	this is mostly just an issue for application code -- if anything
51	51	truncates to 32 bits, and then widens without sign-extending, the

+3

-3

src/util/getsyms less more

0	0	#!/bin/sh
1	1	# Run this from the TOP of the source tree!
2	2	M4=gm4
3		configs=`find $1 -name configure.in -print\|sort\|sed -e 's@/configure.in@@'`
	3	configs=`find $1 -name configure.ac -print\|sort\|sed -e 's@/configure.ac@@'`
4	4	for dir in $configs; do
5	5	syms=""
6	6	libs=""

9	9	funcs=""
10	10	AC_MACRODIR=./util/autoconf
11	11	# The following bits shamelessly stolen from autoheader.sh
12		eval "`$M4 -I$AC_MACRODIR autoheader.m4 $dir/configure.in\|
	12	eval "`$M4 -I$AC_MACRODIR autoheader.m4 $dir/configure.ac\|
13	13	sed -n -e '
14	14	: again
15	15	/^@@@.@@@$/s/^@@@$.$@@@$/\1/p

40	40	done \| sed 's/[^a-zA-Z0-9_]/_/g' \| tr '[a-z]' '[A-Z]' \| sed 's/^/HAVE_LIB/'`"
41	41	allsyms="$allsyms $libs"
42	42	fi
43		echo $dir/configure.in: $allsyms
	43	echo $dir/configure.ac: $allsyms
44	44	allsyms="`echo $allsyms\|tr ' ' '\|'`"
45	45	files="$dir/*.[ch]"
46	46	if test ! "`echo $files`" = "$dir/"'*.[ch]'; then

+106

-82

src/util/k5test.py less more

240	240	return code other than 0, expected_msg=MSG to expect a substring in
241	241	the command output, and expected_trace=('a', 'b', ...) to expect an
242	242	ordered series of line substrings in the command's KRB5_TRACE
243		output.
	243	output, or return_trace=True to return a tuple of the command output
	244	and the trace output.
244	245
245	246	* realm.kprop_port(): Returns a port number based on realm.portbase
246	247	intended for use by kprop and kpropd.

370	371	"""
371	372
372	373	import atexit
	374	import fcntl
373	375	import optparse
374	376	import os
375	377	import shlex

405	407
406	408	def success(msg):
407	409	global _success
	410	_check_daemons()
408	411	output('*** Success: %s\n' % msg)
409	412	_success = True
410	413

425	428	def skip_rest(whatmsg, whymsg):
426	429	global _success
427	430	skipped(whatmsg, whymsg)
	431	_check_daemons()
428	432	_success = True
429	433	sys.exit(0)
430	434

456	460	def _onexit():
457	461	global _daemons, _success, srctop, verbose
458	462	global _debug, _stop_before, _stop_after, _shell_before, _shell_after
459		if _daemons is None:
460		# In Python 2.5, if we exit as a side-effect of importing
461		# k5test, _onexit will execute in an empty global namespace.
462		# This can happen if argument processing fails or the build
463		# root isn't valid. In this case we can safely assume that no
464		# daemons have been launched and that we don't really need to
465		# amend the error message. The bug is fixed in Python 2.6.
466		return
467	463	if _debug or _stop_before or _stop_after or _shell_before or _shell_after:
468	464	# Wait before killing daemons in case one is being debugged.
469	465	sys.stdout.write('*** Press return to kill daemons and exit script: ')
470	466	sys.stdout.flush()
471	467	sys.stdin.readline()
472	468	for proc in _daemons:
473		os.kill(proc.pid, signal.SIGTERM)
	469	if _check_daemon(proc) is None:
	470	os.kill(proc.pid, signal.SIGTERM)
474	471	if not _success:
475	472	print
476	473	if not verbose:

637	634	return cfg2
638	635	result = cfg1.copy()
639	636	for key, value2 in cfg2.items():
640		if value2 is None or key not in result:
	637	if value2 is None:
	638	result.pop(key, None)
	639	elif key not in result:
641	640	result[key] = value2
642	641	else:
643	642	value1 = result[key]

676	675	subprocess.call(os.getenv('SHELL'), env=env)
677	676
678	677
679		# Read tracefile and look for the expected strings in successive lines.
680		def _check_trace(tracefile, expected):
681		output('*** Trace output for previous command:\n')
	678	# Look for the expected strings in successive lines of trace.
	679	def _check_trace(trace, expected):
682	680	i = 0
683		with open(tracefile, 'r') as f:
684		for line in f:
685		output(line)
686		if i < len(expected) and expected[i] in line:
687		i += 1
	681	for line in trace.splitlines():
	682	if i < len(expected) and expected[i] in line:
	683	i += 1
688	684	if i < len(expected):
689	685	fail('Expected string not found in trace output: ' + expected[i])
690	686
691	687
692	688	def _run_cmd(args, env, input=None, expected_code=0, expected_msg=None,
693		expected_trace=None):
	689	expected_trace=None, return_trace=False):
694	690	global null_input, _cmd_index, _last_cmd, _last_cmd_output, _debug
695	691	global _stop_before, _stop_after, _shell_before, _shell_after
696	692
697		if expected_trace is not None:
	693	tracefile = None
	694	if expected_trace is not None or return_trace:
698	695	tracefile = 'testtrace'
699	696	if os.path.exists(tracefile):
700	697	os.remove(tracefile)

734	731	if expected_msg is not None and expected_msg not in outdata:
735	732	fail('Expected string not found in command output: ' + expected_msg)
736	733
737		if expected_trace is not None:
738		_check_trace(tracefile, expected_trace)
739
740		return outdata
	734	if tracefile is not None:
	735	with open(tracefile, 'r') as f:
	736	trace = f.read()
	737	output('*** Trace output for previous command:\n')
	738	output(trace)
	739	if expected_trace is not None:
	740	_check_trace(trace, expected_trace)
	741
	742	return (outdata, trace) if return_trace else outdata
741	743
742	744
743	745	def _debug_cmd(args, env, input):

811	813	return proc
812	814
813	815
	816	# Check a daemon's status prior to terminating it. Display its return
	817	# code if it already exited, and display any output it has generated.
	818	# Return the daemon's exit status or None if it is still running.
	819	def _check_daemon(proc):
	820	exited = False
	821	code = proc.poll()
	822	if code is not None:
	823	output('*** Daemon pid %d exited with code %d\n' % (proc.pid, code))
	824
	825	flags = fcntl.fcntl(proc.stdout, fcntl.F_GETFL)
	826	fcntl.fcntl(proc.stdout, fcntl.F_SETFL, flags \| os.O_NONBLOCK)
	827	try:
	828	out = proc.stdout.read()
	829	except:
	830	return
	831
	832	output('*** Daemon pid %d output:\n' % proc.pid)
	833	output(out)
	834	return code
	835
	836
	837	# Check all tracked daemon processes. If any daemons already exited,
	838	# remove them from the list (so we don't try to terminate them again).
	839	# If any daemons exited with an error, fail out.
	840	def _check_daemons():
	841	exited = []
	842	daemon_error = False
	843	for proc in _daemons:
	844	code = _check_daemon(proc)
	845	if code is not None:
	846	exited.append(proc)
	847	if code != 0:
	848	daemon_error = True
	849
	850	for proc in exited:
	851	_daemons.remove(proc)
	852
	853	if daemon_error:
	854	fail('One or more daemon processes exited with an error')
	855
	856
814	857	def stop_daemon(proc):
815		output('*** Terminating process %d\n' % proc.pid)
816		os.kill(proc.pid, signal.SIGTERM)
817		proc.wait()
818		_daemons.remove(proc)
	858	code = _check_daemon(proc)
	859	if code is not None:
	860	_daemons.remove(proc)
	861	if code != 0:
	862	fail('Daemon process %d exited early' % proc.pid)
	863	else:
	864	output('*** Terminating process %d\n' % proc.pid)
	865	os.kill(proc.pid, signal.SIGTERM)
	866	proc.wait()
	867	_daemons.remove(proc)
819	868
820	869
821	870	class K5Realm(object):

840	889	self.keytab = os.path.join(self.testdir, 'keytab')
841	890	self.client_keytab = os.path.join(self.testdir, 'client_keytab')
842	891	self.ccache = os.path.join(self.testdir, 'ccache')
	892	self.gss_mech_config = os.path.join(self.testdir, 'mech.conf')
843	893	self.kadmin_ccache = os.path.join(self.testdir, 'kadmin_ccache')
844	894	self._krb5_conf = _cfg_merge(_default_krb5_conf, krb5_conf)
845	895	base_kdc_conf = _default_kdc_conf

911	961	# A string value yields a straightforward variable setting.
912	962	value = self._subst_cfg_value(value)
913	963	file.write('%s%s = %s\n' % (indent, name, value))
914		elif value is not None:
	964	else:
915	965	raise TypeError()
916	966
917	967	def _subst_cfg_value(self, value):
918	968	global buildtop, srctop, hostname
919	969	template = string.Template(value)
920		return template.substitute(realm=self.realm,
921		testdir=self.testdir,
922		buildtop=buildtop,
923		srctop=srctop,
924		plugins=plugins,
925		hostname=hostname,
926		port0=self.portbase,
927		port1=self.portbase + 1,
928		port2=self.portbase + 2,
929		port3=self.portbase + 3,
930		port4=self.portbase + 4,
931		port5=self.portbase + 5,
932		port6=self.portbase + 6,
933		port7=self.portbase + 7,
934		port8=self.portbase + 8,
935		port9=self.portbase + 9)
	970	subst = template.substitute(realm=self.realm,
	971	testdir=self.testdir,
	972	buildtop=buildtop,
	973	srctop=srctop,
	974	plugins=plugins,
	975	hostname=hostname,
	976	port0=self.portbase,
	977	port1=self.portbase + 1,
	978	port2=self.portbase + 2,
	979	port3=self.portbase + 3,
	980	port4=self.portbase + 4,
	981	port5=self.portbase + 5,
	982	port6=self.portbase + 6,
	983	port7=self.portbase + 7,
	984	port8=self.portbase + 8,
	985	port9=self.portbase + 9)
	986	# Empty values must be quoted to avoid a syntax error.
	987	return subst if subst else '""'
936	988
937	989	def _create_acl(self):
938	990	global hostname

958	1010	env['KRB5RCACHEDIR'] = self.testdir
959	1011	env['KPROPD_PORT'] = str(self.kprop_port())
960	1012	env['KPROP_PORT'] = str(self.kprop_port())
	1013	env['GSS_MECH_CONFIG'] = self.gss_mech_config
961	1014	return env
962	1015
963	1016	def run(self, args, env=None, **keywords):

1245	1298	# No special settings; exercises AES256.
1246	1299	('default', None, None, None),
1247	1300
1248		# Exercise a DES enctype and the v4 salt type.
1249		('desv4', None,
1250		{'libdefaults': {
1251		'default_tgs_enctypes': 'des-cbc-crc',
1252		'default_tkt_enctypes': 'des-cbc-crc',
1253		'permitted_enctypes': 'des-cbc-crc',
1254		'allow_weak_crypto': 'true'}},
1255		{'realms': {'$realm': {
1256		'supported_enctypes': 'des-cbc-crc:v4',
1257		'master_key_type': 'des-cbc-crc'}}}),
1258
1259	1301	# Exercise the DES3 enctype.
1260	1302	('des3', None,
1261		{'libdefaults': {
1262		'default_tgs_enctypes': 'des3',
1263		'default_tkt_enctypes': 'des3',
1264		'permitted_enctypes': 'des3'}},
	1303	{'libdefaults': {'permitted_enctypes': 'des3'}},
1265	1304	{'realms': {'$realm': {
1266	1305	'supported_enctypes': 'des3-cbc-sha1:normal',
1267	1306	'master_key_type': 'des3-cbc-sha1'}}}),
1268	1307
1269	1308	# Exercise the arcfour enctype.
1270	1309	('arcfour', None,
1271		{'libdefaults': {
1272		'default_tgs_enctypes': 'rc4',
1273		'default_tkt_enctypes': 'rc4',
1274		'permitted_enctypes': 'rc4'}},
	1310	{'libdefaults': {'permitted_enctypes': 'rc4'}},
1275	1311	{'realms': {'$realm': {
1276	1312	'supported_enctypes': 'arcfour-hmac:normal',
1277	1313	'master_key_type': 'arcfour-hmac'}}}),
1278	1314
1279	1315	# Exercise the AES128 enctype.
1280	1316	('aes128', None,
1281		{'libdefaults': {
1282		'default_tgs_enctypes': 'aes128-cts',
1283		'default_tkt_enctypes': 'aes128-cts',
1284		'permitted_enctypes': 'aes128-cts'}},
	1317	{'libdefaults': {'permitted_enctypes': 'aes128-cts'}},
1285	1318	{'realms': {'$realm': {
1286	1319	'supported_enctypes': 'aes128-cts:normal',
1287	1320	'master_key_type': 'aes128-cts'}}}),
1288	1321
1289	1322	# Exercise the camellia256-cts enctype.
1290	1323	('camellia256', None,
1291		{'libdefaults': {
1292		'default_tgs_enctypes': 'camellia256-cts',
1293		'default_tkt_enctypes': 'camellia256-cts',
1294		'permitted_enctypes': 'camellia256-cts'}},
	1324	{'libdefaults': {'permitted_enctypes': 'camellia256-cts'}},
1295	1325	{'realms': {'$realm': {
1296	1326	'supported_enctypes': 'camellia256-cts:normal',
1297	1327	'master_key_type': 'camellia256-cts'}}}),
1298	1328
1299	1329	# Exercise the aes128-sha2 enctype.
1300	1330	('aes128-sha2', None,
1301		{'libdefaults': {
1302		'default_tgs_enctypes': 'aes128-sha2',
1303		'default_tkt_enctypes': 'aes128-sha2',
1304		'permitted_enctypes': 'aes128-sha2'}},
	1331	{'libdefaults': {'permitted_enctypes': 'aes128-sha2'}},
1305	1332	{'realms': {'$realm': {
1306	1333	'supported_enctypes': 'aes128-sha2:normal',
1307	1334	'master_key_type': 'aes128-sha2'}}}),
1308	1335
1309	1336	# Exercise the aes256-sha2 enctype.
1310	1337	('aes256-sha2', None,
1311		{'libdefaults': {
1312		'default_tgs_enctypes': 'aes256-sha2',
1313		'default_tkt_enctypes': 'aes256-sha2',
1314		'permitted_enctypes': 'aes256-sha2'}},
	1338	{'libdefaults': {'permitted_enctypes': 'aes256-sha2'}},
1315	1339	{'realms': {'$realm': {
1316	1340	'supported_enctypes': 'aes256-sha2:normal',
1317	1341	'master_key_type': 'aes256-sha2'}}}),
1318	1342
1319	1343	# Test a setup with modern principal keys but an old TGT key.
1320		('aes256.destgt', 'des-cbc-crc:normal',
	1344	('aes256.destgt', 'arcfour-hmac:normal',
1321	1345	{'libdefaults': {'allow_weak_crypto': 'true'}},
1322	1346	None)
1323	1347	]

+1

-1

src/util/krb5-check-copyright.py less more

28	28	import re
29	29
30	30	def warn(fname, ln, msg):
31		print '%s: %d: %s' % (fname, ln + 1, msg)
	31	print('%s: %d: %s' % (fname, ln + 1, msg))
32	32
33	33	def indicates_license(line):
34	34	return 'Copyright' in line or 'COPYRIGHT' in line or 'License' in line

+2

-2

src/util/krb5-mark-cstyle.py less more

14	14	newname = fname + ".new"
15	15	infile = open(fname)
16	16	outfile = open(newname, "w")
17		first = infile.next()
	17	first = next(infile)
18	18	if (first != style):
19	19	changed = True
20	20	outfile.write(style)

42	42	(options, args) = parser.parse_args()
43	43
44	44	for fname in args:
45		print fname
	45	print(fname)
46	46	dofile(fname, styles[options.style])

+0

-54

~~src/util/mac/k5_mig.defs~~ less more

0		/* $Copyright:
1		*
2		* Copyright 2004-2006 by the Massachusetts Institute of Technology.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require a
7		* specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
12		* this software and its documentation for any purpose and without fee is
13		* hereby granted, provided that the above copyright notice appear in all
14		* copies and that both that copyright notice and this permission notice
15		* appear in supporting documentation, and that the name of M.I.T. not be
16		* used in advertising or publicity pertaining to distribution of the
17		* software without specific, written prior permission. Furthermore if you
18		* modify this software you must label your software as modified software
19		* and not distribute it in such a fashion that it might be confused with
20		* the original MIT software. M.I.T. makes no representations about the
21		* suitability of this software for any purpose. It is provided "as is"
22		* without express or implied warranty.
23		*
24		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
25		* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
26		* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
27		*
28		* Individual source code files are copyright MIT, Cygnus Support,
29		* OpenVision, Oracle, Sun Soft, FundsXpress, and others.
30		*
31		* Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
32		* and Zephyr are trademarks of the Massachusetts Institute of Technology
33		* (MIT). No commercial use of these trademarks may be made without prior
34		* written permission of MIT.
35		*
36		* "Commercial use" means use of a name in a product or other for-profit
37		* manner. It does NOT prevent a commercial firm from referring to the MIT
38		* trademarks in order to convey information (although in doing so,
39		* recognition of their trademark status should be given).
40		* $
41		*/
42
43		#include <mach/std_types.defs>
44		#include <mach/mach_types.defs>
45
46		import "k5_mig_types.h";
47
48		/* Note the 1024 must be the same as K5_IPC_MAX_MSG_SIZE */
49		type k5_ipc_inl_request_t = array [ * : 1024 ] of char;
50		type k5_ipc_ool_request_t = array [] of char;
51
52		type k5_ipc_inl_reply_t = array [ * : 1024 ] of char;
53		type k5_ipc_ool_reply_t = array [] of char;

+0

-529

~~src/util/mac/k5_mig_client.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* util/mac/k5_mig_client.c */
2		/*
3		* Copyright 2006 Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#ifndef LEAN_CLIENT
27
28		#include "k5_mig_client.h"
29		#include "k5_mig_request.h"
30		#include "k5_mig_replyServer.h"
31		#include "k5-thread.h"
32
33		#include <mach/mach.h>
34		#include <servers/bootstrap.h>
35
36
37
38		/* Number of services available. Update if modifying the lists below */
39		#define KIPC_SERVICE_COUNT 2
40
41		/* ------------------------------------------------------------------------ */
42
43		/* This struct exists to store the global service port shared between all
44		* threads. Note that there is one of these ports per server, whereas
45		* there is one connection port per thread. Thus this is global and mutexed,
46		* whereas the connection ports below are in TLS */
47
48		typedef struct k5_ipc_service_port {
49		const char *service_id;
50		mach_port_t service_port;
51		} k5_ipc_service_port;
52
53		/* global service ports and mutex to protect it */
54		static k5_mutex_t g_service_ports_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
55		static k5_ipc_service_port g_service_ports[KIPC_SERVICE_COUNT] = {
56		{ "edu.mit.Kerberos.CCacheServer", MACH_PORT_NULL },
57		{ "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL } };
58
59		/* ------------------------------------------------------------------------ */
60
61		/* This struct exists to hold the per-thread connection port used for ipc
62		* messages to the server. Each thread is issued a separate connection
63		* port so that the server can distinguish between threads in the same
64		* application. */
65
66		typedef struct k5_ipc_connection {
67		const char *service_id;
68		mach_port_t port;
69		} *k5_ipc_connection;
70
71		typedef struct k5_ipc_connection_info {
72		struct k5_ipc_connection connections[KIPC_SERVICE_COUNT];
73		boolean_t server_died;
74		k5_ipc_stream reply_stream;
75		} *k5_ipc_connection_info;
76
77		/* initializer for k5_ipc_request_port to fill in server names in TLS */
78		static const char *k5_ipc_known_services[KIPC_SERVICE_COUNT] = {
79		"edu.mit.Kerberos.CCacheServer",
80		"edu.mit.Kerberos.KerberosAgent" };
81
82		/* ------------------------------------------------------------------------ */
83
84		static void k5_ipc_client_cinfo_free (void *io_cinfo)
85		{
86		if (io_cinfo) {
87		k5_ipc_connection_info cinfo = io_cinfo;
88		int i;
89
90		for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
91		if (MACH_PORT_VALID (cinfo->connections[i].port)) {
92		mach_port_mod_refs (mach_task_self(),
93		cinfo->connections[i].port,
94		MACH_PORT_RIGHT_SEND, -1 );
95		cinfo->connections[i].port = MACH_PORT_NULL;
96		}
97		}
98		/* reply_stream will always be freed by k5_ipc_send_request() */
99		free (cinfo);
100		}
101		}
102
103		/* ------------------------------------------------------------------------ */
104
105		static int k5_ipc_client_cinfo_allocate (k5_ipc_connection_info *out_cinfo)
106		{
107		int err = 0;
108		k5_ipc_connection_info cinfo = NULL;
109
110		cinfo = malloc (sizeof (*cinfo));
111		if (!cinfo) { err = ENOMEM; }
112
113		if (!err) {
114		int i;
115
116		cinfo->server_died = 0;
117		cinfo->reply_stream = NULL;
118
119		for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
120		cinfo->connections[i].service_id = k5_ipc_known_services[i];
121		cinfo->connections[i].port = MACH_PORT_NULL;
122		}
123		}
124
125		if (!err) {
126		*out_cinfo = cinfo;
127		cinfo = NULL;
128		}
129
130		k5_ipc_client_cinfo_free (cinfo);
131
132		return err;
133		}
134
135
136		#pragma mark -
137
138		MAKE_INIT_FUNCTION(k5_cli_ipc_thread_init);
139		MAKE_FINI_FUNCTION(k5_cli_ipc_thread_fini);
140
141		/* ------------------------------------------------------------------------ */
142
143		static int k5_cli_ipc_thread_init (void)
144		{
145		int err = 0;
146
147		err = k5_key_register (K5_KEY_IPC_CONNECTION_INFO,
148		k5_ipc_client_cinfo_free);
149
150		if (!err) {
151		err = k5_mutex_finish_init (&g_service_ports_mutex);
152		}
153
154		return err;
155		}
156
157		/* ------------------------------------------------------------------------ */
158
159		static void k5_cli_ipc_thread_fini (void)
160		{
161		int err = 0;
162
163		err = k5_mutex_lock (&g_service_ports_mutex);
164
165		if (!err) {
166		int i;
167
168		for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
169		if (MACH_PORT_VALID (g_service_ports[i].service_port)) {
170		mach_port_destroy (mach_task_self (),
171		g_service_ports[i].service_port);
172		g_service_ports[i].service_port = MACH_PORT_NULL;
173		}
174		}
175		k5_mutex_unlock (&g_service_ports_mutex);
176		}
177
178		k5_key_delete (K5_KEY_IPC_CONNECTION_INFO);
179		k5_mutex_destroy (&g_service_ports_mutex);
180		}
181
182		#pragma mark -
183
184		/* ------------------------------------------------------------------------ */
185
186		static kern_return_t k5_ipc_client_lookup_server (const char *in_service_id,
187		boolean_t in_launch_if_necessary,
188		boolean_t in_use_cached_port,
189		mach_port_t *out_service_port)
190		{
191		kern_return_t err = 0;
192		kern_return_t lock_err = 0;
193		mach_port_t k5_service_port = MACH_PORT_NULL;
194		boolean_t found_entry = 0;
195		int i;
196
197		if (!in_service_id ) { err = EINVAL; }
198		if (!out_service_port) { err = EINVAL; }
199
200		if (!err) {
201		lock_err = k5_mutex_lock (&g_service_ports_mutex);
202		if (lock_err) { err = lock_err; }
203		}
204
205		for (i = 0; !err && i < KIPC_SERVICE_COUNT; i++) {
206		if (!strcmp (in_service_id, g_service_ports[i].service_id)) {
207		found_entry = 1;
208		if (in_use_cached_port) {
209		k5_service_port = g_service_ports[i].service_port;
210		}
211		break;
212		}
213		}
214
215		if (!err && (!MACH_PORT_VALID (k5_service_port) \|\| !in_use_cached_port)) {
216		mach_port_t boot_port = MACH_PORT_NULL;
217		char *service = NULL;
218
219		/* Get our bootstrap port */
220		err = task_get_bootstrap_port (mach_task_self (), &boot_port);
221
222		if (!err && !in_launch_if_necessary) {
223		char *lookup = NULL;
224		mach_port_t lookup_port = MACH_PORT_NULL;
225
226		int w = asprintf (&lookup, "%s%s",
227		in_service_id, K5_MIG_LOOKUP_SUFFIX);
228		if (w < 0) { err = ENOMEM; }
229
230		if (!err) {
231		/* Use the lookup name because the service name will return
232		* a valid port even if the server isn't running */
233		err = bootstrap_look_up (boot_port, lookup, &lookup_port);
234		}
235
236		free (lookup);
237		if (MACH_PORT_VALID (lookup_port)) {
238		mach_port_deallocate (mach_task_self (), lookup_port);
239		}
240		}
241
242		if (!err) {
243		int w = asprintf (&service, "%s%s",
244		in_service_id, K5_MIG_SERVICE_SUFFIX);
245		if (w < 0) { err = ENOMEM; }
246		}
247
248		if (!err) {
249		err = bootstrap_look_up (boot_port, service, &k5_service_port);
250
251		if (!err && found_entry) {
252		/* Free old port if it is valid */
253		if (!err && MACH_PORT_VALID (g_service_ports[i].service_port)) {
254		mach_port_deallocate (mach_task_self (),
255		g_service_ports[i].service_port);
256		}
257
258		g_service_ports[i].service_port = k5_service_port;
259		}
260		}
261
262		free (service);
263		if (MACH_PORT_VALID (boot_port)) { mach_port_deallocate (mach_task_self (),
264		boot_port); }
265		}
266
267		if (!err) {
268		*out_service_port = k5_service_port;
269		}
270
271		if (!lock_err) { k5_mutex_unlock (&g_service_ports_mutex); }
272
273		return err;
274		}
275
276		#pragma mark -
277
278		/* ------------------------------------------------------------------------ */
279
280		static boolean_t k5_ipc_reply_demux (mach_msg_header_t *request,
281		mach_msg_header_t *reply)
282		{
283		boolean_t handled = 0;
284
285		if (CALL_INIT_FUNCTION (k5_cli_ipc_thread_init) != 0) {
286		return 0;
287		}
288
289		if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) {
290		k5_ipc_connection_info cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO);
291		if (cinfo) {
292		cinfo->server_died = 1;
293		}
294
295		handled = 1; /* server died */
296		}
297
298		if (!handled) {
299		handled = k5_ipc_reply_server (request, reply);
300		}
301
302		return handled;
303		}
304
305		/* ------------------------------------------------------------------------ */
306
307		kern_return_t k5_ipc_client_reply (mach_port_t in_reply_port,
308		k5_ipc_inl_reply_t in_inl_reply,
309		mach_msg_type_number_t in_inl_replyCnt,
310		k5_ipc_ool_reply_t in_ool_reply,
311		mach_msg_type_number_t in_ool_replyCnt)
312		{
313		kern_return_t err = KERN_SUCCESS;
314		k5_ipc_connection_info cinfo = NULL;
315
316		if (!err) {
317		err = CALL_INIT_FUNCTION (k5_cli_ipc_thread_init);
318		}
319
320		if (!err) {
321		cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO);
322		if (!cinfo \|\| !cinfo->reply_stream) { err = EINVAL; }
323		}
324
325		if (!err) {
326		if (in_inl_replyCnt) {
327		err = krb5int_ipc_stream_write (cinfo->reply_stream,
328		in_inl_reply, in_inl_replyCnt);
329
330		} else if (in_ool_replyCnt) {
331		err = krb5int_ipc_stream_write (cinfo->reply_stream,
332		in_ool_reply, in_ool_replyCnt);
333
334		} else {
335		err = EINVAL;
336		}
337		}
338
339		if (in_ool_replyCnt) { vm_deallocate (mach_task_self (),
340		(vm_address_t) in_ool_reply,
341		in_ool_replyCnt); }
342
343		return err;
344		}
345
346		#pragma mark -
347
348		/* ------------------------------------------------------------------------ */
349
350		int32_t k5_ipc_send_request (const char *in_service_id,
351		int32_t in_launch_server,
352		k5_ipc_stream in_request_stream,
353		k5_ipc_stream *out_reply_stream)
354		{
355		int err = 0;
356		int32_t done = 0;
357		int32_t try_count = 0;
358		mach_port_t server_port = MACH_PORT_NULL;
359		k5_ipc_connection_info cinfo = NULL;
360		k5_ipc_connection connection = NULL;
361		mach_port_t reply_port = MACH_PORT_NULL;
362		const char inl_request = NULL; / char * so we can pass the buffer in directly */
363		mach_msg_type_number_t inl_request_length = 0;
364		k5_ipc_ool_request_t ool_request = NULL;
365		mach_msg_type_number_t ool_request_length = 0;
366
367		if (!in_request_stream) { err = EINVAL; }
368		if (!out_reply_stream ) { err = EINVAL; }
369
370		if (!err) {
371		err = CALL_INIT_FUNCTION (k5_cli_ipc_thread_init);
372		}
373
374		if (!err) {
375		/* depending on how big the message is, use the fast inline buffer or
376		* the slow dynamically allocated buffer */
377		mach_msg_type_number_t request_length = krb5int_ipc_stream_size (in_request_stream);
378
379		if (request_length > K5_IPC_MAX_INL_MSG_SIZE) {
380		/*dprintf ("%s choosing out of line buffer (size is %d)",
381		* __FUNCTION__, request_length); */
382
383		err = vm_read (mach_task_self (),
384		(vm_address_t) krb5int_ipc_stream_data (in_request_stream),
385		request_length,
386		(vm_address_t *) &ool_request,
387		&ool_request_length);
388		} else {
389		/*dprintf ("%s choosing in line buffer (size is %d)",
390		* __FUNCTION__, request_length); */
391
392		inl_request_length = request_length;
393		inl_request = krb5int_ipc_stream_data (in_request_stream);
394		}
395		}
396
397		if (!err) {
398		cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO);
399
400		if (!cinfo) {
401		err = k5_ipc_client_cinfo_allocate (&cinfo);
402
403		if (!err) {
404		err = k5_setspecific (K5_KEY_IPC_CONNECTION_INFO, cinfo);
405		}
406		}
407
408		if (!err) {
409		int i, found = 0;
410
411		for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
412		if (!strcmp (in_service_id, cinfo->connections[i].service_id)) {
413		found = 1;
414		connection = &cinfo->connections[i];
415		break;
416		}
417		}
418
419		if (!found) { err = EINVAL; }
420		}
421		}
422
423		if (!err) {
424		err = k5_ipc_client_lookup_server (in_service_id, in_launch_server,
425		TRUE, &server_port);
426		}
427
428		if (!err) {
429		err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE,
430		&reply_port);
431		}
432
433		while (!err && !done) {
434		if (!err && !MACH_PORT_VALID (connection->port)) {
435		err = k5_ipc_client_create_client_connection (server_port,
436		&connection->port);
437		}
438
439		if (!err) {
440		err = k5_ipc_client_request (connection->port, reply_port,
441		inl_request, inl_request_length,
442		ool_request, ool_request_length);
443
444		}
445
446		if (err == MACH_SEND_INVALID_DEST) {
447		if (try_count < 2) {
448		try_count++;
449		err = 0;
450		}
451
452		if (MACH_PORT_VALID (connection->port)) {
453		mach_port_mod_refs (mach_task_self(), connection->port,
454		MACH_PORT_RIGHT_SEND, -1 );
455		connection->port = MACH_PORT_NULL;
456		}
457
458		/* Look up server name again without using the cached copy */
459		err = k5_ipc_client_lookup_server (in_service_id,
460		in_launch_server,
461		FALSE, &server_port);
462
463		} else {
464		/* Talked to server, though we may have gotten an error */
465		done = 1;
466
467		/* Because we use ",dealloc" ool_request will be freed by mach.
468		* Don't double free it. */
469		ool_request = NULL;
470		ool_request_length = 0;
471		}
472		}
473
474		if (!err) {
475		err = krb5int_ipc_stream_new (&cinfo->reply_stream);
476		}
477
478		if (!err) {
479		mach_port_t old_notification_target = MACH_PORT_NULL;
480
481		/* request no-senders notification so we know when server dies */
482		err = mach_port_request_notification (mach_task_self (), reply_port,
483		MACH_NOTIFY_NO_SENDERS, 1,
484		reply_port,
485		MACH_MSG_TYPE_MAKE_SEND_ONCE,
486		&old_notification_target);
487
488		if (!err && old_notification_target != MACH_PORT_NULL) {
489		mach_port_deallocate (mach_task_self (), old_notification_target);
490		}
491		}
492
493		if (!err) {
494		cinfo->server_died = 0;
495
496		err = mach_msg_server_once (k5_ipc_reply_demux, K5_IPC_MAX_MSG_SIZE,
497		reply_port, MACH_MSG_TIMEOUT_NONE);
498
499		if (!err && cinfo->server_died) {
500		err = ENOTCONN;
501		}
502		}
503
504		if (err == BOOTSTRAP_UNKNOWN_SERVICE && !in_launch_server) {
505		err = 0; /* If server is not running just return an empty stream. */
506		}
507
508		if (!err) {
509		*out_reply_stream = cinfo->reply_stream;
510		cinfo->reply_stream = NULL;
511		}
512
513		if (reply_port != MACH_PORT_NULL) {
514		mach_port_destroy (mach_task_self (), reply_port);
515		}
516		if (ool_request_length) {
517		vm_deallocate (mach_task_self (),
518		(vm_address_t) ool_request, ool_request_length);
519		}
520		if (cinfo && cinfo->reply_stream) {
521		krb5int_ipc_stream_release (cinfo->reply_stream);
522		cinfo->reply_stream = NULL;
523		}
524
525		return err;
526		}
527
528		#endif /* LEAN CLIENT */

+0

-37

~~src/util/mac/k5_mig_client.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* util/mac/k5_mig_client.h */
2		/*
3		* Copyright 2006 Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#ifndef K5_MIG_CLIENT_H
27		#define K5_MIG_CLIENT_H
28
29		#include "k5-ipc_stream.h"
30
31		int32_t k5_ipc_send_request (const char *in_service_id,
32		int32_t in_launch_server,
33		k5_ipc_stream in_request_stream,
34		k5_ipc_stream *out_reply_stream);
35
36		#endif /* K5_MIG_CLIENT_H */

+0

-58

~~src/util/mac/k5_mig_reply.defs~~ less more

0		/* $Copyright:
1		*
2		* Copyright 2004-2006 by the Massachusetts Institute of Technology.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require a
7		* specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
12		* this software and its documentation for any purpose and without fee is
13		* hereby granted, provided that the above copyright notice appear in all
14		* copies and that both that copyright notice and this permission notice
15		* appear in supporting documentation, and that the name of M.I.T. not be
16		* used in advertising or publicity pertaining to distribution of the
17		* software without specific, written prior permission. Furthermore if you
18		* modify this software you must label your software as modified software
19		* and not distribute it in such a fashion that it might be confused with
20		* the original MIT software. M.I.T. makes no representations about the
21		* suitability of this software for any purpose. It is provided "as is"
22		* without express or implied warranty.
23		*
24		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
25		* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
26		* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
27		*
28		* Individual source code files are copyright MIT, Cygnus Support,
29		* OpenVision, Oracle, Sun Soft, FundsXpress, and others.
30		*
31		* Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
32		* and Zephyr are trademarks of the Massachusetts Institute of Technology
33		* (MIT). No commercial use of these trademarks may be made without prior
34		* written permission of MIT.
35		*
36		* "Commercial use" means use of a name in a product or other for-profit
37		* manner. It does NOT prevent a commercial firm from referring to the MIT
38		* trademarks in order to convey information (although in doing so,
39		* recognition of their trademark status should be given).
40		* $
41		*/
42
43		#include "k5_mig.defs"
44
45		subsystem k5_ipc_reply 200;
46
47		serverprefix k5_ipc_client_;
48		userprefix k5_ipc_server_;
49
50		/* ",dealloc" means that the vm_read() memory will be moved to
51		* the other process rather than copied. This is necessary on the
52		* client side because we can't know when server has copied our
53		* buffers so we can't vm_deallocate() them ourselves. */
54
55		simpleroutine reply (in_reply_port : mach_port_move_send_once_t;
56		in_inl_reply : k5_ipc_inl_reply_t;
57		in_ool_reply : k5_ipc_ool_reply_t, dealloc);

+0

-62

~~src/util/mac/k5_mig_request.defs~~ less more

0		/* $Copyright:
1		*
2		* Copyright 2004-2006 by the Massachusetts Institute of Technology.
3		*
4		* All rights reserved.
5		*
6		* Export of this software from the United States of America may require a
7		* specific license from the United States Government. It is the
8		* responsibility of any person or organization contemplating export to
9		* obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
12		* this software and its documentation for any purpose and without fee is
13		* hereby granted, provided that the above copyright notice appear in all
14		* copies and that both that copyright notice and this permission notice
15		* appear in supporting documentation, and that the name of M.I.T. not be
16		* used in advertising or publicity pertaining to distribution of the
17		* software without specific, written prior permission. Furthermore if you
18		* modify this software you must label your software as modified software
19		* and not distribute it in such a fashion that it might be confused with
20		* the original MIT software. M.I.T. makes no representations about the
21		* suitability of this software for any purpose. It is provided "as is"
22		* without express or implied warranty.
23		*
24		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
25		* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
26		* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
27		*
28		* Individual source code files are copyright MIT, Cygnus Support,
29		* OpenVision, Oracle, Sun Soft, FundsXpress, and others.
30		*
31		* Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
32		* and Zephyr are trademarks of the Massachusetts Institute of Technology
33		* (MIT). No commercial use of these trademarks may be made without prior
34		* written permission of MIT.
35		*
36		* "Commercial use" means use of a name in a product or other for-profit
37		* manner. It does NOT prevent a commercial firm from referring to the MIT
38		* trademarks in order to convey information (although in doing so,
39		* recognition of their trademark status should be given).
40		* $
41		*/
42
43		#include "k5_mig.defs"
44
45		subsystem k5_ipc_request 100;
46
47		serverprefix k5_ipc_server_;
48		userprefix k5_ipc_client_;
49
50		routine create_client_connection (in_server_port : mach_port_t;
51		out out_connection_port : mach_port_t = MACH_MSG_TYPE_MAKE_SEND);
52
53		/* ",dealloc" means that the vm_read() memory will be moved to
54		* the other process rather than copied. This is necessary on the
55		* server side because we can't know when client has copied our
56		* buffers so we can't vm_deallocate() them ourselves. */
57
58		simpleroutine request (in_connection_port : mach_port_t;
59		in_reply_port : mach_port_make_send_once_t;
60		in_inl_request : k5_ipc_inl_request_t;
61		in_ool_request : k5_ipc_ool_request_t, dealloc);

+0

-390

~~src/util/mac/k5_mig_server.c~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* util/mac/k5_mig_server.c */
2		/*
3		* Copyright 2006 Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#include "k5_mig_server.h"
27
28		#include <syslog.h>
29		#include "k5_mig_requestServer.h"
30		#include "k5_mig_reply.h"
31
32		#include <CoreFoundation/CoreFoundation.h>
33		#include <mach/mach.h>
34		#include <servers/bootstrap.h>
35		#include <string.h>
36
37		/* Global variables for servers (used by k5_ipc_request_demux) */
38		static mach_port_t g_service_port = MACH_PORT_NULL;
39		static mach_port_t g_notify_port = MACH_PORT_NULL;
40		static mach_port_t g_listen_port_set = MACH_PORT_NULL;
41		static boolean_t g_ready_to_quit = 0;
42
43
44		/* ------------------------------------------------------------------------ */
45
46		static boolean_t k5_ipc_request_demux (mach_msg_header_t *request,
47		mach_msg_header_t *reply)
48		{
49		boolean_t handled = 0;
50
51		if (!handled) {
52		handled = k5_ipc_request_server (request, reply);
53		}
54
55		/* Our session has a send right. If that goes away it's time to quit. */
56		if (!handled && (request->msgh_id == MACH_NOTIFY_NO_SENDERS &&
57		request->msgh_local_port == g_notify_port)) {
58		g_ready_to_quit = 1;
59		handled = 1;
60		}
61
62		/* Check here for a client death. If so remove it */
63		if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) {
64		kern_return_t err = KERN_SUCCESS;
65
66		err = k5_ipc_server_remove_client (request->msgh_local_port);
67
68		if (!err) {
69		err = mach_port_mod_refs (mach_task_self (),
70		request->msgh_local_port,
71		MACH_PORT_RIGHT_RECEIVE, -1);
72		}
73
74		if (!err) {
75		handled = 1; /* was a port we are tracking */
76		}
77		}
78
79		return handled;
80		}
81
82		/* ------------------------------------------------------------------------ */
83
84		kern_return_t k5_ipc_server_create_client_connection (mach_port_t in_server_port,
85		mach_port_t *out_connection_port)
86		{
87		kern_return_t err = KERN_SUCCESS;
88		mach_port_t connection_port = MACH_PORT_NULL;
89		mach_port_t old_notification_target = MACH_PORT_NULL;
90
91		if (!err) {
92		err = mach_port_allocate (mach_task_self (),
93		MACH_PORT_RIGHT_RECEIVE, &connection_port);
94		}
95
96		if (!err) {
97		err = mach_port_move_member (mach_task_self (),
98		connection_port, g_listen_port_set);
99		}
100
101		if (!err) {
102		/* request no-senders notification so we can tell when client quits/crashes */
103		err = mach_port_request_notification (mach_task_self (),
104		connection_port,
105		MACH_NOTIFY_NO_SENDERS, 1,
106		connection_port,
107		MACH_MSG_TYPE_MAKE_SEND_ONCE,
108		&old_notification_target );
109		}
110
111		if (!err) {
112		err = k5_ipc_server_add_client (connection_port);
113		}
114
115		if (!err) {
116		*out_connection_port = connection_port;
117		connection_port = MACH_PORT_NULL;
118		}
119
120		if (MACH_PORT_VALID (connection_port)) { mach_port_deallocate (mach_task_self (), connection_port); }
121
122		return err;
123		}
124
125		/* ------------------------------------------------------------------------ */
126
127		kern_return_t k5_ipc_server_request (mach_port_t in_connection_port,
128		mach_port_t in_reply_port,
129		k5_ipc_inl_request_t in_inl_request,
130		mach_msg_type_number_t in_inl_requestCnt,
131		k5_ipc_ool_request_t in_ool_request,
132		mach_msg_type_number_t in_ool_requestCnt)
133		{
134		kern_return_t err = KERN_SUCCESS;
135		k5_ipc_stream request_stream = NULL;
136
137		if (!err) {
138		err = krb5int_ipc_stream_new (&request_stream);
139		}
140
141		if (!err) {
142		if (in_inl_requestCnt) {
143		err = krb5int_ipc_stream_write (request_stream, in_inl_request, in_inl_requestCnt);
144
145		} else if (in_ool_requestCnt) {
146		err = krb5int_ipc_stream_write (request_stream, in_ool_request, in_ool_requestCnt);
147
148		} else {
149		err = EINVAL;
150		}
151		}
152
153		if (!err) {
154		err = k5_ipc_server_handle_request (in_connection_port, in_reply_port, request_stream);
155		}
156
157		krb5int_ipc_stream_release (request_stream);
158		if (in_ool_requestCnt) { vm_deallocate (mach_task_self (), (vm_address_t) in_ool_request, in_ool_requestCnt); }
159
160		return err;
161		}
162
163		/* ------------------------------------------------------------------------ */
164
165		static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_lookup,
166		char **out_service)
167		{
168		kern_return_t err = KERN_SUCCESS;
169		CFBundleRef bundle = NULL;
170		CFStringRef id_string = NULL;
171		CFIndex len = 0;
172		char *service_id = NULL;
173		char *lookup = NULL;
174		char *service = NULL;
175
176		if (!out_lookup ) { err = EINVAL; }
177		if (!out_service) { err = EINVAL; }
178
179		if (!err) {
180		bundle = CFBundleGetMainBundle ();
181		if (!bundle) { err = ENOENT; }
182		}
183
184		if (!err) {
185		id_string = CFBundleGetIdentifier (bundle);
186		if (!id_string) { err = ENOMEM; }
187		}
188
189		if (!err) {
190		len = CFStringGetMaximumSizeForEncoding (CFStringGetLength (id_string),
191		kCFStringEncodingUTF8) + 1;
192		}
193
194		if (!err) {
195		service_id = calloc (len, sizeof (char));
196		if (!service_id) { err = errno; }
197		}
198
199		if (!err && !CFStringGetCString (id_string, service_id, len,
200		kCFStringEncodingUTF8)) {
201		err = ENOMEM;
202		}
203
204		if (!err) {
205		int w = asprintf (&lookup, "%s%s", service_id, K5_MIG_LOOKUP_SUFFIX);
206		if (w < 0) { err = ENOMEM; }
207		}
208
209		if (!err) {
210		int w = asprintf (&service, "%s%s", service_id, K5_MIG_SERVICE_SUFFIX);
211		if (w < 0) { err = ENOMEM; }
212		}
213
214		if (!err) {
215		*out_lookup = lookup;
216		lookup = NULL;
217		*out_service = service;
218		service = NULL;
219		}
220
221		free (service);
222		free (lookup);
223		free (service_id);
224
225		return err;
226		}
227
228		#pragma mark -
229
230		/* ------------------------------------------------------------------------ */
231
232		int32_t k5_ipc_server_listen_loop (void)
233		{
234		/* Run the Mach IPC listen loop.
235		* This will call k5_ipc_server_create_client_connection for new clients
236		* and k5_ipc_server_request for existing clients */
237
238		kern_return_t err = KERN_SUCCESS;
239		char *service = NULL;
240		char *lookup = NULL;
241		mach_port_t lookup_port = MACH_PORT_NULL;
242		mach_port_t boot_port = MACH_PORT_NULL;
243		mach_port_t previous_notify_port = MACH_PORT_NULL;
244
245		if (!err) {
246		err = k5_ipc_server_get_lookup_and_service_names (&lookup, &service);
247		}
248
249		if (!err) {
250		/* Get the bootstrap port */
251		err = task_get_bootstrap_port (mach_task_self (), &boot_port);
252		}
253
254		if (!err) {
255		/* We are an on-demand server so our lookup port already exists. */
256		err = bootstrap_check_in (boot_port, lookup, &lookup_port);
257		}
258
259		if (!err) {
260		/* We are an on-demand server so our service port already exists. */
261		err = bootstrap_check_in (boot_port, service, &g_service_port);
262		}
263
264		if (!err) {
265		/* Create the port set that the server will listen on */
266		err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE,
267		&g_notify_port);
268		}
269
270		if (!err) {
271		/* Ask for notification when the server port has no more senders
272		* A send-once right != a send right so our send-once right will
273		* not interfere with the notification */
274		err = mach_port_request_notification (mach_task_self (), g_service_port,
275		MACH_NOTIFY_NO_SENDERS, true,
276		g_notify_port,
277		MACH_MSG_TYPE_MAKE_SEND_ONCE,
278		&previous_notify_port);
279		}
280
281		if (!err) {
282		/* Create the port set that the server will listen on */
283		err = mach_port_allocate (mach_task_self (),
284		MACH_PORT_RIGHT_PORT_SET, &g_listen_port_set);
285		}
286
287		if (!err) {
288		/* Add the lookup port to the port set */
289		err = mach_port_move_member (mach_task_self (),
290		lookup_port, g_listen_port_set);
291		}
292
293		if (!err) {
294		/* Add the service port to the port set */
295		err = mach_port_move_member (mach_task_self (),
296		g_service_port, g_listen_port_set);
297		}
298
299		if (!err) {
300		/* Add the notify port to the port set */
301		err = mach_port_move_member (mach_task_self (),
302		g_notify_port, g_listen_port_set);
303		}
304
305		while (!err && !g_ready_to_quit) {
306		/* Handle one message at a time so we can check to see if
307		* the server wants to quit */
308		err = mach_msg_server_once (k5_ipc_request_demux, K5_IPC_MAX_MSG_SIZE,
309		g_listen_port_set, MACH_MSG_OPTION_NONE);
310		}
311
312		/* Clean up the ports and strings */
313		if (MACH_PORT_VALID (g_notify_port)) {
314		mach_port_destroy (mach_task_self (), g_notify_port);
315		g_notify_port = MACH_PORT_NULL;
316		}
317		if (MACH_PORT_VALID (g_listen_port_set)) {
318		mach_port_destroy (mach_task_self (), g_listen_port_set);
319		g_listen_port_set = MACH_PORT_NULL;
320		}
321		if (MACH_PORT_VALID (boot_port)) {
322		mach_port_deallocate (mach_task_self (), boot_port);
323		}
324
325		free (service);
326		free (lookup);
327
328		return err;
329		}
330
331		/* ------------------------------------------------------------------------ */
332
333		int32_t k5_ipc_server_send_reply (mach_port_t in_reply_port,
334		k5_ipc_stream in_reply_stream)
335		{
336		kern_return_t err = KERN_SUCCESS;
337		k5_ipc_inl_reply_t inl_reply;
338		mach_msg_type_number_t inl_reply_length = 0;
339		k5_ipc_ool_reply_t ool_reply = NULL;
340		mach_msg_type_number_t ool_reply_length = 0;
341
342		if (!MACH_PORT_VALID (in_reply_port)) { err = EINVAL; }
343		if (!in_reply_stream ) { err = EINVAL; }
344
345		if (!err) {
346		/* depending on how big the message is, use the fast inline buffer or
347		* the slow dynamically allocated buffer */
348		mach_msg_type_number_t reply_length = krb5int_ipc_stream_size (in_reply_stream);
349
350		if (reply_length > K5_IPC_MAX_INL_MSG_SIZE) {
351		//dprintf ("%s choosing out of line buffer (size is %d)",
352		// __FUNCTION__, reply_length);
353
354		err = vm_read (mach_task_self (),
355		(vm_address_t) krb5int_ipc_stream_data (in_reply_stream), reply_length,
356		(vm_address_t *) &ool_reply, &ool_reply_length);
357
358		} else {
359		//cci_debug_printf ("%s choosing in line buffer (size is %d)",
360		// __FUNCTION__, reply_length);
361
362		inl_reply_length = reply_length;
363		memcpy (inl_reply, krb5int_ipc_stream_data (in_reply_stream), reply_length);
364		}
365		}
366
367		if (!err) {
368		err = k5_ipc_server_reply (in_reply_port,
369		inl_reply, inl_reply_length,
370		ool_reply, ool_reply_length);
371		}
372
373		if (!err) {
374		/* Because we use ",dealloc" ool_reply will be freed by mach. Don't double free it. */
375		ool_reply = NULL;
376		ool_reply_length = 0;
377		}
378
379		if (ool_reply_length) { vm_deallocate (mach_task_self (), (vm_address_t) ool_reply, ool_reply_length); }
380
381		return err;
382		}
383
384		/* ------------------------------------------------------------------------ */
385
386		void k5_ipc_server_quit (void)
387		{
388		g_ready_to_quit = 1;
389		}

+0

-52

~~src/util/mac/k5_mig_server.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* util/mac/k5_mig_server.h */
2		/*
3		* Copyright 2006 Massachusetts Institute of Technology.
4		* All Rights Reserved.
5		*
6		* Export of this software from the United States of America may
7		* require a specific license from the United States Government.
8		* It is the responsibility of any person or organization contemplating
9		* export to obtain such a license before exporting.
10		*
11		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12		* distribute this software and its documentation for any purpose and
13		* without fee is hereby granted, provided that the above copyright
14		* notice appear in all copies and that both that copyright notice and
15		* this permission notice appear in supporting documentation, and that
16		* the name of M.I.T. not be used in advertising or publicity pertaining
17		* to distribution of the software without specific, written prior
18		* permission. Furthermore if you modify this software you must label
19		* your software as modified software and not distribute it in such a
20		* fashion that it might be confused with the original M.I.T. software.
21		* M.I.T. makes no representations about the suitability of
22		* this software for any purpose. It is provided "as is" without express
23		* or implied warranty.
24		*/
25
26		#ifndef K5_MIG_SERVER
27		#define K5_MIG_SERVER
28
29		#include "k5-ipc_stream.h"
30
31		/* Defined by caller */
32
33		int32_t k5_ipc_server_add_client (mach_port_t in_client_port);
34
35		int32_t k5_ipc_server_remove_client (mach_port_t in_client_port);
36
37		int32_t k5_ipc_server_handle_request (mach_port_t in_connection_port,
38		mach_port_t in_reply_port,
39		k5_ipc_stream in_request_stream);
40
41		/* Server control functions */
42
43		/* WARNING: Currently only supports running server loop on a single thread! */
44		int32_t k5_ipc_server_listen_loop (void);
45
46		int32_t k5_ipc_server_send_reply (mach_port_t in_reply_pipe,
47		k5_ipc_stream in_reply_stream);
48
49		void k5_ipc_server_quit (void);
50
51		#endif /* K5_MIG_SERVER */

+0

-60

~~src/util/mac/k5_mig_types.h~~ less more

0		/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
1		/* $Copyright:
2		*
3		* Copyright 2004-2006 by the Massachusetts Institute of Technology.
4		*
5		* All rights reserved.
6		*
7		* Export of this software from the United States of America may require a
8		* specific license from the United States Government. It is the
9		* responsibility of any person or organization contemplating export to
10		* obtain such a license before exporting.
11		*
12		* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
13		* this software and its documentation for any purpose and without fee is
14		* hereby granted, provided that the above copyright notice appear in all
15		* copies and that both that copyright notice and this permission notice
16		* appear in supporting documentation, and that the name of M.I.T. not be
17		* used in advertising or publicity pertaining to distribution of the
18		* software without specific, written prior permission. Furthermore if you
19		* modify this software you must label your software as modified software
20		* and not distribute it in such a fashion that it might be confused with
21		* the original MIT software. M.I.T. makes no representations about the
22		* suitability of this software for any purpose. It is provided "as is"
23		* without express or implied warranty.
24		*
25		* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
26		* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
27		* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
28		*
29		* Individual source code files are copyright MIT, Cygnus Support,
30		* OpenVision, Oracle, Sun Soft, FundsXpress, and others.
31		*
32		* Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
33		* and Zephyr are trademarks of the Massachusetts Institute of Technology
34		* (MIT). No commercial use of these trademarks may be made without prior
35		* written permission of MIT.
36		*
37		* "Commercial use" means use of a name in a product or other for-profit
38		* manner. It does NOT prevent a commercial firm from referring to the MIT
39		* trademarks in order to convey information (although in doing so,
40		* recognition of their trademark status should be given).
41		* $
42		*/
43
44		#ifndef K5_MIG_TYPES_H
45		#define K5_MIG_TYPES_H
46
47		#define K5_IPC_MAX_MSG_SIZE 2048 + MAX_TRAILER_SIZE
48
49		#define K5_MIG_LOOKUP_SUFFIX ".ipcLookup"
50		#define K5_MIG_SERVICE_SUFFIX ".ipcService"
51
52		#define K5_IPC_MAX_INL_MSG_SIZE 1024
53
54		typedef const char k5_ipc_inl_request_t[K5_IPC_MAX_INL_MSG_SIZE];
55		typedef const char *k5_ipc_ool_request_t;
56		typedef char k5_ipc_inl_reply_t[K5_IPC_MAX_INL_MSG_SIZE];
57		typedef char *k5_ipc_ool_reply_t;
58
59		#endif /* K5_MIG_TYPES_H */

+2

-2

src/util/mkrel less more

182	182	if test $dodoc = t; then
183	183	echo "Building doc..."
184	184	(cd $reldir/src/doc && make -f Makefile.in \
185		top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python html pdf)
	185	top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python3 html pdf)
186	186	(cd $reldir/src/doc && make -f Makefile.in \
187		top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python clean)
	187	top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python3 clean)
188	188	fi
189	189
190	190	echo "Generating tarfiles..."

+0

-17

~~src/util/paste-kdcproxy.py~~ less more

0		import kdcproxy
1		from paste import httpserver
2		import os
3		import sys
4
5		if len(sys.argv) > 1:
6		port = sys.argv[1]
7		else:
8		port = 8443
9		if len(sys.argv) > 2:
10		pem = sys.argv[2]
11		else:
12		pem = '*'
13		server = httpserver.serve(kdcproxy.Application(), port=port, ssl_pem=pem,
14		start_loop=False)
15		os.write(sys.stdout.fileno(), 'proxy server ready\n')
16		server.serve_forever()

+18

-2

src/util/profile/Makefile.in less more

128	128	clean-unix:: clean-libs clean-libobjs
129	129	$(RM) $(PROGS) .o ~ core prof_err.h profile.h prof_err.c
130	130	$(RM) test_load test_parse test_profile test_vtable profile_tcl
131		$(RM) modtest.conf testinc.ini testinc2.ini
	131	$(RM) modtest.conf testinc.ini testinc2.ini final.out
132	132	$(RM) -r test_include_dir
133	133
134	134	clean-windows::

139	139	$(RUN_TEST) ./test_load
140	140
141	141	DO_TCL=@DO_TCL@
142		check-unix: check-unix-tcl-$(DO_TCL)
	142	check-unix: check-unix-final check-unix-tcl-$(DO_TCL)
	143
	144	F1=$(srcdir)/final1.ini
	145	F2=$(srcdir)/final2.ini
	146	F3=$(srcdir)/final3.ini
	147	F4=$(srcdir)/final4.ini
	148	F5=$(srcdir)/final5.ini
	149	QUERY=query section subsection key
	150	check-unix-final: test_profile
	151	$(RM) final.out
	152	(echo; $(RUN_TEST) ./test_profile $(F1):$(F1) $(QUERY)) > final.out
	153	(echo; $(RUN_TEST) ./test_profile $(F2):$(F1) $(QUERY)) >> final.out
	154	(echo; $(RUN_TEST) ./test_profile $(F3):$(F1) $(QUERY)) >> final.out
	155	(echo; $(RUN_TEST) ./test_profile $(F4):$(F1) $(QUERY)) >> final.out
	156	(echo; $(RUN_TEST) ./test_profile $(F5):$(F1) $(QUERY)) >> final.out
	157	cmp final.out $(srcdir)/final.expected
	158	$(RM) final.out
143	159
144	160	check-unix-tcl-:
145	161	@echo "+++"

+12

-0

src/util/profile/final.expected less more

	0
	1	value1
	2	value1
	3
	4	value2
	5	value1
	6
	7	value3
	8
	9	value4
	10
	11	value5

+6

-0

src/util/profile/final1.ini less more

	0	# A basic profile setting a single relation in a subsection, with
	1	# nothing marked final.
	2	[section]
	3	subsection = {
	4	key = value1
	5	}

+7

-0

src/util/profile/final2.ini less more

	0	# In this variant the relation is marked final. There is parsing
	1	# support for this but no iteration or dumping support, so the marker
	2	# currently has no effect.
	3	[section]
	4	subsection = {
	5	key* = value2
	6	}

+6

-0

src/util/profile/final3.ini less more

	0	# In this variant the subsection is marked final via a '*' at the end
	1	# of the tag name.
	2	[section]
	3	subsection* = {
	4	key = value3
	5	}

+6

-0

src/util/profile/final4.ini less more

	0	# In this variant the subsection is marked final via a '*' after the
	1	# closing brace.
	2	[section]
	3	subsection = {
	4	key = value4
	5	}*

+5

-0

src/util/profile/final5.ini less more

	0	# In this variant the top-level section is marked final.
	1	[section]*
	2	subsection = {
	3	key = value5
	4	}

+1

-1

src/util/profile/prof_file.c less more

181	181	prf->magic = PROF_MAGIC_FILE;
182	182
183	183	if (filespec[0] == '~' && filespec[1] == '/') {
184		home_env = getenv("HOME");
	184	home_env = secure_getenv("HOME");
185	185	#ifdef HAVE_PWD_H
186	186	if (home_env == NULL) {
187	187	uid_t uid;

+1

-1

src/util/profile/prof_parse.c less more

47	47	char to, from;
48	48
49	49	for (to = from = str; from && from != '"'; to++, from++) {
50		if (*from == '\\') {
	50	if (from == '\\' && (from + 1) != '\0') {
51	51	from++;
52	52	switch (*from) {
53	53	case 'n':

+1

-1

src/util/ss/ct_c_sed.in less more

41	41	s/, */, /g
42	42	/^$/d
43	43	#
44		# Now we take care of some syntatic sugar.....
	44	# Now we take care of some syntactic sugar.....
45	45	#
46	46	/^unimplemented/ {
47	47	s/^unimplemented [A-Za-z_0-9]*/request ss_unimplemented/

+1

-1

src/util/ss/deps less more

62	62	ss_internal.h utils.c
63	63	options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
64	64	$(COM_ERR_DEPS) copyright.h options.c ss.h
65		cmd_tbl.lex.o: cmd_tbl.lex.c
	65	cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
66	66	ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
67	67	ct.tab.c ss.h
68	68	ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \

+12

-4

src/util/support/Makefile.in less more

14	14	LIBMAJOR=@SUPPORTLIB_MAJOR@
15	15	LIBMINOR=1
16	16
17		LIBINITFUNC=krb5int_thread_support_init
	17	LIBINITFUNC=krb5int_thread_support_init @SECURE_GETENV_INIT@
18	18	LIBFINIFUNC=krb5int_thread_support_fini
19	19
20	20	GETTIMEOFDAY_ST_OBJ= @GETTIMEOFDAY_ST_OBJ@

51	51	GETOPT_LONG_OBJ= @GETOPT_LONG_OBJ@
52	52	##DOS##GETOPT_LONG_ST_OBJ= getopt_long.o
53	53	##DOS##GETOPT_LONG_OBJ= $(OUTPRE)getopt_long.$(OBJEXT)
	54
	55	SECURE_GETENV_ST_OBJ= @SECURE_GETENV_ST_OBJ@
	56	SECURE_GETENV_OBJ= @SECURE_GETENV_OBJ@
	57	##DOS##SECURE_GETENV_ST_OBJ=
	58	##DOS##SECURE_GETENV_OBJ=
54	59
55	60	IPC_ST_OBJ=
56	61	IPC_OBJ=

92	97	$(PRINTF_ST_OBJ) \
93	98	$(MKSTEMP_ST_OBJ) \
94	99	$(GETOPT_ST_OBJ) \
95		$(GETOPT_LONG_ST_OBJ)
	100	$(GETOPT_LONG_ST_OBJ) \
	101	$(SECURE_GETENV_OBJ)
96	102
97	103	LIBOBJS= \
98	104	$(OUTPRE)threads.$(OBJEXT) \

120	126	$(PRINTF_OBJ) \
121	127	$(MKSTEMP_OBJ) \
122	128	$(GETOPT_OBJ) \
123		$(GETOPT_LONG_OBJ)
	129	$(GETOPT_LONG_OBJ) \
	130	$(SECURE_GETENV_OBJ)
124	131
125	132	SRCS=\
126	133	$(srcdir)/threads.c \

155	162	$(srcdir)/t_utf8.c \
156	163	$(srcdir)/t_utf16.c \
157	164	$(srcdir)/getopt.c \
158		$(srcdir)/getopt_long.c
	165	$(srcdir)/getopt_long.c \
	166	$(srcdir)/secure_getenv.c
159	167
160	168	SHLIB_EXPDEPS =
161	169	# Add -lm if dumping thread stats, for sqrt.

+1

-1

src/util/support/cache-addrinfo.h less more

85	85	*
86	86	* + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
87	87	* functions if available. But, see
88		* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
	88	* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
89	89	* gethostbyname2 problem on Linux. And besides, if a platform is
90	90	* supporting IPv6 at all, they really should be doing getaddrinfo
91	91	* by now.

+3

-0

src/util/support/deps less more

110	110	getopt_long.so getopt_long.po $(OUTPRE)getopt_long.$(OBJEXT): \
111	111	$(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
112	112	$(top_srcdir)/include/k5-thread.h getopt_long.c
	113	secure_getenv.so secure_getenv.po $(OUTPRE)secure_getenv.$(OBJEXT): \
	114	$(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
	115	$(top_srcdir)/include/k5-thread.h secure_getenv.c

+2

-3

src/util/support/errors.c less more

77	77
78	78	lock();
79	79	if (fptr == NULL) {
	80	/* Should be rare; fptr should be set whenever libkrb5 is loaded. */
80	81	unlock();
81		if (strerror_r(code, buf, sizeof(buf)) == 0)
82		return oom_check(strdup(buf));
83		return oom_check(strdup(strerror(code)));
	82	return oom_check(strdup(_("Error code translation unavailable")));
84	83	}
85	84	r = fptr(code);
86	85	#ifndef HAVE_COM_ERR_INTL

+2

-2

src/util/support/fake-addrinfo.c less more

86	86	*
87	87	* + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
88	88	* functions if available. But, see
89		* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
	89	* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
90	90	* gethostbyname2 problem on Linux. And besides, if a platform is
91	91	* supporting IPv6 at all, they really should be doing getaddrinfo
92	92	* by now.

1166	1166	that, we'll have to start replacing and freeing all of the
1167	1167	ai_canonname fields.
1168	1168
1169		Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133668 .
	1169	Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133668 .
1170	1170
1171	1171	Since it's dependent on the target hostname, it's hard to check
1172	1172	for at configure time. The bug was fixed in glibc 2.3.4.

+9

-0

src/util/support/hashtab.c less more

110	110	return v0 ^ v1 ^ v2 ^ v3;
111	111	}
112	112
	113	uint64_t
	114	k5_siphash24(const uint8_t *data, size_t len,
	115	const uint8_t seed[K5_HASH_SEED_LEN])
	116	{
	117	uint64_t k0 = load_64_le(seed), k1 = load_64_le(seed + 8);
	118
	119	return siphash24(data, len, k0, k1);
	120	}
	121
113	122	int
114	123	k5_hashtab_create(const uint8_t seed[K5_HASH_SEED_LEN], size_t initial_buckets,
115	124	struct k5_hashtab **ht_out)

+1

-0

src/util/support/libkrb5support-fixed.exports less more

59	59	k5_path_isabs
60	60	k5_path_join
61	61	k5_path_split
	62	k5_siphash24
62	63	k5_strerror_r
63	64	k5_utf8_to_utf16le
64	65	k5_utf16le_to_utf8

+14

-0

src/util/support/plugins.c less more

53	53	#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW \| RTLD_LOCAL \| GROUP \| NODELETE)
54	54	#endif
55	55
	56	/*
	57	* glibc bug 11941, fixed in release 2.25, can cause an assertion failure in
	58	* dlclose() on process exit. Our workaround is to leak dlopen() handles
	59	* (which doesn't typically manifest in leak detection tools because the
	60	* handles are still reachable via a global table in libdl). Because we
	61	* dlopen() with RTLD_NODELETE, we weren't going to unload the plugin objects
	62	* anyway.
	63	*/
	64	#ifdef __GLIBC_PREREQ
	65	#if ! __GLIBC_PREREQ(2, 25)
	66	#define dlclose(x)
	67	#endif
	68	#endif
	69
56	70	#if USE_DLOPEN && USE_CFBUNDLE
57	71	#include <CoreFoundation/CoreFoundation.h>
58	72

+111

-0

src/util/support/secure_getenv.c less more

	0	/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */
	1	/* util/support/secure_getenv.c - secure_getenv() portability support */
	2	/*
	3	* Copyright (C) 2019 by the Massachusetts Institute of Technology.
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	*
	10	* * Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	*
	13	* * Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in
	15	* the documentation and/or other materials provided with the
	16	* distribution.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	21	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	22	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	24	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	25	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	27	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	28	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	29	* OF THE POSSIBILITY OF SUCH DAMAGE.
	30	*/
	31
	32	/*
	33	* This file contains the fallback implementation for secure_getenv(), which is
	34	* currently only provided by glibc 2.17 and later. The goal is to ignore the
	35	* environment if this process is (or previously was) running at elevated
	36	* privilege compared to the calling process.
	37	*
	38	* In this fallback version we compare the real and effective uid/gid, and also
	39	* compare the saved uid/gid if possible. These comparisons detect a setuid or
	40	* setgid process which is still running with elevated privilege; if we can
	41	* fetch the saved uid/gid, we also detect a process which has temporarily
	42	* dropped privilege with seteuid() or setegid(). These comparisons do not
	43	* detect the case where a setuid or setgid process has permanently dropped
	44	* privilege before the library initializer ran; this is not ideal because such
	45	* a process may possess a privileged resource or have privileged information
	46	* in its address space.
	47	*
	48	* Heimdal also looks at the ELF aux vector in /proc/self/auxv to determine the
	49	* starting uid/euid/gid/euid on Solaris/Illumos and NetBSD. On FreeBSD this
	50	* approach can determine the executable path to do a stat() check. We do not
	51	* go to this length due to the amount of code required.
	52	*
	53	* The BSDs and Solaris provide issetugid(), but the FreeBSD and NetBSD
	54	* versions are not useful; they return true if a non-setuid/setgid executable
	55	* is run by root and drops privilege, such as Apache httpd. We do not want to
	56	* ignore the process environment in this case.
	57	*
	58	* On some platforms a process may have elevated privilege via mechanisms other
	59	* than setuid/setgid. glibc's secure_getenv() should detect these cases on
	60	* Linux; we do not detect them in this fallback version.
	61	*/
	62
	63	#include "k5-platform.h"
	64
	65	static int elevated_privilege = 0;
	66
	67	MAKE_INIT_FUNCTION(k5_secure_getenv_init);
	68
	69	int
	70	k5_secure_getenv_init()
	71	{
	72	int saved_errno = errno;
	73
	74	#ifdef HAVE_GETRESUID
	75	{
	76	uid_t r, e, s;
	77	if (getresuid(&r, &e, &s) == 0) {
	78	if (r != e \|\| r != s)
	79	elevated_privilege = 1;
	80	}
	81	}
	82	#else
	83	if (getuid() != geteuid())
	84	elevated_privilege = 1;
	85	#endif
	86
	87	#ifdef HAVE_GETRESGID
	88	{
	89	gid_t r, e, s;
	90	if (!elevated_privilege && getresgid(&r, &e, &s) == 0) {
	91	if (r != e \|\| r != s)
	92	elevated_privilege = 1;
	93	}
	94	}
	95	#else
	96	if (!elevated_privilege && getgid() != getegid())
	97	elevated_privilege = 1;
	98	#endif
	99
	100	errno = saved_errno;
	101	return 0;
	102	}
	103
	104	char *
	105	k5_secure_getenv(const char *name)
	106	{
	107	if (CALL_INIT_FUNCTION(k5_secure_getenv_init) != 0)
	108	return NULL;
	109	return elevated_privilege ? NULL : getenv(name);
	110	}

+4

-4

src/util/support/utf8.c less more

32	32	*
33	33	* A copy of this license is available in the file LICENSE in the
34	34	* top-level directory of the distribution or, alternatively, at
35		* <http://www.OpenLDAP.org/license.html>.
36		*/
37
38		/* This work is part of OpenLDAP Software <http://www.openldap.org/>. */
	35	* <https://www.OpenLDAP.org/license.html>.
	36	*/
	37
	38	/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
39	39
40	40	/* Basic UTF-8 routines
41	41	*

+5

-9

src/util/support/utf8_conv.c less more

32	32	*
33	33	* A copy of this license is available in the file LICENSE in the
34	34	* top-level directory of the distribution or, alternatively, at
35		* <http://www.OpenLDAP.org/license.html>.
	35	* <https://www.OpenLDAP.org/license.html>.
36	36	*/
37	37	/* Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
38	38	*

46	46	* THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
47	47	*/
48	48
49		/* This work is based on OpenLDAP Software <http://www.openldap.org/>. */
	49	/* This work is based on OpenLDAP Software <https://www.openldap.org/>. */
50	50
51	51	/*
52	52	* These routines convert between UTF-16 and UTF-8. UTF-16 encodes a Unicode

93	93	struct k5buf buf;
94	94	krb5_ucs4 ch;
95	95	size_t chlen, i;
96		uint8_t *p;
97	96
98	97	*utf16_out = NULL;
99	98	*nbytes_out = 0;

126	125
127	126	/* Characters in the basic multilingual plane are encoded using two
128	127	* bytes; other characters are encoded using four bytes. */
129		p = k5_buf_get_space(&buf, IS_BMP(ch) ? 2 : 4);
130		if (p == NULL)
131		return ENOMEM;
132	128	if (IS_BMP(ch)) {
133		store_16_le(ch, p);
	129	k5_buf_add_uint16_le(&buf, ch);
134	130	} else {
135	131	/* 0x10000 is subtracted from ch; then the high ten bits plus
136	132	* 0xD800 and the low ten bits plus 0xDC00 are the surrogates. */
137		store_16_le(HIGH_SURROGATE(ch), p);
138		store_16_le(LOW_SURROGATE(ch), p + 2);
	133	k5_buf_add_uint16_le(&buf, HIGH_SURROGATE(ch));
	134	k5_buf_add_uint16_le(&buf, LOW_SURROGATE(ch));
139	135	}
140	136
141	137	/* Move to next UTF-8 character. */

+10

-10

src/util/testrealm.py less more

67	67	pwfile.write('user: %s\nadmin: %s\n' % (password('user'), password('admin')))
68	68	pwfile.close()
69	69
70		print
71		print 'Realm files are in %s' % realm.testdir
72		print 'KRB5_CONFIG is %s' % env['KRB5_CONFIG']
73		print 'KRB5_KDC_PROFILE is %s' % env['KRB5_KDC_PROFILE']
74		print 'KRB5CCNAME is %s' % env['KRB5CCNAME']
75		print 'KRB5_KTNAME is %s' % env['KRB5_KTNAME']
76		print 'KRB5RCACHEDIR is %s' % env['KRB5RCACHEDIR']
77		print 'Password for user is %s (see also %s)' % (password('user'), pwfilename)
78		print 'Password for admin is %s' % password('admin')
79		print
	70	print()
	71	print('Realm files are in %s' % realm.testdir)
	72	print('KRB5_CONFIG is %s' % env['KRB5_CONFIG'])
	73	print('KRB5_KDC_PROFILE is %s' % env['KRB5_KDC_PROFILE'])
	74	print('KRB5CCNAME is %s' % env['KRB5CCNAME'])
	75	print('KRB5_KTNAME is %s' % env['KRB5_KTNAME'])
	76	print('KRB5RCACHEDIR is %s' % env['KRB5RCACHEDIR'])
	77	print('Password for user is %s (see also %s)' % (password('user'), pwfilename))
	78	print('Password for admin is %s' % password('admin'))
	79	print()
80	80
81	81	subprocess.call([os.getenv('SHELL')], env=env)
82	82	success('Create test krb5 realm.')

+19

-0

src/util/wsgiref-kdcproxy.py less more

	0	import kdcproxy
	1	import os
	2	import ssl
	3	import sys
	4	from wsgiref.simple_server import make_server
	5
	6	if len(sys.argv) > 1:
	7	port = int(sys.argv[1])
	8	else:
	9	port = 8443
	10	if len(sys.argv) > 2:
	11	pem = sys.argv[2]
	12	else:
	13	pem = '*'
	14
	15	server = make_server('localhost', port, kdcproxy.Application())
	16	server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True)
	17	os.write(sys.stdout.fileno(), b'proxy server ready\n')
	18	server.serve_forever()

+1

-1

src/windows/README less more

29	29	BASH from https://gitforwindows.org and configure it to add the Unix
30	30	utilities to the command-line path. In some versions of Windows (not
31	31	the most current versions), the Unix utilities can alternatively be
32		obtained via the Utilities and SDK for UNIX-based Aplications, which
	32	obtained via the Utilities and SDK for UNIX-based Applications, which
33	33	may be enabled as a Windows feature and then the components installed.
34	34	Note that the Windows nmake will not find the SUA awk utility in the
35	35	path unless it is named awk.exe; the permissions on the utility may

+1

-0

src/windows/installer/wix/files.wxi less more

364	364	<Directory Id="dirinc_krb5_gssapi" Name="gssapi" FileSource="$(var.IncDir)gssapi\">
365	365	<Component Id="cmp_dirinc_krb5_gssapi" Guid="BD3C190B-1EBB-4d14-81DD-B2000DC4EAC7" DiskId="1">
366	366	<File Id="fil_gssapi_h" Name="gssapi.h" KeyPath="yes" />
	367	<File Id="fil_gssapi_alloc_h" Name="gssapi_alloc.h" />
367	368	<File Id="fil_gssapi_ext_h" Name="gssapi_ext.h" />
368	369	<File Id="fil_gssapi_generic_h" Name="gssapi_generic.h" />
369	370	<File Id="fil_gssapi_krb5_h" Name="gssapi_krb5.h" />

+1

-1

src/windows/installer/wix/lang/ui_1033.wxi less more

1156	1156	<Error Id="1932">The Windows Installer service cannot update the protected Windows file [2]. {{Package version: [3], OS Protected version: [4], SFP Error: [5]}}</Error>
1157	1157	<Error Id="1933">The Windows Installer service cannot update one or more protected Windows files. {{SFP Error: [2]. List of protected files:\r\n[3]}}</Error>
1158	1158	<Error Id="1934">User installations are disabled via policy on the machine.</Error>
1159		<Error Id="1935">An error occured during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}</Error>
	1159	<Error Id="1935">An error occurred during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}</Error>
1160	1160
1161	1161	<Error Id="4001">Custom action data not found. STATUS [2]</Error>
1162	1162	<Error Id="4003">NSIS Uninstallation failed. Status [2]</Error>

+3

-3

src/windows/installer/wix/property.wxi less more

34	34
35	35	<Property Id="ARPCOMMENTS">$(var.ARPComments)</Property>
36	36	<Property Id="ARPCONTACT">kerberos@mit.edu</Property>
37		<Property Id="ARPURLINFOABOUT">http://web.mit.edu/kerberos</Property>
38		<Property Id="ARPHELPLINK">http://web.mit.edu/kerberos</Property>
	37	<Property Id="ARPURLINFOABOUT">https://web.mit.edu/kerberos</Property>
	38	<Property Id="ARPHELPLINK">https://web.mit.edu/kerberos</Property>
39	39	<Property Id="INSTALLLEVEL">50</Property>
40		<Property Id="ComponentDownload">http://web.mit.edu/kerberos</Property>
	40	<Property Id="ComponentDownload">https://web.mit.edu/kerberos</Property>
41	41
42	42	<Property Id="UPGRADENSIS">
43	43	<RegistrySearch Win64="no" Id="regsrch_NSIS" Root="HKLM" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\Kerberos for Windows" Name="UninstallString" Type="raw"/>

+1

-1

src/windows/kfwlogon/kfwlogon.c less more

567	567
568	568
569	569	/* Documentation on the use of RunDll32 entrypoints can be found
570		* at http://support.microsoft.com/kb/164787
	570	* at https://support.microsoft.com/kb/164787
571	571	*/
572	572	void CALLBACK
573	573	LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)

+1

-1

src/windows/kfwlogon/kfwlogon.h less more

93	93
94	94	enum {
95	95	CC_CRED_VUNKNOWN = 0, // For validation
96		CC_CRED_V4 = 1,
	96	/* CC_CRED_V4 = 1, */
97	97	CC_CRED_V5 = 2,
98	98	CC_CRED_VMAX = 3 // For validation
99	99	};

+2

-1

src/windows/leash/KrbListTickets.cpp less more

221	221	}
222	222	code = pkrb5_cc_start_seq_get(ctx, cache, &cur);
223	223	if (code) {
224		functionName = "krb5_cc_start_seq_get";
	224	// MSLSA errors here if no TGT is found; suppress error message box
	225	code = 0;
225	226	goto cleanup;
226	227	}
227	228	if (*ticketInfoTail)

+2

-2

src/windows/leash/Leash.rc less more

714	714	ID_LARGE_ICONS "Show large or small tree icons"
715	715	ID_UPPERCASE_REALM "Allow realm names that include lower case letters.\n Allow Mixed Case Realm Name"
716	716	ID_OPTIONS_RESETWINDOWSIZE
717		"Puts Leash's main window back to it's default size "
718		ID_RESET_WINDOW_SIZE "Refresh Leash window to it's default size/position"
	717	"Puts Leash's main window back to its default size "
	718	ID_RESET_WINDOW_SIZE "Refresh Leash window to its default size/position"
719	719	ID_SYSTEM_CONTROL_PANEL "Open your System Properties window"
720	720	ID_OPTIONS_LOWTICKETALARMSOUND
721	721	"Turn alarm off or on, when ticket time is low"

+1

-13

src/windows/leash/htmlhelp/html/Encryption_Types.htm less more

78	78	<th>Description</th>
79	79	</tr>
80	80	<tr>
81		<th id="th2"> des- </th>
82		<td> The DES (Data Encryption Standard)
83		family is a symmetric block cipher. It was designed to handle only
84		56-bit keys which is not enough for modern computing power. It is now
85		considered to be weak encryption. <ul id="helpul">
86		<li> des-cbc-crc (<b>weak</b>) </li>
87		<li>des-cbc-md5 (<b>weak</b>) </li>
88		<li> des-cbc-md4 (<b>weak</b>) </li>
89
90		</ul>
91		</td>
92		</tr><tr>
93	81	<th id="th2"> des3- </th>
94	82	<td> The triple DES family improves on
95	83	the original DES (Data Encryption Standard) by using 3 separate 56-bit

105	93	<tr>
106	94	<th id="th2"> aes </th>
107	95	<td>The AES Advanced Encryption Standard
108		family, like DES and 3DES, is a symmetric block cipher and was designed
	96	family, like 3DES, is a symmetric block cipher and was designed
109	97	to replace them. It can use multiple key sizes. Kerberos specifies use
110	98	for 256-bit and 128-bit keys.
111	99	<ul id="helpul">

+1

-1

src/windows/leash/htmlhelp/html/FAQ.htm less more

90	90	<p>
91	91	You cannot use the MIT Kerberos program to set preferences such as
92	92	default ticket lifetimes. Instead, edit the appropriate configuration
93		file. For more information, visit the <a href="http://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
	93	file. For more information, visit the <a href="https://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
94	94
95	95	</p>
96	96	<p>

+1

-1

src/windows/leash/htmlhelp/html/How_Kerberos_Works.htm less more

9	9	<p>
10	10	The Kerberos protocol uses secret-key cryptography to allow the user and the service the user is accessing to prove their identities to each other and then to encrypt the rest of their communications. This mutual authentication and subsequent encryption maintain privacy and data integrity for both user and service. </p>
11	11	<p>
12		A basic understanding of Kerberos can be gained by reading the <a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a> page. You do not need to know the inner workings of the encryption and authentication to use Kerberos. However, if you are curious to know more, the MIT Kerberos Consortium has an excellent website with links to several varieties of documentation, including a tutorial of the Kerberos protocol. <a href="http://www.kerberos.org/docs/index.html" target="new">MIT Kerberos Consortium documentation page</a>
	12	A basic understanding of Kerberos can be gained by reading the <a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a> page. You do not need to know the inner workings of the encryption and authentication to use Kerberos. However, if you are curious to know more, the MIT Kerberos Consortium has an excellent website with links to several varieties of documentation, including a tutorial of the Kerberos protocol. <a href="https://www.kerberos.org/docs/index.html" target="new">MIT Kerberos Consortium documentation page</a>
13	13
14	14	<H2>Related Help</H2>
15	15	<ul id="helpul">

+1

-1

src/windows/leash/htmlhelp/html/Renew_Tickets2.html less more

0	0
1		<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
	1	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "https://www.w3.org/TR/html4/strict.dtd">
2	2	<html><head><meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Renew Tickets</title></head><body>
3	3
4	4	<ul>

+1

-1

src/windows/leash/htmlhelp/html/Troubleshooting.htm less more

54	54	<p>
55	55	You cannot use the MIT Kerberos program to set properties such as
56	56	default ticket lifetimes. Instead, edit the appropriate configuration
57		file. For more information, visit the <a href="http://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
	57	file. For more information, visit the <a href="https://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
58	58	</p>
59	59	<p>
60	60	<a href="#top">Back to top</a></p>

+1

-1

src/windows/leashdll/leash-int.h less more

181	181
182	182	enum {
183	183	CC_CRED_VUNKNOWN = 0, // For validation
184		CC_CRED_V4 = 1,
	184	/* CC_CRED_V4 = 1, */
185	185	CC_CRED_V5 = 2,
186	186	CC_CRED_VMAX = 3 // For validation
187	187	};

+2

-2

src/windows/leashdll/lshfunc.c less more

995	995	use the form 'ticket_lifetime = 600' where
996	996	the unit is assumed to be minutes. While
997	997	these are technically wrong (a unit needs
998		to be specified), we try to accomodate for
	998	to be specified), we try to accommodate for
999	999	this using the safe assumption that the
1000	1000	unit is seconds and tack an 's' to the end
1001	1001	and see if that works. */

1147	1147	use the form 'ticket_lifetime = 600' where
1148	1148	the unit is assumed to be minutes. While
1149	1149	these are technically wrong (a unit needs
1150		to be specified), we try to accomodate for
	1150	to be specified), we try to accommodate for
1151	1151	this using the safe assumption that the
1152	1152	unit is seconds and tack an 's' to the end
1153	1153	and see if that works. */

+4

-49

src/windows/lib/cacheapi.h less more

125	125	cc_data ** authdata;
126	126	} cc_creds;
127	127
128		// begin V4 stuff
129		// use an enumerated type so all callers infer the same meaning
130		// these values are what krbv4win uses internally.
131		#define STK_AFS 0
132		#define STK_DES 1
133
134		// K4 uses a MAX_KTXT_LEN of 1250 to hold a ticket
135		// K95 uses 256
136		// To be safe I'll use the larger number, but a factor of 5!!!
137		#define MAX_V4_CRED_LEN 1250
138
139		// V4 Credentials
140
141		enum {
142		KRB_NAME_SZ = 40,
143		KRB_INSTANCE_SZ = 40,
144		KRB_REALM_SZ = 40
145		};
146
147		typedef struct cc_V4credential {
148		unsigned char kversion;
149		char principal[KRB_NAME_SZ + 1];
150		char principal_instance[KRB_INSTANCE_SZ + 1];
151		char service[KRB_NAME_SZ + 1];
152		char service_instance[KRB_INSTANCE_SZ + 1];
153		char realm[KRB_REALM_SZ + 1];
154		unsigned char session_key[8];
155		cc_int32 kvno; // k95 used BYTE skvno
156		cc_int32 str_to_key; // k4 infers dynamically, k95 stores
157		long issue_date; // k95 called this issue_time
158		cc_int32 lifetime; // k95 used LONG expiration_time
159		cc_uint32 address; // IP Address of local host
160		cc_int32 ticket_sz; // k95 used BYTE, k4 ktext uses int to hold up to 1250
161		unsigned char ticket[MAX_V4_CRED_LEN];
162		unsigned long oops; // zero to catch runaways
163		} V4Cred_type;
164
165		enum {
166		CC_CRED_VUNKNOWN = 0, // For validation
167		CC_CRED_V4 = 1,
168		CC_CRED_V5 = 2,
169		CC_CRED_VMAX = 3 // For validation
170		};
171	128
172	129	typedef union cred_ptr_union_type {
173		V4Cred_type* pV4Cred;
174	130	cc_creds* pV5Cred;
175	131	} cred_ptr_union;
176	132

222	178	** create, open, close, destroy, get_principal, get_cred_version, &
223	179	** lock_request
224	180	**
225		** Multiple NCs are allowed within the main cache. Each has a Name
226		** and kerberos version # (V4 or V5). Caller gets "ccache_ptr"s for
227		** NCs.
	181	** Multiple NCs are allowed within the main cache. Each has a Name and
	182	** kerberos version # (V5). Caller gets "ccache_ptr"s for NCs.
228	183	*/
229	184	CCACHE_API
230	185	cc_create(
231	186	apiCB* cc_ctx, // > DLL's primary control structure
232	187	const char* name, // > name of cache to be [destroyed if exists, then] created
233	188	const char* principal,
234		cc_int32 vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
	189	cc_int32 vers, // > ticket version (CC_CRED_V5)
235	190	cc_uint32 cc_flags, // > options
236	191	ccache_p** ccache_ptr // < NC control structure
237	192	);

240	195	cc_open(
241	196	apiCB* cc_ctx, // > DLL's primary control structure
242	197	const char* name, // > name of pre-created cache
243		cc_int32 vers, // > ticket version (CC_CRED_V4 or CC_CRED_V5)
	198	cc_int32 vers, // > ticket version (CC_CRED_V5)
244	199	cc_uint32 cc_flags, // > options
245	200	ccache_p** ccache_ptr // < NC control structure
246	201	);

+1

-1

src/windows/version.rc less more

40	40	#define K5_PRODUCT_VERSION_STRING MAJOR_MINOR MAYBE_PATCH RELTAIL "\0"
41	41	#define K5_PRODUCT_VERSION KRB5_MAJOR_RELEASE, KRB5_MINOR_RELEASE, KRB5_PATCHLEVEL, KRB5_BUILDLEVEL
42	42
43		#define K5_COPYRIGHT "Copyright (C) 1997-2019 by the Massachusetts Institute of Technology\0"
	43	#define K5_COPYRIGHT "Copyright (C) 1997-2020 by the Massachusetts Institute of Technology\0"
44	44	#define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0"
45	45
46	46	/*