OpenBSD manual page server

Manual Page Search Parameters
Heimdal Kerberos 5 credential cache functions(3) HeimdalKerberos5library Heimdal Kerberos 5 credential cache functions(3)

Heimdal Kerberos 5 credential cache functions -


KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context context, const krb5_cc_ops *ops, krb5_boolean override)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context context, const char *type, const char *hint, krb5_ccache *id)
KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL krb5_cc_get_type (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char **str)
KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL krb5_cc_get_ops (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context context, const char *type)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context context, const char *name)
KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL krb5_cc_default_name (krb5_context context)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context context, krb5_ccache *id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds *creds)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds *mcreds, krb5_creds *creds)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal *principal)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags *flags)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*match)(krb5_context, void *, const krb5_creds *), void *matchctx, unsigned int *matched)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context context, const krb5_ccache id)
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds *mcred)
KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context context, const char *prefix)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache *id)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context context, krb5_const_principal principal)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor *cursor)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context context, const char *type, krb5_timestamp *mtime)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char **name)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char *name)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t *t)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat *offset)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) KRB5_DEPRECATED_FUNCTION('Use X instead')
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *service)


KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops

Destroy the cursor `cursor'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Start iterating over all caches of specified type. See also krb5_cccol_cursor_new().

Parameters:

context A Kerberos 5 context
type optional type to iterate over, if NULL, the default cache is used.
cursor cursor should be freed with krb5_cc_cache_end_seq_get().

Returns:

Return an error code or 0, see krb5_get_error_message().

Search for a matching credential cache that have the `principal' as the default principal. On success, `id' needs to be freed with krb5_cc_close() or krb5_cc_destroy().

Parameters:

context A Kerberos 5 context
client The principal to search for
id the returned credential cache

Returns:

On failure, error code is returned and `id' is set to NULL.

Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'.

Parameters:

context A Kerberos 5 context
cursor the iterator cursor, returned by krb5_cc_cache_get_first()
id next ccache

Returns:

Return 0 or an error code. Returns KRB5_CC_END when the end of caches is reached, see krb5_get_error_message().

Clear `mcreds' so it can be used with krb5_cc_retrieve_cred

Stop using the ccache `id' and free the related resources.

Returns:

Return an error code or 0, see krb5_get_error_message().

Just like krb5_cc_copy_match_f(), but copy everything.

@

MIT compat glue

Copy the contents of `from' to `to' if the given match function return true.

Parameters:

context A Kerberos 5 context.
from the cache to copy data from.
to the cache to copy data to.
match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied.
matchctx context passed to match function.
matched set to true if there was a credential that matched, may be NULL.

Returns:

Return an error code or 0, see krb5_get_error_message().

Open the default ccache in `id'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Return a pointer to a context static string containing the default ccache name.

Returns:

String to the default credential cache name.

Remove the ccache `id'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Destroy the cursor `cursor'.

Generate a new ccache of type `ops' in `id'.

Deprecated: use krb5_cc_new_unique() instead.

Returns:

Return an error code or 0, see krb5_get_error_message().

Get some configuration for the credential cache in the cache.

Parameters:

context a Keberos context
id the credential cache to store the data for
principal configuration for a specific principal, if NULL, global for the whole cache.
name name under which the configuraion is stored.
data data to fetched, free with krb5_data_free()

Get the flags of `id', store them in `flags'.

Return a friendly name on credential cache. Free the result with krb5_xfree().

Returns:

Return an error code or 0, see krb5_get_error_message().

Return the complete resolvable name the cache

Parameters:

context a Keberos context
id return pointer to a found credential cache
str the returned name of a credential cache, free with krb5_xfree()

Returns:

Returns 0 or an error (and then *str is set to NULL).

Get the time offset betwen the client and the KDC

If the backend doesn't support KDC offset, use the context global setting.

Parameters:

context A Kerberos 5 context.
id a credential cache
offset the offset in seconds

Returns:

Return an error code or 0, see krb5_get_error_message().

Get the lifetime of the initial ticket in the cache

Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned.

Parameters:

context A Kerberos 5 context.
id a credential cache
t the relative lifetime of the initial ticket

Returns:

Return an error code or 0, see krb5_get_error_message().

Return the name of the ccache `id'

Return krb5_cc_ops of a the ccache `id'.

Get the cc ops that is registered in `context' to handle the prefix. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one. If prefix the argument is NULL, the default ccache implemtation is returned.

Returns:

Returns NULL if ops not found.

Return the principal of `id' in `principal'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Return the type of the ccache `id'.

Return the version of `id'.

Create a new ccache in `id' for `primary_principal'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Return the last time the credential cache was modified.

Parameters:

context A Kerberos 5 context
id The credential cache to probe
mtime the last modification time, set to 0 on error.

Returns:

Return 0 or and error. See krb5_get_error_message().

Move the content from one credential cache to another. The operation is an atomic switch.

Parameters:

context a Keberos context
from the credential cache to move the content from
to the credential cache to move the content to

Returns:

On sucess, from is freed. On failure, error code is returned and from and to are both still allocated, see krb5_get_error_message().

Generates a new unique ccache of `type` in `id'. If `type' is NULL, the library chooses the default credential cache type. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials.

Returns:

Return an error code or 0, see krb5_get_error_message().

Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Add a new ccache type with operations `ops', overwriting any existing one if `override'.

Parameters:

context a Keberos context
ops type of plugin symbol
override flag to select if the registration is to overide an existing ops with the same name.

Returns:

Return an error code or 0, see krb5_get_error_message().

Remove the credential identified by `cred', `which' from `id'.

Find and allocate a ccache in `id' from the specification in `residual'. If the ccache name doesn't contain any colon, interpret it as a file name.

Parameters:

context a Keberos context.
name string name of a credential cache.
id return pointer to a found credential cache.

Returns:

Return 0 or an error code. In case of an error, id is set to NULL, see krb5_get_error_message().

Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'. 'creds' must be free by the caller using krb5_free_cred_contents.

Parameters:

context A Kerberos 5 context
id a Kerberos 5 credential cache
whichfields what fields to use for matching credentials, same flags as whichfields in krb5_compare_creds()
mcreds template credential to use for comparing
creds returned credential, free with krb5_free_cred_contents()

Returns:

Return an error code or 0, see krb5_get_error_message().

Store some configuration for the credential cache in the cache. Existing configuration under the same name is over-written.

Parameters:

context a Keberos context
id the credential cache to store the data for
principal configuration for a specific principal, if NULL, global for the whole cache.
name name under which the configuraion is stored.
data data to store, if NULL, configure is removed.

Set the default cc name for `context' to `name'.

Set the flags of `id' to `flags'.

Set the friendly name on credential cache.

Returns:

Return an error code or 0, see krb5_get_error_message().

Set the time offset betwen the client and the KDC

If the backend doesn't support KDC offset, use the context global setting.

Parameters:

context A Kerberos 5 context.
id a credential cache
offset the offset in seconds

Returns:

Return an error code or 0, see krb5_get_error_message().

Start iterating over `id', `cursor' is initialized to the beginning. Caller must free the cursor with krb5_cc_end_seq_get().

Returns:

Return an error code or 0, see krb5_get_error_message().

Store `creds' in the ccache `id'.

Returns:

Return an error code or 0, see krb5_get_error_message().

Return true if the default credential cache support switch

Switch the default default credential cache for a specific credcache type (and name for some implementations).

Returns:

Return an error code or 0, see krb5_get_error_message().

End an iteration and free all resources, can be done before end is reached.

Parameters:

context A Kerberos 5 context
cursor the iteration cursor to be freed.

Returns:

Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().

Get a new cache interation cursor that will interate over all credentials caches independent of type.

Parameters:

context a Keberos context
cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free().

Returns:

Returns 0 or and error code, see krb5_get_error_message().

Get next credential cache from the iteration.

Parameters:

context A Kerberos 5 context
cursor the iteration cursor
cache the returned cursor, pointer is set to NULL on failure and a cache on success. The returned cache needs to be freed with krb5_cc_close() or destroyed with krb5_cc_destroy(). MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0.

Returns:

Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().

Return the last modfication time for a cache collection. The query can be limited to a specific cache type. If the function return 0 and mtime is 0, there was no credentials in the caches.

Parameters:

context A Kerberos 5 context
type The credential cache to probe, if NULL, all type are traversed.
mtime the last modification time, set to 0 on error.

Returns:

Return 0 or and error. See krb5_get_error_message().

Validate the newly fetch credential, see also krb5_verify_init_creds().

Parameters:

context a Kerberos 5 context
creds the credentials to verify
client the client name to match up
ccache the credential cache to use
service a service name to use, used with krb5_sname_to_principal() to build a hostname to use to verify.

Return TRUE (non zero) if the principal is a configuration principal (generated part of krb5_cc_set_config()). Returns FALSE (zero) if not a configuration principal.

Parameters:

context a Keberos context
principal principal to check if it a configuration principal

KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops

Initial value:



 {


    KRB5_CC_OPS_VERSION,


    'API',


    acc_get_name,


    acc_resolve,


    acc_gen_new,


    acc_initialize,


    acc_destroy,


    acc_close,


    acc_store_cred,


    NULL, 


    acc_get_principal,


    acc_get_first,


    acc_get_next,


    acc_end_get,


    acc_remove_cred,


    acc_set_flags,


    acc_get_version,


    acc_get_cache_first,


    acc_get_cache_next,


    acc_end_cache_get,


    acc_move,


    acc_get_default_name,


    acc_set_default,


    acc_lastchange,


    NULL,


    NULL,
}
Variable containing the API based credential cache implemention.

KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops

Initial value:



 {


    KRB5_CC_OPS_VERSION,


    'FILE',


    fcc_get_name,


    fcc_resolve,


    fcc_gen_new,


    fcc_initialize,


    fcc_destroy,


    fcc_close,


    fcc_store_cred,


    NULL, 


    fcc_get_principal,


    fcc_get_first,


    fcc_get_next,


    fcc_end_get,


    fcc_remove_cred,


    fcc_set_flags,


    fcc_get_version,


    fcc_get_cache_first,


    fcc_get_cache_next,


    fcc_end_cache_get,


    fcc_move,


    fcc_get_default_name,


    NULL,


    fcc_lastchange,


    fcc_set_kdc_offset,


    fcc_get_kdc_offset
}
Variable containing the FILE based credential cache implemention.

KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops

Initial value:



 {


    KRB5_CC_OPS_VERSION,


    'MEMORY',


    mcc_get_name,


    mcc_resolve,


    mcc_gen_new,


    mcc_initialize,


    mcc_destroy,


    mcc_close,


    mcc_store_cred,


    NULL, 


    mcc_get_principal,


    mcc_get_first,


    mcc_get_next,


    mcc_end_get,


    mcc_remove_cred,


    mcc_set_flags,


    NULL,


    mcc_get_cache_first,


    mcc_get_cache_next,


    mcc_end_cache_get,


    mcc_move,


    mcc_default_name,


    NULL,


    mcc_lastchange,


    mcc_set_kdc_offset,


    mcc_get_kdc_offset
}
Variable containing the MEMORY based credential cache implemention.
11 Jan 2012 Version 1.5.2