source: heimdal/trunk/lib/krb5/krb5_auth_context.cat3

Last change on this file was 1, checked in by Paul Smedley, 10 years ago

Initial commit of Heimdal 1.5.3
File size: 17.5 KB
Line 
1
2KRB5_AUTH_CONTEXT(3) BSD Library Functions Manual KRB5_AUTH_CONTEXT(3)
3
4NNAAMMEE
5 kkrrbb55__aauutthh__ccoonn__aaddddffllaaggss, kkrrbb55__aauutthh__ccoonn__ffrreeee, kkrrbb55__aauutthh__ccoonn__ggeennaaddddrrss,
6 kkrrbb55__aauutthh__ccoonn__ggeenneerraatteellooccaallssuubbkkeeyy, kkrrbb55__aauutthh__ccoonn__ggeettaaddddrrss,
7 kkrrbb55__aauutthh__ccoonn__ggeettaauutthheennttiiccaattoorr, kkrrbb55__aauutthh__ccoonn__ggeettffllaaggss,
8 kkrrbb55__aauutthh__ccoonn__ggeettkkeeyy, kkrrbb55__aauutthh__ccoonn__ggeettllooccaallssuubbkkeeyy,
9 kkrrbb55__aauutthh__ccoonn__ggeettrrccaacchhee, kkrrbb55__aauutthh__ccoonn__ggeettrreemmootteessuubbkkeeyy,
10 kkrrbb55__aauutthh__ccoonn__ggeettuusseerrkkeeyy, kkrrbb55__aauutthh__ccoonn__iinniitt, kkrrbb55__aauutthh__ccoonn__iinniittiivveeccttoorr,
11 kkrrbb55__aauutthh__ccoonn__rreemmoovveeffllaaggss, kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss,
12 kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss__ffrroomm__ffdd, kkrrbb55__aauutthh__ccoonn__sseettffllaaggss,
13 kkrrbb55__aauutthh__ccoonn__sseettiivveeccttoorr, kkrrbb55__aauutthh__ccoonn__sseettkkeeyy,
14 kkrrbb55__aauutthh__ccoonn__sseettllooccaallssuubbkkeeyy, kkrrbb55__aauutthh__ccoonn__sseettrrccaacchhee,
15 kkrrbb55__aauutthh__ccoonn__sseettrreemmootteessuubbkkeeyy, kkrrbb55__aauutthh__ccoonn__sseettuusseerrkkeeyy,
16 kkrrbb55__aauutthh__ccoonntteexxtt, kkrrbb55__aauutthh__ggeettcckkssuummttyyppee, kkrrbb55__aauutthh__ggeettkkeeyyttyyppee,
17 kkrrbb55__aauutthh__ggeettllooccaallsseeqqnnuummbbeerr, kkrrbb55__aauutthh__ggeettrreemmootteesseeqqnnuummbbeerr,
18 kkrrbb55__aauutthh__sseettcckkssuummttyyppee, kkrrbb55__aauutthh__sseettkkeeyyttyyppee,
19 kkrrbb55__aauutthh__sseettllooccaallsseeqqnnuummbbeerr, kkrrbb55__aauutthh__sseettrreemmootteesseeqqnnuummbbeerr,
20 kkrrbb55__ffrreeee__aauutthheennttiiccaattoorr -- manage authentication on connection level
21
22LLIIBBRRAARRYY
23 Kerberos 5 Library (libkrb5, -lkrb5)
24
25SSYYNNOOPPSSIISS
26 ##iinncclluuddee <<kkrrbb55..hh>>
27
28 _k_r_b_5___e_r_r_o_r___c_o_d_e
29 kkrrbb55__aauutthh__ccoonn__iinniitt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
30 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t);
31
32 _v_o_i_d
33 kkrrbb55__aauutthh__ccoonn__ffrreeee(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t);
34
35 _k_r_b_5___e_r_r_o_r___c_o_d_e
36 kkrrbb55__aauutthh__ccoonn__sseettffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
37 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _i_n_t_3_2___t _f_l_a_g_s);
38
39 _k_r_b_5___e_r_r_o_r___c_o_d_e
40 kkrrbb55__aauutthh__ccoonn__ggeettffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
41 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _i_n_t_3_2___t _*_f_l_a_g_s);
42
43 _k_r_b_5___e_r_r_o_r___c_o_d_e
44 kkrrbb55__aauutthh__ccoonn__aaddddffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
45 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _i_n_t_3_2___t _a_d_d_f_l_a_g_s, _i_n_t_3_2___t _*_f_l_a_g_s);
46
47 _k_r_b_5___e_r_r_o_r___c_o_d_e
48 kkrrbb55__aauutthh__ccoonn__rreemmoovveeffllaaggss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
49 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _i_n_t_3_2___t _r_e_m_o_v_e_l_a_g_s, _i_n_t_3_2___t _*_f_l_a_g_s);
50
51 _k_r_b_5___e_r_r_o_r___c_o_d_e
52 kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
53 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___a_d_d_r_e_s_s _*_l_o_c_a_l___a_d_d_r,
54 _k_r_b_5___a_d_d_r_e_s_s _*_r_e_m_o_t_e___a_d_d_r);
55
56 _k_r_b_5___e_r_r_o_r___c_o_d_e
57 kkrrbb55__aauutthh__ccoonn__ggeettaaddddrrss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
58 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___a_d_d_r_e_s_s _*_*_l_o_c_a_l___a_d_d_r,
59 _k_r_b_5___a_d_d_r_e_s_s _*_*_r_e_m_o_t_e___a_d_d_r);
60
61 _k_r_b_5___e_r_r_o_r___c_o_d_e
62 kkrrbb55__aauutthh__ccoonn__ggeennaaddddrrss(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
63 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _i_n_t _f_d, _i_n_t _f_l_a_g_s);
64
65 _k_r_b_5___e_r_r_o_r___c_o_d_e
66 kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss__ffrroomm__ffdd(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
67 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _v_o_i_d _*_p___f_d);
68
69 _k_r_b_5___e_r_r_o_r___c_o_d_e
70 kkrrbb55__aauutthh__ccoonn__ggeettkkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
71 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___k_e_y_b_l_o_c_k _*_*_k_e_y_b_l_o_c_k);
72
73 _k_r_b_5___e_r_r_o_r___c_o_d_e
74 kkrrbb55__aauutthh__ccoonn__ggeettllooccaallssuubbkkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
75 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___k_e_y_b_l_o_c_k _*_*_k_e_y_b_l_o_c_k);
76
77 _k_r_b_5___e_r_r_o_r___c_o_d_e
78 kkrrbb55__aauutthh__ccoonn__ggeettrreemmootteessuubbkkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
79 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___k_e_y_b_l_o_c_k _*_*_k_e_y_b_l_o_c_k);
80
81 _k_r_b_5___e_r_r_o_r___c_o_d_e
82 kkrrbb55__aauutthh__ccoonn__ggeenneerraatteellooccaallssuubbkkeeyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
83 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___k_e_y_b_l_o_c_k, _*_k_e_y_");
84
85 _k_r_b_5___e_r_r_o_r___c_o_d_e
86 kkrrbb55__aauutthh__ccoonn__iinniittiivveeccttoorr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
87 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _a_u_t_h___c_o_n_t_e_x_t);
88
89 _k_r_b_5___e_r_r_o_r___c_o_d_e
90 kkrrbb55__aauutthh__ccoonn__sseettiivveeccttoorr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
91 _k_r_b_5___a_u_t_h___c_o_n_t_e_x_t _*_a_u_t_h___c_o_n_t_e_x_t, _k_r_b_5___p_o_i_n_t_e_r _i_v_e_c_t_o_r);
92
93 _v_o_i_d
94 kkrrbb55__ffrreeee__aauutthheennttiiccaattoorr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
95 _k_r_b_5___a_u_t_h_e_n_t_i_c_a_t_o_r _*_a_u_t_h_e_n_t_i_c_a_t_o_r);
96
97DDEESSCCRRIIPPTTIIOONN
98 The kkrrbb55__aauutthh__ccoonntteexxtt structure holds all context related to an authenti-
99 cated connection, in a similar way to kkrrbb55__ccoonntteexxtt that holds the context
100 for the thread or process. kkrrbb55__aauutthh__ccoonntteexxtt is used by various func-
101 tions that are directly related to authentication between the
102 server/client. Example of data that this structure contains are various
103 flags, addresses of client and server, port numbers, keyblocks (and sub-
104 keys), sequence numbers, replay cache, and checksum-type.
105
106 kkrrbb55__aauutthh__ccoonn__iinniitt() allocates and initializes the kkrrbb55__aauutthh__ccoonntteexxtt
107 structure. Default values can be changed with
108 kkrrbb55__aauutthh__ccoonn__sseettcckkssuummttyyppee() and kkrrbb55__aauutthh__ccoonn__sseettffllaaggss(). The
109 aauutthh__ccoonntteexxtt structure must be freed by kkrrbb55__aauutthh__ccoonn__ffrreeee().
110
111 kkrrbb55__aauutthh__ccoonn__ggeettffllaaggss(), kkrrbb55__aauutthh__ccoonn__sseettffllaaggss(),
112 kkrrbb55__aauutthh__ccoonn__aaddddffllaaggss() and kkrrbb55__aauutthh__ccoonn__rreemmoovveeffllaaggss() gets and modi-
113 fies the flags for a kkrrbb55__aauutthh__ccoonntteexxtt structure. Possible flags to set
114 are:
115
116 KRB5_AUTH_CONTEXT_DO_SEQUENCE
117 Generate and check sequence-number on each packet.
118
119 KRB5_AUTH_CONTEXT_DO_TIME
120 Check timestamp on incoming packets.
121
122 KRB5_AUTH_CONTEXT_RET_SEQUENCE, KRB5_AUTH_CONTEXT_RET_TIME
123 Return sequence numbers and time stamps in the outdata parame-
124 ters.
125
126 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
127 will force kkrrbb55__ggeett__ffoorrwwaarrddeedd__ccrreeddss() and kkrrbb55__ffwwdd__ttggtt__ccrreeddss() to
128 create unencrypted ) ENCTYPE_NULL) credentials. This is for use
129 with old MIT server and JAVA based servers as they can't handle
130 encrypted KRB-CRED. Note that sending such KRB-CRED is clear
131 exposes crypto keys and tickets and is insecure, make sure the
132 packet is encrypted in the protocol. krb5_rd_cred(3),
133 krb5_rd_priv(3), krb5_rd_safe(3), krb5_mk_priv(3) and
134 krb5_mk_safe(3). Setting this flag requires that parameter to be
135 passed to these functions.
136
137 The flags KRB5_AUTH_CONTEXT_DO_TIME also modifies the behavior
138 the function kkrrbb55__ggeett__ffoorrwwaarrddeedd__ccrreeddss() by removing the timestamp
139 in the forward credential message, this have backward compatibil-
140 ity problems since not all versions of the heimdal supports time-
141 less credentional messages. Is very useful since it always the
142 sender of the message to cache forward message and thus avoiding
143 a round trip to the KDC for each time a credential is forwarded.
144 The same functionality can be obtained by using address-less
145 tickets.
146
147 kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss(), kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss__ffrroomm__ffdd() and
148 kkrrbb55__aauutthh__ccoonn__ggeettaaddddrrss() gets and sets the addresses that are checked
149 when a packet is received. It is mandatory to set an address for the
150 remote host. If the local address is not set, it iss deduced from the
151 underlaying operating system. kkrrbb55__aauutthh__ccoonn__ggeettaaddddrrss() will call
152 kkrrbb55__ffrreeee__aaddddrreessss() on any address that is passed in _l_o_c_a_l___a_d_d_r or
153 _r_e_m_o_t_e___a_d_d_r. kkrrbb55__aauutthh__ccoonn__sseettaaddddrr() allows passing in a NULL pointer as
154 _l_o_c_a_l___a_d_d_r and _r_e_m_o_t_e___a_d_d_r, in that case it will just not set that
155 address.
156
157 kkrrbb55__aauutthh__ccoonn__sseettaaddddrrss__ffrroomm__ffdd() fetches the addresses from a file
158 descriptor.
159
160 kkrrbb55__aauutthh__ccoonn__ggeennaaddddrrss() fetches the address information from the given
161 file descriptor _f_d depending on the bitmap argument _f_l_a_g_s.
162
163 Possible values on _f_l_a_g_s are:
164
165 _K_R_B_5___A_U_T_H___C_O_N_T_E_X_T___G_E_N_E_R_A_T_E___L_O_C_A_L___A_D_D_R
166 fetches the local address from _f_d.
167
168 _K_R_B_5___A_U_T_H___C_O_N_T_E_X_T___G_E_N_E_R_A_T_E___R_E_M_O_T_E___A_D_D_R
169 fetches the remote address from _f_d.
170
171 kkrrbb55__aauutthh__ccoonn__sseettkkeeyy(), kkrrbb55__aauutthh__ccoonn__sseettuusseerrkkeeyy() and
172 kkrrbb55__aauutthh__ccoonn__ggeettkkeeyy() gets and sets the key used for this auth context.
173 The keyblock returned by kkrrbb55__aauutthh__ccoonn__ggeettkkeeyy() should be freed with
174 kkrrbb55__ffrreeee__kkeeyybblloocckk(). The keyblock send into kkrrbb55__aauutthh__ccoonn__sseettkkeeyy() is
175 copied into the kkrrbb55__aauutthh__ccoonntteexxtt, and thus no special handling is
176 needed. NULL is not a valid keyblock to kkrrbb55__aauutthh__ccoonn__sseettkkeeyy().
177
178 kkrrbb55__aauutthh__ccoonn__sseettuusseerrkkeeyy() is only useful when doing user to user authen-
179 tication. kkrrbb55__aauutthh__ccoonn__sseettkkeeyy() is equivalent to
180 kkrrbb55__aauutthh__ccoonn__sseettuusseerrkkeeyy().
181
182 kkrrbb55__aauutthh__ccoonn__ggeettllooccaallssuubbkkeeyy(), kkrrbb55__aauutthh__ccoonn__sseettllooccaallssuubbkkeeyy(),
183 kkrrbb55__aauutthh__ccoonn__ggeettrreemmootteessuubbkkeeyy() and kkrrbb55__aauutthh__ccoonn__sseettrreemmootteessuubbkkeeyy() gets
184 and sets the keyblock for the local and remote subkey. The keyblock
185 returned by kkrrbb55__aauutthh__ccoonn__ggeettllooccaallssuubbkkeeyy() and
186 kkrrbb55__aauutthh__ccoonn__ggeettrreemmootteessuubbkkeeyy() must be freed with kkrrbb55__ffrreeee__kkeeyybblloocckk().
187
188 kkrrbb55__aauutthh__sseettcckkssuummttyyppee() and kkrrbb55__aauutthh__ggeettcckkssuummttyyppee() sets and gets the
189 checksum type that should be used for this connection.
190
191 kkrrbb55__aauutthh__ccoonn__ggeenneerraatteellooccaallssuubbkkeeyy() generates a local subkey that have
192 the same encryption type as _k_e_y.
193
194 kkrrbb55__aauutthh__ggeettrreemmootteesseeqqnnuummbbeerr() kkrrbb55__aauutthh__sseettrreemmootteesseeqqnnuummbbeerr(),
195 kkrrbb55__aauutthh__ggeettllooccaallsseeqqnnuummbbeerr() and kkrrbb55__aauutthh__sseettllooccaallsseeqqnnuummbbeerr() gets and
196 sets the sequence-number for the local and remote sequence-number
197 counter.
198
199 kkrrbb55__aauutthh__sseettkkeeyyttyyppee() and kkrrbb55__aauutthh__ggeettkkeeyyttyyppee() gets and gets the key-
200 type of the keyblock in kkrrbb55__aauutthh__ccoonntteexxtt.
201
202 kkrrbb55__aauutthh__ccoonn__ggeettaauutthheennttiiccaattoorr() Retrieves the authenticator that was
203 used during mutual authentication. The authenticator returned should be
204 freed by calling kkrrbb55__ffrreeee__aauutthheennttiiccaattoorr().
205
206 kkrrbb55__aauutthh__ccoonn__ggeettrrccaacchhee() and kkrrbb55__aauutthh__ccoonn__sseettrrccaacchhee() gets and sets the
207 replay-cache.
208
209 kkrrbb55__aauutthh__ccoonn__iinniittiivveeccttoorr() allocates memory for and zeros the initial
210 vector in the _a_u_t_h___c_o_n_t_e_x_t keyblock.
211
212 kkrrbb55__aauutthh__ccoonn__sseettiivveeccttoorr() sets the i_vector portion of _a_u_t_h___c_o_n_t_e_x_t to
213 _i_v_e_c_t_o_r.
214
215 kkrrbb55__ffrreeee__aauutthheennttiiccaattoorr() free the content of _a_u_t_h_e_n_t_i_c_a_t_o_r and
216 _a_u_t_h_e_n_t_i_c_a_t_o_r itself.
217
218SSEEEE AALLSSOO
219 krb5_context(3), kerberos(8)
220
221HEIMDAL May 17, 2005 HEIMDAL
Note: See TracBrowser for help on using the repository browser.