summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjorn Sandell <biorn@cvs.openbsd.org>2004-05-19 14:20:31 +0000
committerBjorn Sandell <biorn@cvs.openbsd.org>2004-05-19 14:20:31 +0000
commit8c69b6bafacdeed4ca1909535360f09009a7516d (patch)
tree916dfb98ee2397460498ecd6023ff3b3f106e081
parent0b35f47cf65d7b406876b7c09ef716f0de3fc5ee (diff)
Fix cross-realm trust vulnerability. Adapted from FreeBSD patch.
ok beck@ hin@
-rw-r--r--kerberosV/src/kdc/config.c22
-rw-r--r--kerberosV/src/kdc/kdc.823
-rw-r--r--kerberosV/src/kdc/kdc_locl.h4
-rw-r--r--kerberosV/src/kdc/kerberos5.c570
-rw-r--r--kerberosV/src/lib/krb5/krb5-protos.h4075
-rw-r--r--kerberosV/src/lib/krb5/rd_req.c83
-rw-r--r--kerberosV/src/lib/krb5/transited.c49
7 files changed, 2731 insertions, 2095 deletions
diff --git a/kerberosV/src/kdc/config.c b/kerberosV/src/kdc/config.c
index 20b2870c161..0e17b6e249d 100644
--- a/kerberosV/src/kdc/config.c
+++ b/kerberosV/src/kdc/config.c
@@ -64,6 +64,8 @@ krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
krb5_boolean check_ticket_addresses;
krb5_boolean allow_null_ticket_addresses;
krb5_boolean allow_anonymous;
+int trpolicy;
+static const char *trpolicy_str;
static struct getarg_strings addresses_str; /* addresses to listen on */
krb5_addresses explicit_addresses;
@@ -293,9 +295,8 @@ configure(int argc, char **argv)
get_dbinfo();
- if(max_request_str){
+ if(max_request_str)
max_request = parse_bytes(max_request_str, NULL);
- }
if(max_request == 0){
p = krb5_config_get_string (context,
@@ -366,6 +367,23 @@ configure(int argc, char **argv)
allow_anonymous =
krb5_config_get_bool(context, NULL, "kdc",
"allow-anonymous", NULL);
+ trpolicy_str =
+ krb5_config_get_string_default(context, NULL, "always-check", "kdc",
+ "transited-policy", NULL);
+ if(strcasecmp(trpolicy_str, "always-check") == 0)
+ trpolicy = TRPOLICY_ALWAYS_CHECK;
+ else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0)
+ trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
+ else if(strcasecmp(trpolicy_str, "always-honour-request") == 0)
+ trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
+ else {
+ kdc_log(0, "unknown transited-policy: %s, reverting to always-check",
+ trpolicy_str);
+ trpolicy = TRPOLICY_ALWAYS_CHECK;
+ }
+
+ krb5_config_get_bool_default(context, NULL, TRUE, "kdc",
+ "enforce-transited-policy", NULL);
#ifdef KRB4
if(v4_realm == NULL){
p = krb5_config_get_string (context, NULL,
diff --git a/kerberosV/src/kdc/kdc.8 b/kerberosV/src/kdc/kdc.8
index 97b9ba5eae2..d7b9195063d 100644
--- a/kerberosV/src/kdc/kdc.8
+++ b/kerberosV/src/kdc/kdc.8
@@ -31,7 +31,7 @@
.\"
.\" $KTH: kdc.8,v 1.23 2003/04/06 17:48:40 lha Exp $
.\"
-.Dd August 22, 2002
+.Dd October 22, 2003
.Dt KDC 8
.Os HEIMDAL
.Sh NAME
@@ -193,6 +193,27 @@ Permit tickets with no addresses.
This option is only relevant when check-ticket-addresses is TRUE.
.It Li allow-anonymous = Va boolean
Permit anonymous tickets with no addresses.
+.It Li transited-policy = Xo
+.Li always-check \*(Ba
+.Li allow-per-principal |
+.Li always-honour-request
+.Xc
+This controls how KDC requests with the
+.Li disable-transited-check
+flag are handled. It can be one of:
+.Bl -tag -width "xxx" -offset indent
+.It Li always-check
+Always check transited encoding, this is the default.
+.It Li allow-per-principal
+Currently this is identical to
+.Li always-check .
+In a future release, it will be possible to mark a principal as able
+to handle unchecked requests.
+.It Li always-honour-request
+Always do what the client asked.
+In a future release, it will be possible to force a check per
+principal.
+.El
.It encode_as_rep_as_tgs_rep = Va boolean
Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.
The Heimdal clients allow both.
diff --git a/kerberosV/src/kdc/kdc_locl.h b/kerberosV/src/kdc/kdc_locl.h
index f1d4b7ad5ae..29b5ae16702 100644
--- a/kerberosV/src/kdc/kdc_locl.h
+++ b/kerberosV/src/kdc/kdc_locl.h
@@ -62,6 +62,10 @@ extern krb5_boolean encode_as_rep_as_tgs_rep;
extern krb5_boolean check_ticket_addresses;
extern krb5_boolean allow_null_ticket_addresses;
extern krb5_boolean allow_anonymous;
+enum { TRPOLICY_ALWAYS_CHECK,
+ TRPOLICY_ALLOW_PER_PRINCIPAL,
+ TRPOLICY_ALWAYS_HONOUR_REQUEST };
+extern int trpolicy;
extern int enable_524;
extern int enable_v4_cross_realm;
diff --git a/kerberosV/src/kdc/kerberos5.c b/kerberosV/src/kdc/kerberos5.c
index 5613d7b5f83..36bcdadbc52 100644
--- a/kerberosV/src/kdc/kerberos5.c
+++ b/kerberosV/src/kdc/kerberos5.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$KTH: kerberos5.c,v 1.123 2001/01/30 01:44:08 assar Exp $");
+RCSID("$KTH: kerberos5.c,v 1.145 2003/04/15 11:07:39 lha Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@@ -78,7 +78,7 @@ find_padata(KDC_REQ *req, int *start, int type)
*/
static krb5_error_code
-find_etype(hdb_entry *princ, unsigned *etypes, unsigned len,
+find_etype(hdb_entry *princ, krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype)
{
int i;
@@ -109,7 +109,7 @@ find_keys(hdb_entry *client,
krb5_enctype *cetype,
Key **skey,
krb5_enctype *setype,
- int *etypes,
+ krb5_enctype *etypes,
unsigned num_etypes)
{
krb5_error_code ret;
@@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_enctype etype,
int skvno, EncryptionKey *skey,
int ckvno, EncryptionKey *ckey,
+ const char **e_text,
krb5_data *reply)
{
- unsigned char buf[8192]; /* XXX The data could be indefinite */
+ unsigned char *buf;
+ size_t buf_size;
size_t len;
krb5_error_code ret;
krb5_crypto crypto;
- ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len);
+ ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
if(ret) {
kdc_log(0, "Failed to encode ticket: %s",
krb5_get_err_text(context, ret));
return ret;
}
-
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
+ free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
return ret;
}
- krb5_encrypt_EncryptedData(context,
- crypto,
- KRB5_KU_TICKET,
- buf + sizeof(buf) - len,
- len,
- skvno,
- &rep->ticket.enc_part);
-
+ ret = krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_TICKET,
+ buf,
+ len,
+ skvno,
+ &rep->ticket.enc_part);
+ free(buf);
krb5_crypto_destroy(context, crypto);
+ if(ret) {
+ kdc_log(0, "Failed to encrypt data: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep)
- ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf),
- ek, &len);
+ ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
else
- ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf),
- ek, &len);
+ ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
if(ret) {
kdc_log(0, "Failed to encode KDC-REP: %s",
krb5_get_err_text(context, ret));
return ret;
}
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
ret = krb5_crypto_init(context, ckey, 0, &crypto);
if (ret) {
+ free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
return ret;
@@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_AS_REP_ENC_PART,
- buf + sizeof(buf) - len,
+ buf,
len,
ckvno,
&rep->enc_part);
- ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
+ free(buf);
+ ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
} else {
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TGS_REP_ENC_PART_SESSION,
- buf + sizeof(buf) - len,
+ buf,
len,
ckvno,
&rep->enc_part);
- ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
+ free(buf);
+ ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
}
krb5_crypto_destroy(context, crypto);
if(ret) {
@@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_get_err_text(context, ret));
return ret;
}
- krb5_data_copy(reply, buf + sizeof(buf) - len, len);
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
+ reply->data = buf;
+ reply->length = buf_size;
return 0;
}
@@ -247,66 +274,98 @@ realloc_method_data(METHOD_DATA *md)
}
static krb5_error_code
-get_pa_etype_info(METHOD_DATA *md, hdb_entry *client)
+make_etype_info_entry(ETYPE_INFO_ENTRY *ent, Key *key)
+{
+ ent->etype = key->key.keytype;
+ if(key->salt){
+ ALLOC(ent->salttype);
+#if 0
+ if(key->salt->type == hdb_pw_salt)
+ *ent->salttype = 0; /* or 1? or NULL? */
+ else if(key->salt->type == hdb_afs3_salt)
+ *ent->salttype = 2;
+ else {
+ kdc_log(0, "unknown salt-type: %d",
+ key->salt->type);
+ return KRB5KRB_ERR_GENERIC;
+ }
+ /* according to `the specs', we can't send a salt if
+ we have AFS3 salted key, but that requires that you
+ *know* what cell you are using (e.g by assuming
+ that the cell is the same as the realm in lower
+ case) */
+#else
+ *ent->salttype = key->salt->type;
+#endif
+ krb5_copy_data(context, &key->salt->salt,
+ &ent->salt);
+ } else {
+ /* we return no salt type at all, as that should indicate
+ * the default salt type and make everybody happy. some
+ * systems (like w2k) dislike being told the salt type
+ * here. */
+
+ ent->salttype = NULL;
+ ent->salt = NULL;
+ }
+ return 0;
+}
+
+static krb5_error_code
+get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
+ ENCTYPE *etypes, unsigned int etypes_len)
{
krb5_error_code ret = 0;
- int i;
+ int i, j;
+ unsigned int n = 0;
ETYPE_INFO pa;
unsigned char *buf;
size_t len;
pa.len = client->keys.len;
+ if(pa.len > UINT_MAX/sizeof(*pa.val))
+ return ERANGE;
pa.val = malloc(pa.len * sizeof(*pa.val));
if(pa.val == NULL)
return ENOMEM;
+
+ for(j = 0; j < etypes_len; j++) {
+ for(i = 0; i < client->keys.len; i++) {
+ if(client->keys.val[i].key.keytype == etypes[j])
+ if((ret = make_etype_info_entry(&pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO(&pa);
+ return ret;
+ }
+ }
+ }
for(i = 0; i < client->keys.len; i++) {
- pa.val[i].etype = client->keys.val[i].key.keytype;
- if(client->keys.val[i].salt){
- ALLOC(pa.val[i].salttype);
-#if 0
- if(client->keys.val[i].salt->type == hdb_pw_salt)
- *pa.val[i].salttype = 0; /* or 1? or NULL? */
- else if(client->keys.val[i].salt->type == hdb_afs3_salt)
- *pa.val[i].salttype = 2;
- else {
- free_ETYPE_INFO(&pa);
- kdc_log(0, "unknown salt-type: %d",
- client->keys.val[i].salt->type);
- return KRB5KRB_ERR_GENERIC;
- }
- /* according to `the specs', we can't send a salt if
- we have AFS3 salted key, but that requires that you
- *know* what cell you are using (e.g by assuming
- that the cell is the same as the realm in lower
- case) */
-#else
- *pa.val[i].salttype = client->keys.val[i].salt->type;
-#endif
- krb5_copy_data(context, &client->keys.val[i].salt->salt,
- &pa.val[i].salt);
- } else {
- /* we return no salt type at all, as that should indicate
- * the default salt type and make everybody happy. some
- * systems (like w2k) dislike being told the salt type
- * here. */
-
- pa.val[i].salttype = NULL;
- pa.val[i].salt = NULL;
+ for(j = 0; j < etypes_len; j++) {
+ if(client->keys.val[i].key.keytype == etypes[j])
+ goto skip;
}
+ if((ret = make_etype_info_entry(&pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO(&pa);
+ return ret;
+ }
+ skip:;
}
- len = length_ETYPE_INFO(&pa);
- buf = malloc(len);
- if (buf == NULL) {
- free_ETYPE_INFO(&pa);
- return ENOMEM;
+
+ if(n != pa.len) {
+ char *name;
+ krb5_unparse_name(context, client->principal, &name);
+ kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d",
+ name, n, pa.len);
+ free(name);
+ pa.len = n;
}
- ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len);
+
+ ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
free_ETYPE_INFO(&pa);
- if(ret) {
- free(buf);
+ if(ret)
return ret;
- }
ret = realloc_method_data(md);
if(ret) {
free(buf);
@@ -415,7 +474,7 @@ check_addresses(HostAddresses *addresses, const struct sockaddr *from)
if(addresses == NULL)
return allow_null_ticket_addresses;
- ret = krb5_sockaddr2address (from, &addr);
+ ret = krb5_sockaddr2address (context, from, &addr);
if(ret)
return FALSE;
@@ -437,8 +496,8 @@ as_rep(KDC_REQ *req,
krb5_enctype cetype, setype;
EncTicketPart et;
EncKDCRepPart ek;
- krb5_principal client_princ, server_princ;
- char *client_name, *server_name;
+ krb5_principal client_princ = NULL, server_princ = NULL;
+ char *client_name = NULL, *server_name = NULL;
krb5_error_code ret = 0;
const char *e_text = NULL;
krb5_crypto crypto;
@@ -447,27 +506,30 @@ as_rep(KDC_REQ *req,
memset(&rep, 0, sizeof(rep));
if(b->sname == NULL){
- server_name = "<unknown server>";
ret = KRB5KRB_ERR_GENERIC;
e_text = "No server in request";
} else{
principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
krb5_unparse_name(context, server_princ, &server_name);
}
+ if (ret) {
+ kdc_log(0, "AS-REQ malformed server name from %s", from);
+ goto out;
+ }
if(b->cname == NULL){
- client_name = "<unknown client>";
ret = KRB5KRB_ERR_GENERIC;
e_text = "No client in request";
} else {
principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
krb5_unparse_name(context, client_princ, &client_name);
}
- kdc_log(0, "AS-REQ %s from %s for %s",
- client_name, from, server_name);
-
- if(ret)
+ if (ret) {
+ kdc_log(0, "AS-REQ malformed client name from %s", from);
goto out;
+ }
+
+ kdc_log(0, "AS-REQ %s from %s for %s", client_name, from, server_name);
ret = db_fetch(client_princ, &client);
if(ret){
@@ -536,7 +598,8 @@ as_rep(KDC_REQ *req,
free_EncryptedData(&enc_data);
continue;
}
-
+
+ try_next_key:
ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
if (ret) {
kdc_log(0, "krb5_crypto_init failed: %s",
@@ -551,14 +614,18 @@ as_rep(KDC_REQ *req,
&enc_data,
&ts_data);
krb5_crypto_destroy(context, crypto);
- free_EncryptedData(&enc_data);
if(ret){
+ if(hdb_next_enctype2key(context, client,
+ enc_data.etype, &pa_key) == 0)
+ goto try_next_key;
+ free_EncryptedData(&enc_data);
e_text = "Failed to decrypt PA-DATA";
kdc_log (5, "Failed to decrypt PA-DATA -- %s",
client_name);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
continue;
}
+ free_EncryptedData(&enc_data);
ret = decode_PA_ENC_TS_ENC(ts_data.data,
ts_data.length,
&p,
@@ -601,7 +668,7 @@ as_rep(KDC_REQ *req,
size_t len;
krb5_data foo_data;
- use_pa:
+ use_pa:
method_data.len = 0;
method_data.val = NULL;
@@ -611,17 +678,13 @@ as_rep(KDC_REQ *req,
pa->padata_value.length = 0;
pa->padata_value.data = NULL;
- ret = get_pa_etype_info(&method_data, client); /* XXX check ret */
+ ret = get_pa_etype_info(&method_data, client,
+ b->etype.val, b->etype.len); /* XXX check ret */
- len = length_METHOD_DATA(&method_data);
- buf = malloc(len);
- encode_METHOD_DATA(buf + len - 1,
- len,
- &method_data,
- &len);
+ ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
free_METHOD_DATA(&method_data);
- foo_data.length = len;
foo_data.data = buf;
+ foo_data.length = len;
ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
krb5_mk_error(context,
@@ -630,7 +693,8 @@ as_rep(KDC_REQ *req,
&foo_data,
client_princ,
server_princ,
- 0,
+ NULL,
+ NULL,
reply);
free(buf);
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
@@ -655,9 +719,10 @@ as_rep(KDC_REQ *req,
if (ret == 0) {
kdc_log(5, "Using %s/%s", cet, set);
free(set);
- } else
+ }
free(cet);
- } else
+ }
+ if (ret != 0)
kdc_log(5, "Using e-types %d/%d", cetype, setype);
}
@@ -780,13 +845,8 @@ as_rep(KDC_REQ *req,
copy_HostAddresses(b->addresses, et.caddr);
}
- {
- krb5_data empty_string;
-
- krb5_data_zero(&empty_string);
- et.transited.tr_type = DOMAIN_X500_COMPRESS;
- et.transited.contents = empty_string;
- }
+ et.transited.tr_type = DOMAIN_X500_COMPRESS;
+ krb5_data_zero(&et.transited.contents);
copy_EncryptionKey(&et.key, &ek.key);
@@ -804,17 +864,17 @@ as_rep(KDC_REQ *req,
if (client->pw_end
&& (kdc_warn_pwexpire == 0
|| kdc_time + kdc_warn_pwexpire <= *client->pw_end)) {
- ek.last_req.val[ek.last_req.len].lr_type = 6;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME;
ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end;
++ek.last_req.len;
}
if (client->valid_end) {
- ek.last_req.val[ek.last_req.len].lr_type = 7;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end;
++ek.last_req.len;
}
if (ek.last_req.len == 0) {
- ek.last_req.val[ek.last_req.len].lr_type = 0;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_NONE;
ek.last_req.val[ek.last_req.len].lr_value = 0;
++ek.last_req.len;
}
@@ -850,11 +910,11 @@ as_rep(KDC_REQ *req,
set_salt_padata (&rep.padata, ckey->salt);
ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key,
- client->kvno, &ckey->key, reply);
+ client->kvno, &ckey->key, &e_text, reply);
free_EncTicketPart(&et);
free_EncKDCRepPart(&ek);
+ out:
free_AS_REP(&rep);
-out:
if(ret){
krb5_mk_error(context,
ret,
@@ -862,14 +922,17 @@ out:
NULL,
client_princ,
server_princ,
- 0,
+ NULL,
+ NULL,
reply);
ret = 0;
}
-out2:
- krb5_free_principal(context, client_princ);
+ out2:
+ if (client_princ)
+ krb5_free_principal(context, client_princ);
free(client_name);
- krb5_free_principal(context, server_princ);
+ if (server_princ)
+ krb5_free_principal(context, server_princ);
free(server_name);
if(client)
free_ent(client);
@@ -978,7 +1041,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
old_life -= *tgt->starttime;
else
old_life -= tgt->authtime;
- et->endtime = min(*et->renew_till, *et->starttime + old_life);
+ et->endtime = *et->starttime + old_life;
+ if (et->renew_till != NULL)
+ et->endtime = min(*et->renew_till, et->endtime);
}
/* checks for excess flags */
@@ -990,31 +1055,38 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
}
static krb5_error_code
-fix_transited_encoding(TransitedEncoding *tr,
+fix_transited_encoding(krb5_boolean check_policy,
+ TransitedEncoding *tr,
+ EncTicketPart *et,
const char *client_realm,
const char *server_realm,
const char *tgt_realm)
{
krb5_error_code ret = 0;
- if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)){
- char **realms = NULL, **tmp;
- int num_realms = 0;
- int i;
- if(tr->tr_type && tr->contents.length != 0) {
- if(tr->tr_type != DOMAIN_X500_COMPRESS){
- kdc_log(0, "Unknown transited type: %u",
- tr->tr_type);
- return KRB5KDC_ERR_TRTYPE_NOSUPP;
- }
- ret = krb5_domain_x500_decode(tr->contents,
- &realms,
- &num_realms,
- client_realm,
- server_realm);
- if(ret){
- krb5_warn(context, ret, "Decoding transited encoding");
- return ret;
- }
+ char **realms, **tmp;
+ int num_realms;
+ int i;
+
+ if(tr->tr_type != DOMAIN_X500_COMPRESS) {
+ kdc_log(0, "Unknown transited type: %u", tr->tr_type);
+ return KRB5KDC_ERR_TRTYPE_NOSUPP;
+ }
+
+ ret = krb5_domain_x500_decode(context,
+ tr->contents,
+ &realms,
+ &num_realms,
+ client_realm,
+ server_realm);
+ if(ret){
+ krb5_warn(context, ret, "Decoding transited encoding");
+ return ret;
+ }
+ if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+ /* not us, so add the previous realm to transited set */
+ if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ ret = ERANGE;
+ goto free_realms;
}
tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
if(tmp == NULL){
@@ -1028,16 +1100,46 @@ fix_transited_encoding(TransitedEncoding *tr,
goto free_realms;
}
num_realms++;
- free_TransitedEncoding(tr);
- tr->tr_type = DOMAIN_X500_COMPRESS;
- ret = krb5_domain_x500_encode(realms, num_realms, &tr->contents);
- if(ret)
- krb5_warn(context, ret, "Encoding transited encoding");
- free_realms:
+ }
+ if(num_realms == 0) {
+ if(strcmp(client_realm, server_realm))
+ kdc_log(0, "cross-realm %s -> %s", client_realm, server_realm);
+ } else {
+ size_t l = 0;
+ char *rs;
for(i = 0; i < num_realms; i++)
- free(realms[i]);
- free(realms);
+ l += strlen(realms[i]) + 2;
+ rs = malloc(l);
+ if(rs != NULL) {
+ *rs = '\0';
+ for(i = 0; i < num_realms; i++) {
+ if(i > 0)
+ strlcat(rs, ", ", l);
+ strlcat(rs, realms[i], l);
+ }
+ kdc_log(0, "cross-realm %s -> %s via [%s]", client_realm, server_realm, rs);
+ free(rs);
+ }
}
+ if(check_policy) {
+ ret = krb5_check_transited(context, client_realm,
+ server_realm,
+ realms, num_realms, NULL);
+ if(ret) {
+ krb5_warn(context, ret, "cross-realm %s -> %s",
+ client_realm, server_realm);
+ goto free_realms;
+ }
+ et->flags.transited_policy_checked = 1;
+ }
+ et->transited.tr_type = DOMAIN_X500_COMPRESS;
+ ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents);
+ if(ret)
+ krb5_warn(context, ret, "Encoding transited encoding");
+ free_realms:
+ for(i = 0; i < num_realms; i++)
+ free(realms[i]);
+ free(realms);
return ret;
}
@@ -1052,6 +1154,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
krb5_principal client_principal,
hdb_entry *krbtgt,
krb5_enctype cetype,
+ const char **e_text,
krb5_data *reply)
{
KDC_REP rep;
@@ -1102,18 +1205,35 @@ tgs_make_reply(KDC_REQ_BODY *b,
ret = check_tgs_flags(b, tgt, &et);
if(ret)
- return ret;
+ goto out;
- copy_TransitedEncoding(&tgt->transited, &et.transited);
- ret = fix_transited_encoding(&et.transited,
+ /* We should check the transited encoding if:
+ 1) the request doesn't ask not to be checked
+ 2) globally enforcing a check
+ 3) principal requires checking
+ 4) we allow non-check per-principal, but principal isn't marked as allowing this
+ 5) we don't globally allow this
+ */
+
+#define GLOBAL_FORCE_TRANSITED_CHECK (trpolicy == TRPOLICY_ALWAYS_CHECK)
+#define GLOBAL_ALLOW_PER_PRINCIPAL (trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL)
+#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK (trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST)
+/* these will consult the database in future release */
+#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0
+#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0
+
+ ret = fix_transited_encoding(!f.disable_transited_check ||
+ GLOBAL_FORCE_TRANSITED_CHECK ||
+ PRINCIPAL_FORCE_TRANSITED_CHECK(server) ||
+ !((GLOBAL_ALLOW_PER_PRINCIPAL &&
+ PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) ||
+ GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK),
+ &tgt->transited, &et,
*krb5_princ_realm(context, client_principal),
*krb5_princ_realm(context, server->principal),
*krb5_princ_realm(context, krbtgt->principal));
- if(ret){
- free_TransitedEncoding(&et.transited);
- return ret;
- }
-
+ if(ret)
+ goto out;
copy_Realm(krb5_princ_realm(context, server->principal),
&rep.ticket.realm);
@@ -1207,8 +1327,8 @@ tgs_make_reply(KDC_REQ_BODY *b,
etype list, even if we don't want a session key with
DES3? */
ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
- 0, &tgt->key, reply);
-out:
+ 0, &tgt->key, e_text, reply);
+ out:
free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited);
if(et.starttime)
@@ -1224,15 +1344,17 @@ out:
static krb5_error_code
tgs_check_authenticator(krb5_auth_context ac,
KDC_REQ_BODY *b,
+ const char **e_text,
krb5_keyblock *key)
{
krb5_authenticator auth;
size_t len;
- unsigned char buf[8192];
+ unsigned char *buf;
+ size_t buf_size;
krb5_error_code ret;
krb5_crypto crypto;
- krb5_auth_getauthenticator(context, ac, &auth);
+ krb5_auth_con_getauthenticator(context, ac, &auth);
if(auth->cksum == NULL){
kdc_log(0, "No authenticator in request");
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
@@ -1255,15 +1377,22 @@ tgs_check_authenticator(krb5_auth_context ac,
}
/* XXX should not re-encode this */
- ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
- b, &len);
+ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
if(ret){
kdc_log(0, "Failed to encode KDC-REQ-BODY: %s",
krb5_get_err_text(context, ret));
goto out;
}
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
+ free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
goto out;
@@ -1271,9 +1400,10 @@ tgs_check_authenticator(krb5_auth_context ac,
ret = krb5_verify_checksum(context,
crypto,
KRB5_KU_TGS_REQ_AUTH_CKSUM,
- buf + sizeof(buf) - len,
+ buf,
len,
auth->cksum);
+ free(buf);
krb5_crypto_destroy(context, crypto);
if(ret){
kdc_log(0, "Failed to verify checksum: %s",
@@ -1285,34 +1415,52 @@ out:
return ret;
}
+/*
+ * return the realm of a krbtgt-ticket or NULL
+ */
+
static Realm
-is_krbtgt(PrincipalName *p)
+get_krbtgt_realm(const PrincipalName *p)
{
- if(p->name_string.len == 2 && strcmp(p->name_string.val[0], "krbtgt") == 0)
+ if(p->name_string.len == 2
+ && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
return p->name_string.val[1];
else
return NULL;
}
static Realm
-find_rpath(Realm r)
+find_rpath(Realm crealm, Realm srealm)
{
const char *new_realm = krb5_config_get_string(context,
NULL,
- "libdefaults",
- "capath",
- r,
+ "capaths",
+ crealm,
+ srealm,
NULL);
return (Realm)new_realm;
}
+static krb5_boolean
+need_referral(krb5_principal server, krb5_realm **realms)
+{
+ if(server->name.name_type != KRB5_NT_SRV_INST ||
+ server->name.name_string.len != 2)
+ return FALSE;
+
+ return krb5_get_host_realm_int(context, server->name.name_string.val[1],
+ FALSE, realms) == 0;
+}
+
static krb5_error_code
tgs_rep2(KDC_REQ_BODY *b,
PA_DATA *tgs_req,
krb5_data *reply,
const char *from,
- struct sockaddr *from_addr)
+ const struct sockaddr *from_addr,
+ time_t **csec,
+ int **cusec)
{
krb5_ap_req ap_req;
krb5_error_code ret;
@@ -1332,6 +1480,9 @@ tgs_rep2(KDC_REQ_BODY *b,
krb5_principal sp = NULL;
AuthorizationData *auth_data = NULL;
+ *csec = NULL;
+ *cusec = NULL;
+
memset(&ap_req, 0, sizeof(ap_req));
ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
if(ret){
@@ -1340,7 +1491,7 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2;
}
- if(!is_krbtgt(&ap_req.ticket.sname)){
+ if(!get_krbtgt_realm(&ap_req.ticket.sname)){
/* XXX check for ticket.sname == req.sname */
kdc_log(0, "PA-DATA is not a ticket-granting ticket");
ret = KRB5KDC_ERR_POLICY; /* ? */
@@ -1356,6 +1507,7 @@ tgs_rep2(KDC_REQ_BODY *b,
if(ret) {
char *p;
krb5_unparse_name(context, princ, &p);
+ krb5_free_principal(context, princ);
kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
p, krb5_get_err_text(context, ret));
free(p);
@@ -1368,6 +1520,7 @@ tgs_rep2(KDC_REQ_BODY *b,
char *p;
krb5_unparse_name (context, princ, &p);
+ krb5_free_principal(context, princ);
kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno,
krbtgt->kvno,
@@ -1409,11 +1562,34 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2;
}
+ {
+ krb5_authenticator auth;
+
+ ret = krb5_auth_con_getauthenticator(context, ac, &auth);
+ if (ret == 0) {
+ *csec = malloc(sizeof(**csec));
+ if (*csec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(0, "malloc failed");
+ goto out2;
+ }
+ **csec = auth->ctime;
+ *cusec = malloc(sizeof(**cusec));
+ if (*cusec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(0, "malloc failed");
+ goto out2;
+ }
+ **csec = auth->cusec;
+ krb5_free_authenticator(context, &auth);
+ }
+ }
+
cetype = ap_req.authenticator.etype;
tgt = &ticket->ticket;
- ret = tgs_check_authenticator(ac, b, &tgt->key);
+ ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key);
if (b->enc_authorization_data) {
krb5_keyblock *subkey;
@@ -1506,7 +1682,7 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out;
}
t = &b->additional_tickets->val[0];
- if(!is_krbtgt(&t->sname)){
+ if(!get_krbtgt_realm(&t->sname)){
kdc_log(0, "Additional ticket is not a ticket-granting ticket");
ret = KRB5KDC_ERR_POLICY;
goto out2;
@@ -1515,7 +1691,7 @@ tgs_rep2(KDC_REQ_BODY *b,
ret = db_fetch(p, &uu);
krb5_free_principal(context, p);
if(ret){
- if (ret == ENOENT)
+ if (ret == HDB_ERR_NOENTRY)
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
@@ -1548,22 +1724,40 @@ tgs_rep2(KDC_REQ_BODY *b,
if(ret){
Realm req_rlm, new_rlm;
- if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){
- new_rlm = find_rpath(req_rlm);
- if(new_rlm) {
- kdc_log(5, "krbtgt for realm %s not found, trying %s",
- req_rlm, new_rlm);
+ krb5_realm *realms;
+
+ if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+ if(loop++ < 2) {
+ new_rlm = find_rpath(tgt->crealm, req_rlm);
+ if(new_rlm) {
+ kdc_log(5, "krbtgt for realm %s not found, trying %s",
+ req_rlm, new_rlm);
+ krb5_free_principal(context, sp);
+ free(spn);
+ krb5_make_principal(context, &sp, r,
+ KRB5_TGS_NAME, new_rlm, NULL);
+ krb5_unparse_name(context, sp, &spn);
+ goto server_lookup;
+ }
+ }
+ } else if(need_referral(sp, &realms)) {
+ if (strcmp(realms[0], sp->realm) != 0) {
+ kdc_log(5, "returning a referral to realm %s for "
+ "server %s that was not found",
+ realms[0], spn);
krb5_free_principal(context, sp);
free(spn);
- krb5_make_principal(context, &sp, r,
- "krbtgt", new_rlm, NULL);
- krb5_unparse_name(context, sp, &spn);
+ krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+ realms[0], NULL);
+ krb5_unparse_name(context, sp, &spn);
+ krb5_free_host_realm(context, realms);
goto server_lookup;
}
+ krb5_free_host_realm(context, realms);
}
kdc_log(0, "Server not found in database: %s: %s", spn,
krb5_get_err_text(context, ret));
- if (ret == ENOENT)
+ if (ret == HDB_ERR_NOENTRY)
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
@@ -1577,12 +1771,24 @@ tgs_rep2(KDC_REQ_BODY *b,
if(ret){
kdc_log(0, "Client not found in database: %s: %s",
cpn, krb5_get_err_text(context, ret));
- if (ret == ENOENT)
+ if (ret == HDB_ERR_NOENTRY)
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out;
}
#endif
+ if(strcmp(krb5_principal_get_realm(context, sp),
+ krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) {
+ char *tpn;
+ ret = krb5_unparse_name(context, krbtgt->principal, &tpn);
+ kdc_log(0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : "<unknown>");
+ if(ret == 0)
+ free(tpn);
+ ret = KRB5KRB_AP_ERR_NOT_US;
+ goto out;
+
+ }
+
ret = check_flags(client, cpn, server, spn, FALSE);
if(ret)
goto out;
@@ -1612,6 +1818,7 @@ tgs_rep2(KDC_REQ_BODY *b,
cp,
krbtgt,
cetype,
+ &e_text,
reply);
out:
@@ -1624,15 +1831,21 @@ tgs_rep2(KDC_REQ_BODY *b,
free_ent(client);
}
out2:
- if(ret)
+ if(ret) {
krb5_mk_error(context,
ret,
e_text,
NULL,
cp,
sp,
- 0,
+ NULL,
+ NULL,
reply);
+ free(*csec);
+ free(*cusec);
+ *csec = NULL;
+ *cusec = NULL;
+ }
krb5_free_principal(context, cp);
krb5_free_principal(context, sp);
if (ticket) {
@@ -1647,6 +1860,7 @@ out2:
if(krbtgt)
free_ent(krbtgt);
+
return ret;
}
@@ -1660,6 +1874,8 @@ tgs_rep(KDC_REQ *req,
krb5_error_code ret;
int i = 0;
PA_DATA *tgs_req = NULL;
+ time_t *csec = NULL;
+ int *cusec = NULL;
if(req->padata == NULL){
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
@@ -1675,7 +1891,8 @@ tgs_rep(KDC_REQ *req,
kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from);
goto out;
}
- ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr);
+ ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr,
+ &csec, &cusec);
out:
if(ret && data->data == NULL){
krb5_mk_error(context,
@@ -1684,8 +1901,11 @@ out:
NULL,
NULL,
NULL,
- 0,
+ csec,
+ cusec,
data);
}
+ free(csec);
+ free(cusec);
return 0;
}
diff --git a/kerberosV/src/lib/krb5/krb5-protos.h b/kerberosV/src/lib/krb5/krb5-protos.h
index 628f560e983..b0ad5bb6762 100644
--- a/kerberosV/src/lib/krb5/krb5-protos.h
+++ b/kerberosV/src/lib/krb5/krb5-protos.h
@@ -2,2648 +2,2955 @@
#ifndef __krb5_protos_h__
#define __krb5_protos_h__
-#ifdef __STDC__
#include <stdarg.h>
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
#if !defined(__GNUC__) && !defined(__attribute__)
#define __attribute__(x)
#endif
krb5_error_code
-krb524_convert_creds_kdc __P((
- krb5_context context,
- krb5_ccache ccache,
- krb5_creds *in_cred,
- struct credentials *v4creds));
+krb524_convert_creds_kdc (
+ krb5_context /*context*/,
+ krb5_creds */*in_cred*/,
+ struct credentials */*v4creds*/);
+
+krb5_error_code
+krb524_convert_creds_kdc_ccache (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_cred*/,
+ struct credentials */*v4creds*/);
+
+krb5_error_code
+krb5_425_conv_principal (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ krb5_principal */*princ*/);
krb5_error_code
-krb5_425_conv_principal __P((
- krb5_context context,
- const char *name,
- const char *instance,
- const char *realm,
- krb5_principal *princ));
+krb5_425_conv_principal_ext (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ krb5_boolean (*/*func*/)(krb5_context, krb5_principal),
+ krb5_boolean /*resolve*/,
+ krb5_principal */*princ*/);
krb5_error_code
-krb5_425_conv_principal_ext __P((
- krb5_context context,
- const char *name,
- const char *instance,
- const char *realm,
- krb5_boolean (*func)(krb5_context, krb5_principal),
- krb5_boolean resolve,
- krb5_principal *princ));
+krb5_524_conv_principal (
+ krb5_context /*context*/,
+ const krb5_principal /*principal*/,
+ char */*name*/,
+ char */*instance*/,
+ char */*realm*/);
krb5_error_code
-krb5_524_conv_principal __P((
- krb5_context context,
- const krb5_principal principal,
- char *name,
- char *instance,
- char *realm));
+krb5_PKCS5_PBKDF2 (
+ krb5_context /*context*/,
+ krb5_cksumtype /*cktype*/,
+ krb5_data /*password*/,
+ krb5_salt /*salt*/,
+ u_int32_t /*iter*/,
+ krb5_keytype /*type*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_abort __P((
- krb5_context context,
- krb5_error_code code,
- const char *fmt,
- ...))
+krb5_abort (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((noreturn, format (printf, 3, 4)));
krb5_error_code
-krb5_abortx __P((
- krb5_context context,
- const char *fmt,
- ...))
+krb5_abortx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((noreturn, format (printf, 2, 3)));
krb5_error_code
-krb5_acl_match_file __P((
- krb5_context context,
- const char *file,
- const char *format,
- ...));
+krb5_acl_match_file (
+ krb5_context /*context*/,
+ const char */*file*/,
+ const char */*format*/,
+ ...);
krb5_error_code
-krb5_acl_match_string __P((
- krb5_context context,
- const char *acl_string,
- const char *format,
- ...));
+krb5_acl_match_string (
+ krb5_context /*context*/,
+ const char */*string*/,
+ const char */*format*/,
+ ...);
krb5_error_code
-krb5_add_et_list __P((
- krb5_context context,
- void (*func)(struct et_list **)));
+krb5_add_et_list (
+ krb5_context /*context*/,
+ void (*/*func*/)(struct et_list **));
krb5_error_code
-krb5_add_extra_addresses __P((
- krb5_context context,
- krb5_addresses *addresses));
+krb5_add_extra_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
krb5_error_code
-krb5_addlog_dest __P((
- krb5_context context,
- krb5_log_facility *f,
- const char *p));
+krb5_add_ignore_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
krb5_error_code
-krb5_addlog_func __P((
- krb5_context context,
- krb5_log_facility *fac,
- int min,
- int max,
- krb5_log_log_func_t log,
- krb5_log_close_func_t close,
- void *data));
+krb5_addlog_dest (
+ krb5_context /*context*/,
+ krb5_log_facility */*f*/,
+ const char */*orig*/);
krb5_error_code
-krb5_addr2sockaddr __P((
- const krb5_address *addr,
- struct sockaddr *sa,
- int *sa_size,
- int port));
+krb5_addlog_func (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*min*/,
+ int /*max*/,
+ krb5_log_log_func_t /*log*/,
+ krb5_log_close_func_t /*close*/,
+ void */*data*/);
+
+krb5_error_code
+krb5_addr2sockaddr (
+ krb5_context /*context*/,
+ const krb5_address */*addr*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
krb5_boolean
-krb5_address_compare __P((
- krb5_context context,
- const krb5_address *addr1,
- const krb5_address *addr2));
+krb5_address_compare (
+ krb5_context /*context*/,
+ const krb5_address */*addr1*/,
+ const krb5_address */*addr2*/);
int
-krb5_address_order __P((
- krb5_context context,
- const krb5_address *addr1,
- const krb5_address *addr2));
+krb5_address_order (
+ krb5_context /*context*/,
+ const krb5_address */*addr1*/,
+ const krb5_address */*addr2*/);
krb5_boolean
-krb5_address_search __P((
- krb5_context context,
- const krb5_address *addr,
- const krb5_addresses *addrlist));
+krb5_address_search (
+ krb5_context /*context*/,
+ const krb5_address */*addr*/,
+ const krb5_addresses */*addrlist*/);
krb5_error_code
-krb5_aname_to_localname __P((
- krb5_context context,
- krb5_const_principal aname,
- size_t lnsize,
- char *lname));
+krb5_aname_to_localname (
+ krb5_context /*context*/,
+ krb5_const_principal /*aname*/,
+ size_t /*lnsize*/,
+ char */*lname*/);
krb5_error_code
-krb5_anyaddr __P((
- int af,
- struct sockaddr *sa,
- int *sa_size,
- int port));
+krb5_anyaddr (
+ krb5_context /*context*/,
+ int /*af*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
void
-krb5_appdefault_boolean __P((
- krb5_context context,
- const char *appname,
- krb5_realm realm,
- const char *option,
- krb5_boolean def_val,
- krb5_boolean *ret_val));
+krb5_appdefault_boolean (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ krb5_boolean /*def_val*/,
+ krb5_boolean */*ret_val*/);
void
-krb5_appdefault_string __P((
- krb5_context context,
- const char *appname,
- krb5_realm realm,
- const char *option,
- const char *def_val,
- char **ret_val));
+krb5_appdefault_string (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ const char */*def_val*/,
+ char **/*ret_val*/);
void
-krb5_appdefault_time __P((
- krb5_context context,
- const char *appname,
- krb5_realm realm,
- const char *option,
- time_t def_val,
- time_t *ret_val));
+krb5_appdefault_time (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ time_t /*def_val*/,
+ time_t */*ret_val*/);
+
+krb5_error_code
+krb5_append_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*dest*/,
+ const krb5_addresses */*source*/);
krb5_error_code
-krb5_append_addresses __P((
- krb5_context context,
- krb5_addresses *dest,
- const krb5_addresses *source));
+krb5_auth_con_free (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/);
krb5_error_code
-krb5_auth_con_free __P((
- krb5_context context,
- krb5_auth_context auth_context));
+krb5_auth_con_genaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int /*fd*/,
+ int /*flags*/);
krb5_error_code
-krb5_auth_con_genaddrs __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int fd,
- int flags));
+krb5_auth_con_generatelocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_auth_con_getaddrs __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_address **local_addr,
- krb5_address **remote_addr));
+krb5_auth_con_getaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_address **/*local_addr*/,
+ krb5_address **/*remote_addr*/);
krb5_error_code
-krb5_auth_con_getflags __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t *flags));
+krb5_auth_con_getauthenticator (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_authenticator */*authenticator*/);
krb5_error_code
-krb5_auth_con_getkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock **keyblock));
+krb5_auth_con_getcksumtype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_cksumtype */*cksumtype*/);
krb5_error_code
-krb5_auth_con_getlocalsubkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock **keyblock));
+krb5_auth_con_getflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*flags*/);
krb5_error_code
-krb5_auth_con_getrcache __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_rcache *rcache));
+krb5_auth_con_getkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
krb5_error_code
-krb5_auth_con_getremotesubkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock **keyblock));
+krb5_auth_con_getkeytype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keytype */*keytype*/);
krb5_error_code
-krb5_auth_con_init __P((
- krb5_context context,
- krb5_auth_context *auth_context));
+krb5_auth_con_getlocalseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*seqnumber*/);
krb5_error_code
-krb5_auth_con_setaddrs __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_address *local_addr,
- krb5_address *remote_addr));
+krb5_auth_con_getlocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
krb5_error_code
-krb5_auth_con_setaddrs_from_fd __P((
- krb5_context context,
- krb5_auth_context auth_context,
- void *p_fd));
+krb5_auth_con_getrcache (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_rcache */*rcache*/);
krb5_error_code
-krb5_auth_con_setflags __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t flags));
+krb5_auth_con_getremotesubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
krb5_error_code
-krb5_auth_con_setkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock));
+krb5_auth_con_init (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/);
krb5_error_code
-krb5_auth_con_setlocalsubkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock));
+krb5_auth_con_setaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_address */*local_addr*/,
+ krb5_address */*remote_addr*/);
krb5_error_code
-krb5_auth_con_setrcache __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_rcache rcache));
+krb5_auth_con_setaddrs_from_fd (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ void */*p_fd*/);
krb5_error_code
-krb5_auth_con_setremotesubkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock));
+krb5_auth_con_setcksumtype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_cksumtype /*cksumtype*/);
krb5_error_code
-krb5_auth_con_setuserkey __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock));
+krb5_auth_con_setflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*flags*/);
krb5_error_code
-krb5_auth_getauthenticator __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_authenticator *authenticator));
+krb5_auth_con_setkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
krb5_error_code
-krb5_auth_getcksumtype __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_cksumtype *cksumtype));
+krb5_auth_con_setkeytype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keytype /*keytype*/);
krb5_error_code
-krb5_auth_getkeytype __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keytype *keytype));
+krb5_auth_con_setlocalseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*seqnumber*/);
krb5_error_code
-krb5_auth_getlocalseqnumber __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t *seqnumber));
+krb5_auth_con_setlocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
krb5_error_code
-krb5_auth_getremoteseqnumber __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t *seqnumber));
+krb5_auth_con_setrcache (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_rcache /*rcache*/);
krb5_error_code
-krb5_auth_setcksumtype __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_cksumtype cksumtype));
+krb5_auth_con_setremoteseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*seqnumber*/);
krb5_error_code
-krb5_auth_setkeytype __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_keytype keytype));
+krb5_auth_con_setremotesubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
krb5_error_code
-krb5_auth_setlocalseqnumber __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t seqnumber));
+krb5_auth_con_setuserkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
krb5_error_code
-krb5_auth_setremoteseqnumber __P((
- krb5_context context,
- krb5_auth_context auth_context,
- int32_t seqnumber));
+krb5_auth_getremoteseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*seqnumber*/);
krb5_error_code
-krb5_build_ap_req __P((
- krb5_context context,
- krb5_enctype enctype,
- krb5_creds *cred,
- krb5_flags ap_options,
- krb5_data authenticator,
- krb5_data *retdata));
+krb5_build_ap_req (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_creds */*cred*/,
+ krb5_flags /*ap_options*/,
+ krb5_data /*authenticator*/,
+ krb5_data */*retdata*/);
krb5_error_code
-krb5_build_authenticator __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_enctype enctype,
- krb5_creds *cred,
- Checksum *cksum,
- Authenticator **auth_result,
- krb5_data *result,
- krb5_key_usage usage));
+krb5_build_authenticator (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_enctype /*enctype*/,
+ krb5_creds */*cred*/,
+ Checksum */*cksum*/,
+ Authenticator **/*auth_result*/,
+ krb5_data */*result*/,
+ krb5_key_usage /*usage*/);
krb5_error_code
-krb5_build_principal __P((
- krb5_context context,
- krb5_principal *principal,
- int rlen,
- krb5_const_realm realm,
- ...));
+krb5_build_principal (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ ...);
krb5_error_code
-krb5_build_principal_ext __P((
- krb5_context context,
- krb5_principal *principal,
- int rlen,
- krb5_const_realm realm,
- ...));
+krb5_build_principal_ext (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ ...);
krb5_error_code
-krb5_build_principal_va __P((
- krb5_context context,
- krb5_principal *principal,
- int rlen,
- krb5_const_realm realm,
- va_list ap));
+krb5_build_principal_va (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ va_list /*ap*/);
krb5_error_code
-krb5_build_principal_va_ext __P((
- krb5_context context,
- krb5_principal *principal,
- int rlen,
- krb5_const_realm realm,
- va_list ap));
+krb5_build_principal_va_ext (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ va_list /*ap*/);
krb5_error_code
-krb5_cc_close __P((
- krb5_context context,
- krb5_ccache id));
+krb5_cc_close (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
krb5_error_code
-krb5_cc_copy_cache __P((
- krb5_context context,
- const krb5_ccache from,
- krb5_ccache to));
+krb5_cc_copy_cache (
+ krb5_context /*context*/,
+ const krb5_ccache /*from*/,
+ krb5_ccache /*to*/);
krb5_error_code
-krb5_cc_default __P((
- krb5_context context,
- krb5_ccache *id));
+krb5_cc_default (
+ krb5_context /*context*/,
+ krb5_ccache */*id*/);
const char*
-krb5_cc_default_name __P((krb5_context context));
+krb5_cc_default_name (krb5_context /*context*/);
krb5_error_code
-krb5_cc_destroy __P((
- krb5_context context,
- krb5_ccache id));
+krb5_cc_destroy (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
krb5_error_code
-krb5_cc_end_seq_get __P((
- krb5_context context,
- const krb5_ccache id,
- krb5_cc_cursor *cursor));
+krb5_cc_end_seq_get (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/);
krb5_error_code
-krb5_cc_gen_new __P((
- krb5_context context,
- const krb5_cc_ops *ops,
- krb5_ccache *id));
+krb5_cc_gen_new (
+ krb5_context /*context*/,
+ const krb5_cc_ops */*ops*/,
+ krb5_ccache */*id*/);
const char*
-krb5_cc_get_name __P((
- krb5_context context,
- krb5_ccache id));
+krb5_cc_get_name (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+const krb5_cc_ops *
+krb5_cc_get_ops (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
krb5_error_code
-krb5_cc_get_principal __P((
- krb5_context context,
- krb5_ccache id,
- krb5_principal *principal));
+krb5_cc_get_principal (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal */*principal*/);
const char*
-krb5_cc_get_type __P((
- krb5_context context,
- krb5_ccache id));
+krb5_cc_get_type (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+krb5_error_code
+krb5_cc_get_version (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/);
+
+krb5_error_code
+krb5_cc_initialize (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal /*primary_principal*/);
krb5_error_code
-krb5_cc_get_version __P((
- krb5_context context,
- const krb5_ccache id));
+krb5_cc_next_cred (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/,
+ krb5_creds */*creds*/);
krb5_error_code
-krb5_cc_initialize __P((
- krb5_context context,
- krb5_ccache id,
- krb5_principal primary_principal));
+krb5_cc_register (
+ krb5_context /*context*/,
+ const krb5_cc_ops */*ops*/,
+ krb5_boolean /*override*/);
krb5_error_code
-krb5_cc_next_cred __P((
- krb5_context context,
- const krb5_ccache id,
- krb5_creds *creds,
- krb5_cc_cursor *cursor));
+krb5_cc_remove_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*which*/,
+ krb5_creds */*cred*/);
krb5_error_code
-krb5_cc_register __P((
- krb5_context context,
- const krb5_cc_ops *ops,
- krb5_boolean override));
+krb5_cc_resolve (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_ccache */*id*/);
krb5_error_code
-krb5_cc_remove_cred __P((
- krb5_context context,
- krb5_ccache id,
- krb5_flags which,
- krb5_creds *cred));
+krb5_cc_retrieve_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/,
+ krb5_creds */*creds*/);
krb5_error_code
-krb5_cc_resolve __P((
- krb5_context context,
- const char *name,
- krb5_ccache *id));
+krb5_cc_set_default_name (
+ krb5_context /*context*/,
+ const char */*name*/);
krb5_error_code
-krb5_cc_retrieve_cred __P((
- krb5_context context,
- krb5_ccache id,
- krb5_flags whichfields,
- const krb5_creds *mcreds,
- krb5_creds *creds));
+krb5_cc_set_flags (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*flags*/);
krb5_error_code
-krb5_cc_set_flags __P((
- krb5_context context,
- krb5_ccache id,
- krb5_flags flags));
+krb5_cc_start_seq_get (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/);
krb5_error_code
-krb5_cc_start_seq_get __P((
- krb5_context context,
- const krb5_ccache id,
- krb5_cc_cursor *cursor));
+krb5_cc_store_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_creds */*creds*/);
krb5_error_code
-krb5_cc_store_cred __P((
- krb5_context context,
- krb5_ccache id,
- krb5_creds *creds));
+krb5_change_password (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ char */*newpw*/,
+ int */*result_code*/,
+ krb5_data */*result_code_string*/,
+ krb5_data */*result_string*/);
krb5_error_code
-krb5_change_password __P((
- krb5_context context,
- krb5_creds *creds,
- char *newpw,
- int *result_code,
- krb5_data *result_code_string,
- krb5_data *result_string));
+krb5_check_transited (
+ krb5_context /*context*/,
+ krb5_const_realm /*client_realm*/,
+ krb5_const_realm /*server_realm*/,
+ krb5_realm */*realms*/,
+ int /*num_realms*/,
+ int */*bad_realm*/);
krb5_error_code
-krb5_check_transited_realms __P((
- krb5_context context,
- const char *const *realms,
- int num_realms,
- int *bad_realm));
+krb5_check_transited_realms (
+ krb5_context /*context*/,
+ const char *const */*realms*/,
+ int /*num_realms*/,
+ int */*bad_realm*/);
krb5_boolean
-krb5_checksum_is_collision_proof __P((
- krb5_context context,
- krb5_cksumtype type));
+krb5_checksum_is_collision_proof (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/);
krb5_boolean
-krb5_checksum_is_keyed __P((
- krb5_context context,
- krb5_cksumtype type));
+krb5_checksum_is_keyed (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/);
krb5_error_code
-krb5_checksumsize __P((
- krb5_context context,
- krb5_cksumtype type,
- size_t *size));
+krb5_checksumsize (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/,
+ size_t */*size*/);
+
+void
+krb5_clear_error_string (krb5_context /*context*/);
krb5_error_code
-krb5_closelog __P((
- krb5_context context,
- krb5_log_facility *fac));
+krb5_closelog (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/);
krb5_boolean
-krb5_compare_creds __P((
- krb5_context context,
- krb5_flags whichfields,
- const krb5_creds *mcreds,
- const krb5_creds *creds));
+krb5_compare_creds (
+ krb5_context /*context*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/,
+ const krb5_creds */*creds*/);
krb5_error_code
-krb5_config_file_free __P((
- krb5_context context,
- krb5_config_section *s));
+krb5_config_file_free (
+ krb5_context /*context*/,
+ krb5_config_section */*s*/);
void
-krb5_config_free_strings __P((char **strings));
+krb5_config_free_strings (char **/*strings*/);
const void *
-krb5_config_get __P((
- krb5_context context,
- krb5_config_section *c,
- int type,
- ...));
+krb5_config_get (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*type*/,
+ ...);
krb5_boolean
-krb5_config_get_bool __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_bool (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
krb5_boolean
-krb5_config_get_bool_default __P((
- krb5_context context,
- krb5_config_section *c,
- krb5_boolean def_value,
- ...));
+krb5_config_get_bool_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ krb5_boolean /*def_value*/,
+ ...);
int
-krb5_config_get_int __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_int (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
int
-krb5_config_get_int_default __P((
- krb5_context context,
- krb5_config_section *c,
- int def_value,
- ...));
+krb5_config_get_int_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ ...);
const krb5_config_binding *
-krb5_config_get_list __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_list (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
const void *
-krb5_config_get_next __P((
- krb5_context context,
- krb5_config_section *c,
- krb5_config_binding **pointer,
- int type,
- ...));
+krb5_config_get_next (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const krb5_config_binding **/*pointer*/,
+ int /*type*/,
+ ...);
const char *
-krb5_config_get_string __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_string (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
const char *
-krb5_config_get_string_default __P((
- krb5_context context,
- krb5_config_section *c,
- const char *def_value,
- ...));
+krb5_config_get_string_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const char */*def_value*/,
+ ...);
char**
-krb5_config_get_strings __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_strings (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
int
-krb5_config_get_time __P((
- krb5_context context,
- krb5_config_section *c,
- ...));
+krb5_config_get_time (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
int
-krb5_config_get_time_default __P((
- krb5_context context,
- krb5_config_section *c,
- int def_value,
- ...));
+krb5_config_get_time_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ ...);
krb5_error_code
-krb5_config_parse_file __P((
- const char *fname,
- krb5_config_section **res));
+krb5_config_parse_file (
+ krb5_context /*context*/,
+ const char */*fname*/,
+ krb5_config_section **/*res*/);
krb5_error_code
-krb5_config_parse_file_debug __P((
- const char *fname,
- krb5_config_section **res,
- unsigned *lineno,
- char **error_message));
+krb5_config_parse_file_multi (
+ krb5_context /*context*/,
+ const char */*fname*/,
+ krb5_config_section **/*res*/);
const void *
-krb5_config_vget __P((
- krb5_context context,
- krb5_config_section *c,
- int type,
- va_list args));
+krb5_config_vget (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*type*/,
+ va_list /*args*/);
krb5_boolean
-krb5_config_vget_bool __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_bool (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
krb5_boolean
-krb5_config_vget_bool_default __P((
- krb5_context context,
- krb5_config_section *c,
- krb5_boolean def_value,
- va_list args));
+krb5_config_vget_bool_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ krb5_boolean /*def_value*/,
+ va_list /*args*/);
int
-krb5_config_vget_int __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_int (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
int
-krb5_config_vget_int_default __P((
- krb5_context context,
- krb5_config_section *c,
- int def_value,
- va_list args));
+krb5_config_vget_int_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ va_list /*args*/);
const krb5_config_binding *
-krb5_config_vget_list __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_list (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
const void *
-krb5_config_vget_next __P((
- krb5_context context,
- krb5_config_section *c,
- krb5_config_binding **pointer,
- int type,
- va_list args));
+krb5_config_vget_next (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const krb5_config_binding **/*pointer*/,
+ int /*type*/,
+ va_list /*args*/);
const char *
-krb5_config_vget_string __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_string (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
const char *
-krb5_config_vget_string_default __P((
- krb5_context context,
- krb5_config_section *c,
- const char *def_value,
- va_list args));
+krb5_config_vget_string_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const char */*def_value*/,
+ va_list /*args*/);
char **
-krb5_config_vget_strings __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_strings (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
int
-krb5_config_vget_time __P((
- krb5_context context,
- krb5_config_section *c,
- va_list args));
+krb5_config_vget_time (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
int
-krb5_config_vget_time_default __P((
- krb5_context context,
- krb5_config_section *c,
- int def_value,
- va_list args));
+krb5_config_vget_time_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ va_list /*args*/);
+
+krb5_error_code
+krb5_copy_address (
+ krb5_context /*context*/,
+ const krb5_address */*inaddr*/,
+ krb5_address */*outaddr*/);
krb5_error_code
-krb5_copy_address __P((
- krb5_context context,
- const krb5_address *inaddr,
- krb5_address *outaddr));
+krb5_copy_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*inaddr*/,
+ krb5_addresses */*outaddr*/);
krb5_error_code
-krb5_copy_addresses __P((
- krb5_context context,
- const krb5_addresses *inaddr,
- krb5_addresses *outaddr));
+krb5_copy_creds (
+ krb5_context /*context*/,
+ const krb5_creds */*incred*/,
+ krb5_creds **/*outcred*/);
krb5_error_code
-krb5_copy_creds __P((
- krb5_context context,
- const krb5_creds *incred,
- krb5_creds **outcred));
+krb5_copy_creds_contents (
+ krb5_context /*context*/,
+ const krb5_creds */*incred*/,
+ krb5_creds */*c*/);
krb5_error_code
-krb5_copy_creds_contents __P((
- krb5_context context,
- const krb5_creds *incred,
- krb5_creds *c));
+krb5_copy_data (
+ krb5_context /*context*/,
+ const krb5_data */*indata*/,
+ krb5_data **/*outdata*/);
krb5_error_code
-krb5_copy_data __P((
- krb5_context context,
- const krb5_data *indata,
- krb5_data **outdata));
+krb5_copy_host_realm (
+ krb5_context /*context*/,
+ const krb5_realm */*from*/,
+ krb5_realm **/*to*/);
krb5_error_code
-krb5_copy_host_realm __P((
- krb5_context context,
- const krb5_realm *from,
- krb5_realm **to));
+krb5_copy_keyblock (
+ krb5_context /*context*/,
+ const krb5_keyblock */*inblock*/,
+ krb5_keyblock **/*to*/);
krb5_error_code
-krb5_copy_keyblock __P((
- krb5_context context,
- const krb5_keyblock *inblock,
- krb5_keyblock **to));
+krb5_copy_keyblock_contents (
+ krb5_context /*context*/,
+ const krb5_keyblock */*inblock*/,
+ krb5_keyblock */*to*/);
krb5_error_code
-krb5_copy_keyblock_contents __P((
- krb5_context context,
- const krb5_keyblock *inblock,
- krb5_keyblock *to));
+krb5_copy_principal (
+ krb5_context /*context*/,
+ krb5_const_principal /*inprinc*/,
+ krb5_principal */*outprinc*/);
krb5_error_code
-krb5_copy_principal __P((
- krb5_context context,
- krb5_const_principal inprinc,
- krb5_principal *outprinc));
+krb5_copy_ticket (
+ krb5_context /*context*/,
+ const krb5_ticket */*from*/,
+ krb5_ticket **/*to*/);
krb5_error_code
-krb5_copy_ticket __P((
- krb5_context context,
- const krb5_ticket *from,
- krb5_ticket **to));
+krb5_create_checksum (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_key_usage /*usage*/,
+ int /*type*/,
+ void */*data*/,
+ size_t /*len*/,
+ Checksum */*result*/);
krb5_error_code
-krb5_create_checksum __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage_or_type,
- void *data,
- size_t len,
- Checksum *result));
+krb5_crypto_destroy (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/);
krb5_error_code
-krb5_crypto_destroy __P((
- krb5_context context,
- krb5_crypto crypto));
+krb5_crypto_getblocksize (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t */*blocksize*/);
krb5_error_code
-krb5_crypto_init __P((
- krb5_context context,
- krb5_keyblock *key,
- krb5_enctype etype,
- krb5_crypto *crypto));
+krb5_crypto_init (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ krb5_crypto */*crypto*/);
krb5_error_code
-krb5_data_alloc __P((
- krb5_data *p,
- int len));
+krb5_data_alloc (
+ krb5_data */*p*/,
+ int /*len*/);
krb5_error_code
-krb5_data_copy __P((
- krb5_data *p,
- const void *data,
- size_t len));
+krb5_data_copy (
+ krb5_data */*p*/,
+ const void */*data*/,
+ size_t /*len*/);
void
-krb5_data_free __P((krb5_data *p));
+krb5_data_free (krb5_data */*p*/);
krb5_error_code
-krb5_data_realloc __P((
- krb5_data *p,
- int len));
+krb5_data_realloc (
+ krb5_data */*p*/,
+ int /*len*/);
void
-krb5_data_zero __P((krb5_data *p));
+krb5_data_zero (krb5_data */*p*/);
krb5_error_code
-krb5_decode_Authenticator __P((
- krb5_context context,
- const void *data,
- size_t length,
- Authenticator *t,
- size_t *len));
+krb5_decode_Authenticator (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ Authenticator */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_ETYPE_INFO __P((
- krb5_context context,
- const void *data,
- size_t length,
- ETYPE_INFO *t,
- size_t *len));
+krb5_decode_ETYPE_INFO (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_EncAPRepPart __P((
- krb5_context context,
- const void *data,
- size_t length,
- EncAPRepPart *t,
- size_t *len));
+krb5_decode_EncAPRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncAPRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_EncASRepPart __P((
- krb5_context context,
- const void *data,
- size_t length,
- EncASRepPart *t,
- size_t *len));
+krb5_decode_EncASRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncASRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_EncKrbCredPart __P((
- krb5_context context,
- const void *data,
- size_t length,
- EncKrbCredPart *t,
- size_t *len));
+krb5_decode_EncKrbCredPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncKrbCredPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_EncTGSRepPart __P((
- krb5_context context,
- const void *data,
- size_t length,
- EncTGSRepPart *t,
- size_t *len));
+krb5_decode_EncTGSRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncTGSRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_EncTicketPart __P((
- krb5_context context,
- const void *data,
- size_t length,
- EncTicketPart *t,
- size_t *len));
+krb5_decode_EncTicketPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncTicketPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_decode_ap_req __P((
- krb5_context context,
- const krb5_data *inbuf,
- krb5_ap_req *ap_req));
+krb5_decode_ap_req (
+ krb5_context /*context*/,
+ const krb5_data */*inbuf*/,
+ krb5_ap_req */*ap_req*/);
krb5_error_code
-krb5_decrypt __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- void *data,
- size_t len,
- krb5_data *result));
+krb5_decrypt (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/);
krb5_error_code
-krb5_decrypt_EncryptedData __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- const EncryptedData *e,
- krb5_data *result));
+krb5_decrypt_EncryptedData (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ const EncryptedData */*e*/,
+ krb5_data */*result*/);
krb5_error_code
-krb5_decrypt_ivec __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- void *data,
- size_t len,
- krb5_data *result,
- void *ivec));
+krb5_decrypt_ivec (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/,
+ void */*ivec*/);
krb5_error_code
-krb5_decrypt_ticket __P((
- krb5_context context,
- Ticket *ticket,
- krb5_keyblock *key,
- EncTicketPart *out,
- krb5_flags flags));
+krb5_decrypt_ticket (
+ krb5_context /*context*/,
+ Ticket */*ticket*/,
+ krb5_keyblock */*key*/,
+ EncTicketPart */*out*/,
+ krb5_flags /*flags*/);
krb5_error_code
-krb5_domain_x500_decode __P((
- krb5_data tr,
- char ***realms,
- int *num_realms,
- const char *client_realm,
- const char *server_realm));
+krb5_derive_key (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ const void */*constant*/,
+ size_t /*constant_len*/,
+ krb5_keyblock **/*derived_key*/);
krb5_error_code
-krb5_domain_x500_encode __P((
- char **realms,
- int num_realms,
- krb5_data *encoding));
+krb5_domain_x500_decode (
+ krb5_context /*context*/,
+ krb5_data /*tr*/,
+ char ***/*realms*/,
+ int */*num_realms*/,
+ const char */*client_realm*/,
+ const char */*server_realm*/);
krb5_error_code
-krb5_eai_to_heim_errno __P((int eai_errno));
+krb5_domain_x500_encode (
+ char **/*realms*/,
+ int /*num_realms*/,
+ krb5_data */*encoding*/);
krb5_error_code
-krb5_encode_Authenticator __P((
- krb5_context context,
- void *data,
- size_t length,
- Authenticator *t,
- size_t *len));
+krb5_eai_to_heim_errno (
+ int /*eai_errno*/,
+ int /*system_error*/);
krb5_error_code
-krb5_encode_ETYPE_INFO __P((
- krb5_context context,
- void *data,
- size_t length,
- ETYPE_INFO *t,
- size_t *len));
+krb5_encode_Authenticator (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ Authenticator */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encode_EncAPRepPart __P((
- krb5_context context,
- void *data,
- size_t length,
- EncAPRepPart *t,
- size_t *len));
+krb5_encode_ETYPE_INFO (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encode_EncASRepPart __P((
- krb5_context context,
- void *data,
- size_t length,
- EncASRepPart *t,
- size_t *len));
+krb5_encode_EncAPRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncAPRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encode_EncKrbCredPart __P((
- krb5_context context,
- void *data,
- size_t length,
- EncKrbCredPart *t,
- size_t *len));
+krb5_encode_EncASRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncASRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encode_EncTGSRepPart __P((
- krb5_context context,
- void *data,
- size_t length,
- EncTGSRepPart *t,
- size_t *len));
+krb5_encode_EncKrbCredPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncKrbCredPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encode_EncTicketPart __P((
- krb5_context context,
- void *data,
- size_t length,
- EncTicketPart *t,
- size_t *len));
+krb5_encode_EncTGSRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncTGSRepPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encrypt __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- void *data,
- size_t len,
- krb5_data *result));
+krb5_encode_EncTicketPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncTicketPart */*t*/,
+ size_t */*len*/);
krb5_error_code
-krb5_encrypt_EncryptedData __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- void *data,
- size_t len,
- int kvno,
- EncryptedData *result));
+krb5_encrypt (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/);
krb5_error_code
-krb5_encrypt_ivec __P((
- krb5_context context,
- krb5_crypto crypto,
- unsigned usage,
- void *data,
- size_t len,
- krb5_data *result,
- void *ivec));
+krb5_encrypt_EncryptedData (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ int /*kvno*/,
+ EncryptedData */*result*/);
krb5_error_code
-krb5_enctype_to_keytype __P((
- krb5_context context,
- krb5_enctype etype,
- krb5_keytype *keytype));
+krb5_encrypt_ivec (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/,
+ void */*ivec*/);
krb5_error_code
-krb5_enctype_to_string __P((
- krb5_context context,
- krb5_enctype etype,
- char **string));
+krb5_enctype_keysize (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ size_t */*keysize*/);
krb5_error_code
-krb5_enctype_valid __P((
- krb5_context context,
- krb5_enctype etype));
+krb5_enctype_to_keytype (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ krb5_keytype */*keytype*/);
+
+krb5_error_code
+krb5_enctype_to_string (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ char **/*string*/);
+
+krb5_error_code
+krb5_enctype_valid (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/);
krb5_boolean
-krb5_enctypes_compatible_keys __P((
- krb5_context context,
- krb5_enctype etype1,
- krb5_enctype etype2));
-
-krb5_error_code
-krb5_err __P((
- krb5_context context,
- int eval,
- krb5_error_code code,
- const char *fmt,
- ...))
+krb5_enctypes_compatible_keys (
+ krb5_context /*context*/,
+ krb5_enctype /*etype1*/,
+ krb5_enctype /*etype2*/);
+
+krb5_error_code
+krb5_err (
+ krb5_context /*context*/,
+ int /*eval*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((noreturn, format (printf, 4, 5)));
krb5_error_code
-krb5_errx __P((
- krb5_context context,
- int eval,
- const char *fmt,
- ...))
+krb5_error_from_rd_error (
+ krb5_context /*context*/,
+ const krb5_error */*error*/,
+ const krb5_creds */*creds*/);
+
+krb5_error_code
+krb5_errx (
+ krb5_context /*context*/,
+ int /*eval*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((noreturn, format (printf, 3, 4)));
krb5_error_code
-krb5_expand_hostname __P((
- krb5_context context,
- const char *orig_hostname,
- char **new_hostname));
+krb5_expand_hostname (
+ krb5_context /*context*/,
+ const char */*orig_hostname*/,
+ char **/*new_hostname*/);
krb5_error_code
-krb5_expand_hostname_realms __P((
- krb5_context context,
- const char *orig_hostname,
- char **new_hostname,
- char ***realms));
+krb5_expand_hostname_realms (
+ krb5_context /*context*/,
+ const char */*orig_hostname*/,
+ char **/*new_hostname*/,
+ char ***/*realms*/);
PA_DATA *
-krb5_find_padata __P((
- PA_DATA *val,
- unsigned len,
- int type,
- int *index));
+krb5_find_padata (
+ PA_DATA */*val*/,
+ unsigned /*len*/,
+ int /*type*/,
+ int */*index*/);
krb5_error_code
-krb5_format_time __P((
- krb5_context context,
- time_t t,
- char *s,
- size_t len,
- krb5_boolean include_time));
+krb5_format_time (
+ krb5_context /*context*/,
+ time_t /*t*/,
+ char */*s*/,
+ size_t /*len*/,
+ krb5_boolean /*include_time*/);
krb5_error_code
-krb5_free_address __P((
- krb5_context context,
- krb5_address *address));
+krb5_free_address (
+ krb5_context /*context*/,
+ krb5_address */*address*/);
krb5_error_code
-krb5_free_addresses __P((
- krb5_context context,
- krb5_addresses *addresses));
+krb5_free_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
void
-krb5_free_ap_rep_enc_part __P((
- krb5_context context,
- krb5_ap_rep_enc_part *val));
+krb5_free_ap_rep_enc_part (
+ krb5_context /*context*/,
+ krb5_ap_rep_enc_part */*val*/);
void
-krb5_free_authenticator __P((
- krb5_context context,
- krb5_authenticator *authenticator));
+krb5_free_authenticator (
+ krb5_context /*context*/,
+ krb5_authenticator */*authenticator*/);
void
-krb5_free_context __P((krb5_context context));
+krb5_free_config_files (char **/*filenames*/);
+
+void
+krb5_free_context (krb5_context /*context*/);
krb5_error_code
-krb5_free_cred_contents __P((
- krb5_context context,
- krb5_creds *c));
+krb5_free_cred_contents (
+ krb5_context /*context*/,
+ krb5_creds */*c*/);
krb5_error_code
-krb5_free_creds __P((
- krb5_context context,
- krb5_creds *c));
+krb5_free_creds (
+ krb5_context /*context*/,
+ krb5_creds */*c*/);
krb5_error_code
-krb5_free_creds_contents __P((
- krb5_context context,
- krb5_creds *c));
+krb5_free_creds_contents (
+ krb5_context /*context*/,
+ krb5_creds */*c*/);
+
+void
+krb5_free_data (
+ krb5_context /*context*/,
+ krb5_data */*p*/);
void
-krb5_free_data __P((
- krb5_context context,
- krb5_data *p));
+krb5_free_data_contents (
+ krb5_context /*context*/,
+ krb5_data */*data*/);
void
-krb5_free_error __P((
- krb5_context context,
- krb5_error *error));
+krb5_free_error (
+ krb5_context /*context*/,
+ krb5_error */*error*/);
void
-krb5_free_error_contents __P((
- krb5_context context,
- krb5_error *error));
+krb5_free_error_contents (
+ krb5_context /*context*/,
+ krb5_error */*error*/);
+
+void
+krb5_free_error_string (
+ krb5_context /*context*/,
+ char */*str*/);
krb5_error_code
-krb5_free_host_realm __P((
- krb5_context context,
- krb5_realm *realmlist));
+krb5_free_host_realm (
+ krb5_context /*context*/,
+ krb5_realm */*realmlist*/);
krb5_error_code
-krb5_free_kdc_rep __P((
- krb5_context context,
- krb5_kdc_rep *rep));
+krb5_free_kdc_rep (
+ krb5_context /*context*/,
+ krb5_kdc_rep */*rep*/);
void
-krb5_free_keyblock __P((
- krb5_context context,
- krb5_keyblock *keyblock));
+krb5_free_keyblock (
+ krb5_context /*context*/,
+ krb5_keyblock */*keyblock*/);
void
-krb5_free_keyblock_contents __P((
- krb5_context context,
- krb5_keyblock *keyblock));
+krb5_free_keyblock_contents (
+ krb5_context /*context*/,
+ krb5_keyblock */*keyblock*/);
krb5_error_code
-krb5_free_krbhst __P((
- krb5_context context,
- char **hostlist));
+krb5_free_krbhst (
+ krb5_context /*context*/,
+ char **/*hostlist*/);
void
-krb5_free_principal __P((
- krb5_context context,
- krb5_principal p));
+krb5_free_principal (
+ krb5_context /*context*/,
+ krb5_principal /*p*/);
krb5_error_code
-krb5_free_salt __P((
- krb5_context context,
- krb5_salt salt));
+krb5_free_salt (
+ krb5_context /*context*/,
+ krb5_salt /*salt*/);
krb5_error_code
-krb5_free_ticket __P((
- krb5_context context,
- krb5_ticket *ticket));
+krb5_free_ticket (
+ krb5_context /*context*/,
+ krb5_ticket */*ticket*/);
krb5_error_code
-krb5_fwd_tgt_creds __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const char *hostname,
- krb5_principal client,
- krb5_principal server,
- krb5_ccache ccache,
- int forwardable,
- krb5_data *out_data));
+krb5_fwd_tgt_creds (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const char */*hostname*/,
+ krb5_principal /*client*/,
+ krb5_principal /*server*/,
+ krb5_ccache /*ccache*/,
+ int /*forwardable*/,
+ krb5_data */*out_data*/);
void
-krb5_generate_random_block __P((
- void *buf,
- size_t len));
+krb5_generate_random_block (
+ void */*buf*/,
+ size_t /*len*/);
krb5_error_code
-krb5_generate_random_keyblock __P((
- krb5_context context,
- krb5_enctype type,
- krb5_keyblock *key));
+krb5_generate_random_keyblock (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_generate_seq_number __P((
- krb5_context context,
- const krb5_keyblock *key,
- u_int32_t *seqno));
+krb5_generate_seq_number (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ u_int32_t */*seqno*/);
krb5_error_code
-krb5_generate_subkey __P((
- krb5_context context,
- const krb5_keyblock *key,
- krb5_keyblock **subkey));
+krb5_generate_subkey (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_keyblock **/*subkey*/);
krb5_error_code
-krb5_get_all_client_addrs __P((
- krb5_context context,
- krb5_addresses *res));
+krb5_get_all_client_addrs (
+ krb5_context /*context*/,
+ krb5_addresses */*res*/);
krb5_error_code
-krb5_get_all_server_addrs __P((
- krb5_context context,
- krb5_addresses *res));
+krb5_get_all_server_addrs (
+ krb5_context /*context*/,
+ krb5_addresses */*res*/);
krb5_error_code
-krb5_get_cred_from_kdc __P((
- krb5_context context,
- krb5_ccache ccache,
- krb5_creds *in_creds,
- krb5_creds **out_creds,
- krb5_creds ***ret_tgts));
+krb5_get_cred_from_kdc (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/,
+ krb5_creds ***/*ret_tgts*/);
krb5_error_code
-krb5_get_credentials __P((
- krb5_context context,
- krb5_flags options,
- krb5_ccache ccache,
- krb5_creds *in_creds,
- krb5_creds **out_creds));
+krb5_get_cred_from_kdc_opt (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/,
+ krb5_creds ***/*ret_tgts*/,
+ krb5_flags /*flags*/);
krb5_error_code
-krb5_get_credentials_with_flags __P((
- krb5_context context,
- krb5_flags options,
- krb5_kdc_flags flags,
- krb5_ccache ccache,
- krb5_creds *in_creds,
- krb5_creds **out_creds));
+krb5_get_credentials (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/);
krb5_error_code
-krb5_get_default_in_tkt_etypes __P((
- krb5_context context,
- krb5_enctype **etypes));
+krb5_get_credentials_with_flags (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_kdc_flags /*flags*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/);
krb5_error_code
-krb5_get_default_principal __P((
- krb5_context context,
- krb5_principal *princ));
+krb5_get_default_config_files (char ***/*pfilenames*/);
krb5_error_code
-krb5_get_default_realm __P((
- krb5_context context,
- krb5_realm *realm));
+krb5_get_default_in_tkt_etypes (
+ krb5_context /*context*/,
+ krb5_enctype **/*etypes*/);
krb5_error_code
-krb5_get_default_realms __P((
- krb5_context context,
- krb5_realm **realms));
+krb5_get_default_principal (
+ krb5_context /*context*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code
+krb5_get_default_realm (
+ krb5_context /*context*/,
+ krb5_realm */*realm*/);
+
+krb5_error_code
+krb5_get_default_realms (
+ krb5_context /*context*/,
+ krb5_realm **/*realms*/);
const char *
-krb5_get_err_text __P((
- krb5_context context,
- krb5_error_code code));
-
-krb5_error_code
-krb5_get_extra_addresses __P((
- krb5_context context,
- krb5_addresses *addresses));
-
-krb5_error_code
-krb5_get_fcache_version __P((
- krb5_context context,
- int *version));
-
-krb5_error_code
-krb5_get_forwarded_creds __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_ccache ccache,
- krb5_flags flags,
- const char *hostname,
- krb5_creds *in_creds,
- krb5_data *out_data));
-
-krb5_error_code
-krb5_get_host_realm __P((
- krb5_context context,
- const char *host,
- krb5_realm **realms));
-
-krb5_error_code
-krb5_get_host_realm_int __P((
- krb5_context context,
- const char *host,
- krb5_realm **realms));
-
-krb5_error_code
-krb5_get_in_cred __P((
- krb5_context context,
- krb5_flags options,
- const krb5_addresses *addrs,
- const krb5_enctype *etypes,
- const krb5_preauthtype *ptypes,
- const krb5_preauthdata *preauth,
- krb5_key_proc key_proc,
- krb5_const_pointer keyseed,
- krb5_decrypt_proc decrypt_proc,
- krb5_const_pointer decryptarg,
- krb5_creds *creds,
- krb5_kdc_rep *ret_as_reply));
-
-krb5_error_code
-krb5_get_in_tkt __P((
- krb5_context context,
- krb5_flags options,
- const krb5_addresses *addrs,
- const krb5_enctype *etypes,
- const krb5_preauthtype *ptypes,
- krb5_key_proc key_proc,
- krb5_const_pointer keyseed,
- krb5_decrypt_proc decrypt_proc,
- krb5_const_pointer decryptarg,
- krb5_creds *creds,
- krb5_ccache ccache,
- krb5_kdc_rep *ret_as_reply));
-
-krb5_error_code
-krb5_get_in_tkt_with_keytab __P((
- krb5_context context,
- krb5_flags options,
- krb5_addresses *addrs,
- const krb5_enctype *etypes,
- const krb5_preauthtype *pre_auth_types,
- krb5_keytab keytab,
- krb5_ccache ccache,
- krb5_creds *creds,
- krb5_kdc_rep *ret_as_reply));
-
-krb5_error_code
-krb5_get_in_tkt_with_password __P((
- krb5_context context,
- krb5_flags options,
- krb5_addresses *addrs,
- const krb5_enctype *etypes,
- const krb5_preauthtype *pre_auth_types,
- const char *password,
- krb5_ccache ccache,
- krb5_creds *creds,
- krb5_kdc_rep *ret_as_reply));
-
-krb5_error_code
-krb5_get_in_tkt_with_skey __P((
- krb5_context context,
- krb5_flags options,
- krb5_addresses *addrs,
- const krb5_enctype *etypes,
- const krb5_preauthtype *pre_auth_types,
- const krb5_keyblock *key,
- krb5_ccache ccache,
- krb5_creds *creds,
- krb5_kdc_rep *ret_as_reply));
-
-krb5_error_code
-krb5_get_init_creds_keytab __P((
- krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_keytab keytab,
- krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options));
+krb5_get_err_text (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/);
+
+char*
+krb5_get_error_string (krb5_context /*context*/);
+
+krb5_error_code
+krb5_get_extra_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code
+krb5_get_fcache_version (
+ krb5_context /*context*/,
+ int */*version*/);
+
+krb5_error_code
+krb5_get_forwarded_creds (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_ccache /*ccache*/,
+ krb5_flags /*flags*/,
+ const char */*hostname*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*out_data*/);
+
+krb5_error_code
+krb5_get_host_realm (
+ krb5_context /*context*/,
+ const char */*host*/,
+ krb5_realm **/*realms*/);
+
+krb5_error_code
+krb5_get_host_realm_int (
+ krb5_context /*context*/,
+ const char */*host*/,
+ krb5_boolean /*use_dns*/,
+ krb5_realm **/*realms*/);
+
+krb5_error_code
+krb5_get_ignore_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code
+krb5_get_in_cred (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ const krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*ptypes*/,
+ const krb5_preauthdata */*preauth*/,
+ krb5_key_proc /*key_proc*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_decrypt_proc /*decrypt_proc*/,
+ krb5_const_pointer /*decryptarg*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code
+krb5_get_in_tkt (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ const krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*ptypes*/,
+ krb5_key_proc /*key_proc*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_decrypt_proc /*decrypt_proc*/,
+ krb5_const_pointer /*decryptarg*/,
+ krb5_creds */*creds*/,
+ krb5_ccache /*ccache*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code
+krb5_get_in_tkt_with_keytab (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ krb5_keytab /*keytab*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code
+krb5_get_in_tkt_with_password (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ const char */*password*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code
+krb5_get_in_tkt_with_skey (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ const krb5_keyblock */*key*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code
+krb5_get_init_creds_keytab (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ krb5_keytab /*keytab*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*options*/);
void
-krb5_get_init_creds_opt_init __P((krb5_get_init_creds_opt *opt));
+krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/);
void
-krb5_get_init_creds_opt_set_address_list __P((
- krb5_get_init_creds_opt *opt,
- krb5_addresses *addresses));
+krb5_get_init_creds_opt_set_address_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_addresses */*addresses*/);
void
-krb5_get_init_creds_opt_set_anonymous __P((
- krb5_get_init_creds_opt *opt,
- int anonymous));
+krb5_get_init_creds_opt_set_anonymous (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*anonymous*/);
void
-krb5_get_init_creds_opt_set_default_flags __P((
- krb5_context context,
- const char *appname,
- krb5_realm realm,
- krb5_get_init_creds_opt *opt));
+krb5_get_init_creds_opt_set_default_flags (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ krb5_get_init_creds_opt */*opt*/);
void
-krb5_get_init_creds_opt_set_etype_list __P((
- krb5_get_init_creds_opt *opt,
- krb5_enctype *etype_list,
- int etype_list_length));
+krb5_get_init_creds_opt_set_etype_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_enctype */*etype_list*/,
+ int /*etype_list_length*/);
void
-krb5_get_init_creds_opt_set_forwardable __P((
- krb5_get_init_creds_opt *opt,
- int forwardable));
+krb5_get_init_creds_opt_set_forwardable (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*forwardable*/);
void
-krb5_get_init_creds_opt_set_preauth_list __P((
- krb5_get_init_creds_opt *opt,
- krb5_preauthtype *preauth_list,
- int preauth_list_length));
+krb5_get_init_creds_opt_set_preauth_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_preauthtype */*preauth_list*/,
+ int /*preauth_list_length*/);
void
-krb5_get_init_creds_opt_set_proxiable __P((
- krb5_get_init_creds_opt *opt,
- int proxiable));
+krb5_get_init_creds_opt_set_proxiable (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*proxiable*/);
void
-krb5_get_init_creds_opt_set_renew_life __P((
- krb5_get_init_creds_opt *opt,
- krb5_deltat renew_life));
+krb5_get_init_creds_opt_set_renew_life (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_deltat /*renew_life*/);
void
-krb5_get_init_creds_opt_set_salt __P((
- krb5_get_init_creds_opt *opt,
- krb5_data *salt));
+krb5_get_init_creds_opt_set_salt (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_data */*salt*/);
void
-krb5_get_init_creds_opt_set_tkt_life __P((
- krb5_get_init_creds_opt *opt,
- krb5_deltat tkt_life));
+krb5_get_init_creds_opt_set_tkt_life (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_deltat /*tkt_life*/);
krb5_error_code
-krb5_get_init_creds_password __P((
- krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- const char *password,
- krb5_prompter_fct prompter,
- void *data,
- krb5_deltat start_time,
- const char *in_tkt_service,
- krb5_get_init_creds_opt *options));
+krb5_get_init_creds_password (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ const char */*password*/,
+ krb5_prompter_fct /*prompter*/,
+ void */*data*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*options*/);
krb5_error_code
-krb5_get_kdc_cred __P((
- krb5_context context,
- krb5_ccache id,
- krb5_kdc_flags flags,
- krb5_addresses *addresses,
- Ticket *second_ticket,
- krb5_creds *in_creds,
- krb5_creds **out_creds ));
+krb5_get_kdc_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_kdc_flags /*flags*/,
+ krb5_addresses */*addresses*/,
+ Ticket */*second_ticket*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **out_creds );
krb5_error_code
-krb5_get_krb_admin_hst __P((
- krb5_context context,
- const krb5_realm *realm,
- char ***hostlist));
+krb5_get_krb524hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
krb5_error_code
-krb5_get_krb_changepw_hst __P((
- krb5_context context,
- const krb5_realm *realm,
- char ***hostlist));
+krb5_get_krb_admin_hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
krb5_error_code
-krb5_get_krbhst __P((
- krb5_context context,
- const krb5_realm *realm,
- char ***hostlist));
+krb5_get_krb_changepw_hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
krb5_error_code
-krb5_get_pw_salt __P((
- krb5_context context,
- krb5_const_principal principal,
- krb5_salt *salt));
+krb5_get_krbhst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
krb5_error_code
-krb5_get_server_rcache __P((
- krb5_context context,
- const krb5_data *piece,
- krb5_rcache *id));
+krb5_get_pw_salt (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ krb5_salt */*salt*/);
+
+krb5_error_code
+krb5_get_server_rcache (
+ krb5_context /*context*/,
+ const krb5_data */*piece*/,
+ krb5_rcache */*id*/);
krb5_boolean
-krb5_get_use_admin_kdc __P((krb5_context context));
+krb5_get_use_admin_kdc (krb5_context /*context*/);
size_t
-krb5_get_wrapped_length __P((
- krb5_context context,
- krb5_crypto crypto,
- size_t data_len));
+krb5_get_wrapped_length (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t /*data_len*/);
int
-krb5_getportbyname __P((
- krb5_context context,
- const char *service,
- const char *proto,
- int default_port));
+krb5_getportbyname (
+ krb5_context /*context*/,
+ const char */*service*/,
+ const char */*proto*/,
+ int /*default_port*/);
krb5_error_code
-krb5_h_addr2addr __P((
- int af,
- const char *haddr,
- krb5_address *addr));
+krb5_h_addr2addr (
+ krb5_context /*context*/,
+ int /*af*/,
+ const char */*haddr*/,
+ krb5_address */*addr*/);
krb5_error_code
-krb5_h_addr2sockaddr __P((
- int af,
- const char *addr,
- struct sockaddr *sa,
- int *sa_size,
- int port));
+krb5_h_addr2sockaddr (
+ krb5_context /*context*/,
+ int /*af*/,
+ const char */*addr*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
krb5_error_code
-krb5_init_context __P((krb5_context *context));
+krb5_h_errno_to_heim_errno (int /*eai_errno*/);
+
+krb5_boolean
+krb5_have_error_string (krb5_context /*context*/);
+
+krb5_error_code
+krb5_init_context (krb5_context */*context*/);
void
-krb5_init_ets __P((krb5_context context));
+krb5_init_ets (krb5_context /*context*/);
+
+krb5_error_code
+krb5_init_etype (
+ krb5_context /*context*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/,
+ const krb5_enctype */*etypes*/);
+
+krb5_error_code
+krb5_initlog (
+ krb5_context /*context*/,
+ const char */*program*/,
+ krb5_log_facility **/*fac*/);
+
+krb5_error_code
+krb5_keyblock_key_proc (
+ krb5_context /*context*/,
+ krb5_keytype /*type*/,
+ krb5_data */*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
krb5_error_code
-krb5_init_etype __P((
- krb5_context context,
- unsigned *len,
- int **val,
- const krb5_enctype *etypes));
+krb5_keytab_key_proc (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_salt /*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
krb5_error_code
-krb5_initlog __P((
- krb5_context context,
- const char *program,
- krb5_log_facility **fac));
+krb5_keytype_to_enctypes (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/);
krb5_error_code
-krb5_keyblock_key_proc __P((
- krb5_context context,
- krb5_keytype type,
- krb5_data *salt,
- krb5_const_pointer keyseed,
- krb5_keyblock **key));
+krb5_keytype_to_enctypes_default (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/);
krb5_error_code
-krb5_keytab_key_proc __P((
- krb5_context context,
- krb5_enctype enctype,
- krb5_salt salt,
- krb5_const_pointer keyseed,
- krb5_keyblock **key));
+krb5_keytype_to_string (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ char **/*string*/);
krb5_error_code
-krb5_keytype_to_enctypes __P((
- krb5_context context,
- krb5_keytype keytype,
- unsigned *len,
- int **val));
+krb5_krbhst_format_string (
+ krb5_context /*context*/,
+ const krb5_krbhst_info */*host*/,
+ char */*hostname*/,
+ size_t /*hostlen*/);
+
+void
+krb5_krbhst_free (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/);
krb5_error_code
-krb5_keytype_to_enctypes_default __P((
- krb5_context context,
- krb5_keytype keytype,
- unsigned *len,
- int **val));
+krb5_krbhst_get_addrinfo (
+ krb5_context /*context*/,
+ krb5_krbhst_info */*host*/,
+ struct addrinfo **/*ai*/);
krb5_error_code
-krb5_keytype_to_string __P((
- krb5_context context,
- krb5_keytype keytype,
- char **string));
+krb5_krbhst_init (
+ krb5_context /*context*/,
+ const char */*realm*/,
+ unsigned int /*type*/,
+ krb5_krbhst_handle */*handle*/);
krb5_error_code
-krb5_kt_add_entry __P((
- krb5_context context,
- krb5_keytab id,
- krb5_keytab_entry *entry));
+krb5_krbhst_next (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/,
+ krb5_krbhst_info **/*host*/);
krb5_error_code
-krb5_kt_close __P((
- krb5_context context,
- krb5_keytab id));
+krb5_krbhst_next_as_string (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/,
+ char */*hostname*/,
+ size_t /*hostlen*/);
+
+void
+krb5_krbhst_reset (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/);
+
+krb5_error_code
+krb5_kt_add_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/);
+
+krb5_error_code
+krb5_kt_close (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/);
krb5_boolean
-krb5_kt_compare __P((
- krb5_context context,
- krb5_keytab_entry *entry,
- krb5_const_principal principal,
- krb5_kvno vno,
- krb5_enctype enctype));
+krb5_kt_compare (
+ krb5_context /*context*/,
+ krb5_keytab_entry */*entry*/,
+ krb5_const_principal /*principal*/,
+ krb5_kvno /*vno*/,
+ krb5_enctype /*enctype*/);
+
+krb5_error_code
+krb5_kt_copy_entry_contents (
+ krb5_context /*context*/,
+ const krb5_keytab_entry */*in*/,
+ krb5_keytab_entry */*out*/);
krb5_error_code
-krb5_kt_copy_entry_contents __P((
- krb5_context context,
- const krb5_keytab_entry *in,
- krb5_keytab_entry *out));
+krb5_kt_default (
+ krb5_context /*context*/,
+ krb5_keytab */*id*/);
krb5_error_code
-krb5_kt_default __P((
- krb5_context context,
- krb5_keytab *id));
+krb5_kt_default_modify_name (
+ krb5_context /*context*/,
+ char */*name*/,
+ size_t /*namesize*/);
krb5_error_code
-krb5_kt_default_name __P((
- krb5_context context,
- char *name,
- size_t namesize));
+krb5_kt_default_name (
+ krb5_context /*context*/,
+ char */*name*/,
+ size_t /*namesize*/);
krb5_error_code
-krb5_kt_end_seq_get __P((
- krb5_context context,
- krb5_keytab id,
- krb5_kt_cursor *cursor));
+krb5_kt_end_seq_get (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_kt_cursor */*cursor*/);
krb5_error_code
-krb5_kt_free_entry __P((
- krb5_context context,
- krb5_keytab_entry *entry));
+krb5_kt_free_entry (
+ krb5_context /*context*/,
+ krb5_keytab_entry */*entry*/);
krb5_error_code
-krb5_kt_get_entry __P((
- krb5_context context,
- krb5_keytab id,
- krb5_const_principal principal,
- krb5_kvno kvno,
- krb5_enctype enctype,
- krb5_keytab_entry *entry));
+krb5_kt_get_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_const_principal /*principal*/,
+ krb5_kvno /*kvno*/,
+ krb5_enctype /*enctype*/,
+ krb5_keytab_entry */*entry*/);
krb5_error_code
-krb5_kt_get_name __P((
- krb5_context context,
- krb5_keytab keytab,
- char *name,
- size_t namesize));
+krb5_kt_get_name (
+ krb5_context /*context*/,
+ krb5_keytab /*keytab*/,
+ char */*name*/,
+ size_t /*namesize*/);
krb5_error_code
-krb5_kt_next_entry __P((
- krb5_context context,
- krb5_keytab id,
- krb5_keytab_entry *entry,
- krb5_kt_cursor *cursor));
+krb5_kt_get_type (
+ krb5_context /*context*/,
+ krb5_keytab /*keytab*/,
+ char */*prefix*/,
+ size_t /*prefixsize*/);
krb5_error_code
-krb5_kt_read_service_key __P((
- krb5_context context,
- krb5_pointer keyprocarg,
- krb5_principal principal,
- krb5_kvno vno,
- krb5_enctype enctype,
- krb5_keyblock **key));
+krb5_kt_next_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/,
+ krb5_kt_cursor */*cursor*/);
krb5_error_code
-krb5_kt_register __P((
- krb5_context context,
- const krb5_kt_ops *ops));
+krb5_kt_read_service_key (
+ krb5_context /*context*/,
+ krb5_pointer /*keyprocarg*/,
+ krb5_principal /*principal*/,
+ krb5_kvno /*vno*/,
+ krb5_enctype /*enctype*/,
+ krb5_keyblock **/*key*/);
krb5_error_code
-krb5_kt_remove_entry __P((
- krb5_context context,
- krb5_keytab id,
- krb5_keytab_entry *entry));
+krb5_kt_register (
+ krb5_context /*context*/,
+ const krb5_kt_ops */*ops*/);
krb5_error_code
-krb5_kt_resolve __P((
- krb5_context context,
- const char *name,
- krb5_keytab *id));
+krb5_kt_remove_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/);
krb5_error_code
-krb5_kt_start_seq_get __P((
- krb5_context context,
- krb5_keytab id,
- krb5_kt_cursor *cursor));
+krb5_kt_resolve (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_keytab */*id*/);
+
+krb5_error_code
+krb5_kt_start_seq_get (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_kt_cursor */*cursor*/);
krb5_boolean
-krb5_kuserok __P((
- krb5_context context,
- krb5_principal principal,
- const char *luser));
-
-krb5_error_code
-krb5_log __P((
- krb5_context context,
- krb5_log_facility *fac,
- int level,
- const char *fmt,
- ...))
+krb5_kuserok (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ const char */*luser*/);
+
+krb5_error_code
+krb5_log (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ const char */*fmt*/,
+ ...)
__attribute__((format (printf, 4, 5)));
krb5_error_code
-krb5_log_msg __P((
- krb5_context context,
- krb5_log_facility *fac,
- int level,
- char **reply,
- const char *fmt,
- ...))
+krb5_log_msg (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ char **/*reply*/,
+ const char */*fmt*/,
+ ...)
__attribute__((format (printf, 5, 6)));
krb5_error_code
-krb5_make_addrport __P((
- krb5_address **res,
- const krb5_address *addr,
- int16_t port));
+krb5_make_addrport (
+ krb5_context /*context*/,
+ krb5_address **/*res*/,
+ const krb5_address */*addr*/,
+ int16_t /*port*/);
krb5_error_code
-krb5_make_principal __P((
- krb5_context context,
- krb5_principal *principal,
- krb5_const_realm realm,
- ...));
+krb5_make_principal (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ krb5_const_realm /*realm*/,
+ ...);
size_t
-krb5_max_sockaddr_size __P((void));
-
-krb5_error_code
-krb5_mk_error __P((
- krb5_context context,
- krb5_error_code error_code,
- const char *e_text,
- const krb5_data *e_data,
- const krb5_principal client,
- const krb5_principal server,
- time_t ctime,
- krb5_data *reply));
-
-krb5_error_code
-krb5_mk_priv __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *userdata,
- krb5_data *outbuf,
- void *outdata));
-
-krb5_error_code
-krb5_mk_rep __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_data *outbuf));
-
-krb5_error_code
-krb5_mk_req __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- const char *service,
- const char *hostname,
- krb5_data *in_data,
- krb5_ccache ccache,
- krb5_data *outbuf));
-
-krb5_error_code
-krb5_mk_req_exact __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- const krb5_principal server,
- krb5_data *in_data,
- krb5_ccache ccache,
- krb5_data *outbuf));
-
-krb5_error_code
-krb5_mk_req_extended __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- krb5_data *in_data,
- krb5_creds *in_creds,
- krb5_data *outbuf));
-
-krb5_error_code
-krb5_mk_req_internal __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- krb5_data *in_data,
- krb5_creds *in_creds,
- krb5_data *outbuf,
- krb5_key_usage checksum_usage,
- krb5_key_usage encrypt_usage));
-
-krb5_error_code
-krb5_mk_safe __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *userdata,
- krb5_data *outbuf,
- void *outdata));
-
-ssize_t
-krb5_net_read __P((
- krb5_context context,
- void *p_fd,
- void *buf,
- size_t len));
-
-ssize_t
-krb5_net_write __P((
- krb5_context context,
- void *p_fd,
- const void *buf,
- size_t len));
-
-krb5_error_code
-krb5_openlog __P((
- krb5_context context,
- const char *program,
- krb5_log_facility **fac));
-
-krb5_error_code
-krb5_parse_address __P((
- krb5_context context,
- const char *string,
- krb5_addresses *addresses));
-
-krb5_error_code
-krb5_parse_name __P((
- krb5_context context,
- const char *name,
- krb5_principal *principal));
-
-krb5_error_code
-krb5_password_key_proc __P((
- krb5_context context,
- krb5_enctype type,
- krb5_salt salt,
- krb5_const_pointer keyseed,
- krb5_keyblock **key));
+krb5_max_sockaddr_size (void);
+
+krb5_error_code
+krb5_mk_error (
+ krb5_context /*context*/,
+ krb5_error_code /*error_code*/,
+ const char */*e_text*/,
+ const krb5_data */*e_data*/,
+ const krb5_principal /*client*/,
+ const krb5_principal /*server*/,
+ time_t */*client_time*/,
+ int */*client_usec*/,
+ krb5_data */*reply*/);
+
+krb5_error_code
+krb5_mk_priv (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*userdata*/,
+ krb5_data */*outbuf*/,
+ void */*outdata*/);
+
+krb5_error_code
+krb5_mk_rep (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code
+krb5_mk_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ const char */*service*/,
+ const char */*hostname*/,
+ krb5_data */*in_data*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code
+krb5_mk_req_exact (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ const krb5_principal /*server*/,
+ krb5_data */*in_data*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code
+krb5_mk_req_extended (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code
+krb5_mk_req_internal (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*outbuf*/,
+ krb5_key_usage /*checksum_usage*/,
+ krb5_key_usage /*encrypt_usage*/);
+
+krb5_error_code
+krb5_mk_safe (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*userdata*/,
+ krb5_data */*outbuf*/,
+ void */*outdata*/);
+
+krb5_ssize_t
+krb5_net_read (
+ krb5_context /*context*/,
+ void */*p_fd*/,
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_ssize_t
+krb5_net_write (
+ krb5_context /*context*/,
+ void */*p_fd*/,
+ const void */*buf*/,
+ size_t /*len*/);
+
+krb5_error_code
+krb5_openlog (
+ krb5_context /*context*/,
+ const char */*program*/,
+ krb5_log_facility **/*fac*/);
+
+krb5_error_code
+krb5_parse_address (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code
+krb5_parse_name (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_principal */*principal*/);
+
+const char *
+krb5_passwd_result_to_string (
+ krb5_context /*context*/,
+ int /*result*/);
+
+krb5_error_code
+krb5_password_key_proc (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_salt /*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
krb5_realm*
-krb5_princ_realm __P((
- krb5_context context,
- krb5_principal principal));
+krb5_princ_realm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/);
void
-krb5_princ_set_realm __P((
- krb5_context context,
- krb5_principal principal,
- krb5_realm *realm));
+krb5_princ_set_realm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_realm */*realm*/);
krb5_error_code
-krb5_principal2principalname __P((
- PrincipalName *p,
- const krb5_principal from));
+krb5_principal2principalname (
+ PrincipalName */*p*/,
+ const krb5_principal /*from*/);
krb5_boolean
-krb5_principal_compare __P((
- krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2));
+krb5_principal_compare (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
krb5_boolean
-krb5_principal_compare_any_realm __P((
- krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2));
+krb5_principal_compare_any_realm (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
+
+const char *
+krb5_principal_get_comp_string (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ unsigned int /*component*/);
+
+const char *
+krb5_principal_get_realm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/);
+
+int
+krb5_principal_get_type (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/);
krb5_boolean
-krb5_principal_match __P((
- krb5_context context,
- krb5_const_principal princ,
- krb5_const_principal pattern));
+krb5_principal_match (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ*/,
+ krb5_const_principal /*pattern*/);
krb5_error_code
-krb5_print_address __P((
- const krb5_address *addr,
- char *str,
- size_t len,
- size_t *ret_len));
+krb5_print_address (
+ const krb5_address */*addr*/,
+ char */*str*/,
+ size_t /*len*/,
+ size_t */*ret_len*/);
int
-krb5_program_setup __P((
- krb5_context *context,
- int argc,
- char **argv,
- struct getargs *args,
- int num_args,
- void (*usage)(int, struct getargs*, int)));
+krb5_program_setup (
+ krb5_context */*context*/,
+ int /*argc*/,
+ char **/*argv*/,
+ struct getargs */*args*/,
+ int /*num_args*/,
+ void (*/*usage*/)(int, struct getargs*, int));
int
-krb5_prompter_posix __P((
- krb5_context context,
- void *data,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[]));
+krb5_prompter_posix (
+ krb5_context /*context*/,
+ void */*data*/,
+ const char */*name*/,
+ const char */*banner*/,
+ int /*num_prompts*/,
+ krb5_prompt prompts[]);
krb5_error_code
-krb5_rc_close __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_close (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
krb5_error_code
-krb5_rc_default __P((
- krb5_context context,
- krb5_rcache *id));
+krb5_rc_default (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/);
const char *
-krb5_rc_default_name __P((krb5_context context));
+krb5_rc_default_name (krb5_context /*context*/);
const char *
-krb5_rc_default_type __P((krb5_context context));
+krb5_rc_default_type (krb5_context /*context*/);
krb5_error_code
-krb5_rc_destroy __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_destroy (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
krb5_error_code
-krb5_rc_expunge __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_expunge (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
krb5_error_code
-krb5_rc_get_lifespan __P((
- krb5_context context,
- krb5_rcache id,
- krb5_deltat *auth_lifespan));
+krb5_rc_get_lifespan (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_deltat */*auth_lifespan*/);
const char*
-krb5_rc_get_name __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_get_name (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
const char*
-krb5_rc_get_type __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_get_type (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
krb5_error_code
-krb5_rc_initialize __P((
- krb5_context context,
- krb5_rcache id,
- krb5_deltat auth_lifespan));
+krb5_rc_initialize (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_deltat /*auth_lifespan*/);
krb5_error_code
-krb5_rc_recover __P((
- krb5_context context,
- krb5_rcache id));
+krb5_rc_recover (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
krb5_error_code
-krb5_rc_resolve __P((
- krb5_context context,
- krb5_rcache id,
- const char *name));
+krb5_rc_resolve (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ const char */*name*/);
krb5_error_code
-krb5_rc_resolve_full __P((
- krb5_context context,
- krb5_rcache *id,
- const char *string_name));
+krb5_rc_resolve_full (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/,
+ const char */*string_name*/);
krb5_error_code
-krb5_rc_resolve_type __P((
- krb5_context context,
- krb5_rcache *id,
- const char *type));
+krb5_rc_resolve_type (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/,
+ const char */*type*/);
krb5_error_code
-krb5_rc_store __P((
- krb5_context context,
- krb5_rcache id,
- krb5_donot_replay *rep));
+krb5_rc_store (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_donot_replay */*rep*/);
krb5_error_code
-krb5_rd_cred __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_data *in_data,
- krb5_creds ***ret_creds,
- krb5_replay_data *out_data));
+krb5_rd_cred (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_data */*in_data*/,
+ krb5_creds ***/*ret_creds*/,
+ krb5_replay_data */*out_data*/);
krb5_error_code
-krb5_rd_cred2 __P((
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_ccache ccache,
- krb5_data *in_data));
+krb5_rd_cred2 (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*in_data*/);
krb5_error_code
-krb5_rd_error __P((
- krb5_context context,
- krb5_data *msg,
- KRB_ERROR *result));
+krb5_rd_error (
+ krb5_context /*context*/,
+ krb5_data */*msg*/,
+ KRB_ERROR */*result*/);
krb5_error_code
-krb5_rd_priv __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *inbuf,
- krb5_data *outbuf,
- void *outdata));
+krb5_rd_priv (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_data */*outbuf*/,
+ void */*outdata*/);
krb5_error_code
-krb5_rd_rep __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *inbuf,
- krb5_ap_rep_enc_part **repl));
+krb5_rd_rep (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_ap_rep_enc_part **/*repl*/);
krb5_error_code
-krb5_rd_req __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_data *inbuf,
- krb5_const_principal server,
- krb5_keytab keytab,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket));
+krb5_rd_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_const_principal /*server*/,
+ krb5_keytab /*keytab*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
krb5_error_code
-krb5_rd_req_with_keyblock __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_data *inbuf,
- krb5_const_principal server,
- krb5_keyblock *keyblock,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket));
+krb5_rd_req_with_keyblock (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
krb5_error_code
-krb5_rd_safe __P((
- krb5_context context,
- krb5_auth_context auth_context,
- const krb5_data *inbuf,
- krb5_data *outbuf,
- void *outdata));
+krb5_rd_safe (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_data */*outbuf*/,
+ void */*outdata*/);
krb5_error_code
-krb5_read_message __P((
- krb5_context context,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_read_message (
+ krb5_context /*context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_read_priv_message __P((
- krb5_context context,
- krb5_auth_context ac,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_read_priv_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_read_safe_message __P((
- krb5_context context,
- krb5_auth_context ac,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_read_safe_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_boolean
-krb5_realm_compare __P((
- krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2));
+krb5_realm_compare (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
+
+krb5_error_code
+krb5_recvauth (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ const char */*appl_version*/,
+ krb5_principal /*server*/,
+ int32_t /*flags*/,
+ krb5_keytab /*keytab*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code
+krb5_recvauth_match_version (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_boolean (*/*match_appl_version*/)(const void *, const char*),
+ const void */*match_data*/,
+ krb5_principal /*server*/,
+ int32_t /*flags*/,
+ krb5_keytab /*keytab*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code
+krb5_ret_address (
+ krb5_storage */*sp*/,
+ krb5_address */*adr*/);
krb5_error_code
-krb5_recvauth __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- krb5_pointer p_fd,
- char *appl_version,
- krb5_principal server,
- int32_t flags,
- krb5_keytab keytab,
- krb5_ticket **ticket));
+krb5_ret_addrs (
+ krb5_storage */*sp*/,
+ krb5_addresses */*adr*/);
krb5_error_code
-krb5_recvauth_match_version __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- krb5_pointer p_fd,
- krb5_boolean (*match_appl_version)(void *, const char*),
- void *match_data,
- krb5_principal server,
- int32_t flags,
- krb5_keytab keytab,
- krb5_ticket **ticket));
+krb5_ret_authdata (
+ krb5_storage */*sp*/,
+ krb5_authdata */*auth*/);
krb5_error_code
-krb5_ret_address __P((
- krb5_storage *sp,
- krb5_address *adr));
+krb5_ret_creds (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
krb5_error_code
-krb5_ret_addrs __P((
- krb5_storage *sp,
- krb5_addresses *adr));
+krb5_ret_data (
+ krb5_storage */*sp*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_ret_authdata __P((
- krb5_storage *sp,
- krb5_authdata *auth));
+krb5_ret_int16 (
+ krb5_storage */*sp*/,
+ int16_t */*value*/);
krb5_error_code
-krb5_ret_creds __P((
- krb5_storage *sp,
- krb5_creds *creds));
+krb5_ret_int32 (
+ krb5_storage */*sp*/,
+ int32_t */*value*/);
krb5_error_code
-krb5_ret_data __P((
- krb5_storage *sp,
- krb5_data *data));
+krb5_ret_int8 (
+ krb5_storage */*sp*/,
+ int8_t */*value*/);
krb5_error_code
-krb5_ret_int16 __P((
- krb5_storage *sp,
- int16_t *value));
+krb5_ret_keyblock (
+ krb5_storage */*sp*/,
+ krb5_keyblock */*p*/);
krb5_error_code
-krb5_ret_int32 __P((
- krb5_storage *sp,
- int32_t *value));
+krb5_ret_principal (
+ krb5_storage */*sp*/,
+ krb5_principal */*princ*/);
krb5_error_code
-krb5_ret_int8 __P((
- krb5_storage *sp,
- int8_t *value));
+krb5_ret_string (
+ krb5_storage */*sp*/,
+ char **/*string*/);
krb5_error_code
-krb5_ret_keyblock __P((
- krb5_storage *sp,
- krb5_keyblock *p));
+krb5_ret_stringz (
+ krb5_storage */*sp*/,
+ char **/*string*/);
krb5_error_code
-krb5_ret_principal __P((
- krb5_storage *sp,
- krb5_principal *princ));
+krb5_ret_times (
+ krb5_storage */*sp*/,
+ krb5_times */*times*/);
krb5_error_code
-krb5_ret_string __P((
- krb5_storage *sp,
- char **string));
+krb5_salttype_to_string (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ krb5_salttype /*stype*/,
+ char **/*string*/);
krb5_error_code
-krb5_ret_stringz __P((
- krb5_storage *sp,
- char **string));
+krb5_sendauth (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ const char */*appl_version*/,
+ krb5_principal /*client*/,
+ krb5_principal /*server*/,
+ krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_ccache /*ccache*/,
+ krb5_error **/*ret_error*/,
+ krb5_ap_rep_enc_part **/*rep_result*/,
+ krb5_creds **/*out_creds*/);
krb5_error_code
-krb5_ret_times __P((
- krb5_storage *sp,
- krb5_times *times));
+krb5_sendto (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ krb5_krbhst_handle /*handle*/,
+ krb5_data */*receive*/);
krb5_error_code
-krb5_salttype_to_string __P((
- krb5_context context,
- krb5_enctype etype,
- krb5_salttype stype,
- char **string));
+krb5_sendto_kdc (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ const krb5_realm */*realm*/,
+ krb5_data */*receive*/);
krb5_error_code
-krb5_sendauth __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- krb5_pointer p_fd,
- const char *appl_version,
- krb5_principal client,
- krb5_principal server,
- krb5_flags ap_req_options,
- krb5_data *in_data,
- krb5_creds *in_creds,
- krb5_ccache ccache,
- krb5_error **ret_error,
- krb5_ap_rep_enc_part **rep_result,
- krb5_creds **out_creds));
+krb5_sendto_kdc2 (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ const krb5_realm */*realm*/,
+ krb5_data */*receive*/,
+ krb5_boolean /*master*/);
krb5_error_code
-krb5_sendto __P((
- krb5_context context,
- const krb5_data *send,
- char **hostlist,
- int port,
- krb5_data *receive));
+krb5_set_config_files (
+ krb5_context /*context*/,
+ char **/*filenames*/);
krb5_error_code
-krb5_sendto_kdc __P((
- krb5_context context,
- const krb5_data *send,
- const krb5_realm *realm,
- krb5_data *receive));
+krb5_set_default_in_tkt_etypes (
+ krb5_context /*context*/,
+ const krb5_enctype */*etypes*/);
krb5_error_code
-krb5_sendto_kdc2 __P((
- krb5_context context,
- const krb5_data *send,
- const krb5_realm *realm,
- krb5_data *receive,
- krb5_boolean master));
+krb5_set_default_realm (
+ krb5_context /*context*/,
+ const char */*realm*/);
krb5_error_code
-krb5_set_default_in_tkt_etypes __P((
- krb5_context context,
- const krb5_enctype *etypes));
+krb5_set_error_string (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__((format (printf, 2, 3)));
krb5_error_code
-krb5_set_default_realm __P((
- krb5_context context,
- char *realm));
+krb5_set_extra_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*addresses*/);
krb5_error_code
-krb5_set_extra_addresses __P((
- krb5_context context,
- const krb5_addresses *addresses));
+krb5_set_fcache_version (
+ krb5_context /*context*/,
+ int /*version*/);
krb5_error_code
-krb5_set_fcache_version __P((
- krb5_context context,
- int version));
+krb5_set_ignore_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*addresses*/);
void
-krb5_set_use_admin_kdc __P((
- krb5_context context,
- krb5_boolean flag));
+krb5_set_use_admin_kdc (
+ krb5_context /*context*/,
+ krb5_boolean /*flag*/);
krb5_error_code
-krb5_set_warn_dest __P((
- krb5_context context,
- krb5_log_facility *fac));
+krb5_set_warn_dest (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/);
krb5_error_code
-krb5_sname_to_principal __P((
- krb5_context context,
- const char *hostname,
- const char *sname,
- int32_t type,
- krb5_principal *ret_princ));
+krb5_sname_to_principal (
+ krb5_context /*context*/,
+ const char */*hostname*/,
+ const char */*sname*/,
+ int32_t /*type*/,
+ krb5_principal */*ret_princ*/);
krb5_error_code
-krb5_sock_to_principal __P((
- krb5_context context,
- int sock,
- const char *sname,
- int32_t type,
- krb5_principal *ret_princ));
+krb5_sock_to_principal (
+ krb5_context /*context*/,
+ int /*sock*/,
+ const char */*sname*/,
+ int32_t /*type*/,
+ krb5_principal */*ret_princ*/);
krb5_error_code
-krb5_sockaddr2address __P((
- const struct sockaddr *sa,
- krb5_address *addr));
+krb5_sockaddr2address (
+ krb5_context /*context*/,
+ const struct sockaddr */*sa*/,
+ krb5_address */*addr*/);
krb5_error_code
-krb5_sockaddr2port __P((
- const struct sockaddr *sa,
- int16_t *port));
+krb5_sockaddr2port (
+ krb5_context /*context*/,
+ const struct sockaddr */*sa*/,
+ int16_t */*port*/);
krb5_boolean
-krb5_sockaddr_uninteresting __P((const struct sockaddr *sa));
+krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/);
void
-krb5_std_usage __P((
- int code,
- struct getargs *args,
- int num_args));
+krb5_std_usage (
+ int /*code*/,
+ struct getargs */*args*/,
+ int /*num_args*/);
void
-krb5_storage_clear_flags __P((
- krb5_storage *sp,
- krb5_flags flags));
+krb5_storage_clear_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
krb5_storage *
-krb5_storage_emem __P((void));
+krb5_storage_emem (void);
krb5_error_code
-krb5_storage_free __P((krb5_storage *sp));
+krb5_storage_free (krb5_storage */*sp*/);
krb5_storage *
-krb5_storage_from_data __P((krb5_data *data));
+krb5_storage_from_data (krb5_data */*data*/);
krb5_storage *
-krb5_storage_from_fd __P((int fd));
+krb5_storage_from_fd (int /*fd*/);
krb5_storage *
-krb5_storage_from_mem __P((
- void *buf,
- size_t len));
+krb5_storage_from_mem (
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_flags
+krb5_storage_get_byteorder (
+ krb5_storage */*sp*/,
+ krb5_flags /*byteorder*/);
krb5_boolean
-krb5_storage_is_flags __P((
- krb5_storage *sp,
- krb5_flags flags));
+krb5_storage_is_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
+
+krb5_ssize_t
+krb5_storage_read (
+ krb5_storage */*sp*/,
+ void */*buf*/,
+ size_t /*len*/);
+
+off_t
+krb5_storage_seek (
+ krb5_storage */*sp*/,
+ off_t /*offset*/,
+ int /*whence*/);
+
+void
+krb5_storage_set_byteorder (
+ krb5_storage */*sp*/,
+ krb5_flags /*byteorder*/);
void
-krb5_storage_set_flags __P((
- krb5_storage *sp,
- krb5_flags flags));
+krb5_storage_set_eof_code (
+ krb5_storage */*sp*/,
+ int /*code*/);
+
+void
+krb5_storage_set_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
krb5_error_code
-krb5_storage_to_data __P((
- krb5_storage *sp,
- krb5_data *data));
+krb5_storage_to_data (
+ krb5_storage */*sp*/,
+ krb5_data */*data*/);
+
+krb5_ssize_t
+krb5_storage_write (
+ krb5_storage */*sp*/,
+ const void */*buf*/,
+ size_t /*len*/);
krb5_error_code
-krb5_store_address __P((
- krb5_storage *sp,
- krb5_address p));
+krb5_store_address (
+ krb5_storage */*sp*/,
+ krb5_address /*p*/);
krb5_error_code
-krb5_store_addrs __P((
- krb5_storage *sp,
- krb5_addresses p));
+krb5_store_addrs (
+ krb5_storage */*sp*/,
+ krb5_addresses /*p*/);
krb5_error_code
-krb5_store_authdata __P((
- krb5_storage *sp,
- krb5_authdata auth));
+krb5_store_authdata (
+ krb5_storage */*sp*/,
+ krb5_authdata /*auth*/);
krb5_error_code
-krb5_store_creds __P((
- krb5_storage *sp,
- krb5_creds *creds));
+krb5_store_creds (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
krb5_error_code
-krb5_store_data __P((
- krb5_storage *sp,
- krb5_data data));
+krb5_store_data (
+ krb5_storage */*sp*/,
+ krb5_data /*data*/);
krb5_error_code
-krb5_store_int16 __P((
- krb5_storage *sp,
- int16_t value));
+krb5_store_int16 (
+ krb5_storage */*sp*/,
+ int16_t /*value*/);
krb5_error_code
-krb5_store_int32 __P((
- krb5_storage *sp,
- int32_t value));
+krb5_store_int32 (
+ krb5_storage */*sp*/,
+ int32_t /*value*/);
krb5_error_code
-krb5_store_int8 __P((
- krb5_storage *sp,
- int8_t value));
+krb5_store_int8 (
+ krb5_storage */*sp*/,
+ int8_t /*value*/);
krb5_error_code
-krb5_store_keyblock __P((
- krb5_storage *sp,
- krb5_keyblock p));
+krb5_store_keyblock (
+ krb5_storage */*sp*/,
+ krb5_keyblock /*p*/);
krb5_error_code
-krb5_store_principal __P((
- krb5_storage *sp,
- krb5_principal p));
+krb5_store_principal (
+ krb5_storage */*sp*/,
+ krb5_principal /*p*/);
krb5_error_code
-krb5_store_string __P((
- krb5_storage *sp,
- const char *s));
+krb5_store_string (
+ krb5_storage */*sp*/,
+ const char */*s*/);
krb5_error_code
-krb5_store_stringz __P((
- krb5_storage *sp,
- const char *s));
+krb5_store_stringz (
+ krb5_storage */*sp*/,
+ const char */*s*/);
krb5_error_code
-krb5_store_times __P((
- krb5_storage *sp,
- krb5_times times));
+krb5_store_times (
+ krb5_storage */*sp*/,
+ krb5_times /*times*/);
krb5_error_code
-krb5_string_to_enctype __P((
- krb5_context context,
- const char *string,
- krb5_enctype *etype));
+krb5_string_to_deltat (
+ const char */*string*/,
+ krb5_deltat */*deltat*/);
krb5_error_code
-krb5_string_to_key __P((
- krb5_context context,
- krb5_enctype enctype,
- const char *password,
- krb5_principal principal,
- krb5_keyblock *key));
+krb5_string_to_enctype (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_enctype */*etype*/);
krb5_error_code
-krb5_string_to_key_data __P((
- krb5_context context,
- krb5_enctype enctype,
- krb5_data password,
- krb5_principal principal,
- krb5_keyblock *key));
+krb5_string_to_key (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ const char */*password*/,
+ krb5_principal /*principal*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_string_to_key_data_salt __P((
- krb5_context context,
- krb5_enctype enctype,
- krb5_data password,
- krb5_salt salt,
- krb5_keyblock *key));
+krb5_string_to_key_data (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_principal /*principal*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_string_to_key_derived __P((
- krb5_context context,
- const void *str,
- size_t len,
- krb5_enctype etype,
- krb5_keyblock *key));
+krb5_string_to_key_data_salt (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_salt /*salt*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_string_to_key_salt __P((
- krb5_context context,
- krb5_enctype enctype,
- const char *password,
- krb5_salt salt,
- krb5_keyblock *key));
+krb5_string_to_key_data_salt_opaque (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_salt /*salt*/,
+ krb5_data /*opaque*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_string_to_keytype __P((
- krb5_context context,
- const char *string,
- krb5_keytype *keytype));
+krb5_string_to_key_derived (
+ krb5_context /*context*/,
+ const void */*str*/,
+ size_t /*len*/,
+ krb5_enctype /*etype*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_string_to_salttype __P((
- krb5_context context,
- krb5_enctype etype,
- const char *string,
- krb5_salttype *salttype));
+krb5_string_to_key_salt (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ const char */*password*/,
+ krb5_salt /*salt*/,
+ krb5_keyblock */*key*/);
krb5_error_code
-krb5_timeofday __P((
- krb5_context context,
- krb5_timestamp *timeret));
+krb5_string_to_keytype (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_keytype */*keytype*/);
krb5_error_code
-krb5_unparse_name __P((
- krb5_context context,
- krb5_const_principal principal,
- char **name));
+krb5_string_to_salttype (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ const char */*string*/,
+ krb5_salttype */*salttype*/);
krb5_error_code
-krb5_unparse_name_fixed __P((
- krb5_context context,
- krb5_const_principal principal,
- char *name,
- size_t len));
+krb5_timeofday (
+ krb5_context /*context*/,
+ krb5_timestamp */*timeret*/);
krb5_error_code
-krb5_unparse_name_fixed_short __P((
- krb5_context context,
- krb5_const_principal principal,
- char *name,
- size_t len));
+krb5_unparse_name (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char **/*name*/);
krb5_error_code
-krb5_unparse_name_short __P((
- krb5_context context,
- krb5_const_principal principal,
- char **name));
+krb5_unparse_name_fixed (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char */*name*/,
+ size_t /*len*/);
krb5_error_code
-krb5_us_timeofday __P((
- krb5_context context,
- int32_t *sec,
- int32_t *usec));
+krb5_unparse_name_fixed_short (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char */*name*/,
+ size_t /*len*/);
krb5_error_code
-krb5_vabort __P((
- krb5_context context,
- krb5_error_code code,
- const char *fmt,
- va_list ap))
+krb5_unparse_name_short (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char **/*name*/);
+
+krb5_error_code
+krb5_us_timeofday (
+ krb5_context /*context*/,
+ int32_t */*sec*/,
+ int32_t */*usec*/);
+
+krb5_error_code
+krb5_vabort (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((noreturn, format (printf, 3, 0)));
krb5_error_code
-krb5_vabortx __P((
- krb5_context context,
- const char *fmt,
- va_list ap))
+krb5_vabortx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((noreturn, format (printf, 2, 0)));
krb5_error_code
-krb5_verify_ap_req __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- krb5_ap_req *ap_req,
- krb5_const_principal server,
- krb5_keyblock *keyblock,
- krb5_flags flags,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket));
-
-krb5_error_code
-krb5_verify_ap_req2 __P((
- krb5_context context,
- krb5_auth_context *auth_context,
- krb5_ap_req *ap_req,
- krb5_const_principal server,
- krb5_keyblock *keyblock,
- krb5_flags flags,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket,
- krb5_key_usage usage));
-
-krb5_error_code
-krb5_verify_authenticator_checksum __P((
- krb5_context context,
- krb5_auth_context ac,
- void *data,
- size_t len));
-
-krb5_error_code
-krb5_verify_checksum __P((
- krb5_context context,
- krb5_crypto crypto,
- krb5_key_usage usage,
- void *data,
- size_t len,
- Checksum *cksum));
-
-krb5_error_code
-krb5_verify_init_creds __P((
- krb5_context context,
- krb5_creds *creds,
- krb5_principal ap_req_server,
- krb5_keytab ap_req_keytab,
- krb5_ccache *ccache,
- krb5_verify_init_creds_opt *options));
+krb5_verify_ap_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_ap_req */*ap_req*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags /*flags*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code
+krb5_verify_ap_req2 (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_ap_req */*ap_req*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags /*flags*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/,
+ krb5_key_usage /*usage*/);
+
+krb5_error_code
+krb5_verify_authenticator_checksum (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ void */*data*/,
+ size_t /*len*/);
+
+krb5_error_code
+krb5_verify_checksum (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_key_usage /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ Checksum */*cksum*/);
+
+krb5_error_code
+krb5_verify_init_creds (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*ap_req_server*/,
+ krb5_keytab /*ap_req_keytab*/,
+ krb5_ccache */*ccache*/,
+ krb5_verify_init_creds_opt */*options*/);
void
-krb5_verify_init_creds_opt_init __P((krb5_verify_init_creds_opt *options));
+krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/);
void
-krb5_verify_init_creds_opt_set_ap_req_nofail __P((
- krb5_verify_init_creds_opt *options,
- int ap_req_nofail));
-
-krb5_error_code
-krb5_verify_user __P((
- krb5_context context,
- krb5_principal principal,
- krb5_ccache ccache,
- const char *password,
- krb5_boolean secure,
- const char *service));
-
-krb5_error_code
-krb5_verify_user_lrealm __P((
- krb5_context context,
- krb5_principal principal,
- krb5_ccache ccache,
- const char *password,
- krb5_boolean secure,
- const char *service));
-
-krb5_error_code
-krb5_verr __P((
- krb5_context context,
- int eval,
- krb5_error_code code,
- const char *fmt,
- va_list ap))
+krb5_verify_init_creds_opt_set_ap_req_nofail (
+ krb5_verify_init_creds_opt */*options*/,
+ int /*ap_req_nofail*/);
+
+void
+krb5_verify_opt_init (krb5_verify_opt */*opt*/);
+
+void
+krb5_verify_opt_set_ccache (
+ krb5_verify_opt */*opt*/,
+ krb5_ccache /*ccache*/);
+
+void
+krb5_verify_opt_set_flags (
+ krb5_verify_opt */*opt*/,
+ unsigned int /*flags*/);
+
+void
+krb5_verify_opt_set_keytab (
+ krb5_verify_opt */*opt*/,
+ krb5_keytab /*keytab*/);
+
+void
+krb5_verify_opt_set_secure (
+ krb5_verify_opt */*opt*/,
+ krb5_boolean /*secure*/);
+
+void
+krb5_verify_opt_set_service (
+ krb5_verify_opt */*opt*/,
+ const char */*service*/);
+
+krb5_error_code
+krb5_verify_user (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_ccache /*ccache*/,
+ const char */*password*/,
+ krb5_boolean /*secure*/,
+ const char */*service*/);
+
+krb5_error_code
+krb5_verify_user_lrealm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_ccache /*ccache*/,
+ const char */*password*/,
+ krb5_boolean /*secure*/,
+ const char */*service*/);
+
+krb5_error_code
+krb5_verify_user_opt (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ const char */*password*/,
+ krb5_verify_opt */*opt*/);
+
+krb5_error_code
+krb5_verr (
+ krb5_context /*context*/,
+ int /*eval*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((noreturn, format (printf, 4, 0)));
krb5_error_code
-krb5_verrx __P((
- krb5_context context,
- int eval,
- const char *fmt,
- va_list ap))
+krb5_verrx (
+ krb5_context /*context*/,
+ int /*eval*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((noreturn, format (printf, 3, 0)));
krb5_error_code
-krb5_vlog __P((
- krb5_context context,
- krb5_log_facility *fac,
- int level,
- const char *fmt,
- va_list ap))
+krb5_vlog (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__((format (printf, 4, 0)));
krb5_error_code
-krb5_vlog_msg __P((
- krb5_context context,
- krb5_log_facility *fac,
- char **reply,
- int level,
- const char *fmt,
- va_list ap))
+krb5_vlog_msg (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ char **/*reply*/,
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__((format (printf, 5, 0)));
krb5_error_code
-krb5_vwarn __P((
- krb5_context context,
- krb5_error_code code,
- const char *fmt,
- va_list ap))
+krb5_vset_error_string (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*args*/)
+ __attribute__ ((format (printf, 2, 0)));
+
+krb5_error_code
+krb5_vwarn (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((format (printf, 3, 0)));
krb5_error_code
-krb5_vwarnx __P((
- krb5_context context,
- const char *fmt,
- va_list ap))
+krb5_vwarnx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
__attribute__ ((format (printf, 2, 0)));
krb5_error_code
-krb5_warn __P((
- krb5_context context,
- krb5_error_code code,
- const char *fmt,
- ...))
+krb5_warn (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((format (printf, 3, 4)));
krb5_error_code
-krb5_warnx __P((
- krb5_context context,
- const char *fmt,
- ...))
+krb5_warnx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
__attribute__ ((format (printf, 2, 3)));
krb5_error_code
-krb5_write_message __P((
- krb5_context context,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_write_message (
+ krb5_context /*context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_write_priv_message __P((
- krb5_context context,
- krb5_auth_context ac,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_write_priv_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_write_safe_message __P((
- krb5_context context,
- krb5_auth_context ac,
- krb5_boolean priv,
- krb5_pointer p_fd,
- krb5_data *data));
+krb5_write_safe_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
krb5_error_code
-krb5_xfree __P((void *ptr));
+krb5_xfree (void */*ptr*/);
krb5_error_code
-principalname2krb5_principal __P((
- krb5_principal *principal,
- const PrincipalName from,
- const Realm realm));
+principalname2krb5_principal (
+ krb5_principal */*principal*/,
+ const PrincipalName /*from*/,
+ const Realm /*realm*/);
#endif /* __krb5_protos_h__ */
diff --git a/kerberosV/src/lib/krb5/rd_req.c b/kerberosV/src/lib/krb5/rd_req.c
index 16468ddc5ad..b258921cb2c 100644
--- a/kerberosV/src/lib/krb5/rd_req.c
+++ b/kerberosV/src/lib/krb5/rd_req.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$KTH: rd_req.c,v 1.44 2000/11/15 23:16:28 assar Exp $");
+RCSID("$KTH: rd_req.c,v 1.47 2001/06/18 02:48:18 assar Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -113,19 +113,48 @@ krb5_decode_ap_req(krb5_context context,
return ret;
if (ap_req->pvno != 5){
free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION;
}
if (ap_req->msg_type != krb_ap_req){
free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_MSG_TYPE;
}
if (ap_req->ticket.tkt_vno != 5){
free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_BADVERSION;
}
return 0;
}
+static krb5_error_code
+check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
+{
+ char **realms;
+ int num_realms;
+ krb5_error_code ret;
+
+ if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
+ return KRB5KDC_ERR_TRTYPE_NOSUPP;
+
+ if(enc->transited.contents.length == 0)
+ return 0;
+
+ ret = krb5_domain_x500_decode(context, enc->transited.contents,
+ &realms, &num_realms,
+ enc->crealm,
+ ticket->realm);
+ if(ret)
+ return ret;
+ ret = krb5_check_transited(context, enc->crealm,
+ ticket->realm,
+ realms, num_realms, NULL);
+ free(realms);
+ return ret;
+}
+
krb5_error_code
krb5_decrypt_ticket(krb5_context context,
Ticket *ticket,
@@ -150,12 +179,22 @@ krb5_decrypt_ticket(krb5_context context,
|| (t.flags.invalid
&& !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
free_EncTicketPart(&t);
+ krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_NYV;
}
if(now - t.endtime > context->max_skew) {
free_EncTicketPart(&t);
+ krb5_clear_error_string (context);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
}
+
+ if(!t.flags.transited_policy_checked) {
+ ret = check_transited(context, ticket, &t);
+ if(ret) {
+ free_EncTicketPart(&t);
+ return ret;
+ }
+ }
}
if(out)
@@ -176,7 +215,7 @@ krb5_verify_authenticator_checksum(krb5_context context,
krb5_authenticator authenticator;
krb5_crypto crypto;
- ret = krb5_auth_getauthenticator (context,
+ ret = krb5_auth_con_getauthenticator (context,
ac,
&authenticator);
if(ret)
@@ -204,29 +243,6 @@ out:
return ret;
}
-#if 0
-static krb5_error_code
-check_transited(krb5_context context,
- krb5_ticket *ticket)
-{
- char **realms;
- int num_realms;
- krb5_error_code ret;
-
- if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
- return KRB5KDC_ERR_TRTYPE_NOSUPP;
-
- ret = krb5_domain_x500_decode(ticket->ticket.transited.contents,
- &realms, &num_realms,
- ticket->client->realm,
- ticket->server->realm);
- if(ret)
- return ret;
- ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
- free(realms);
- return ret;
-}
-#endif
krb5_error_code
krb5_verify_ap_req(krb5_context context,
@@ -320,6 +336,7 @@ krb5_verify_ap_req2(krb5_context context,
krb5_free_principal (context, p2);
if (!res) {
ret = KRB5KRB_AP_ERR_BADMATCH;
+ krb5_clear_error_string (context);
goto out2;
}
}
@@ -332,21 +349,21 @@ krb5_verify_ap_req2(krb5_context context,
ac->remote_address,
t.ticket.caddr)) {
ret = KRB5KRB_AP_ERR_BADADDR;
+ krb5_clear_error_string (context);
goto out2;
}
if (ac->authenticator->seq_number)
- ac->remote_seqnumber = *ac->authenticator->seq_number;
+ krb5_auth_con_setremoteseqnumber(context, ac,
+ *ac->authenticator->seq_number);
/* XXX - Xor sequence numbers */
- /* XXX - subkeys? */
- /* And where should it be stored? */
-
if (ac->authenticator->subkey) {
- krb5_copy_keyblock(context,
- ac->authenticator->subkey,
- &ac->remote_subkey);
+ ret = krb5_auth_con_setremotesubkey(context, ac,
+ ac->authenticator->subkey);
+ if (ret)
+ goto out2;
}
if (ap_req_options) {
diff --git a/kerberosV/src/lib/krb5/transited.c b/kerberosV/src/lib/krb5/transited.c
index 8a7873df261..824c76c2ee4 100644
--- a/kerberosV/src/lib/krb5/transited.c
+++ b/kerberosV/src/lib/krb5/transited.c
@@ -308,6 +308,12 @@ krb5_domain_x500_decode(krb5_context context,
struct tr_realm *p, **q;
int ret;
+ if(tr.length == 0) {
+ *realms = NULL;
+ *num_realms = 0;
+ return 0;
+ }
+
/* split string in components */
ret = decode_realms(context, tr.data, tr.length, &r);
if(ret)
@@ -362,6 +368,9 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
char *s = NULL;
int len = 0;
int i;
+ krb5_data_zero(encoding);
+ if (num_realms == 0)
+ return 0;
for(i = 0; i < num_realms; i++){
len += strlen(realms[i]);
if(realms[i][0] == '/')
@@ -369,6 +378,8 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
}
len += num_realms - 1;
s = malloc(len + 1);
+ if (s == NULL)
+ return ENOMEM;
*s = '\0';
for(i = 0; i < num_realms; i++){
if(i && i < num_realms - 1)
@@ -383,6 +394,44 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
}
krb5_error_code
+krb5_check_transited(krb5_context context,
+ krb5_const_realm client_realm,
+ krb5_const_realm server_realm,
+ krb5_realm *realms,
+ int num_realms,
+ int *bad_realm)
+{
+ char **tr_realms;
+ char **p;
+ int i;
+
+ if(num_realms == 0)
+ return 0;
+
+ tr_realms = krb5_config_get_strings(context, NULL,
+ "capaths",
+ client_realm,
+ server_realm,
+ NULL);
+ for(i = 0; i < num_realms; i++) {
+ for(p = tr_realms; p && *p; p++) {
+ if(strcmp(*p, realms[i]) == 0)
+ break;
+ }
+ if(p == NULL || *p == NULL) {
+ krb5_config_free_strings(tr_realms);
+ krb5_set_error_string (context, "no transit through realm %s",
+ realms[i]);
+ if(bad_realm)
+ *bad_realm = i;
+ return KRB5KRB_AP_ERR_ILL_CR_TKT;
+ }
+ }
+ krb5_config_free_strings(tr_realms);
+ return 0;
+}
+
+krb5_error_code
krb5_check_transited_realms(krb5_context context,
const char *const *realms,
int num_realms,