diff options
| author | Bjorn Sandell <biorn@cvs.openbsd.org> | 2004-05-19 14:20:31 +0000 |
|---|---|---|
| committer | Bjorn Sandell <biorn@cvs.openbsd.org> | 2004-05-19 14:20:31 +0000 |
| commit | 8c69b6bafacdeed4ca1909535360f09009a7516d (patch) | |
| tree | 916dfb98ee2397460498ecd6023ff3b3f106e081 /kerberosV | |
| parent | 0b35f47cf65d7b406876b7c09ef716f0de3fc5ee (diff) | |
Fix cross-realm trust vulnerability. Adapted from FreeBSD patch.
ok beck@ hin@
Diffstat (limited to 'kerberosV')
| -rw-r--r-- | kerberosV/src/kdc/config.c | 22 | ||||
| -rw-r--r-- | kerberosV/src/kdc/kdc.8 | 23 | ||||
| -rw-r--r-- | kerberosV/src/kdc/kdc_locl.h | 4 | ||||
| -rw-r--r-- | kerberosV/src/kdc/kerberos5.c | 570 | ||||
| -rw-r--r-- | kerberosV/src/lib/krb5/krb5-protos.h | 4075 | ||||
| -rw-r--r-- | kerberosV/src/lib/krb5/rd_req.c | 83 | ||||
| -rw-r--r-- | kerberosV/src/lib/krb5/transited.c | 49 |
7 files changed, 2731 insertions, 2095 deletions
diff --git a/kerberosV/src/kdc/config.c b/kerberosV/src/kdc/config.c index 20b2870c161..0e17b6e249d 100644 --- a/kerberosV/src/kdc/config.c +++ b/kerberosV/src/kdc/config.c @@ -64,6 +64,8 @@ krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ krb5_boolean check_ticket_addresses; krb5_boolean allow_null_ticket_addresses; krb5_boolean allow_anonymous; +int trpolicy; +static const char *trpolicy_str; static struct getarg_strings addresses_str; /* addresses to listen on */ krb5_addresses explicit_addresses; @@ -293,9 +295,8 @@ configure(int argc, char **argv) get_dbinfo(); - if(max_request_str){ + if(max_request_str) max_request = parse_bytes(max_request_str, NULL); - } if(max_request == 0){ p = krb5_config_get_string (context, @@ -366,6 +367,23 @@ configure(int argc, char **argv) allow_anonymous = krb5_config_get_bool(context, NULL, "kdc", "allow-anonymous", NULL); + trpolicy_str = + krb5_config_get_string_default(context, NULL, "always-check", "kdc", + "transited-policy", NULL); + if(strcasecmp(trpolicy_str, "always-check") == 0) + trpolicy = TRPOLICY_ALWAYS_CHECK; + else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) + trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL; + else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) + trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST; + else { + kdc_log(0, "unknown transited-policy: %s, reverting to always-check", + trpolicy_str); + trpolicy = TRPOLICY_ALWAYS_CHECK; + } + + krb5_config_get_bool_default(context, NULL, TRUE, "kdc", + "enforce-transited-policy", NULL); #ifdef KRB4 if(v4_realm == NULL){ p = krb5_config_get_string (context, NULL, diff --git a/kerberosV/src/kdc/kdc.8 b/kerberosV/src/kdc/kdc.8 index 97b9ba5eae2..d7b9195063d 100644 --- a/kerberosV/src/kdc/kdc.8 +++ b/kerberosV/src/kdc/kdc.8 @@ -31,7 +31,7 @@ .\" .\" $KTH: kdc.8,v 1.23 2003/04/06 17:48:40 lha Exp $ .\" -.Dd August 22, 2002 +.Dd October 22, 2003 .Dt KDC 8 .Os HEIMDAL .Sh NAME @@ -193,6 +193,27 @@ Permit tickets with no addresses. This option is only relevant when check-ticket-addresses is TRUE. .It Li allow-anonymous = Va boolean Permit anonymous tickets with no addresses. +.It Li transited-policy = Xo +.Li always-check \*(Ba +.Li allow-per-principal | +.Li always-honour-request +.Xc +This controls how KDC requests with the +.Li disable-transited-check +flag are handled. It can be one of: +.Bl -tag -width "xxx" -offset indent +.It Li always-check +Always check transited encoding, this is the default. +.It Li allow-per-principal +Currently this is identical to +.Li always-check . +In a future release, it will be possible to mark a principal as able +to handle unchecked requests. +.It Li always-honour-request +Always do what the client asked. +In a future release, it will be possible to force a check per +principal. +.El .It encode_as_rep_as_tgs_rep = Va boolean Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code. The Heimdal clients allow both. diff --git a/kerberosV/src/kdc/kdc_locl.h b/kerberosV/src/kdc/kdc_locl.h index f1d4b7ad5ae..29b5ae16702 100644 --- a/kerberosV/src/kdc/kdc_locl.h +++ b/kerberosV/src/kdc/kdc_locl.h @@ -62,6 +62,10 @@ extern krb5_boolean encode_as_rep_as_tgs_rep; extern krb5_boolean check_ticket_addresses; extern krb5_boolean allow_null_ticket_addresses; extern krb5_boolean allow_anonymous; +enum { TRPOLICY_ALWAYS_CHECK, + TRPOLICY_ALLOW_PER_PRINCIPAL, + TRPOLICY_ALWAYS_HONOUR_REQUEST }; +extern int trpolicy; extern int enable_524; extern int enable_v4_cross_realm; diff --git a/kerberosV/src/kdc/kerberos5.c b/kerberosV/src/kdc/kerberos5.c index 5613d7b5f83..36bcdadbc52 100644 --- a/kerberosV/src/kdc/kerberos5.c +++ b/kerberosV/src/kdc/kerberos5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$KTH: kerberos5.c,v 1.123 2001/01/30 01:44:08 assar Exp $"); +RCSID("$KTH: kerberos5.c,v 1.145 2003/04/15 11:07:39 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -78,7 +78,7 @@ find_padata(KDC_REQ *req, int *start, int type) */ static krb5_error_code -find_etype(hdb_entry *princ, unsigned *etypes, unsigned len, +find_etype(hdb_entry *princ, krb5_enctype *etypes, unsigned len, Key **ret_key, krb5_enctype *ret_etype) { int i; @@ -109,7 +109,7 @@ find_keys(hdb_entry *client, krb5_enctype *cetype, Key **skey, krb5_enctype *setype, - int *etypes, + krb5_enctype *etypes, unsigned num_etypes) { krb5_error_code ret; @@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_enctype etype, int skvno, EncryptionKey *skey, int ckvno, EncryptionKey *ckey, + const char **e_text, krb5_data *reply) { - unsigned char buf[8192]; /* XXX The data could be indefinite */ + unsigned char *buf; + size_t buf_size; size_t len; krb5_error_code ret; krb5_crypto crypto; - ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len); + ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret); if(ret) { kdc_log(0, "Failed to encode ticket: %s", krb5_get_err_text(context, ret)); return ret; } - + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } ret = krb5_crypto_init(context, skey, etype, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); return ret; } - krb5_encrypt_EncryptedData(context, - crypto, - KRB5_KU_TICKET, - buf + sizeof(buf) - len, - len, - skvno, - &rep->ticket.enc_part); - + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + skvno, + &rep->ticket.enc_part); + free(buf); krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(0, "Failed to encrypt data: %s", + krb5_get_err_text(context, ret)); + return ret; + } if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep) - ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), - ek, &len); + ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret); else - ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf), - ek, &len); + ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret); if(ret) { kdc_log(0, "Failed to encode KDC-REP: %s", krb5_get_err_text(context, ret)); return ret; } + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } ret = krb5_crypto_init(context, ckey, 0, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); return ret; @@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_AS_REP_ENC_PART, - buf + sizeof(buf) - len, + buf, len, ckvno, &rep->enc_part); - ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); + free(buf); + ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret); } else { krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_TGS_REP_ENC_PART_SESSION, - buf + sizeof(buf) - len, + buf, len, ckvno, &rep->enc_part); - ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); + free(buf); + ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret); } krb5_crypto_destroy(context, crypto); if(ret) { @@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_get_err_text(context, ret)); return ret; } - krb5_data_copy(reply, buf + sizeof(buf) - len, len); + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } + reply->data = buf; + reply->length = buf_size; return 0; } @@ -247,66 +274,98 @@ realloc_method_data(METHOD_DATA *md) } static krb5_error_code -get_pa_etype_info(METHOD_DATA *md, hdb_entry *client) +make_etype_info_entry(ETYPE_INFO_ENTRY *ent, Key *key) +{ + ent->etype = key->key.keytype; + if(key->salt){ + ALLOC(ent->salttype); +#if 0 + if(key->salt->type == hdb_pw_salt) + *ent->salttype = 0; /* or 1? or NULL? */ + else if(key->salt->type == hdb_afs3_salt) + *ent->salttype = 2; + else { + kdc_log(0, "unknown salt-type: %d", + key->salt->type); + return KRB5KRB_ERR_GENERIC; + } + /* according to `the specs', we can't send a salt if + we have AFS3 salted key, but that requires that you + *know* what cell you are using (e.g by assuming + that the cell is the same as the realm in lower + case) */ +#else + *ent->salttype = key->salt->type; +#endif + krb5_copy_data(context, &key->salt->salt, + &ent->salt); + } else { + /* we return no salt type at all, as that should indicate + * the default salt type and make everybody happy. some + * systems (like w2k) dislike being told the salt type + * here. */ + + ent->salttype = NULL; + ent->salt = NULL; + } + return 0; +} + +static krb5_error_code +get_pa_etype_info(METHOD_DATA *md, hdb_entry *client, + ENCTYPE *etypes, unsigned int etypes_len) { krb5_error_code ret = 0; - int i; + int i, j; + unsigned int n = 0; ETYPE_INFO pa; unsigned char *buf; size_t len; pa.len = client->keys.len; + if(pa.len > UINT_MAX/sizeof(*pa.val)) + return ERANGE; pa.val = malloc(pa.len * sizeof(*pa.val)); if(pa.val == NULL) return ENOMEM; + + for(j = 0; j < etypes_len; j++) { + for(i = 0; i < client->keys.len; i++) { + if(client->keys.val[i].key.keytype == etypes[j]) + if((ret = make_etype_info_entry(&pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO(&pa); + return ret; + } + } + } for(i = 0; i < client->keys.len; i++) { - pa.val[i].etype = client->keys.val[i].key.keytype; - if(client->keys.val[i].salt){ - ALLOC(pa.val[i].salttype); -#if 0 - if(client->keys.val[i].salt->type == hdb_pw_salt) - *pa.val[i].salttype = 0; /* or 1? or NULL? */ - else if(client->keys.val[i].salt->type == hdb_afs3_salt) - *pa.val[i].salttype = 2; - else { - free_ETYPE_INFO(&pa); - kdc_log(0, "unknown salt-type: %d", - client->keys.val[i].salt->type); - return KRB5KRB_ERR_GENERIC; - } - /* according to `the specs', we can't send a salt if - we have AFS3 salted key, but that requires that you - *know* what cell you are using (e.g by assuming - that the cell is the same as the realm in lower - case) */ -#else - *pa.val[i].salttype = client->keys.val[i].salt->type; -#endif - krb5_copy_data(context, &client->keys.val[i].salt->salt, - &pa.val[i].salt); - } else { - /* we return no salt type at all, as that should indicate - * the default salt type and make everybody happy. some - * systems (like w2k) dislike being told the salt type - * here. */ - - pa.val[i].salttype = NULL; - pa.val[i].salt = NULL; + for(j = 0; j < etypes_len; j++) { + if(client->keys.val[i].key.keytype == etypes[j]) + goto skip; } + if((ret = make_etype_info_entry(&pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO(&pa); + return ret; + } + skip:; } - len = length_ETYPE_INFO(&pa); - buf = malloc(len); - if (buf == NULL) { - free_ETYPE_INFO(&pa); - return ENOMEM; + + if(n != pa.len) { + char *name; + krb5_unparse_name(context, client->principal, &name); + kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d", + name, n, pa.len); + free(name); + pa.len = n; } - ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len); + + ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret); free_ETYPE_INFO(&pa); - if(ret) { - free(buf); + if(ret) return ret; - } ret = realloc_method_data(md); if(ret) { free(buf); @@ -415,7 +474,7 @@ check_addresses(HostAddresses *addresses, const struct sockaddr *from) if(addresses == NULL) return allow_null_ticket_addresses; - ret = krb5_sockaddr2address (from, &addr); + ret = krb5_sockaddr2address (context, from, &addr); if(ret) return FALSE; @@ -437,8 +496,8 @@ as_rep(KDC_REQ *req, krb5_enctype cetype, setype; EncTicketPart et; EncKDCRepPart ek; - krb5_principal client_princ, server_princ; - char *client_name, *server_name; + krb5_principal client_princ = NULL, server_princ = NULL; + char *client_name = NULL, *server_name = NULL; krb5_error_code ret = 0; const char *e_text = NULL; krb5_crypto crypto; @@ -447,27 +506,30 @@ as_rep(KDC_REQ *req, memset(&rep, 0, sizeof(rep)); if(b->sname == NULL){ - server_name = "<unknown server>"; ret = KRB5KRB_ERR_GENERIC; e_text = "No server in request"; } else{ principalname2krb5_principal (&server_princ, *(b->sname), b->realm); krb5_unparse_name(context, server_princ, &server_name); } + if (ret) { + kdc_log(0, "AS-REQ malformed server name from %s", from); + goto out; + } if(b->cname == NULL){ - client_name = "<unknown client>"; ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { principalname2krb5_principal (&client_princ, *(b->cname), b->realm); krb5_unparse_name(context, client_princ, &client_name); } - kdc_log(0, "AS-REQ %s from %s for %s", - client_name, from, server_name); - - if(ret) + if (ret) { + kdc_log(0, "AS-REQ malformed client name from %s", from); goto out; + } + + kdc_log(0, "AS-REQ %s from %s for %s", client_name, from, server_name); ret = db_fetch(client_princ, &client); if(ret){ @@ -536,7 +598,8 @@ as_rep(KDC_REQ *req, free_EncryptedData(&enc_data); continue; } - + + try_next_key: ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto); if (ret) { kdc_log(0, "krb5_crypto_init failed: %s", @@ -551,14 +614,18 @@ as_rep(KDC_REQ *req, &enc_data, &ts_data); krb5_crypto_destroy(context, crypto); - free_EncryptedData(&enc_data); if(ret){ + if(hdb_next_enctype2key(context, client, + enc_data.etype, &pa_key) == 0) + goto try_next_key; + free_EncryptedData(&enc_data); e_text = "Failed to decrypt PA-DATA"; kdc_log (5, "Failed to decrypt PA-DATA -- %s", client_name); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; continue; } + free_EncryptedData(&enc_data); ret = decode_PA_ENC_TS_ENC(ts_data.data, ts_data.length, &p, @@ -601,7 +668,7 @@ as_rep(KDC_REQ *req, size_t len; krb5_data foo_data; - use_pa: + use_pa: method_data.len = 0; method_data.val = NULL; @@ -611,17 +678,13 @@ as_rep(KDC_REQ *req, pa->padata_value.length = 0; pa->padata_value.data = NULL; - ret = get_pa_etype_info(&method_data, client); /* XXX check ret */ + ret = get_pa_etype_info(&method_data, client, + b->etype.val, b->etype.len); /* XXX check ret */ - len = length_METHOD_DATA(&method_data); - buf = malloc(len); - encode_METHOD_DATA(buf + len - 1, - len, - &method_data, - &len); + ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); free_METHOD_DATA(&method_data); - foo_data.length = len; foo_data.data = buf; + foo_data.length = len; ret = KRB5KDC_ERR_PREAUTH_REQUIRED; krb5_mk_error(context, @@ -630,7 +693,8 @@ as_rep(KDC_REQ *req, &foo_data, client_princ, server_princ, - 0, + NULL, + NULL, reply); free(buf); kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name); @@ -655,9 +719,10 @@ as_rep(KDC_REQ *req, if (ret == 0) { kdc_log(5, "Using %s/%s", cet, set); free(set); - } else + } free(cet); - } else + } + if (ret != 0) kdc_log(5, "Using e-types %d/%d", cetype, setype); } @@ -780,13 +845,8 @@ as_rep(KDC_REQ *req, copy_HostAddresses(b->addresses, et.caddr); } - { - krb5_data empty_string; - - krb5_data_zero(&empty_string); - et.transited.tr_type = DOMAIN_X500_COMPRESS; - et.transited.contents = empty_string; - } + et.transited.tr_type = DOMAIN_X500_COMPRESS; + krb5_data_zero(&et.transited.contents); copy_EncryptionKey(&et.key, &ek.key); @@ -804,17 +864,17 @@ as_rep(KDC_REQ *req, if (client->pw_end && (kdc_warn_pwexpire == 0 || kdc_time + kdc_warn_pwexpire <= *client->pw_end)) { - ek.last_req.val[ek.last_req.len].lr_type = 6; + ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME; ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end; ++ek.last_req.len; } if (client->valid_end) { - ek.last_req.val[ek.last_req.len].lr_type = 7; + ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME; ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end; ++ek.last_req.len; } if (ek.last_req.len == 0) { - ek.last_req.val[ek.last_req.len].lr_type = 0; + ek.last_req.val[ek.last_req.len].lr_type = LR_NONE; ek.last_req.val[ek.last_req.len].lr_value = 0; ++ek.last_req.len; } @@ -850,11 +910,11 @@ as_rep(KDC_REQ *req, set_salt_padata (&rep.padata, ckey->salt); ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key, - client->kvno, &ckey->key, reply); + client->kvno, &ckey->key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); + out: free_AS_REP(&rep); -out: if(ret){ krb5_mk_error(context, ret, @@ -862,14 +922,17 @@ out: NULL, client_princ, server_princ, - 0, + NULL, + NULL, reply); ret = 0; } -out2: - krb5_free_principal(context, client_princ); + out2: + if (client_princ) + krb5_free_principal(context, client_princ); free(client_name); - krb5_free_principal(context, server_princ); + if (server_princ) + krb5_free_principal(context, server_princ); free(server_name); if(client) free_ent(client); @@ -978,7 +1041,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et) old_life -= *tgt->starttime; else old_life -= tgt->authtime; - et->endtime = min(*et->renew_till, *et->starttime + old_life); + et->endtime = *et->starttime + old_life; + if (et->renew_till != NULL) + et->endtime = min(*et->renew_till, et->endtime); } /* checks for excess flags */ @@ -990,31 +1055,38 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et) } static krb5_error_code -fix_transited_encoding(TransitedEncoding *tr, +fix_transited_encoding(krb5_boolean check_policy, + TransitedEncoding *tr, + EncTicketPart *et, const char *client_realm, const char *server_realm, const char *tgt_realm) { krb5_error_code ret = 0; - if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)){ - char **realms = NULL, **tmp; - int num_realms = 0; - int i; - if(tr->tr_type && tr->contents.length != 0) { - if(tr->tr_type != DOMAIN_X500_COMPRESS){ - kdc_log(0, "Unknown transited type: %u", - tr->tr_type); - return KRB5KDC_ERR_TRTYPE_NOSUPP; - } - ret = krb5_domain_x500_decode(tr->contents, - &realms, - &num_realms, - client_realm, - server_realm); - if(ret){ - krb5_warn(context, ret, "Decoding transited encoding"); - return ret; - } + char **realms, **tmp; + int num_realms; + int i; + + if(tr->tr_type != DOMAIN_X500_COMPRESS) { + kdc_log(0, "Unknown transited type: %u", tr->tr_type); + return KRB5KDC_ERR_TRTYPE_NOSUPP; + } + + ret = krb5_domain_x500_decode(context, + tr->contents, + &realms, + &num_realms, + client_realm, + server_realm); + if(ret){ + krb5_warn(context, ret, "Decoding transited encoding"); + return ret; + } + if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { + /* not us, so add the previous realm to transited set */ + if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; } tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); if(tmp == NULL){ @@ -1028,16 +1100,46 @@ fix_transited_encoding(TransitedEncoding *tr, goto free_realms; } num_realms++; - free_TransitedEncoding(tr); - tr->tr_type = DOMAIN_X500_COMPRESS; - ret = krb5_domain_x500_encode(realms, num_realms, &tr->contents); - if(ret) - krb5_warn(context, ret, "Encoding transited encoding"); - free_realms: + } + if(num_realms == 0) { + if(strcmp(client_realm, server_realm)) + kdc_log(0, "cross-realm %s -> %s", client_realm, server_realm); + } else { + size_t l = 0; + char *rs; for(i = 0; i < num_realms; i++) - free(realms[i]); - free(realms); + l += strlen(realms[i]) + 2; + rs = malloc(l); + if(rs != NULL) { + *rs = '\0'; + for(i = 0; i < num_realms; i++) { + if(i > 0) + strlcat(rs, ", ", l); + strlcat(rs, realms[i], l); + } + kdc_log(0, "cross-realm %s -> %s via [%s]", client_realm, server_realm, rs); + free(rs); + } } + if(check_policy) { + ret = krb5_check_transited(context, client_realm, + server_realm, + realms, num_realms, NULL); + if(ret) { + krb5_warn(context, ret, "cross-realm %s -> %s", + client_realm, server_realm); + goto free_realms; + } + et->flags.transited_policy_checked = 1; + } + et->transited.tr_type = DOMAIN_X500_COMPRESS; + ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents); + if(ret) + krb5_warn(context, ret, "Encoding transited encoding"); + free_realms: + for(i = 0; i < num_realms; i++) + free(realms[i]); + free(realms); return ret; } @@ -1052,6 +1154,7 @@ tgs_make_reply(KDC_REQ_BODY *b, krb5_principal client_principal, hdb_entry *krbtgt, krb5_enctype cetype, + const char **e_text, krb5_data *reply) { KDC_REP rep; @@ -1102,18 +1205,35 @@ tgs_make_reply(KDC_REQ_BODY *b, ret = check_tgs_flags(b, tgt, &et); if(ret) - return ret; + goto out; - copy_TransitedEncoding(&tgt->transited, &et.transited); - ret = fix_transited_encoding(&et.transited, + /* We should check the transited encoding if: + 1) the request doesn't ask not to be checked + 2) globally enforcing a check + 3) principal requires checking + 4) we allow non-check per-principal, but principal isn't marked as allowing this + 5) we don't globally allow this + */ + +#define GLOBAL_FORCE_TRANSITED_CHECK (trpolicy == TRPOLICY_ALWAYS_CHECK) +#define GLOBAL_ALLOW_PER_PRINCIPAL (trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL) +#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK (trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST) +/* these will consult the database in future release */ +#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 +#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 + + ret = fix_transited_encoding(!f.disable_transited_check || + GLOBAL_FORCE_TRANSITED_CHECK || + PRINCIPAL_FORCE_TRANSITED_CHECK(server) || + !((GLOBAL_ALLOW_PER_PRINCIPAL && + PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || + GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), + &tgt->transited, &et, *krb5_princ_realm(context, client_principal), *krb5_princ_realm(context, server->principal), *krb5_princ_realm(context, krbtgt->principal)); - if(ret){ - free_TransitedEncoding(&et.transited); - return ret; - } - + if(ret) + goto out; copy_Realm(krb5_princ_realm(context, server->principal), &rep.ticket.realm); @@ -1207,8 +1327,8 @@ tgs_make_reply(KDC_REQ_BODY *b, etype list, even if we don't want a session key with DES3? */ ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey, - 0, &tgt->key, reply); -out: + 0, &tgt->key, e_text, reply); + out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); if(et.starttime) @@ -1224,15 +1344,17 @@ out: static krb5_error_code tgs_check_authenticator(krb5_auth_context ac, KDC_REQ_BODY *b, + const char **e_text, krb5_keyblock *key) { krb5_authenticator auth; size_t len; - unsigned char buf[8192]; + unsigned char *buf; + size_t buf_size; krb5_error_code ret; krb5_crypto crypto; - krb5_auth_getauthenticator(context, ac, &auth); + krb5_auth_con_getauthenticator(context, ac, &auth); if(auth->cksum == NULL){ kdc_log(0, "No authenticator in request"); ret = KRB5KRB_AP_ERR_INAPP_CKSUM; @@ -1255,15 +1377,22 @@ tgs_check_authenticator(krb5_auth_context ac, } /* XXX should not re-encode this */ - ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), - b, &len); + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); if(ret){ kdc_log(0, "Failed to encode KDC-REQ-BODY: %s", krb5_get_err_text(context, ret)); goto out; } + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + ret = KRB5KRB_ERR_GENERIC; + goto out; + } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); goto out; @@ -1271,9 +1400,10 @@ tgs_check_authenticator(krb5_auth_context ac, ret = krb5_verify_checksum(context, crypto, KRB5_KU_TGS_REQ_AUTH_CKSUM, - buf + sizeof(buf) - len, + buf, len, auth->cksum); + free(buf); krb5_crypto_destroy(context, crypto); if(ret){ kdc_log(0, "Failed to verify checksum: %s", @@ -1285,34 +1415,52 @@ out: return ret; } +/* + * return the realm of a krbtgt-ticket or NULL + */ + static Realm -is_krbtgt(PrincipalName *p) +get_krbtgt_realm(const PrincipalName *p) { - if(p->name_string.len == 2 && strcmp(p->name_string.val[0], "krbtgt") == 0) + if(p->name_string.len == 2 + && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0) return p->name_string.val[1]; else return NULL; } static Realm -find_rpath(Realm r) +find_rpath(Realm crealm, Realm srealm) { const char *new_realm = krb5_config_get_string(context, NULL, - "libdefaults", - "capath", - r, + "capaths", + crealm, + srealm, NULL); return (Realm)new_realm; } +static krb5_boolean +need_referral(krb5_principal server, krb5_realm **realms) +{ + if(server->name.name_type != KRB5_NT_SRV_INST || + server->name.name_string.len != 2) + return FALSE; + + return krb5_get_host_realm_int(context, server->name.name_string.val[1], + FALSE, realms) == 0; +} + static krb5_error_code tgs_rep2(KDC_REQ_BODY *b, PA_DATA *tgs_req, krb5_data *reply, const char *from, - struct sockaddr *from_addr) + const struct sockaddr *from_addr, + time_t **csec, + int **cusec) { krb5_ap_req ap_req; krb5_error_code ret; @@ -1332,6 +1480,9 @@ tgs_rep2(KDC_REQ_BODY *b, krb5_principal sp = NULL; AuthorizationData *auth_data = NULL; + *csec = NULL; + *cusec = NULL; + memset(&ap_req, 0, sizeof(ap_req)); ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); if(ret){ @@ -1340,7 +1491,7 @@ tgs_rep2(KDC_REQ_BODY *b, goto out2; } - if(!is_krbtgt(&ap_req.ticket.sname)){ + if(!get_krbtgt_realm(&ap_req.ticket.sname)){ /* XXX check for ticket.sname == req.sname */ kdc_log(0, "PA-DATA is not a ticket-granting ticket"); ret = KRB5KDC_ERR_POLICY; /* ? */ @@ -1356,6 +1507,7 @@ tgs_rep2(KDC_REQ_BODY *b, if(ret) { char *p; krb5_unparse_name(context, princ, &p); + krb5_free_principal(context, princ); kdc_log(0, "Ticket-granting ticket not found in database: %s: %s", p, krb5_get_err_text(context, ret)); free(p); @@ -1368,6 +1520,7 @@ tgs_rep2(KDC_REQ_BODY *b, char *p; krb5_unparse_name (context, princ, &p); + krb5_free_principal(context, princ); kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, krbtgt->kvno, @@ -1409,11 +1562,34 @@ tgs_rep2(KDC_REQ_BODY *b, goto out2; } + { + krb5_authenticator auth; + + ret = krb5_auth_con_getauthenticator(context, ac, &auth); + if (ret == 0) { + *csec = malloc(sizeof(**csec)); + if (*csec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(0, "malloc failed"); + goto out2; + } + **csec = auth->ctime; + *cusec = malloc(sizeof(**cusec)); + if (*cusec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(0, "malloc failed"); + goto out2; + } + **csec = auth->cusec; + krb5_free_authenticator(context, &auth); + } + } + cetype = ap_req.authenticator.etype; tgt = &ticket->ticket; - ret = tgs_check_authenticator(ac, b, &tgt->key); + ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key); if (b->enc_authorization_data) { krb5_keyblock *subkey; @@ -1506,7 +1682,7 @@ tgs_rep2(KDC_REQ_BODY *b, goto out; } t = &b->additional_tickets->val[0]; - if(!is_krbtgt(&t->sname)){ + if(!get_krbtgt_realm(&t->sname)){ kdc_log(0, "Additional ticket is not a ticket-granting ticket"); ret = KRB5KDC_ERR_POLICY; goto out2; @@ -1515,7 +1691,7 @@ tgs_rep2(KDC_REQ_BODY *b, ret = db_fetch(p, &uu); krb5_free_principal(context, p); if(ret){ - if (ret == ENOENT) + if (ret == HDB_ERR_NOENTRY) ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } @@ -1548,22 +1724,40 @@ tgs_rep2(KDC_REQ_BODY *b, if(ret){ Realm req_rlm, new_rlm; - if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){ - new_rlm = find_rpath(req_rlm); - if(new_rlm) { - kdc_log(5, "krbtgt for realm %s not found, trying %s", - req_rlm, new_rlm); + krb5_realm *realms; + + if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { + if(loop++ < 2) { + new_rlm = find_rpath(tgt->crealm, req_rlm); + if(new_rlm) { + kdc_log(5, "krbtgt for realm %s not found, trying %s", + req_rlm, new_rlm); + krb5_free_principal(context, sp); + free(spn); + krb5_make_principal(context, &sp, r, + KRB5_TGS_NAME, new_rlm, NULL); + krb5_unparse_name(context, sp, &spn); + goto server_lookup; + } + } + } else if(need_referral(sp, &realms)) { + if (strcmp(realms[0], sp->realm) != 0) { + kdc_log(5, "returning a referral to realm %s for " + "server %s that was not found", + realms[0], spn); krb5_free_principal(context, sp); free(spn); - krb5_make_principal(context, &sp, r, - "krbtgt", new_rlm, NULL); - krb5_unparse_name(context, sp, &spn); + krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, + realms[0], NULL); + krb5_unparse_name(context, sp, &spn); + krb5_free_host_realm(context, realms); goto server_lookup; } + krb5_free_host_realm(context, realms); } kdc_log(0, "Server not found in database: %s: %s", spn, krb5_get_err_text(context, ret)); - if (ret == ENOENT) + if (ret == HDB_ERR_NOENTRY) ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } @@ -1577,12 +1771,24 @@ tgs_rep2(KDC_REQ_BODY *b, if(ret){ kdc_log(0, "Client not found in database: %s: %s", cpn, krb5_get_err_text(context, ret)); - if (ret == ENOENT) + if (ret == HDB_ERR_NOENTRY) ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } #endif + if(strcmp(krb5_principal_get_realm(context, sp), + krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) { + char *tpn; + ret = krb5_unparse_name(context, krbtgt->principal, &tpn); + kdc_log(0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : "<unknown>"); + if(ret == 0) + free(tpn); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + + } + ret = check_flags(client, cpn, server, spn, FALSE); if(ret) goto out; @@ -1612,6 +1818,7 @@ tgs_rep2(KDC_REQ_BODY *b, cp, krbtgt, cetype, + &e_text, reply); out: @@ -1624,15 +1831,21 @@ tgs_rep2(KDC_REQ_BODY *b, free_ent(client); } out2: - if(ret) + if(ret) { krb5_mk_error(context, ret, e_text, NULL, cp, sp, - 0, + NULL, + NULL, reply); + free(*csec); + free(*cusec); + *csec = NULL; + *cusec = NULL; + } krb5_free_principal(context, cp); krb5_free_principal(context, sp); if (ticket) { @@ -1647,6 +1860,7 @@ out2: if(krbtgt) free_ent(krbtgt); + return ret; } @@ -1660,6 +1874,8 @@ tgs_rep(KDC_REQ *req, krb5_error_code ret; int i = 0; PA_DATA *tgs_req = NULL; + time_t *csec = NULL; + int *cusec = NULL; if(req->padata == NULL){ ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */ @@ -1675,7 +1891,8 @@ tgs_rep(KDC_REQ *req, kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from); goto out; } - ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr); + ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr, + &csec, &cusec); out: if(ret && data->data == NULL){ krb5_mk_error(context, @@ -1684,8 +1901,11 @@ out: NULL, NULL, NULL, - 0, + csec, + cusec, data); } + free(csec); + free(cusec); return 0; } diff --git a/kerberosV/src/lib/krb5/krb5-protos.h b/kerberosV/src/lib/krb5/krb5-protos.h index 628f560e983..b0ad5bb6762 100644 --- a/kerberosV/src/lib/krb5/krb5-protos.h +++ b/kerberosV/src/lib/krb5/krb5-protos.h @@ -2,2648 +2,2955 @@ #ifndef __krb5_protos_h__ #define __krb5_protos_h__ -#ifdef __STDC__ #include <stdarg.h> -#ifndef __P -#define __P(x) x -#endif -#else -#ifndef __P -#define __P(x) () -#endif -#endif #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif krb5_error_code -krb524_convert_creds_kdc __P(( - krb5_context context, - krb5_ccache ccache, - krb5_creds *in_cred, - struct credentials *v4creds)); +krb524_convert_creds_kdc ( + krb5_context /*context*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/); + +krb5_error_code +krb524_convert_creds_kdc_ccache ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/); + +krb5_error_code +krb5_425_conv_principal ( + krb5_context /*context*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + krb5_principal */*princ*/); krb5_error_code -krb5_425_conv_principal __P(( - krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_principal *princ)); +krb5_425_conv_principal_ext ( + krb5_context /*context*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + krb5_boolean (*/*func*/)(krb5_context, krb5_principal), + krb5_boolean /*resolve*/, + krb5_principal */*princ*/); krb5_error_code -krb5_425_conv_principal_ext __P(( - krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_boolean (*func)(krb5_context, krb5_principal), - krb5_boolean resolve, - krb5_principal *princ)); +krb5_524_conv_principal ( + krb5_context /*context*/, + const krb5_principal /*principal*/, + char */*name*/, + char */*instance*/, + char */*realm*/); krb5_error_code -krb5_524_conv_principal __P(( - krb5_context context, - const krb5_principal principal, - char *name, - char *instance, - char *realm)); +krb5_PKCS5_PBKDF2 ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + u_int32_t /*iter*/, + krb5_keytype /*type*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_abort __P(( - krb5_context context, - krb5_error_code code, - const char *fmt, - ...)) +krb5_abort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) __attribute__ ((noreturn, format (printf, 3, 4))); krb5_error_code -krb5_abortx __P(( - krb5_context context, - const char *fmt, - ...)) +krb5_abortx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) __attribute__ ((noreturn, format (printf, 2, 3))); krb5_error_code -krb5_acl_match_file __P(( - krb5_context context, - const char *file, - const char *format, - ...)); +krb5_acl_match_file ( + krb5_context /*context*/, + const char */*file*/, + const char */*format*/, + ...); krb5_error_code -krb5_acl_match_string __P(( - krb5_context context, - const char *acl_string, - const char *format, - ...)); +krb5_acl_match_string ( + krb5_context /*context*/, + const char */*string*/, + const char */*format*/, + ...); krb5_error_code -krb5_add_et_list __P(( - krb5_context context, - void (*func)(struct et_list **))); +krb5_add_et_list ( + krb5_context /*context*/, + void (*/*func*/)(struct et_list **)); krb5_error_code -krb5_add_extra_addresses __P(( - krb5_context context, - krb5_addresses *addresses)); +krb5_add_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); krb5_error_code -krb5_addlog_dest __P(( - krb5_context context, - krb5_log_facility *f, - const char *p)); +krb5_add_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); krb5_error_code -krb5_addlog_func __P(( - krb5_context context, - krb5_log_facility *fac, - int min, - int max, - krb5_log_log_func_t log, - krb5_log_close_func_t close, - void *data)); +krb5_addlog_dest ( + krb5_context /*context*/, + krb5_log_facility */*f*/, + const char */*orig*/); krb5_error_code -krb5_addr2sockaddr __P(( - const krb5_address *addr, - struct sockaddr *sa, - int *sa_size, - int port)); +krb5_addlog_func ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*min*/, + int /*max*/, + krb5_log_log_func_t /*log*/, + krb5_log_close_func_t /*close*/, + void */*data*/); + +krb5_error_code +krb5_addr2sockaddr ( + krb5_context /*context*/, + const krb5_address */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); krb5_boolean -krb5_address_compare __P(( - krb5_context context, - const krb5_address *addr1, - const krb5_address *addr2)); +krb5_address_compare ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); int -krb5_address_order __P(( - krb5_context context, - const krb5_address *addr1, - const krb5_address *addr2)); +krb5_address_order ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); krb5_boolean -krb5_address_search __P(( - krb5_context context, - const krb5_address *addr, - const krb5_addresses *addrlist)); +krb5_address_search ( + krb5_context /*context*/, + const krb5_address */*addr*/, + const krb5_addresses */*addrlist*/); krb5_error_code -krb5_aname_to_localname __P(( - krb5_context context, - krb5_const_principal aname, - size_t lnsize, - char *lname)); +krb5_aname_to_localname ( + krb5_context /*context*/, + krb5_const_principal /*aname*/, + size_t /*lnsize*/, + char */*lname*/); krb5_error_code -krb5_anyaddr __P(( - int af, - struct sockaddr *sa, - int *sa_size, - int port)); +krb5_anyaddr ( + krb5_context /*context*/, + int /*af*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); void -krb5_appdefault_boolean __P(( - krb5_context context, - const char *appname, - krb5_realm realm, - const char *option, - krb5_boolean def_val, - krb5_boolean *ret_val)); +krb5_appdefault_boolean ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + krb5_boolean /*def_val*/, + krb5_boolean */*ret_val*/); void -krb5_appdefault_string __P(( - krb5_context context, - const char *appname, - krb5_realm realm, - const char *option, - const char *def_val, - char **ret_val)); +krb5_appdefault_string ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + const char */*def_val*/, + char **/*ret_val*/); void -krb5_appdefault_time __P(( - krb5_context context, - const char *appname, - krb5_realm realm, - const char *option, - time_t def_val, - time_t *ret_val)); +krb5_appdefault_time ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + time_t /*def_val*/, + time_t */*ret_val*/); + +krb5_error_code +krb5_append_addresses ( + krb5_context /*context*/, + krb5_addresses */*dest*/, + const krb5_addresses */*source*/); krb5_error_code -krb5_append_addresses __P(( - krb5_context context, - krb5_addresses *dest, - const krb5_addresses *source)); +krb5_auth_con_free ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/); krb5_error_code -krb5_auth_con_free __P(( - krb5_context context, - krb5_auth_context auth_context)); +krb5_auth_con_genaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int /*fd*/, + int /*flags*/); krb5_error_code -krb5_auth_con_genaddrs __P(( - krb5_context context, - krb5_auth_context auth_context, - int fd, - int flags)); +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_auth_con_getaddrs __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_address **local_addr, - krb5_address **remote_addr)); +krb5_auth_con_getaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address **/*local_addr*/, + krb5_address **/*remote_addr*/); krb5_error_code -krb5_auth_con_getflags __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t *flags)); +krb5_auth_con_getauthenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_authenticator */*authenticator*/); krb5_error_code -krb5_auth_con_getkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock **keyblock)); +krb5_auth_con_getcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype */*cksumtype*/); krb5_error_code -krb5_auth_con_getlocalsubkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock **keyblock)); +krb5_auth_con_getflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*flags*/); krb5_error_code -krb5_auth_con_getrcache __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_rcache *rcache)); +krb5_auth_con_getkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); krb5_error_code -krb5_auth_con_getremotesubkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock **keyblock)); +krb5_auth_con_getkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype */*keytype*/); krb5_error_code -krb5_auth_con_init __P(( - krb5_context context, - krb5_auth_context *auth_context)); +krb5_auth_con_getlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); krb5_error_code -krb5_auth_con_setaddrs __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_address *local_addr, - krb5_address *remote_addr)); +krb5_auth_con_getlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); krb5_error_code -krb5_auth_con_setaddrs_from_fd __P(( - krb5_context context, - krb5_auth_context auth_context, - void *p_fd)); +krb5_auth_con_getrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache */*rcache*/); krb5_error_code -krb5_auth_con_setflags __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t flags)); +krb5_auth_con_getremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); krb5_error_code -krb5_auth_con_setkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock)); +krb5_auth_con_init ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/); krb5_error_code -krb5_auth_con_setlocalsubkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock)); +krb5_auth_con_setaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address */*local_addr*/, + krb5_address */*remote_addr*/); krb5_error_code -krb5_auth_con_setrcache __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_rcache rcache)); +krb5_auth_con_setaddrs_from_fd ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + void */*p_fd*/); krb5_error_code -krb5_auth_con_setremotesubkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock)); +krb5_auth_con_setcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype /*cksumtype*/); krb5_error_code -krb5_auth_con_setuserkey __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock)); +krb5_auth_con_setflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*flags*/); krb5_error_code -krb5_auth_getauthenticator __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_authenticator *authenticator)); +krb5_auth_con_setkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); krb5_error_code -krb5_auth_getcksumtype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype *cksumtype)); +krb5_auth_con_setkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype /*keytype*/); krb5_error_code -krb5_auth_getkeytype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keytype *keytype)); +krb5_auth_con_setlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); krb5_error_code -krb5_auth_getlocalseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t *seqnumber)); +krb5_auth_con_setlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); krb5_error_code -krb5_auth_getremoteseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t *seqnumber)); +krb5_auth_con_setrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache /*rcache*/); krb5_error_code -krb5_auth_setcksumtype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype cksumtype)); +krb5_auth_con_setremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); krb5_error_code -krb5_auth_setkeytype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keytype keytype)); +krb5_auth_con_setremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); krb5_error_code -krb5_auth_setlocalseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t seqnumber)); +krb5_auth_con_setuserkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); krb5_error_code -krb5_auth_setremoteseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t seqnumber)); +krb5_auth_getremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); krb5_error_code -krb5_build_ap_req __P(( - krb5_context context, - krb5_enctype enctype, - krb5_creds *cred, - krb5_flags ap_options, - krb5_data authenticator, - krb5_data *retdata)); +krb5_build_ap_req ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + krb5_flags /*ap_options*/, + krb5_data /*authenticator*/, + krb5_data */*retdata*/); krb5_error_code -krb5_build_authenticator __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_enctype enctype, - krb5_creds *cred, - Checksum *cksum, - Authenticator **auth_result, - krb5_data *result, - krb5_key_usage usage)); +krb5_build_authenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + Checksum */*cksum*/, + Authenticator **/*auth_result*/, + krb5_data */*result*/, + krb5_key_usage /*usage*/); krb5_error_code -krb5_build_principal __P(( - krb5_context context, - krb5_principal *principal, - int rlen, - krb5_const_realm realm, - ...)); +krb5_build_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); krb5_error_code -krb5_build_principal_ext __P(( - krb5_context context, - krb5_principal *principal, - int rlen, - krb5_const_realm realm, - ...)); +krb5_build_principal_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); krb5_error_code -krb5_build_principal_va __P(( - krb5_context context, - krb5_principal *principal, - int rlen, - krb5_const_realm realm, - va_list ap)); +krb5_build_principal_va ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); krb5_error_code -krb5_build_principal_va_ext __P(( - krb5_context context, - krb5_principal *principal, - int rlen, - krb5_const_realm realm, - va_list ap)); +krb5_build_principal_va_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); krb5_error_code -krb5_cc_close __P(( - krb5_context context, - krb5_ccache id)); +krb5_cc_close ( + krb5_context /*context*/, + krb5_ccache /*id*/); krb5_error_code -krb5_cc_copy_cache __P(( - krb5_context context, - const krb5_ccache from, - krb5_ccache to)); +krb5_cc_copy_cache ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/); krb5_error_code -krb5_cc_default __P(( - krb5_context context, - krb5_ccache *id)); +krb5_cc_default ( + krb5_context /*context*/, + krb5_ccache */*id*/); const char* -krb5_cc_default_name __P((krb5_context context)); +krb5_cc_default_name (krb5_context /*context*/); krb5_error_code -krb5_cc_destroy __P(( - krb5_context context, - krb5_ccache id)); +krb5_cc_destroy ( + krb5_context /*context*/, + krb5_ccache /*id*/); krb5_error_code -krb5_cc_end_seq_get __P(( - krb5_context context, - const krb5_ccache id, - krb5_cc_cursor *cursor)); +krb5_cc_end_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); krb5_error_code -krb5_cc_gen_new __P(( - krb5_context context, - const krb5_cc_ops *ops, - krb5_ccache *id)); +krb5_cc_gen_new ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_ccache */*id*/); const char* -krb5_cc_get_name __P(( - krb5_context context, - krb5_ccache id)); +krb5_cc_get_name ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +const krb5_cc_ops * +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); krb5_error_code -krb5_cc_get_principal __P(( - krb5_context context, - krb5_ccache id, - krb5_principal *principal)); +krb5_cc_get_principal ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal */*principal*/); const char* -krb5_cc_get_type __P(( - krb5_context context, - krb5_ccache id)); +krb5_cc_get_type ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +krb5_error_code +krb5_cc_get_version ( + krb5_context /*context*/, + const krb5_ccache /*id*/); + +krb5_error_code +krb5_cc_initialize ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal /*primary_principal*/); krb5_error_code -krb5_cc_get_version __P(( - krb5_context context, - const krb5_ccache id)); +krb5_cc_next_cred ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/, + krb5_creds */*creds*/); krb5_error_code -krb5_cc_initialize __P(( - krb5_context context, - krb5_ccache id, - krb5_principal primary_principal)); +krb5_cc_register ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_boolean /*override*/); krb5_error_code -krb5_cc_next_cred __P(( - krb5_context context, - const krb5_ccache id, - krb5_creds *creds, - krb5_cc_cursor *cursor)); +krb5_cc_remove_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*which*/, + krb5_creds */*cred*/); krb5_error_code -krb5_cc_register __P(( - krb5_context context, - const krb5_cc_ops *ops, - krb5_boolean override)); +krb5_cc_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_ccache */*id*/); krb5_error_code -krb5_cc_remove_cred __P(( - krb5_context context, - krb5_ccache id, - krb5_flags which, - krb5_creds *cred)); +krb5_cc_retrieve_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + krb5_creds */*creds*/); krb5_error_code -krb5_cc_resolve __P(( - krb5_context context, - const char *name, - krb5_ccache *id)); +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); krb5_error_code -krb5_cc_retrieve_cred __P(( - krb5_context context, - krb5_ccache id, - krb5_flags whichfields, - const krb5_creds *mcreds, - krb5_creds *creds)); +krb5_cc_set_flags ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*flags*/); krb5_error_code -krb5_cc_set_flags __P(( - krb5_context context, - krb5_ccache id, - krb5_flags flags)); +krb5_cc_start_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); krb5_error_code -krb5_cc_start_seq_get __P(( - krb5_context context, - const krb5_ccache id, - krb5_cc_cursor *cursor)); +krb5_cc_store_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_creds */*creds*/); krb5_error_code -krb5_cc_store_cred __P(( - krb5_context context, - krb5_ccache id, - krb5_creds *creds)); +krb5_change_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + char */*newpw*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); krb5_error_code -krb5_change_password __P(( - krb5_context context, - krb5_creds *creds, - char *newpw, - int *result_code, - krb5_data *result_code_string, - krb5_data *result_string)); +krb5_check_transited ( + krb5_context /*context*/, + krb5_const_realm /*client_realm*/, + krb5_const_realm /*server_realm*/, + krb5_realm */*realms*/, + int /*num_realms*/, + int */*bad_realm*/); krb5_error_code -krb5_check_transited_realms __P(( - krb5_context context, - const char *const *realms, - int num_realms, - int *bad_realm)); +krb5_check_transited_realms ( + krb5_context /*context*/, + const char *const */*realms*/, + int /*num_realms*/, + int */*bad_realm*/); krb5_boolean -krb5_checksum_is_collision_proof __P(( - krb5_context context, - krb5_cksumtype type)); +krb5_checksum_is_collision_proof ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); krb5_boolean -krb5_checksum_is_keyed __P(( - krb5_context context, - krb5_cksumtype type)); +krb5_checksum_is_keyed ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); krb5_error_code -krb5_checksumsize __P(( - krb5_context context, - krb5_cksumtype type, - size_t *size)); +krb5_checksumsize ( + krb5_context /*context*/, + krb5_cksumtype /*type*/, + size_t */*size*/); + +void +krb5_clear_error_string (krb5_context /*context*/); krb5_error_code -krb5_closelog __P(( - krb5_context context, - krb5_log_facility *fac)); +krb5_closelog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); krb5_boolean -krb5_compare_creds __P(( - krb5_context context, - krb5_flags whichfields, - const krb5_creds *mcreds, - const krb5_creds *creds)); +krb5_compare_creds ( + krb5_context /*context*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + const krb5_creds */*creds*/); krb5_error_code -krb5_config_file_free __P(( - krb5_context context, - krb5_config_section *s)); +krb5_config_file_free ( + krb5_context /*context*/, + krb5_config_section */*s*/); void -krb5_config_free_strings __P((char **strings)); +krb5_config_free_strings (char **/*strings*/); const void * -krb5_config_get __P(( - krb5_context context, - krb5_config_section *c, - int type, - ...)); +krb5_config_get ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + ...); krb5_boolean -krb5_config_get_bool __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); krb5_boolean -krb5_config_get_bool_default __P(( - krb5_context context, - krb5_config_section *c, - krb5_boolean def_value, - ...)); +krb5_config_get_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + ...); int -krb5_config_get_int __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); int -krb5_config_get_int_default __P(( - krb5_context context, - krb5_config_section *c, - int def_value, - ...)); +krb5_config_get_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); const krb5_config_binding * -krb5_config_get_list __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); const void * -krb5_config_get_next __P(( - krb5_context context, - krb5_config_section *c, - krb5_config_binding **pointer, - int type, - ...)); +krb5_config_get_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + ...); const char * -krb5_config_get_string __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); const char * -krb5_config_get_string_default __P(( - krb5_context context, - krb5_config_section *c, - const char *def_value, - ...)); +krb5_config_get_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + ...); char** -krb5_config_get_strings __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); int -krb5_config_get_time __P(( - krb5_context context, - krb5_config_section *c, - ...)); +krb5_config_get_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); int -krb5_config_get_time_default __P(( - krb5_context context, - krb5_config_section *c, - int def_value, - ...)); +krb5_config_get_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); krb5_error_code -krb5_config_parse_file __P(( - const char *fname, - krb5_config_section **res)); +krb5_config_parse_file ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); krb5_error_code -krb5_config_parse_file_debug __P(( - const char *fname, - krb5_config_section **res, - unsigned *lineno, - char **error_message)); +krb5_config_parse_file_multi ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); const void * -krb5_config_vget __P(( - krb5_context context, - krb5_config_section *c, - int type, - va_list args)); +krb5_config_vget ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + va_list /*args*/); krb5_boolean -krb5_config_vget_bool __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); krb5_boolean -krb5_config_vget_bool_default __P(( - krb5_context context, - krb5_config_section *c, - krb5_boolean def_value, - va_list args)); +krb5_config_vget_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + va_list /*args*/); int -krb5_config_vget_int __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); int -krb5_config_vget_int_default __P(( - krb5_context context, - krb5_config_section *c, - int def_value, - va_list args)); +krb5_config_vget_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); const krb5_config_binding * -krb5_config_vget_list __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); const void * -krb5_config_vget_next __P(( - krb5_context context, - krb5_config_section *c, - krb5_config_binding **pointer, - int type, - va_list args)); +krb5_config_vget_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + va_list /*args*/); const char * -krb5_config_vget_string __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); const char * -krb5_config_vget_string_default __P(( - krb5_context context, - krb5_config_section *c, - const char *def_value, - va_list args)); +krb5_config_vget_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + va_list /*args*/); char ** -krb5_config_vget_strings __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); int -krb5_config_vget_time __P(( - krb5_context context, - krb5_config_section *c, - va_list args)); +krb5_config_vget_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); int -krb5_config_vget_time_default __P(( - krb5_context context, - krb5_config_section *c, - int def_value, - va_list args)); +krb5_config_vget_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); + +krb5_error_code +krb5_copy_address ( + krb5_context /*context*/, + const krb5_address */*inaddr*/, + krb5_address */*outaddr*/); krb5_error_code -krb5_copy_address __P(( - krb5_context context, - const krb5_address *inaddr, - krb5_address *outaddr)); +krb5_copy_addresses ( + krb5_context /*context*/, + const krb5_addresses */*inaddr*/, + krb5_addresses */*outaddr*/); krb5_error_code -krb5_copy_addresses __P(( - krb5_context context, - const krb5_addresses *inaddr, - krb5_addresses *outaddr)); +krb5_copy_creds ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds **/*outcred*/); krb5_error_code -krb5_copy_creds __P(( - krb5_context context, - const krb5_creds *incred, - krb5_creds **outcred)); +krb5_copy_creds_contents ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds */*c*/); krb5_error_code -krb5_copy_creds_contents __P(( - krb5_context context, - const krb5_creds *incred, - krb5_creds *c)); +krb5_copy_data ( + krb5_context /*context*/, + const krb5_data */*indata*/, + krb5_data **/*outdata*/); krb5_error_code -krb5_copy_data __P(( - krb5_context context, - const krb5_data *indata, - krb5_data **outdata)); +krb5_copy_host_realm ( + krb5_context /*context*/, + const krb5_realm */*from*/, + krb5_realm **/*to*/); krb5_error_code -krb5_copy_host_realm __P(( - krb5_context context, - const krb5_realm *from, - krb5_realm **to)); +krb5_copy_keyblock ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock **/*to*/); krb5_error_code -krb5_copy_keyblock __P(( - krb5_context context, - const krb5_keyblock *inblock, - krb5_keyblock **to)); +krb5_copy_keyblock_contents ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock */*to*/); krb5_error_code -krb5_copy_keyblock_contents __P(( - krb5_context context, - const krb5_keyblock *inblock, - krb5_keyblock *to)); +krb5_copy_principal ( + krb5_context /*context*/, + krb5_const_principal /*inprinc*/, + krb5_principal */*outprinc*/); krb5_error_code -krb5_copy_principal __P(( - krb5_context context, - krb5_const_principal inprinc, - krb5_principal *outprinc)); +krb5_copy_ticket ( + krb5_context /*context*/, + const krb5_ticket */*from*/, + krb5_ticket **/*to*/); krb5_error_code -krb5_copy_ticket __P(( - krb5_context context, - const krb5_ticket *from, - krb5_ticket **to)); +krb5_create_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + int /*type*/, + void */*data*/, + size_t /*len*/, + Checksum */*result*/); krb5_error_code -krb5_create_checksum __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage_or_type, - void *data, - size_t len, - Checksum *result)); +krb5_crypto_destroy ( + krb5_context /*context*/, + krb5_crypto /*crypto*/); krb5_error_code -krb5_crypto_destroy __P(( - krb5_context context, - krb5_crypto crypto)); +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); krb5_error_code -krb5_crypto_init __P(( - krb5_context context, - krb5_keyblock *key, - krb5_enctype etype, - krb5_crypto *crypto)); +krb5_crypto_init ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + krb5_crypto */*crypto*/); krb5_error_code -krb5_data_alloc __P(( - krb5_data *p, - int len)); +krb5_data_alloc ( + krb5_data */*p*/, + int /*len*/); krb5_error_code -krb5_data_copy __P(( - krb5_data *p, - const void *data, - size_t len)); +krb5_data_copy ( + krb5_data */*p*/, + const void */*data*/, + size_t /*len*/); void -krb5_data_free __P((krb5_data *p)); +krb5_data_free (krb5_data */*p*/); krb5_error_code -krb5_data_realloc __P(( - krb5_data *p, - int len)); +krb5_data_realloc ( + krb5_data */*p*/, + int /*len*/); void -krb5_data_zero __P((krb5_data *p)); +krb5_data_zero (krb5_data */*p*/); krb5_error_code -krb5_decode_Authenticator __P(( - krb5_context context, - const void *data, - size_t length, - Authenticator *t, - size_t *len)); +krb5_decode_Authenticator ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_ETYPE_INFO __P(( - krb5_context context, - const void *data, - size_t length, - ETYPE_INFO *t, - size_t *len)); +krb5_decode_ETYPE_INFO ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_EncAPRepPart __P(( - krb5_context context, - const void *data, - size_t length, - EncAPRepPart *t, - size_t *len)); +krb5_decode_EncAPRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_EncASRepPart __P(( - krb5_context context, - const void *data, - size_t length, - EncASRepPart *t, - size_t *len)); +krb5_decode_EncASRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_EncKrbCredPart __P(( - krb5_context context, - const void *data, - size_t length, - EncKrbCredPart *t, - size_t *len)); +krb5_decode_EncKrbCredPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_EncTGSRepPart __P(( - krb5_context context, - const void *data, - size_t length, - EncTGSRepPart *t, - size_t *len)); +krb5_decode_EncTGSRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_EncTicketPart __P(( - krb5_context context, - const void *data, - size_t length, - EncTicketPart *t, - size_t *len)); +krb5_decode_EncTicketPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_decode_ap_req __P(( - krb5_context context, - const krb5_data *inbuf, - krb5_ap_req *ap_req)); +krb5_decode_ap_req ( + krb5_context /*context*/, + const krb5_data */*inbuf*/, + krb5_ap_req */*ap_req*/); krb5_error_code -krb5_decrypt __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - krb5_data *result)); +krb5_decrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/); krb5_error_code -krb5_decrypt_EncryptedData __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - const EncryptedData *e, - krb5_data *result)); +krb5_decrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + const EncryptedData */*e*/, + krb5_data */*result*/); krb5_error_code -krb5_decrypt_ivec __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - krb5_data *result, - void *ivec)); +krb5_decrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); krb5_error_code -krb5_decrypt_ticket __P(( - krb5_context context, - Ticket *ticket, - krb5_keyblock *key, - EncTicketPart *out, - krb5_flags flags)); +krb5_decrypt_ticket ( + krb5_context /*context*/, + Ticket */*ticket*/, + krb5_keyblock */*key*/, + EncTicketPart */*out*/, + krb5_flags /*flags*/); krb5_error_code -krb5_domain_x500_decode __P(( - krb5_data tr, - char ***realms, - int *num_realms, - const char *client_realm, - const char *server_realm)); +krb5_derive_key ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + const void */*constant*/, + size_t /*constant_len*/, + krb5_keyblock **/*derived_key*/); krb5_error_code -krb5_domain_x500_encode __P(( - char **realms, - int num_realms, - krb5_data *encoding)); +krb5_domain_x500_decode ( + krb5_context /*context*/, + krb5_data /*tr*/, + char ***/*realms*/, + int */*num_realms*/, + const char */*client_realm*/, + const char */*server_realm*/); krb5_error_code -krb5_eai_to_heim_errno __P((int eai_errno)); +krb5_domain_x500_encode ( + char **/*realms*/, + int /*num_realms*/, + krb5_data */*encoding*/); krb5_error_code -krb5_encode_Authenticator __P(( - krb5_context context, - void *data, - size_t length, - Authenticator *t, - size_t *len)); +krb5_eai_to_heim_errno ( + int /*eai_errno*/, + int /*system_error*/); krb5_error_code -krb5_encode_ETYPE_INFO __P(( - krb5_context context, - void *data, - size_t length, - ETYPE_INFO *t, - size_t *len)); +krb5_encode_Authenticator ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/); krb5_error_code -krb5_encode_EncAPRepPart __P(( - krb5_context context, - void *data, - size_t length, - EncAPRepPart *t, - size_t *len)); +krb5_encode_ETYPE_INFO ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/); krb5_error_code -krb5_encode_EncASRepPart __P(( - krb5_context context, - void *data, - size_t length, - EncASRepPart *t, - size_t *len)); +krb5_encode_EncAPRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_encode_EncKrbCredPart __P(( - krb5_context context, - void *data, - size_t length, - EncKrbCredPart *t, - size_t *len)); +krb5_encode_EncASRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_encode_EncTGSRepPart __P(( - krb5_context context, - void *data, - size_t length, - EncTGSRepPart *t, - size_t *len)); +krb5_encode_EncKrbCredPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_encode_EncTicketPart __P(( - krb5_context context, - void *data, - size_t length, - EncTicketPart *t, - size_t *len)); +krb5_encode_EncTGSRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_encrypt __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - krb5_data *result)); +krb5_encode_EncTicketPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/); krb5_error_code -krb5_encrypt_EncryptedData __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - int kvno, - EncryptedData *result)); +krb5_encrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/); krb5_error_code -krb5_encrypt_ivec __P(( - krb5_context context, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - krb5_data *result, - void *ivec)); +krb5_encrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + int /*kvno*/, + EncryptedData */*result*/); krb5_error_code -krb5_enctype_to_keytype __P(( - krb5_context context, - krb5_enctype etype, - krb5_keytype *keytype)); +krb5_encrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); krb5_error_code -krb5_enctype_to_string __P(( - krb5_context context, - krb5_enctype etype, - char **string)); +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); krb5_error_code -krb5_enctype_valid __P(( - krb5_context context, - krb5_enctype etype)); +krb5_enctype_to_keytype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_keytype */*keytype*/); + +krb5_error_code +krb5_enctype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + char **/*string*/); + +krb5_error_code +krb5_enctype_valid ( + krb5_context /*context*/, + krb5_enctype /*etype*/); krb5_boolean -krb5_enctypes_compatible_keys __P(( - krb5_context context, - krb5_enctype etype1, - krb5_enctype etype2)); - -krb5_error_code -krb5_err __P(( - krb5_context context, - int eval, - krb5_error_code code, - const char *fmt, - ...)) +krb5_enctypes_compatible_keys ( + krb5_context /*context*/, + krb5_enctype /*etype1*/, + krb5_enctype /*etype2*/); + +krb5_error_code +krb5_err ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) __attribute__ ((noreturn, format (printf, 4, 5))); krb5_error_code -krb5_errx __P(( - krb5_context context, - int eval, - const char *fmt, - ...)) +krb5_error_from_rd_error ( + krb5_context /*context*/, + const krb5_error */*error*/, + const krb5_creds */*creds*/); + +krb5_error_code +krb5_errx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + ...) __attribute__ ((noreturn, format (printf, 3, 4))); krb5_error_code -krb5_expand_hostname __P(( - krb5_context context, - const char *orig_hostname, - char **new_hostname)); +krb5_expand_hostname ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/); krb5_error_code -krb5_expand_hostname_realms __P(( - krb5_context context, - const char *orig_hostname, - char **new_hostname, - char ***realms)); +krb5_expand_hostname_realms ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/, + char ***/*realms*/); PA_DATA * -krb5_find_padata __P(( - PA_DATA *val, - unsigned len, - int type, - int *index)); +krb5_find_padata ( + PA_DATA */*val*/, + unsigned /*len*/, + int /*type*/, + int */*index*/); krb5_error_code -krb5_format_time __P(( - krb5_context context, - time_t t, - char *s, - size_t len, - krb5_boolean include_time)); +krb5_format_time ( + krb5_context /*context*/, + time_t /*t*/, + char */*s*/, + size_t /*len*/, + krb5_boolean /*include_time*/); krb5_error_code -krb5_free_address __P(( - krb5_context context, - krb5_address *address)); +krb5_free_address ( + krb5_context /*context*/, + krb5_address */*address*/); krb5_error_code -krb5_free_addresses __P(( - krb5_context context, - krb5_addresses *addresses)); +krb5_free_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); void -krb5_free_ap_rep_enc_part __P(( - krb5_context context, - krb5_ap_rep_enc_part *val)); +krb5_free_ap_rep_enc_part ( + krb5_context /*context*/, + krb5_ap_rep_enc_part */*val*/); void -krb5_free_authenticator __P(( - krb5_context context, - krb5_authenticator *authenticator)); +krb5_free_authenticator ( + krb5_context /*context*/, + krb5_authenticator */*authenticator*/); void -krb5_free_context __P((krb5_context context)); +krb5_free_config_files (char **/*filenames*/); + +void +krb5_free_context (krb5_context /*context*/); krb5_error_code -krb5_free_cred_contents __P(( - krb5_context context, - krb5_creds *c)); +krb5_free_cred_contents ( + krb5_context /*context*/, + krb5_creds */*c*/); krb5_error_code -krb5_free_creds __P(( - krb5_context context, - krb5_creds *c)); +krb5_free_creds ( + krb5_context /*context*/, + krb5_creds */*c*/); krb5_error_code -krb5_free_creds_contents __P(( - krb5_context context, - krb5_creds *c)); +krb5_free_creds_contents ( + krb5_context /*context*/, + krb5_creds */*c*/); + +void +krb5_free_data ( + krb5_context /*context*/, + krb5_data */*p*/); void -krb5_free_data __P(( - krb5_context context, - krb5_data *p)); +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/); void -krb5_free_error __P(( - krb5_context context, - krb5_error *error)); +krb5_free_error ( + krb5_context /*context*/, + krb5_error */*error*/); void -krb5_free_error_contents __P(( - krb5_context context, - krb5_error *error)); +krb5_free_error_contents ( + krb5_context /*context*/, + krb5_error */*error*/); + +void +krb5_free_error_string ( + krb5_context /*context*/, + char */*str*/); krb5_error_code -krb5_free_host_realm __P(( - krb5_context context, - krb5_realm *realmlist)); +krb5_free_host_realm ( + krb5_context /*context*/, + krb5_realm */*realmlist*/); krb5_error_code -krb5_free_kdc_rep __P(( - krb5_context context, - krb5_kdc_rep *rep)); +krb5_free_kdc_rep ( + krb5_context /*context*/, + krb5_kdc_rep */*rep*/); void -krb5_free_keyblock __P(( - krb5_context context, - krb5_keyblock *keyblock)); +krb5_free_keyblock ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); void -krb5_free_keyblock_contents __P(( - krb5_context context, - krb5_keyblock *keyblock)); +krb5_free_keyblock_contents ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); krb5_error_code -krb5_free_krbhst __P(( - krb5_context context, - char **hostlist)); +krb5_free_krbhst ( + krb5_context /*context*/, + char **/*hostlist*/); void -krb5_free_principal __P(( - krb5_context context, - krb5_principal p)); +krb5_free_principal ( + krb5_context /*context*/, + krb5_principal /*p*/); krb5_error_code -krb5_free_salt __P(( - krb5_context context, - krb5_salt salt)); +krb5_free_salt ( + krb5_context /*context*/, + krb5_salt /*salt*/); krb5_error_code -krb5_free_ticket __P(( - krb5_context context, - krb5_ticket *ticket)); +krb5_free_ticket ( + krb5_context /*context*/, + krb5_ticket */*ticket*/); krb5_error_code -krb5_fwd_tgt_creds __P(( - krb5_context context, - krb5_auth_context auth_context, - const char *hostname, - krb5_principal client, - krb5_principal server, - krb5_ccache ccache, - int forwardable, - krb5_data *out_data)); +krb5_fwd_tgt_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const char */*hostname*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_ccache /*ccache*/, + int /*forwardable*/, + krb5_data */*out_data*/); void -krb5_generate_random_block __P(( - void *buf, - size_t len)); +krb5_generate_random_block ( + void */*buf*/, + size_t /*len*/); krb5_error_code -krb5_generate_random_keyblock __P(( - krb5_context context, - krb5_enctype type, - krb5_keyblock *key)); +krb5_generate_random_keyblock ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_generate_seq_number __P(( - krb5_context context, - const krb5_keyblock *key, - u_int32_t *seqno)); +krb5_generate_seq_number ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + u_int32_t */*seqno*/); krb5_error_code -krb5_generate_subkey __P(( - krb5_context context, - const krb5_keyblock *key, - krb5_keyblock **subkey)); +krb5_generate_subkey ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyblock **/*subkey*/); krb5_error_code -krb5_get_all_client_addrs __P(( - krb5_context context, - krb5_addresses *res)); +krb5_get_all_client_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); krb5_error_code -krb5_get_all_server_addrs __P(( - krb5_context context, - krb5_addresses *res)); +krb5_get_all_server_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); krb5_error_code -krb5_get_cred_from_kdc __P(( - krb5_context context, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_creds **out_creds, - krb5_creds ***ret_tgts)); +krb5_get_cred_from_kdc ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/); krb5_error_code -krb5_get_credentials __P(( - krb5_context context, - krb5_flags options, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_creds **out_creds)); +krb5_get_cred_from_kdc_opt ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/, + krb5_flags /*flags*/); krb5_error_code -krb5_get_credentials_with_flags __P(( - krb5_context context, - krb5_flags options, - krb5_kdc_flags flags, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_creds **out_creds)); +krb5_get_credentials ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); krb5_error_code -krb5_get_default_in_tkt_etypes __P(( - krb5_context context, - krb5_enctype **etypes)); +krb5_get_credentials_with_flags ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_kdc_flags /*flags*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); krb5_error_code -krb5_get_default_principal __P(( - krb5_context context, - krb5_principal *princ)); +krb5_get_default_config_files (char ***/*pfilenames*/); krb5_error_code -krb5_get_default_realm __P(( - krb5_context context, - krb5_realm *realm)); +krb5_get_default_in_tkt_etypes ( + krb5_context /*context*/, + krb5_enctype **/*etypes*/); krb5_error_code -krb5_get_default_realms __P(( - krb5_context context, - krb5_realm **realms)); +krb5_get_default_principal ( + krb5_context /*context*/, + krb5_principal */*princ*/); + +krb5_error_code +krb5_get_default_realm ( + krb5_context /*context*/, + krb5_realm */*realm*/); + +krb5_error_code +krb5_get_default_realms ( + krb5_context /*context*/, + krb5_realm **/*realms*/); const char * -krb5_get_err_text __P(( - krb5_context context, - krb5_error_code code)); - -krb5_error_code -krb5_get_extra_addresses __P(( - krb5_context context, - krb5_addresses *addresses)); - -krb5_error_code -krb5_get_fcache_version __P(( - krb5_context context, - int *version)); - -krb5_error_code -krb5_get_forwarded_creds __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_ccache ccache, - krb5_flags flags, - const char *hostname, - krb5_creds *in_creds, - krb5_data *out_data)); - -krb5_error_code -krb5_get_host_realm __P(( - krb5_context context, - const char *host, - krb5_realm **realms)); - -krb5_error_code -krb5_get_host_realm_int __P(( - krb5_context context, - const char *host, - krb5_realm **realms)); - -krb5_error_code -krb5_get_in_cred __P(( - krb5_context context, - krb5_flags options, - const krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *ptypes, - const krb5_preauthdata *preauth, - krb5_key_proc key_proc, - krb5_const_pointer keyseed, - krb5_decrypt_proc decrypt_proc, - krb5_const_pointer decryptarg, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply)); - -krb5_error_code -krb5_get_in_tkt __P(( - krb5_context context, - krb5_flags options, - const krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *ptypes, - krb5_key_proc key_proc, - krb5_const_pointer keyseed, - krb5_decrypt_proc decrypt_proc, - krb5_const_pointer decryptarg, - krb5_creds *creds, - krb5_ccache ccache, - krb5_kdc_rep *ret_as_reply)); - -krb5_error_code -krb5_get_in_tkt_with_keytab __P(( - krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - krb5_keytab keytab, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply)); - -krb5_error_code -krb5_get_in_tkt_with_password __P(( - krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - const char *password, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply)); - -krb5_error_code -krb5_get_in_tkt_with_skey __P(( - krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - const krb5_keyblock *key, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply)); - -krb5_error_code -krb5_get_init_creds_keytab __P(( - krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab keytab, - krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options)); +krb5_get_err_text ( + krb5_context /*context*/, + krb5_error_code /*code*/); + +char* +krb5_get_error_string (krb5_context /*context*/); + +krb5_error_code +krb5_get_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code +krb5_get_fcache_version ( + krb5_context /*context*/, + int */*version*/); + +krb5_error_code +krb5_get_forwarded_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_flags /*flags*/, + const char */*hostname*/, + krb5_creds */*in_creds*/, + krb5_data */*out_data*/); + +krb5_error_code +krb5_get_host_realm ( + krb5_context /*context*/, + const char */*host*/, + krb5_realm **/*realms*/); + +krb5_error_code +krb5_get_host_realm_int ( + krb5_context /*context*/, + const char */*host*/, + krb5_boolean /*use_dns*/, + krb5_realm **/*realms*/); + +krb5_error_code +krb5_get_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code +krb5_get_in_cred ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + const krb5_preauthdata */*preauth*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code +krb5_get_in_tkt ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_ccache /*ccache*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code +krb5_get_in_tkt_with_keytab ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + krb5_keytab /*keytab*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code +krb5_get_in_tkt_with_password ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const char */*password*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code +krb5_get_in_tkt_with_skey ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const krb5_keyblock */*key*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code +krb5_get_init_creds_keytab ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_keytab /*keytab*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); void -krb5_get_init_creds_opt_init __P((krb5_get_init_creds_opt *opt)); +krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); void -krb5_get_init_creds_opt_set_address_list __P(( - krb5_get_init_creds_opt *opt, - krb5_addresses *addresses)); +krb5_get_init_creds_opt_set_address_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_addresses */*addresses*/); void -krb5_get_init_creds_opt_set_anonymous __P(( - krb5_get_init_creds_opt *opt, - int anonymous)); +krb5_get_init_creds_opt_set_anonymous ( + krb5_get_init_creds_opt */*opt*/, + int /*anonymous*/); void -krb5_get_init_creds_opt_set_default_flags __P(( - krb5_context context, - const char *appname, - krb5_realm realm, - krb5_get_init_creds_opt *opt)); +krb5_get_init_creds_opt_set_default_flags ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + krb5_get_init_creds_opt */*opt*/); void -krb5_get_init_creds_opt_set_etype_list __P(( - krb5_get_init_creds_opt *opt, - krb5_enctype *etype_list, - int etype_list_length)); +krb5_get_init_creds_opt_set_etype_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_enctype */*etype_list*/, + int /*etype_list_length*/); void -krb5_get_init_creds_opt_set_forwardable __P(( - krb5_get_init_creds_opt *opt, - int forwardable)); +krb5_get_init_creds_opt_set_forwardable ( + krb5_get_init_creds_opt */*opt*/, + int /*forwardable*/); void -krb5_get_init_creds_opt_set_preauth_list __P(( - krb5_get_init_creds_opt *opt, - krb5_preauthtype *preauth_list, - int preauth_list_length)); +krb5_get_init_creds_opt_set_preauth_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_preauthtype */*preauth_list*/, + int /*preauth_list_length*/); void -krb5_get_init_creds_opt_set_proxiable __P(( - krb5_get_init_creds_opt *opt, - int proxiable)); +krb5_get_init_creds_opt_set_proxiable ( + krb5_get_init_creds_opt */*opt*/, + int /*proxiable*/); void -krb5_get_init_creds_opt_set_renew_life __P(( - krb5_get_init_creds_opt *opt, - krb5_deltat renew_life)); +krb5_get_init_creds_opt_set_renew_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*renew_life*/); void -krb5_get_init_creds_opt_set_salt __P(( - krb5_get_init_creds_opt *opt, - krb5_data *salt)); +krb5_get_init_creds_opt_set_salt ( + krb5_get_init_creds_opt */*opt*/, + krb5_data */*salt*/); void -krb5_get_init_creds_opt_set_tkt_life __P(( - krb5_get_init_creds_opt *opt, - krb5_deltat tkt_life)); +krb5_get_init_creds_opt_set_tkt_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*tkt_life*/); krb5_error_code -krb5_get_init_creds_password __P(( - krb5_context context, - krb5_creds *creds, - krb5_principal client, - const char *password, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options)); +krb5_get_init_creds_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + const char */*password*/, + krb5_prompter_fct /*prompter*/, + void */*data*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); krb5_error_code -krb5_get_kdc_cred __P(( - krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - Ticket *second_ticket, - krb5_creds *in_creds, - krb5_creds **out_creds )); +krb5_get_kdc_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_kdc_flags /*flags*/, + krb5_addresses */*addresses*/, + Ticket */*second_ticket*/, + krb5_creds */*in_creds*/, + krb5_creds **out_creds ); krb5_error_code -krb5_get_krb_admin_hst __P(( - krb5_context context, - const krb5_realm *realm, - char ***hostlist)); +krb5_get_krb524hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); krb5_error_code -krb5_get_krb_changepw_hst __P(( - krb5_context context, - const krb5_realm *realm, - char ***hostlist)); +krb5_get_krb_admin_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); krb5_error_code -krb5_get_krbhst __P(( - krb5_context context, - const krb5_realm *realm, - char ***hostlist)); +krb5_get_krb_changepw_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); krb5_error_code -krb5_get_pw_salt __P(( - krb5_context context, - krb5_const_principal principal, - krb5_salt *salt)); +krb5_get_krbhst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); krb5_error_code -krb5_get_server_rcache __P(( - krb5_context context, - const krb5_data *piece, - krb5_rcache *id)); +krb5_get_pw_salt ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + krb5_salt */*salt*/); + +krb5_error_code +krb5_get_server_rcache ( + krb5_context /*context*/, + const krb5_data */*piece*/, + krb5_rcache */*id*/); krb5_boolean -krb5_get_use_admin_kdc __P((krb5_context context)); +krb5_get_use_admin_kdc (krb5_context /*context*/); size_t -krb5_get_wrapped_length __P(( - krb5_context context, - krb5_crypto crypto, - size_t data_len)); +krb5_get_wrapped_length ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t /*data_len*/); int -krb5_getportbyname __P(( - krb5_context context, - const char *service, - const char *proto, - int default_port)); +krb5_getportbyname ( + krb5_context /*context*/, + const char */*service*/, + const char */*proto*/, + int /*default_port*/); krb5_error_code -krb5_h_addr2addr __P(( - int af, - const char *haddr, - krb5_address *addr)); +krb5_h_addr2addr ( + krb5_context /*context*/, + int /*af*/, + const char */*haddr*/, + krb5_address */*addr*/); krb5_error_code -krb5_h_addr2sockaddr __P(( - int af, - const char *addr, - struct sockaddr *sa, - int *sa_size, - int port)); +krb5_h_addr2sockaddr ( + krb5_context /*context*/, + int /*af*/, + const char */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); krb5_error_code -krb5_init_context __P((krb5_context *context)); +krb5_h_errno_to_heim_errno (int /*eai_errno*/); + +krb5_boolean +krb5_have_error_string (krb5_context /*context*/); + +krb5_error_code +krb5_init_context (krb5_context */*context*/); void -krb5_init_ets __P((krb5_context context)); +krb5_init_ets (krb5_context /*context*/); + +krb5_error_code +krb5_init_etype ( + krb5_context /*context*/, + unsigned */*len*/, + krb5_enctype **/*val*/, + const krb5_enctype */*etypes*/); + +krb5_error_code +krb5_initlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +krb5_error_code +krb5_keyblock_key_proc ( + krb5_context /*context*/, + krb5_keytype /*type*/, + krb5_data */*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); krb5_error_code -krb5_init_etype __P(( - krb5_context context, - unsigned *len, - int **val, - const krb5_enctype *etypes)); +krb5_keytab_key_proc ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); krb5_error_code -krb5_initlog __P(( - krb5_context context, - const char *program, - krb5_log_facility **fac)); +krb5_keytype_to_enctypes ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/); krb5_error_code -krb5_keyblock_key_proc __P(( - krb5_context context, - krb5_keytype type, - krb5_data *salt, - krb5_const_pointer keyseed, - krb5_keyblock **key)); +krb5_keytype_to_enctypes_default ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/); krb5_error_code -krb5_keytab_key_proc __P(( - krb5_context context, - krb5_enctype enctype, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key)); +krb5_keytype_to_string ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + char **/*string*/); krb5_error_code -krb5_keytype_to_enctypes __P(( - krb5_context context, - krb5_keytype keytype, - unsigned *len, - int **val)); +krb5_krbhst_format_string ( + krb5_context /*context*/, + const krb5_krbhst_info */*host*/, + char */*hostname*/, + size_t /*hostlen*/); + +void +krb5_krbhst_free ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); krb5_error_code -krb5_keytype_to_enctypes_default __P(( - krb5_context context, - krb5_keytype keytype, - unsigned *len, - int **val)); +krb5_krbhst_get_addrinfo ( + krb5_context /*context*/, + krb5_krbhst_info */*host*/, + struct addrinfo **/*ai*/); krb5_error_code -krb5_keytype_to_string __P(( - krb5_context context, - krb5_keytype keytype, - char **string)); +krb5_krbhst_init ( + krb5_context /*context*/, + const char */*realm*/, + unsigned int /*type*/, + krb5_krbhst_handle */*handle*/); krb5_error_code -krb5_kt_add_entry __P(( - krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry)); +krb5_krbhst_next ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + krb5_krbhst_info **/*host*/); krb5_error_code -krb5_kt_close __P(( - krb5_context context, - krb5_keytab id)); +krb5_krbhst_next_as_string ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + char */*hostname*/, + size_t /*hostlen*/); + +void +krb5_krbhst_reset ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); + +krb5_error_code +krb5_kt_add_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); + +krb5_error_code +krb5_kt_close ( + krb5_context /*context*/, + krb5_keytab /*id*/); krb5_boolean -krb5_kt_compare __P(( - krb5_context context, - krb5_keytab_entry *entry, - krb5_const_principal principal, - krb5_kvno vno, - krb5_enctype enctype)); +krb5_kt_compare ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/, + krb5_const_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/); + +krb5_error_code +krb5_kt_copy_entry_contents ( + krb5_context /*context*/, + const krb5_keytab_entry */*in*/, + krb5_keytab_entry */*out*/); krb5_error_code -krb5_kt_copy_entry_contents __P(( - krb5_context context, - const krb5_keytab_entry *in, - krb5_keytab_entry *out)); +krb5_kt_default ( + krb5_context /*context*/, + krb5_keytab */*id*/); krb5_error_code -krb5_kt_default __P(( - krb5_context context, - krb5_keytab *id)); +krb5_kt_default_modify_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); krb5_error_code -krb5_kt_default_name __P(( - krb5_context context, - char *name, - size_t namesize)); +krb5_kt_default_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); krb5_error_code -krb5_kt_end_seq_get __P(( - krb5_context context, - krb5_keytab id, - krb5_kt_cursor *cursor)); +krb5_kt_end_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); krb5_error_code -krb5_kt_free_entry __P(( - krb5_context context, - krb5_keytab_entry *entry)); +krb5_kt_free_entry ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/); krb5_error_code -krb5_kt_get_entry __P(( - krb5_context context, - krb5_keytab id, - krb5_const_principal principal, - krb5_kvno kvno, - krb5_enctype enctype, - krb5_keytab_entry *entry)); +krb5_kt_get_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_const_principal /*principal*/, + krb5_kvno /*kvno*/, + krb5_enctype /*enctype*/, + krb5_keytab_entry */*entry*/); krb5_error_code -krb5_kt_get_name __P(( - krb5_context context, - krb5_keytab keytab, - char *name, - size_t namesize)); +krb5_kt_get_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*name*/, + size_t /*namesize*/); krb5_error_code -krb5_kt_next_entry __P(( - krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, - krb5_kt_cursor *cursor)); +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); krb5_error_code -krb5_kt_read_service_key __P(( - krb5_context context, - krb5_pointer keyprocarg, - krb5_principal principal, - krb5_kvno vno, - krb5_enctype enctype, - krb5_keyblock **key)); +krb5_kt_next_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/, + krb5_kt_cursor */*cursor*/); krb5_error_code -krb5_kt_register __P(( - krb5_context context, - const krb5_kt_ops *ops)); +krb5_kt_read_service_key ( + krb5_context /*context*/, + krb5_pointer /*keyprocarg*/, + krb5_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/, + krb5_keyblock **/*key*/); krb5_error_code -krb5_kt_remove_entry __P(( - krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry)); +krb5_kt_register ( + krb5_context /*context*/, + const krb5_kt_ops */*ops*/); krb5_error_code -krb5_kt_resolve __P(( - krb5_context context, - const char *name, - krb5_keytab *id)); +krb5_kt_remove_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); krb5_error_code -krb5_kt_start_seq_get __P(( - krb5_context context, - krb5_keytab id, - krb5_kt_cursor *cursor)); +krb5_kt_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_keytab */*id*/); + +krb5_error_code +krb5_kt_start_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); krb5_boolean -krb5_kuserok __P(( - krb5_context context, - krb5_principal principal, - const char *luser)); - -krb5_error_code -krb5_log __P(( - krb5_context context, - krb5_log_facility *fac, - int level, - const char *fmt, - ...)) +krb5_kuserok ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*luser*/); + +krb5_error_code +krb5_log ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + ...) __attribute__((format (printf, 4, 5))); krb5_error_code -krb5_log_msg __P(( - krb5_context context, - krb5_log_facility *fac, - int level, - char **reply, - const char *fmt, - ...)) +krb5_log_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + char **/*reply*/, + const char */*fmt*/, + ...) __attribute__((format (printf, 5, 6))); krb5_error_code -krb5_make_addrport __P(( - krb5_address **res, - const krb5_address *addr, - int16_t port)); +krb5_make_addrport ( + krb5_context /*context*/, + krb5_address **/*res*/, + const krb5_address */*addr*/, + int16_t /*port*/); krb5_error_code -krb5_make_principal __P(( - krb5_context context, - krb5_principal *principal, - krb5_const_realm realm, - ...)); +krb5_make_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + krb5_const_realm /*realm*/, + ...); size_t -krb5_max_sockaddr_size __P((void)); - -krb5_error_code -krb5_mk_error __P(( - krb5_context context, - krb5_error_code error_code, - const char *e_text, - const krb5_data *e_data, - const krb5_principal client, - const krb5_principal server, - time_t ctime, - krb5_data *reply)); - -krb5_error_code -krb5_mk_priv __P(( - krb5_context context, - krb5_auth_context auth_context, - const krb5_data *userdata, - krb5_data *outbuf, - void *outdata)); - -krb5_error_code -krb5_mk_rep __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_data *outbuf)); - -krb5_error_code -krb5_mk_req __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_flags ap_req_options, - const char *service, - const char *hostname, - krb5_data *in_data, - krb5_ccache ccache, - krb5_data *outbuf)); - -krb5_error_code -krb5_mk_req_exact __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_flags ap_req_options, - const krb5_principal server, - krb5_data *in_data, - krb5_ccache ccache, - krb5_data *outbuf)); - -krb5_error_code -krb5_mk_req_extended __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_flags ap_req_options, - krb5_data *in_data, - krb5_creds *in_creds, - krb5_data *outbuf)); - -krb5_error_code -krb5_mk_req_internal __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_flags ap_req_options, - krb5_data *in_data, - krb5_creds *in_creds, - krb5_data *outbuf, - krb5_key_usage checksum_usage, - krb5_key_usage encrypt_usage)); - -krb5_error_code -krb5_mk_safe __P(( - krb5_context context, - krb5_auth_context auth_context, - const krb5_data *userdata, - krb5_data *outbuf, - void *outdata)); - -ssize_t -krb5_net_read __P(( - krb5_context context, - void *p_fd, - void *buf, - size_t len)); - -ssize_t -krb5_net_write __P(( - krb5_context context, - void *p_fd, - const void *buf, - size_t len)); - -krb5_error_code -krb5_openlog __P(( - krb5_context context, - const char *program, - krb5_log_facility **fac)); - -krb5_error_code -krb5_parse_address __P(( - krb5_context context, - const char *string, - krb5_addresses *addresses)); - -krb5_error_code -krb5_parse_name __P(( - krb5_context context, - const char *name, - krb5_principal *principal)); - -krb5_error_code -krb5_password_key_proc __P(( - krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key)); +krb5_max_sockaddr_size (void); + +krb5_error_code +krb5_mk_error ( + krb5_context /*context*/, + krb5_error_code /*error_code*/, + const char */*e_text*/, + const krb5_data */*e_data*/, + const krb5_principal /*client*/, + const krb5_principal /*server*/, + time_t */*client_time*/, + int */*client_usec*/, + krb5_data */*reply*/); + +krb5_error_code +krb5_mk_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + void */*outdata*/); + +krb5_error_code +krb5_mk_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*outbuf*/); + +krb5_error_code +krb5_mk_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const char */*service*/, + const char */*hostname*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +krb5_error_code +krb5_mk_req_exact ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const krb5_principal /*server*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +krb5_error_code +krb5_mk_req_extended ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/); + +krb5_error_code +krb5_mk_req_internal ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/, + krb5_key_usage /*checksum_usage*/, + krb5_key_usage /*encrypt_usage*/); + +krb5_error_code +krb5_mk_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + void */*outdata*/); + +krb5_ssize_t +krb5_net_read ( + krb5_context /*context*/, + void */*p_fd*/, + void */*buf*/, + size_t /*len*/); + +krb5_ssize_t +krb5_net_write ( + krb5_context /*context*/, + void */*p_fd*/, + const void */*buf*/, + size_t /*len*/); + +krb5_error_code +krb5_openlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +krb5_error_code +krb5_parse_address ( + krb5_context /*context*/, + const char */*string*/, + krb5_addresses */*addresses*/); + +krb5_error_code +krb5_parse_name ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + +const char * +krb5_passwd_result_to_string ( + krb5_context /*context*/, + int /*result*/); + +krb5_error_code +krb5_password_key_proc ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); krb5_realm* -krb5_princ_realm __P(( - krb5_context context, - krb5_principal principal)); +krb5_princ_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/); void -krb5_princ_set_realm __P(( - krb5_context context, - krb5_principal principal, - krb5_realm *realm)); +krb5_princ_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_realm */*realm*/); krb5_error_code -krb5_principal2principalname __P(( - PrincipalName *p, - const krb5_principal from)); +krb5_principal2principalname ( + PrincipalName */*p*/, + const krb5_principal /*from*/); krb5_boolean -krb5_principal_compare __P(( - krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2)); +krb5_principal_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); krb5_boolean -krb5_principal_compare_any_realm __P(( - krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2)); +krb5_principal_compare_any_realm ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +const char * +krb5_principal_get_comp_string ( + krb5_context /*context*/, + krb5_principal /*principal*/, + unsigned int /*component*/); + +const char * +krb5_principal_get_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/); + +int +krb5_principal_get_type ( + krb5_context /*context*/, + krb5_principal /*principal*/); krb5_boolean -krb5_principal_match __P(( - krb5_context context, - krb5_const_principal princ, - krb5_const_principal pattern)); +krb5_principal_match ( + krb5_context /*context*/, + krb5_const_principal /*princ*/, + krb5_const_principal /*pattern*/); krb5_error_code -krb5_print_address __P(( - const krb5_address *addr, - char *str, - size_t len, - size_t *ret_len)); +krb5_print_address ( + const krb5_address */*addr*/, + char */*str*/, + size_t /*len*/, + size_t */*ret_len*/); int -krb5_program_setup __P(( - krb5_context *context, - int argc, - char **argv, - struct getargs *args, - int num_args, - void (*usage)(int, struct getargs*, int))); +krb5_program_setup ( + krb5_context */*context*/, + int /*argc*/, + char **/*argv*/, + struct getargs */*args*/, + int /*num_args*/, + void (*/*usage*/)(int, struct getargs*, int)); int -krb5_prompter_posix __P(( - krb5_context context, - void *data, - const char *banner, - int num_prompts, - krb5_prompt prompts[])); +krb5_prompter_posix ( + krb5_context /*context*/, + void */*data*/, + const char */*name*/, + const char */*banner*/, + int /*num_prompts*/, + krb5_prompt prompts[]); krb5_error_code -krb5_rc_close __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_close ( + krb5_context /*context*/, + krb5_rcache /*id*/); krb5_error_code -krb5_rc_default __P(( - krb5_context context, - krb5_rcache *id)); +krb5_rc_default ( + krb5_context /*context*/, + krb5_rcache */*id*/); const char * -krb5_rc_default_name __P((krb5_context context)); +krb5_rc_default_name (krb5_context /*context*/); const char * -krb5_rc_default_type __P((krb5_context context)); +krb5_rc_default_type (krb5_context /*context*/); krb5_error_code -krb5_rc_destroy __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_destroy ( + krb5_context /*context*/, + krb5_rcache /*id*/); krb5_error_code -krb5_rc_expunge __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_expunge ( + krb5_context /*context*/, + krb5_rcache /*id*/); krb5_error_code -krb5_rc_get_lifespan __P(( - krb5_context context, - krb5_rcache id, - krb5_deltat *auth_lifespan)); +krb5_rc_get_lifespan ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat */*auth_lifespan*/); const char* -krb5_rc_get_name __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_get_name ( + krb5_context /*context*/, + krb5_rcache /*id*/); const char* -krb5_rc_get_type __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_get_type ( + krb5_context /*context*/, + krb5_rcache /*id*/); krb5_error_code -krb5_rc_initialize __P(( - krb5_context context, - krb5_rcache id, - krb5_deltat auth_lifespan)); +krb5_rc_initialize ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat /*auth_lifespan*/); krb5_error_code -krb5_rc_recover __P(( - krb5_context context, - krb5_rcache id)); +krb5_rc_recover ( + krb5_context /*context*/, + krb5_rcache /*id*/); krb5_error_code -krb5_rc_resolve __P(( - krb5_context context, - krb5_rcache id, - const char *name)); +krb5_rc_resolve ( + krb5_context /*context*/, + krb5_rcache /*id*/, + const char */*name*/); krb5_error_code -krb5_rc_resolve_full __P(( - krb5_context context, - krb5_rcache *id, - const char *string_name)); +krb5_rc_resolve_full ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*string_name*/); krb5_error_code -krb5_rc_resolve_type __P(( - krb5_context context, - krb5_rcache *id, - const char *type)); +krb5_rc_resolve_type ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*type*/); krb5_error_code -krb5_rc_store __P(( - krb5_context context, - krb5_rcache id, - krb5_donot_replay *rep)); +krb5_rc_store ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_donot_replay */*rep*/); krb5_error_code -krb5_rd_cred __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_data *in_data, - krb5_creds ***ret_creds, - krb5_replay_data *out_data)); +krb5_rd_cred ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*in_data*/, + krb5_creds ***/*ret_creds*/, + krb5_replay_data */*out_data*/); krb5_error_code -krb5_rd_cred2 __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_ccache ccache, - krb5_data *in_data)); +krb5_rd_cred2 ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_data */*in_data*/); krb5_error_code -krb5_rd_error __P(( - krb5_context context, - krb5_data *msg, - KRB_ERROR *result)); +krb5_rd_error ( + krb5_context /*context*/, + krb5_data */*msg*/, + KRB_ERROR */*result*/); krb5_error_code -krb5_rd_priv __P(( - krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_data *outbuf, - void *outdata)); +krb5_rd_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + void */*outdata*/); krb5_error_code -krb5_rd_rep __P(( - krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl)); +krb5_rd_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_ap_rep_enc_part **/*repl*/); krb5_error_code -krb5_rd_req __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keytab keytab, - krb5_flags *ap_req_options, - krb5_ticket **ticket)); +krb5_rd_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keytab /*keytab*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); krb5_error_code -krb5_rd_req_with_keyblock __P(( - krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keyblock *keyblock, - krb5_flags *ap_req_options, - krb5_ticket **ticket)); +krb5_rd_req_with_keyblock ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); krb5_error_code -krb5_rd_safe __P(( - krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_data *outbuf, - void *outdata)); +krb5_rd_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + void */*outdata*/); krb5_error_code -krb5_read_message __P(( - krb5_context context, - krb5_pointer p_fd, - krb5_data *data)); +krb5_read_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_error_code -krb5_read_priv_message __P(( - krb5_context context, - krb5_auth_context ac, - krb5_pointer p_fd, - krb5_data *data)); +krb5_read_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_error_code -krb5_read_safe_message __P(( - krb5_context context, - krb5_auth_context ac, - krb5_pointer p_fd, - krb5_data *data)); +krb5_read_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_boolean -krb5_realm_compare __P(( - krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2)); +krb5_realm_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +krb5_error_code +krb5_recvauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +krb5_error_code +krb5_recvauth_match_version ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + krb5_boolean (*/*match_appl_version*/)(const void *, const char*), + const void */*match_data*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +krb5_error_code +krb5_ret_address ( + krb5_storage */*sp*/, + krb5_address */*adr*/); krb5_error_code -krb5_recvauth __P(( - krb5_context context, - krb5_auth_context *auth_context, - krb5_pointer p_fd, - char *appl_version, - krb5_principal server, - int32_t flags, - krb5_keytab keytab, - krb5_ticket **ticket)); +krb5_ret_addrs ( + krb5_storage */*sp*/, + krb5_addresses */*adr*/); krb5_error_code -krb5_recvauth_match_version __P(( - krb5_context context, - krb5_auth_context *auth_context, - krb5_pointer p_fd, - krb5_boolean (*match_appl_version)(void *, const char*), - void *match_data, - krb5_principal server, - int32_t flags, - krb5_keytab keytab, - krb5_ticket **ticket)); +krb5_ret_authdata ( + krb5_storage */*sp*/, + krb5_authdata */*auth*/); krb5_error_code -krb5_ret_address __P(( - krb5_storage *sp, - krb5_address *adr)); +krb5_ret_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); krb5_error_code -krb5_ret_addrs __P(( - krb5_storage *sp, - krb5_addresses *adr)); +krb5_ret_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); krb5_error_code -krb5_ret_authdata __P(( - krb5_storage *sp, - krb5_authdata *auth)); +krb5_ret_int16 ( + krb5_storage */*sp*/, + int16_t */*value*/); krb5_error_code -krb5_ret_creds __P(( - krb5_storage *sp, - krb5_creds *creds)); +krb5_ret_int32 ( + krb5_storage */*sp*/, + int32_t */*value*/); krb5_error_code -krb5_ret_data __P(( - krb5_storage *sp, - krb5_data *data)); +krb5_ret_int8 ( + krb5_storage */*sp*/, + int8_t */*value*/); krb5_error_code -krb5_ret_int16 __P(( - krb5_storage *sp, - int16_t *value)); +krb5_ret_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock */*p*/); krb5_error_code -krb5_ret_int32 __P(( - krb5_storage *sp, - int32_t *value)); +krb5_ret_principal ( + krb5_storage */*sp*/, + krb5_principal */*princ*/); krb5_error_code -krb5_ret_int8 __P(( - krb5_storage *sp, - int8_t *value)); +krb5_ret_string ( + krb5_storage */*sp*/, + char **/*string*/); krb5_error_code -krb5_ret_keyblock __P(( - krb5_storage *sp, - krb5_keyblock *p)); +krb5_ret_stringz ( + krb5_storage */*sp*/, + char **/*string*/); krb5_error_code -krb5_ret_principal __P(( - krb5_storage *sp, - krb5_principal *princ)); +krb5_ret_times ( + krb5_storage */*sp*/, + krb5_times */*times*/); krb5_error_code -krb5_ret_string __P(( - krb5_storage *sp, - char **string)); +krb5_salttype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_salttype /*stype*/, + char **/*string*/); krb5_error_code -krb5_ret_stringz __P(( - krb5_storage *sp, - char **string)); +krb5_sendauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_ccache /*ccache*/, + krb5_error **/*ret_error*/, + krb5_ap_rep_enc_part **/*rep_result*/, + krb5_creds **/*out_creds*/); krb5_error_code -krb5_ret_times __P(( - krb5_storage *sp, - krb5_times *times)); +krb5_sendto ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + krb5_krbhst_handle /*handle*/, + krb5_data */*receive*/); krb5_error_code -krb5_salttype_to_string __P(( - krb5_context context, - krb5_enctype etype, - krb5_salttype stype, - char **string)); +krb5_sendto_kdc ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/); krb5_error_code -krb5_sendauth __P(( - krb5_context context, - krb5_auth_context *auth_context, - krb5_pointer p_fd, - const char *appl_version, - krb5_principal client, - krb5_principal server, - krb5_flags ap_req_options, - krb5_data *in_data, - krb5_creds *in_creds, - krb5_ccache ccache, - krb5_error **ret_error, - krb5_ap_rep_enc_part **rep_result, - krb5_creds **out_creds)); +krb5_sendto_kdc2 ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/, + krb5_boolean /*master*/); krb5_error_code -krb5_sendto __P(( - krb5_context context, - const krb5_data *send, - char **hostlist, - int port, - krb5_data *receive)); +krb5_set_config_files ( + krb5_context /*context*/, + char **/*filenames*/); krb5_error_code -krb5_sendto_kdc __P(( - krb5_context context, - const krb5_data *send, - const krb5_realm *realm, - krb5_data *receive)); +krb5_set_default_in_tkt_etypes ( + krb5_context /*context*/, + const krb5_enctype */*etypes*/); krb5_error_code -krb5_sendto_kdc2 __P(( - krb5_context context, - const krb5_data *send, - const krb5_realm *realm, - krb5_data *receive, - krb5_boolean master)); +krb5_set_default_realm ( + krb5_context /*context*/, + const char */*realm*/); krb5_error_code -krb5_set_default_in_tkt_etypes __P(( - krb5_context context, - const krb5_enctype *etypes)); +krb5_set_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__((format (printf, 2, 3))); krb5_error_code -krb5_set_default_realm __P(( - krb5_context context, - char *realm)); +krb5_set_extra_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); krb5_error_code -krb5_set_extra_addresses __P(( - krb5_context context, - const krb5_addresses *addresses)); +krb5_set_fcache_version ( + krb5_context /*context*/, + int /*version*/); krb5_error_code -krb5_set_fcache_version __P(( - krb5_context context, - int version)); +krb5_set_ignore_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); void -krb5_set_use_admin_kdc __P(( - krb5_context context, - krb5_boolean flag)); +krb5_set_use_admin_kdc ( + krb5_context /*context*/, + krb5_boolean /*flag*/); krb5_error_code -krb5_set_warn_dest __P(( - krb5_context context, - krb5_log_facility *fac)); +krb5_set_warn_dest ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); krb5_error_code -krb5_sname_to_principal __P(( - krb5_context context, - const char *hostname, - const char *sname, - int32_t type, - krb5_principal *ret_princ)); +krb5_sname_to_principal ( + krb5_context /*context*/, + const char */*hostname*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); krb5_error_code -krb5_sock_to_principal __P(( - krb5_context context, - int sock, - const char *sname, - int32_t type, - krb5_principal *ret_princ)); +krb5_sock_to_principal ( + krb5_context /*context*/, + int /*sock*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); krb5_error_code -krb5_sockaddr2address __P(( - const struct sockaddr *sa, - krb5_address *addr)); +krb5_sockaddr2address ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + krb5_address */*addr*/); krb5_error_code -krb5_sockaddr2port __P(( - const struct sockaddr *sa, - int16_t *port)); +krb5_sockaddr2port ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + int16_t */*port*/); krb5_boolean -krb5_sockaddr_uninteresting __P((const struct sockaddr *sa)); +krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); void -krb5_std_usage __P(( - int code, - struct getargs *args, - int num_args)); +krb5_std_usage ( + int /*code*/, + struct getargs */*args*/, + int /*num_args*/); void -krb5_storage_clear_flags __P(( - krb5_storage *sp, - krb5_flags flags)); +krb5_storage_clear_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); krb5_storage * -krb5_storage_emem __P((void)); +krb5_storage_emem (void); krb5_error_code -krb5_storage_free __P((krb5_storage *sp)); +krb5_storage_free (krb5_storage */*sp*/); krb5_storage * -krb5_storage_from_data __P((krb5_data *data)); +krb5_storage_from_data (krb5_data */*data*/); krb5_storage * -krb5_storage_from_fd __P((int fd)); +krb5_storage_from_fd (int /*fd*/); krb5_storage * -krb5_storage_from_mem __P(( - void *buf, - size_t len)); +krb5_storage_from_mem ( + void */*buf*/, + size_t /*len*/); + +krb5_flags +krb5_storage_get_byteorder ( + krb5_storage */*sp*/, + krb5_flags /*byteorder*/); krb5_boolean -krb5_storage_is_flags __P(( - krb5_storage *sp, - krb5_flags flags)); +krb5_storage_is_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +krb5_ssize_t +krb5_storage_read ( + krb5_storage */*sp*/, + void */*buf*/, + size_t /*len*/); + +off_t +krb5_storage_seek ( + krb5_storage */*sp*/, + off_t /*offset*/, + int /*whence*/); + +void +krb5_storage_set_byteorder ( + krb5_storage */*sp*/, + krb5_flags /*byteorder*/); void -krb5_storage_set_flags __P(( - krb5_storage *sp, - krb5_flags flags)); +krb5_storage_set_eof_code ( + krb5_storage */*sp*/, + int /*code*/); + +void +krb5_storage_set_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); krb5_error_code -krb5_storage_to_data __P(( - krb5_storage *sp, - krb5_data *data)); +krb5_storage_to_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); + +krb5_ssize_t +krb5_storage_write ( + krb5_storage */*sp*/, + const void */*buf*/, + size_t /*len*/); krb5_error_code -krb5_store_address __P(( - krb5_storage *sp, - krb5_address p)); +krb5_store_address ( + krb5_storage */*sp*/, + krb5_address /*p*/); krb5_error_code -krb5_store_addrs __P(( - krb5_storage *sp, - krb5_addresses p)); +krb5_store_addrs ( + krb5_storage */*sp*/, + krb5_addresses /*p*/); krb5_error_code -krb5_store_authdata __P(( - krb5_storage *sp, - krb5_authdata auth)); +krb5_store_authdata ( + krb5_storage */*sp*/, + krb5_authdata /*auth*/); krb5_error_code -krb5_store_creds __P(( - krb5_storage *sp, - krb5_creds *creds)); +krb5_store_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); krb5_error_code -krb5_store_data __P(( - krb5_storage *sp, - krb5_data data)); +krb5_store_data ( + krb5_storage */*sp*/, + krb5_data /*data*/); krb5_error_code -krb5_store_int16 __P(( - krb5_storage *sp, - int16_t value)); +krb5_store_int16 ( + krb5_storage */*sp*/, + int16_t /*value*/); krb5_error_code -krb5_store_int32 __P(( - krb5_storage *sp, - int32_t value)); +krb5_store_int32 ( + krb5_storage */*sp*/, + int32_t /*value*/); krb5_error_code -krb5_store_int8 __P(( - krb5_storage *sp, - int8_t value)); +krb5_store_int8 ( + krb5_storage */*sp*/, + int8_t /*value*/); krb5_error_code -krb5_store_keyblock __P(( - krb5_storage *sp, - krb5_keyblock p)); +krb5_store_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock /*p*/); krb5_error_code -krb5_store_principal __P(( - krb5_storage *sp, - krb5_principal p)); +krb5_store_principal ( + krb5_storage */*sp*/, + krb5_principal /*p*/); krb5_error_code -krb5_store_string __P(( - krb5_storage *sp, - const char *s)); +krb5_store_string ( + krb5_storage */*sp*/, + const char */*s*/); krb5_error_code -krb5_store_stringz __P(( - krb5_storage *sp, - const char *s)); +krb5_store_stringz ( + krb5_storage */*sp*/, + const char */*s*/); krb5_error_code -krb5_store_times __P(( - krb5_storage *sp, - krb5_times times)); +krb5_store_times ( + krb5_storage */*sp*/, + krb5_times /*times*/); krb5_error_code -krb5_string_to_enctype __P(( - krb5_context context, - const char *string, - krb5_enctype *etype)); +krb5_string_to_deltat ( + const char */*string*/, + krb5_deltat */*deltat*/); krb5_error_code -krb5_string_to_key __P(( - krb5_context context, - krb5_enctype enctype, - const char *password, - krb5_principal principal, - krb5_keyblock *key)); +krb5_string_to_enctype ( + krb5_context /*context*/, + const char */*string*/, + krb5_enctype */*etype*/); krb5_error_code -krb5_string_to_key_data __P(( - krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_principal principal, - krb5_keyblock *key)); +krb5_string_to_key ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_string_to_key_data_salt __P(( - krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_keyblock *key)); +krb5_string_to_key_data ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_string_to_key_derived __P(( - krb5_context context, - const void *str, - size_t len, - krb5_enctype etype, - krb5_keyblock *key)); +krb5_string_to_key_data_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_string_to_key_salt __P(( - krb5_context context, - krb5_enctype enctype, - const char *password, - krb5_salt salt, - krb5_keyblock *key)); +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_string_to_keytype __P(( - krb5_context context, - const char *string, - krb5_keytype *keytype)); +krb5_string_to_key_derived ( + krb5_context /*context*/, + const void */*str*/, + size_t /*len*/, + krb5_enctype /*etype*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_string_to_salttype __P(( - krb5_context context, - krb5_enctype etype, - const char *string, - krb5_salttype *salttype)); +krb5_string_to_key_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); krb5_error_code -krb5_timeofday __P(( - krb5_context context, - krb5_timestamp *timeret)); +krb5_string_to_keytype ( + krb5_context /*context*/, + const char */*string*/, + krb5_keytype */*keytype*/); krb5_error_code -krb5_unparse_name __P(( - krb5_context context, - krb5_const_principal principal, - char **name)); +krb5_string_to_salttype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + const char */*string*/, + krb5_salttype */*salttype*/); krb5_error_code -krb5_unparse_name_fixed __P(( - krb5_context context, - krb5_const_principal principal, - char *name, - size_t len)); +krb5_timeofday ( + krb5_context /*context*/, + krb5_timestamp */*timeret*/); krb5_error_code -krb5_unparse_name_fixed_short __P(( - krb5_context context, - krb5_const_principal principal, - char *name, - size_t len)); +krb5_unparse_name ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); krb5_error_code -krb5_unparse_name_short __P(( - krb5_context context, - krb5_const_principal principal, - char **name)); +krb5_unparse_name_fixed ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); krb5_error_code -krb5_us_timeofday __P(( - krb5_context context, - int32_t *sec, - int32_t *usec)); +krb5_unparse_name_fixed_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); krb5_error_code -krb5_vabort __P(( - krb5_context context, - krb5_error_code code, - const char *fmt, - va_list ap)) +krb5_unparse_name_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +krb5_error_code +krb5_us_timeofday ( + krb5_context /*context*/, + int32_t */*sec*/, + int32_t */*usec*/); + +krb5_error_code +krb5_vabort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((noreturn, format (printf, 3, 0))); krb5_error_code -krb5_vabortx __P(( - krb5_context context, - const char *fmt, - va_list ap)) +krb5_vabortx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((noreturn, format (printf, 2, 0))); krb5_error_code -krb5_verify_ap_req __P(( - krb5_context context, - krb5_auth_context *auth_context, - krb5_ap_req *ap_req, - krb5_const_principal server, - krb5_keyblock *keyblock, - krb5_flags flags, - krb5_flags *ap_req_options, - krb5_ticket **ticket)); - -krb5_error_code -krb5_verify_ap_req2 __P(( - krb5_context context, - krb5_auth_context *auth_context, - krb5_ap_req *ap_req, - krb5_const_principal server, - krb5_keyblock *keyblock, - krb5_flags flags, - krb5_flags *ap_req_options, - krb5_ticket **ticket, - krb5_key_usage usage)); - -krb5_error_code -krb5_verify_authenticator_checksum __P(( - krb5_context context, - krb5_auth_context ac, - void *data, - size_t len)); - -krb5_error_code -krb5_verify_checksum __P(( - krb5_context context, - krb5_crypto crypto, - krb5_key_usage usage, - void *data, - size_t len, - Checksum *cksum)); - -krb5_error_code -krb5_verify_init_creds __P(( - krb5_context context, - krb5_creds *creds, - krb5_principal ap_req_server, - krb5_keytab ap_req_keytab, - krb5_ccache *ccache, - krb5_verify_init_creds_opt *options)); +krb5_verify_ap_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +krb5_error_code +krb5_verify_ap_req2 ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/, + krb5_key_usage /*usage*/); + +krb5_error_code +krb5_verify_authenticator_checksum ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + void */*data*/, + size_t /*len*/); + +krb5_error_code +krb5_verify_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + void */*data*/, + size_t /*len*/, + Checksum */*cksum*/); + +krb5_error_code +krb5_verify_init_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*ap_req_server*/, + krb5_keytab /*ap_req_keytab*/, + krb5_ccache */*ccache*/, + krb5_verify_init_creds_opt */*options*/); void -krb5_verify_init_creds_opt_init __P((krb5_verify_init_creds_opt *options)); +krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); void -krb5_verify_init_creds_opt_set_ap_req_nofail __P(( - krb5_verify_init_creds_opt *options, - int ap_req_nofail)); - -krb5_error_code -krb5_verify_user __P(( - krb5_context context, - krb5_principal principal, - krb5_ccache ccache, - const char *password, - krb5_boolean secure, - const char *service)); - -krb5_error_code -krb5_verify_user_lrealm __P(( - krb5_context context, - krb5_principal principal, - krb5_ccache ccache, - const char *password, - krb5_boolean secure, - const char *service)); - -krb5_error_code -krb5_verr __P(( - krb5_context context, - int eval, - krb5_error_code code, - const char *fmt, - va_list ap)) +krb5_verify_init_creds_opt_set_ap_req_nofail ( + krb5_verify_init_creds_opt */*options*/, + int /*ap_req_nofail*/); + +void +krb5_verify_opt_init (krb5_verify_opt */*opt*/); + +void +krb5_verify_opt_set_ccache ( + krb5_verify_opt */*opt*/, + krb5_ccache /*ccache*/); + +void +krb5_verify_opt_set_flags ( + krb5_verify_opt */*opt*/, + unsigned int /*flags*/); + +void +krb5_verify_opt_set_keytab ( + krb5_verify_opt */*opt*/, + krb5_keytab /*keytab*/); + +void +krb5_verify_opt_set_secure ( + krb5_verify_opt */*opt*/, + krb5_boolean /*secure*/); + +void +krb5_verify_opt_set_service ( + krb5_verify_opt */*opt*/, + const char */*service*/); + +krb5_error_code +krb5_verify_user ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +krb5_error_code +krb5_verify_user_lrealm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +krb5_error_code +krb5_verify_user_opt ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + krb5_verify_opt */*opt*/); + +krb5_error_code +krb5_verr ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((noreturn, format (printf, 4, 0))); krb5_error_code -krb5_verrx __P(( - krb5_context context, - int eval, - const char *fmt, - va_list ap)) +krb5_verrx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((noreturn, format (printf, 3, 0))); krb5_error_code -krb5_vlog __P(( - krb5_context context, - krb5_log_facility *fac, - int level, - const char *fmt, - va_list ap)) +krb5_vlog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__((format (printf, 4, 0))); krb5_error_code -krb5_vlog_msg __P(( - krb5_context context, - krb5_log_facility *fac, - char **reply, - int level, - const char *fmt, - va_list ap)) +krb5_vlog_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + char **/*reply*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__((format (printf, 5, 0))); krb5_error_code -krb5_vwarn __P(( - krb5_context context, - krb5_error_code code, - const char *fmt, - va_list ap)) +krb5_vset_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((format (printf, 2, 0))); + +krb5_error_code +krb5_vwarn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((format (printf, 3, 0))); krb5_error_code -krb5_vwarnx __P(( - krb5_context context, - const char *fmt, - va_list ap)) +krb5_vwarnx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) __attribute__ ((format (printf, 2, 0))); krb5_error_code -krb5_warn __P(( - krb5_context context, - krb5_error_code code, - const char *fmt, - ...)) +krb5_warn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) __attribute__ ((format (printf, 3, 4))); krb5_error_code -krb5_warnx __P(( - krb5_context context, - const char *fmt, - ...)) +krb5_warnx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) __attribute__ ((format (printf, 2, 3))); krb5_error_code -krb5_write_message __P(( - krb5_context context, - krb5_pointer p_fd, - krb5_data *data)); +krb5_write_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_error_code -krb5_write_priv_message __P(( - krb5_context context, - krb5_auth_context ac, - krb5_pointer p_fd, - krb5_data *data)); +krb5_write_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_error_code -krb5_write_safe_message __P(( - krb5_context context, - krb5_auth_context ac, - krb5_boolean priv, - krb5_pointer p_fd, - krb5_data *data)); +krb5_write_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); krb5_error_code -krb5_xfree __P((void *ptr)); +krb5_xfree (void */*ptr*/); krb5_error_code -principalname2krb5_principal __P(( - krb5_principal *principal, - const PrincipalName from, - const Realm realm)); +principalname2krb5_principal ( + krb5_principal */*principal*/, + const PrincipalName /*from*/, + const Realm /*realm*/); #endif /* __krb5_protos_h__ */ diff --git a/kerberosV/src/lib/krb5/rd_req.c b/kerberosV/src/lib/krb5/rd_req.c index 16468ddc5ad..b258921cb2c 100644 --- a/kerberosV/src/lib/krb5/rd_req.c +++ b/kerberosV/src/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$KTH: rd_req.c,v 1.44 2000/11/15 23:16:28 assar Exp $"); +RCSID("$KTH: rd_req.c,v 1.47 2001/06/18 02:48:18 assar Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -113,19 +113,48 @@ krb5_decode_ap_req(krb5_context context, return ret; if (ap_req->pvno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } if (ap_req->msg_type != krb_ap_req){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_MSG_TYPE; } if (ap_req->ticket.tkt_vno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } return 0; } +static krb5_error_code +check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) +{ + char **realms; + int num_realms; + krb5_error_code ret; + + if(enc->transited.tr_type != DOMAIN_X500_COMPRESS) + return KRB5KDC_ERR_TRTYPE_NOSUPP; + + if(enc->transited.contents.length == 0) + return 0; + + ret = krb5_domain_x500_decode(context, enc->transited.contents, + &realms, &num_realms, + enc->crealm, + ticket->realm); + if(ret) + return ret; + ret = krb5_check_transited(context, enc->crealm, + ticket->realm, + realms, num_realms, NULL); + free(realms); + return ret; +} + krb5_error_code krb5_decrypt_ticket(krb5_context context, Ticket *ticket, @@ -150,12 +179,22 @@ krb5_decrypt_ticket(krb5_context context, || (t.flags.invalid && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_NYV; } if(now - t.endtime > context->max_skew) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } + + if(!t.flags.transited_policy_checked) { + ret = check_transited(context, ticket, &t); + if(ret) { + free_EncTicketPart(&t); + return ret; + } + } } if(out) @@ -176,7 +215,7 @@ krb5_verify_authenticator_checksum(krb5_context context, krb5_authenticator authenticator; krb5_crypto crypto; - ret = krb5_auth_getauthenticator (context, + ret = krb5_auth_con_getauthenticator (context, ac, &authenticator); if(ret) @@ -204,29 +243,6 @@ out: return ret; } -#if 0 -static krb5_error_code -check_transited(krb5_context context, - krb5_ticket *ticket) -{ - char **realms; - int num_realms; - krb5_error_code ret; - - if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS) - return KRB5KDC_ERR_TRTYPE_NOSUPP; - - ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, - &realms, &num_realms, - ticket->client->realm, - ticket->server->realm); - if(ret) - return ret; - ret = krb5_check_transited_realms(context, realms, num_realms, NULL); - free(realms); - return ret; -} -#endif krb5_error_code krb5_verify_ap_req(krb5_context context, @@ -320,6 +336,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_free_principal (context, p2); if (!res) { ret = KRB5KRB_AP_ERR_BADMATCH; + krb5_clear_error_string (context); goto out2; } } @@ -332,21 +349,21 @@ krb5_verify_ap_req2(krb5_context context, ac->remote_address, t.ticket.caddr)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto out2; } if (ac->authenticator->seq_number) - ac->remote_seqnumber = *ac->authenticator->seq_number; + krb5_auth_con_setremoteseqnumber(context, ac, + *ac->authenticator->seq_number); /* XXX - Xor sequence numbers */ - /* XXX - subkeys? */ - /* And where should it be stored? */ - if (ac->authenticator->subkey) { - krb5_copy_keyblock(context, - ac->authenticator->subkey, - &ac->remote_subkey); + ret = krb5_auth_con_setremotesubkey(context, ac, + ac->authenticator->subkey); + if (ret) + goto out2; } if (ap_req_options) { diff --git a/kerberosV/src/lib/krb5/transited.c b/kerberosV/src/lib/krb5/transited.c index 8a7873df261..824c76c2ee4 100644 --- a/kerberosV/src/lib/krb5/transited.c +++ b/kerberosV/src/lib/krb5/transited.c @@ -308,6 +308,12 @@ krb5_domain_x500_decode(krb5_context context, struct tr_realm *p, **q; int ret; + if(tr.length == 0) { + *realms = NULL; + *num_realms = 0; + return 0; + } + /* split string in components */ ret = decode_realms(context, tr.data, tr.length, &r); if(ret) @@ -362,6 +368,9 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) char *s = NULL; int len = 0; int i; + krb5_data_zero(encoding); + if (num_realms == 0) + return 0; for(i = 0; i < num_realms; i++){ len += strlen(realms[i]); if(realms[i][0] == '/') @@ -369,6 +378,8 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) } len += num_realms - 1; s = malloc(len + 1); + if (s == NULL) + return ENOMEM; *s = '\0'; for(i = 0; i < num_realms; i++){ if(i && i < num_realms - 1) @@ -383,6 +394,44 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) } krb5_error_code +krb5_check_transited(krb5_context context, + krb5_const_realm client_realm, + krb5_const_realm server_realm, + krb5_realm *realms, + int num_realms, + int *bad_realm) +{ + char **tr_realms; + char **p; + int i; + + if(num_realms == 0) + return 0; + + tr_realms = krb5_config_get_strings(context, NULL, + "capaths", + client_realm, + server_realm, + NULL); + for(i = 0; i < num_realms; i++) { + for(p = tr_realms; p && *p; p++) { + if(strcmp(*p, realms[i]) == 0) + break; + } + if(p == NULL || *p == NULL) { + krb5_config_free_strings(tr_realms); + krb5_set_error_string (context, "no transit through realm %s", + realms[i]); + if(bad_realm) + *bad_realm = i; + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + } + krb5_config_free_strings(tr_realms); + return 0; +} + +krb5_error_code krb5_check_transited_realms(krb5_context context, const char *const *realms, int num_realms, |