1 .TH "Heimdal Kerberos 5 support functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
5 Heimdal Kerberos 5 support functions \-
10 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_string\fP (krb5_context context, const char *string, const char *format,...)"
13 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_file\fP (krb5_context context, const char *file, const char *format,...)"
16 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_file_multi\fP (krb5_context context, const char *fname, krb5_config_section **res)"
19 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_file_free\fP (krb5_context context, krb5_config_section *s)"
22 .RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_get_list\fP (krb5_context context, const krb5_config_section *c,...)"
25 .RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_vget_list\fP (krb5_context context, const krb5_config_section *c, va_list args)"
28 .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string\fP (krb5_context context, const krb5_config_section *c,...)"
31 .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string\fP (krb5_context context, const krb5_config_section *c, va_list args)"
34 .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value, va_list args)"
37 .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value,...)"
40 .RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_vget_strings\fP (krb5_context context, const krb5_config_section *c, va_list args)"
43 .RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_get_strings\fP (krb5_context context, const krb5_config_section *c,...)"
46 .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_config_free_strings\fP (char **strings)"
49 .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, va_list args)"
52 .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool\fP (krb5_context context, const krb5_config_section *c, va_list args)"
55 .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,...)"
58 .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool\fP (krb5_context context, const krb5_config_section *c,...)"
61 .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value, va_list args)"
64 .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time\fP (krb5_context context, const krb5_config_section *c, va_list args)"
67 .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value,...)"
70 .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time\fP (krb5_context context, const krb5_config_section *c,...)"
73 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname\fP (krb5_context context, const char *orig_hostname, char **new_hostname)"
76 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname_realms\fP (krb5_context context, const char *orig_hostname, char **new_hostname, char ***realms)"
79 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_host_realm\fP (krb5_context context, krb5_realm *realmlist)"
82 .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kuserok\fP (krb5_context context, krb5_principal principal, const char *luser)"
85 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_plugin_register\fP (krb5_context context, enum krb5_plugin_type type, const char *name, void *symbol)"
88 .SH "Detailed Description"
91 .SH "Function Documentation"
93 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context context, const char * file, const char * format, ...)"
95 krb5_acl_match_file matches ACL format against each line in a file using \fBkrb5_acl_match_string()\fP. Lines starting with # are treated like comments and ignored.
99 \fIcontext\fP Kerberos 5 context.
101 \fIfile\fP file with acl listed in the file.
103 \fIformat\fP format to match.
105 \fI...\fP parameter to format string.
110 Return an error code or 0.
115 \fBkrb5_acl_match_string\fP
119 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context context, const char * string, const char * format, ...)"
121 krb5_acl_match_string matches ACL format against a string.
123 The ACL format has three format specifiers: s, f, and r. Each specifier will retrieve one argument from the variable arguments for either matching or storing data. The input string is split up using ' ' (space) and '\\t' (tab) as a delimiter; multiple and '\\t' in a row are considered to be the same.
125 List of format specifiers:
127 s Matches a string using strcmp(3) (case sensitive).
129 f Matches the string with fnmatch(3). Theflags argument (the last argument) passed to the fnmatch function is 0.
131 r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3). There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL.
136 \fIcontext\fP Kerberos 5 context
138 \fIstring\fP string to match with
140 \fIformat\fP format to match
142 \fI...\fP parameter to format string
147 Return an error code or 0.
154 ret = krb5_acl_match_string(context, 'foo', 's', 'foo');
156 krb5_errx(context, 1, 'acl didn't match');
157 ret = krb5_acl_match_string(context, 'foo foo baz/kaka',
158 'ss', 'foo', &s, 'foo/\\*');
160 // no need to free(s) on error
162 krb5_errx(context, 1, 'acl didn't match');
170 \fBkrb5_acl_match_file\fP
174 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section * s)"
176 Free configuration file section, the result of krb5_config_parse_file() and \fBkrb5_config_parse_file_multi()\fP.
180 \fIcontext\fP A Kerberos 5 context
182 \fIs\fP the configuration section to free
187 returns 0 on successes, otherwise an error code, see krb5_get_error_message()
191 .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char ** strings)"
193 Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vget_strings()\fP.
197 \fIstrings\fP strings to free
201 .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section * c, ...)"
203 Like \fBkrb5_config_get_bool()\fP but with a va_list list of configuration selection.
205 Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
209 \fIcontext\fP A Kerberos 5 context.
211 \fIc\fP a configuration section, or NULL to use the section from context
213 \fI...\fP a list of names, terminated with NULL.
222 .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, ...)"
224 \fBkrb5_config_get_bool_default()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
228 \fIcontext\fP A Kerberos 5 context.
230 \fIc\fP a configuration section, or NULL to use the section from context
232 \fIdef_value\fP the default value to return if no configuration found in the database.
234 \fI...\fP a list of names, terminated with NULL.
243 .SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section * c, ...)"
245 Get a list of configuration binding list for more processing
249 \fIcontext\fP A Kerberos 5 context.
251 \fIc\fP a configuration section, or NULL to use the section from context
253 \fI...\fP a list of names, terminated with NULL.
258 NULL if configuration list is not found, a list otherwise
262 .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section * c, ...)"
264 Returns a 'const char *' to a string in the configuration database. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string.
268 \fIcontext\fP A Kerberos 5 context.
270 \fIc\fP a configuration section, or NULL to use the section from context
272 \fI...\fP a list of names, terminated with NULL.
277 NULL if configuration string not found, a string otherwise
281 .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, ...)"
283 Like \fBkrb5_config_get_string()\fP, but instead of returning NULL, instead return a default value.
287 \fIcontext\fP A Kerberos 5 context.
289 \fIc\fP a configuration section, or NULL to use the section from context
291 \fIdef_value\fP the default value to return if no configuration found in the database.
293 \fI...\fP a list of names, terminated with NULL.
298 a configuration string
302 .SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context context, const krb5_config_section * c, ...)"
304 Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP.
308 \fIcontext\fP A Kerberos 5 context.
310 \fIc\fP a configuration section, or NULL to use the section from context
312 \fI...\fP a list of names, terminated with NULL.
321 .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section * c, ...)"
323 Get the time from the configuration file using a relative time, for example: 1h30s
327 \fIcontext\fP A Kerberos 5 context.
329 \fIc\fP a configuration section, or NULL to use the section from context
331 \fI...\fP a list of names, terminated with NULL.
336 parsed the time or -1 on error
340 .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section * c, int def_value, ...)"
342 Get the time from the configuration file using a relative time, for example: 1h30s
346 \fIcontext\fP A Kerberos 5 context.
348 \fIc\fP a configuration section, or NULL to use the section from context
350 \fIdef_value\fP the default value to return if no configuration found in the database.
352 \fI...\fP a list of names, terminated with NULL.
357 parsed the time (or def_value on parse error)
361 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char * fname, krb5_config_section ** res)"
363 Parse a configuration file and add the result into res. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably.
367 \fIcontext\fP a Kerberos 5 context.
369 \fIfname\fP a file name to a Kerberos configuration file
371 \fIres\fP the returned result, must be free with \fBkrb5_free_config_files()\fP.
376 Return an error code or 0, see krb5_get_error_message().
381 If the fname starts with '~/' parse configuration file in the current users home directory. The behavior can be disabled and enabled by calling \fBkrb5_set_home_dir_access()\fP.
382 .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section * c, va_list args)"
384 \fBkrb5_config_get_bool()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
388 \fIcontext\fP A Kerberos 5 context.
390 \fIc\fP a configuration section, or NULL to use the section from context
392 \fIargs\fP a va_list of arguments
401 .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, va_list args)"
403 Like \fBkrb5_config_get_bool_default()\fP but with a va_list list of configuration selection.
405 Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
409 \fIcontext\fP A Kerberos 5 context.
411 \fIc\fP a configuration section, or NULL to use the section from context
413 \fIdef_value\fP the default value to return if no configuration found in the database.
415 \fIargs\fP a va_list of arguments
424 .SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section * c, va_list args)"
426 Get a list of configuration binding list for more processing
430 \fIcontext\fP A Kerberos 5 context.
432 \fIc\fP a configuration section, or NULL to use the section from context
434 \fIargs\fP a va_list of arguments
439 NULL if configuration list is not found, a list otherwise
443 .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section * c, va_list args)"
445 Like \fBkrb5_config_get_string()\fP, but uses a va_list instead of ...
449 \fIcontext\fP A Kerberos 5 context.
451 \fIc\fP a configuration section, or NULL to use the section from context
453 \fIargs\fP a va_list of arguments
458 NULL if configuration string not found, a string otherwise
462 .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, va_list args)"
464 Like \fBkrb5_config_vget_string()\fP, but instead of returning NULL, instead return a default value.
468 \fIcontext\fP A Kerberos 5 context.
470 \fIc\fP a configuration section, or NULL to use the section from context
472 \fIdef_value\fP the default value to return if no configuration found in the database.
474 \fIargs\fP a va_list of arguments
479 a configuration string
483 .SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_vget_strings (krb5_context context, const krb5_config_section * c, va_list args)"
485 Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP.
489 \fIcontext\fP A Kerberos 5 context.
491 \fIc\fP a configuration section, or NULL to use the section from context
493 \fIargs\fP a va_list of arguments
502 .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section * c, va_list args)"
504 Get the time from the configuration file using a relative time, for example: 1h30s
508 \fIcontext\fP A Kerberos 5 context.
510 \fIc\fP a configuration section, or NULL to use the section from context
512 \fIargs\fP a va_list of arguments
517 parsed the time or -1 on error
521 .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section * c, int def_value, va_list args)"
523 Get the time from the configuration file using a relative time.
525 Like \fBkrb5_config_get_time_default()\fP but with a va_list list of configuration selection.
529 \fIcontext\fP A Kerberos 5 context.
531 \fIc\fP a configuration section, or NULL to use the section from context
533 \fIdef_value\fP the default value to return if no configuration found in the database.
535 \fIargs\fP a va_list of arguments
540 parsed the time (or def_value on parse error)
544 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char * orig_hostname, char ** new_hostname)"
546 \fBkrb5_expand_hostname()\fP tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname.
550 \fIcontext\fP a Keberos context
552 \fIorig_hostname\fP hostname to canonicalise.
554 \fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree().
559 Return an error code or 0, see krb5_get_error_message().
563 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char * orig_hostname, char ** new_hostname, char *** realms)"
565 \fBkrb5_expand_hostname_realms()\fP expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms.
569 \fIcontext\fP a Keberos context
571 \fIorig_hostname\fP hostname to canonicalise.
573 \fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree().
575 \fIrealms\fP output possible realms, is an array that is terminated with NULL. Caller must free with \fBkrb5_free_host_realm()\fP.
580 Return an error code or 0, see krb5_get_error_message().
584 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm (krb5_context context, krb5_realm * realmlist)"
586 Free all memory allocated by `realmlist'
590 \fIcontext\fP A Kerberos 5 context.
592 \fIrealmlist\fP realmlist to free, NULL is ok
597 a Kerberos error code, always 0.
601 .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char * luser)"
603 This function takes the name of a local user and checks if principal is allowed to log in as that user.
605 The user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access.
607 The .k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone).
609 Note that if the file exists, no implicit access rights are given to user@LOCALREALM.
611 Optionally, a set of files may be put in ~/.k5login.d (a directory), in which case they will all be checked in the same manner as .k5login. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other Kerberos implementations.
613 If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES.
617 \fIcontext\fP Kerberos 5 context.
619 \fIprincipal\fP principal to check if allowed to login
621 \fIluser\fP local user id
626 returns TRUE if access should be granted, FALSE otherwise.
630 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register (krb5_context context, enum krb5_plugin_type type, const char * name, void * symbol)"
632 Register a plugin symbol name of specific type.
636 \fIcontext\fP a Keberos context
638 \fItype\fP type of plugin symbol
640 \fIname\fP name of plugin symbol
642 \fIsymbol\fP a pointer to the named symbol
647 In case of error a non zero error com_err error is returned and the Kerberos error string is set.