diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/include | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.xz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
61 files changed, 1732 insertions, 1733 deletions
diff --git a/src/include/CredentialsCache.h b/src/include/CredentialsCache.h index cd573e7106..656b436255 100644 --- a/src/include/CredentialsCache.h +++ b/src/include/CredentialsCache.h @@ -23,7 +23,7 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. */ - + #ifndef __CREDENTIALSCACHE__ #define __CREDENTIALSCACHE__ @@ -35,7 +35,7 @@ * The object for kCCAPICacheCollectionChangedNotification is NULL. * The object for kCCAPICCacheChangedNotification is a CFString containing the * name of the ccache. - * + * * Note: Notifications are not sent if the CCacheServer crashes. */ #define kCCAPICacheCollectionChangedNotification CFSTR ("CCAPICacheCollectionChangedNotification") #define kCCAPICCacheChangedNotification CFSTR ("CCAPICCacheChangedNotification") @@ -54,7 +54,7 @@ extern "C" { #if TARGET_OS_MAC #pragma pack(push,2) -#endif +#endif #if defined(_WIN32) #define CCACHE_API __declspec(dllexport) @@ -64,7 +64,7 @@ extern "C" { #error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform. #endif /* _TIME_T_DEFINED */ #define _USE_32BIT_TIME_T -#endif +#endif #else #define CCACHE_API #endif @@ -100,89 +100,89 @@ extern "C" { * * \li \ref cc_string_reference * \li \ref cc_string_f "cc_string_t Functions" - * + * * \section introduction Introduction * - * This is the specification for an API which provides Credentials Cache - * services for both Kerberos v5 and v4. The idea behind this API is that - * multiple Kerberos implementations can share a single collection of - * credentials caches, mediated by this API specification. On the Mac OS - * and Microsoft Windows platforms this will allow single-login, even when + * This is the specification for an API which provides Credentials Cache + * services for both Kerberos v5 and v4. The idea behind this API is that + * multiple Kerberos implementations can share a single collection of + * credentials caches, mediated by this API specification. On the Mac OS + * and Microsoft Windows platforms this will allow single-login, even when * more than one Kerberos shared library is in use on a particular system. * - * Abstractly, a credentials cache collection contains one or more credentials - * caches, or ccaches. A ccache is uniquely identified by its name, which is - * a string internal to the API and not intended to be presented to users. + * Abstractly, a credentials cache collection contains one or more credentials + * caches, or ccaches. A ccache is uniquely identified by its name, which is + * a string internal to the API and not intended to be presented to users. * The user presentable identifier of a ccache is its principal. * - * Unlike the previous versions of the API, version 3 of the API stores both + * Unlike the previous versions of the API, version 3 of the API stores both * Kerberos v4 and v5 credentials in the same ccache. * - * At any given time, one ccache is the "default" ccache. The exact meaning - * of a default ccache is OS-specific; refer to implementation requirements + * At any given time, one ccache is the "default" ccache. The exact meaning + * of a default ccache is OS-specific; refer to implementation requirements * for details. * * \section error_handling Error Handling * - * All functions of the API return some of the error constants listed FIXME; - * the exact list of error constants returned by any API function is provided + * All functions of the API return some of the error constants listed FIXME; + * the exact list of error constants returned by any API function is provided * in the function descriptions below. - * - * When returning an error constant other than ccNoError or ccIteratorEnd, API + * + * When returning an error constant other than ccNoError or ccIteratorEnd, API * functions never modify any of the values passed in by reference. * * \section synchronization_atomicity Synchronization and Atomicity - * + * * Every function in the API is atomic. In order to make a series of calls * atomic, callers should lock the ccache or cache collection they are working - * with to advise other callers not to modify that container. Note that - * advisory locks are per container so even if you have a read lock on the cache - * collection other callers can obtain write locks on ccaches in that cache + * with to advise other callers not to modify that container. Note that + * advisory locks are per container so even if you have a read lock on the cache + * collection other callers can obtain write locks on ccaches in that cache * collection. - * - * Note that iterators do not iterate over ccaches and credentials atomically - * because locking ccaches and the cache collection over every iteration would - * degrade performance considerably under high load. However, iterators do - * guarantee a consistent view of items they are iterating over. Iterators - * will never return duplicate entries or skip entries when items are removed - * or added to the container they are iterating over. - * + * + * Note that iterators do not iterate over ccaches and credentials atomically + * because locking ccaches and the cache collection over every iteration would + * degrade performance considerably under high load. However, iterators do + * guarantee a consistent view of items they are iterating over. Iterators + * will never return duplicate entries or skip entries when items are removed + * or added to the container they are iterating over. + * * An application can always lock a ccache or the cache collection to guarantee - * that other callers participating in the advisory locking system do not + * that other callers participating in the advisory locking system do not * modify the ccache or cache collection. - * + * * Implementations should not use copy-on-write techniques to implement locks - * because those techniques imply that same parts of the ccache collection - * remain visible to some callers even though they are not present in the - * collection, which is a potential security risk. For example, a copy-on-write - * technique might make a copy of the entire collection when a read lock is - * acquired, so as to allow the owner of the lock to access the collection in - * an apparently unmodified state, while also allowing others to make - * modifications to the collection. However, this would also enable the owner - * of the lock to indefinitely (until the expiration time) use credentials that + * because those techniques imply that same parts of the ccache collection + * remain visible to some callers even though they are not present in the + * collection, which is a potential security risk. For example, a copy-on-write + * technique might make a copy of the entire collection when a read lock is + * acquired, so as to allow the owner of the lock to access the collection in + * an apparently unmodified state, while also allowing others to make + * modifications to the collection. However, this would also enable the owner + * of the lock to indefinitely (until the expiration time) use credentials that * have actually been deleted from the collection. - * + * * \section memory_management Object Memory Management - * - * The lifetime of an object returned by the API is until release() is called - * for it. Releasing one object has no effect on existence of any other object. - * For example, a ccache obtained within a context continue to exist when the + * + * The lifetime of an object returned by the API is until release() is called + * for it. Releasing one object has no effect on existence of any other object. + * For example, a ccache obtained within a context continue to exist when the * context is released. - * - * Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t, - * cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the - * caller of the API, and it is the responsibility of the caller to call release() + * + * Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t, + * cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the + * caller of the API, and it is the responsibility of the caller to call release() * for every object to prevent memory leaks. - * + * * \section opaque_types Opaque Types - * - * All of the opaque high-level types in CCache API are implemented as structures - * of function pointers and private data. To perform some operation on a type, the - * caller of the API has to first obtain an instance of that type, and then call the - * appropriate function pointer from that instance. For example, to call - * get_change_time() on a cc_context_t, one would call cc_initialize() which creates + * + * All of the opaque high-level types in CCache API are implemented as structures + * of function pointers and private data. To perform some operation on a type, the + * caller of the API has to first obtain an instance of that type, and then call the + * appropriate function pointer from that instance. For example, to call + * get_change_time() on a cc_context_t, one would call cc_initialize() which creates * a new cc_context_t and then call its get_change_time(), like this: - * + * * \code * cc_context_t context; * cc_int32 err = cc_initialize (&context, ccapi_version_3, nil, nil); @@ -190,10 +190,10 @@ extern "C" { * time = context->functions->get_change_time (context) * \endcode * - * All API functions also have convenience preprocessor macros, which make the API - * seem completely function-based. For example, cc_context_get_change_time - * (context, time) is equivalent to context->functions->get_change_time - * (context, time). The convenience macros follow the following naming convention: + * All API functions also have convenience preprocessor macros, which make the API + * seem completely function-based. For example, cc_context_get_change_time + * (context, time) is equivalent to context->functions->get_change_time + * (context, time). The convenience macros follow the following naming convention: * * The API function some_function() * \code @@ -207,39 +207,39 @@ extern "C" { * result = cc_type_some_function (an_object, args) * \endcode * - * The specifications below include the names for both the functions and the - * convenience macros, in that order. For clarity, it is recommended that clients + * The specifications below include the names for both the functions and the + * convenience macros, in that order. For clarity, it is recommended that clients * using the API use the convenience macros, but that is merely a stylistic choice. * - * Implementing the API in this manner allows us to extend and change the interface + * Implementing the API in this manner allows us to extend and change the interface * in the future, while preserving compatibility with older clients. * - * For example, consider the case when the signature or the semantics of a cc_ccache_t - * function is changed. The API version number is incremented. The library - * implementation contains both a function with the old signature and semantics and - * a function with the new signature and semantics. When a context is created, the API - * version number used in that context is stored in the context, and therefore it can - * be used whenever a ccache is created in that context. When a ccache is created in a - * context with the old API version number, the function pointer structure for the - * ccache is filled with pointers to functions implementing the old semantics; when a - * ccache is created in a context with the new API version number, the function pointer - * structure for the ccache is filled with poitners to functions implementing the new + * For example, consider the case when the signature or the semantics of a cc_ccache_t + * function is changed. The API version number is incremented. The library + * implementation contains both a function with the old signature and semantics and + * a function with the new signature and semantics. When a context is created, the API + * version number used in that context is stored in the context, and therefore it can + * be used whenever a ccache is created in that context. When a ccache is created in a + * context with the old API version number, the function pointer structure for the + * ccache is filled with pointers to functions implementing the old semantics; when a + * ccache is created in a context with the new API version number, the function pointer + * structure for the ccache is filled with poitners to functions implementing the new * semantics. * - * Similarly, if a function is added to the API, the version number in the context can - * be used to decide whether to include the implementation of the new function in the + * Similarly, if a function is added to the API, the version number in the context can + * be used to decide whether to include the implementation of the new function in the * appropriate function pointer structure or not. */ - + /*! * \defgroup ccapi_constants_reference Constants * @{ */ - + /*! - * API version numbers + * API version numbers * - * These constants are passed into cc_initialize() to indicate the version + * These constants are passed into cc_initialize() to indicate the version * of the API the caller wants to use. * * CCAPI v1 and v2 are deprecated and should not be used. @@ -253,67 +253,67 @@ enum { ccapi_version_7 = 7, ccapi_version_max = ccapi_version_7 }; - -/*! - * Error codes + +/*! + * Error codes */ enum { - - ccNoError = 0, /*!< Success. */ - ccIteratorEnd = 201, /*!< Iterator is done iterating. */ + ccNoError = 0, /*!< Success. */ + + ccIteratorEnd = 201, /*!< Iterator is done iterating. */ ccErrBadParam, /*!< Bad parameter (NULL or invalid pointer where valid pointer expected). */ ccErrNoMem, /*!< Not enough memory to complete the operation. */ ccErrInvalidContext, /*!< Context is invalid (e.g., it was released). */ ccErrInvalidCCache, /*!< CCache is invalid (e.g., it was released or destroyed). */ /* 206 */ - ccErrInvalidString, /*!< String is invalid (e.g., it was released). */ + ccErrInvalidString, /*!< String is invalid (e.g., it was released). */ ccErrInvalidCredentials, /*!< Credentials are invalid (e.g., they were released), or they have a bad version. */ ccErrInvalidCCacheIterator, /*!< CCache iterator is invalid (e.g., it was released). */ ccErrInvalidCredentialsIterator, /*!< Credentials iterator is invalid (e.g., it was released). */ ccErrInvalidLock, /*!< Lock is invalid (e.g., it was released). */ /* 211 */ - ccErrBadName, /*!< Bad credential cache name format. */ + ccErrBadName, /*!< Bad credential cache name format. */ ccErrBadCredentialsVersion, /*!< Credentials version is invalid. */ ccErrBadAPIVersion, /*!< Unsupported API version. */ ccErrContextLocked, /*!< Context is already locked. */ ccErrContextUnlocked, /*!< Context is not locked by the caller. */ /* 216 */ - ccErrCCacheLocked, /*!< CCache is already locked. */ + ccErrCCacheLocked, /*!< CCache is already locked. */ ccErrCCacheUnlocked, /*!< CCache is not locked by the caller. */ ccErrBadLockType, /*!< Bad lock type. */ ccErrNeverDefault, /*!< CCache was never default. */ ccErrCredentialsNotFound, /*!< Matching credentials not found in the ccache. */ /* 221 */ - ccErrCCacheNotFound, /*!< Matching ccache not found in the collection. */ + ccErrCCacheNotFound, /*!< Matching ccache not found in the collection. */ ccErrContextNotFound, /*!< Matching cache collection not found. */ ccErrServerUnavailable, /*!< CCacheServer is unavailable. */ ccErrServerInsecure, /*!< CCacheServer has detected that it is running as the wrong user. */ ccErrServerCantBecomeUID, /*!< CCacheServer failed to start running as the user. */ - + /* 226 */ - ccErrTimeOffsetNotSet, /*!< KDC time offset not set for this ccache. */ + ccErrTimeOffsetNotSet, /*!< KDC time offset not set for this ccache. */ ccErrBadInternalMessage, /*!< The client and CCacheServer can't communicate (e.g., a version mismatch). */ ccErrNotImplemented, /*!< API function not supported by this implementation. */ ccErrClientNotFound /*!< CCacheServer has no record of the caller's process (e.g., the server crashed). */ }; -/*! - * Credentials versions +/*! + * Credentials versions * - * These constants are used in several places in the API to discern - * between Kerberos v4 and Kerberos v5. Not all values are valid - * inputs and outputs for all functions; function specifications + * These constants are used in several places in the API to discern + * between Kerberos v4 and Kerberos v5. Not all values are valid + * inputs and outputs for all functions; function specifications * below detail the allowed values. * - * Kerberos version constants will always be a bit-field, and can be + * Kerberos version constants will always be a bit-field, and can be * tested as such; for example the following test will tell you if * a ccacheVersion includes v5 credentials: - * + * * if ((ccacheVersion & cc_credentials_v5) != 0) */ enum cc_credential_versions { @@ -322,9 +322,9 @@ enum cc_credential_versions { cc_credentials_v4_v5 = 3 }; -/*! - * Lock types - * +/*! + * Lock types + * * These constants are used in the locking functions to describe the * type of lock requested. Note that all CCAPI locks are advisory * so only callers using the lock calls will be blocked by each other. @@ -338,14 +338,14 @@ enum cc_lock_types { cc_lock_downgrade = 3 }; -/*! - * Locking Modes +/*! + * Locking Modes * - * These constants are used in the advisory locking functions to - * describe whether or not the lock function should block waiting for - * a lock or return an error immediately. For example, attempting to - * acquire a lock with a non-blocking call will result in an error if the - * lock cannot be acquired; otherwise, the call will block until the lock + * These constants are used in the advisory locking functions to + * describe whether or not the lock function should block waiting for + * a lock or return an error immediately. For example, attempting to + * acquire a lock with a non-blocking call will result in an error if the + * lock cannot be acquired; otherwise, the call will block until the lock * can be acquired. */ enum cc_lock_modes { @@ -353,10 +353,10 @@ enum cc_lock_modes { cc_lock_block = 1 }; -/*! +/*! * Sizes of fields in cc_credentials_v4_t. */ -enum { +enum { /* Make sure all of these are multiples of four (for alignment sanity) */ cc_v4_name_size = 40, cc_v4_instance_size = 40, @@ -396,8 +396,8 @@ typedef int64_t cc_int64; /*! Signed 64-bit integer type */ typedef uint64_t cc_uint64; #endif -/*! - * The cc_time_t type is used to represent a time in seconds. The time must +/*! + * The cc_time_t type is used to represent a time in seconds. The time must * be stored as the number of seconds since midnight GMT on January 1, 1970. */ typedef cc_uint32 cc_time_t; @@ -407,10 +407,10 @@ typedef cc_uint32 cc_time_t; /*! * \defgroup cc_context_reference cc_context_t Overview * @{ - * - * The cc_context_t type gives the caller access to a ccache collection. - * Before being able to call any functions in the CCache API, the caller - * needs to acquire an instance of cc_context_t by calling cc_initialize(). + * + * The cc_context_t type gives the caller access to a ccache collection. + * Before being able to call any functions in the CCache API, the caller + * needs to acquire an instance of cc_context_t by calling cc_initialize(). * * For API function documentation see \ref cc_context_f. */ @@ -431,11 +431,11 @@ typedef cc_context_d *cc_context_t; /*! * \defgroup cc_ccache_reference cc_ccache_t Overview * @{ - * - * The cc_ccache_t type represents a reference to a ccache. - * Callers can access a ccache and the credentials stored in it - * via a cc_ccache_t. A cc_ccache_t can be acquired via - * cc_context_open_ccache(), cc_context_open_default_ccache(), or + * + * The cc_ccache_t type represents a reference to a ccache. + * Callers can access a ccache and the credentials stored in it + * via a cc_ccache_t. A cc_ccache_t can be acquired via + * cc_context_open_ccache(), cc_context_open_default_ccache(), or * cc_ccache_iterator_next(). * * For API function documentation see \ref cc_ccache_f. @@ -457,10 +457,10 @@ typedef cc_ccache_d *cc_ccache_t; /*! * \defgroup cc_ccache_iterator_reference cc_ccache_iterator_t Overview * @{ - * - * The cc_ccache_iterator_t type represents an iterator that - * iterates over a set of ccaches and returns them in all in some - * order. A new instance of this type can be obtained by calling + * + * The cc_ccache_iterator_t type represents an iterator that + * iterates over a set of ccaches and returns them in all in some + * order. A new instance of this type can be obtained by calling * cc_context_new_ccache_iterator(). * * For API function documentation see \ref cc_ccache_iterator_f. @@ -481,30 +481,30 @@ typedef cc_ccache_iterator_d *cc_ccache_iterator_t; /*! * \defgroup cc_credentials_reference cc_credentials_t Overview * @{ - * - * The cc_credentials_t type is used to store a single set of - * credentials for either Kerberos v4 or Kerberos v5. In addition - * to its only function, release(), it contains a pointer to a - * cc_credentials_union structure. A cc_credentials_union - * structure contains an integer of the enumerator type - * cc_credentials_version, which is either #cc_credentials_v4 or - * #cc_credentials_v5, and a pointer union, which contains either a - * cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer, - * depending on the value in version. - * + * + * The cc_credentials_t type is used to store a single set of + * credentials for either Kerberos v4 or Kerberos v5. In addition + * to its only function, release(), it contains a pointer to a + * cc_credentials_union structure. A cc_credentials_union + * structure contains an integer of the enumerator type + * cc_credentials_version, which is either #cc_credentials_v4 or + * #cc_credentials_v5, and a pointer union, which contains either a + * cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer, + * depending on the value in version. + * * Variables of the type cc_credentials_t are allocated by the CCAPI - * implementation, and should be released with their release() - * function. API functions which receive credentials structures - * from the caller always accept cc_credentials_union, which is + * implementation, and should be released with their release() + * function. API functions which receive credentials structures + * from the caller always accept cc_credentials_union, which is * allocated by the caller, and accordingly disposed by the caller. * * For API functions see \ref cc_credentials_f. */ /*! - * If a cc_credentials_t variable is used to store Kerberos v4 - * credentials, then credentials.credentials_v4 points to a v4 - * credentials structure. This structure is similar to a + * If a cc_credentials_t variable is used to store Kerberos v4 + * credentials, then credentials.credentials_v4 points to a v4 + * credentials structure. This structure is similar to a * krb4 API CREDENTIALS structure. */ struct cc_credentials_v4_t { @@ -535,20 +535,20 @@ struct cc_credentials_v4_t { cc_int32 ticket_size; /*! Ticket data */ unsigned char ticket [cc_v4_ticket_size]; -}; +}; typedef struct cc_credentials_v4_t cc_credentials_v4_t; /*! * The CCAPI data structure. This structure is similar to a krb5_data structure. - * In a v5 credentials structure, cc_data structures are used - * to store tagged variable-length binary data. Specifically, - * for cc_credentials_v5.ticket and - * cc_credentials_v5.second_ticket, the cc_data.type field must - * be zero. For the cc_credentials_v5.addresses, - * cc_credentials_v5.authdata, and cc_credentials_v5.keyblock, - * the cc_data.type field should be the address type, - * authorization data type, and encryption type, as defined by - * the Kerberos v5 protocol definition. + * In a v5 credentials structure, cc_data structures are used + * to store tagged variable-length binary data. Specifically, + * for cc_credentials_v5.ticket and + * cc_credentials_v5.second_ticket, the cc_data.type field must + * be zero. For the cc_credentials_v5.addresses, + * cc_credentials_v5.authdata, and cc_credentials_v5.keyblock, + * the cc_data.type field should be the address type, + * authorization data type, and encryption type, as defined by + * the Kerberos v5 protocol definition. */ struct cc_data { /*! The type of the data as defined by the krb5_data structure. */ @@ -557,13 +557,13 @@ struct cc_data { cc_uint32 length; /*! The data buffer. */ void* data; -}; +}; typedef struct cc_data cc_data; /*! * If a cc_credentials_t variable is used to store Kerberos v5 c - * redentials, and then credentials.credentials_v5 points to a - * v5 credentials structure. This structure is similar to a + * redentials, and then credentials.credentials_v5 points to a + * v5 credentials structure. This structure is similar to a * krb5_creds structure. */ struct cc_credentials_v5_t { @@ -585,7 +585,7 @@ struct cc_credentials_v5_t { cc_uint32 is_skey; /*! Ticket flags, as defined by the Kerberos 5 API. */ cc_uint32 ticket_flags; - /*! The the list of network addresses of hosts that are allowed to authenticate + /*! The the list of network addresses of hosts that are allowed to authenticate * using this ticket. */ cc_data** addresses; /*! Ticket data. */ @@ -594,7 +594,7 @@ struct cc_credentials_v5_t { cc_data second_ticket; /*! Authorization data. */ cc_data** authdata; -}; +}; typedef struct cc_credentials_v5_t cc_credentials_v5_t; struct cc_credentials_union { @@ -628,8 +628,8 @@ typedef cc_credentials_d *cc_credentials_t; * \defgroup cc_credentials_iterator_reference cc_credentials_iterator_t * @{ * The cc_credentials_iterator_t type represents an iterator that - * iterates over a set of credentials. A new instance of this type - * can be obtained by calling cc_ccache_new_credentials_iterator(). + * iterates over a set of credentials. A new instance of this type + * can be obtained by calling cc_ccache_new_credentials_iterator(). * * For API function documentation see \ref cc_credentials_iterator_f. */ @@ -649,11 +649,11 @@ typedef cc_credentials_iterator_d *cc_credentials_iterator_t; /*! * \defgroup cc_string_reference cc_string_t Overview * @{ - * The cc_string_t represents a C string returned by the API. - * It has a pointer to the string data and a release() function. - * This type is used for both principal names and ccache names - * returned by the API. Principal names may contain UTF-8 encoded - * strings for internationalization purposes. + * The cc_string_t represents a C string returned by the API. + * It has a pointer to the string data and a release() function. + * This type is used for both principal names and ccache names + * returned by the API. Principal names may contain UTF-8 encoded + * strings for internationalization purposes. * * For API function documentation see \ref cc_string_f. */ @@ -672,7 +672,7 @@ typedef cc_string_d *cc_string_t; /*!@}*/ /*! - * Function pointer table for cc_context_t. For more information see + * Function pointer table for cc_context_t. For more information see * \ref cc_context_reference. */ struct cc_context_f { @@ -682,19 +682,19 @@ struct cc_context_f { * \brief \b cc_context_release(): Release memory associated with a cc_context_t. */ cc_int32 (*release) (cc_context_t io_context); - + /*! * \param in_context the context object for the cache collection to examine. * \param out_time on exit, the time of the most recent change for the entire ccache collection. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_get_change_time(): Get the last time the cache collection changed. - * - * This function returns the time of the most recent change for the entire ccache collection. - * By maintaining a local copy the caller can deduce whether or not the ccache collection has + * + * This function returns the time of the most recent change for the entire ccache collection. + * By maintaining a local copy the caller can deduce whether or not the ccache collection has * been modified since the previous call to cc_context_get_change_time(). - * + * * The time returned by cc_context_get_changed_time() increases whenever: - * + * * \li a ccache is created * \li a ccache is destroyed * \li a credential is stored @@ -702,76 +702,76 @@ struct cc_context_f { * \li a ccache principal is changed * \li the default ccache is changed * - * \note In order to be able to compare two values returned by cc_context_get_change_time(), - * the caller must use the same context to acquire them. Callers should maintain a single - * context in memory for cc_context_get_change_time() calls rather than creating a new + * \note In order to be able to compare two values returned by cc_context_get_change_time(), + * the caller must use the same context to acquire them. Callers should maintain a single + * context in memory for cc_context_get_change_time() calls rather than creating a new * context for every call. - * + * * \sa wait_for_change */ cc_int32 (*get_change_time) (cc_context_t in_context, cc_time_t *out_time); - + /*! * \param in_context the context object for the cache collection. * \param out_name on exit, the name of the default ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_get_default_ccache_name(): Get the name of the default ccache. - * - * This function returns the name of the default ccache. When the default ccache - * exists, its name is returned. If there are no ccaches in the collection, and - * thus there is no default ccache, the name that the default ccache should have - * is returned. The ccache with that name will be used as the default ccache by + * + * This function returns the name of the default ccache. When the default ccache + * exists, its name is returned. If there are no ccaches in the collection, and + * thus there is no default ccache, the name that the default ccache should have + * is returned. The ccache with that name will be used as the default ccache by * all processes which initialized Kerberos libraries before the ccache was created. - * - * If there is no default ccache, and the client is creating a new ccache, it + * + * If there is no default ccache, and the client is creating a new ccache, it * should be created with the default name. If there already is a default ccache, - * and the client wants to create a new ccache (as opposed to reusing an existing - * ccache), it should be created with any unique name; #create_new_ccache() + * and the client wants to create a new ccache (as opposed to reusing an existing + * ccache), it should be created with any unique name; #create_new_ccache() * can be used to accomplish that more easily. - * - * If the first ccache is created with a name other than the default name, then - * the processes already running will not notice the credentials stored in the + * + * If the first ccache is created with a name other than the default name, then + * the processes already running will not notice the credentials stored in the * new ccache, which is normally undesirable. */ cc_int32 (*get_default_ccache_name) (cc_context_t in_context, cc_string_t *out_name); - + /*! * \param in_context the context object for the cache collection. * \param in_name the name of the ccache to open. * \param out_ccache on exit, a ccache object for the ccache - * \return On success, #ccNoError. If no ccache named \a in_name exists, + * \return On success, #ccNoError. If no ccache named \a in_name exists, * #ccErrCCacheNotFound. On failure, an error code representing the failure. * \brief \b cc_context_open_ccache(): Open a ccache. - * - * Opens an already existing ccache identified by its name. It returns a reference + * + * Opens an already existing ccache identified by its name. It returns a reference * to the ccache in \a out_ccache. * - * The list of all ccache names, principals, and credentials versions may be retrieved - * by calling cc_context_new_cache_iterator(), cc_ccache_get_name(), + * The list of all ccache names, principals, and credentials versions may be retrieved + * by calling cc_context_new_cache_iterator(), cc_ccache_get_name(), * cc_ccache_get_principal(), and cc_ccache_get_cred_version(). */ cc_int32 (*open_ccache) (cc_context_t in_context, const char *in_name, cc_ccache_t *out_ccache); - + /*! * \param in_context the context object for the cache collection. * \param out_ccache on exit, a ccache object for the default ccache - * \return On success, #ccNoError. If no default ccache exists, + * \return On success, #ccNoError. If no default ccache exists, * #ccErrCCacheNotFound. On failure, an error code representing the failure. * \brief \b cc_context_open_default_ccache(): Open the default ccache. - * + * * Opens the default ccache. It returns a reference to the ccache in *ccache. - * - * This function performs the same function as calling + * + * This function performs the same function as calling * cc_context_get_default_ccache_name followed by cc_context_open_ccache, * but it performs it atomically. */ cc_int32 (*open_default_ccache) (cc_context_t in_context, cc_ccache_t *out_ccache); - + /*! * \param in_context the context object for the cache collection. * \param in_name the name of the new ccache to create @@ -780,51 +780,51 @@ struct cc_context_f { * \param out_ccache on exit, a ccache object for the newly created ccache * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_create_ccache(): Create a new ccache. - * - * Create a new credentials cache. The ccache is uniquely identified by its name. - * The principal given is also associated with the ccache and the credentials - * version specified. A NULL name is not allowed (and ccErrBadName is returned - * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid - * input values for cred_vers. If you want to create a new ccache that will hold - * both versions of credentials, call cc_context_create_ccache() with one version, + * + * Create a new credentials cache. The ccache is uniquely identified by its name. + * The principal given is also associated with the ccache and the credentials + * version specified. A NULL name is not allowed (and ccErrBadName is returned + * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid + * input values for cred_vers. If you want to create a new ccache that will hold + * both versions of credentials, call cc_context_create_ccache() with one version, * and then cc_ccache_set_principal() with the other version. - * - * If you want to create a new ccache (with a unique name), you should use - * cc_context_create_new_ccache() instead. If you want to create or reinitialize + * + * If you want to create a new ccache (with a unique name), you should use + * cc_context_create_new_ccache() instead. If you want to create or reinitialize * the default cache, you should use cc_context_create_default_ccache(). - * + * * If name is non-NULL and there is already a ccache named name: - * + * * \li the credentials in the ccache whose version is cred_vers are removed * \li the principal (of the existing ccache) associated with cred_vers is set to principal * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid * * If no ccache named name already exists: - * + * * \li a new empty ccache is created * \li the principal of the new ccache associated with cred_vers is set to principal * \li a handle for the new ccache is returned * - * For a new ccache, the name should be any unique string. The name is not + * For a new ccache, the name should be any unique string. The name is not * intended to be presented to users. - * - * If the created ccache is the first ccache in the collection, it is made - * the default ccache. Note that normally it is undesirable to create the first - * ccache with a name different from the default ccache name (as returned by - * cc_context_get_default_ccache_name()); see the description of + * + * If the created ccache is the first ccache in the collection, it is made + * the default ccache. Note that normally it is undesirable to create the first + * ccache with a name different from the default ccache name (as returned by + * cc_context_get_default_ccache_name()); see the description of * cc_context_get_default_ccache_name() for details. - * - * The principal should be a C string containing an unparsed Kerberos principal - * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ - * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim - * for Kerberos v5. + * + * The principal should be a C string containing an unparsed Kerberos principal + * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ + * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim + * for Kerberos v5. */ cc_int32 (*create_ccache) (cc_context_t in_context, const char *in_name, cc_uint32 in_cred_vers, - const char *in_principal, + const char *in_principal, cc_ccache_t *out_ccache); - + /*! * \param in_context the context object for the cache collection. * \param in_cred_vers the version of the credentials the new default ccache will hold @@ -833,19 +833,19 @@ struct cc_context_f { * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_create_default_ccache(): Create a new default ccache. * - * Create the default credentials cache. The behavior of this function is - * similar to that of cc_create_ccache(). If there is a default ccache - * (which is always the case except when there are no ccaches at all in - * the collection), it is initialized with the specified credentials version - * and principal, as per cc_create_ccache(); otherwise, a new ccache is - * created, and its name is the name returned by + * Create the default credentials cache. The behavior of this function is + * similar to that of cc_create_ccache(). If there is a default ccache + * (which is always the case except when there are no ccaches at all in + * the collection), it is initialized with the specified credentials version + * and principal, as per cc_create_ccache(); otherwise, a new ccache is + * created, and its name is the name returned by * cc_context_get_default_ccache_name(). */ cc_int32 (*create_default_ccache) (cc_context_t in_context, cc_uint32 in_cred_vers, - const char *in_principal, + const char *in_principal, cc_ccache_t *out_ccache); - + /*! * \param in_context the context object for the cache collection. * \param in_cred_vers the version of the credentials the new ccache will hold @@ -854,36 +854,36 @@ struct cc_context_f { * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache. * - * Create a new unique credentials cache. The behavior of this function - * is similar to that of cc_create_ccache(). If there are no ccaches, and - * therefore no default ccache, the new ccache is created with the default - * ccache name as would be returned by get_default_ccache_name(). If there - * are some ccaches, and therefore there is a default ccache, the new ccache - * is created with a new unique name. Clearly, this function never reinitializes + * Create a new unique credentials cache. The behavior of this function + * is similar to that of cc_create_ccache(). If there are no ccaches, and + * therefore no default ccache, the new ccache is created with the default + * ccache name as would be returned by get_default_ccache_name(). If there + * are some ccaches, and therefore there is a default ccache, the new ccache + * is created with a new unique name. Clearly, this function never reinitializes * a ccache, since it always uses a unique name. */ cc_int32 (*create_new_ccache) (cc_context_t in_context, cc_uint32 in_cred_vers, - const char *in_principal, + const char *in_principal, cc_ccache_t *out_ccache); - + /*! * \param in_context the context object for the cache collection. * \param out_iterator on exit, a ccache iterator object for the ccache collection. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection. * - * Used to allocate memory and initialize iterator. Successive calls to iterator's + * Used to allocate memory and initialize iterator. Successive calls to iterator's * next() function will return ccaches in the collection. * - * If changes are made to the collection while an iterator is being used - * on it, the iterator must return at least the intersection, and at most - * the union, of the set of ccaches that were present when the iteration + * If changes are made to the collection while an iterator is being used + * on it, the iterator must return at least the intersection, and at most + * the union, of the set of ccaches that were present when the iteration * began and the set of ccaches that are present when it ends. */ cc_int32 (*new_ccache_iterator) (cc_context_t in_context, cc_ccache_iterator_t *out_iterator); - + /*! * \param in_context the context object for the cache collection. * \param in_lock_type the type of lock to obtain. @@ -891,49 +891,49 @@ struct cc_context_f { * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_lock(): Lock the cache collection. * - * Attempts to acquire an advisory lock for the ccache collection. Allowed values + * Attempts to acquire an advisory lock for the ccache collection. Allowed values * for lock_type are: - * + * * \li cc_lock_read: a read lock. * \li cc_lock_write: a write lock * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock - * - * If block is cc_lock_block, lock() will not return until the lock is acquired. - * If block is cc_lock_noblock, lock() will return immediately, either acquiring - * the lock and returning ccNoError, or failing to acquire the lock and returning + * + * If block is cc_lock_block, lock() will not return until the lock is acquired. + * If block is cc_lock_noblock, lock() will return immediately, either acquiring + * the lock and returning ccNoError, or failing to acquire the lock and returning * an error explaining why. * * Locks apply only to the list of ccaches, not the contents of those ccaches. To * prevent callers participating in the advisory locking from changing the credentials * in a cache you must also lock that ccache with cc_ccache_lock(). This is so - * that you can get the list of ccaches without preventing applications from + * that you can get the list of ccaches without preventing applications from * simultaneously obtaining service tickets. - * - * To avoid having to deal with differences between thread semantics on different - * platforms, locks are granted per context, rather than per thread or per process. - * That means that different threads of execution have to acquire separate contexts + * + * To avoid having to deal with differences between thread semantics on different + * platforms, locks are granted per context, rather than per thread or per process. + * That means that different threads of execution have to acquire separate contexts * in order to be able to synchronize with each other. * * The lock should be unlocked by using cc_context_unlock(). - * - * \note All locks are advisory. For example, callers which do not call - * cc_context_lock() and cc_context_unlock() will not be prevented from writing + * + * \note All locks are advisory. For example, callers which do not call + * cc_context_lock() and cc_context_unlock() will not be prevented from writing * to the cache collection when you have a read lock. This is because the CCAPI - * locking was added after the first release and thus adding mandatory locks would + * locking was added after the first release and thus adding mandatory locks would * have changed the user experience and performance of existing applications. */ cc_int32 (*lock) (cc_context_t in_context, cc_uint32 in_lock_type, cc_uint32 in_block); - + /*! * \param in_context the context object for the cache collection. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_unlock(): Unlock the cache collection. */ cc_int32 (*unlock) (cc_context_t in_cc_context); - + /*! * \param in_context a context object. * \param in_compare_to_context a context object to compare with \a in_context. @@ -944,20 +944,20 @@ struct cc_context_f { cc_int32 (*compare) (cc_context_t in_cc_context, cc_context_t in_compare_to_context, cc_uint32 *out_equal); - + /*! * \param in_context a context object. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection. * - * This function blocks until the next change is made to the cache collection - * ccache collection. By repeatedly calling cc_context_wait_for_change() from - * a worker thread the caller can effectively receive callbacks whenever the + * This function blocks until the next change is made to the cache collection + * ccache collection. By repeatedly calling cc_context_wait_for_change() from + * a worker thread the caller can effectively receive callbacks whenever the * cache collection changes. This is considerably more efficient than polling * with cc_context_get_change_time(). - * + * * cc_context_wait_for_change() will return whenever: - * + * * \li a ccache is created * \li a ccache is destroyed * \li a credential is stored @@ -965,19 +965,19 @@ struct cc_context_f { * \li a ccache principal is changed * \li the default ccache is changed * - * \note In order to make sure that the caller doesn't miss any changes, + * \note In order to make sure that the caller doesn't miss any changes, * cc_context_wait_for_change() always returns immediately after the first time it * is called on a new context object. Callers must use the same context object - * for successive calls to cc_context_wait_for_change() rather than creating a new + * for successive calls to cc_context_wait_for_change() rather than creating a new * context for every call. - * + * * \sa get_change_time */ cc_int32 (*wait_for_change) (cc_context_t in_cc_context); }; /*! - * Function pointer table for cc_ccache_t. For more information see + * Function pointer table for cc_ccache_t. For more information see * \ref cc_ccache_reference. */ struct cc_ccache_f { @@ -988,54 +988,54 @@ struct cc_ccache_f { * \note Does not modify the ccache. If you wish to remove the ccache see cc_ccache_destroy(). */ cc_int32 (*release) (cc_ccache_t io_ccache); - + /*! * \param io_ccache the ccache object to destroy and release. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_destroy(): Destroy a ccache. - * + * * Destroy the ccache referred to by \a io_ccache and releases memory associated with - * the \a io_ccache object. After this call \a io_ccache becomes invalid. If + * the \a io_ccache object. After this call \a io_ccache becomes invalid. If * \a io_ccache was the default ccache, the next ccache in the cache collection (if any) * becomes the new default. */ cc_int32 (*destroy) (cc_ccache_t io_ccache); - + /*! * \param io_ccache a ccache object to make the new default ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_set_default(): Make a ccache the default ccache. */ cc_int32 (*set_default) (cc_ccache_t io_ccache); - + /*! * \param in_ccache a ccache object. * \param out_credentials_version on exit, the credentials version of \a in_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_get_credentials_version(): Get the credentials version of a ccache. * - * cc_ccache_get_credentials_version() returns one value of the enumerated type - * cc_credentials_vers. The possible return values are #cc_credentials_v4 - * (if ccache's v4 principal has been set), #cc_credentials_v5 - * (if ccache's v5 principal has been set), or #cc_credentials_v4_v5 - * (if both ccache's v4 and v5 principals have been set). A ccache's - * principal is set with one of cc_context_create_ccache(), - * cc_context_create_new_ccache(), cc_context_create_default_ccache(), or + * cc_ccache_get_credentials_version() returns one value of the enumerated type + * cc_credentials_vers. The possible return values are #cc_credentials_v4 + * (if ccache's v4 principal has been set), #cc_credentials_v5 + * (if ccache's v5 principal has been set), or #cc_credentials_v4_v5 + * (if both ccache's v4 and v5 principals have been set). A ccache's + * principal is set with one of cc_context_create_ccache(), + * cc_context_create_new_ccache(), cc_context_create_default_ccache(), or * cc_ccache_set_principal(). */ cc_int32 (*get_credentials_version) (cc_ccache_t in_ccache, cc_uint32 *out_credentials_version); - + /*! * \param in_ccache a ccache object. - * \param out_name on exit, a cc_string_t representing the name of \a in_ccache. + * \param out_name on exit, a cc_string_t representing the name of \a in_ccache. * \a out_name must be released with cc_string_release(). * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_get_name(): Get the name of a ccache. */ cc_int32 (*get_name) (cc_ccache_t in_ccache, cc_string_t *out_name); - + /*! * \param in_ccache a ccache object. * \param in_credentials_version the credentials version to get the principal for. @@ -1043,118 +1043,118 @@ struct cc_ccache_f { * \a out_principal must be released with cc_string_release(). * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_get_principal(): Get the principal of a ccache. - * - * Return the principal for the ccache that was set via cc_context_create_ccache(), - * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or - * cc_ccache_set_principal(). Principals for v4 and v5 are separate, but - * should be kept synchronized for each ccache; they can be retrieved by - * passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing + * + * Return the principal for the ccache that was set via cc_context_create_ccache(), + * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or + * cc_ccache_set_principal(). Principals for v4 and v5 are separate, but + * should be kept synchronized for each ccache; they can be retrieved by + * passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing * cc_credentials_v4_v5 will result in the error ccErrBadCredentialsVersion. */ cc_int32 (*get_principal) (cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_string_t *out_principal); - - + + /*! * \param in_ccache a ccache object. * \param in_credentials_version the credentials version to set the principal for. * \param in_principal a C string representing the new principal of \a in_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_set_principal(): Set the principal of a ccache. - * - * Set the a principal for ccache. The v4 and v5 principals can be set - * independently, but they should always be kept equal, up to differences in - * string representation between v4 and v5. Passing cc_credentials_v4_v5 in + * + * Set the a principal for ccache. The v4 and v5 principals can be set + * independently, but they should always be kept equal, up to differences in + * string representation between v4 and v5. Passing cc_credentials_v4_v5 in * cred_vers will result in the error ccErrBadCredentialsVersion. */ cc_int32 (*set_principal) (cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal); - + /*! * \param io_ccache a ccache object. * \param in_credentials_union the credentials to store in \a io_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_store_credentials(): Store credentials in a ccache. - * + * * Store a copy of credentials in the ccache. - * - * See the description of the credentials types for the meaning of + * + * See the description of the credentials types for the meaning of * cc_credentials_union fields. - * - * Before credentials of a specific credential type can be stored in a ccache, - * the corresponding principal version has to be set. For example, before you can - * store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set - * either by cc_context_create_ccache(), cc_context_create_default_ccache(), - * cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for + * + * Before credentials of a specific credential type can be stored in a ccache, + * the corresponding principal version has to be set. For example, before you can + * store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set + * either by cc_context_create_ccache(), cc_context_create_default_ccache(), + * cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for * Kerberos v5. Otherwise, ccErrBadCredentialsVersion is returned. */ cc_int32 (*store_credentials) (cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union); - + /*! * \param io_ccache a ccache object. * \param in_credentials the credentials to remove from \a io_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_remove_credentials(): Remove credentials from a ccache. - * - * Removes credentials from a ccache. Note that credentials must be previously - * acquired from the CCache API; only exactly matching credentials will be - * removed. (This places the burden of determining exactly which credentials - * to remove on the caller, but ensures there is no ambigity about which - * credentials will be removed.) cc_credentials_t objects can be obtained by + * + * Removes credentials from a ccache. Note that credentials must be previously + * acquired from the CCache API; only exactly matching credentials will be + * removed. (This places the burden of determining exactly which credentials + * to remove on the caller, but ensures there is no ambigity about which + * credentials will be removed.) cc_credentials_t objects can be obtained by * iterating over the ccache's credentials with cc_ccache_new_credentials_iterator(). - * - * If found, the credentials are removed from the ccache. The credentials - * parameter is not modified and should be freed by the caller. It is - * legitimate to call this function while an iterator is traversing the - * ccache, and the deletion of a credential already returned by - * cc_credentials_iterator_next() will not disturb sequence of credentials + * + * If found, the credentials are removed from the ccache. The credentials + * parameter is not modified and should be freed by the caller. It is + * legitimate to call this function while an iterator is traversing the + * ccache, and the deletion of a credential already returned by + * cc_credentials_iterator_next() will not disturb sequence of credentials * returned by cc_credentials_iterator_next(). */ cc_int32 (*remove_credentials) (cc_ccache_t io_ccache, cc_credentials_t in_credentials); - + /*! * \param in_ccache a ccache object. * \param out_credentials_iterator a credentials iterator for \a io_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_new_credentials_iterator(): Iterate over credentials in a ccache. - * - * Allocates memory for iterator and initializes it. Successive calls to + * + * Allocates memory for iterator and initializes it. Successive calls to * cc_credentials_iterator_next() will return credentials from the ccache. - * - * If changes are made to the ccache while an iterator is being used on it, - * the iterator must return at least the intersection, and at most the union, - * of the set of credentials that were in the ccache when the iteration began + * + * If changes are made to the ccache while an iterator is being used on it, + * the iterator must return at least the intersection, and at most the union, + * of the set of credentials that were in the ccache when the iteration began * and the set of credentials that are in the ccache when it ends. */ cc_int32 (*new_credentials_iterator) (cc_ccache_t in_ccache, cc_credentials_iterator_t *out_credentials_iterator); - + /*! * \param io_source_ccache a ccache object to move. * \param io_destination_ccache a ccache object replace with the contents of \a io_source_ccache. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_move(): Move the contents of one ccache into another, destroying the source. - * - * cc_ccache_move() atomically copies the credentials, credential versions and principals - * from one ccache to another. On successful completion \a io_source_ccache will be + * + * cc_ccache_move() atomically copies the credentials, credential versions and principals + * from one ccache to another. On successful completion \a io_source_ccache will be * released and the ccache it points to will be destroyed. Any credentials previously * in \a io_destination_ccache will be replaced with credentials from \a io_source_ccache. * The only part of \a io_destination_ccache which remains constant is the name. Any other * callers referring to \a io_destination_ccache will suddenly see new data in it. * - * Typically cc_ccache_move() is used when the caller wishes to safely overwrite the - * contents of a ccache with new data which requires several steps to generate. - * cc_ccache_move() allows the caller to create a temporary ccache + * Typically cc_ccache_move() is used when the caller wishes to safely overwrite the + * contents of a ccache with new data which requires several steps to generate. + * cc_ccache_move() allows the caller to create a temporary ccache * (which can be destroyed if any intermediate step fails) and the atomically copy * the temporary cache into the destination. */ cc_int32 (*move) (cc_ccache_t io_source_ccache, cc_ccache_t io_destination_ccache); - + /*! * \param io_ccache the ccache object for the ccache you wish to lock. * \param in_lock_type the type of lock to obtain. @@ -1163,84 +1163,84 @@ struct cc_ccache_f { * \brief \b cc_ccache_lock(): Lock a ccache. * * Attempts to acquire an advisory lock for a ccache. Allowed values for lock_type are: - * + * * \li cc_lock_read: a read lock. * \li cc_lock_write: a write lock * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock - * - * If block is cc_lock_block, lock() will not return until the lock is acquired. - * If block is cc_lock_noblock, lock() will return immediately, either acquiring - * the lock and returning ccNoError, or failing to acquire the lock and returning + * + * If block is cc_lock_block, lock() will not return until the lock is acquired. + * If block is cc_lock_noblock, lock() will return immediately, either acquiring + * the lock and returning ccNoError, or failing to acquire the lock and returning * an error explaining why. * - * To avoid having to deal with differences between thread semantics on different - * platforms, locks are granted per ccache, rather than per thread or per process. - * That means that different threads of execution have to acquire separate contexts + * To avoid having to deal with differences between thread semantics on different + * platforms, locks are granted per ccache, rather than per thread or per process. + * That means that different threads of execution have to acquire separate contexts * in order to be able to synchronize with each other. * * The lock should be unlocked by using cc_ccache_unlock(). - * - * \note All locks are advisory. For example, callers which do not call - * cc_ccache_lock() and cc_ccache_unlock() will not be prevented from writing + * + * \note All locks are advisory. For example, callers which do not call + * cc_ccache_lock() and cc_ccache_unlock() will not be prevented from writing * to the ccache when you have a read lock. This is because the CCAPI - * locking was added after the first release and thus adding mandatory locks would + * locking was added after the first release and thus adding mandatory locks would * have changed the user experience and performance of existing applications. */ cc_int32 (*lock) (cc_ccache_t io_ccache, cc_uint32 in_lock_type, cc_uint32 in_block); - + /*! * \param io_ccache a ccache object. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_unlock(): Unlock a ccache. */ cc_int32 (*unlock) (cc_ccache_t io_ccache); - + /*! * \param in_ccache a cache object. * \param out_last_default_time on exit, the last time the ccache was default. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_get_change_time(): Get the last time a ccache was the default ccache. - * - * This function returns the last time when the ccache was made the default ccache. - * This allows clients to sort the ccaches by how recently they were default, which - * is useful for user listing of ccaches. If the ccache was never default, + * + * This function returns the last time when the ccache was made the default ccache. + * This allows clients to sort the ccaches by how recently they were default, which + * is useful for user listing of ccaches. If the ccache was never default, * ccErrNeverDefault is returned. */ cc_int32 (*get_last_default_time) (cc_ccache_t in_ccache, cc_time_t *out_last_default_time); - + /*! * \param in_ccache a cache object. * \param out_change_time on exit, the last time the ccache changed. * \return On success, #ccNoError. If the ccache was never the default ccache, * #ccErrNeverDefault. Otherwise, an error code representing the failure. * \brief \b cc_ccache_get_change_time(): Get the last time a ccache changed. - * - * This function returns the time of the most recent change made to a ccache. - * By maintaining a local copy the caller can deduce whether or not the ccache has + * + * This function returns the time of the most recent change made to a ccache. + * By maintaining a local copy the caller can deduce whether or not the ccache has * been modified since the previous call to cc_ccache_get_change_time(). - * + * * The time returned by cc_ccache_get_change_time() increases whenever: - * + * * \li a credential is stored * \li a credential is removed * \li a ccache principal is changed * \li the ccache becomes the default ccache * \li the ccache is no longer the default ccache * - * \note In order to be able to compare two values returned by cc_ccache_get_change_time(), - * the caller must use the same ccache object to acquire them. Callers should maintain a - * single ccache object in memory for cc_ccache_get_change_time() calls rather than + * \note In order to be able to compare two values returned by cc_ccache_get_change_time(), + * the caller must use the same ccache object to acquire them. Callers should maintain a + * single ccache object in memory for cc_ccache_get_change_time() calls rather than * creating a new ccache object for every call. - * + * * \sa wait_for_change */ cc_int32 (*get_change_time) (cc_ccache_t in_ccache, cc_time_t *out_change_time); - + /*! * \param in_ccache a ccache object. * \param in_compare_to_ccache a ccache object to compare with \a in_ccache. @@ -1251,26 +1251,26 @@ struct cc_ccache_f { cc_int32 (*compare) (cc_ccache_t in_ccache, cc_ccache_t in_compare_to_ccache, cc_uint32 *out_equal); - + /*! * \param in_ccache a ccache object. * \param in_credentials_version the credentials version to get the time offset for. * \param out_time_offset on exit, the KDC time offset for \a in_ccache for credentials version * \a in_credentials_version. - * \return On success, #ccNoError if a time offset was obtained or #ccErrTimeOffsetNotSet + * \return On success, #ccNoError if a time offset was obtained or #ccErrTimeOffsetNotSet * if a time offset has not been set. On failure, an error code representing the failure. * \brief \b cc_ccache_get_kdc_time_offset(): Get the KDC time offset for credentials in a ccache. * \sa set_kdc_time_offset, clear_kdc_time_offset - * + * * Sometimes the KDC and client's clocks get out of sync. cc_ccache_get_kdc_time_offset() - * returns the difference between the KDC and client's clocks at the time credentials were - * acquired. This offset allows callers to figure out how much time is left on a given + * returns the difference between the KDC and client's clocks at the time credentials were + * acquired. This offset allows callers to figure out how much time is left on a given * credential even though the end_time is based on the KDC's clock not the client's clock. */ cc_int32 (*get_kdc_time_offset) (cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_time_t *out_time_offset); - + /*! * \param in_ccache a ccache object. * \param in_credentials_version the credentials version to get the time offset for. @@ -1279,63 +1279,63 @@ struct cc_ccache_f { * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_set_kdc_time_offset(): Set the KDC time offset for credentials in a ccache. * \sa get_kdc_time_offset, clear_kdc_time_offset - * + * * Sometimes the KDC and client's clocks get out of sync. cc_ccache_set_kdc_time_offset() - * sets the difference between the KDC and client's clocks at the time credentials were - * acquired. This offset allows callers to figure out how much time is left on a given + * sets the difference between the KDC and client's clocks at the time credentials were + * acquired. This offset allows callers to figure out how much time is left on a given * credential even though the end_time is based on the KDC's clock not the client's clock. */ cc_int32 (*set_kdc_time_offset) (cc_ccache_t io_ccache, cc_uint32 in_credentials_version, cc_time_t in_time_offset); - + /*! * \param in_ccache a ccache object. * \param in_credentials_version the credentials version to get the time offset for. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_clear_kdc_time_offset(): Clear the KDC time offset for credentials in a ccache. * \sa get_kdc_time_offset, set_kdc_time_offset - * + * * Sometimes the KDC and client's clocks get out of sync. cc_ccache_clear_kdc_time_offset() - * clears the difference between the KDC and client's clocks at the time credentials were - * acquired. This offset allows callers to figure out how much time is left on a given + * clears the difference between the KDC and client's clocks at the time credentials were + * acquired. This offset allows callers to figure out how much time is left on a given * credential even though the end_time is based on the KDC's clock not the client's clock. */ cc_int32 (*clear_kdc_time_offset) (cc_ccache_t io_ccache, cc_uint32 in_credentials_version); - + /*! * \param in_ccache a ccache object. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_ccache_wait_for_change(): Wait for the next change to a ccache. * - * This function blocks until the next change is made to the ccache referenced by - * \a in_ccache. By repeatedly calling cc_ccache_wait_for_change() from - * a worker thread the caller can effectively receive callbacks whenever the + * This function blocks until the next change is made to the ccache referenced by + * \a in_ccache. By repeatedly calling cc_ccache_wait_for_change() from + * a worker thread the caller can effectively receive callbacks whenever the * ccache changes. This is considerably more efficient than polling * with cc_ccache_get_change_time(). - * + * * cc_ccache_wait_for_change() will return whenever: - * + * * \li a credential is stored * \li a credential is removed * \li the ccache principal is changed * \li the ccache becomes the default ccache * \li the ccache is no longer the default ccache * - * \note In order to make sure that the caller doesn't miss any changes, + * \note In order to make sure that the caller doesn't miss any changes, * cc_ccache_wait_for_change() always returns immediately after the first time it * is called on a new ccache object. Callers must use the same ccache object - * for successive calls to cc_ccache_wait_for_change() rather than creating a new + * for successive calls to cc_ccache_wait_for_change() rather than creating a new * ccache object for every call. - * + * * \sa get_change_time */ cc_int32 (*wait_for_change) (cc_ccache_t in_ccache); }; /*! - * Function pointer table for cc_string_t. For more information see + * Function pointer table for cc_string_t. For more information see * \ref cc_string_reference. */ struct cc_string_f { @@ -1348,7 +1348,7 @@ struct cc_string_f { }; /*! - * Function pointer table for cc_credentials_t. For more information see + * Function pointer table for cc_credentials_t. For more information see * \ref cc_credentials_reference. */ struct cc_credentials_f { @@ -1358,11 +1358,11 @@ struct cc_credentials_f { * \brief \b cc_credentials_release(): Release memory associated with a cc_credentials_t object. */ cc_int32 (*release) (cc_credentials_t io_credentials); - + /*! * \param in_credentials a credentials object. * \param in_compare_to_credentials a credentials object to compare with \a in_credentials. - * \param out_equal on exit, whether or not the two credentials objects refer to the + * \param out_equal on exit, whether or not the two credentials objects refer to the * same credentials in the cache collection. * \return On success, #ccNoError. On failure, an error code representing the failure. * \brief \b cc_credentials_compare(): Compare two credentials objects. @@ -1373,7 +1373,7 @@ struct cc_credentials_f { }; /*! - * Function pointer table for cc_ccache_iterator_t. For more information see + * Function pointer table for cc_ccache_iterator_t. For more information see * \ref cc_ccache_iterator_reference. */ struct cc_ccache_iterator_f { @@ -1383,18 +1383,18 @@ struct cc_ccache_iterator_f { * \brief \b cc_ccache_iterator_release(): Release memory associated with a cc_ccache_iterator_t object. */ cc_int32 (*release) (cc_ccache_iterator_t io_ccache_iterator); - + /*! * \param in_ccache_iterator a ccache iterator object. * \param out_ccache on exit, the next ccache in the cache collection. - * \return On success, #ccNoError if the next ccache in the cache collection was - * obtained or #ccIteratorEnd if there are no more ccaches. + * \return On success, #ccNoError if the next ccache in the cache collection was + * obtained or #ccIteratorEnd if there are no more ccaches. * On failure, an error code representing the failure. * \brief \b cc_ccache_iterator_next(): Get the next ccache in the cache collection. */ cc_int32 (*next) (cc_ccache_iterator_t in_ccache_iterator, cc_ccache_t *out_ccache); - + /*! * \param in_ccache_iterator a ccache iterator object. * \param out_ccache_iterator on exit, a copy of \a in_ccache_iterator. @@ -1406,7 +1406,7 @@ struct cc_ccache_iterator_f { }; /*! - * Function pointer table for cc_credentials_iterator_t. For more information see + * Function pointer table for cc_credentials_iterator_t. For more information see * \ref cc_credentials_iterator_reference. */ struct cc_credentials_iterator_f { @@ -1416,18 +1416,18 @@ struct cc_credentials_iterator_f { * \brief \b cc_credentials_iterator_release(): Release memory associated with a cc_credentials_iterator_t object. */ cc_int32 (*release) (cc_credentials_iterator_t io_credentials_iterator); - + /*! * \param in_credentials_iterator a credentials iterator object. * \param out_credentials on exit, the next credentials in the ccache. * \return On success, #ccNoError if the next credential in the ccache was obtained - * or #ccIteratorEnd if there are no more credentials. + * or #ccIteratorEnd if there are no more credentials. * On failure, an error code representing the failure. * \brief \b cc_credentials_iterator_next(): Get the next credentials in the ccache. */ cc_int32 (*next) (cc_credentials_iterator_t in_credentials_iterator, cc_credentials_t *out_credentials); - + /*! * \ingroup cc_credentials_iterator_reference * \param in_credentials_iterator a credentials iterator object. @@ -1442,11 +1442,11 @@ struct cc_credentials_iterator_f { /*! * \ingroup cc_context_reference * \param out_context on exit, a new context object. Must be free with cc_context_release(). - * \param in_version the requested API version. This should be the maximum version the + * \param in_version the requested API version. This should be the maximum version the * application supports. * \param out_supported_version if non-NULL, on exit contains the maximum API version * supported by the implementation. - * \param out_vendor if non-NULL, on exit contains a pointer to a read-only C string which + * \param out_vendor if non-NULL, on exit contains a pointer to a read-only C string which * contains a string describing the vendor which implemented the credentials cache API. * \return On success, #ccNoError. On failure, an error code representing the failure. * May return CCAPI v2 error CC_BAD_API_VERSION if #ccapi_version_2 is passed in. @@ -1456,7 +1456,7 @@ CCACHE_API cc_int32 cc_initialize (cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor); - + /*! \defgroup helper_macros CCAPI Function Helper Macros * @{ */ @@ -1582,7 +1582,7 @@ CCACHE_API cc_int32 cc_initialize (cc_context_t *out_context, /*! Helper macro for cc_ccache_iterator_f clone() */ #define cc_ccache_iterator_clone(iterator, new_iterator) \ ((iterator) -> functions -> clone (iterator, new_iterator)) - + /*! Helper macro for cc_credentials_iterator_f release() */ #define cc_credentials_iterator_release(iterator) \ ((iterator) -> functions -> release (iterator)) diff --git a/src/include/CredentialsCache2.h b/src/include/CredentialsCache2.h index b0c45d59e8..e9ea311cfb 100644 --- a/src/include/CredentialsCache2.h +++ b/src/include/CredentialsCache2.h @@ -25,13 +25,13 @@ */ /* - * This is backwards compatibility for CCache API v2 clients to be able to run + * This is backwards compatibility for CCache API v2 clients to be able to run * against the CCache API v3 library */ - + #ifndef CCAPI_V2_H #define CCAPI_V2_H - + #include <CredentialsCache.h> #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) @@ -53,7 +53,7 @@ extern "C" { #if TARGET_OS_MAC #pragma pack(push,2) #endif - + /* Some old types get directly mapped to new types */ typedef cc_context_d apiCB; @@ -84,17 +84,17 @@ typedef struct cc_credentials_v5_compat { cc_data_compat second_ticket; cc_data_compat** authdata; } cc_credentials_v5_compat; - + enum { MAX_V4_CRED_LEN = 1250 }; - + enum { KRB_NAME_SZ = 40, KRB_INSTANCE_SZ = 40, KRB_REALM_SZ = 40 }; - + typedef struct cc_credentials_v4_compat { unsigned char kversion; char principal[KRB_NAME_SZ+1]; @@ -117,7 +117,7 @@ typedef union cred_ptr_union_compat { cc_credentials_v4_compat* pV4Cred; cc_credentials_v5_compat* pV5Cred; } cred_ptr_union_compat; - + typedef struct cred_union { cc_int32 cred_type; /* cc_cred_vers */ cred_ptr_union_compat cred; @@ -162,7 +162,7 @@ enum { CC_ERR_CACHE_RELEASE, CC_ERR_CACHE_FULL, CC_ERR_CRED_VERSION -}; +}; enum { CC_CRED_UNKNOWN, @@ -178,21 +178,21 @@ enum { CC_LOCK_NOBLOCK = 16 }; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_shutdown (apiCB **io_context) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_get_NC_info (apiCB *in_context, infoNC ***out_info) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_get_change_time (apiCB *in_context, cc_time_t *out_change_time) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_open (apiCB *in_context, const char *in_name, cc_int32 in_version, @@ -200,7 +200,7 @@ cc_open (apiCB *in_context, ccache_p **out_ccache) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_create (apiCB *in_context, const char *in_name, const char *in_principal, @@ -209,107 +209,107 @@ cc_create (apiCB *in_context, ccache_p **out_ccache) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_close (apiCB *in_context, ccache_p **ioCCache) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_destroy (apiCB *in_context, ccache_p **io_ccache) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_NCs_begin (apiCB *in_context, ccache_cit **out_nc_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_NCs_next (apiCB *in_context, ccache_p **out_ccache, ccache_cit *in_nc_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_NCs_end (apiCB *in_context, ccache_cit **io_nc_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_get_name (apiCB *in_context, ccache_p *in_ccache, char **out_name) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_get_cred_version (apiCB *in_context, ccache_p *in_ccache, cc_int32 *out_version) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_set_principal (apiCB *in_context, ccache_p *in_ccache, cc_int32 in_version, char *in_principal) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_get_principal (apiCB *in_context, ccache_p *in_ccache, char **out_principal) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_store (apiCB *in_context, ccache_p *in_ccache, cred_union in_credentials) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_remove_cred (apiCB *in_context, ccache_p *in_ccache, cred_union in_credentials) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_creds_begin (apiCB *in_context, const ccache_p *in_ccache, ccache_cit **out_ccache_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_creds_next (apiCB *in_context, cred_union **out_cred_union, ccache_cit *in_ccache_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_seq_fetch_creds_end (apiCB *in_context, ccache_cit **io_ccache_iterator) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_free_principal (apiCB *in_context, char **io_principal) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_free_name (apiCB *in_context, char **io_name) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_free_creds (apiCB *in_context, cred_union **io_cred_union) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_free_NC_info (apiCB *in_context, infoNC ***io_info) CCAPI_DEPRECATED; -CCACHE_API cc_int32 +CCACHE_API cc_int32 cc_lock_request (apiCB *in_context, const ccache_p *in_ccache, const cc_int32 in_lock_type) diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h index 47d500d0d1..cd17a2fa6e 100644 --- a/src/include/adm_proto.h +++ b/src/include/adm_proto.h @@ -111,7 +111,7 @@ krb5_flags_to_string (krb5_flags, char *, size_t); krb5_error_code -krb5_input_flag_to_string (int, +krb5_input_flag_to_string (int, char *, size_t); @@ -128,7 +128,7 @@ krb5_keysalt_iterate (krb5_key_salt_tuple *, krb5_error_code (*) (krb5_key_salt_tuple *, krb5_pointer), krb5_pointer); - + krb5_error_code krb5_string_to_keysalts (char *, const char *, diff --git a/src/include/cm.h b/src/include/cm.h index 716e6cb593..a317c835a1 100644 --- a/src/include/cm.h +++ b/src/include/cm.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -75,7 +75,7 @@ struct conn_state { struct sendto_callback_info { int (*pfn_callback) (struct conn_state *, void *, krb5_data *); void (*pfn_cleanup) (void *, krb5_data *); - void *context; + void *context; }; diff --git a/src/include/copyright.h b/src/include/copyright.h index b1740ce3ce..68dcfdbdb8 100644 --- a/src/include/copyright.h +++ b/src/include/copyright.h @@ -1,40 +1,40 @@ /* * Copyright (C) 1989-1994 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h index 952b43f0bf..d6ba0fb7c7 100644 --- a/src/include/fake-addrinfo.h +++ b/src/include/fake-addrinfo.h @@ -1,42 +1,42 @@ /* * Copyright (C) 2001,2002,2003,2004 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* Approach overview: @@ -202,7 +202,7 @@ struct addrinfo { # define AI_DEFAULT (AI_ADDRCONFIG|AI_V4MAPPED) #endif -#if defined(KRB5_USE_INET6) && defined(NEED_INSIXADDR_ANY) +#if defined(KRB5_USE_INET6) && defined(NEED_INSIXADDR_ANY) /* If compiling with IPv6 support and C library does not define in6addr_any */ extern const struct in6_addr krb5int_in6addr_any; #undef in6addr_any diff --git a/src/include/foreachaddr.h b/src/include/foreachaddr.h index 57591f596e..ae422c7b1b 100644 --- a/src/include/foreachaddr.h +++ b/src/include/foreachaddr.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Iterate over the protocol addresses supported by this host, invoking * a callback function or three supplied by the caller. diff --git a/src/include/gssapi.h b/src/include/gssapi.h index f557681440..7ce379ac41 100644 --- a/src/include/gssapi.h +++ b/src/include/gssapi.h @@ -1,4 +1,4 @@ -/* +/* * Wrapper so that #include <gssapi.h> will work without special include * paths. */ diff --git a/src/include/gssrpc/auth.h b/src/include/gssrpc/auth.h index cc3de9764c..0bcb901483 100644 --- a/src/include/gssrpc/auth.h +++ b/src/include/gssrpc/auth.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -115,11 +115,11 @@ typedef struct AUTH { /* destroy this structure */ void (*ah_destroy)(struct AUTH *); /* encode data for wire */ - int (*ah_wrap)(struct AUTH *, XDR *, + int (*ah_wrap)(struct AUTH *, XDR *, xdrproc_t, caddr_t); /* decode data from wire */ - int (*ah_unwrap)(struct AUTH *, XDR *, - xdrproc_t, caddr_t); + int (*ah_unwrap)(struct AUTH *, XDR *, + xdrproc_t, caddr_t); } *ah_ops; void *ah_private; } AUTH; diff --git a/src/include/gssrpc/auth_gss.h b/src/include/gssrpc/auth_gss.h index ea5db92b9e..c850b03bb7 100644 --- a/src/include/gssrpc/auth_gss.h +++ b/src/include/gssrpc/auth_gss.h @@ -1,9 +1,9 @@ /* auth_gssapi.h - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. - + Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>. All rights reserved, all wrongs reversed. @@ -81,20 +81,20 @@ struct authgss_private_data { uint32_t pd_seq_win; /* Sequence window */ }; -/* Krb 5 default mechanism +/* Krb 5 default mechanism #define KRB5OID "1.2.840.113554.1.2.2" gss_OID_desc krb5oid = { - 20, KRB5OID + 20, KRB5OID }; */ /* -struct rpc_gss_sec krb5mech = { +struct rpc_gss_sec krb5mech = { (gss_OID)&krb5oid, GSS_QOP_DEFAULT, RPCSEC_GSS_SVC_NONE -}; +}; */ /* Credentials. */ diff --git a/src/include/gssrpc/auth_gssapi.h b/src/include/gssrpc/auth_gssapi.h index 73a2f0b164..cd405d4072 100644 --- a/src/include/gssrpc/auth_gssapi.h +++ b/src/include/gssrpc/auth_gssapi.h @@ -1,6 +1,6 @@ /* * auth_gssapi.h, Protocol for GSS-API style authentication parameters for RPC - * + * * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * * $Id$ @@ -57,7 +57,7 @@ typedef void (*auth_gssapi_log_badauth_func) OM_uint32 minor, struct sockaddr_in *raddr, caddr_t data); - + typedef void (*auth_gssapi_log_badverf_func) (gss_name_t client, gss_name_t server, @@ -105,7 +105,7 @@ AUTH *auth_gssapi_create_default void auth_gssapi_display_status (char *msg, OM_uint32 major, - OM_uint32 minor); + OM_uint32 minor); bool_t auth_gssapi_seal_seq (gss_ctx_id_t context, uint32_t seq_num, gss_buffer_t out_buf); diff --git a/src/include/gssrpc/auth_unix.h b/src/include/gssrpc/auth_unix.h index 9be4422780..b19bb72b42 100644 --- a/src/include/gssrpc/auth_unix.h +++ b/src/include/gssrpc/auth_unix.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -66,8 +66,8 @@ struct authunix_parms { extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *); -/* - * If a response verifier has flavor AUTH_SHORT, +/* + * If a response verifier has flavor AUTH_SHORT, * then the body of the response verifier encapsulates the following structure; * again it is serialized in the obvious fashion. */ diff --git a/src/include/gssrpc/clnt.h b/src/include/gssrpc/clnt.h index 95450a2416..36707c78e8 100644 --- a/src/include/gssrpc/clnt.h +++ b/src/include/gssrpc/clnt.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -117,13 +117,13 @@ typedef struct CLIENT { /* call remote procedure */ enum clnt_stat (*cl_call)(struct CLIENT *, rpcproc_t, xdrproc_t, void *, - xdrproc_t, void *, - struct timeval); + xdrproc_t, void *, + struct timeval); /* abort a call */ - void (*cl_abort)(struct CLIENT *); + void (*cl_abort)(struct CLIENT *); /* get specific error code */ - void (*cl_geterr)(struct CLIENT *, - struct rpc_err *); + void (*cl_geterr)(struct CLIENT *, + struct rpc_err *); /* frees results */ bool_t (*cl_freeres)(struct CLIENT *, xdrproc_t, void *); @@ -242,7 +242,7 @@ typedef struct CLIENT { /* * Below are the client handle creation routines for the various - * implementations of client side rpc. They can return NULL if a + * implementations of client side rpc. They can return NULL if a * creation failure occurs. */ @@ -310,7 +310,7 @@ char *clnt_spcreateerror(char *); /* string */ /* * Like clnt_perror(), but is more verbose in its output - */ + */ void clnt_perrno(enum clnt_stat); /* stderr */ /* @@ -319,7 +319,7 @@ void clnt_perrno(enum clnt_stat); /* stderr */ void clnt_perror(CLIENT *, char *); /* stderr */ char *clnt_sperror(CLIENT *, char *); /* string */ -/* +/* * If a creation fails, the following allows the user to figure out why. */ struct rpc_createerr { diff --git a/src/include/gssrpc/netdb.h b/src/include/gssrpc/netdb.h index 69267874ef..1cb082a4e9 100644 --- a/src/include/gssrpc/netdb.h +++ b/src/include/gssrpc/netdb.h @@ -9,11 +9,11 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -21,11 +21,11 @@ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/include/gssrpc/pmap_clnt.h b/src/include/gssrpc/pmap_clnt.h index 808306865f..2bdfc1e7f9 100644 --- a/src/include/gssrpc/pmap_clnt.h +++ b/src/include/gssrpc/pmap_clnt.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -46,7 +46,7 @@ * head = pmap_getmaps(address); * clnt_stat = pmap_rmtcall(address, program, version, procedure, * xdrargs, argsp, xdrres, resp, tout, port_ptr) - * (works for udp only.) + * (works for udp only.) * clnt_stat = clnt_broadcast(program, version, procedure, * xdrargs, argsp, xdrres, resp, eachresult) * (like pmap_rmtcall, except the call is broadcasted to all @@ -64,9 +64,9 @@ GSSRPC__BEGIN_DECLS extern bool_t pmap_set(rpcprog_t, rpcvers_t, rpcprot_t, u_int); extern bool_t pmap_unset(rpcprog_t, rpcvers_t); extern struct pmaplist *pmap_getmaps(struct sockaddr_in *); -enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpcprog_t, - rpcvers_t, rpcproc_t, xdrproc_t, - caddr_t, xdrproc_t, caddr_t, +enum clnt_stat pmap_rmtcall(struct sockaddr_in *, rpcprog_t, + rpcvers_t, rpcproc_t, xdrproc_t, + caddr_t, xdrproc_t, caddr_t, struct timeval, rpcport_t *); typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *); @@ -74,8 +74,8 @@ typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *); enum clnt_stat clnt_broadcast(rpcprog_t, rpcvers_t, rpcproc_t, xdrproc_t, caddr_t, xdrproc_t, caddr_t, resultproc_t); -extern u_short pmap_getport(struct sockaddr_in *, - rpcprog_t, +extern u_short pmap_getport(struct sockaddr_in *, + rpcprog_t, rpcvers_t, rpcprot_t); GSSRPC__END_DECLS #endif /* !defined(GSSRPC_PMAP_CLNT_H) */ diff --git a/src/include/gssrpc/pmap_prot.h b/src/include/gssrpc/pmap_prot.h index 8a8802b054..5069723ff5 100644 --- a/src/include/gssrpc/pmap_prot.h +++ b/src/include/gssrpc/pmap_prot.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/include/gssrpc/pmap_rmt.h b/src/include/gssrpc/pmap_rmt.h index 48789b4539..ca3f35d26f 100644 --- a/src/include/gssrpc/pmap_rmt.h +++ b/src/include/gssrpc/pmap_rmt.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/include/gssrpc/rename.h b/src/include/gssrpc/rename.h index 6e472e6170..a4da2cdfba 100644 --- a/src/include/gssrpc/rename.h +++ b/src/include/gssrpc/rename.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/include/gssrpc/rpc.h b/src/include/gssrpc/rpc.h index 0f1730d181..6aa1f94713 100644 --- a/src/include/gssrpc/rpc.h +++ b/src/include/gssrpc/rpc.h @@ -6,11 +6,11 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -54,7 +54,7 @@ #include <gssrpc/auth_unix.h> /* protocol for unix style cred */ #include <gssrpc/auth_gss.h> /* RPCSEC_GSS */ /* - * Uncomment-out the next line if you are building the rpc library with + * Uncomment-out the next line if you are building the rpc library with * DES Authentication (see the README file in the secure_rpc/ directory). */ #if 0 diff --git a/src/include/gssrpc/rpc_msg.h b/src/include/gssrpc/rpc_msg.h index 62d6329675..6e91de6c99 100644 --- a/src/include/gssrpc/rpc_msg.h +++ b/src/include/gssrpc/rpc_msg.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/include/gssrpc/svc.h b/src/include/gssrpc/svc.h index dfe0bec654..16f07206b8 100644 --- a/src/include/gssrpc/svc.h +++ b/src/include/gssrpc/svc.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -82,18 +82,18 @@ typedef struct SVCXPRT { /* receive incomming requests */ bool_t (*xp_recv)(struct SVCXPRT *, struct rpc_msg *); /* get transport status */ - enum xprt_stat (*xp_stat)(struct SVCXPRT *); + enum xprt_stat (*xp_stat)(struct SVCXPRT *); /* get arguments */ bool_t (*xp_getargs)(struct SVCXPRT *, xdrproc_t, void *); /* send reply */ bool_t (*xp_reply)(struct SVCXPRT *, - struct rpc_msg *); + struct rpc_msg *); /* free mem allocated for args */ bool_t (*xp_freeargs)(struct SVCXPRT *, xdrproc_t, void *); /* destroy this struct */ - void (*xp_destroy)(struct SVCXPRT *); + void (*xp_destroy)(struct SVCXPRT *); } *xp_ops; int xp_addrlen; /* length of remote address */ struct sockaddr_in xp_raddr; /* remote address */ @@ -188,7 +188,7 @@ struct svc_req { * rpcprog_t prog; * rpcvers_t vers; * void (*dispatch)(); - * int protocol; like IPPROTO_TCP or _UDP; zero means do not register + * int protocol; like IPPROTO_TCP or _UDP; zero means do not register * * registerrpc(prog, vers, proc, routine, inproc, outproc) * returns 0 upon success, -1 if error. @@ -241,7 +241,7 @@ extern void xprt_unregister(SVCXPRT *); * Note: do not confuse access-control failure with weak authentication! * * NB: In pure implementations of rpc, the caller always waits for a reply - * msg. This message is sent when svc_sendreply is called. + * msg. This message is sent when svc_sendreply is called. * Therefore pure service implementations should always call * svc_sendreply even if the function logically returns void; use * xdr.h - xdr_void for the xdr routine. HOWEVER, tcp based rpc allows @@ -275,7 +275,7 @@ extern void svcerr_systemerr(SVCXPRT *); /* * Global keeper of rpc service descriptors in use - * dynamic; must be inspected before each call to select + * dynamic; must be inspected before each call to select */ extern int svc_maxfd; #ifdef FD_SETSIZE diff --git a/src/include/gssrpc/svc_auth.h b/src/include/gssrpc/svc_auth.h index 541aa4514e..4c2719c033 100644 --- a/src/include/gssrpc/svc_auth.h +++ b/src/include/gssrpc/svc_auth.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -31,7 +31,7 @@ /* * svc_auth.h, Service side of rpc authentication. - * + * * Copyright (C) 1984, Sun Microsystems, Inc. */ diff --git a/src/include/gssrpc/types.hin b/src/include/gssrpc/types.hin index ed612f1f5b..c048129da7 100644 --- a/src/include/gssrpc/types.hin +++ b/src/include/gssrpc/types.hin @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -157,7 +157,7 @@ typedef int32_t rpc_inline_t; #if 0 #include <netdb.h> /* XXX This should not have to be here. * I got sick of seeing the warnings for MAXHOSTNAMELEN - * and the two values were different. -- shanzer + * and the two values were different. -- shanzer */ #endif diff --git a/src/include/gssrpc/xdr.h b/src/include/gssrpc/xdr.h index b7c2843a4d..9fbf26585f 100644 --- a/src/include/gssrpc/xdr.h +++ b/src/include/gssrpc/xdr.h @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/include/k5-err.h b/src/include/k5-err.h index e5fc9bddf7..4259ce682d 100644 --- a/src/include/k5-err.h +++ b/src/include/k5-err.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Error-message handling */ diff --git a/src/include/k5-gmt_mktime.h b/src/include/k5-gmt_mktime.h index d9d1d1e5a9..e7115a54f4 100644 --- a/src/include/k5-gmt_mktime.h +++ b/src/include/k5-gmt_mktime.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * GMT struct tm conversion * diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index 2fb5f87192..2acc956f9d 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -2,7 +2,7 @@ * COPYRIGHT (C) 2006 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN * ALL RIGHTS RESERVED - * + * * Permission is granted to use, copy, create derivative works * and redistribute this software and such derivative works * for any purpose, so long as the name of The University of @@ -13,7 +13,7 @@ * University of Michigan is included in any copy of any * portion of this software, then the disclaimer below must * also be included. - * + * * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF @@ -249,7 +249,7 @@ krb5_error_code decode_krb5_auth_pack krb5_error_code decode_krb5_auth_pack_draft9 (const krb5_data *, krb5_auth_pack_draft9 **); -krb5_error_code decode_krb5_kdc_dh_key_info +krb5_error_code decode_krb5_kdc_dh_key_info (const krb5_data *, krb5_kdc_dh_key_info **); krb5_error_code decode_krb5_principal_name diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f6f091fcc1..c583efd1f6 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1,54 +1,54 @@ /* * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007,2008,2009 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -59,7 +59,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -96,7 +96,7 @@ #ifndef KRB5_CONFIG__ #define KRB5_CONFIG__ -/* +/* * Machine-type definitions: PC Clone 386 running Microloss Windows */ @@ -140,7 +140,7 @@ typedef INT64_TYPE krb5_int64; #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ #define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ -/* +/* * Windows requires a different api interface to each function. Here * just define it as NULL. */ @@ -381,11 +381,11 @@ typedef struct _krb5_etype_info_entry { krb5_data s2kparams; } krb5_etype_info_entry; -/* +/* * This is essentially -1 without sign extension which can screw up * comparisons on 64 bit machines. If the length is this value, then * the salt data is not present. This is to distinguish between not - * being set and being of 0 length. + * being set and being of 0 length. */ #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS @@ -398,7 +398,7 @@ typedef struct _krb5_etype_list { } krb5_etype_list; /* - * a sam_challenge is returned for alternate preauth + * a sam_challenge is returned for alternate preauth */ /* SAMFlags ::= BIT STRING { @@ -597,9 +597,9 @@ krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean); void krb5_os_free_context (krb5_context); -/* This function is needed by KfM's KerberosPreferences API +/* This function is needed by KfM's KerberosPreferences API * because it needs to be able to specify "secure" */ -krb5_error_code os_get_default_config_files +krb5_error_code os_get_default_config_files (profile_filespec_t **pfiles, krb5_boolean secure); krb5_error_code krb5_os_hostaddr @@ -651,7 +651,7 @@ struct krb5_key_st { /* new encryption provider api */ struct krb5_enc_provider { - /* keybytes is the input size to make_key; + /* keybytes is the input size to make_key; keylength is the output size */ size_t block_size, keybytes, keylength; @@ -817,7 +817,7 @@ zapfree(void *ptr, size_t len) krb5_error_code krb5int_des_init_state (const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state); -/* +/* * normally to free a cipher_state you can just memset the length to zero and * free it. */ @@ -839,7 +839,7 @@ void krb5int_c_free_keyblock_contents (krb5_context, krb5_keyblock *); krb5_error_code krb5int_c_init_keyblock (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); + size_t length, krb5_keyblock **out); krb5_error_code krb5int_c_copy_keyblock (krb5_context context, const krb5_keyblock *from, krb5_keyblock **to); krb5_error_code krb5int_c_copy_keyblock_contents @@ -851,7 +851,7 @@ krb5_error_code krb5int_c_copy_keyblock_contents extern void krb5int_prng_cleanup (void); -/* +/* * These declarations are here, so both krb5 and k5crypto * can get to them. * krb5 needs to get to them so it can make them available to libgssapi. @@ -942,10 +942,10 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) * (Originally written by Glen Machin at Sandia Labs.) */ /* - * Sandia National Laboratories also makes no representations about the - * suitability of the modifications, or additions to this software for + * Sandia National Laboratories also makes no representations about the + * suitability of the modifications, or additions to this software for * any purpose. It is provided "as is" without express or implied warranty. - * + * */ #ifndef KRB5_PREAUTH__ #define KRB5_PREAUTH__ @@ -1079,7 +1079,7 @@ typedef krb5_error_code (*krb5_preauth_obtain_proc) (krb5_context, krb5_pa_data *, krb5_etype_info, - krb5_keyblock *, + krb5_keyblock *, krb5_error_code ( * )(krb5_context, const krb5_enctype, krb5_data *, @@ -1106,7 +1106,7 @@ typedef krb5_error_code (*krb5_preauth_process_proc) krb5_const_pointer, krb5_kdc_rep * ), krb5_keyblock **, - krb5_creds *, + krb5_creds *, krb5_int32 *, krb5_int32 *); @@ -1126,7 +1126,7 @@ krb5_error_code krb5_obtain_padata krb5_data *, krb5_const_pointer, krb5_keyblock **), - krb5_const_pointer, + krb5_const_pointer, krb5_creds *, krb5_kdc_req *); @@ -1144,9 +1144,9 @@ krb5_error_code krb5_process_padata const krb5_keyblock *, krb5_const_pointer, krb5_kdc_rep * ), - krb5_keyblock **, - krb5_creds *, - krb5_int32 *); + krb5_keyblock **, + krb5_creds *, + krb5_int32 *); krb5_pa_data * krb5int_find_pa_data (krb5_context, krb5_pa_data * const *, krb5_preauthtype); @@ -1185,7 +1185,7 @@ void krb5_free_etype_info * with the new krb5_get_init_creds_opt_alloc() function. * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended * structure is a shadow copy of an original krb5_get_init_creds_opt - * structure. + * structure. * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to * krb5int_gic_opt_to_opte(), the resulting extended structure should be * freed (using krb5_get_init_creds_free). Otherwise, the original @@ -1357,7 +1357,7 @@ void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents (krb5_context, krb5_enc_sam_response_enc * ); void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents (krb5_context, krb5_enc_sam_response_enc_2 * ); - + void KRB5_CALLCONV krb5_free_pa_enc_ts (krb5_context, krb5_pa_enc_ts *); void KRB5_CALLCONV krb5_free_pa_for_user @@ -1591,7 +1591,7 @@ void KRB5_CALLCONV krb5_free_priv_enc_part /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */ /* here we use some knowledge of ASN.1 encodings */ -/* +/* Ticket is APPLICATION 1. Authenticator is APPLICATION 2. AS_REQ is APPLICATION 10. @@ -1661,11 +1661,11 @@ krb5_error_code encode_krb5_enc_tkt_part krb5_error_code encode_krb5_enc_kdc_rep_part (const krb5_enc_kdc_rep_part *rep, krb5_data **code); -/* yes, the translation is identical to that used for KDC__REP */ +/* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_as_rep (const krb5_kdc_rep *rep, krb5_data **code); -/* yes, the translation is identical to that used for KDC__REP */ +/* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_tgs_rep (const krb5_kdc_rep *rep, krb5_data **code); @@ -1848,13 +1848,13 @@ krb5_error_code decode_krb5_sam_response_2 *************************************************************************/ krb5_error_code krb5_validate_times - (krb5_context, + (krb5_context, krb5_ticket_times *); /* krb5_error_code decode_krb5_structure(const krb5_data *code, krb5_structure **rep); - + requires Expects **rep to not have been allocated; a new *rep is allocated regardless of the old value. effects Decodes *code into **rep. @@ -2165,7 +2165,7 @@ krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, /* set and change password helpers */ krb5_error_code krb5int_mk_chpw_req - (krb5_context context, krb5_auth_context auth_context, + (krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet); krb5_error_code krb5int_rd_chpw_rep (krb5_context context, krb5_auth_context auth_context, @@ -2425,7 +2425,7 @@ struct _krb5_cc_ops { krb5_ccache *); krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context, krb5_cc_ptcursor *); - krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, + krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, krb5_ccache); krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); @@ -2450,23 +2450,23 @@ typedef struct _krb5_donot_replay { krb5_timestamp ctime; } krb5_donot_replay; -krb5_error_code krb5_rc_default +krb5_error_code krb5_rc_default (krb5_context, krb5_rcache *); -krb5_error_code krb5_rc_resolve_type +krb5_error_code krb5_rc_resolve_type (krb5_context, krb5_rcache *,char *); -krb5_error_code krb5_rc_resolve_full +krb5_error_code krb5_rc_resolve_full (krb5_context, krb5_rcache *,char *); -char * krb5_rc_get_type +char * krb5_rc_get_type (krb5_context, krb5_rcache); -char * krb5_rc_default_type +char * krb5_rc_default_type (krb5_context); -char * krb5_rc_default_name +char * krb5_rc_default_name (krb5_context); -krb5_error_code krb5_auth_to_rep +krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent *, krb5_donot_replay *); @@ -2500,44 +2500,44 @@ typedef struct _krb5_kt_ops { krb5_magic magic; char *prefix; /* routines always present */ - krb5_error_code (KRB5_CALLCONV *resolve) + krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, const char *, krb5_keytab *); - krb5_error_code (KRB5_CALLCONV *get_name) + krb5_error_code (KRB5_CALLCONV *get_name) (krb5_context, krb5_keytab, char *, unsigned int); - krb5_error_code (KRB5_CALLCONV *close) + krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_keytab); - krb5_error_code (KRB5_CALLCONV *get) + krb5_error_code (KRB5_CALLCONV *get) (krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry *); - krb5_error_code (KRB5_CALLCONV *start_seq_get) + krb5_error_code (KRB5_CALLCONV *start_seq_get) (krb5_context, krb5_keytab, - krb5_kt_cursor *); - krb5_error_code (KRB5_CALLCONV *get_next) + krb5_kt_cursor *); + krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_keytab, krb5_keytab_entry *, krb5_kt_cursor *); - krb5_error_code (KRB5_CALLCONV *end_get) + krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_keytab, krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ - krb5_error_code (KRB5_CALLCONV *add) + krb5_error_code (KRB5_CALLCONV *add) (krb5_context, krb5_keytab, krb5_keytab_entry *); - krb5_error_code (KRB5_CALLCONV *remove) + krb5_error_code (KRB5_CALLCONV *remove) (krb5_context, krb5_keytab, krb5_keytab_entry *); @@ -2588,13 +2588,13 @@ krb5_error_code KRB5_CALLCONV krb5_random_confounder (size_t, krb5_pointer); krb5_error_code krb5_encrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_data *data, + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_data *data, krb5_enc_data *enc_data); krb5_error_code krb5_decrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_enc_data *data, + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_enc_data *data, krb5_data *enc_data); krb5_error_code @@ -2639,7 +2639,7 @@ typedef struct krb5_int32 etype_count; } krb5_etypes_permitted; -krb5_boolean krb5_is_permitted_enctype_ext +krb5_boolean krb5_is_permitted_enctype_ext ( krb5_context, krb5_etypes_permitted *); krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype); @@ -2944,10 +2944,10 @@ void KRB5_CALLCONV krb5_free_realm_string /* Internal principal function used by KIM to avoid code duplication */ krb5_error_code KRB5_CALLCONV -krb5int_build_principal_alloc_va(krb5_context context, - krb5_principal *princ, - unsigned int rlen, - const char *realm, +krb5int_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, const char *first, va_list ap); diff --git a/src/include/k5-ipc_stream.h b/src/include/k5-ipc_stream.h index 680b763b05..1f56d76f2b 100644 --- a/src/include/k5-ipc_stream.h +++ b/src/include/k5-ipc_stream.h @@ -41,37 +41,37 @@ uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream); const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream); -uint32_t krb5int_ipc_stream_read (k5_ipc_stream in_stream, +uint32_t krb5int_ipc_stream_read (k5_ipc_stream in_stream, void *io_data, uint64_t in_size); -uint32_t krb5int_ipc_stream_write (k5_ipc_stream in_stream, +uint32_t krb5int_ipc_stream_write (k5_ipc_stream in_stream, const void *in_data, uint64_t in_size); -uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream, char **out_string); -uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream, const char *in_string); void krb5int_ipc_stream_free_string (char *in_string); -uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream, int32_t *out_int32); -uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, int32_t in_int32); -uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream, uint32_t *out_uint32); -uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, uint32_t in_uint32); -uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream, int64_t *out_int64); -uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, int64_t in_int64); -uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream, uint64_t *out_uint64); -uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, uint64_t in_uint64); #endif /* K5_IPC_STREAM_H */ diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index ef5dd419be..d4d05aee10 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Some platform-dependent definitions to sync up the C support level. * Some to a C99-ish level, some related utility code. diff --git a/src/include/k5-plugin.h b/src/include/k5-plugin.h index 2190c03496..498c5668c6 100644 --- a/src/include/k5-plugin.h +++ b/src/include/k5-plugin.h @@ -1,42 +1,42 @@ /* * Copyright (C) 2006 Massachusetts Institute of Technology. * All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* Just those definitions which are needed by util/support/plugins.c, @@ -108,19 +108,19 @@ krb5int_get_plugin_func (struct plugin_file_handle *, const char *, long KRB5_CALLCONV krb5int_open_plugin_dirs (const char * const *, const char * const *, struct plugin_dir_handle *, struct errinfo *); -void KRB5_CALLCONV +void KRB5_CALLCONV krb5int_close_plugin_dirs (struct plugin_dir_handle *); -long KRB5_CALLCONV -krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *, +long KRB5_CALLCONV +krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *, void ***, struct errinfo *); -void KRB5_CALLCONV +void KRB5_CALLCONV krb5int_free_plugin_dir_data (void **); -long KRB5_CALLCONV -krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *, +long KRB5_CALLCONV +krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *, void (***)(void), struct errinfo *); -void KRB5_CALLCONV +void KRB5_CALLCONV krb5int_free_plugin_dir_func (void (**)(void)); #endif /* K5_PLUGIN_H */ diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index 821fe8457a..069b51c74b 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Preliminary thread support. */ diff --git a/src/include/k5-unicode.h b/src/include/k5-unicode.h index 0f8f12a383..3a42a8269c 100644 --- a/src/include/k5-unicode.h +++ b/src/include/k5-unicode.h @@ -1,42 +1,42 @@ /* * Copyright (C) 2008 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. * diff --git a/src/include/k5-utf8.h b/src/include/k5-utf8.h index e3f134b565..c27d20923d 100644 --- a/src/include/k5-utf8.h +++ b/src/include/k5-utf8.h @@ -1,42 +1,42 @@ /* * Copyright (C) 2008 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* This work is part of OpenLDAP Software <http://www.openldap.org/>. * diff --git a/src/include/k5-util.h b/src/include/k5-util.h index 7bb8cfbe96..11b275f552 100644 --- a/src/include/k5-util.h +++ b/src/include/k5-util.h @@ -1,42 +1,42 @@ /* * Copyright (C) 1989-1998,2002 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ /* diff --git a/src/include/kdb.h b/src/include/kdb.h index d74e3e3235..7506f1c0e1 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * KDC Database interface definitions. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -112,12 +112,12 @@ */ typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; /* NOT saved */ - krb5_int16 tl_data_type; - krb5_ui_2 tl_data_length; - krb5_octet * tl_data_contents; + krb5_int16 tl_data_type; + krb5_ui_2 tl_data_length; + krb5_octet * tl_data_contents; } krb5_tl_data; -/* +/* * If this ever changes up the version number and make the arrays be as * big as necessary. * @@ -134,14 +134,14 @@ typedef struct _krb5_key_data { #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ typedef struct _krb5_keysalt { - krb5_int16 type; + krb5_int16 type; krb5_data data; /* Length, data */ } krb5_keysalt; typedef struct _krb5_db_entry_new { krb5_magic magic; /* NOT saved */ - krb5_ui_2 len; - krb5_ui_4 mask; /* members currently changed/set */ + krb5_ui_2 len; + krb5_ui_4 mask; /* members currently changed/set */ krb5_flags attributes; krb5_deltat max_life; krb5_deltat max_renewable_life; @@ -155,7 +155,7 @@ typedef struct _krb5_db_entry_new { krb5_ui_2 e_length; /* Length of extra data */ krb5_octet * e_data; /* Extra data to be saved */ - krb5_principal princ; /* Length, data */ + krb5_principal princ; /* Length, data */ krb5_tl_data * tl_data; /* Linked list */ krb5_key_data * key_data; /* Array */ } krb5_db_entry; @@ -259,11 +259,11 @@ extern char *krb5_mkey_pwd_prompt2; #define KRB5_KDB_OPEN_RO 1 #ifndef KRB5_KDB_SRV_TYPE_KDC -#define KRB5_KDB_SRV_TYPE_KDC 0x0100 +#define KRB5_KDB_SRV_TYPE_KDC 0x0100 #endif #ifndef KRB5_KDB_SRV_TYPE_ADMIN -#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 +#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 #endif #ifndef KRB5_KDB_SRV_TYPE_PASSWD @@ -271,7 +271,7 @@ extern char *krb5_mkey_pwd_prompt2; #endif #ifndef KRB5_KDB_SRV_TYPE_OTHER -#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 +#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 #endif #define KRB5_KDB_OPT_SET_DB_NAME 0 @@ -322,7 +322,7 @@ krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, char *pwd, krb5_keyblock *key ); -krb5_error_code krb5_db_set_mkey ( krb5_context context, +krb5_error_code krb5_db_set_mkey ( krb5_context context, krb5_keyblock *key); krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, krb5_keyblock **key ); @@ -335,14 +335,14 @@ krb5_error_code krb5_db_get_mkey_list( krb5_context kcontext, krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, krb5_keyblock *key ); -krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, - char *keyfile, +krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, + char *keyfile, krb5_principal mname, krb5_kvno kvno, krb5_keyblock *key, char *master_pwd); -krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext, - char *keyfile, +krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext, + char *keyfile, krb5_principal mname, krb5_keylist_node *keylist, char *master_pwd); @@ -379,12 +379,12 @@ krb5_dbe_find_enctype( krb5_context kcontext, krb5_key_data **kdatap); -krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, +krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data **kdatap); krb5_error_code @@ -437,7 +437,7 @@ krb5_dbe_lookup_mod_princ_data( krb5_context context, krb5_db_entry * entry, krb5_timestamp * mod_time, krb5_principal * mod_princ); - + krb5_error_code krb5_dbe_lookup_mkey_aux( krb5_context context, krb5_db_entry * entry, @@ -552,12 +552,12 @@ krb5_db_get_key_data_kvno( krb5_context context, */ krb5_error_code -krb5_dbe_def_search_enctype( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, +krb5_dbe_def_search_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data **kdatap); krb5_error_code @@ -651,32 +651,32 @@ krb5_dbekd_def_encrypt_key_data( krb5_context context, int keyver, krb5_key_data * key_data); -krb5_error_code -krb5_db_create_policy( krb5_context kcontext, +krb5_error_code +krb5_db_create_policy( krb5_context kcontext, osa_policy_ent_t policy); -krb5_error_code -krb5_db_get_policy ( krb5_context kcontext, - char *name, +krb5_error_code +krb5_db_get_policy ( krb5_context kcontext, + char *name, osa_policy_ent_t *policy, int *nentries); -krb5_error_code -krb5_db_put_policy( krb5_context kcontext, +krb5_error_code +krb5_db_put_policy( krb5_context kcontext, osa_policy_ent_t policy); -krb5_error_code +krb5_error_code krb5_db_iter_policy( krb5_context kcontext, char *match_entry, osa_adb_iter_policy_func func, void *data); -krb5_error_code -krb5_db_delete_policy( krb5_context kcontext, +krb5_error_code +krb5_db_delete_policy( krb5_context kcontext, char *policy); -void -krb5_db_free_policy( krb5_context kcontext, +void +krb5_db_free_policy( krb5_context kcontext, osa_policy_ent_t policy); @@ -741,8 +741,8 @@ typedef struct _kdb_vftabl { char *conf_section, char ** db_args ); - krb5_error_code (*db_get_age) ( krb5_context kcontext, - char *db_name, + krb5_error_code (*db_get_age) ( krb5_context kcontext, + char *db_name, time_t *age ); krb5_error_code (*db_set_option) ( krb5_context kcontext, @@ -820,8 +820,8 @@ typedef struct _kdb_vftabl { /* optional functions */ - krb5_error_code (*set_master_key) ( krb5_context kcontext, - char *pwd, + krb5_error_code (*set_master_key) ( krb5_context kcontext, + char *pwd, krb5_keyblock *key); krb5_error_code (*get_master_key) ( krb5_context kcontext, @@ -835,12 +835,12 @@ typedef struct _kdb_vftabl { krb5_error_code (*setup_master_key_name) ( krb5_context kcontext, char *keyname, - char *realm, - char **fullname, + char *realm, + char **fullname, krb5_principal *principal); - krb5_error_code (*store_master_key) ( krb5_context kcontext, - char *db_arg, + krb5_error_code (*store_master_key) ( krb5_context kcontext, + char *db_arg, krb5_principal mname, krb5_kvno kvno, krb5_keyblock *key, @@ -863,20 +863,20 @@ typedef struct _kdb_vftabl { krb5_kvno kvno, krb5_keylist_node **mkeys_list); - krb5_error_code (*store_master_key_list) ( krb5_context kcontext, - char *db_arg, + krb5_error_code (*store_master_key_list) ( krb5_context kcontext, + char *db_arg, krb5_principal mname, krb5_keylist_node *keylist, char *master_pwd); - krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, + krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data **kdatap); - + krb5_error_code (*db_change_pwd) ( krb5_context context, diff --git a/src/include/kdb_kt.h b/src/include/kdb_kt.h index 1dbd7f30da..a628bb326b 100644 --- a/src/include/kdb_kt.h +++ b/src/include/kdb_kt.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * KDC keytab definitions. */ diff --git a/src/include/kim/kim.h b/src/include/kim/kim.h index 050e01b031..83248e3d1b 100644 --- a/src/include/kim/kim.h +++ b/src/include/kim/kim.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -44,68 +44,68 @@ extern "C" { * * \section introduction Introduction * - * The Kerberos Identity Management API is a high level API for managing the selection + * The Kerberos Identity Management API is a high level API for managing the selection * and management of Kerberos credentials. It is intended for use by applications, - * credential management applications (eg: kinit, kpasswd, etc) and internally by the - * Kerberos libraries. Under some circumstances client applications may also benefit + * credential management applications (eg: kinit, kpasswd, etc) and internally by the + * Kerberos libraries. Under some circumstances client applications may also benefit * from the Kerberos Identity Management API. * * * \section conventions API Conventions * - * Although KIM currently only provides a C API, it attempts to make that API as - * object-oriented as possible. KIM functions are grouped by object and all of the - * object types are opaque, including errors. The reason for this is two-fold. First, - * the KIM API is rather large. Grouping functions by object allows the API to be - * broken up into smaller, more manageable chunks. Second, providing an object-like C + * Although KIM currently only provides a C API, it attempts to make that API as + * object-oriented as possible. KIM functions are grouped by object and all of the + * object types are opaque, including errors. The reason for this is two-fold. First, + * the KIM API is rather large. Grouping functions by object allows the API to be + * broken up into smaller, more manageable chunks. Second, providing an object-like C * API will make it easier to port to object oriented languages. * - * Because C lacks classes and other object oriented syntax, KIM functions adhere to + * Because C lacks classes and other object oriented syntax, KIM functions adhere to * the following naming conventions to make functions easier to identify: * * \li Functions beginning with \b kim_object_create are constructors for an object of * type kim_object. On success these functions return a newly allocated object which * must later be freed by the caller. - * + * * \li Functions of the form \b kim_object_copy are copy constructors. They instantiate * a new object of kim_object from an object of the same type. - * - * \li Functions of the form \b kim_object_free are destructors for objects of type - * kim_object. + * + * \li Functions of the form \b kim_object_free are destructors for objects of type + * kim_object. * * \li Functions beginning with \b kim_object_get and \b kim_object_set * examine and modify properties of objects of type kim_object. * - * \li All KIM APIs except destructors and error management APIs return a - * KIM Error object (kim_error_t). + * \li All KIM APIs except destructors and error management APIs return a + * KIM Error object (kim_error_t). * * * \section terminology Terminology * * Kerberos organizes its authentication tokens by client identity (the name of the user) - * and service identity (the name of a service). The following terms are used throughout + * and service identity (the name of a service). The following terms are used throughout * this documentation: * - * \li <b>credential</b> - A token which authenticates a client identity to a - * service identity. + * \li <b>credential</b> - A token which authenticates a client identity to a + * service identity. * - * \li <b>ccache</b> - Short for "credentials cache". A set of credentials for a single + * \li <b>ccache</b> - Short for "credentials cache". A set of credentials for a single * client identity. * * \li <b>cache collection</b> - The set of all credential caches. * - * \li <b>default ccache</b> - A credentials cache that the Kerberos libraries will use + * \li <b>default ccache</b> - A credentials cache that the Kerberos libraries will use * if no ccache is specified by the caller. Use of the default - * ccache is now discouraged. Instead applications should use + * ccache is now discouraged. Instead applications should use * selection hints to choose an appropriate client identity. * * \section selection_api Client Identity Selection APIs * - * KIM provides high level APIs for applications to select which client identity to - * use. Use of these APIs is intended to replace the traditional "default ccache" + * KIM provides high level APIs for applications to select which client identity to + * use. Use of these APIs is intended to replace the traditional "default ccache" * mechanism previously used by Kerberos. - * - * <B>KIM Selection Hints (kim_selection_hints_t)</B> controls options for selecting + * + * <B>KIM Selection Hints (kim_selection_hints_t)</B> controls options for selecting * a client identity: * - \subpage kim_selection_hints_overview * - \subpage kim_selection_hints_reference @@ -117,14 +117,14 @@ extern "C" { * * \section management_api Credential Management APIs * - * KIM also provides APIs for acquiring new credentials over the network + * KIM also provides APIs for acquiring new credentials over the network * by contacting a KDC and for viewing and modifying the existing credentials * in the cache collection * * Whether or not you use the credential or ccache APIs depends on * whether you want KIM to store any newly acquired credentials in the - * cache collection. KIM ccache APIs always create a ccache in the cache - * collection containing newly acquired credentials whereas the KIM + * cache collection. KIM ccache APIs always create a ccache in the cache + * collection containing newly acquired credentials whereas the KIM * credential APIs just return a credential object. In general most * callers want to store newly acquired credentials and should use the * KIM ccache APIs when acquiring credentials. @@ -133,14 +133,14 @@ extern "C" { * - \subpage kim_ccache_overview * - \subpage kim_ccache_reference * - * <B>KIM Credential (kim_credential_t)</B> manipulates credentials: + * <B>KIM Credential (kim_credential_t)</B> manipulates credentials: * - \subpage kim_credential_overview * - \subpage kim_credential_reference * * <B>KIM Options (kim_options_t)</B> control options for credential acquisition: * - \subpage kim_options_overview * - \subpage kim_options_reference - * + * * <B>KIM Preferences (kim_preferences_t)</B> views and edits the current user's preferences: * - \subpage kim_preferences_overview * - \subpage kim_preferences_reference diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index a1cba17101..88cfeb602d 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -30,45 +30,45 @@ extern "C" { #endif #include <kim/kim_types.h> - + /*! * \page kim_ccache_overview KIM CCache Overview * * \section kim_ccache_introduction Introduction * * Kerberos credentials are stored in "ccaches" (short for "credentials caches"). - * The set of all ccaches which the KIM can use is called the "cache collection". - * Each ccache has a name and type which uniquely identify it in the cache - * collection and a client identity. The ccache's client identity is the - * identity whose credentials are stored in the ccache. This allows for easy - * lookup of all the credentials for a given identity. + * The set of all ccaches which the KIM can use is called the "cache collection". + * Each ccache has a name and type which uniquely identify it in the cache + * collection and a client identity. The ccache's client identity is the + * identity whose credentials are stored in the ccache. This allows for easy + * lookup of all the credentials for a given identity. * * KIM attempts to preserve a one-to-one relationship between client identities * and ccaches. If the KIM is used to manipulate the cache collection, there * will be one ccache per identity. However, because low-level APIs allow callers - * to create multiple ccaches for the same client identity or a single ccache + * to create multiple ccaches for the same client identity or a single ccache * containing credentials for different client identities, KIM handles those - * situations. In general when searching KIM will find the first ccache matching - * the requested client identity. It will not find credentials for the requested + * situations. In general when searching KIM will find the first ccache matching + * the requested client identity. It will not find credentials for the requested * client identity if they are in a ccache with a different client identity. * - * The kim_ccache_t object is a reference to a ccache in the cache collection. - * If other applications make changes to the the ccache pointed to by a KIM ccache - * object, the object will immediately show those changes. KIM performs locking - * on the cache collection to prevent deadlocks and maintain a consistent behavior + * The kim_ccache_t object is a reference to a ccache in the cache collection. + * If other applications make changes to the the ccache pointed to by a KIM ccache + * object, the object will immediately show those changes. KIM performs locking + * on the cache collection to prevent deadlocks and maintain a consistent behavior * when multiple applications attempt to modify the cache collection. * - * \note KIM ccache APIs are intended for applications and system + * \note KIM ccache APIs are intended for applications and system * tools which manage credentials for the user. They are not a substitute for * krb5 and GSSAPI functions which obtain service credentials for the purpose * of authenticating a client to an application server. - * + * * \section kim_credential_cache_collection Acquiring a CCache from the Cache Collection * * KIM provides a simple iterator API for iterating over the ccaches - * in the cache collection. First, call #kim_ccache_iterator_create() to obtain - * an iterator for the cache collection. Then loop calling - * #kim_ccache_iterator_next() until either you find the ccache you are looking + * in the cache collection. First, call #kim_ccache_iterator_create() to obtain + * an iterator for the cache collection. Then loop calling + * #kim_ccache_iterator_next() until either you find the ccache you are looking * for or the API returns a NULL ccache, indicating that there are no more * ccaches in the cache collection. When you are done with the iterator, call * #kim_ccache_iterator_free(). @@ -80,15 +80,15 @@ extern "C" { * which returns the ccache for a specific client identity, if any exists. * Typically callers of this API obtain the client identity using * #kim_selection_hints_get_identity(). - * + * * * \section kim_ccache_acquire_default Acquiring Credentials from the Default CCache * * #kim_ccache_create_from_default() returns the default ccache. - * The default ccache is a legacy concept which was replaced by selection - * hints. Prior to the existence of selection hints, applications always - * looked at the default ccache for credentials. By setting the system default - * ccache, users could manually control which credentials each application used. + * The default ccache is a legacy concept which was replaced by selection + * hints. Prior to the existence of selection hints, applications always + * looked at the default ccache for credentials. By setting the system default + * ccache, users could manually control which credentials each application used. * As the number of ccaches and applications has grown, this mechanism has become * unusable. You should avoid using this API whenever possible. * @@ -96,39 +96,39 @@ extern "C" { * \section kim_ccache_acquire_new Acquiring New Credentials in a CCache * * KIM provides the #kim_ccache_create_new() API for acquiring new - * credentials and storing them in a ccache. Credentials can either be - * obtained for a specific client identity or by specifying - * #KIM_IDENTITY_ANY to allow the user to choose. Typically - * callers of this API obtain the client identity using + * credentials and storing them in a ccache. Credentials can either be + * obtained for a specific client identity or by specifying + * #KIM_IDENTITY_ANY to allow the user to choose. Typically + * callers of this API obtain the client identity using * #kim_selection_hints_get_identity(). Depending on the kim_options - * specified, #kim_ccache_create_new() may present a GUI or command line + * specified, #kim_ccache_create_new() may present a GUI or command line * prompt to obtain information from the user. - * - * #kim_ccache_create_new_if_needed() + * + * #kim_ccache_create_new_if_needed() * searches the cache collection for a ccache for the client identity * and if no appropriate ccache is available, attempts to acquire - * new credentials and store them in a new ccache. Depending on the - * kim_options specified, #kim_ccache_create_new_if_needed() may - * present a GUI or command line prompt to obtain information from the - * user. This function exists for convenience and to avoid code duplication. - * It can be trivially implemented using - * #kim_ccache_create_from_client_identity() and #kim_ccache_create_new(). + * new credentials and store them in a new ccache. Depending on the + * kim_options specified, #kim_ccache_create_new_if_needed() may + * present a GUI or command line prompt to obtain information from the + * user. This function exists for convenience and to avoid code duplication. + * It can be trivially implemented using + * #kim_ccache_create_from_client_identity() and #kim_ccache_create_new(). * * For legacy password-based Kerberos environments KIM also provides - * #kim_ccache_create_new_with_password() and - * #kim_ccache_create_new_if_needed_with_password(). You should not use these - * functions unless you know that they will only be used in environments using + * #kim_ccache_create_new_with_password() and + * #kim_ccache_create_new_if_needed_with_password(). You should not use these + * functions unless you know that they will only be used in environments using * passwords. Otherwise users without passwords may be prompted for them. * - * KIM provides the #kim_ccache_create_from_keytab() to create credentials - * using a keytab and store them in the cache collection. A keytab is an - * on-disk copy of a client identity's secret key. Typically sites use - * keytabs for client identities that identify a machine or service and - * protect the keytab with disk permissions. Because a keytab is - * sufficient to obtain credentials, keytabs will normally only be readable - * by root, Administrator or some other privileged account. + * KIM provides the #kim_ccache_create_from_keytab() to create credentials + * using a keytab and store them in the cache collection. A keytab is an + * on-disk copy of a client identity's secret key. Typically sites use + * keytabs for client identities that identify a machine or service and + * protect the keytab with disk permissions. Because a keytab is + * sufficient to obtain credentials, keytabs will normally only be readable + * by root, Administrator or some other privileged account. * Typically applications use credentials obtained from keytabs to obtain - * credentials for batch processes. These keytabs and credentials are usually + * credentials for batch processes. These keytabs and credentials are usually * for a special identity used for the batch process rather than a user * identity. * @@ -136,16 +136,16 @@ extern "C" { * \section kim_ccache_validate Validating Credentials in a CCache * * A credential with a start time in the future (ie: after the issue date) - * is called a post-dated credential. Because the KDC administrator may + * is called a post-dated credential. Because the KDC administrator may * wish to disable a identity, once the start time is reached, all post-dated * credentials must be validated before they can be used. Otherwise an - * attacker using a compromised account could acquire lots of post-dated + * attacker using a compromised account could acquire lots of post-dated * credentials to circumvent the acccount being disabled. * - * KIM provides the #kim_ccache_validate() API to validate the TGT - * credential in a ccache. Note that this API replaces any existing + * KIM provides the #kim_ccache_validate() API to validate the TGT + * credential in a ccache. Note that this API replaces any existing * credentials with the validated credential. - * + * * * \section kim_ccache_renew Renewing Credentials in a CCache * @@ -155,52 +155,52 @@ extern "C" { * valid. * * KIM provides the #kim_ccache_renew() API to renew the TGT credential - * in a ccache. Note that this API replaces any existing credentials with the + * in a ccache. Note that this API replaces any existing credentials with the * renewed credential. * * * \section kim_ccache_verify Verifying Credentials in a CCache * * When a program acquires TGT credentials for the purpose of authenticating - * itself to the machine it is running on, it is insufficient for the machine - * to assume that the caller is authorized just because it got credentials. - * Instead, the credentials must be verified using a key the local machine. - * The reason this is necessary is because an attacker can trick the + * itself to the machine it is running on, it is insufficient for the machine + * to assume that the caller is authorized just because it got credentials. + * Instead, the credentials must be verified using a key the local machine. + * The reason this is necessary is because an attacker can trick the * machine into obtaining credentials from any KDC, including malicious ones - * with the same realm name as the local machine's realm. This exploit is - * called the Zanarotti attack. + * with the same realm name as the local machine's realm. This exploit is + * called the Zanarotti attack. * * In order to avoid the Zanarotti attack, the local machine must authenticate * the process in the same way an application server would authenticate a client. - * Like an application server, the local machine must have its own identity in + * Like an application server, the local machine must have its own identity in * its realm and a keytab for that identity on its local disk. However, - * rather than forcing system daemons to use the network-oriented calls in the - * krb5 and GSS APIs, KIM provides the #kim_ccache_verify() API to - * verify credentials directly. - * - * The most common reason for using #kim_ccache_verify() is user login. + * rather than forcing system daemons to use the network-oriented calls in the + * krb5 and GSS APIs, KIM provides the #kim_ccache_verify() API to + * verify credentials directly. + * + * The most common reason for using #kim_ccache_verify() is user login. * If the local machine wants to use Kerberos to verify the username and password * provided by the user, it must call #kim_ccache_verify() on the credentials * it obtains to make sure they are really from a KDC it trusts. Another common * case is a server which is only using Kerberos internally. For example an * LDAP or web server might use a username and password obtained over the network - * to get Kerberos credentials. In order to make sure they aren't being tricked - * into talking to the wrong KDC, these servers must also call + * to get Kerberos credentials. In order to make sure they aren't being tricked + * into talking to the wrong KDC, these servers must also call * #kim_ccache_verify(). - * - * The Zanarotti attack is only a concern if the act of accessing the machine - * gives the process special access. Thus a managed cluster machine with - * Kerberos-authenticated networked home directories does not need to call - * #kim_ccache_verify(). Even though an attacker can log in as any user on - * the cluster machine, the attacker can't actually access any of the user's data - * or use any of their privileges because those are all authenticated via - * Kerberized application servers (and thus require actually having credentials + * + * The Zanarotti attack is only a concern if the act of accessing the machine + * gives the process special access. Thus a managed cluster machine with + * Kerberos-authenticated networked home directories does not need to call + * #kim_ccache_verify(). Even though an attacker can log in as any user on + * the cluster machine, the attacker can't actually access any of the user's data + * or use any of their privileges because those are all authenticated via + * Kerberized application servers (and thus require actually having credentials * for the real local realm). * - * #kim_ccache_verify() provides an option to - * return success even if the machine's host key is not present. This option - * exists for sites which have a mix of different machines, some of which are - * vulnerable to the Zanarotti attack and some are not. If this option is used, + * #kim_ccache_verify() provides an option to + * return success even if the machine's host key is not present. This option + * exists for sites which have a mix of different machines, some of which are + * vulnerable to the Zanarotti attack and some are not. If this option is used, * it is the responsiblity of the machine's maintainer to obtain a keytab * for their machine if it needs one. * @@ -219,48 +219,48 @@ extern "C" { * identifies a ccache. A ccache display name is of the form "<type>:<name>" * and can be displayed to the user or used as an argument to certain krb5 * APIs, such as krb5_cc_resolve(). - * + * * \li #kim_ccache_get_client_identity() * returns the ccache's client identity. * - * \li #kim_ccache_get_valid_credential() - * returns the first valid TGT in the ccache for its client identity. + * \li #kim_ccache_get_valid_credential() + * returns the first valid TGT in the ccache for its client identity. * If there are no TGTs in the ccache, it returns the first - * valid non-TGT credential for the ccache's client identity. - * TGT credentials (ie: "ticket-granting tickets") are credentials for - * the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>". - * These credentials allow the entity named by the client identity to obtain + * valid non-TGT credential for the ccache's client identity. + * TGT credentials (ie: "ticket-granting tickets") are credentials for + * the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>". + * These credentials allow the entity named by the client identity to obtain * additional credentials without resending shared secrets (such as a password) * to the KDC. Kerberos uses TGTs to provide single sign-on authentication. * - * \li #kim_ccache_get_start_time() - * returns when the credential's in a ccache will become valid. - * Credentials may be "post-dated" which means that their lifetime starts sometime - * in the future. Note that when a post-dated credential's start time is reached, + * \li #kim_ccache_get_start_time() + * returns when the credential's in a ccache will become valid. + * Credentials may be "post-dated" which means that their lifetime starts sometime + * in the future. Note that when a post-dated credential's start time is reached, * the credential must be validated. See \ref kim_credential_validate for more information. * - * \li #kim_ccache_get_expiration_time() - * returns when the credential's in a ccache will expire. - * Credentials are time limited by the lifetime of the credential. While you can - * request a credential of any lifetime, the KDC limits the credential lifetime + * \li #kim_ccache_get_expiration_time() + * returns when the credential's in a ccache will expire. + * Credentials are time limited by the lifetime of the credential. While you can + * request a credential of any lifetime, the KDC limits the credential lifetime * to a administrator-defined maximum. Typically credential lifetime range from 10 * to 21 hours. * - * \li #kim_ccache_get_renewal_expiration_time() - * returns when the credential's in a ccache will no longer be renewable. - * Valid credentials may be renewed up until their renewal expiration time. - * Renewing credentials acquires a fresh set of credentials with a full lifetime - * without resending secrets to the KDC (such as a password). If credentials are + * \li #kim_ccache_get_renewal_expiration_time() + * returns when the credential's in a ccache will no longer be renewable. + * Valid credentials may be renewed up until their renewal expiration time. + * Renewing credentials acquires a fresh set of credentials with a full lifetime + * without resending secrets to the KDC (such as a password). If credentials are * not renewable, this function will return an error. * - * \li #kim_ccache_get_options() + * \li #kim_ccache_get_options() * returns a kim_options object with the credential options of the credentials - * in the ccache. This function is intended to be used when adding + * in the ccache. This function is intended to be used when adding * an identity with existing credentials to the favorite identities list. * By passing in the options returned by this call, future requests for the * favorite identity will use the same credential options. * - * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for + * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for * information on specific APIs. */ @@ -279,8 +279,8 @@ kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator); /*! * \param in_ccache_iterator a ccache iterator object. - * \param out_ccache on exit, the next ccache in the cache collection. If there are - * no more ccaches in the cache collection this argument will be + * \param out_ccache on exit, the next ccache in the cache collection. If there are + * no more ccaches in the cache collection this argument will be * set to NULL. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the next ccache in the cache collection. @@ -302,13 +302,13 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator); */ /*! - * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired + * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired * initial credential. Must be freed with kim_ccache_free(). - * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to + * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to * allow the user to choose. - * \param in_options options to control credential acquisition. - * \note #kim_ccache_create_new() may - * present a GUI or command line prompt to obtain information from the user. + * \param in_options options to control credential acquisition. + * \note #kim_ccache_create_new() may + * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential and store it in a ccache. */ @@ -317,14 +317,14 @@ kim_error kim_ccache_create_new (kim_ccache *out_ccache, kim_options in_options); /*! - * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired + * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired * initial credential. Must be freed with kim_ccache_free(). - * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to + * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to * allow the user to choose. - * \param in_options options to control credential acquisition. - * \param in_password a password to be used while obtaining credentials. + * \param in_options options to control credential acquisition. + * \param in_password a password to be used while obtaining credentials. * \note #kim_ccache_create_new_with_password() exists to support - * legacy password-based Kerberos environments. You should not use this + * legacy password-based Kerberos environments. You should not use this * function unless you know that it will only be used in environments using passwords. * This function may also present a GUI or command line prompt to obtain * additional information needed to obtain credentials (eg: SecurID pin). @@ -338,12 +338,12 @@ kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, kim_string in_password); /*! - * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired + * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired * initial credential. Must be freed with kim_ccache_free(). * \param in_client_identity a client identity to obtain a credential for. - * \param in_options options to control credential acquisition (if a credential is acquired). - * \note #kim_ccache_create_new_if_needed() may - * present a GUI or command line prompt to obtain information from the user. + * \param in_options options to control credential acquisition (if a credential is acquired). + * \note #kim_ccache_create_new_if_needed() may + * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Find a ccache containing a valid initial credential in the cache collection, or if * unavailable, acquire and store a new initial credential. @@ -353,13 +353,13 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_options in_options); /*! - * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired + * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired * initial credential. Must be freed with kim_ccache_free(). * \param in_client_identity a client identity to obtain a credential for. - * \param in_options options to control credential acquisition (if a credential is acquired). - * \param in_password a password to be used while obtaining credentials. + * \param in_options options to control credential acquisition (if a credential is acquired). + * \param in_password a password to be used while obtaining credentials. * \note #kim_ccache_create_new_if_needed_with_password() exists to support - * legacy password-based Kerberos environments. You should not use this + * legacy password-based Kerberos environments. You should not use this * function unless you know that it will only be used in environments using passwords. * This function may also present a GUI or command line prompt to obtain * additional information needed to obtain credentials (eg: SecurID pin). @@ -373,10 +373,10 @@ kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccach kim_string in_password); /*! - * \param out_ccache on exit, a ccache object for a ccache containing a TGT + * \param out_ccache on exit, a ccache object for a ccache containing a TGT * credential. Must be freed with kim_ccache_free(). - * \param in_client_identity a client identity to find a ccache for. If - * \a in_client_identity is #KIM_IDENTITY_ANY, this + * \param in_client_identity a client identity to find a ccache for. If + * \a in_client_identity is #KIM_IDENTITY_ANY, this * function returns the default ccache * (ie: is equivalent to #kim_ccache_create_from_default()). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -386,13 +386,13 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, kim_identity in_client_identity); /*! - * \param out_ccache on exit, a new ccache object containing an initial credential - * for the client identity \a in_identity obtained using in_keytab. + * \param out_ccache on exit, a new ccache object containing an initial credential + * for the client identity \a in_identity obtained using in_keytab. * Must be freed with kim_ccache_free(). * \param in_identity a client identity to obtain a credential for. Specify NULL for * the first client identity in the keytab. - * \param in_options options to control credential acquisition. - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \param in_options options to control credential acquisition. + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential from a keytab and store it in a ccache. */ @@ -402,7 +402,7 @@ kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, kim_string in_keytab); /*! - * \param out_ccache on exit, a ccache object for the default ccache. + * \param out_ccache on exit, a ccache object for the default ccache. * Must be freed with kim_ccache_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the default ccache. @@ -410,7 +410,7 @@ kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, kim_error kim_ccache_create_from_default (kim_ccache *out_ccache); /*! - * \param out_ccache on exit, a ccache object for the ccache identified by + * \param out_ccache on exit, a ccache object for the ccache identified by * \a in_display_name. Must be freed with kim_ccache_free(). * \param in_display_name a ccache display name string (ie: "TYPE:NAME"). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -421,10 +421,10 @@ kim_error kim_ccache_create_from_display_name (kim_ccache *out_ccache, kim_string in_display_name); /*! - * \param out_ccache on exit, a ccache object for the ccache identified by + * \param out_ccache on exit, a ccache object for the ccache identified by * \a in_type and \a in_name. Must be freed with kim_ccache_free(). - * \param in_type a ccache type string. - * \param in_name a ccache name string. + * \param in_type a ccache type string. + * \param in_name a ccache name string. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \note This API is provided for backwards compatibilty with applications which are not * KIM-aware and should be avoided whenever possible. @@ -435,10 +435,10 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, kim_string in_name); /*! - * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. + * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. * Must be freed with kim_ccache_free(). - * \param in_krb5_context the krb5 context used to create \a in_krb5_ccache. - * \param in_krb5_ccache a krb5 ccache object. + * \param in_krb5_context the krb5 context used to create \a in_krb5_ccache. + * \param in_krb5_ccache a krb5 ccache object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get a ccache for a krb5 ccache. */ @@ -447,9 +447,9 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, krb5_ccache in_krb5_ccache); /*! - * \param out_ccache on exit, the new ccache object which is a copy of in_ccache. + * \param out_ccache on exit, the new ccache object which is a copy of in_ccache. * Must be freed with kim_ccache_free(). - * \param in_ccache a ccache object. + * \param in_ccache a ccache object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a ccache. */ @@ -459,7 +459,7 @@ kim_error kim_ccache_copy (kim_ccache *out_ccache, /*! * \param in_ccache a ccache object. * \param in_compare_to_ccache a ccache object. - * \param out_comparison on exit, a comparison of \a in_ccache and + * \param out_comparison on exit, a comparison of \a in_ccache and * \a in_compare_to_ccache which determines whether * or not the two ccache objects refer to the same ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -468,11 +468,11 @@ kim_error kim_ccache_copy (kim_ccache *out_ccache, kim_error kim_ccache_compare (kim_ccache in_ccache, kim_ccache in_compare_to_ccache, kim_comparison *out_comparison); - + /*! - * \param in_ccache a ccache object. - * \param in_krb5_context a krb5 context which will be used to create out_krb5_ccache. - * \param out_krb5_ccache on exit, a new krb5 ccache object which is a copy of in_ccache. + * \param in_ccache a ccache object. + * \param in_krb5_context a krb5 context which will be used to create out_krb5_ccache. + * \param out_krb5_ccache on exit, a new krb5 ccache object which is a copy of in_ccache. * Must be freed with krb5_cc_close() or krb5_cc_destroy(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get a krb5 ccache for a ccache. @@ -482,7 +482,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache, krb5_ccache *out_krb5_ccache); /*! - * \param in_ccache a ccache object. + * \param in_ccache a ccache object. * \param out_name on exit, the name string of \a in_ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the name of a ccache. @@ -491,7 +491,7 @@ kim_error kim_ccache_get_name (kim_ccache in_ccache, kim_string *out_name); /*! - * \param in_ccache a ccache object. + * \param in_ccache a ccache object. * \param out_type on exit, the type string of \a in_ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the type of a ccache. @@ -500,8 +500,8 @@ kim_error kim_ccache_get_type (kim_ccache in_ccache, kim_string *out_type); /*! - * \param in_ccache a ccache object. - * \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for + * \param in_ccache a ccache object. + * \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for * display to the user in command line programs. (ie: "<type>:<name>") * Must be freed with kim_string_free(). * Note: this string can also be passed to krb5_cc_resolve(). @@ -512,8 +512,8 @@ kim_error kim_ccache_get_display_name (kim_ccache in_ccache, kim_string *out_display_name); /*! - * \param in_ccache a ccache object. - * \param out_client_identity on exit, an identity object containing the client identity of + * \param in_ccache a ccache object. + * \param out_client_identity on exit, an identity object containing the client identity of * \a in_ccache. Must be freed with kim_identity_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the client identity for a ccache. @@ -522,15 +522,15 @@ kim_error kim_ccache_get_client_identity (kim_ccache in_ccache, kim_identity *out_client_identity); /*! - * \param in_ccache a ccache object. - * \param out_credential on exit, the first valid credential in \a in_ccache. + * \param in_ccache a ccache object. + * \param out_credential on exit, the first valid credential in \a in_ccache. * Must be freed with kim_credential_free(). Set to NULL * if you only want return value, not the actual credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the first valid credential in a ccache. * \note This function prefers valid TGT credentials. If there are only non-valid TGTs - * in the ccache, it will always return an error. However, if there are no - * TGTs at all, it will return the first valid non-TGT credential. If you only want + * in the ccache, it will always return an error. However, if there are no + * TGTs at all, it will return the first valid non-TGT credential. If you only want * TGTs, use kim_credential_is_tgt() to verify that \a out_credential is a tgt. */ kim_error kim_ccache_get_valid_credential (kim_ccache in_ccache, @@ -538,20 +538,20 @@ kim_error kim_ccache_get_valid_credential (kim_ccache in_ccache, /*! * \param in_ccache a ccache object. - * \param out_state on exit, the state of the credentials in \a in_ccache. + * \param out_state on exit, the state of the credentials in \a in_ccache. * See #kim_credential_state_enum for the possible values * of \a out_state. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Check the state of the credentials in a ccache (valid, expired, postdated, etc). - * \note This function prefers TGT credentials. If there are any TGTs in the - * ccache, it will always return their state. However, if there are no + * \note This function prefers TGT credentials. If there are any TGTs in the + * ccache, it will always return their state. However, if there are no * TGTs at all, it will return the state of the first non-TGT credential. */ kim_error kim_ccache_get_state (kim_ccache in_ccache, kim_credential_state *out_state); - + /*! - * \param in_ccache a ccache object. + * \param in_ccache a ccache object. * \param out_start_time on exit, the time when the credentials in \a in_ccache * become valid. May be in the past or future. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -561,8 +561,8 @@ kim_error kim_ccache_get_start_time (kim_ccache in_ccache, kim_time *out_start_time); /*! - * \param in_ccache a ccache object. - * \param out_expiration_time on exit, the time when the credentials in + * \param in_ccache a ccache object. + * \param out_expiration_time on exit, the time when the credentials in * \a in_ccache will expire. May be in the past or future. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the time when the credentials in the ccache will expire. @@ -571,8 +571,8 @@ kim_error kim_ccache_get_expiration_time (kim_ccache in_ccache, kim_time *out_expiration_time); /*! - * \param in_ccache a ccache object. - * \param out_renewal_expiration_time on exit, the time when the credentials in \a in_ccache + * \param in_ccache a ccache object. + * \param out_renewal_expiration_time on exit, the time when the credentials in \a in_ccache * will no longer be renewable. May be in the past or future. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the time when the credentials in the ccache will no longer be renewable. @@ -581,7 +581,7 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache, kim_time *out_renewal_expiration_time); /*! - * \param in_ccache a ccache object. + * \param in_ccache a ccache object. * \param out_options on exit, an options object reflecting the ticket * options of the credentials in \a in_ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -591,7 +591,7 @@ kim_error kim_ccache_get_options (kim_ccache in_ccache, kim_options *out_options); /*! - * \param io_ccache a ccache object which will be set to the default ccache. + * \param io_ccache a ccache object which will be set to the default ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \note This API is provided for backwards compatibilty with applications which are not * KIM-aware and should be avoided whenever possible. @@ -600,14 +600,14 @@ kim_error kim_ccache_get_options (kim_ccache in_ccache, kim_error kim_ccache_set_default (kim_ccache io_ccache); /*! - * \param in_ccache a ccache object containing the TGT credential to be verified. - * \param in_service_identity a service identity to look for in the keytab. Specify + * \param in_ccache a ccache object containing the TGT credential to be verified. + * \param in_service_identity a service identity to look for in the keytab. Specify * KIM_IDENTITY_ANY to use the default service identity * (usually host/<host's FQDN>@<host's local realm>). - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity - * in the host's keytab will cause a failure. - * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to + * in the host's keytab will cause a failure. + * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to * the Zanarotti attack if the host has no keytab installed. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Verify the TGT in a ccache. @@ -618,7 +618,7 @@ kim_error kim_ccache_verify (kim_ccache in_ccache, kim_boolean in_fail_if_no_service_key); /*! - * \param in_ccache a ccache object containing a TGT to be renewed. + * \param in_ccache a ccache object containing a TGT to be renewed. * \param in_options initial credential options to be used if a new credential is obtained. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Renew the TGT in a ccache. @@ -627,7 +627,7 @@ kim_error kim_ccache_renew (kim_ccache in_ccache, kim_options in_options); /*! - * \param in_ccache a ccache object containing a TGT to be validated. + * \param in_ccache a ccache object containing a TGT to be validated. * \param in_options initial credential options. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Validate the TGT in a ccache. diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h index c061f1199b..634c458f05 100644 --- a/src/include/kim/kim_credential.h +++ b/src/include/kim/kim_credential.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -28,10 +28,10 @@ #ifdef __cplusplus extern "C" { #endif - + #include <kim/kim_types.h> #include <krb5.h> - + /*! * \addtogroup kim_types_reference * @{ @@ -41,12 +41,12 @@ extern "C" { * Possible credential states. Credentials may be: * \li valid - The credential can be used. * \li expired - The credential's lifetime has been exceeded. - * \li not_yet_valid - The credential is post dated and the time when + * \li not_yet_valid - The credential is post dated and the time when * it becomes valid has not yet been reached. * \li needs_validation - The credential is post-dated and although * the time when it becomes valid has been reached * it has not yet been validated. - * \li address_mismatch - The credential contains IP address(es) which do + * \li address_mismatch - The credential contains IP address(es) which do * not match the host's local address(es). */ enum kim_credential_state_enum { @@ -63,23 +63,23 @@ enum kim_credential_state_enum { */ typedef int kim_credential_state; -/*! @} */ +/*! @} */ /*! * \page kim_credential_overview KIM Credential Overview * * \section kim_credential_introduction Introduction * - * A Kerberos credential (also called a "Kerberos ticket") is a time-limited - * token issued by a KDC which authenticates the entity named by the credential's - * client identity to the service named by the credential's service identity. + * A Kerberos credential (also called a "Kerberos ticket") is a time-limited + * token issued by a KDC which authenticates the entity named by the credential's + * client identity to the service named by the credential's service identity. * * The kim_credential object contains a single Kerberos credential. KIM credentials * objects are always copies of credentials, not references to credentials - * stored in the cache collection. Modifying credential objects in the ccache + * stored in the cache collection. Modifying credential objects in the ccache * collection will not change any existing KIM credential objects. * - * KIM credential APIs are intended for applications and system + * KIM credential APIs are intended for applications and system * tools which manage credentials for the user. They are not a substitute for * krb5 and GSSAPI functions which obtain service credentials for the purpose * of authenticating a client to an application server. @@ -87,7 +87,7 @@ typedef int kim_credential_state; * \note Many of the APIs listed below have equivalent functions which * operate on ccaches. In most cases applications will want to use the * ccache versions of these APIs since they automatically store any - * newly created credentials. See \ref kim_ccache_overview for more + * newly created credentials. See \ref kim_ccache_overview for more * information. * * @@ -95,25 +95,25 @@ typedef int kim_credential_state; * * KIM provides the #kim_credential_create_new() API for acquiring new * credentials. Credentials can either be obtained for a specific - * client identity or by specifying #KIM_IDENTITY_ANY to allow + * client identity or by specifying #KIM_IDENTITY_ANY to allow * the user to choose. Typically callers of this API obtain the client - * identity using #kim_selection_hints_get_identity(). Depending on the - * kim_options specified, #kim_credential_create_new() may present a + * identity using #kim_selection_hints_get_identity(). Depending on the + * kim_options specified, #kim_credential_create_new() may present a * GUI or command line prompt to obtain information from the user. * * For legacy password-based Kerberos environments KIM also provides - * #kim_credential_create_new_with_password(). You should not use this - * function unless you know that it will only be used in environments using + * #kim_credential_create_new_with_password(). You should not use this + * function unless you know that it will only be used in environments using * passwords. Otherwise users without passwords may be prompted for them. * - * KIM provides the #kim_credential_create_from_keytab() to create credentials - * using a keytab. A keytab is an on-disk copy of a client identity's secret - * key. Typically sites use keytabs for client identities that identify a - * machine or service and protect the keytab with disk permissions. Because - * a keytab is sufficient to obtain credentials, keytabs will normally only - * be readable by root, Administrator or some other privileged account. + * KIM provides the #kim_credential_create_from_keytab() to create credentials + * using a keytab. A keytab is an on-disk copy of a client identity's secret + * key. Typically sites use keytabs for client identities that identify a + * machine or service and protect the keytab with disk permissions. Because + * a keytab is sufficient to obtain credentials, keytabs will normally only + * be readable by root, Administrator or some other privileged account. * Typically applications use credentials obtained from keytabs to obtain - * credentials for batch processes. These keytabs and credentials are usually + * credentials for batch processes. These keytabs and credentials are usually * for a special identity used for the batch process rather than a user * identity. * @@ -121,18 +121,18 @@ typedef int kim_credential_state; * \section kim_credential_validate Validating Credentials * * A credential with a start time in the future (ie: after the issue date) - * is called a post-dated credential. Because the KDC administrator may + * is called a post-dated credential. Because the KDC administrator may * wish to disable a identity, once the start time is reached, all post-dated * credentials must be validated before they can be used. Otherwise an - * attacker using a compromised account could acquire lots of post-dated + * attacker using a compromised account could acquire lots of post-dated * credentials to circumvent the acccount being disabled. * * KIM provides the #kim_credential_validate() API to validate a credential. - * Note that this API replaces the credential object with a new validated - * credential object. If you wish to store the new credential in the - * ccache collection you must either call #kim_credential_store() on the + * Note that this API replaces the credential object with a new validated + * credential object. If you wish to store the new credential in the + * ccache collection you must either call #kim_credential_store() on the * validated credential or use #kim_ccache_validate() instead. - * + * * * \section kim_credential_renew Renewing Credentials * @@ -142,19 +142,19 @@ typedef int kim_credential_state; * valid. * * KIM provides the #kim_credential_renew() API to renew a credential. - * Note that this API replaces the credential object with a new renewed - * credential object. If you wish to store the new credential in the - * ccache collection you must either call #kim_credential_store() on the + * Note that this API replaces the credential object with a new renewed + * credential object. If you wish to store the new credential in the + * ccache collection you must either call #kim_credential_store() on the * renewed credential or use #kim_ccache_renew() instead. * * * \section kim_credential_storing Storing Credentials in the Cache Collection * - * KIM credential objects may be stored in the ccache collection using + * KIM credential objects may be stored in the ccache collection using * #kim_credential_store(). This function runs any KIM authentication - * plugins on the credential and if the plugins return successfully, creates a - * new ccache for the credential's client identity in the cache collection - * and stores the credential in that ccache. Any existing ccaches and credentials + * plugins on the credential and if the plugins return successfully, creates a + * new ccache for the credential's client identity in the cache collection + * and stores the credential in that ccache. Any existing ccaches and credentials * for that client identity will be overwritten. #kim_credential_store() may * optionally return a kim_ccache object for the new ccache if you need to perform * further operations on the new ccache. @@ -168,9 +168,9 @@ typedef int kim_credential_state; * \section kim_credential_iterator Iterating over the Credentials in a CCache * * KIM provides a simple iterator API for iterating over the credentials - * in a ccache. First, call #kim_credential_iterator_create() to obtain + * in a ccache. First, call #kim_credential_iterator_create() to obtain * an iterator for a ccache. Then loop calling #kim_credential_iterator_next() - * until either you find the credential you are looking for or the API + * until either you find the credential you are looking for or the API * returns a NULL credential, indicating that there are no more * credentials in the ccache. When you are done with the iterator, call * #kim_credential_iterator_free(). @@ -182,65 +182,65 @@ typedef int kim_credential_state; * \section kim_credential_verify Verifying Credentials * * When a program acquires TGT credentials for the purpose of authenticating - * itself to the machine it is running on, it is insufficient for the machine - * to assume that the caller is authorized just because it got credentials. - * Instead, the credentials must be verified using a key the local machine. - * The reason this is necessary is because an attacker can trick the + * itself to the machine it is running on, it is insufficient for the machine + * to assume that the caller is authorized just because it got credentials. + * Instead, the credentials must be verified using a key the local machine. + * The reason this is necessary is because an attacker can trick the * machine into obtaining credentials from any KDC, including malicious ones - * with the same realm name as the local machine's realm. This exploit is - * called the Zanarotti attack. + * with the same realm name as the local machine's realm. This exploit is + * called the Zanarotti attack. * * In order to avoid the Zanarotti attack, the local machine must authenticate * the process in the same way an application server would authenticate a client. - * Like an application server, the local machine must have its own identity in + * Like an application server, the local machine must have its own identity in * its realm and a keytab for that identity on its local disk. However, - * rather than forcing system daemons to use the network-oriented calls in the - * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to - * verify credentials directly. - * - * The most common reason for using #kim_credential_verify() is user login. + * rather than forcing system daemons to use the network-oriented calls in the + * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to + * verify credentials directly. + * + * The most common reason for using #kim_credential_verify() is user login. * If the local machine wants to use Kerberos to verify the username and password * provided by the user, it must call #kim_credential_verify() on the credentials * it obtains to make sure they are really from a KDC it trusts. Another common * case is a server which is only using Kerberos internally. For example an * LDAP or web server might use a username and password obtained over the network - * to get Kerberos credentials. In order to make sure they aren't being tricked - * into talking to the wrong KDC, these servers must also call + * to get Kerberos credentials. In order to make sure they aren't being tricked + * into talking to the wrong KDC, these servers must also call * #kim_credential_verify(). - * - * The Zanarotti attack is only a concern if the act of accessing the machine - * gives the process special access. Thus a managed cluster machine with - * Kerberos-authenticated networked home directories does not need to call - * #kim_credential_verify(). Even though an attacker can log in as any user on - * the cluster machine, the attacker can't actually access any of the user's data - * or use any of their privileges because those are all authenticated via - * Kerberized application servers (and thus require actually having credentials + * + * The Zanarotti attack is only a concern if the act of accessing the machine + * gives the process special access. Thus a managed cluster machine with + * Kerberos-authenticated networked home directories does not need to call + * #kim_credential_verify(). Even though an attacker can log in as any user on + * the cluster machine, the attacker can't actually access any of the user's data + * or use any of their privileges because those are all authenticated via + * Kerberized application servers (and thus require actually having credentials * for the real local realm). * - * #kim_credential_verify() provides an option to - * return success even if the machine's host key is not present. This option - * exists for sites which have a mix of different machines, some of which are - * vulnerable to the Zanarotti attack and some are not. If this option is used, + * #kim_credential_verify() provides an option to + * return success even if the machine's host key is not present. This option + * exists for sites which have a mix of different machines, some of which are + * vulnerable to the Zanarotti attack and some are not. If this option is used, * it is the responsiblity of the machine's maintainer to obtain a keytab * for their machine if it needs one. * * * \section kim_credential_properties Examining Credential Properties - * + * * \li #kim_credential_get_client_identity() * returns the credential's client identity. * - * \li #kim_credential_get_service_identity() + * \li #kim_credential_get_service_identity() * returns the credential's service identity. * - * \li #kim_credential_is_tgt() - * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are - * credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>". - * These credentials allow the entity named by the client identity to obtain + * \li #kim_credential_is_tgt() + * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are + * credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>". + * These credentials allow the entity named by the client identity to obtain * additional service credentials without resending shared secrets (such as a password) * to the KDC. Kerberos uses TGTs to provide single sign-on authentication. * - * \li #kim_credential_get_state() + * \li #kim_credential_get_state() * returns a #kim_credential_state containing the state of the credential. * Possible values are: * * kim_credentials_state_valid @@ -249,35 +249,35 @@ typedef int kim_credential_state; * * kim_credentials_state_needs_validation * * kim_credentials_state_address_mismatch * - * \li #kim_credential_get_start_time() - * returns when the credential will become valid. - * Credentials may be "post-dated" which means that their lifetime starts sometime - * in the future. Note that when a post-dated credential's start time is reached, + * \li #kim_credential_get_start_time() + * returns when the credential will become valid. + * Credentials may be "post-dated" which means that their lifetime starts sometime + * in the future. Note that when a post-dated credential's start time is reached, * the credential must be validated. See \ref kim_credential_validate for more information. * - * \li #kim_credential_get_expiration_time() - * returns when the credential will expire. - * Credentials are time limited by the lifetime of the credential. While you can - * request a credential of any lifetime, the KDC limits the credential lifetime + * \li #kim_credential_get_expiration_time() + * returns when the credential will expire. + * Credentials are time limited by the lifetime of the credential. While you can + * request a credential of any lifetime, the KDC limits the credential lifetime * to a administrator-defined maximum. Typically credential lifetime range from 10 * to 21 hours. * - * \li #kim_credential_get_renewal_expiration_time() - * returns when the credential will no longer be renewable. - * Valid credentials may be renewed up until their renewal expiration time. - * Renewing credentials acquires a fresh set of credentials with a full lifetime - * without resending secrets to the KDC (such as a password). If credentials are + * \li #kim_credential_get_renewal_expiration_time() + * returns when the credential will no longer be renewable. + * Valid credentials may be renewed up until their renewal expiration time. + * Renewing credentials acquires a fresh set of credentials with a full lifetime + * without resending secrets to the KDC (such as a password). If credentials are * not renewable, this function will return a renewal expiration time of 0. * - * \li #kim_credential_get_options() - * returns a kim_options object with the credential options of the - * credential. This function is intended to be used when adding + * \li #kim_credential_get_options() + * returns a kim_options object with the credential options of the + * credential. This function is intended to be used when adding * an identity with existing credentials to the favorite identities list. * By passing in the options returned by this call, future requests for the * favorite identity will use the same credential options. * * - * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for + * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for * information on specific APIs. */ @@ -299,8 +299,8 @@ kim_error kim_credential_iterator_create (kim_credential_iterator *out_credentia /*! * \param in_credential_iterator a credential iterator object. - * \param out_credential on exit, the next credential in the ccache iterated by - * \a in_credential_iterator. Must be freed with + * \param out_credential on exit, the next credential in the ccache iterated by + * \a in_credential_iterator. Must be freed with * kim_credential_free(). If there are no more credentials * this argument will be set to NULL. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -324,13 +324,13 @@ void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterat */ /*! - * \param out_credential on exit, a new credential object containing a newly acquired + * \param out_credential on exit, a new credential object containing a newly acquired * initial credential. Must be freed with kim_credential_free(). - * \param in_client_identity a client identity to obtain a credential for. Specify NULL to + * \param in_client_identity a client identity to obtain a credential for. Specify NULL to * allow the user to choose the identity - * \param in_options options to control credential acquisition. - * \note #kim_credential_create_new() may - * present a GUI or command line prompt to obtain information from the user. + * \param in_options options to control credential acquisition. + * \note #kim_credential_create_new() may + * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential. * \sa kim_ccache_create_new @@ -340,14 +340,14 @@ kim_error kim_credential_create_new (kim_credential *out_credential, kim_options in_options); /*! - * \param out_credential on exit, a new credential object containing a newly acquired + * \param out_credential on exit, a new credential object containing a newly acquired * initial credential. Must be freed with kim_credential_free(). - * \param in_client_identity a client identity to obtain a credential for. Specify NULL to + * \param in_client_identity a client identity to obtain a credential for. Specify NULL to * allow the user to choose the identity - * \param in_options options to control credential acquisition. - * \param in_password a password to be used while obtaining the credential. + * \param in_options options to control credential acquisition. + * \param in_password a password to be used while obtaining the credential. * \note #kim_credential_create_new_with_password() exists to support - * legacy password-based Kerberos environments. You should not use this + * legacy password-based Kerberos environments. You should not use this * function unless you know that it will only be used in environments using passwords. * This function may also present a GUI or command line prompt to obtain * additional information needed to obtain credentials (eg: SecurID pin). @@ -359,15 +359,15 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia kim_identity in_client_identity, kim_options in_options, kim_string in_password); - + /*! * \param out_credential on exit, a new credential object containing an initial credential - * for \a in_identity obtained using \a in_keytab. + * for \a in_identity obtained using \a in_keytab. * Must be freed with kim_credential_free(). * \param in_identity a client identity to obtain a credential for. Specify NULL for * the first identity in the keytab. - * \param in_options options to control credential acquisition. - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \param in_options options to control credential acquisition. + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential from a keytab. * \sa kim_ccache_create_from_keytab @@ -378,10 +378,10 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential, kim_string in_keytab); /*! - * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds. + * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds. * Must be freed with kim_credential_free(). - * \param in_krb5_context the krb5 context used to create \a in_krb5_creds. - * \param in_krb5_creds a krb5 credential object. + * \param in_krb5_context the krb5 context used to create \a in_krb5_creds. + * \param in_krb5_creds a krb5 credential object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a credential from a krb5 credential object. */ @@ -390,9 +390,9 @@ kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential, krb5_creds *in_krb5_creds); /*! - * \param out_credential on exit, a new credential object which is a copy of \a in_credential. + * \param out_credential on exit, a new credential object which is a copy of \a in_credential. * Must be freed with kim_credential_free(). - * \param in_credential a credential object. + * \param in_credential a credential object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a credential object. */ @@ -400,9 +400,9 @@ kim_error kim_credential_copy (kim_credential *out_credential, kim_credential in_credential); /*! - * \param in_credential a credential object. - * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds. - * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential. + * \param in_credential a credential object. + * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds. + * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential. * Must be freed with krb5_free_creds(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get a krb5 credentials object for a credential object. @@ -412,8 +412,8 @@ kim_error kim_credential_get_krb5_creds (kim_credential in_credential, krb5_creds **out_krb5_creds); /*! - * \param in_credential a credential object. - * \param out_client_identity on exit, an identity object containing the client identity of + * \param in_credential a credential object. + * \param out_client_identity on exit, an identity object containing the client identity of * \a in_credential. Must be freed with kim_identity_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the client identity of a credential object. @@ -422,8 +422,8 @@ kim_error kim_credential_get_client_identity (kim_credential in_credential, kim_identity *out_client_identity); /*! - * \param in_credential a credential object. - * \param out_service_identity on exit, an identity object containing the service identity of + * \param in_credential a credential object. + * \param out_service_identity on exit, an identity object containing the service identity of * \a in_credential. Must be freed with kim_identity_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the service identity of a credential object. @@ -432,7 +432,7 @@ kim_error kim_credential_get_service_identity (kim_credential in_credential, kim_identity *out_service_identity); /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param out_is_tgt on exit, whether or not the credential is a TGT. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Check if a credential is a ticket granting ticket. @@ -441,7 +441,7 @@ kim_error kim_credential_is_tgt (kim_credential in_credential, kim_boolean *out_is_tgt); /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param out_state on exit, the state of the credential. See #kim_credential_state_enum * for the possible values of \a out_state. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -451,7 +451,7 @@ kim_error kim_credential_get_state (kim_credential in_credential, kim_credential_state *out_state); /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param out_start_time on exit, the time when \a in_credential becomes valid. * May be in the past or future. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -462,7 +462,7 @@ kim_error kim_credential_get_start_time (kim_credential in_credential, kim_time *out_start_time); /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param out_expiration_time on exit, the time when \a in_credential will expire. * May be in the past or future. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -473,9 +473,9 @@ kim_error kim_credential_get_expiration_time (kim_credential in_credential, kim_time *out_expiration_time); /*! - * \param in_credential a credential object. - * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer - * be renewable. May be in the past or future. If + * \param in_credential a credential object. + * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer + * be renewable. May be in the past or future. If * credentials are not renewable at all, returns 0. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the time when the credentials will no longer be renewable. @@ -485,7 +485,7 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credent kim_time *out_renewal_expiration_time); /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param out_options on exit, an options object reflecting the ticket * options of \a in_credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -493,11 +493,11 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credent */ kim_error kim_credential_get_options (kim_credential in_credential, kim_options *out_options); - + /*! - * \param in_credential a credential object. + * \param in_credential a credential object. * \param in_client_identity a client identity. - * \param out_ccache on exit, a ccache object containing \a in_credential with the client + * \param out_ccache on exit, a ccache object containing \a in_credential with the client * identity \a in_client_identity. Must be freed with kim_ccache_free(). * Specify NULL if you don't want this return value. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -508,14 +508,14 @@ kim_error kim_credential_store (kim_credential in_credential, kim_ccache *out_ccache); /*! - * \param in_credential a TGT credential to be verified. - * \param in_service_identity a service identity to look for in the keytab. Specify + * \param in_credential a TGT credential to be verified. + * \param in_service_identity a service identity to look for in the keytab. Specify * KIM_IDENTITY_ANY to use the default service identity * (usually host/<host's FQDN>@<host's local realm>). - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity - * in the host's keytab will cause a failure. - * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to + * in the host's keytab will cause a failure. + * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to * the Zanarotti attack if the host has no keytab installed. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Verify a TGT credential. @@ -527,9 +527,9 @@ kim_error kim_credential_verify (kim_credential in_credential, kim_boolean in_fail_if_no_service_key); /*! - * \param io_credential a TGT credential to be renewed. On exit, the old credential - * object will be freed and \a io_credential will be replaced - * with a new renewed credential. The new credential must be freed + * \param io_credential a TGT credential to be renewed. On exit, the old credential + * object will be freed and \a io_credential will be replaced + * with a new renewed credential. The new credential must be freed * with kim_credential_free(). * \param in_options initial credential options. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -540,9 +540,9 @@ kim_error kim_credential_renew (kim_credential *io_credential, kim_options in_options); /*! - * \param io_credential a credential object to be validated. On exit, the old credential - * object will be freed and \a io_credential will be replaced - * with a new validated credential. The new credential must be freed + * \param io_credential a credential object to be validated. On exit, the old credential + * object will be freed and \a io_credential will be replaced + * with a new validated credential. The new credential must be freed * with kim_credential_free(). * \param in_options initial credential options. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -559,8 +559,8 @@ kim_error kim_credential_validate (kim_credential *io_credential, void kim_credential_free (kim_credential *io_credential); /*!@}*/ - - + + #ifdef __cplusplus } #endif diff --git a/src/include/kim/kim_identity.h b/src/include/kim/kim_identity.h index cd50a40803..a8540277db 100644 --- a/src/include/kim/kim_identity.h +++ b/src/include/kim/kim_identity.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -32,13 +32,13 @@ extern "C" { #include <kim/kim_types.h> #include <krb5.h> #include <gssapi/gssapi.h> - + /*! * \ingroup kim_types_reference * Constant to specify any Kerberos identity is acceptable. */ #define KIM_IDENTITY_ANY ((kim_identity) NULL) - + /*! * \page kim_identity_overview KIM Identity Overview * @@ -46,22 +46,22 @@ extern "C" { * * Identities in Kerberos are named by "principals". These identies may be people (users) * or services (a server running on a host). When Kerberos issues credentials which - * authenticate one identity to another, the identity being authenticated is called - * the "client identity" and the identity being authenticated to is called the - * "service identity". + * authenticate one identity to another, the identity being authenticated is called + * the "client identity" and the identity being authenticated to is called the + * "service identity". * - * Kerberos identities are made up of one or more components, as well as the Kerberos realm - * the entity belongs to. For client identities the first component is usually the client - * username (eg: "jdoe"). For service identities the first component is the name of the + * Kerberos identities are made up of one or more components, as well as the Kerberos realm + * the entity belongs to. For client identities the first component is usually the client + * username (eg: "jdoe"). For service identities the first component is the name of the * service (eg: "imap"). * - * Kerberos identities have both a binary (opaque) representation and also a string + * Kerberos identities have both a binary (opaque) representation and also a string * representation. The string representation consists of the components separated by '/' * followed by an '@' and then the realm. For example, the identity "jdoe/admin@EXAMPLE.COM" - * represents John Doe's administrator identity at the realm EXAMPLE.COM. Note that + * represents John Doe's administrator identity at the realm EXAMPLE.COM. Note that * identity components may contain both '/' and '@' characters. When building a - * identity from its string representation these syntactic characters must be escaped - * with '\'. + * identity from its string representation these syntactic characters must be escaped + * with '\'. * * * \section kim_identity_create_display Creating and Displaying Identities @@ -70,7 +70,7 @@ extern "C" { * or from a krb5_principal. Once you have a KIM identity object, you can also get * the component, string or krb5_principal representations back out: * - * \li #kim_identity_create_from_components() creates an identity object from a list of components. + * \li #kim_identity_create_from_components() creates an identity object from a list of components. * \li #kim_identity_get_number_of_components() returns the number of components in an identity object. * \li #kim_identity_get_component_at_index() return a component of an identity object. * \li #kim_identity_get_realm() returns the identity's realm. @@ -88,15 +88,15 @@ extern "C" { * * \section kim_identity_selection Choosing a Client Identity * - * Unfortunately most of the time applications don't know what client identity to use. - * Users may have identities for multiple Kerberos realms, as well as multiple identities + * Unfortunately most of the time applications don't know what client identity to use. + * Users may have identities for multiple Kerberos realms, as well as multiple identities * in a single realm (such as a user and administrator identity). * * To solve this problem, #kim_selection_hints_get_identity() takes information * from the application in the form of a selection hints object and returns the best * matching client identity, if one is available. See \ref kim_selection_hints_overview * for more information. - * + * * * \section kim_identity_password Changing a Identity's Password * @@ -105,12 +105,12 @@ extern "C" { * change the identity's password directly, and also handles changing the identity's * password when it has expired. * - * #kim_identity_change_password() presents a user interface to obtain the old and - * new passwords from the user. + * #kim_identity_change_password() presents a user interface to obtain the old and + * new passwords from the user. * - * \note Not all identities have a password. Some sites use certificates (pkinit) + * \note Not all identities have a password. Some sites use certificates (pkinit) * and in the future there may be other authentication mechanisms (eg: smart cards). - * + * * See \ref kim_identity_reference for information on specific APIs. */ @@ -121,7 +121,7 @@ extern "C" { /*! * \param out_identity on exit, a new identity object. Must be freed with kim_identity_free(). - * \param in_string a string representation of a Kerberos identity. + * \param in_string a string representation of a Kerberos identity. * Special characters such as '/' and '@' must be escaped with '\'. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Create a identity from a string. @@ -131,26 +131,26 @@ kim_error kim_identity_create_from_string (kim_identity *out_identity, /*! * \param out_identity on exit, a new identity object. Must be freed with kim_identity_free(). - * \param in_realm a string representation of a Kerberos realm. + * \param in_realm a string representation of a Kerberos realm. * \param in_1st_component a string representing the first component of the identity. - * \param ... zero or more strings of type kim_string_t representing additional components - * of the identity followed by a terminating NULL. Components will be assembled in - * order (ie: the 4th argument to kim_identity_create_from_components() will be + * \param ... zero or more strings of type kim_string_t representing additional components + * of the identity followed by a terminating NULL. Components will be assembled in + * order (ie: the 4th argument to kim_identity_create_from_components() will be * the 2nd component of the identity). * \note The last argument must be a NULL or kim_identity_create_from_components() may crash. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Create a identity from a realm and component strings. */ kim_error kim_identity_create_from_components (kim_identity *out_identity, - kim_string in_realm, + kim_string in_realm, kim_string in_1st_component, ...); /*! - * \param out_identity on exit, a new identity object which is a copy of \a in_krb5_principal. + * \param out_identity on exit, a new identity object which is a copy of \a in_krb5_principal. * Must be freed with kim_identity_free(). * \param in_krb5_context the krb5 context used to create \a in_krb5_principal. - * \param in_krb5_principal a krb5 principal object. + * \param in_krb5_principal a krb5 principal object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Create an identity object from a krb5_principal. */ @@ -159,9 +159,9 @@ kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity, krb5_principal in_krb5_principal); /*! - * \param out_identity on exit, a new identity object which is a copy of \a in_identity. + * \param out_identity on exit, a new identity object which is a copy of \a in_identity. * Must be freed with kim_identity_free(). - * \param in_identity an identity object. + * \param in_identity an identity object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy an identity object. */ @@ -172,7 +172,7 @@ kim_error kim_identity_copy (kim_identity *out_identity, /*! * \param in_identity an identity object. * \param in_compare_to_identity an identity object. - * \param out_comparison on exit, a comparison of \a in_identity and + * \param out_comparison on exit, a comparison of \a in_identity and * \a in_compare_to_identity which determines whether * or not the two identities are equivalent and their * sort order (for display to the user) if they are not. @@ -183,8 +183,8 @@ kim_error kim_identity_compare (kim_identity in_identity, kim_identity in_compare_to_identity, kim_comparison *out_comparison); /*! - * \param in_identity an identity object. - * \param out_string on exit, a string representation of \a in_identity. + * \param in_identity an identity object. + * \param out_string on exit, a string representation of \a in_identity. * Must be freed with kim_string_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the string representation of a identity. @@ -195,7 +195,7 @@ kim_error kim_identity_get_string (kim_identity in_identity, /*! - * \param in_identity an identity object. + * \param in_identity an identity object. * \param out_display_string on exit, a string representation of \a in_identity appropriate for * display to the user. Must be freed with kim_string_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -209,7 +209,7 @@ kim_error kim_identity_get_display_string (kim_identity in_identity, kim_string *out_display_string); /*! - * \param in_identity an identity object. + * \param in_identity an identity object. * \param out_realm_string on exit, a string representation of \a in_identity's realm. * Must be freed with kim_string_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -219,7 +219,7 @@ kim_error kim_identity_get_realm (kim_identity in_identity, kim_string *out_realm_string); /*! - * \param in_identity an identity object. + * \param in_identity an identity object. * \param out_number_of_components on exit the number of components in \a in_identity. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the number of components of an identity. @@ -230,7 +230,7 @@ kim_error kim_identity_get_number_of_components (kim_identity in_identity, /*! * \param in_identity an identity object. * \param in_index the index of the desired component. Component indexes start at 0. - * \param out_component_string on exit, a string representation of the component in \a in_identity + * \param out_component_string on exit, a string representation of the component in \a in_identity * specified by \a in_index. Must be freed with kim_string_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the Nth component of an identity. @@ -241,19 +241,19 @@ kim_error kim_identity_get_component_at_index (kim_identity in_identity, /*! * \param in_identity an identity object. - * \param out_components on exit, a string of the non-realm components of \a in_identity + * \param out_components on exit, a string of the non-realm components of \a in_identity * separated by '/' characters. Must be freed with kim_string_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get a display string of the non-realm components of an identity. */ kim_error kim_identity_get_components_string (kim_identity in_identity, kim_string *out_components); - + /*! * \param in_identity an identity object. - * \param in_krb5_context a krb5 context object. + * \param in_krb5_context a krb5 context object. * \param out_krb5_principal on exit, a krb5_principal representation of \a in_identity - * allocated with \a in_krb5_context. Must be freed with + * allocated with \a in_krb5_context. Must be freed with * krb5_free_principal() using \a in_krb5_context. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the krb5_principal representation of an identity. @@ -266,8 +266,8 @@ kim_error kim_identity_get_krb5_principal (kim_identity in_identity, * \param in_identity an identity object whose password will be changed. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Change the password for an identity. - * \note kim_identity_change_password() will acquire a temporary credential to change - * the password. + * \note kim_identity_change_password() will acquire a temporary credential to change + * the password. */ kim_error kim_identity_change_password (kim_identity in_identity); diff --git a/src/include/kim/kim_library.h b/src/include/kim/kim_library.h index 681f58e793..fe351f7fc8 100644 --- a/src/include/kim/kim_library.h +++ b/src/include/kim/kim_library.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/include/kim/kim_options.h b/src/include/kim/kim_options.h index d36aa0c021..85facfbbc0 100644 --- a/src/include/kim/kim_options.h +++ b/src/include/kim/kim_options.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -28,9 +28,9 @@ #ifdef __cplusplus extern "C" { #endif - + #include <kim/kim_types.h> - + /*! * \addtogroup kim_types_reference * @{ @@ -56,39 +56,39 @@ extern "C" { * Kerberos Identity Management Options (kim_options_t) allows you to control how * the Kerberos library obtains credentials. When the options structure is initialized with * #kim_options_create(), each option is filled in with a default value which can then be modified - * with the kim_options_set_*() APIs. If you only want to use the default values, you may pass + * with the kim_options_set_*() APIs. If you only want to use the default values, you may pass * #KIM_OPTIONS_DEFAULT into any KIM function that takes a kim_options_t. - * - * KIM options fall into two major categories: options for controlling how credentials are + * + * KIM options fall into two major categories: options for controlling how credentials are * acquired and options for controlling what properties the newly acquired credentials will have: * * \section kim_options_credential_properties Options for Controlling Credential Properties * * Kerberos credentials have a number of different properties which can be requested - * when credentials are acquired. These properties control when and for how long the - * credentials are valid and what you can do with them. - - * Note that setting these properties in the KIM options only changes what the Kerberos - * libraries \em request from the KDC. The KDC itself may choose not to honor your - * requested properties if they violate the site security policy. For example, most sites - * place an upper bound on how long credentials may be valid. If you request a credential - * lifetime longer than this upper bound, the KDC may return credentials with a shorter + * when credentials are acquired. These properties control when and for how long the + * credentials are valid and what you can do with them. + + * Note that setting these properties in the KIM options only changes what the Kerberos + * libraries \em request from the KDC. The KDC itself may choose not to honor your + * requested properties if they violate the site security policy. For example, most sites + * place an upper bound on how long credentials may be valid. If you request a credential + * lifetime longer than this upper bound, the KDC may return credentials with a shorter * lifetime than you requested. * * \subsection kim_options_lifetimes Credential Lifetime * - * Kerberos credentials have start time and a lifetime during which they are valid. - * Once the lifetime has passed, credentials "expire" and can no longer be used. + * Kerberos credentials have start time and a lifetime during which they are valid. + * Once the lifetime has passed, credentials "expire" and can no longer be used. * - * The requested credential start time can be set with #kim_options_set_start_time() + * The requested credential start time can be set with #kim_options_set_start_time() * and examined with #kim_options_get_start_time(). The requested credential * lifetime can be set with #kim_options_set_lifetime() and examined with * #kim_options_get_lifetime(). - * + * * \subsection kim_options_renewable Renewable Credentials * * Credentials with very long lifetimes are more convenient since the user does not - * have authenticate as often. Unfortunately they are also a higher security + * have authenticate as often. Unfortunately they are also a higher security * risk: if credentials are stolen they can be used until they expire. * Credential renewal exists to compromise between these two conflicting goals. * @@ -101,45 +101,45 @@ extern "C" { * the end of the renewal lifetime, their lifetime will be capped to the end of the * renewal lifetime. * - * Note that credentials must be valid to be renewed and therefore may not be + * Note that credentials must be valid to be renewed and therefore may not be * an appropriate solution for all use cases. Sites which use renewable - * credentials often create helper processes running as the user which will + * credentials often create helper processes running as the user which will * automatically renew the user's credentials when they get close to expiration. - * + * * Use #kim_options_set_renewable() to change whether or not the Kerberos libraries - * request renewable credentials and #kim_options_get_renewable() to find out the + * request renewable credentials and #kim_options_get_renewable() to find out the * current setting. Use #kim_options_set_renewal_lifetime() to change the requested - * renewal lifetime and #kim_options_get_renewal_lifetime() to find out the current + * renewal lifetime and #kim_options_get_renewal_lifetime() to find out the current * value. * * \subsection kim_options_addressless Addressless Credentials * - * Traditionally Kerberos used the host's IP address as a mechanism to restrict - * the user's credentials to a specific host, thus making it harder to use stolen + * Traditionally Kerberos used the host's IP address as a mechanism to restrict + * the user's credentials to a specific host, thus making it harder to use stolen * credentials. When authenticating to a remote service with credentials containing - * addresses, the remote service verifies that the client's IP address is one of the - * addresses listed in the credential. Unfortunately, modern network technologies - * such as NAT rewrite the IP address in transit, making it difficult to use - * credentials with addresses in them. As a result, most Kerberos sites now obtain - * addressless credentials. + * addresses, the remote service verifies that the client's IP address is one of the + * addresses listed in the credential. Unfortunately, modern network technologies + * such as NAT rewrite the IP address in transit, making it difficult to use + * credentials with addresses in them. As a result, most Kerberos sites now obtain + * addressless credentials. * * Use #kim_options_set_addressless() to change whether or not the Kerberos libraries - * request addressless credentials. Use #kim_options_get_addressless() to find out the + * request addressless credentials. Use #kim_options_get_addressless() to find out the * current setting. * * \subsection kim_options_forwardable Forwardable Credentials * - * Forwardable credentials are TGT credentials which can be forwarded to a service - * you have authenticated to. If the credentials contain IP addresses, the addresses - * are changed to reflect the service's IP address. Credential forwarding is most - * commonly used for Kerberos-authenticated remote login services. By forwarding - * TGT credentials through the remote login service, the user's credentials will - * appear on the remote host when the user logs in. + * Forwardable credentials are TGT credentials which can be forwarded to a service + * you have authenticated to. If the credentials contain IP addresses, the addresses + * are changed to reflect the service's IP address. Credential forwarding is most + * commonly used for Kerberos-authenticated remote login services. By forwarding + * TGT credentials through the remote login service, the user's credentials will + * appear on the remote host when the user logs in. * * The forwardable flag only applies to TGT credentials. * * Use #kim_options_set_forwardable() to change whether or not the Kerberos libraries - * request forwardable credentials. Use #kim_options_get_forwardable() to find out the + * request forwardable credentials. Use #kim_options_get_forwardable() to find out the * current setting. * * \subsection kim_options_proxiable Proxiable Credentials @@ -147,29 +147,29 @@ extern "C" { * Proxiable credentials are similar to forwardable credentials except that instead of * forwarding the a TGT credential itself, a service credential is forwarded * instead. Using proxiable credentials, a user can permit a service to perform - * a specific task as the user using one of the user's service credentials. + * a specific task as the user using one of the user's service credentials. * * Like forwardability, the proxiable flag only applies to TGT credentials. Unlike - * forwarded credentials, the IP address of proxiable credentials are not modified for + * forwarded credentials, the IP address of proxiable credentials are not modified for * the service when being proxied. This can be solved by also requesting addressless * credentials. * * Use #kim_options_set_proxiable() to change whether or not the Kerberos libraries - * request proxiable credentials. Use #kim_options_get_proxiable() to find out the + * request proxiable credentials. Use #kim_options_get_proxiable() to find out the * current setting. * * \subsection kim_options_service_name Service Name * - * Normally users acquire TGT credentials (ie "ticket granting tickets") and then - * use those credentials to acquire service credentials. This allows Kerberos to - * provide single sign-on while still providing mutual authentication to services. - * However, sometimes you just want an initial credential for a service. KIM - * options allows you to set the service name with - * #kim_options_set_service_name() and query it with + * Normally users acquire TGT credentials (ie "ticket granting tickets") and then + * use those credentials to acquire service credentials. This allows Kerberos to + * provide single sign-on while still providing mutual authentication to services. + * However, sometimes you just want an initial credential for a service. KIM + * options allows you to set the service name with + * #kim_options_set_service_name() and query it with * #kim_options_get_service_name(). * * See \ref kim_options_reference for information on specific APIs. - */ + */ /*! * \defgroup kim_options_reference KIM Options Reference Documentation @@ -184,10 +184,10 @@ extern "C" { kim_error kim_options_create (kim_options *out_options); /*! - * \param out_options on exit, a new options object which is a copy of \a in_options. + * \param out_options on exit, a new options object which is a copy of \a in_options. * Must be freed with kim_options_free(). If passed KIM_OPTIONS_DEFAULT * will set \a out_options to KIM_OPTIONS_DEFAULT. - * \param in_options a options object. + * \param in_options a options object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy options. */ @@ -196,13 +196,13 @@ kim_error kim_options_copy (kim_options *out_options, /*! * \param io_options an options object to modify. - * \param in_start_time a start date (in seconds since January 1, 1970). Set to - * #KIM_OPTIONS_START_IMMEDIATELY for the acquired credential to be valid + * \param in_start_time a start date (in seconds since January 1, 1970). Set to + * #KIM_OPTIONS_START_IMMEDIATELY for the acquired credential to be valid * immediately. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set the date when a credential should become valid. - * \note When using a start time in the future, once the start time has been reached the credential - * must be validated before it can be used. + * \note When using a start time in the future, once the start time has been reached the credential + * must be validated before it can be used. * \par Default value * 0, indicating "now". The credential will be valid immediately. * \sa kim_options_get_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate() @@ -212,12 +212,12 @@ kim_error kim_options_set_start_time (kim_options io_options, /*! * \param in_options an options object. - * \param out_start_time on exit, the start date (in seconds since January 1, 1970) specified by + * \param out_start_time on exit, the start date (in seconds since January 1, 1970) specified by * \a in_options. #KIM_OPTIONS_START_IMMEDIATELY indicates the credential * will be valid immediately. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the date when a credential should become valid. - * \note When using a start time in the future, once the start time has been reached the credential + * \note When using a start time in the future, once the start time has been reached the credential * must be validated before it can be used. * \par Default value * 0, indicating "now". The credential will be valid immediately. @@ -258,7 +258,7 @@ kim_error kim_options_get_lifetime (kim_options in_options, /*! * \param io_options an options object to modify. - * \param in_renewable a boolean value indicating whether or not to request a renewable + * \param in_renewable a boolean value indicating whether or not to request a renewable * credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to request a renewable credential. @@ -271,7 +271,7 @@ kim_error kim_options_set_renewable (kim_options io_options, /*! * \param in_options an options object. - * \param out_renewable on exit, a boolean value indicating whether or \a in_options will + * \param out_renewable on exit, a boolean value indicating whether or \a in_options will * request a renewable credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to request a renewable credential. @@ -299,7 +299,7 @@ kim_error kim_options_set_renewal_lifetime (kim_options io_options, /*! * \param in_options an options object. - * \param out_renewal_lifetime on exit, the renewal lifetime duration (in seconds) specified + * \param out_renewal_lifetime on exit, the renewal lifetime duration (in seconds) specified * in \a in_options. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the duration during which a valid credential should be renewable. @@ -315,7 +315,7 @@ kim_error kim_options_get_renewal_lifetime (kim_options in_options, /*! * \param io_options an options object to modify. - * \param in_forwardable a boolean value indicating whether or not to request a forwardable + * \param in_forwardable a boolean value indicating whether or not to request a forwardable * credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to request a forwardable credential. @@ -328,7 +328,7 @@ kim_error kim_options_set_forwardable (kim_options io_options, /*! * \param in_options an options object. - * \param out_forwardable on exit, a boolean value indicating whether or \a in_options will + * \param out_forwardable on exit, a boolean value indicating whether or \a in_options will * request a forwardable credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to request a forwardable credential. @@ -341,7 +341,7 @@ kim_error kim_options_get_forwardable (kim_options in_options, /*! * \param io_options an options object to modify. - * \param in_proxiable a boolean value indicating whether or not to request a proxiable + * \param in_proxiable a boolean value indicating whether or not to request a proxiable * credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to request a proxiable credential. @@ -354,7 +354,7 @@ kim_error kim_options_set_proxiable (kim_options io_options, /*! * \param in_options an options object. - * \param out_proxiable on exit, a boolean value indicating whether or \a in_options will + * \param out_proxiable on exit, a boolean value indicating whether or \a in_options will * request a proxiable credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to request a proxiable credential. @@ -367,7 +367,7 @@ kim_error kim_options_get_proxiable (kim_options in_options, /*! * \param io_options an options object to modify. - * \param in_addressless a boolean value indicating whether or not to request an addressless + * \param in_addressless a boolean value indicating whether or not to request an addressless * credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to request an addressless credential. @@ -380,7 +380,7 @@ kim_error kim_options_set_addressless (kim_options io_options, /*! * \param in_options an options object. - * \param out_addressless on exit, a boolean value indicating whether or \a in_options will + * \param out_addressless on exit, a boolean value indicating whether or \a in_options will * request an addressless credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to request an addressless credential. diff --git a/src/include/kim/kim_preferences.h b/src/include/kim/kim_preferences.h index d7970ba049..77edde462f 100644 --- a/src/include/kim/kim_preferences.h +++ b/src/include/kim/kim_preferences.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -30,20 +30,20 @@ extern "C" { #endif #include <kim/kim_types.h> - + /*! * \page kim_preferences_overview KIM Preferences Overview * * \section kim_preferences_introduction Introduction * * In addition to the site preferences stored in the Kerberos configuration, users may also - * want to have their own personal preferences for controlling credential acquisition. - * As a result, KIM provides user preferences for initial credential options and + * want to have their own personal preferences for controlling credential acquisition. + * As a result, KIM provides user preferences for initial credential options and * user interface behavior such as the default client identity and the favorite identities list. * * \section kim_preferences_edit Viewing and Editing the Preferences - * - * In order to view and edit the user's preferences, call #kim_preferences_create() to acquire a + * + * In order to view and edit the user's preferences, call #kim_preferences_create() to acquire a * preferences object containing the user's preferences. You can examine preferences * with the functions starting with "kim_preferences_get_" and change preferences with * the functions starting with "kim_preferences_set_". Once you are done making changes, @@ -56,88 +56,88 @@ extern "C" { * \section kim_preferences_options Initial Credential Options Preferences * * KIM provides user preferences for initial credential options. These - * are the options #kim_options_create() will use when creating a new KIM + * are the options #kim_options_create() will use when creating a new KIM * options object. They are also the options specified by KIM_OPTIONS_DEFAULT. - * You can view and edit the initial credential options using - * #kim_preferences_get_options() and #kim_preferences_set_options(). + * You can view and edit the initial credential options using + * #kim_preferences_get_options() and #kim_preferences_set_options(). * - * \note Not all credential options in the kim_options_t object have corresponding + * \note Not all credential options in the kim_options_t object have corresponding * user preferences. For example, the prompt callback function is not stored - * in the user preferences since it has no meaning outside of the current + * in the user preferences since it has no meaning outside of the current * application. Some options which are not currently stored in the - * preferences may be stored there in the future. + * preferences may be stored there in the future. * - * If you are implementing a user interface for credentials acquisition, + * If you are implementing a user interface for credentials acquisition, * you should be aware that KIM has a user preference to manage the initial - * credential options preferences. If the user successfully acquires credentials - * with non-default options and #kim_preferences_get_remember_options() is set - * to TRUE, you should store the options used to get credentials with - * #kim_preferences_set_options(). + * credential options preferences. If the user successfully acquires credentials + * with non-default options and #kim_preferences_get_remember_options() is set + * to TRUE, you should store the options used to get credentials with + * #kim_preferences_set_options(). * * \section kim_preferences_client_identity Client Identity Preferences * - * KIM also provides user preferences for the default client identity. + * KIM also provides user preferences for the default client identity. * This identity is used whenever KIM needs to display a graphical dialog for * credential acquisition but does not know what client identity to use. - * You can view and edit the default client identity using - * #kim_preferences_get_client_identity() and - * #kim_preferences_set_client_identity(). + * You can view and edit the default client identity using + * #kim_preferences_get_client_identity() and + * #kim_preferences_set_client_identity(). * - * If you are implementing a user interface for credentials acquisition, - * you should be aware that KIM has a user preference to manage - * the client identity preferences. If the user successfully acquires credentials - * with non-default options and #kim_preferences_get_remember_client_identity() is + * If you are implementing a user interface for credentials acquisition, + * you should be aware that KIM has a user preference to manage + * the client identity preferences. If the user successfully acquires credentials + * with non-default options and #kim_preferences_get_remember_client_identity() is * set to TRUE, you should store the client identity for which credentials were - * acquired using #kim_preferences_set_client_identity(). - * + * acquired using #kim_preferences_set_client_identity(). + * * \section kim_preferences_favorite_identities Favorite Identities Preferences * * As Kerberos becomes more widespread, the number of possible Kerberos * identities and realms a user might want to use will become very large. - * Sites may list hundreds of realms in their Kerberos configuration files. + * Sites may list hundreds of realms in their Kerberos configuration files. * In addition, sites may wish to use DNS SRV records to avoid having to list - * all the realms they use in their Kerberos configuration. As a result, the - * list of realms in the Kerberos configuration may be exceedingly large and/or + * all the realms they use in their Kerberos configuration. As a result, the + * list of realms in the Kerberos configuration may be exceedingly large and/or * incomplete. Users may also use multiple identities from the same realm. * * On platforms which use a GUI to acquire credentials, the KIM would like - * to to display a list of identities for the user to select from. Depending on - * what is appropriate for the platform, identities may be displayed in a popup - * menu or other list. + * to to display a list of identities for the user to select from. Depending on + * what is appropriate for the platform, identities may be displayed in a popup + * menu or other list. * - * To solve this problem, the KIM maintains a list of favorite identities - * specifically for identity selection. This list is a set of unique identities - * in alphabetical order (as appropriate for the user's language localization). + * To solve this problem, the KIM maintains a list of favorite identities + * specifically for identity selection. This list is a set of unique identities + * in alphabetical order (as appropriate for the user's language localization). * * Each identity may optionally have its own options for ticket acquisition. * This allows KIM UIs to remember what ticket options worked for a specific * identity. For example if the user normally wants renewable tickets but * they have one identity at a KDC which rejects requests for renewable tickets, - * the "not renewable" option can be associated with that identity without + * the "not renewable" option can be associated with that identity without * changing the user's default preference to get renewable tickets. If an * identity should use the default options, just pass KIM_OPTIONS_DEFAULT. * * Most callers will not need to use the favorite identities APIs. However if you - * are implementing your own graphical prompt callback or a credential management + * are implementing your own graphical prompt callback or a credential management * application, you may to view and/or edit the user's favorite identities. * * \section kim_favorite_identities_edit Viewing and Editing the Favorite Identities - * + * * First, you need to acquire the Favorite Identities stored in the user's * preferences using #kim_preferences_create(). - * - * Then use #kim_preferences_get_number_of_favorite_identities() and - * #kim_preferences_get_favorite_identity_at_index() to display the identities list. - * Use #kim_preferences_add_favorite_identity() and #kim_preferences_remove_favorite_identity() + * + * Then use #kim_preferences_get_number_of_favorite_identities() and + * #kim_preferences_get_favorite_identity_at_index() to display the identities list. + * Use #kim_preferences_add_favorite_identity() and #kim_preferences_remove_favorite_identity() * to change which identities are in the identities list. Identities are always stored in * alphabetical order and duplicate identities are not permitted, so when you add or remove a * identity you should redisplay the entire list. If you wish to replace the * identities list entirely, use #kim_preferences_remove_all_favorite_identities() * to clear the list before adding your identities. * - * Once you are done editing the favorite identities list, store changes in the + * Once you are done editing the favorite identities list, store changes in the * user's preference file using #kim_preferences_synchronize(). - * + * * See \ref kim_preferences_reference for information on specific APIs. */ @@ -147,7 +147,7 @@ extern "C" { */ /*! - * \param out_preferences on exit, a new preferences object. + * \param out_preferences on exit, a new preferences object. * Must be freed with kim_preferences_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Create a new preferences object from the current user's preferences. @@ -155,9 +155,9 @@ extern "C" { kim_error kim_preferences_create (kim_preferences *out_preferences); /*! - * \param out_preferences on exit, a new preferences object which is a copy of in_preferences. + * \param out_preferences on exit, a new preferences object which is a copy of in_preferences. * Must be freed with kim_preferences_free(). - * \param in_preferences a preferences object. + * \param in_preferences a preferences object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a preferences object. */ @@ -188,7 +188,7 @@ kim_error kim_preferences_get_options (kim_preferences in_preferences, /*! * \param io_preferences a preferences object to modify. - * \param in_remember_options a boolean value indicating whether or not to remember the last + * \param in_remember_options a boolean value indicating whether or not to remember the last * options used to acquire a credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to remember the last options the user used to acquire a credential. @@ -199,7 +199,7 @@ kim_error kim_preferences_set_remember_options (kim_preferences io_preferences, /*! * \param in_preferences a preferences object. - * \param out_remember_options on exit, a boolean value indicating whether or \a in_preferences will + * \param out_remember_options on exit, a boolean value indicating whether or \a in_preferences will * remember the last options used to acquire a credential. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to remember the last options the user used to acquire a credential. @@ -231,7 +231,7 @@ kim_error kim_preferences_get_client_identity (kim_preferences in_preferences, /*! * \param io_preferences a preferences object to modify. - * \param in_remember_client_identity a boolean value indicating whether or not to remember the last + * \param in_remember_client_identity a boolean value indicating whether or not to remember the last * client identity for which a credential was acquired. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set whether or not to remember the last client identity the user acquired a credential for. @@ -242,7 +242,7 @@ kim_error kim_preferences_set_remember_client_identity (kim_preferences io_prefe /*! * \param in_preferences a preferences object. - * \param out_remember_client_identity on exit, a boolean value indicating whether or \a in_preferences will + * \param out_remember_client_identity on exit, a boolean value indicating whether or \a in_preferences will * remember the last client identity for which a credential was acquired. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get whether or not to remember the last client identity the user acquired a credential for. @@ -264,7 +264,7 @@ kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences, /*! * \param in_preferences a preferences object. - * \param out_minimum_lifetime on exit, the minimum lifetime that GUI tools will + * \param out_minimum_lifetime on exit, the minimum lifetime that GUI tools will * allow the user to specify for credentials. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the minimum credential lifetime for GUI credential lifetime controls. @@ -286,7 +286,7 @@ kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences, /*! * \param in_preferences a preferences object. - * \param out_maximum_lifetime on exit, the maximum lifetime that GUI tools will + * \param out_maximum_lifetime on exit, the maximum lifetime that GUI tools will * allow the user to specify for credentials. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the maximum credential lifetime for GUI credential lifetime controls. @@ -298,7 +298,7 @@ kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences, /*! * \param io_preferences a preferences object to modify. * \param in_minimum_renewal_lifetime a minimum lifetime indicating how small a lifetime the - * GUI tools should allow the user to specify for + * GUI tools should allow the user to specify for * credential renewal. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set the minimum credential renewal lifetime for GUI credential lifetime controls. @@ -309,7 +309,7 @@ kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_prefe /*! * \param in_preferences a preferences object. - * \param out_minimum_renewal_lifetime on exit, the minimum lifetime that GUI tools will + * \param out_minimum_renewal_lifetime on exit, the minimum lifetime that GUI tools will * allow the user to specify for credential renewal. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the minimum credential renewal lifetime for GUI credential lifetime controls. @@ -321,7 +321,7 @@ kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_pref /*! * \param io_preferences a preferences object to modify. * \param in_maximum_renewal_lifetime a maximum lifetime indicating how large a lifetime the - * GUI tools should allow the user to specify for + * GUI tools should allow the user to specify for * credential renewal. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set the maximum credential renewal lifetime for GUI credential lifetime controls. @@ -332,7 +332,7 @@ kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_prefe /*! * \param in_preferences a preferences object. - * \param out_maximum_renewal_lifetime on exit, the maximum lifetime that GUI tools will + * \param out_maximum_renewal_lifetime on exit, the maximum lifetime that GUI tools will * allow the user to specify for credential renewal. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the maximum credential renewal lifetime for GUI credential lifetime controls. @@ -355,7 +355,7 @@ kim_error kim_preferences_get_number_of_favorite_identities (kim_preferences in * \param in_index a index into the identities list (starting at 0). * \param out_identity on exit, the identity at \a in_index in \a in_preferences. * Must be freed with kim_string_free(). - * \param out_options on exit, the options associated with identity at \a in_index + * \param out_options on exit, the options associated with identity at \a in_index * in \a in_favorite_identities. May be KIM_OPTIONS_DEFAULT. * Pass NULL if you do not want the options associated with the identity. * Must be freed with kim_options_free(). diff --git a/src/include/kim/kim_selection_hints.h b/src/include/kim/kim_selection_hints.h index 1abbd0211e..20af083a93 100644 --- a/src/include/kim/kim_selection_hints.h +++ b/src/include/kim/kim_selection_hints.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -30,63 +30,63 @@ extern "C" { #endif #include <kim/kim_types.h> - + /*! * \page kim_selection_hints_overview KIM Selection Hints Overview * * \section kim_selection_hints_introduction Introduction * * Most users belong to multiple organizations and thus need - * to authenticate to multiple Kerberos realms. Traditionally Kerberos sites - * solved this problem by setting up a cross-realm relationship, which allowed - * the user to use TGT credentials for their client identity in one realm - * to obtain credentials in another realm via cross-realm authentication. As a - * result users could acquire credentials for a single client identity and use + * to authenticate to multiple Kerberos realms. Traditionally Kerberos sites + * solved this problem by setting up a cross-realm relationship, which allowed + * the user to use TGT credentials for their client identity in one realm + * to obtain credentials in another realm via cross-realm authentication. As a + * result users could acquire credentials for a single client identity and use * them everywhere. * - * Setting up cross-realm requires that realms share a secret, so sites must - * coordinate with one another to set up a cross-realm relationship. In - * addition, sites must set up authorization policies for users from other - * realms. As Kerberos becomes increasingly wide-spread, many realms will - * not have cross-realm relationships, and users will need to + * Setting up cross-realm requires that realms share a secret, so sites must + * coordinate with one another to set up a cross-realm relationship. In + * addition, sites must set up authorization policies for users from other + * realms. As Kerberos becomes increasingly wide-spread, many realms will + * not have cross-realm relationships, and users will need to * manually obtain credentials for their client identity at each realm - * (eg: "user@BANK.COM", "user@UNIVERSITY.EDU", etc). As a result, users + * (eg: "user@BANK.COM", "user@UNIVERSITY.EDU", etc). As a result, users * will often have multiple credentials caches, one for each client identity. * * Unfortunately this presents a problem for applications which need to obtain - * service credentials. Which client identity should they use? + * service credentials. Which client identity should they use? * Rather than having each application to manually search the cache collection, - * KIM provides a selection hints API for choosing the best client identity. - * This API is intended to simplify the process of choosing credentials + * KIM provides a selection hints API for choosing the best client identity. + * This API is intended to simplify the process of choosing credentials * and provide consistent behavior across all applications. * * Searching the cache collection for credentials may be expensive if there - * are a large number of caches. If credentials for the client identity + * are a large number of caches. If credentials for the client identity * are expired or not present, KIM may also wish to prompt the user for - * new credentials for the appropriate client identity. As a result, + * new credentials for the appropriate client identity. As a result, * applications might want to remember which client identity worked in - * the past and always request credentials using that identity. - * + * the past and always request credentials using that identity. + * * * \section kim_selection_hints_creating Creating KIM Selection Hints - * - * A KIM selection hints object consists of an application identifier and one or - * more pieces of information about the service the client application will be - * contacting. The application identifier is used by user preferences + * + * A KIM selection hints object consists of an application identifier and one or + * more pieces of information about the service the client application will be + * contacting. The application identifier is used by user preferences * to control how applications share cache entries. It is important to be - * consistent about what application identifier you provide. Java-style + * consistent about what application identifier you provide. Java-style * identifiers are recommended to avoid collisions. * * \section kim_selection_hints_searching Selection Hint Search Behavior * - * When using selection hints to search for an appropriate client identity, - * KIM uses a consistent hint search order. This allows applications to specify - * potentially contradictory information without preventing KIM from locating a - * single ccache. In addition the selection hint search order may change, - * especially if more hints are added. + * When using selection hints to search for an appropriate client identity, + * KIM uses a consistent hint search order. This allows applications to specify + * potentially contradictory information without preventing KIM from locating a + * single ccache. In addition the selection hint search order may change, + * especially if more hints are added. * - * As a result, callers are encouraged to provide all relevant search hints, - * even if only a subset of those search hints are necessary to get reasonable + * As a result, callers are encouraged to provide all relevant search hints, + * even if only a subset of those search hints are necessary to get reasonable * behavior in the current implementation. Doing so will provide the most * user-friendly selection experience. * @@ -99,14 +99,14 @@ extern "C" { * \li <B>Client Realm</B> A client identity in this realm. * \li <B>User</B> A client identity whose first component is this user string. * - * For example, if you specify a service identity and a credential for - * that identity already exists in the ccache collection, KIM may use that - * ccache, even if your user and client realm entries in the selection hints would + * For example, if you specify a service identity and a credential for + * that identity already exists in the ccache collection, KIM may use that + * ccache, even if your user and client realm entries in the selection hints would * lead it to choose a different ccache. If no credentials for the service identity * exist then KIM will fall back on the user and realm hints. * - * \note Due to performance and information exposure concerns, currently all - * searching is done by examining the cache collection. In the future the KIM + * \note Due to performance and information exposure concerns, currently all + * searching is done by examining the cache collection. In the future the KIM * may also make network requests as part of its search algorithm. For example * it might check to see if the TGT credentials in each ccache can obtain * credentials for the service identity specified by the selection hints. @@ -114,56 +114,56 @@ extern "C" { * \section kim_selection_hints_selecting Selecting an Identity Using Selection Hints * * Once you have provided search criteria for selecting an identity, use - * #kim_selection_hints_get_identity() to obtain an identity object. + * #kim_selection_hints_get_identity() to obtain an identity object. * You can then use #kim_identity_get_string() to obtain a krb5 principal - * string for use with gss_import_name() and gss_acquire_cred(). Alternatively, - * you can use #kim_ccache_create_from_client_identity() to obtain a ccache + * string for use with gss_import_name() and gss_acquire_cred(). Alternatively, + * you can use #kim_ccache_create_from_client_identity() to obtain a ccache * containing credentials for the identity. * * \note #kim_selection_hints_get_identity() obtains an identity based on - * the current state of the selection hints object. If you change the + * the current state of the selection hints object. If you change the * selection hints object you must call #kim_selection_hints_get_identity() * again. * * \section kim_selection_hints_caching Selection Hint Caching Behavior - * + * * In addition to using selection hints to search for an appropriate client - * identity, KIM can also use them to remember which client identity worked. + * identity, KIM can also use them to remember which client identity worked. * KIM maintains a per-user cache mapping selection hints to identities so - * that applications do not have to maintain their own caches or present + * that applications do not have to maintain their own caches or present * user interface for selecting which cache to use. * * When #kim_selection_hints_get_identity() is called KIM looks up in the - * cache and returns the identity which the selection hints map to. If - * there is not a preexisting cache entry for the selection hints then + * cache and returns the identity which the selection hints map to. If + * there is not a preexisting cache entry for the selection hints then * #kim_selection_hints_get_identity() will search for an identity and - * prompt the user if it cannot find an appropriate one. - * - * If the client identity returned by KIM authenticates and passes + * prompt the user if it cannot find an appropriate one. + * + * If the client identity returned by KIM authenticates and passes * authorization checks, you should tell KIM to cache the identity by calling * #kim_selection_hints_remember_identity(). This will create a cache entry - * for the mapping between your selection hints and the identity so that - * subsequent calls to #kim_selection_hints_get_identity() do not need to - * prompt the user. + * for the mapping between your selection hints and the identity so that + * subsequent calls to #kim_selection_hints_get_identity() do not need to + * prompt the user. * * If the client identity returned by KIM fails to authenticate or fails - * authorization checks, you must call #kim_selection_hints_forget_identity() + * authorization checks, you must call #kim_selection_hints_forget_identity() * to remove any mapping that already exists. After this function is called, - * future calls to #kim_selection_hints_get_identity() will search for an - * identity again. You may also wish to call this function if the user - * changes your application preferences such that the identity might be + * future calls to #kim_selection_hints_get_identity() will search for an + * identity again. You may also wish to call this function if the user + * changes your application preferences such that the identity might be * invalidated. - * + * * \note It is very important that you call #kim_selection_hints_forget_identity() * if your application fails to successfully establish a connection with the - * server. Otherwise the user can get "stuck" using the same non-working - * identity if they chose the wrong one accidentally or if their identity - * information changes. Because only your application understands the + * server. Otherwise the user can get "stuck" using the same non-working + * identity if they chose the wrong one accidentally or if their identity + * information changes. Because only your application understands the * authorization checksof the protocol it uses, KIM cannot tell whether or not * the identity worked. - * + * * If you wish to search and prompt for an identity without using - * the cached mappings, you can turn off the cached mapping lookups using + * the cached mappings, you can turn off the cached mapping lookups using * #kim_selection_hints_set_remember_identity(). This is not recommended * for most applications since it will result in a lot of unnecessary * searching and prompting for identities. @@ -173,40 +173,40 @@ extern "C" { * service. Otherwise KIM will not always find the cache entries. * * \section kim_selection_hints_prompt Selection Hint Prompting Behavior - * + * * If valid credentials for identity in the selection hints cache are * unavailable or if no identity could be found using searching or caching - * when #kim_selection_hints_get_identity() is called, KIM may present a - * GUI to ask the user to select an identity or acquire credentials for - * an identity. - * - * \note Because of the caching behavior described above the user will - * only be prompted to choose an identity when setting up the application - * or when their identity stops working. - * - * In order to let the user know why Kerberos needs their assistance, KIM - * displays the name of the application which requested the identity - * selection. Unfortunately, some platforms do not provide a runtime - * mechanism for determining the name of the calling process. If your - * application runs on one of these platforms (or is cross-platform) - * you should provide a localized version of its name with + * when #kim_selection_hints_get_identity() is called, KIM may present a + * GUI to ask the user to select an identity or acquire credentials for + * an identity. + * + * \note Because of the caching behavior described above the user will + * only be prompted to choose an identity when setting up the application + * or when their identity stops working. + * + * In order to let the user know why Kerberos needs their assistance, KIM + * displays the name of the application which requested the identity + * selection. Unfortunately, some platforms do not provide a runtime + * mechanism for determining the name of the calling process. If your + * application runs on one of these platforms (or is cross-platform) + * you should provide a localized version of its name with * the private function #kim_library_set_application_name(). * - * In many cases a single application may select different identities for - * different purposes. For example an email application might use different - * identities to check mail for different accounts. If your application - * has this property you may need to provide the user with a localized - * string describing how the identity will be used. You can specify - * this string with #kim_selection_hints_get_explanation(). You can find + * In many cases a single application may select different identities for + * different purposes. For example an email application might use different + * identities to check mail for different accounts. If your application + * has this property you may need to provide the user with a localized + * string describing how the identity will be used. You can specify + * this string with #kim_selection_hints_get_explanation(). You can find * out what string will be used with kim_selection_hints_set_explanation(). * * Since the user may choose to acquire credentials when selection an - * identity, KIM also provides #kim_selection_hints_set_options() to - * set what credential acquisition options are used. - * #kim_selection_hints_get_options() returns the options which will be used. + * identity, KIM also provides #kim_selection_hints_set_options() to + * set what credential acquisition options are used. + * #kim_selection_hints_get_options() returns the options which will be used. * - * If you need to disable user interaction, use - * #kim_selection_hints_set_allow_user_interaction(). Use + * If you need to disable user interaction, use + * #kim_selection_hints_set_allow_user_interaction(). Use * #kim_selection_hints_get_allow_user_interaction() to find out whether or * not user interaction is enabled. User interaction is enabled by default. * @@ -218,11 +218,11 @@ extern "C" { * @{ */ -/*! A client identity in this realm. +/*! A client identity in this realm. * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_client_realm "kim_hint_key_client_realm" -/*! A client identity whose first component is this user string. +/*! A client identity whose first component is this user string. * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_user "kim_hint_key_user" @@ -230,7 +230,7 @@ extern "C" { * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_service_realm "kim_hint_key_service_realm" -/*! A client identity which has obtained a service credential for this service. +/*! A client identity which has obtained a service credential for this service. * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_service "kim_hint_key_service" @@ -238,14 +238,14 @@ extern "C" { * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_server "kim_hint_key_server" -/*! The client identity which has obtained a service credential for this service identity. +/*! The client identity which has obtained a service credential for this service identity. * See \ref kim_selection_hints_overview for more information */ #define kim_hint_key_service_identity "kim_hint_key_service_identity" - + /*! - * \param out_selection_hints on exit, a new selection hints object. + * \param out_selection_hints on exit, a new selection hints object. * Must be freed with kim_selection_hints_free(). - * \param in_application_identifier an application identifier string. Java-style identifiers are recommended + * \param in_application_identifier an application identifier string. Java-style identifiers are recommended * to avoid cache entry collisions (eg: "com.example.MyApplication") * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Create a new selection hints object. @@ -254,9 +254,9 @@ kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints, kim_string in_application_identifier); /*! - * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints. + * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints. * Must be freed with kim_selection_hints_free(). - * \param in_selection_hints a selection hints object. + * \param in_selection_hints a selection hints object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy a selection hints object. */ @@ -278,9 +278,9 @@ kim_error kim_selection_hints_set_hint (kim_selection_hints io_selection_hints, /*! * \param in_selection_hints a selection hints object. - * \param in_hint_key A string representing the type of hint to + * \param in_hint_key A string representing the type of hint to * obtain. - * \param out_hint_string On exit, a string representation of the hint + * \param out_hint_string On exit, a string representation of the hint * \a in_hint_key in \a in_selection_hints. * If the hint is not set, sets the value pointed * to by \a out_hint_string to NULL; @@ -296,7 +296,7 @@ kim_error kim_selection_hints_get_hint (kim_selection_hints in_selection_hints, /*! * \param io_selection_hints a selection hints object to modify. * \param in_explanation a localized string describing why the caller needs the identity. - * \note If the application only does one thing (the reason it needs an identity is obvious) + * \note If the application only does one thing (the reason it needs an identity is obvious) * then you may not need to call this function. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set the strings used to prompt the user to select the identity. @@ -320,7 +320,7 @@ kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection /*! * \param io_selection_hints a selection hints object to modify. - * \param in_options options to control credential acquisition. + * \param in_options options to control credential acquisition. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Set the options which will be used if credentials need to be acquired. * \sa kim_selection_hints_get_options() @@ -330,7 +330,7 @@ kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hint /*! * \param in_selection_hints a selection hints object. - * \param out_options on exit, the options to control credential acquisition + * \param out_options on exit, the options to control credential acquisition * specified in \a in_selection_hints. May be KIM_OPTIONS_DEFAULT. * If not, must be freed with kim_options_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -354,8 +354,8 @@ kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in /*! * \param in_selection_hints a selection hints object to modify - * \param out_allow_user_interaction on exit, a boolean value specifying whether or not KIM - * should ask the user to select an identity for + * \param out_allow_user_interaction on exit, a boolean value specifying whether or not KIM + * should ask the user to select an identity for * \a in_selection_hints. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \note This setting defaults to TRUE. @@ -379,7 +379,7 @@ kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_sele /*! * \param in_selection_hints a selection hints object to modify - * \param out_remember_identity on exit, a boolean value specifying whether or not KIM will use a + * \param out_remember_identity on exit, a boolean value specifying whether or not KIM will use a * cached mapping between \a in_selection_hints and a Kerberos identity. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \note This setting defaults to TRUE. @@ -407,7 +407,7 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hin * \param in_selection_hints the selection hints to add to the cache. * \param in_identity the Kerberos identity \a in_selection_hints maps to. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. - * \brief Add an entry for the selection hints to the selection hints cache, + * \brief Add an entry for the selection hints to the selection hints cache, * replacing any existing entry. */ diff --git a/src/include/kim/kim_string.h b/src/include/kim/kim_string.h index f68f4a4090..283a497427 100644 --- a/src/include/kim/kim_string.h +++ b/src/include/kim/kim_string.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -34,8 +34,8 @@ extern "C" { /*! * \page kim_string_overview KIM String Overview * - * A UTF8 string. - * + * A UTF8 string. + * * Memory management routines are provided for runtime consistency on * operating systems with shared libraries and multiple runtimes. * @@ -43,21 +43,21 @@ extern "C" { * * Like most C APIs, the KIM API returns numeric error codes. These error * codes may come from KIM, krb5 or GSS APIs. In most cases the caller will - * want to handle these error programmatically. However, in some circumstances - * the caller may wish to print an error string to the user. + * want to handle these error programmatically. However, in some circumstances + * the caller may wish to print an error string to the user. * * One problem with just printing the error code to the user is that frequently - * the context behind the error has been lost. For example if KIM is trying to + * the context behind the error has been lost. For example if KIM is trying to * obtain credentials via referrals, it may fail partway through the process. * In this case the error code will be KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, which * maps to "Client not found in Kerberos database". Unfortunately this error * isn't terribly helpful because it doesn't tell the user whether they typoed - * their principal name or if referrals failed. + * their principal name or if referrals failed. * - * To avoid this problem, KIM maintains an explanatory string for the last + * To avoid this problem, KIM maintains an explanatory string for the last * error seen in each thread calling into KIM. If a caller wishes to display * an error to the user, immediately after getting the error the caller should - * call #kim_string_create_for_last_error() to obtain a copy of the + * call #kim_string_create_for_last_error() to obtain a copy of the * descriptive error message. * * See \ref kim_string_reference for information on specific APIs. @@ -69,24 +69,24 @@ extern "C" { */ /*! - * \param out_string On success, a human-readable UTF-8 string describing the + * \param out_string On success, a human-readable UTF-8 string describing the * error representedby \a in_error. Must be freed with * kim_string_free(). * \param in_error an error code. Used to verify that the correct error * string will be returned (see note below). - * \return On success, KIM_NO_ERROR. - * \note This API is implemented using thread local storage. It should be + * \return On success, KIM_NO_ERROR. + * \note This API is implemented using thread local storage. It should be * called immediately after a KIM API returns an error code so that the correct - * string is returned. The returned copy may then be held by the caller until + * string is returned. The returned copy may then be held by the caller until * needed. If \a in_error does not match the last saved error KIM may return * a less descriptive string. * \brief Get a text description of an error suitable for display to the user. */ kim_error kim_string_create_for_last_error (kim_string *out_string, kim_error in_error); - + /*! - * \param out_string on exit, a new string object which is a copy of \a in_string. + * \param out_string on exit, a new string object which is a copy of \a in_string. Must be freed with kim_string_free(). * \param in_string the string to copy. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. @@ -103,10 +103,10 @@ kim_error kim_string_copy (kim_string *out_string, * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Compare two strings. */ -kim_error kim_string_compare (kim_string in_string, +kim_error kim_string_compare (kim_string in_string, kim_string in_compare_to_string, kim_comparison *out_comparison); - + /*! * \param io_string a string to be freed. Set to NULL on exit. * \brief Free memory associated with a string. diff --git a/src/include/kim/kim_types.h b/src/include/kim/kim_types.h index a871410bb9..7723407cf9 100644 --- a/src/include/kim/kim_types.h +++ b/src/include/kim/kim_types.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -42,7 +42,7 @@ extern "C" { typedef int32_t kim_error; /*! - * No error value for the kim_error type. + * No error value for the kim_error type. */ #define KIM_NO_ERROR ((kim_error) 0) @@ -73,7 +73,7 @@ typedef int kim_boolean; * \li Greater than 0 means the first object is greater than the second. * \note Convenience macros are provided for interpreting #kim_comparison * values to improve code readability. - * See #kim_comparison_is_less_than(), #kim_comparison_is_equal_to() and + * See #kim_comparison_is_less_than(), #kim_comparison_is_equal_to() and * #kim_comparison_is_greater_than() */ typedef int kim_comparison; @@ -86,7 +86,7 @@ typedef int kim_comparison; /*! * Convenience macro for interpreting #kim_comparison. */ -#define kim_comparison_is_equal_to(c) (c == 0) +#define kim_comparison_is_equal_to(c) (c == 0) /*! * Convenience macro for interpreting #kim_comparison. diff --git a/src/include/kim/kim_ui_plugin.h b/src/include/kim/kim_ui_plugin.h index a15aa419a3..d5a08a87d0 100644 --- a/src/include/kim/kim_ui_plugin.h +++ b/src/include/kim/kim_ui_plugin.h @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -43,38 +43,38 @@ enum kim_prompt_type_enum { /* * Plugins for Controlling Identity Selection and Credential Acquisition - * + * * In order to acquire credentials, Kerberos needs to obtain one or more secrets from the user. - * These secrets may be a certificate, password, SecurID pin, or information from a smart card. + * These secrets may be a certificate, password, SecurID pin, or information from a smart card. * If obtaining the secret requires interaction with the user, the Kerberos libraries call a * "prompter callback" to display a dialog or command line prompt to request information from - * the user. If you want to provide your own custom dialogs or command line prompts, - * the KIM APIs provide a plugin mechanism for replacing the default prompt ui with your own. + * the user. If you want to provide your own custom dialogs or command line prompts, + * the KIM APIs provide a plugin mechanism for replacing the default prompt ui with your own. * - * The function table / structure which a KIM ui plugin module must export - * as "kim_ui_0". If the interfaces work correctly, future versions of the - * table will add either more callbacks or more arguments to callbacks, and + * The function table / structure which a KIM ui plugin module must export + * as "kim_ui_0". If the interfaces work correctly, future versions of the + * table will add either more callbacks or more arguments to callbacks, and * in both cases we'll be able to wrap the v0 functions. */ /* extern kim_ui_plugin_ftable_v0 kim_ui_0; */ - + typedef struct kim_ui_plugin_ftable_v0 { int minor_version; /* currently 0 */ - + /* Called before other calls to allow the UI to initialize. - * Return an error if you can't display your UI in this environment. + * Return an error if you can't display your UI in this environment. * To allow your plugin to be called from multiple threads, pass back - * state associated with this instance of your UI in out_context. + * state associated with this instance of your UI in out_context. * The same context pointer will be provided to all plugin calls for * this ui. */ kim_error (*init) (void **out_context); - + /* Present UI which allows the user to enter a new identity. - * This is typically called when the user selects a "new tickets" + * This is typically called when the user selects a "new tickets" * control or menu item from a ticket management utility. - * If this UI calls into KIM to get new credentials it may - * call auth_prompt below. + * If this UI calls into KIM to get new credentials it may + * call auth_prompt below. * If out_change_password is set to TRUE, KIM will call change_password * on the identity and then call enter_identity again, allowing you * to have a change password option on your UI. */ @@ -82,12 +82,12 @@ typedef struct kim_ui_plugin_ftable_v0 { kim_options io_options, kim_identity *out_identity, kim_boolean *out_change_password); - + /* Present UI to select which identity to use. * This is typically called the first time an application tries to use * Kerberos and is used to establish a hints preference for the application. - * If this UI calls into KIM to get new credentials it may - * call auth_prompt below. + * If this UI calls into KIM to get new credentials it may + * call auth_prompt below. * If out_change_password is set to TRUE, KIM will call change_password * on the identity and then call select_identity again, allowing you * to have a change password option on your UI. */ @@ -95,7 +95,7 @@ typedef struct kim_ui_plugin_ftable_v0 { kim_selection_hints io_hints, kim_identity *out_identity, kim_boolean *out_change_password); - + /* Present UI to display authentication to the user */ /* If in_allow_save_reply is FALSE do not display UI to allow the user * to save their password. In this case the value of out_save_reply will @@ -103,17 +103,17 @@ typedef struct kim_ui_plugin_ftable_v0 { kim_error (*auth_prompt) (void *in_context, kim_identity in_identity, kim_prompt_type in_type, - kim_boolean in_allow_save_reply, - kim_boolean in_hide_reply, + kim_boolean in_allow_save_reply, + kim_boolean in_hide_reply, kim_string in_title, kim_string in_message, kim_string in_description, char **out_reply, kim_boolean *out_save_reply); - - /* Prompt to change the identity's password. + + /* Prompt to change the identity's password. * May be combined with an auth_prompt if additional auth is required, - * eg: SecurID pin. + * eg: SecurID pin. * If in_old_password_expired is true, this callback is in response * to an expired password error. If this is the case the same context * which generated the error will be used for this callback. */ @@ -123,28 +123,28 @@ typedef struct kim_ui_plugin_ftable_v0 { char **out_old_password, char **out_new_password, char **out_verify_password); - + /* Display an error to the user; may be called after any of the prompts */ kim_error (*handle_error) (void *in_context, kim_identity in_identity, kim_error in_error, kim_string in_error_message, kim_string in_error_description); - + /* Free strings returned by the UI. Will be called once for each string * returned from a plugin callback. If you have returned a string twice * just make sure your free function checks for NULL and sets the pointer * to NULL when done freeing memory. */ void (*free_string) (void *in_context, char **io_string); - + /* Called after the last prompt (even on error) to allow the UI to * free allocated resources associated with its context. */ kim_error (*fini) (void *io_context); } kim_ui_plugin_ftable_v0; - + #ifdef __cplusplus } #endif diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index e0128d0586..464f3fa30a 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * General definitions for Kerberos version 5. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -162,7 +162,7 @@ typedef unsigned short krb5_ui_4; indicator */ #define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) -#define KRB5_INT16_MAX 65535 +#define KRB5_INT16_MAX 65535 /* this strange form is necessary since - is a unary operator, not a sign indicator */ #define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) @@ -187,8 +187,8 @@ typedef unsigned short krb5_ui_4; #endif typedef unsigned int krb5_boolean; -typedef unsigned int krb5_msgtype; -typedef unsigned int krb5_kvno; +typedef unsigned int krb5_msgtype; +typedef unsigned int krb5_kvno; typedef krb5_int32 krb5_addrtype; typedef krb5_int32 krb5_enctype; @@ -217,9 +217,9 @@ typedef struct _krb5_octet_data { krb5_octet *data; } krb5_octet_data; -/* +/* * Hack length for crypto library to use the afs_string_to_key It is - * equivalent to -1 without possible sign extension + * equivalent to -1 without possible sign extension * We also overload for an unset salt type length - which is also -1, but * hey, why not.... */ @@ -548,9 +548,9 @@ krb5_error_code KRB5_CALLCONV (krb5_context context, krb5_data *data); /* -* Collect entropy from the OS if possible. strong requests that as strong -* of a source of entropy as available be used. Setting strong may -* increase the probability of blocking and should not be used for normal +* Collect entropy from the OS if possible. strong requests that as strong +* of a source of entropy as available be used. Setting strong may +* increase the probability of blocking and should not be used for normal * applications. Good uses include seeding the PRNG for kadmind * and realm setup. * If successful is non-null, then successful is set to 1 if the OS provided @@ -587,15 +587,15 @@ krb5_error_code KRB5_CALLCONV (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *input, krb5_checksum *cksum); - + krb5_error_code KRB5_CALLCONV krb5_c_verify_checksum - (krb5_context context, + (krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid); - + krb5_error_code KRB5_CALLCONV krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, @@ -603,7 +603,7 @@ krb5_error_code KRB5_CALLCONV krb5_error_code KRB5_CALLCONV krb5_c_keyed_checksum_types - (krb5_context context, krb5_enctype enctype, + (krb5_context context, krb5_enctype enctype, unsigned int *count, krb5_cksumtype **cksumtypes); #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 @@ -683,7 +683,7 @@ krb5_error_code KRB5_CALLCONV krb5_error_code KRB5_CALLCONV krb5_c_verify_checksum_iov - (krb5_context context, + (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, @@ -896,7 +896,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* * Mask of ticket flags in the TGT which should be converted into KDC * options when using the TGT to get derivitive tickets. - * + * * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE */ @@ -1113,7 +1113,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* Time set */ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime - in ticket? otherwise client can't get this */ + in ticket? otherwise client can't get this */ krb5_timestamp starttime; /* optional in ticket, if not present, use authtime */ krb5_timestamp endtime; @@ -1330,7 +1330,7 @@ typedef struct _krb5_cred_enc_part { krb5_address *s_address; /* sender address, optional */ krb5_address *r_address; /* recipient address, optional */ krb5_cred_info **ticket_info; -} krb5_cred_enc_part; +} krb5_cred_enc_part; typedef struct _krb5_cred { krb5_magic magic; @@ -1385,11 +1385,11 @@ typedef struct _krb5_pa_pac_req { #define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 #define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 #define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 - -typedef struct krb5_replay_data { - krb5_timestamp timestamp; + +typedef struct krb5_replay_data { + krb5_timestamp timestamp; krb5_int32 usec; - krb5_ui_4 seq; + krb5_ui_4 seq; } krb5_replay_data; /* flags for krb5_auth_con_genaddrs() */ @@ -1401,7 +1401,7 @@ typedef struct krb5_replay_data { /* type of function used as a callback to generate checksum data for * mk_req */ -typedef krb5_error_code +typedef krb5_error_code (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, krb5_data **); @@ -1502,8 +1502,8 @@ krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst); krb5_error_code KRB5_CALLCONV krb5_cc_last_change_time ( - krb5_context context, - krb5_ccache ccache, + krb5_context context, + krb5_ccache ccache, krb5_timestamp *change_time); krb5_error_code KRB5_CALLCONV @@ -1615,7 +1615,7 @@ void KRB5_CALLCONV krb5_free_context krb5_error_code KRB5_CALLCONV krb5_copy_context (krb5_context, krb5_context *); -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_set_default_tgs_enctypes (krb5_context, const krb5_enctype *); @@ -1792,7 +1792,7 @@ krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags int); krb5_error_code KRB5_CALLCONV krb5_init_keyblock (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); + size_t length, krb5_keyblock **out); /* Initialize a new keyblock and allocate storage * for the contents of the key, which will be freed along * with the keyblock when krb5_free_keyblock is called. @@ -1875,7 +1875,7 @@ krb5_error_code KRB5_CALLCONV krb5_425_conv_principal krb5_principal *princ); krb5_error_code KRB5_CALLCONV krb5_524_conv_principal - (krb5_context context, krb5_const_principal princ, + (krb5_context context, krb5_const_principal princ, char *name, char *inst, char *realm); struct credentials; @@ -2102,7 +2102,7 @@ krb5_error_code KRB5_CALLCONV krb5_mk_priv krb5_data *, krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_sendauth +krb5_error_code KRB5_CALLCONV krb5_sendauth (krb5_context, krb5_auth_context *, krb5_pointer, @@ -2116,14 +2116,14 @@ krb5_error_code KRB5_CALLCONV krb5_sendauth krb5_error **, krb5_ap_rep_enc_part **, krb5_creds **); - + krb5_error_code KRB5_CALLCONV krb5_recvauth (krb5_context, krb5_auth_context *, krb5_pointer, char *, krb5_principal, - krb5_int32, + krb5_int32, krb5_keytab, krb5_ticket **); krb5_error_code KRB5_CALLCONV krb5_recvauth_version @@ -2131,7 +2131,7 @@ krb5_error_code KRB5_CALLCONV krb5_recvauth_version krb5_auth_context *, krb5_pointer, krb5_principal, - krb5_int32, + krb5_int32, krb5_keytab, krb5_ticket **, krb5_data *); @@ -2158,14 +2158,14 @@ krb5_error_code KRB5_CALLCONV krb5_rd_cred krb5_replay_data *); krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds - (krb5_context, + (krb5_context, krb5_auth_context, char *, - krb5_principal, - krb5_principal, + krb5_principal, + krb5_principal, krb5_ccache, int forwardable, - krb5_data *); + krb5_data *); krb5_error_code KRB5_CALLCONV krb5_auth_con_init (krb5_context, @@ -2564,13 +2564,13 @@ krb5_get_renewed_creds krb5_error_code KRB5_CALLCONV krb5_decode_ticket -(const krb5_data *code, +(const krb5_data *code, krb5_ticket **rep); void KRB5_CALLCONV krb5_appdefault_string (krb5_context context, - const char *appname, + const char *appname, const krb5_data *realm, const char *option, const char *default_value, @@ -2579,7 +2579,7 @@ krb5_appdefault_string void KRB5_CALLCONV krb5_appdefault_boolean (krb5_context context, - const char *appname, + const char *appname, const krb5_data *realm, const char *option, int default_value, diff --git a/src/include/krb5/locate_plugin.h b/src/include/krb5/locate_plugin.h index f9f29baf7d..8496f276bb 100644 --- a/src/include/krb5/locate_plugin.h +++ b/src/include/krb5/locate_plugin.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Service location plugin definitions for Kerberos 5. */ diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index e11913e3f0..dd0820af18 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -367,7 +367,7 @@ typedef void /* Return the flags which the KDC should use for this module. This is a * callback instead of a static value because the module may or may not - * wish to count itself as a hardware preauthentication module (in other + * wish to count itself as a hardware preauthentication module (in other * words, the flags may be affected by the configuration, for example if a * site administrator can force a particular preauthentication type to be * supported using only hardware). This function is called for each entry diff --git a/src/include/krb54proto.h b/src/include/krb54proto.h index d1d16e1baa..65cf5f939e 100644 --- a/src/include/krb54proto.h +++ b/src/include/krb54proto.h @@ -9,10 +9,9 @@ extern krb5_error_code krb54_get_service_keyblock extern int decomp_tkt_krb5 (KTEXT tkt, unsigned char *flags, char *pname, char *pinstance, char *prealm, unsigned KRB4_32 *paddress, - des_cblock session, int *life, unsigned KRB4_32 *time_sec, + des_cblock session, int *life, unsigned KRB4_32 *time_sec, char *sname, char *sinstance, krb5_keyblock *k5key); extern int krb_set_key_krb5 (krb5_context ctx, krb5_keyblock *key); void krb_clear_key_krb5 (krb5_context ctx); - diff --git a/src/include/osconf.hin b/src/include/osconf.hin index 339e4b228d..dd3f976c79 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Site- and OS- dependant configuration. */ diff --git a/src/include/pkinit_apple_utils.h b/src/include/pkinit_apple_utils.h index 313955f395..857b1685cb 100644 --- a/src/include/pkinit_apple_utils.h +++ b/src/include/pkinit_apple_utils.h @@ -28,7 +28,7 @@ * * Created 19 May 2004 by Doug Mitchell. */ - + #ifndef _PKINIT_APPLE_UTILS_H_ #define _PKINIT_APPLE_UTILS_H_ @@ -70,7 +70,7 @@ CSSM_CL_HANDLE pkiClStartup(void); * CSSM_DATA <--> krb5_ui_4 */ krb5_error_code pkiDataToInt( - const CSSM_DATA *cdata, + const CSSM_DATA *cdata, krb5_int32 *i); /* RETURNED */ krb5_error_code pkiIntToData( @@ -86,13 +86,13 @@ krb5_error_code pkiDataToKrb5Data( unsigned dataLen, krb5_data *kd); /* content mallocd and RETURNED */ -/* +/* * CSSM_DATA <--> krb5_data * * CSSM_DATA data is managed by a SecAsn1CoderRef; krb5_data.data is mallocd. */ krb5_error_code pkiCssmDataToKrb5Data( - const CSSM_DATA *cd, + const CSSM_DATA *cd, krb5_data *kd); /* content mallocd and RETURNED */ @@ -101,13 +101,13 @@ krb5_error_code pkiKrb5DataToCssm( CSSM_DATA *cdata, /* allocated in coder space and RETURNED */ SecAsn1CoderRef coder); -/* +/* * CFDataRef --> krb5_data, mallocing the destination contents. */ krb5_error_code pkiCfDataToKrb5Data( CFDataRef cfData, krb5_data *kd); /* content mallocd and RETURNED */ - + /* * Non-mallocing conversion between CSSM_DATA and krb5_data */ @@ -126,7 +126,7 @@ krb5_boolean pkiCompareCssmData( const CSSM_DATA *d1, const CSSM_DATA *d2); -/* +/* * krb5_timestamp <--> a mallocd string in generalized format */ krb5_error_code pkiKrbTimestampToStr( diff --git a/src/include/pkinit_asn1.h b/src/include/pkinit_asn1.h index b90ae59607..8e33a69a60 100644 --- a/src/include/pkinit_asn1.h +++ b/src/include/pkinit_asn1.h @@ -28,7 +28,7 @@ * * Created 18 May 2004 by Doug Mitchell. */ - + #ifndef _PKINIT_ASN1_H_ #define _PKINIT_ASN1_H_ @@ -44,18 +44,18 @@ typedef struct { krb5_data parameters; /* ASN_ANY, defined by algorithm */ } krb5int_algorithm_id; -/* +/* * Encode and decode AuthPack, public key version (no Diffie-Hellman components). */ krb5_error_code krb5int_pkinit_auth_pack_encode( - krb5_timestamp kctime, + krb5_timestamp kctime, krb5_int32 cusec, /* microseconds */ krb5_ui_4 nonce, const krb5_checksum *pa_checksum, const krb5int_algorithm_id *cms_types, /* optional */ krb5_ui_4 num_cms_types, krb5_data *auth_pack); /* mallocd and RETURNED */ - + /* all returned values are optional - pass NULL if you don't want them */ krb5_error_code krb5int_pkinit_auth_pack_decode( const krb5_data *auth_pack, /* DER encoded */ @@ -65,10 +65,10 @@ krb5_error_code krb5int_pkinit_auth_pack_decode( krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */ krb5int_algorithm_id **cms_types, /* mallocd and RETURNED */ krb5_ui_4 *num_cms_types); /* RETURNED */ - - + + /* - * Given DER-encoded issuer and serial number, create an encoded + * Given DER-encoded issuer and serial number, create an encoded * IssuerAndSerialNumber. */ krb5_error_code krb5int_pkinit_issuer_serial_encode( @@ -85,9 +85,9 @@ krb5_error_code krb5int_pkinit_issuer_serial_decode( krb5_data *serial_num); /* RETURNED */ /* - * Top-level encode for PA-PK-AS-REQ. + * Top-level encode for PA-PK-AS-REQ. * The signed_auth_pack field is wrapped in an OCTET STRING, content - * specific tag 0, during encode. + * specific tag 0, during encode. */ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode( const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */ @@ -98,24 +98,24 @@ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode( krb5_data *pa_pk_as_req); /* mallocd and RETURNED */ /* - * Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the + * Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the * ContentInfo; that is returned in BER-encoded form and processed elsewhere. - * The OCTET STRING wrapping the signed_auth_pack field is removed during the + * The OCTET STRING wrapping the signed_auth_pack field is removed during the * decode. */ krb5_error_code krb5int_pkinit_pa_pk_as_req_decode( const krb5_data *pa_pk_as_req, krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */ - /* - * Remainder are optionally RETURNED (specify NULL for pointers to + /* + * Remainder are optionally RETURNED (specify NULL for pointers to * items you're not interested in). */ krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */ - krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs + krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs * issuer/serial */ krb5_data *kdc_cert); /* DER encoded issuer/serial */ -/* +/* * Encode a ReplyKeyPack. The result is used as the Content of a SignedData. */ krb5_error_code krb5int_pkinit_reply_key_pack_encode( @@ -123,7 +123,7 @@ krb5_error_code krb5int_pkinit_reply_key_pack_encode( const krb5_checksum *checksum, krb5_data *reply_key_pack); /* mallocd and RETURNED */ -/* +/* * Decode a ReplyKeyPack. */ krb5_error_code krb5int_pkinit_reply_key_pack_decode( @@ -131,31 +131,31 @@ krb5_error_code krb5int_pkinit_reply_key_pack_decode( krb5_keyblock *key_block, /* RETURNED */ krb5_checksum *checksum); /* contents mallocd and RETURNED */ -/* +/* * Encode a PA-PK-AS-REP. * Exactly one of {dh_signed_data, enc_key_pack} is non-NULL on entry; - * each is a previously encoded item. + * each is a previously encoded item. * * dh_signed_data, if specified, is an encoded DHRepInfo. * enc_key_pack, if specified, is EnvelopedData(signedData(ReplyKeyPack) */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode( - const krb5_data *dh_signed_data, + const krb5_data *dh_signed_data, const krb5_data *enc_key_pack, /* EnvelopedData(signedData(ReplyKeyPack) */ krb5_data *pa_pk_as_rep); /* mallocd and RETURNED */ -/* +/* * Decode a PA-PK-AS-REP. * On successful return, exactly one of {dh_signed_data, enc_key_pack} * will be non-NULL, each of which is mallocd and must be freed by - * caller. + * caller. * * dh_signed_data, if returned, is an encoded DHRepInfo. * enc_key_pack, if specified, is EnvelopedData(signedData(ReplyKeyPack) */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode( const krb5_data *pa_pk_as_rep, - krb5_data *dh_signed_data, + krb5_data *dh_signed_data, krb5_data *enc_key_pack); /* diff --git a/src/include/pkinit_cert_store.h b/src/include/pkinit_cert_store.h index 6811d5a722..b7f70d3889 100644 --- a/src/include/pkinit_cert_store.h +++ b/src/include/pkinit_cert_store.h @@ -28,7 +28,7 @@ * * Created 26 May 2004 by Doug Mitchell at Apple. */ - + #ifndef _PKINIT_CERT_STORE_H_ #define _PKINIT_CERT_STORE_H_ @@ -50,13 +50,13 @@ typedef void *krb5_pkinit_signing_cert_t; */ typedef void *krb5_pkinit_cert_t; -/* - * Opaque reference to a database in which PKINIT-related certificates are stored. +/* + * Opaque reference to a database in which PKINIT-related certificates are stored. */ typedef void *krb5_pkinit_cert_db_t; /* - * Obtain signing cert for specified principal. On successful return, + * Obtain signing cert for specified principal. On successful return, * caller must eventually release the cert with krb5_pkinit_release_cert(). * * Returns KRB5_PRINC_NOMATCH if client cert not found. @@ -64,8 +64,8 @@ typedef void *krb5_pkinit_cert_db_t; krb5_error_code krb5_pkinit_get_client_cert( const char *principal, /* full principal string */ krb5_pkinit_signing_cert_t *client_cert); /* RETURNED */ - -/* + +/* * Determine if the specified client has a signing cert. Returns TRUE * if so, else returns FALSE. */ @@ -85,7 +85,7 @@ krb5_error_code krb5_pkinit_set_client_cert( const char *principal, /* full principal string */ krb5_pkinit_cert_t client_cert); -/* +/* * Obtain a reference to the client's cert database. Specify either principal * name or client_cert as obtained from krb5_pkinit_get_client_cert(). */ @@ -100,10 +100,10 @@ krb5_error_code krb5_pkinit_get_client_cert_db( * * The client_spec argument is typically provided by the client as kdcPkId. * - * If trusted_CAs and client_spec are NULL, a platform-dependent preferred - * KDC signing cert is returned, if one exists. + * If trusted_CAs and client_spec are NULL, a platform-dependent preferred + * KDC signing cert is returned, if one exists. * - * On successful return, caller must eventually release the cert with + * On successful return, caller must eventually release the cert with * krb5_pkinit_release_cert(). Outside of an unusual test configuration this = * * Returns KRB5_PRINC_NOMATCH if KDC cert not found. @@ -115,7 +115,7 @@ krb5_error_code krb5_pkinit_get_kdc_cert( krb5_data *client_spec, /* optional */ krb5_pkinit_signing_cert_t *kdc_cert); /* RETURNED */ -/* +/* * Obtain a reference to the KDC's cert database. */ krb5_error_code krb5_pkinit_get_kdc_cert_db( @@ -127,27 +127,27 @@ krb5_error_code krb5_pkinit_get_kdc_cert_db( */ extern void krb5_pkinit_release_cert( krb5_pkinit_signing_cert_t cert); - + /* * Release database references obtained via krb5_pkinit_get_client_cert_db() and * krb5_pkinit_get_kdc_cert_db(). */ extern void krb5_pkinit_release_cert_db( krb5_pkinit_cert_db_t cert_db); - -/* - * Obtain a mallocd C-string representation of a certificate's SHA1 digest. - * Only error is a NULL return indicating memory failure. + +/* + * Obtain a mallocd C-string representation of a certificate's SHA1 digest. + * Only error is a NULL return indicating memory failure. * Caller must free the returned string. */ char *krb5_pkinit_cert_hash_str( const krb5_data *cert); - -/* + +/* * Obtain a client's optional list of trusted KDC CA certs (trustedCertifiers) - * and/or trusted KDC cert (kdcPkId) for a given client and server. - * All returned values are mallocd and must be freed by caller; the contents - * of the krb5_datas are DER-encoded certificates. + * and/or trusted KDC cert (kdcPkId) for a given client and server. + * All returned values are mallocd and must be freed by caller; the contents + * of the krb5_datas are DER-encoded certificates. */ krb5_error_code krb5_pkinit_get_server_certs( const char *client_principal, diff --git a/src/include/pkinit_client.h b/src/include/pkinit_client.h index 31951caaf1..3b9a841baf 100644 --- a/src/include/pkinit_client.h +++ b/src/include/pkinit_client.h @@ -45,27 +45,27 @@ extern "C" { */ krb5_error_code krb5int_pkinit_as_req_create( krb5_context context, - krb5_timestamp kctime, + krb5_timestamp kctime, krb5_int32 cusec, /* microseconds */ krb5_ui_4 nonce, const krb5_checksum *cksum, krb5_pkinit_signing_cert_t client_cert, /* required! */ - - /* + + /* * trusted_CAs correponds to PA-PK-AS-REQ.trustedCertifiers. - * Expressed here as an optional list of DER-encoded certs. + * Expressed here as an optional list of DER-encoded certs. */ - const krb5_data *trusted_CAs, + const krb5_data *trusted_CAs, krb5_ui_4 num_trusted_CAs, - - /* optional PA-PK-AS-REQ.kdcPkId, expressed here as a + + /* optional PA-PK-AS-REQ.kdcPkId, expressed here as a * DER-encoded cert */ - const krb5_data *kdc_cert, + const krb5_data *kdc_cert, krb5_data *as_req); /* mallocd and RETURNED */ /* - * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. - * Optionally returns various components. + * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. + * Optionally returns various components. */ krb5_error_code krb5int_pkinit_as_rep_parse( krb5_context context, @@ -81,7 +81,7 @@ krb5_error_code krb5int_pkinit_as_rep_parse( * * signer_cert is the DER-encoded leaf cert from the incoming SignedData. * all_certs is an array of all of the certs in the incoming SignedData, - * in full DER-encoded form. + * in full DER-encoded form. */ krb5_data *signer_cert, /* content mallocd */ unsigned *num_all_certs, /* sizeof *all_certs */ diff --git a/src/include/pkinit_cms.h b/src/include/pkinit_cms.h index 6e5fb96ce5..accf8bfb32 100644 --- a/src/include/pkinit_cms.h +++ b/src/include/pkinit_cms.h @@ -45,27 +45,27 @@ extern "C" { */ enum { /* normal CMS ContentTypes */ - ECT_Data, + ECT_Data, ECT_SignedData, ECT_EnvelopedData, ECT_EncryptedData, - + /* * For SignedAuthPack * pkauthdata: { iso (1) org (3) dod (6) internet (1) * security (5) kerberosv5 (2) pkinit (3) pkauthdata (1)} */ ECT_PkAuthData, - + /* * For ReplyKeyPack * pkrkeydata: { iso (1) org (3) dod (6) internet (1) * security (5) kerberosv5 (2) pkinit (3) pkrkeydata (3) } */ ECT_PkReplyKeyKata, - + /* - * Other - i.e., unrecognized ContentType on decode. + * Other - i.e., unrecognized ContentType on decode. */ ECT_Other }; @@ -96,7 +96,7 @@ enum { typedef krb5_int32 krb5int_cert_sig_status; /* - * Create a CMS message: either encrypted (EnvelopedData), signed + * Create a CMS message: either encrypted (EnvelopedData), signed * (SignedData), or both (EnvelopedData(SignedData(content)). * * The message is signed iff signing_cert is non-NULL. @@ -107,8 +107,8 @@ typedef krb5_int32 krb5int_cert_sig_status; * if the message is not to be signed. * * The cms_types argument optionally specifies a list, in order - * of decreasing preference, of CMS algorithms to use in the - * creation of the CMS message. + * of decreasing preference, of CMS algorithms to use in the + * creation of the CMS message. */ krb5_error_code krb5int_pkinit_create_cms_msg( const krb5_data *content, /* Content */ @@ -120,19 +120,19 @@ krb5_error_code krb5int_pkinit_create_cms_msg( krb5_data *content_info); /* contents mallocd and RETURNED */ /* - * Parse a ContentInfo as best we can. All returned fields are optional - - * pass NULL for values you don't need. + * Parse a ContentInfo as best we can. All returned fields are optional - + * pass NULL for values you don't need. * - * If signer_cert_status is NULL on entry, NO signature or cert evaluation - * will be performed. + * If signer_cert_status is NULL on entry, NO signature or cert evaluation + * will be performed. * * The is_client_msg argument indicates whether the CMS message originated * from the client (TRUE) or server (FALSE) and may be used in platform- - * dependent certificate evaluation. + * dependent certificate evaluation. * * Note that signature and certificate verification errors do NOT cause - * this routine itself to return an error; caller is reponsible for - * handling such errors per the signer_cert_status out parameter. + * this routine itself to return an error; caller is reponsible for + * handling such errors per the signer_cert_status out parameter. */ krb5_error_code krb5int_pkinit_parse_cms_msg( const krb5_data *content_info, @@ -150,14 +150,14 @@ krb5_error_code krb5int_pkinit_parse_cms_msg( unsigned *num_all_certs, /* size of *all_certs RETURNED */ krb5_data **all_certs); /* entire cert chain RETURNED */ -/* - * An AuthPack contains an optional set of AlgorithmIdentifiers - * which define the CMS algorithms supported by the client, in - * order of decreasing preference. +/* + * An AuthPack contains an optional set of AlgorithmIdentifiers + * which define the CMS algorithms supported by the client, in + * order of decreasing preference. * * krb5int_pkinit_get_cms_types() is a CMS-implementation-dependent * function returning supported CMS algorithms in the form of a - * pointer and a length suitable for passing to + * pointer and a length suitable for passing to * krb5int_pkinit_auth_pack_encode. If no preference is to be expressed, * this function returns NULL/0 (without returning a nonzero krb5_error_code). * @@ -167,7 +167,7 @@ krb5_error_code krb5int_pkinit_parse_cms_msg( krb5_error_code krb5int_pkinit_get_cms_types( krb5int_algorithm_id **supported_cms_types, /* RETURNED */ krb5_ui_4 *num_supported_cms_types); /* RETURNED */ - + krb5_error_code krb5int_pkinit_free_cms_types( krb5int_algorithm_id *supported_cms_types, krb5_ui_4 num_supported_cms_types); diff --git a/src/include/socket-utils.h b/src/include/socket-utils.h index 070bb2ff13..d874058019 100644 --- a/src/include/socket-utils.h +++ b/src/include/socket-utils.h @@ -1,42 +1,42 @@ /* * Copyright (C) 2001,2005 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. - * - * This software is being provided to you, the LICENSEE, by the - * Massachusetts Institute of Technology (M.I.T.) under the following - * license. By obtaining, using and/or copying this software, you agree - * that you have read, understood, and will comply with these terms and - * conditions: - * + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute - * this software and its documentation for any purpose and without fee or - * royalty is hereby granted, provided that you agree to comply with the - * following copyright notice and statements, including the disclaimer, and - * that the same appear on ALL copies of the software and documentation, - * including modifications that you make for internal use or for + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for * distribution: - * - * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS - * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF - * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY - * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. - * - * The name of the Massachusetts Institute of Technology or M.I.T. may NOT - * be used in advertising or publicity pertaining to distribution of the - * software. Title to copyright in this software and any associated - * documentation shall at all times remain with M.I.T., and USER agrees to + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. + * fashion that it might be confused with the original M.I.T. software. */ #ifndef SOCKET_UTILS_H diff --git a/src/include/spnego-asn1.h b/src/include/spnego-asn1.h index 8070a9f99e..211ba37d8b 100644 --- a/src/include/spnego-asn1.h +++ b/src/include/spnego-asn1.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,9 +22,9 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * This file contains structure definitions + * + * This file contains structure definitions * for the SPNEGO GSSAPI mechanism (RFC 2478). This file is *an internal interface between the GSSAPI library and the ASN.1 *encoders/decoders for the SPNEGO structures in the krb5 library. diff --git a/src/include/win-mac.h b/src/include/win-mac.h index f77cd2b419..4086487657 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -25,8 +25,8 @@ #else /* ! RES_ONLY */ -/* To ensure backward compatibility of the ABI use 32-bit time_t on - * 32-bit Windows. +/* To ensure backward compatibility of the ABI use 32-bit time_t on + * 32-bit Windows. */ #ifdef _KRB5_INT_H #ifdef KRB5_GENERAL__ @@ -37,7 +37,7 @@ #error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform. #endif /* _TIME_T_DEFINED */ #define _USE_32BIT_TIME_T -#endif +#endif #endif #define SIZEOF_INT 4 @@ -102,7 +102,7 @@ typedef _W64 int ssize_t; #define HAVE_NETINET_IN_H #define MSDOS_FILESYSTEM -#define HAVE_STRING_H +#define HAVE_STRING_H #define HAVE_SRAND #define HAVE_ERRNO #define HAVE_STRDUP @@ -154,7 +154,7 @@ typedef _W64 int ssize_t; #endif #define INI_KRB_REALMS "krb.realms" /* Location of krb.realms file */ #define DEF_KRB_REALMS "krb.realms" /* Default name for krb.realms file */ -#define INI_RECENT_LOGINS "Recent Logins" +#define INI_RECENT_LOGINS "Recent Logins" #define INI_LOGIN "Login" #define HAS_VOID_TYPE @@ -176,7 +176,7 @@ typedef _W64 int ssize_t; /* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o * routines directly. Rather, they only export the _<function> version. - * The following defines works around this problem. + * The following defines works around this problem. */ #include <sys\types.h> #include <sys\stat.h> |