|
|
KRB5_AUTH_CONTEXT(3)
Contents
|
krb5_auth_context, krb5_auth_con_init, krb5_auth_con_free,
krb5_auth_con_setflags, krb5_auth_con_getflags,
krb5_auth_con_setaddrs,
krb5_auth_con_setaddrs_from_fd, krb5_auth_con_getaddrs,
krb5_auth_con_genaddrs, krb5_auth_con_getkey,
krb5_auth_con_setkey,
krb5_auth_con_getuserkey, krb5_auth_con_setuserkey,
krb5_auth_con_getlocalsubkey, krb5_auth_con_setlocalsubkey,
krb5_auth_con_getremotesubkey,
krb5_auth_con_setremotesubkey,
krb5_auth_setcksumtype, krb5_auth_getcksumtype,
krb5_auth_setkeytype,
krb5_auth_getkeytype, krb5_auth_getlocalseqnumber,
krb5_auth_setlocalseqnumber, krb5_auth_getremoteseqnumber,
krb5_auth_setremoteseqnumber, krb5_auth_getauthenticator,
krb5_auth_con_getrcache, krb5_auth_con_setrcache,
krb5_auth_con_initivector, krb5_auth_con_setivector - manage
authentication
on connection level
Kerberos 5 Library (libkrb5, -lkrb5)
#include <krb5.h>
krb5_error_code
krb5_auth_con_init(krb5_context context,
krb5_auth_context *auth_context);
void
krb5_auth_con_free(krb5_context context, krb5_auth_context
auth_context);
krb5_error_code
krb5_auth_con_setflags(krb5_context context,
krb5_auth_context auth_context, int32_t flags);
krb5_error_code
krb5_auth_con_getflags(krb5_context context,
krb5_auth_context auth_context, int32_t *flags);
krb5_error_code
krb5_auth_con_setaddrs(krb5_context context,
krb5_auth_context auth_context, krb5_address
*local_addr,
krb5_address *remote_addr);
krb5_error_code
krb5_auth_con_getaddrs(krb5_context context,
krb5_auth_context auth_context, krb5_address
**local_addr,
krb5_address **remote_addr);
krb5_error_code
krb5_auth_con_genaddrs(krb5_context context,
krb5_auth_context auth_context, int fd, int flags);
krb5_error_code
krb5_auth_con_setaddrs_from_fd(krb5_context context,
krb5_auth_context auth_context, void *p_fd);
krb5_error_code
krb5_auth_con_getkey(krb5_context context,
krb5_auth_context auth_context, krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_getlocalsubkey(krb5_context context,
krb5_auth_context auth_context, krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context, krb5_keyblock
**keyblock);
krb5_error_code
krb5_auth_con_initivector(krb5_context context,
krb5_auth_context auth_context);
krb5_error_code
krb5_auth_con_setivector(krb5_context context,
krb5_auth_context *auth_context, krb5_pointer
ivector);
The krb5_auth_context structure holds all context related to
an authenticated
connection, in a similar way to krb5_context that
holds the context
for the thread or process. krb5_auth_context is used by
various functions
that are directly related to authentication between
the server/client.
Example of data that this structure contains are
various
flags, addresses of client and server, port numbers, keyblocks (and subkeys),
sequence numbers, replay cache, and checksum-type.
krb5_auth_con_init() allocates and initializes the
krb5_auth_context
structure. Default values can be changed with
krb5_auth_con_setcksumtype() and krb5_auth_con_setflags().
The
auth_context structure must be freed by
krb5_auth_con_free().
krb5_auth_con_getflags() and krb5_auth_con_setflags() gets
and modifies
the flags for a krb5_auth_context structure. Possible flags
to set are:
KRB5_AUTH_CONTEXT_DO_TIME
check timestamp on incoming packets.
KRB5_AUTH_CONTEXT_DO_SEQUENCE
Generate and check sequence-number on each packet.
krb5_auth_con_setaddrs(), krb5_auth_con_setaddrs_from_fd()
and
krb5_auth_con_getaddrs() gets and sets the addresses that
are checked
when a packet is received. It is mandatory to set an address for the remote
host. If the local address is not set, it iss deduced
from the underlaying
operating system. krb5_auth_con_getaddrs() will
call
krb5_free_address() on any address that is passed in
local_addr or
remote_addr. krb5_auth_con_setaddr() allows passing in a
NULL pointer as
local_addr and remote_addr, in that case it will just not
set that address.
krb5_auth_con_setaddrs_from_fd() fetches the addresses from
a file descriptor.
krb5_auth_con_genaddrs() fetches the address information
from the given
file descriptor fd depending on the bitmap argument flags.
Possible values on flags are:
KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
fetches the local address from fd.
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
fetches the remote address from fd.
krb5_auth_con_setkey(), krb5_auth_con_setuserkey() and
krb5_auth_con_getkey() gets and sets the key used for this
auth context.
The keyblock returned by krb5_auth_con_getkey() should be
freed with
krb5_free_keyblock(). The keyblock send into
krb5_auth_con_setkey() is
copied into the krb5_auth_context, and thus no special handling is needed.
NULL is not a valid keyblock to krb5_auth_con_setkey().
krb5_auth_con_setuserkey() is only useful when doing user to
user authentication.
krb5_auth_con_setkey() is equivalent to
krb5_auth_con_setuserkey().
krb5_auth_con_getlocalsubkey(),
krb5_auth_con_setlocalsubkey(),
krb5_auth_con_getremotesubkey() and
krb5_auth_con_setremotesubkey() gets
and sets the keyblock for the local and remote subkey. The
keyblock returned
by krb5_auth_con_getlocalsubkey() and
krb5_auth_con_getremotesubkey() must be freed with
krb5_free_keyblock().
krb5_auth_setcksumtype() and krb5_auth_getcksumtype() sets
and gets the
checksum type that should be used for this connection.
krb5_auth_getremoteseqnumber()
krb5_auth_setremoteseqnumber(),
krb5_auth_getlocalseqnumber() and
krb5_auth_setlocalseqnumber() gets and
sets the sequence-number for the local and remote sequencenumber
counter.
krb5_auth_setkeytype() and krb5_auth_getkeytype() gets and
gets the keytype
of the keyblock in krb5_auth_context.
krb5_auth_getauthenticator() Retrieves the authenticator
that was used
during mutual authentication. The authenticator returned
should be freed
by calling krb5_free_authenticator().
krb5_auth_con_getrcache() and krb5_auth_con_setrcache() gets
and sets the
replay-cache.
krb5_auth_con_initivector() allocates memory for and zeros
the initial
vector in the auth_context keyblock.
krb5_auth_con_setivector() sets the i_vector portion of
auth_context to
ivector.
krb5_context(3), kerberos(8)
HEIMDAL January 21, 2001
[ Back ] |
