1 The key table functions deal with storing and retrieving service keys
2 for use by unattended services which participate in authentication exchanges.
4 Keytab routines are all be atomic. Every routine that acquires
5 a non-sharable resource releases it before it returns.
7 All keytab types support multiple concurrent sequential scans.
9 The order of values returned from \funcname{krb5_kt_next_entry} is
12 Although the ``right thing'' should happen if the program aborts
13 abnormally, a close routine, \funcname{krb5_kt_free_entry}, is provided
14 for freeing resources, etc. People should use the close routine when
17 \begin{funcdecl}{krb5_kt_register}{krb5_error_code}{\funcinout}
18 \funcarg{krb5_context}{context}
20 \funcarg{krb5_kt_ops *}{ops}
24 Adds a new ticket cache type to the set recognized by
25 \funcname{krb5_kt_resolve}.
26 Requires that a keytab type named \funcparam{ops{\ptsto}prefix} is not
29 An error is returned if \funcparam{ops{\ptsto}prefix} is already known.
31 \begin{funcdecl}{krb5_kt_resolve}{krb5_error_code}{\funcinout}
32 \funcarg{krb5_context}{context}
34 \funcarg{const char *}{string_name}
36 \funcarg{krb5_keytab *}{id}
39 Fills in \funcparam{*id} with a handle identifying the keytab with name
40 ``string_name''. The keytab is not opened.
41 Requires that \funcparam{string_name} be of the form ``type:residual'' and
42 ``type'' is a type known to the library.
44 Errors: badly formatted name.
46 \begin{funcdecl}{krb5_kt_default_name}{krb5_error_code}{\funcinout}
47 \funcarg{krb5_context}{context}
49 \funcarg{char *}{name}
50 \funcarg{int}{namesize}
53 \funcparam{name} is filled in with the first \funcparam{namesize} bytes of
54 the name of the default keytab.
55 If the name is shorter than \funcparam{namesize}, then the remainder of
56 \funcparam{name} will be zeroed.
59 \begin{funcdecl}{krb5_kt_default}{krb5_error_code}{\funcinout}
60 \funcarg{krb5_context}{context}
62 \funcarg{krb5_keytab *}{id}
65 Fills in \funcparam{id} with a handle identifying the default keytab.
67 \begin{funcdecl}{krb5_kt_read_service_key}{krb5_error_code}{\funcinout}
68 \funcarg{krb5_context}{context}
70 \funcarg{krb5_pointer}{keyprocarg}
71 \funcarg{krb5_principal}{principal}
72 \funcarg{krb5_kvno}{vno}
73 \funcarg{krb5_keytype}{keytype}
75 \funcarg{krb5_keyblock **}{key}
78 If \funcname{keyprocarg} is not NULL, it is taken to be a
79 \datatype{char *} denoting the name of a keytab. Otherwise, the default
81 The keytab is opened and searched for the entry identified by
82 \funcparam{principal}, \funcparam{keytype}, and \funcparam{vno},
83 returning the resulting key
84 in \funcparam{*key} or returning an error code if it is not found.
86 \funcname{krb5_free_keyblock} should be called on \funcparam{*key} when
87 the caller is finished with the key.
89 Returns an error code if the entry is not found.
91 \begin{funcdecl}{krb5_kt_add_entry}{krb5_error_code}{\funcinout}
92 \funcarg{krb5_context}{context}
94 \funcarg{krb5_keytab}{id}
95 \funcarg{krb5_keytab_entry *}{entry}
98 Calls the keytab-specific add routine \funcname{krb5_kt_add_internal}
99 with the same function arguments. If this routine is not available,
100 then KRB5_KT_NOWRITE is returned.
102 \begin{funcdecl}{krb5_kt_remove_entry}{krb5_error_code}{\funcinout}
103 \funcarg{krb5_context}{context}
105 \funcarg{krb5_keytab}{id}
106 \funcarg{krb5_keytab_entry *}{entry}
109 Calls the keytab-specific remove routine
110 \funcname{krb5_kt_remove_internal} with the same function arguments.
111 If this routine is not available, then KRB5_KT_NOWRITE is returned.
113 \begin{funcdecl}{krb5_kt_get_name}{krb5_error_code}{\funcinout}
114 \funcarg{krb5_context}{context}
115 \funcarg{krb5_keytab}{id}
117 \funcarg{char *}{name}
119 \funcarg{unsigned int}{namesize}
122 \funcarg{name} is filled in with the first \funcparam{namesize} bytes of
123 the name of the keytab identified by \funcname{id}.
124 If the name is shorter than \funcparam{namesize}, then \funcarg{name}
125 will be null-terminated.
127 \begin{funcdecl}{krb5_kt_close}{krb5_error_code}{\funcinout}
128 \funcarg{krb5_context}{context}
129 \funcarg{krb5_keytab}{id}
132 Closes the keytab identified by \funcparam{id} and invalidates
133 \funcparam{id}, and releases any other resources acquired during use of
136 Requires that \funcparam{id} identifies a keytab.
138 \begin{funcdecl}{krb5_kt_get_entry}{krb5_error_code}{\funcinout}
139 \funcarg{krb5_context}{context}
140 \funcarg{krb5_keytab}{id}
142 \funcarg{krb5_principal}{principal}
143 \funcarg{krb5_kvno}{vno}
144 \funcarg{krb5_keytype}{keytype}
146 \funcarg{krb5_keytab_entry *}{entry}
150 Searches the keytab identified by \funcparam{id} for an entry whose
151 principal matches \funcparam{principal}, whose keytype matches
152 \funcparam{keytype}, and
153 whose key version number matches \funcparam{vno}. If \funcparam{vno} is
154 zero, the first entry whose principal matches is returned.
157 Returns an error code if no suitable entry is found. If an entry is
158 found, the entry is returned in \funcparam{*entry}; its contents should
159 be deallocated by calling \funcname{krb5_kt_free_entry} when no longer
162 \begin{funcdecl}{krb5_kt_free_entry}{krb5_error_code}{\funcinout}
163 \funcarg{krb5_context}{context}
164 \funcarg{krb5_keytab_entry *}{entry}
167 Releases all storage allocated for \funcparam{entry}, which must point
168 to a structure previously filled in by \funcname{krb5_kt_get_entry} or
169 \funcname{krb5_kt_next_entry}.
171 \begin{funcdecl}{krb5_kt_start_seq_get}{krb5_error_code}{\funcinout}
172 \funcarg{krb5_context}{context}
173 \funcarg{krb5_keytab}{id}
175 \funcarg{krb5_kt_cursor *}{cursor}
178 Prepares to read sequentially every key in the keytab identified by
180 \funcparam{cursor} is filled in with a cursor to be used in calls to
181 \funcname{krb5_kt_next_entry}.
183 \begin{funcdecl}{krb5_kt_next_entry}{krb5_error_code}{\funcinout}
184 \funcarg{krb5_context}{context}
185 \funcarg{krb5_keytab}{id}
187 \funcarg{krb5_keytab_entry *}{entry}
189 \funcarg{krb5_kt_cursor *}{cursor}
192 Fetches the ``next'' entry in the keytab, returning it in
193 \funcparam{*entry}, and updates \funcparam{*cursor} for the next
194 request. If the keytab changes during the sequential get, an error is
195 guaranteed. \funcparam{*entry} should be freed after use by calling
196 \funcname{krb5_kt_free_entry}.
198 Requires that \funcparam{id} identifies a valid keytab. and
199 \funcparam{*cursor} be a cursor returned by
200 \funcname{krb5_kt_start_seq_get} or a subsequent call to
201 \funcname{krb5_kt_next_entry}.
203 Errors: error code if no more cache entries or if the keytab changes.
205 \begin{funcdecl}{krb5_kt_end_seq_get}{krb5_error_code}{\funcinout}
206 \funcarg{krb5_context}{context}
207 \funcarg{krb5_keytab}{id}
208 \funcarg{krb5_kt_cursor *}{cursor}
211 Finishes sequential processing mode and invalidates \funcparam{cursor},
212 which must never be re-used after this call.
214 Requires that \funcparam{id} identifies a valid keytab and
215 \funcparam{*cursor} be a cursor returned by
216 \funcname{krb5_kt_start_seq_get} or a subsequent call to
217 \funcname{krb5_kt_next_entry}.
219 May return error code if \funcparam{cursor} is invalid.