* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get a ccache iterator to enumerate ccaches in the cache collection.
*/
-kim_error_t kim_ccache_iterator_create (kim_ccache_iterator_t *out_ccache_iterator);
+kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator);
/*!
* \param in_ccache_iterator a ccache iterator object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the next ccache in the cache collection.
*/
-kim_error_t kim_ccache_iterator_next (kim_ccache_iterator_t in_ccache_iterator,
- kim_ccache_t *out_ccache);
+kim_error kim_ccache_iterator_next (kim_ccache_iterator in_ccache_iterator,
+ kim_ccache *out_ccache);
/*!
* \param io_ccache_iterator a ccache iterator object to be freed. Set to NULL on exit.
* \brief Free memory associated with a ccache iterator.
*/
-void kim_ccache_iterator_free (kim_ccache_iterator_t *io_ccache_iterator);
+void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator);
/*!@}*/
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Acquire a new initial credential and store it in a ccache.
*/
-kim_error_t kim_ccache_create_new (kim_ccache_t *out_ccache,
- kim_identity_t in_client_identity,
- kim_options_t in_options);
+kim_error kim_ccache_create_new (kim_ccache *out_ccache,
+ kim_identity in_client_identity,
+ kim_options in_options);
/*!
* \param out_ccache on exit, a ccache object for a ccache containing a newly acquired
* \brief Find a ccache containing a valid initial credential in the cache collection, or if
* unavailable, acquire and store a new initial credential.
*/
-kim_error_t kim_ccache_create_new_if_needed (kim_ccache_t *out_ccache,
- kim_identity_t in_client_identity,
- kim_options_t in_options);
+kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache,
+ kim_identity in_client_identity,
+ kim_options in_options);
/*!
* \param out_ccache on exit, a ccache object for a ccache containing a TGT
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Find a ccache for a client identity in the cache collection.
*/
-kim_error_t kim_ccache_create_from_client_identity (kim_ccache_t *out_ccache,
- kim_identity_t in_client_identity);
+kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache,
+ kim_identity in_client_identity);
/*!
* \param out_ccache on exit, a new ccache object containing an initial credential
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Acquire a new initial credential from a keytab and store it in a ccache.
*/
-kim_error_t kim_ccache_create_from_keytab (kim_ccache_t *out_ccache,
- kim_identity_t in_identity,
- kim_options_t in_options,
- kim_string_t in_keytab);
+kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache,
+ kim_identity in_identity,
+ kim_options in_options,
+ kim_string in_keytab);
/*!
* \param out_ccache on exit, a ccache object for the default ccache.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the default ccache.
*/
-kim_error_t kim_ccache_create_from_default (kim_ccache_t *out_ccache);
+kim_error kim_ccache_create_from_default (kim_ccache *out_ccache);
/*!
* \param out_ccache on exit, a ccache object for the ccache identified by
* KIM-aware and should be avoided whenever possible.
* \brief Get a ccache for a ccache type and name.
*/
-kim_error_t kim_ccache_create_from_type_and_name (kim_ccache_t *out_ccache,
- kim_string_t in_type,
- kim_string_t in_name);
+kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache,
+ kim_string in_type,
+ kim_string in_name);
/*!
* \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get a ccache for a krb5 ccache.
*/
-kim_error_t kim_ccache_create_from_krb5_ccache (kim_ccache_t *out_ccache,
+kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache,
krb5_context in_krb5_context,
krb5_ccache in_krb5_ccache);
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy a ccache.
*/
-kim_error_t kim_ccache_copy (kim_ccache_t *out_ccache,
- kim_ccache_t in_ccache);
+kim_error kim_ccache_copy (kim_ccache *out_ccache,
+ kim_ccache in_ccache);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get a krb5 ccache for a ccache.
*/
-kim_error_t kim_ccache_get_krb5_ccache (kim_ccache_t in_ccache,
+kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache,
krb5_context in_krb5_context,
krb5_ccache *out_krb5_ccache);
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the name of a ccache.
*/
-kim_error_t kim_ccache_get_name (kim_ccache_t in_ccache,
- kim_string_t *out_name);
+kim_error kim_ccache_get_name (kim_ccache in_ccache,
+ kim_string *out_name);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the type of a ccache.
*/
-kim_error_t kim_ccache_get_type (kim_ccache_t in_ccache,
- kim_string_t *out_type);
+kim_error kim_ccache_get_type (kim_ccache in_ccache,
+ kim_string *out_type);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the type and name for a ccache in display format.
*/
-kim_error_t kim_ccache_get_display_name (kim_ccache_t in_ccache,
- kim_string_t *out_display_name);
+kim_error kim_ccache_get_display_name (kim_ccache in_ccache,
+ kim_string *out_display_name);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the client identity for a ccache.
*/
-kim_error_t kim_ccache_get_client_identity (kim_ccache_t in_ccache,
- kim_identity_t *out_client_identity);
+kim_error kim_ccache_get_client_identity (kim_ccache in_ccache,
+ kim_identity *out_client_identity);
/*!
* \param in_ccache a ccache object.
* TGTs at all, it will return the first valid non-TGT credential. If you only want
* TGTs, use kim_credential_is_tgt() to verify that \a out_credential is a tgt.
*/
-kim_error_t kim_ccache_get_valid_credential (kim_ccache_t in_ccache,
- kim_credential_t *out_credential);
+kim_error kim_ccache_get_valid_credential (kim_ccache in_ccache,
+ kim_credential *out_credential);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the time when the credentials in the ccache become valid.
*/
-kim_error_t kim_ccache_get_start_time (kim_ccache_t in_ccache,
- kim_time_t *out_start_time);
+kim_error kim_ccache_get_start_time (kim_ccache in_ccache,
+ kim_time *out_start_time);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the time when the credentials in the ccache will expire.
*/
-kim_error_t kim_ccache_get_expiration_time (kim_ccache_t in_ccache,
- kim_time_t *out_expiration_time);
+kim_error kim_ccache_get_expiration_time (kim_ccache in_ccache,
+ kim_time *out_expiration_time);
/*!
* \param in_ccache a ccache object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the time when the credentials in the ccache will no longer be renewable.
*/
-kim_error_t kim_ccache_get_renewal_expiration_time (kim_ccache_t in_ccache,
- kim_time_t *out_renewal_expiration_time);
+kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache,
+ kim_time *out_renewal_expiration_time);
/*!
* \param io_ccache a ccache object which will be set to the default ccache.
* KIM-aware and should be avoided whenever possible.
* \brief Set a ccache to the default ccache.
*/
-kim_error_t kim_ccache_set_default (kim_ccache_t io_ccache);
+kim_error kim_ccache_set_default (kim_ccache io_ccache);
/*!
* \param in_ccache a ccache object containing the TGT credential to be verified.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Verify the TGT in a ccache.
*/
-kim_error_t kim_ccache_verify (kim_ccache_t in_ccache,
- kim_identity_t in_service_identity,
- kim_string_t in_keytab,
- kim_boolean_t in_fail_if_no_service_key);
+kim_error kim_ccache_verify (kim_ccache in_ccache,
+ kim_identity in_service_identity,
+ kim_string in_keytab,
+ kim_boolean in_fail_if_no_service_key);
/*!
* \param in_ccache a ccache object containing a TGT to be renewed.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Renew the TGT in a ccache.
*/
-kim_error_t kim_ccache_renew (kim_ccache_t in_ccache,
- kim_options_t in_options);
+kim_error kim_ccache_renew (kim_ccache in_ccache,
+ kim_options in_options);
/*!
* \param in_ccache a ccache object containing a TGT to be validated.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Validate the TGT in a ccache.
*/
-kim_error_t kim_ccache_validate (kim_ccache_t in_ccache,
- kim_options_t in_options);
+kim_error kim_ccache_validate (kim_ccache in_ccache,
+ kim_options in_options);
/*!
* \param io_ccache a ccache object to be destroyed. Set to NULL on exit.
* \note Frees memory associated with the ccache. Do not call kim_ccache_free()
* after calling this function.
*/
-kim_error_t kim_ccache_destroy (kim_ccache_t *io_ccache);
+kim_error kim_ccache_destroy (kim_ccache *io_ccache);
/*!
* \param io_ccache a ccache object to be freed. Set to NULL on exit.
* \brief Free memory associated with a ccache.
*/
-void kim_ccache_free (kim_ccache_t *io_ccache);
+void kim_ccache_free (kim_ccache *io_ccache);
/*!@}*/
#ifdef __cplusplus
extern "C" {
#endif
-
+
#include <kim/kim_types.h>
#include <krb5.h>
-/*!
- * \addtogroup kim_types_reference
- * @{
- */
+ /*!
+ * \addtogroup kim_types_reference
+ * @{
+ */
-/*!
- * Possible credential states. Credentials may be:
- * \li valid - The credential can be used.
- * \li expired - The credential's lifetime has been exceeded.
- * \li not_yet_valid - The credential is post dated and the time when
- * it becomes valid has not yet been reached.
- * \li needs_validation - The credential is post-dated and although
- * the time when it becomes valid has been reached
- * it has not yet been validated.
- * \li address_mismatch - The credential contains IP address(es) which do
- * not match the host's local address(es).
- */
-enum kim_credential_state_enum {
- kim_credentials_state_valid = 0,
- kim_credentials_state_expired = 1,
- kim_credentials_state_not_yet_valid = 2,
- kim_credentials_state_needs_validation = 3,
- kim_credentials_state_address_mismatch = 4
-};
-
-/*!
- * The state of a credential. See #kim_credential_state_enum for
- * possible values.
- */
-typedef int kim_credential_state_t;
+ /*!
+ * Possible credential states. Credentials may be:
+ * \li valid - The credential can be used.
+ * \li expired - The credential's lifetime has been exceeded.
+ * \li not_yet_valid - The credential is post dated and the time when
+ * it becomes valid has not yet been reached.
+ * \li needs_validation - The credential is post-dated and although
+ * the time when it becomes valid has been reached
+ * it has not yet been validated.
+ * \li address_mismatch - The credential contains IP address(es) which do
+ * not match the host's local address(es).
+ */
+ enum kim_credential_state_enum {
+ kim_credentials_state_valid = 0,
+ kim_credentials_state_expired = 1,
+ kim_credentials_state_not_yet_valid = 2,
+ kim_credentials_state_needs_validation = 3,
+ kim_credentials_state_address_mismatch = 4
+ };
+
+ /*!
+ * The state of a credential. See #kim_credential_state_enum for
+ * possible values.
+ */
+ typedef int kim_credential_state;
+
+ /*! @} */
+
+ /*!
+ * \page kim_credential_overview KIM Credential Overview
+ *
+ * \section kim_credential_introduction Introduction
+ *
+ * A Kerberos credential (also called a "Kerberos ticket") is a time-limited
+ * token issued by a KDC which authenticates the entity named by the credential's
+ * client identity to the service named by the credential's service identity.
+ *
+ * The kim_credential object contains a single Kerberos credential. KIM credentials
+ * objects are always copies of credentials, not references to credentials
+ * stored in the cache collection. Modifying credential objects in the ccache
+ * collection will not change any existing KIM credential objects.
+ *
+ * KIM credential APIs are intended for applications and system
+ * tools which manage credentials for the user. They are not a substitute for
+ * krb5 and GSSAPI functions which obtain service credentials for the purpose
+ * of authenticating a client to an application server.
+ *
+ * \note Many of the APIs listed below have equivalent functions which
+ * operate on ccaches. In most cases applications will want to use the
+ * ccache versions of these APIs since they automatically store any
+ * newly created credentials. See \ref kim_ccache_overview for more
+ * information.
+ *
+ *
+ * \section kim_credential_acquire_new Acquiring New Credentials
+ *
+ * KIM provides the #kim_credential_create_new() API for acquiring new
+ * credentials. Credentials can either be obtained for a specific
+ * client identity or by specifying #KIM_IDENTITY_ANY to allow
+ * the user to choose. Typically callers of this API obtain the client
+ * identity using #kim_selection_hints_get_identity(). Depending on the
+ * kim_options specified, #kim_credential_create_new() may present a
+ * GUI or command line prompt to obtain information from the user.
+ *
+ * KIM provides the #kim_credential_create_from_keytab() to create credentials
+ * using a keytab. A keytab is an on-disk copy of a client identity's secret
+ * key. Typically sites use keytabs for client identities that identify a
+ * machine or service and protect the keytab with disk permissions. Because
+ * a keytab is sufficient to obtain credentials, keytabs will normally only
+ * be readable by root, Administrator or some other privileged account.
+ * Typically applications use credentials obtained from keytabs to obtain
+ * credentials for batch processes. These keytabs and credentials are usually
+ * for a special identity used for the batch process rather than a user
+ * identity.
+ *
+ *
+ * \section kim_credential_validate Validating Credentials
+ *
+ * A credential with a start time in the future (ie: after the issue date)
+ * is called a post-dated credential. Because the KDC administrator may
+ * wish to disable a identity, once the start time is reached, all post-dated
+ * credentials must be validated before they can be used. Otherwise an
+ * attacker using a compromised account could acquire lots of post-dated
+ * credentials to circumvent the acccount being disabled.
+ *
+ * KIM provides the #kim_credential_validate() API to validate a credential.
+ * Note that this API replaces the credential object with a new validated
+ * credential object. If you wish to store the new credential in the
+ * ccache collection you must either call #kim_credential_store() on the
+ * validated credential or use #kim_ccache_validate() instead.
+ *
+ *
+ * \section kim_credential_renew Renewing Credentials
+ *
+ * A renewable credential can be used to obtain a new identical credential
+ * without resending secret information (such as a password) to the KDC.
+ * A credential may only be renewed during its renewal lifetime and while
+ * valid.
+ *
+ * KIM provides the #kim_credential_renew() API to renew a credential.
+ * Note that this API replaces the credential object with a new renewed
+ * credential object. If you wish to store the new credential in the
+ * ccache collection you must either call #kim_credential_store() on the
+ * renewed credential or use #kim_ccache_renew() instead.
+ *
+ *
+ * \section kim_credential_storing Storing Credentials in the Cache Collection
+ *
+ * KIM credential objects may be stored in the ccache collection using
+ * #kim_credential_store(). This function runs any KIM authentication
+ * plugins on the credential and if the plugins return successfully, creates a
+ * new ccache for the credential's client identity in the cache collection
+ * and stores the credential in that ccache. Any existing ccaches and credentials
+ * for that client identity will be overwritten. #kim_credential_store() may
+ * optionally return a kim_ccache object for the new ccache if you need to perform
+ * further operations on the new ccache.
+ *
+ * Most of the time if you plan to store the credentials you are manipulating, you
+ * should use one of KIM ccache APIs. These functions perform the same operations
+ * except that they also call #kim_credential_store() any time the credential object
+ * changes. See \ref kim_ccache_overview for more information.
+ *
+ *
+ * \section kim_credential_iterator Iterating over the Credentials in a CCache
+ *
+ * KIM provides a simple iterator API for iterating over the credentials
+ * in a ccache. First, call #kim_credential_iterator_create() to obtain
+ * an iterator for a ccache. Then loop calling #kim_credential_iterator_next()
+ * until either you find the credential you are looking for or the API
+ * returns a NULL credential, indicating that there are no more
+ * credentials in the ccache. When you are done with the iterator, call
+ * #kim_credential_iterator_free().
+ *
+ * \note #kim_credential_iterator_next() returns credential objects which
+ * must be freed with #kim_credential_free() to avoid leaking memory.
+ *
+ *
+ * \section kim_credential_verify Verifying Credentials
+ *
+ * When a program acquires TGT credentials for the purpose of authenticating
+ * itself to the machine it is running on, it is insufficient for the machine
+ * to assume that the caller is authorized just because it got credentials.
+ * Instead, the credentials must be verified using a key the local machine.
+ * The reason this is necessary is because an attacker can trick the
+ * machine into obtaining credentials from any KDC, including malicious ones
+ * with the same realm name as the local machine's realm. This exploit is
+ * called the Zanarotti attack.
+ *
+ * In order to avoid the Zanarotti attack, the local machine must authenticate
+ * the process in the same way an application server would authenticate a client.
+ * Like an application server, the local machine must have its own identity in
+ * its realm and a keytab for that identity on its local disk. However,
+ * rather than forcing system daemons to use the network-oriented calls in the
+ * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to
+ * verify credentials directly.
+ *
+ * The most common reason for using #kim_credential_verify() is user login.
+ * If the local machine wants to use Kerberos to verify the username and password
+ * provided by the user, it must call #kim_credential_verify() on the credentials
+ * it obtains to make sure they are really from a KDC it trusts. Another common
+ * case is a server which is only using Kerberos internally. For example an
+ * LDAP or web server might use a username and password obtained over the network
+ * to get Kerberos credentials. In order to make sure they aren't being tricked
+ * into talking to the wrong KDC, these servers must also call
+ * #kim_credential_verify().
+ *
+ * The Zanarotti attack is only a concern if the act of accessing the machine
+ * gives the process special access. Thus a managed cluster machine with
+ * Kerberos-authenticated networked home directories does not need to call
+ * #kim_credential_verify(). Even though an attacker can log in as any user on
+ * the cluster machine, the attacker can't actually access any of the user's data
+ * or use any of their privileges because those are all authenticated via
+ * Kerberized application servers (and thus require actually having credentials
+ * for the real local realm).
+ *
+ * #kim_credential_verify() provides an option to
+ * return success even if the machine's host key is not present. This option
+ * exists for sites which have a mix of different machines, some of which are
+ * vulnerable to the Zanarotti attack and some are not. If this option is used,
+ * it is the responsiblity of the machine's maintainer to obtain a keytab
+ * for their machine if it needs one.
+ *
+ *
+ * \section kim_credential_properties Examining Credential Properties
+ *
+ * \li #kim_credential_get_client_identity()
+ * returns the credential's client identity.
+ *
+ * \li #kim_credential_get_service_identity()
+ * returns the credential's service identity.
+ *
+ * \li #kim_credential_is_tgt()
+ * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are
+ * credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".
+ * These credentials allow the entity named by the client identity to obtain
+ * additional service credentials without resending shared secrets (such as a password)
+ * to the KDC. Kerberos uses TGTs to provide single sign-on authentication.
+ *
+ * \li #kim_credential_is_valid()
+ * returns whether the credential is valid and if not why the credential is not valid.
+ *
+ * \li #kim_credential_get_start_time()
+ * returns when the credential will become valid.
+ * Credentials may be "post-dated" which means that their lifetime starts sometime
+ * in the future. Note that when a post-dated credential's start time is reached,
+ * the credential must be validated. See \ref kim_credential_validate for more information.
+ *
+ * \li #kim_credential_get_expiration_time()
+ * returns when the credential will expire.
+ * Credentials are time limited by the lifetime of the credential. While you can
+ * request a credential of any lifetime, the KDC limits the credential lifetime
+ * to a administrator-defined maximum. Typically credential lifetime range from 10
+ * to 21 hours.
+ *
+ * \li #kim_credential_get_renewal_expiration_time()
+ * returns when the credential will no longer be renewable.
+ * Valid credentials may be renewed up until their renewal expiration time.
+ * Renewing credentials acquires a fresh set of credentials with a full lifetime
+ * without resending secrets to the KDC (such as a password). If credentials are
+ * not renewable, this function will return an error.
+ *
+ *
+ * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for
+ * information on specific APIs.
+ */
+
+ /*!
+ * \defgroup kim_credential_iterator_reference KIM Credential Iterator Reference Documentation
+ * @{
+ */
+
+ /*!
+ * \param out_credential_iterator on exit, a credential iterator object for \a in_ccache.
+ * Must be freed with kim_credential_iterator_free().
+ * \param in_ccache a ccache object.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get a credential iterator to enumerate credentials in a ccache.
+ */
+
+ kim_error kim_credential_iterator_create (kim_credential_iterator *out_credential_iterator,
+ kim_ccache in_ccache);
+
+ /*!
+ * \param in_credential_iterator a credential iterator object.
+ * \param out_credential on exit, the next credential in the ccache iterated by
+ * \a in_credential_iterator. Must be freed with
+ * kim_credential_free(). If there are no more credentials
+ * this argument will be set to NULL.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the next credential in a ccache.
+ */
+
+ kim_error kim_credential_iterator_next (kim_credential_iterator in_credential_iterator,
+ kim_credential *out_credential);
+
+ /*!
+ * \param io_credential_iterator a credential iterator object to be freed. Set to NULL on exit.
+ * \brief Free memory associated with a credential iterator.
+ */
+ void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterator);
+
+ /*!@}*/
+
+ /*!
+ * \defgroup kim_credential_reference KIM Credential Reference Documentation
+ * @{
+ */
+
+ /*!
+ * \param out_credential on exit, a new credential object containing a newly acquired
+ * initial credential. Must be freed with kim_credential_free().
+ * \param in_client_identity a client identity to obtain a credential for. Specify NULL to
+ * allow the user to choose the identity
+ * \param in_options options to control credential acquisition.
+ * \note Depending on the kim_options specified, #kim_credential_create_new() may
+ * present a GUI or command line prompt to obtain information from the user.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Acquire a new initial credential.
+ * \sa kim_ccache_create_new
+ */
+ kim_error kim_credential_create_new (kim_credential *out_credential,
+ kim_identity in_client_identity,
+ kim_options in_options);
+
+ /*!
+ * \param out_credential on exit, a new credential object containing an initial credential
+ * for \a in_identity obtained using \a in_keytab.
+ * Must be freed with kim_credential_free().
+ * \param in_identity a client identity to obtain a credential for. Specify NULL for
+ * the first identity in the keytab.
+ * \param in_options options to control credential acquisition.
+ * \param in_keytab a path to a keytab. Specify NULL for the default keytab location.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Acquire a new initial credential from a keytab.
+ * \sa kim_ccache_create_from_keytab
+ */
+ kim_error kim_credential_create_from_keytab (kim_credential *out_credential,
+ kim_identity in_identity,
+ kim_options in_options,
+ kim_string in_keytab);
+
+ /*!
+ * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds.
+ * Must be freed with kim_credential_free().
+ * \param in_krb5_context the krb5 context used to create \a in_krb5_creds.
+ * \param in_krb5_creds a krb5 credential object.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Copy a credential from a krb5 credential object.
+ */
+ kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential,
+ krb5_context in_krb5_context,
+ krb5_creds *in_krb5_creds);
+
+ /*!
+ * \param out_credential on exit, a new credential object which is a copy of \a in_credential.
+ * Must be freed with kim_credential_free().
+ * \param in_credential a credential object.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Copy a credential object.
+ */
+ kim_error kim_credential_copy (kim_credential *out_credential,
+ kim_credential in_credential);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds.
+ * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential.
+ * Must be freed with krb5_free_creds().
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get a krb5 credentials object for a credential object.
+ */
+ kim_error kim_credential_get_krb5_creds (kim_credential in_credential,
+ krb5_context in_krb5_context,
+ krb5_creds **out_krb5_creds);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_client_identity on exit, an identity object containing the client identity of
+ * \a in_credential. Must be freed with kim_identity_free().
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the client identity of a credential object.
+ */
+ kim_error kim_credential_get_client_identity (kim_credential in_credential,
+ kim_identity *out_client_identity);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_service_identity on exit, an identity object containing the service identity of
+ * \a in_credential. Must be freed with kim_identity_free().
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the service identity of a credential object.
+ */
+ kim_error kim_credential_get_service_identity (kim_credential in_credential,
+ kim_identity *out_service_identity);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_is_tgt on exit, whether or not the credential is a TGT.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Check if a credential is a ticket granting ticket.
+ */
+ kim_error kim_credential_is_tgt (kim_credential in_credential,
+ kim_boolean *out_is_tgt);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_state on exit, the state of the credential. See #kim_credential_state_enum
+ * for the possible values of \a out_state.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Check the state of a credential (valid, expired, postdated, etc).
+ */
+ kim_error kim_credential_get_state (kim_credential in_credential,
+ kim_credential_state *out_state);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_start_time on exit, the time when \a in_credential becomes valid.
+ * May be in the past or future.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the time when the credentials become valid.
+ * \sa kim_ccache_get_start_time
+ */
+ kim_error kim_credential_get_start_time (kim_credential in_credential,
+ kim_time *out_start_time);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_expiration_time on exit, the time when \a in_credential will expire.
+ * May be in the past or future.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the time when the credentials will expire.
+ * \sa kim_ccache_get_expiration_time
+ */
+ kim_error kim_credential_get_expiration_time (kim_credential in_credential,
+ kim_time *out_expiration_time);
+
+ /*!
+ * \param in_credential a credential object.
+ * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer
+ * be renewable. May be in the past or future.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Get the time when the credentials will no longer be renewable.
+ * \sa kim_ccache_get_renewal_expiration_time
+ */
+ kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credential,
+ kim_time *out_renewal_expiration_time);
+
+
+ /*!
+ * \param in_credential a credential object.
+ * \param in_client_identity a client identity.
+ * \param out_ccache on exit, a ccache object containing \a in_credential with the client
+ * identity \a in_client_identity. Must be freed with kim_ccache_free().
+ * Specify NULL if you don't want this return value.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Store a credential in a ccache in the cache collection.
+ */
+ kim_error kim_credential_store (kim_credential in_credential,
+ kim_identity in_client_identity,
+ kim_ccache *out_ccache);
+
+ /*!
+ * \param in_credential a TGT credential to be verified.
+ * \param in_service_identity a service identity to look for in the keytab. Specify
+ * KIM_IDENTITY_ANY to use the default service identity
+ * (usually host/<host's FQDN>@<host's local realm>).
+ * \param in_keytab a path to a keytab. Specify NULL for the default keytab location.
+ * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity
+ * in the host's keytab will cause a failure.
+ * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to
+ * the Zanarotti attack if the host has no keytab installed.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Verify a TGT credential.
+ * \sa kim_ccache_verify
+ */
+ kim_error kim_credential_verify (kim_credential in_credential,
+ kim_identity in_service_identity,
+ kim_string in_keytab,
+ kim_boolean in_fail_if_no_service_key);
+
+ /*!
+ * \param io_credential a TGT credential to be renewed. On exit, the old credential
+ * object will be freed and \a io_credential will be replaced
+ * with a new renewed credential. The new credential must be freed
+ * with kim_credential_free().
+ * \param in_options initial credential options.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Renew a TGT credential.
+ * \sa kim_ccache_renew
+ */
+ kim_error kim_credential_renew (kim_credential *io_credential,
+ kim_options in_options);
+
+ /*!
+ * \param io_credential a credential object to be validated. On exit, the old credential
+ * object will be freed and \a io_credential will be replaced
+ * with a new validated credential. The new credential must be freed
+ * with kim_credential_free().
+ * \param in_options initial credential options.
+ * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
+ * \brief Validate a TGT credential.
+ * \sa kim_ccache_validate
+ */
+ kim_error kim_credential_validate (kim_credential *io_credential,
+ kim_options in_options);
+
+ /*!
+ * \param io_credential the credential object to be freed. Set to NULL on exit.
+ * \brief Free memory associated with a credential object.
+ */
+ void kim_credential_free (kim_credential *io_credential);
+
+ /*!@}*/
-/*! @} */
-/*!
- * \page kim_credential_overview KIM Credential Overview
- *
- * \section kim_credential_introduction Introduction
- *
- * A Kerberos credential (also called a "Kerberos ticket") is a time-limited
- * token issued by a KDC which authenticates the entity named by the credential's
- * client identity to the service named by the credential's service identity.
- *
- * The kim_credential_t object contains a single Kerberos credential. KIM credentials
- * objects are always copies of credentials, not references to credentials
- * stored in the cache collection. Modifying credential objects in the ccache
- * collection will not change any existing KIM credential objects.
- *
- * KIM credential APIs are intended for applications and system
- * tools which manage credentials for the user. They are not a substitute for
- * krb5 and GSSAPI functions which obtain service credentials for the purpose
- * of authenticating a client to an application server.
- *
- * \note Many of the APIs listed below have equivalent functions which
- * operate on ccaches. In most cases applications will want to use the
- * ccache versions of these APIs since they automatically store any
- * newly created credentials. See \ref kim_ccache_overview for more
- * information.
- *
- *
- * \section kim_credential_acquire_new Acquiring New Credentials
- *
- * KIM provides the #kim_credential_create_new() API for acquiring new
- * credentials. Credentials can either be obtained for a specific
- * client identity or by specifying #KIM_IDENTITY_ANY to allow
- * the user to choose. Typically callers of this API obtain the client
- * identity using #kim_selection_hints_get_identity(). Depending on the
- * kim_options specified, #kim_credential_create_new() may present a
- * GUI or command line prompt to obtain information from the user.
- *
- * KIM provides the #kim_credential_create_from_keytab() to create credentials
- * using a keytab. A keytab is an on-disk copy of a client identity's secret
- * key. Typically sites use keytabs for client identities that identify a
- * machine or service and protect the keytab with disk permissions. Because
- * a keytab is sufficient to obtain credentials, keytabs will normally only
- * be readable by root, Administrator or some other privileged account.
- * Typically applications use credentials obtained from keytabs to obtain
- * credentials for batch processes. These keytabs and credentials are usually
- * for a special identity used for the batch process rather than a user
- * identity.
- *
- *
- * \section kim_credential_validate Validating Credentials
- *
- * A credential with a start time in the future (ie: after the issue date)
- * is called a post-dated credential. Because the KDC administrator may
- * wish to disable a identity, once the start time is reached, all post-dated
- * credentials must be validated before they can be used. Otherwise an
- * attacker using a compromised account could acquire lots of post-dated
- * credentials to circumvent the acccount being disabled.
- *
- * KIM provides the #kim_credential_validate() API to validate a credential.
- * Note that this API replaces the credential object with a new validated
- * credential object. If you wish to store the new credential in the
- * ccache collection you must either call #kim_credential_store() on the
- * validated credential or use #kim_ccache_validate() instead.
- *
- *
- * \section kim_credential_renew Renewing Credentials
- *
- * A renewable credential can be used to obtain a new identical credential
- * without resending secret information (such as a password) to the KDC.
- * A credential may only be renewed during its renewal lifetime and while
- * valid.
- *
- * KIM provides the #kim_credential_renew() API to renew a credential.
- * Note that this API replaces the credential object with a new renewed
- * credential object. If you wish to store the new credential in the
- * ccache collection you must either call #kim_credential_store() on the
- * renewed credential or use #kim_ccache_renew() instead.
- *
- *
- * \section kim_credential_storing Storing Credentials in the Cache Collection
- *
- * KIM credential objects may be stored in the ccache collection using
- * #kim_credential_store(). This function runs any KIM authentication
- * plugins on the credential and if the plugins return successfully, creates a
- * new ccache for the credential's client identity in the cache collection
- * and stores the credential in that ccache. Any existing ccaches and credentials
- * for that client identity will be overwritten. #kim_credential_store() may
- * optionally return a kim_ccache_t object for the new ccache if you need to perform
- * further operations on the new ccache.
- *
- * Most of the time if you plan to store the credentials you are manipulating, you
- * should use one of KIM ccache APIs. These functions perform the same operations
- * except that they also call #kim_credential_store() any time the credential object
- * changes. See \ref kim_ccache_overview for more information.
- *
- *
- * \section kim_credential_iterator_t Iterating over the Credentials in a CCache
- *
- * KIM provides a simple iterator API for iterating over the credentials
- * in a ccache. First, call #kim_credential_iterator_create() to obtain
- * an iterator for a ccache. Then loop calling #kim_credential_iterator_next()
- * until either you find the credential you are looking for or the API
- * returns a NULL credential, indicating that there are no more
- * credentials in the ccache. When you are done with the iterator, call
- * #kim_credential_iterator_free().
- *
- * \note #kim_credential_iterator_next() returns credential objects which
- * must be freed with #kim_credential_free() to avoid leaking memory.
- *
- *
- * \section kim_credential_verify Verifying Credentials
- *
- * When a program acquires TGT credentials for the purpose of authenticating
- * itself to the machine it is running on, it is insufficient for the machine
- * to assume that the caller is authorized just because it got credentials.
- * Instead, the credentials must be verified using a key the local machine.
- * The reason this is necessary is because an attacker can trick the
- * machine into obtaining credentials from any KDC, including malicious ones
- * with the same realm name as the local machine's realm. This exploit is
- * called the Zanarotti attack.
- *
- * In order to avoid the Zanarotti attack, the local machine must authenticate
- * the process in the same way an application server would authenticate a client.
- * Like an application server, the local machine must have its own identity in
- * its realm and a keytab for that identity on its local disk. However,
- * rather than forcing system daemons to use the network-oriented calls in the
- * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to
- * verify credentials directly.
- *
- * The most common reason for using #kim_credential_verify() is user login.
- * If the local machine wants to use Kerberos to verify the username and password
- * provided by the user, it must call #kim_credential_verify() on the credentials
- * it obtains to make sure they are really from a KDC it trusts. Another common
- * case is a server which is only using Kerberos internally. For example an
- * LDAP or web server might use a username and password obtained over the network
- * to get Kerberos credentials. In order to make sure they aren't being tricked
- * into talking to the wrong KDC, these servers must also call
- * #kim_credential_verify().
- *
- * The Zanarotti attack is only a concern if the act of accessing the machine
- * gives the process special access. Thus a managed cluster machine with
- * Kerberos-authenticated networked home directories does not need to call
- * #kim_credential_verify(). Even though an attacker can log in as any user on
- * the cluster machine, the attacker can't actually access any of the user's data
- * or use any of their privileges because those are all authenticated via
- * Kerberized application servers (and thus require actually having credentials
- * for the real local realm).
- *
- * #kim_credential_verify() provides an option to
- * return success even if the machine's host key is not present. This option
- * exists for sites which have a mix of different machines, some of which are
- * vulnerable to the Zanarotti attack and some are not. If this option is used,
- * it is the responsiblity of the machine's maintainer to obtain a keytab
- * for their machine if it needs one.
- *
- *
- * \section kim_credential_properties Examining Credential Properties
- *
- * \li #kim_credential_get_client_identity()
- * returns the credential's client identity.
- *
- * \li #kim_credential_get_service_identity()
- * returns the credential's service identity.
- *
- * \li #kim_credential_is_tgt()
- * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are
- * credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".
- * These credentials allow the entity named by the client identity to obtain
- * additional service credentials without resending shared secrets (such as a password)
- * to the KDC. Kerberos uses TGTs to provide single sign-on authentication.
- *
- * \li #kim_credential_is_valid()
- * returns whether the credential is valid and if not why the credential is not valid.
- *
- * \li #kim_credential_get_start_time()
- * returns when the credential will become valid.
- * Credentials may be "post-dated" which means that their lifetime starts sometime
- * in the future. Note that when a post-dated credential's start time is reached,
- * the credential must be validated. See \ref kim_credential_validate for more information.
- *
- * \li #kim_credential_get_expiration_time()
- * returns when the credential will expire.
- * Credentials are time limited by the lifetime of the credential. While you can
- * request a credential of any lifetime, the KDC limits the credential lifetime
- * to a administrator-defined maximum. Typically credential lifetime range from 10
- * to 21 hours.
- *
- * \li #kim_credential_get_renewal_expiration_time()
- * returns when the credential will no longer be renewable.
- * Valid credentials may be renewed up until their renewal expiration time.
- * Renewing credentials acquires a fresh set of credentials with a full lifetime
- * without resending secrets to the KDC (such as a password). If credentials are
- * not renewable, this function will return an error.
- *
- *
- * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for
- * information on specific APIs.
- */
-
-/*!
- * \defgroup kim_credential_iterator_reference KIM Credential Iterator Reference Documentation
- * @{
- */
-
-/*!
- * \param out_credential_iterator on exit, a credential iterator object for \a in_ccache.
- * Must be freed with kim_credential_iterator_free().
- * \param in_ccache a ccache object.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get a credential iterator to enumerate credentials in a ccache.
- */
-
-kim_error_t kim_credential_iterator_create (kim_credential_iterator_t *out_credential_iterator,
- kim_ccache_t in_ccache);
-
-/*!
- * \param in_credential_iterator a credential iterator object.
- * \param out_credential on exit, the next credential in the ccache iterated by
- * \a in_credential_iterator. Must be freed with
- * kim_credential_free(). If there are no more credentials
- * this argument will be set to NULL.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the next credential in a ccache.
- */
-
-kim_error_t kim_credential_iterator_next (kim_credential_iterator_t in_credential_iterator,
- kim_credential_t *out_credential);
-
-/*!
- * \param io_credential_iterator a credential iterator object to be freed. Set to NULL on exit.
- * \brief Free memory associated with a credential iterator.
- */
-void kim_credential_iterator_free (kim_credential_iterator_t *io_credential_iterator);
-
-/*!@}*/
-
-/*!
- * \defgroup kim_credential_reference KIM Credential Reference Documentation
- * @{
- */
-
-/*!
- * \param out_credential on exit, a new credential object containing a newly acquired
- * initial credential. Must be freed with kim_credential_free().
- * \param in_client_identity a client identity to obtain a credential for. Specify NULL to
- * allow the user to choose the identity
- * \param in_options options to control credential acquisition.
- * \note Depending on the kim_options specified, #kim_credential_create_new() may
- * present a GUI or command line prompt to obtain information from the user.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Acquire a new initial credential.
- * \sa kim_ccache_create_new
- */
-kim_error_t kim_credential_create_new (kim_credential_t *out_credential,
- kim_identity_t in_client_identity,
- kim_options_t in_options);
-
-/*!
- * \param out_credential on exit, a new credential object containing an initial credential
- * for \a in_identity obtained using \a in_keytab.
- * Must be freed with kim_credential_free().
- * \param in_identity a client identity to obtain a credential for. Specify NULL for
- * the first identity in the keytab.
- * \param in_options options to control credential acquisition.
- * \param in_keytab a path to a keytab. Specify NULL for the default keytab location.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Acquire a new initial credential from a keytab.
- * \sa kim_ccache_create_from_keytab
- */
-kim_error_t kim_credential_create_from_keytab (kim_credential_t *out_credential,
- kim_identity_t in_identity,
- kim_options_t in_options,
- kim_string_t in_keytab);
-
-/*!
- * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds.
- * Must be freed with kim_credential_free().
- * \param in_krb5_context the krb5 context used to create \a in_krb5_creds.
- * \param in_krb5_creds a krb5 credential object.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Copy a credential from a krb5 credential object.
- */
-kim_error_t kim_credential_create_from_krb5_creds (kim_credential_t *out_credential,
- krb5_context in_krb5_context,
- krb5_creds *in_krb5_creds);
-
-/*!
- * \param out_credential on exit, a new credential object which is a copy of \a in_credential.
- * Must be freed with kim_credential_free().
- * \param in_credential a credential object.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Copy a credential object.
- */
-kim_error_t kim_credential_copy (kim_credential_t *out_credential,
- kim_credential_t in_credential);
-
-/*!
- * \param in_credential a credential object.
- * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds.
- * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential.
- * Must be freed with krb5_free_creds().
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get a krb5 credentials object for a credential object.
- */
-kim_error_t kim_credential_get_krb5_creds (kim_credential_t in_credential,
- krb5_context in_krb5_context,
- krb5_creds **out_krb5_creds);
-
-/*!
- * \param in_credential a credential object.
- * \param out_client_identity on exit, an identity object containing the client identity of
- * \a in_credential. Must be freed with kim_identity_free().
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the client identity of a credential object.
- */
-kim_error_t kim_credential_get_client_identity (kim_credential_t in_credential,
- kim_identity_t *out_client_identity);
-
-/*!
- * \param in_credential a credential object.
- * \param out_service_identity on exit, an identity object containing the service identity of
- * \a in_credential. Must be freed with kim_identity_free().
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the service identity of a credential object.
- */
-kim_error_t kim_credential_get_service_identity (kim_credential_t in_credential,
- kim_identity_t *out_service_identity);
-
-/*!
- * \param in_credential a credential object.
- * \param out_is_tgt on exit, whether or not the credential is a TGT.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Check if a credential is a ticket granting ticket.
- */
-kim_error_t kim_credential_is_tgt (kim_credential_t in_credential,
- kim_boolean_t *out_is_tgt);
-
-/*!
- * \param in_credential a credential object.
- * \param out_state on exit, the state of the credential. See #kim_credential_state_enum
- * for the possible values of \a out_state.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Check the state of a credential (valid, expired, postdated, etc).
- */
-kim_error_t kim_credential_get_state (kim_credential_t in_credential,
- kim_credential_state_t *out_state);
-
-/*!
- * \param in_credential a credential object.
- * \param out_start_time on exit, the time when \a in_credential becomes valid.
- * May be in the past or future.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the time when the credentials become valid.
- * \sa kim_ccache_get_start_time
- */
-kim_error_t kim_credential_get_start_time (kim_credential_t in_credential,
- kim_time_t *out_start_time);
-
-/*!
- * \param in_credential a credential object.
- * \param out_expiration_time on exit, the time when \a in_credential will expire.
- * May be in the past or future.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the time when the credentials will expire.
- * \sa kim_ccache_get_expiration_time
- */
-kim_error_t kim_credential_get_expiration_time (kim_credential_t in_credential,
- kim_time_t *out_expiration_time);
-
-/*!
- * \param in_credential a credential object.
- * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer
- * be renewable. May be in the past or future.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Get the time when the credentials will no longer be renewable.
- * \sa kim_ccache_get_renewal_expiration_time
- */
-kim_error_t kim_credential_get_renewal_expiration_time (kim_credential_t in_credential,
- kim_time_t *out_renewal_expiration_time);
-
-
-/*!
- * \param in_credential a credential object.
- * \param in_client_identity a client identity.
- * \param out_ccache on exit, a ccache object containing \a in_credential with the client
- * identity \a in_client_identity. Must be freed with kim_ccache_free().
- * Specify NULL if you don't want this return value.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Store a credential in a ccache in the cache collection.
- */
-kim_error_t kim_credential_store (kim_credential_t in_credential,
- kim_identity_t in_client_identity,
- kim_ccache_t *out_ccache);
-
-/*!
- * \param in_credential a TGT credential to be verified.
- * \param in_service_identity a service identity to look for in the keytab. Specify
- * KIM_IDENTITY_ANY to use the default service identity
- * (usually host/<host's FQDN>@<host's local realm>).
- * \param in_keytab a path to a keytab. Specify NULL for the default keytab location.
- * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity
- * in the host's keytab will cause a failure.
- * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to
- * the Zanarotti attack if the host has no keytab installed.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Verify a TGT credential.
- * \sa kim_ccache_verify
- */
-kim_error_t kim_credential_verify (kim_credential_t in_credential,
- kim_identity_t in_service_identity,
- kim_string_t in_keytab,
- kim_boolean_t in_fail_if_no_service_key);
-
-/*!
- * \param io_credential a TGT credential to be renewed. On exit, the old credential
- * object will be freed and \a io_credential will be replaced
- * with a new renewed credential. The new credential must be freed
- * with kim_credential_free().
- * \param in_options initial credential options.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Renew a TGT credential.
- * \sa kim_ccache_renew
- */
-kim_error_t kim_credential_renew (kim_credential_t *io_credential,
- kim_options_t in_options);
-
-/*!
- * \param io_credential a credential object to be validated. On exit, the old credential
- * object will be freed and \a io_credential will be replaced
- * with a new validated credential. The new credential must be freed
- * with kim_credential_free().
- * \param in_options initial credential options.
- * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
- * \brief Validate a TGT credential.
- * \sa kim_ccache_validate
- */
-kim_error_t kim_credential_validate (kim_credential_t *io_credential,
- kim_options_t in_options);
-
-/*!
- * \param io_credential the credential object to be freed. Set to NULL on exit.
- * \brief Free memory associated with a credential object.
- */
-void kim_credential_free (kim_credential_t *io_credential);
-
-/*!@}*/
-
-
#ifdef __cplusplus
}
#endif
* The kim_error_t returned when no error occurred.
* Does not need to be freed with kim_error_free().
*/
-#define KIM_NO_ERROR ((kim_error_t) NULL)
+#define KIM_NO_ERROR ((kim_error) NULL)
/*!
* \ingroup kim_types_reference
* The kim_error_code_t for KIM_NO_ERROR.
*/
-#define KIM_NO_ERROR_ECODE ((kim_error_code_t) 0)
+#define KIM_NO_ERROR_ECODE ((kim_error_code) 0)
/*!
* \page kim_error_overview KIM Error Overview
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy an error.
*/
-kim_error_t kim_error_copy (kim_error_t *out_error,
- kim_error_t in_error);
+kim_error kim_error_copy (kim_error *out_error,
+ kim_error in_error);
/*!
* \param in_error an error object.
* by \a in_error. On failure, #KIM_PARAMETER_ECODE.
* \brief Get a numerical error code for an error.
*/
-kim_error_code_t kim_error_get_code (kim_error_t in_error);
+kim_error_code kim_error_get_code (kim_error in_error);
/*!
* \param in_error an error object.
* invalid.
* \brief Get a text description of an error.
*/
-kim_string_t kim_error_get_display_string (kim_error_t in_error);
+kim_string kim_error_get_display_string (kim_error in_error);
/*!
* \param io_error the error object to be freed. Set to NULL on exit.
* \brief Free memory associated with an error.
*/
-void kim_error_free (kim_error_t *io_error);
+void kim_error_free (kim_error *io_error);
/*!@}*/
* \ingroup kim_types_reference
* Constant to specify any Kerberos identity is acceptable.
*/
-#define KIM_IDENTITY_ANY ((kim_identity_t) NULL)
+#define KIM_IDENTITY_ANY ((kim_identity) NULL)
/*!
* \page kim_identity_overview KIM Identity Overview
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create a identity from a string.
*/
-kim_error_t kim_identity_create_from_string (kim_identity_t *out_identity,
- kim_string_t in_string);
+kim_error kim_identity_create_from_string (kim_identity *out_identity,
+ kim_string in_string);
/*!
* \param out_identity on exit, a new identity object. Must be freed with kim_identity_free().
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create a identity from a realm and component strings.
*/
-kim_error_t kim_identity_create_from_components (kim_identity_t *out_identity,
- kim_string_t in_realm,
- kim_string_t in_1st_component,
+kim_error kim_identity_create_from_components (kim_identity *out_identity,
+ kim_string in_realm,
+ kim_string in_1st_component,
...);
/*!
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create an identity object from a krb5_principal.
*/
-kim_error_t kim_identity_create_from_krb5_principal (kim_identity_t *out_identity,
+kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity,
krb5_context in_krb5_context,
krb5_principal in_krb5_principal);
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy an identity object.
*/
-kim_error_t kim_identity_copy (kim_identity_t *out_identity,
- kim_identity_t in_identity);
+kim_error kim_identity_copy (kim_identity *out_identity,
+ kim_identity in_identity);
/*!
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Compare identity objects for equivalency.
*/
-kim_error_t kim_identity_compare (kim_identity_t in_identity,
- kim_identity_t in_compare_to_identity,
- kim_comparison_t *out_comparison);
+kim_error kim_identity_compare (kim_identity in_identity,
+ kim_identity in_compare_to_identity,
+ kim_comparison *out_comparison);
/*!
* \param in_identity an identity object.
* \param out_string on exit, a string representation of \a in_identity.
* \brief Get the string representation of a identity.
* \note Special characters such as '@' and '/' will be escaped with '\'.
*/
-kim_error_t kim_identity_get_string (kim_identity_t in_identity,
- kim_string_t *out_string);
+kim_error kim_identity_get_string (kim_identity in_identity,
+ kim_string *out_string);
/*!
* because it does not uniquely specify a principal.
* The result of this function should \em only be used to display to the user.
*/
-kim_error_t kim_identity_get_display_string (kim_identity_t in_identity,
- kim_string_t *out_display_string);
+kim_error kim_identity_get_display_string (kim_identity in_identity,
+ kim_string *out_display_string);
/*!
* \param in_identity an identity object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the realm string of an identity.
*/
-kim_error_t kim_identity_get_realm (kim_identity_t in_identity,
- kim_string_t *out_realm_string);
+kim_error kim_identity_get_realm (kim_identity in_identity,
+ kim_string *out_realm_string);
/*!
* \param in_identity an identity object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the number of components of an identity.
*/
-kim_error_t kim_identity_get_number_of_components (kim_identity_t in_identity,
- kim_count_t *out_number_of_components);
+kim_error kim_identity_get_number_of_components (kim_identity in_identity,
+ kim_count *out_number_of_components);
/*!
* \param in_identity an identity object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the Nth component of an identity.
*/
-kim_error_t kim_identity_get_component_at_index (kim_identity_t in_identity,
- kim_count_t in_index,
- kim_string_t *out_component_string);
+kim_error kim_identity_get_component_at_index (kim_identity in_identity,
+ kim_count in_index,
+ kim_string *out_component_string);
/*!
* \param in_identity an identity object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the krb5_principal representation of an identity.
*/
-kim_error_t kim_identity_get_krb5_principal (kim_identity_t in_identity,
+kim_error kim_identity_get_krb5_principal (kim_identity in_identity,
krb5_context in_krb5_context,
krb5_principal *out_krb5_principal);
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the gss_name_t representation of an identity.
*/
-kim_error_t kim_identity_get_gss_name (kim_identity_t in_identity,
+kim_error kim_identity_get_gss_name (kim_identity in_identity,
gss_name_t *out_gss_name);
/*!
* the password. It uses the \a in_options structure to obtain information about the desired
* prompter and current password.
*/
-kim_error_t kim_identity_change_password (kim_identity_t in_identity,
- kim_options_t in_options);
+kim_error kim_identity_change_password (kim_identity in_identity,
+ kim_options in_options);
/*!
* \param in_identity an identity object whose password will be changed.
* to change the password. It uses the \a in_options structure to obtain information about
* the desired prompter and current password.
*/
-kim_error_t kim_identity_change_password_to_password (kim_identity_t in_identity,
- kim_options_t in_options,
- kim_string_t in_new_password);
+kim_error kim_identity_change_password_to_password (kim_identity in_identity,
+ kim_options in_options,
+ kim_string in_new_password);
/*!
* \param io_identity the identity object to be freed. Set to NULL on exit.
* \brief Free memory associated with an identity.
*/
-void kim_identity_free (kim_identity_t *io_identity);
+void kim_identity_free (kim_identity *io_identity);
/*!@}*/
/*!
* Specifies the user's default options.
*/
-#define KIM_OPTIONS_DEFAULT ((kim_options_t) NULL)
+#define KIM_OPTIONS_DEFAULT ((kim_options) NULL)
/*!
* Specifies that credentials should be valid immediately.
* The prompt callback used to display a prompt to the user.
* See \ref kim_options_custom_prompt_callback for more information.
*/
-typedef kim_error_code_t (*kim_prompt_callback_t) (kim_options_t *io_options,
+typedef kim_error_code (*kim_prompt_callback_t) (kim_options *io_options,
kim_prompt_type_t in_type,
- kim_string_t in_title,
- kim_string_t in_message,
- kim_string_t in_description,
+ kim_string in_title,
+ kim_string in_message,
+ kim_string in_description,
void **out_reply);
/*!
* The default prompt callback.
* See \ref kim_options_custom_prompt_callback for more information.
*/
-kim_error_code_t kim_prompt_callback_default (kim_options_t *io_options,
+kim_error_code kim_prompt_callback_default (kim_options *io_options,
kim_prompt_type_t in_type,
- kim_string_t in_title,
- kim_string_t in_message,
- kim_string_t in_description,
+ kim_string in_title,
+ kim_string in_message,
+ kim_string in_description,
void **out_reply);
/*!
* The graphical prompt callback.
* See \ref kim_options_custom_prompt_callback for more information.
*/
-kim_error_code_t kim_prompt_callback_gui (kim_options_t *io_options,
+kim_error_code kim_prompt_callback_gui (kim_options *io_options,
kim_prompt_type_t in_type,
- kim_string_t in_title,
- kim_string_t in_message,
- kim_string_t in_description,
+ kim_string in_title,
+ kim_string in_message,
+ kim_string in_description,
void **out_reply);
/*!
* The command line prompt callback.
* See \ref kim_options_custom_prompt_callback for more information.
*/
-kim_error_code_t kim_prompt_callback_cli (kim_options_t *io_options,
+kim_error_code kim_prompt_callback_cli (kim_options *io_options,
kim_prompt_type_t in_type,
- kim_string_t in_title,
- kim_string_t in_message,
- kim_string_t in_description,
+ kim_string in_title,
+ kim_string in_message,
+ kim_string in_description,
void **out_reply);
/*!
* \note Using this callback may prevent the user from authenicating.
* See \ref kim_options_custom_prompt_callback for more information.
*/
-kim_error_code_t kim_prompt_callback_none (kim_options_t *io_options,
+kim_error_code kim_prompt_callback_none (kim_options *io_options,
kim_prompt_type_t in_type,
- kim_string_t in_title,
- kim_string_t in_message,
- kim_string_t in_description,
+ kim_string in_title,
+ kim_string in_message,
+ kim_string in_description,
void **out_reply);
/*! @} */
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create new options with default values.
*/
-kim_error_t kim_options_create (kim_options_t *out_options);
+kim_error kim_options_create (kim_options *out_options);
/*!
* \param out_options on exit, a new options object which is a copy of \a in_options.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy options.
*/
-kim_error_t kim_options_copy (kim_options_t *out_options,
- kim_options_t in_options);
+kim_error kim_options_copy (kim_options *out_options,
+ kim_options in_options);
/*!
* \param io_options an options object to modify.
* #kim_prompt_callback_default
* \sa kim_options_get_prompt_callback()
*/
-kim_error_t kim_options_set_prompt_callback (kim_options_t io_options,
+kim_error kim_options_set_prompt_callback (kim_options io_options,
kim_prompt_callback_t in_prompt_callback);
/*!
* #kim_prompt_callback_default
* \sa kim_options_set_prompt_callback()
*/
-kim_error_t kim_options_get_prompt_callback (kim_options_t in_options,
+kim_error kim_options_get_prompt_callback (kim_options in_options,
kim_prompt_callback_t *out_prompt_callback);
/*!
* NULL (no data is set by default)
* \sa kim_options_get_data()
*/
-kim_error_t kim_options_set_data (kim_options_t io_options,
+kim_error kim_options_set_data (kim_options io_options,
const void *in_data);
/*!
* NULL (no data is set by default)
* \sa kim_options_set_data()
*/
-kim_error_t kim_options_get_data (kim_options_t in_options,
+kim_error kim_options_get_data (kim_options in_options,
const void **out_data);
/*!
* NULL (no response is set by default)
* \sa kim_options_get_prompt_response()
*/
-kim_error_t kim_options_set_prompt_response (kim_options_t io_options,
+kim_error kim_options_set_prompt_response (kim_options io_options,
kim_prompt_type_t in_prompt_type,
void *in_response);
* NULL (no response is set by default)
* \sa kim_options_set_prompt_response()
*/
-kim_error_t kim_options_get_prompt_response (kim_options_t in_options,
+kim_error kim_options_get_prompt_response (kim_options in_options,
kim_prompt_type_t in_prompt_type,
void **out_response);
* 0, indicating "now". The credential will be valid immediately.
* \sa kim_options_get_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate()
*/
-kim_error_t kim_options_set_start_time (kim_options_t io_options,
- kim_time_t in_start_time);
+kim_error kim_options_set_start_time (kim_options io_options,
+ kim_time in_start_time);
/*!
* \param in_options an options object.
* 0, indicating "now". The credential will be valid immediately.
* \sa kim_options_set_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate()
*/
-kim_error_t kim_options_get_start_time (kim_options_t in_options,
- kim_time_t *out_start_time);
+kim_error kim_options_get_start_time (kim_options in_options,
+ kim_time *out_start_time);
/*!
* \param io_options an options object to modify.
* \par Default value
* Read from the user's preferences and the Kerberos configuration. 10 hours if unspecified.
*/
-kim_error_t kim_options_set_lifetime (kim_options_t io_options,
- kim_lifetime_t in_lifetime);
+kim_error kim_options_set_lifetime (kim_options io_options,
+ kim_lifetime in_lifetime);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. 10 hours if unspecified.
* \sa kim_options_set_lifetime()
*/
-kim_error_t kim_options_get_lifetime (kim_options_t in_options,
- kim_lifetime_t *out_lifetime);
+kim_error kim_options_get_lifetime (kim_options in_options,
+ kim_lifetime *out_lifetime);
/*!
* \param io_options an options object to modify.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_get_renewable()
*/
-kim_error_t kim_options_set_renewable (kim_options_t io_options,
- kim_boolean_t in_renewable);
+kim_error kim_options_set_renewable (kim_options io_options,
+ kim_boolean in_renewable);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_set_renewable()
*/
-kim_error_t kim_options_get_renewable (kim_options_t in_options,
- kim_boolean_t *out_renewable);
+kim_error kim_options_get_renewable (kim_options in_options,
+ kim_boolean *out_renewable);
/*!
* \param io_options an options object to modify.
* Read from the user's preferences and the Kerberos configuration. 7 days if unspecified.
* \sa kim_options_get_renewal_lifetime(), kim_identity_renew(), kim_credential_renew(), kim_ccache_renew()
*/
-kim_error_t kim_options_set_renewal_lifetime (kim_options_t io_options,
- kim_lifetime_t in_renewal_lifetime);
+kim_error kim_options_set_renewal_lifetime (kim_options io_options,
+ kim_lifetime in_renewal_lifetime);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. 7 days if unspecified.
* \sa kim_options_set_renewal_lifetime(), kim_identity_renew(), kim_credential_renew(), kim_ccache_renew()
*/
-kim_error_t kim_options_get_renewal_lifetime (kim_options_t in_options,
- kim_lifetime_t *out_renewal_lifetime);
+kim_error kim_options_get_renewal_lifetime (kim_options in_options,
+ kim_lifetime *out_renewal_lifetime);
/*!
* \param io_options an options object to modify.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_get_forwardable()
*/
-kim_error_t kim_options_set_forwardable (kim_options_t io_options,
- kim_boolean_t in_forwardable);
+kim_error kim_options_set_forwardable (kim_options io_options,
+ kim_boolean in_forwardable);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_set_forwardable()
*/
-kim_error_t kim_options_get_forwardable (kim_options_t in_options,
- kim_boolean_t *out_forwardable);
+kim_error kim_options_get_forwardable (kim_options in_options,
+ kim_boolean *out_forwardable);
/*!
* \param io_options an options object to modify.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_get_proxiable()
*/
-kim_error_t kim_options_set_proxiable (kim_options_t io_options,
- kim_boolean_t in_proxiable);
+kim_error kim_options_set_proxiable (kim_options io_options,
+ kim_boolean in_proxiable);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_set_proxiable()
*/
-kim_error_t kim_options_get_proxiable (kim_options_t in_options,
- kim_boolean_t *out_proxiable);
+kim_error kim_options_get_proxiable (kim_options in_options,
+ kim_boolean *out_proxiable);
/*!
* \param io_options an options object to modify.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_get_addressless()
*/
-kim_error_t kim_options_set_addressless (kim_options_t io_options,
- kim_boolean_t in_addressless);
+kim_error kim_options_set_addressless (kim_options io_options,
+ kim_boolean in_addressless);
/*!
* \param in_options an options object.
* Read from the user's preferences and the Kerberos configuration. TRUE if unspecified.
* \sa kim_options_set_addressless()
*/
-kim_error_t kim_options_get_addressless (kim_options_t in_options,
- kim_boolean_t *out_addressless);
+kim_error kim_options_get_addressless (kim_options in_options,
+ kim_boolean *out_addressless);
/*!
* \param io_options an options object to modify.
* NULL, indicating "krbtgt@<REALM>", the ticket granting ticket (TGT) service.
* \sa kim_options_get_service_name()
*/
-kim_error_t kim_options_set_service_name (kim_options_t io_options,
- kim_string_t in_service_name);
+kim_error kim_options_set_service_name (kim_options io_options,
+ kim_string in_service_name);
/*!
* \param in_options an options object.
* NULL, indicating "krbtgt@<REALM>", the ticket granting ticket (TGT) service.
* \sa kim_options_set_service_name()
*/
-kim_error_t kim_options_get_service_name (kim_options_t in_options,
- kim_string_t *out_service_name);
+kim_error kim_options_get_service_name (kim_options in_options,
+ kim_string *out_service_name);
/*!
* \param io_options the options object to be freed. Set to NULL on exit.
* \brief Free memory associated with an options object.
*/
-void kim_options_free (kim_options_t *io_options);
+void kim_options_free (kim_options *io_options);
/*!@}*/
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create a new favorite identities list.
*/
-kim_error_t kim_favorite_identities_create (kim_favorite_identities_t *out_favorite_identities);
+kim_error kim_favorite_identities_create (kim_favorite_identities *out_favorite_identities);
/*!
* \param out_favorite_identities on exit, a new favorite identities object which is
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy a favorite identities list.
*/
-kim_error_t kim_favorite_identities_copy (kim_favorite_identities_t *out_favorite_identities,
- kim_favorite_identities_t in_favorite_identities);
+kim_error kim_favorite_identities_copy (kim_favorite_identities *out_favorite_identities,
+ kim_favorite_identities in_favorite_identities);
/*!
* \param in_favorite_identities a favorite identities object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the number of identities in a favorite identities list.
*/
-kim_error_t kim_favorite_identities_get_number_of_identities (kim_favorite_identities_t in_favorite_identities,
- kim_count_t *out_number_of_identities);
+kim_error kim_favorite_identities_get_number_of_identities (kim_favorite_identities in_favorite_identities,
+ kim_count *out_number_of_identities);
/*!
* \param in_favorite_identities a favorite identities object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Get the Nth identity in a favorite identities list.
*/
-kim_error_t kim_favorite_identities_get_identity_at_index (kim_favorite_identities_t in_favorite_identities,
- kim_count_t in_index,
- kim_identity_t *out_identity);
+kim_error kim_favorite_identities_get_identity_at_index (kim_favorite_identities in_favorite_identities,
+ kim_count in_index,
+ kim_identity *out_identity);
/*!
* \param io_favorite_identities a favorite identities object.
* \param in_identity an identity string to add to \a in_favorite_identities.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Add an identity to a favorite identities list.
*/
-kim_error_t kim_favorite_identities_add_identity (kim_favorite_identities_t io_favorite_identities,
- kim_identity_t in_identity);
+kim_error kim_favorite_identities_add_identity (kim_favorite_identities io_favorite_identities,
+ kim_identity in_identity);
/*!
* \param io_favorite_identities a favorite identities object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Remove an identity from a identities list.
*/
-kim_error_t kim_favorite_identities_remove_identity (kim_favorite_identities_t io_favorite_identities,
- kim_identity_t in_identity);
+kim_error kim_favorite_identities_remove_identity (kim_favorite_identities io_favorite_identities,
+ kim_identity in_identity);
/*!
* \param io_favorite_identities a favorite identities object.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Empty a favorite identities list.
*/
-kim_error_t kim_favorite_identities_remove_all_identities (kim_favorite_identities_t io_favorite_identities);
+kim_error kim_favorite_identities_remove_all_identities (kim_favorite_identities io_favorite_identities);
/*!
* \param io_favorite_identities the favorite identities object to be freed. Set to NULL on exit.
* \brief Free memory associated with an identities list.
*/
-void kim_favorite_identities_free (kim_favorite_identities_t *io_favorite_identities);
+void kim_favorite_identities_free (kim_favorite_identities *io_favorite_identities);
/*!@}*/
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create a new preferences object from the current user's preferences.
*/
-kim_error_t kim_preferences_create (kim_preferences_t *out_preferences);
+kim_error kim_preferences_create (kim_preferences *out_preferences);
/*!
* \param out_preferences on exit, a new preferences object which is a copy of in_preferences.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy a preferences object.
*/
-kim_error_t kim_preferences_copy (kim_preferences_t *out_preferences,
- kim_preferences_t in_preferences);
+kim_error kim_preferences_copy (kim_preferences *out_preferences,
+ kim_preferences in_preferences);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the user's preferred options.
* \sa kim_preferences_get_options()
*/
-kim_error_t kim_preferences_set_options (kim_preferences_t io_preferences,
- kim_options_t in_options);
+kim_error kim_preferences_set_options (kim_preferences io_preferences,
+ kim_options in_options);
/*!
* \param in_preferences a preferences object.
* \brief Get the user's preferred options.
* \sa kim_preferences_set_options()
*/
-kim_error_t kim_preferences_get_options (kim_preferences_t in_preferences,
- kim_options_t *out_options);
+kim_error kim_preferences_get_options (kim_preferences in_preferences,
+ kim_options *out_options);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set whether or not to remember the last options the user used to acquire a credential.
* \sa kim_preferences_get_remember_options()
*/
-kim_error_t kim_preferences_set_remember_options (kim_preferences_t io_preferences,
- kim_boolean_t in_remember_options);
+kim_error kim_preferences_set_remember_options (kim_preferences io_preferences,
+ kim_boolean in_remember_options);
/*!
* \param in_preferences a preferences object.
* \brief Get whether or not to remember the last options the user used to acquire a credential.
* \sa kim_preferences_set_remember_options()
*/
-kim_error_t kim_preferences_get_remember_options (kim_preferences_t in_preferences,
- kim_boolean_t *out_remember_options);
+kim_error kim_preferences_get_remember_options (kim_preferences in_preferences,
+ kim_boolean *out_remember_options);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the user's preferred client identity.
* \sa kim_preferences_get_client_identity()
*/
-kim_error_t kim_preferences_set_client_identity (kim_preferences_t io_preferences,
- kim_identity_t in_client_identity);
+kim_error kim_preferences_set_client_identity (kim_preferences io_preferences,
+ kim_identity in_client_identity);
/*!
* \param in_preferences a preferences object.
* \brief Get the user's preferred client identity.
* \sa kim_preferences_set_client_identity()
*/
-kim_error_t kim_preferences_get_client_identity (kim_preferences_t in_preferences,
- kim_identity_t *out_client_identity);
+kim_error kim_preferences_get_client_identity (kim_preferences in_preferences,
+ kim_identity *out_client_identity);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set whether or not to remember the last client identity the user acquired a credential for.
* \sa kim_preferences_get_remember_client_identity()
*/
-kim_error_t kim_preferences_set_remember_client_identity (kim_preferences_t io_preferences,
- kim_boolean_t in_remember_client_identity);
+kim_error kim_preferences_set_remember_client_identity (kim_preferences io_preferences,
+ kim_boolean in_remember_client_identity);
/*!
* \param in_preferences a preferences object.
* \brief Get whether or not to remember the last client identity the user acquired a credential for.
* \sa kim_preferences_set_remember_client_identity()
*/
-kim_error_t kim_preferences_get_remember_client_identity (kim_preferences_t in_preferences,
- kim_boolean_t *out_remember_client_identity);
+kim_error kim_preferences_get_remember_client_identity (kim_preferences in_preferences,
+ kim_boolean *out_remember_client_identity);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the minimum credential lifetime for GUI credential lifetime controls.
* \sa kim_preferences_get_minimum_lifetime()
*/
-kim_error_t kim_preferences_set_minimum_lifetime (kim_preferences_t io_preferences,
- kim_lifetime_t in_minimum_lifetime);
+kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences,
+ kim_lifetime in_minimum_lifetime);
/*!
* \param in_preferences a preferences object.
* \brief Get the minimum credential lifetime for GUI credential lifetime controls.
* \sa kim_preferences_set_minimum_lifetime()
*/
-kim_error_t kim_preferences_get_minimum_lifetime (kim_preferences_t in_preferences,
- kim_lifetime_t *out_minimum_lifetime);
+kim_error kim_preferences_get_minimum_lifetime (kim_preferences in_preferences,
+ kim_lifetime *out_minimum_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the maximum credential lifetime for GUI credential lifetime controls.
* \sa kim_preferences_get_maximum_lifetime()
*/
-kim_error_t kim_preferences_set_maximum_lifetime (kim_preferences_t io_preferences,
- kim_lifetime_t in_maximum_lifetime);
+kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences,
+ kim_lifetime in_maximum_lifetime);
/*!
* \param in_preferences a preferences object.
* \brief Get the maximum credential lifetime for GUI credential lifetime controls.
* \sa kim_preferences_set_maximum_lifetime()
*/
-kim_error_t kim_preferences_get_maximum_lifetime (kim_preferences_t in_preferences,
- kim_lifetime_t *out_maximum_lifetime);
+kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences,
+ kim_lifetime *out_maximum_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the minimum credential renewal lifetime for GUI credential lifetime controls.
* \sa kim_preferences_get_minimum_renewal_lifetime()
*/
-kim_error_t kim_preferences_set_minimum_renewal_lifetime (kim_preferences_t io_preferences,
- kim_lifetime_t in_minimum_renewal_lifetime);
+kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_preferences,
+ kim_lifetime in_minimum_renewal_lifetime);
/*!
* \param in_preferences a preferences object.
* \brief Get the minimum credential renewal lifetime for GUI credential lifetime controls.
* \sa kim_preferences_set_minimum_renewal_lifetime()
*/
-kim_error_t kim_preferences_get_minimum_renewal_lifetime (kim_preferences_t in_preferences,
- kim_lifetime_t *out_minimum_renewal_lifetime);
+kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_preferences,
+ kim_lifetime *out_minimum_renewal_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the maximum credential renewal lifetime for GUI credential lifetime controls.
* \sa kim_preferences_get_minimum_renewal_lifetime()
*/
-kim_error_t kim_preferences_set_maximum_renewal_lifetime (kim_preferences_t io_preferences,
- kim_lifetime_t in_maximum_renewal_lifetime);
+kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_preferences,
+ kim_lifetime in_maximum_renewal_lifetime);
/*!
* \param in_preferences a preferences object.
* \brief Get the maximum credential renewal lifetime for GUI credential lifetime controls.
* \sa kim_preferences_set_minimum_renewal_lifetime()
*/
-kim_error_t kim_preferences_get_maximum_renewal_lifetime (kim_preferences_t in_preferences,
- kim_lifetime_t *out_maximum_renewal_lifetime);
+kim_error kim_preferences_get_maximum_renewal_lifetime (kim_preferences in_preferences,
+ kim_lifetime *out_maximum_renewal_lifetime);
/*!
* \param io_preferences a preferences object to modify.
* \brief Set the user's preferred list of identities.
* \sa kim_preferences_get_favorite_identities()
*/
-kim_error_t kim_preferences_set_favorite_identities (kim_preferences_t io_preferences,
- kim_favorite_identities_t in_favorite_identities);
+kim_error kim_preferences_set_favorite_identities (kim_preferences io_preferences,
+ kim_favorite_identities in_favorite_identities);
/*!
* \param in_preferences a preferences object.
* \brief Get the user's preferred list of identities.
* \sa kim_preferences_set_favorite_identities()
*/
-kim_error_t kim_preferences_get_favorite_identities (kim_preferences_t in_preferences,
- kim_favorite_identities_t *out_favorite_identities);
+kim_error kim_preferences_get_favorite_identities (kim_preferences in_preferences,
+ kim_favorite_identities *out_favorite_identities);
/*!
* \param in_preferences a preferences object.
* \brief Synchronize a preferences object with the user's preferences, writing pending changes
* and reading any changes applied by other processes.
*/
-kim_error_t kim_preferences_synchronize (kim_preferences_t in_preferences);
+kim_error kim_preferences_synchronize (kim_preferences in_preferences);
/*!
* \param io_preferences the preferences object to be freed. Set to NULL on exit.
* \brief Free memory associated with a preferences object.
*/
-void kim_preferences_free (kim_preferences_t *io_preferences);
+void kim_preferences_free (kim_preferences *io_preferences);
/*!@}*/
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Create a new selection hints object.
*/
-kim_error_t kim_selection_hints_create (kim_selection_hints_t *out_selection_hints,
- kim_string_t in_application_identifier);
+kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints,
+ kim_string in_application_identifier);
/*!
* \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy a selection hints object.
*/
-kim_error_t kim_selection_hints_copy (kim_selection_hints_t *out_selection_hints,
- kim_selection_hints_t in_selection_hints);
+kim_error kim_selection_hints_copy (kim_selection_hints *out_selection_hints,
+ kim_selection_hints in_selection_hints);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the preferred service identity.
* \sa kim_selection_hints_get_service_identity_hint()
*/
-kim_error_t kim_selection_hints_set_service_identity_hint (kim_selection_hints_t io_selection_hints,
- kim_identity_t in_service_identity);
+kim_error kim_selection_hints_set_service_identity_hint (kim_selection_hints io_selection_hints,
+ kim_identity in_service_identity);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the preferred service identity.
* \sa kim_selection_hints_set_service_identity_hint()
*/
-kim_error_t kim_selection_hints_get_service_identity_hint (kim_selection_hints_t in_selection_hints,
- kim_identity_t *out_service_identity);
+kim_error kim_selection_hints_get_service_identity_hint (kim_selection_hints in_selection_hints,
+ kim_identity *out_service_identity);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the preferred client realm.
* \sa kim_selection_hints_get_client_realm_hint()
*/
-kim_error_t kim_selection_hints_set_client_realm_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t in_client_realm);
+kim_error kim_selection_hints_set_client_realm_hint (kim_selection_hints io_selection_hints,
+ kim_string in_client_realm);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the preferred client realm.
* \sa kim_selection_hints_set_client_realm_hint()
*/
-kim_error_t kim_selection_hints_get_client_realm_hint (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_client_realm);
+kim_error kim_selection_hints_get_client_realm_hint (kim_selection_hints in_selection_hints,
+ kim_string *out_client_realm);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the preferred user name.
* \sa kim_selection_hints_get_user_hint()
*/
-kim_error_t kim_selection_hints_set_user_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t in_user);
+kim_error kim_selection_hints_set_user_hint (kim_selection_hints io_selection_hints,
+ kim_string in_user);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the preferred user name.
* \sa kim_selection_hints_set_user_hint()
*/
-kim_error_t kim_selection_hints_get_user_hint (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_user);
+kim_error kim_selection_hints_get_user_hint (kim_selection_hints in_selection_hints,
+ kim_string *out_user);
/*!
* \brief Set the preferred service realm.
* \sa kim_selection_hints_get_service_realm_hint()
*/
-kim_error_t kim_selection_hints_set_service_realm_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t in_service_realm);
+kim_error kim_selection_hints_set_service_realm_hint (kim_selection_hints io_selection_hints,
+ kim_string in_service_realm);
/*!
* \param io_selection_hints a selection hints object.
* \brief Get the preferred service realm.
* \sa kim_selection_hints_set_service_realm_hint()
*/
-kim_error_t kim_selection_hints_get_service_realm_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t *out_service_realm);
+kim_error kim_selection_hints_get_service_realm_hint (kim_selection_hints io_selection_hints,
+ kim_string *out_service_realm);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the preferred service name.
* \sa kim_selection_hints_get_service_hint()
*/
-kim_error_t kim_selection_hints_set_service_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t in_service);
+kim_error kim_selection_hints_set_service_hint (kim_selection_hints io_selection_hints,
+ kim_string in_service);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the preferred service name.
* \sa kim_selection_hints_set_service_hint()
*/
-kim_error_t kim_selection_hints_get_service_hint (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_service);
+kim_error kim_selection_hints_get_service_hint (kim_selection_hints in_selection_hints,
+ kim_string *out_service);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the preferred server host name.
* \sa kim_selection_hints_get_server_hint()
*/
-kim_error_t kim_selection_hints_set_server_hint (kim_selection_hints_t io_selection_hints,
- kim_string_t in_server);
+kim_error kim_selection_hints_set_server_hint (kim_selection_hints io_selection_hints,
+ kim_string in_server);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the preferred server host name.
* \sa kim_selection_hints_set_server_hint()
*/
-kim_error_t kim_selection_hints_get_server_hint (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_server);
+kim_error kim_selection_hints_get_server_hint (kim_selection_hints in_selection_hints,
+ kim_string *out_server);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the application name for use in user interaction.
* \sa kim_selection_hints_get_application_name()
*/
-kim_error_t kim_selection_hints_set_application_name (kim_selection_hints_t io_selection_hints,
- kim_string_t in_application_name);
+kim_error kim_selection_hints_set_application_name (kim_selection_hints io_selection_hints,
+ kim_string in_application_name);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the application name for use in user interaction.
* \sa kim_selection_hints_set_application_name()
*/
-kim_error_t kim_selection_hints_get_application_name (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_application_name);
+kim_error kim_selection_hints_get_application_name (kim_selection_hints in_selection_hints,
+ kim_string *out_application_name);
/*!
* \param io_selection_hints a selection hints object to modify.
* \brief Set the strings used to prompt the user to select the identity.
* \sa kim_selection_hints_get_explanation()
*/
-kim_error_t kim_selection_hints_set_explanation (kim_selection_hints_t io_selection_hints,
- kim_string_t in_explanation);
+kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_hints,
+ kim_string in_explanation);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the strings used to prompt the user to select the identity.
* \sa kim_selection_hints_set_explanation()
*/
-kim_error_t kim_selection_hints_get_explanation (kim_selection_hints_t in_selection_hints,
- kim_string_t *out_explanation);
+kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection_hints,
+ kim_string *out_explanation);
/*!
* \brief Set the options which will be used if credentials need to be acquired.
* \sa kim_selection_hints_get_options()
*/
-kim_error_t kim_selection_hints_set_options (kim_selection_hints_t io_selection_hints,
- kim_options_t in_options);
+kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hints,
+ kim_options in_options);
/*!
* \param in_selection_hints a selection hints object.
* \brief Get the options which will be used if credentials need to be acquired.
* \sa kim_selection_hints_set_options()
*/
-kim_error_t kim_selection_hints_get_options (kim_selection_hints_t in_selection_hints,
- kim_options_t *out_options);
+kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hints,
+ kim_options *out_options);
/*!
* \param in_selection_hints a selection hints object to modify
* \brief Set whether or not KIM may interact with the user to select an identity.
* \sa kim_selection_hints_get_allow_user_interaction
*/
-kim_error_t kim_selection_hints_set_allow_user_interaction (kim_selection_hints_t in_selection_hints,
- kim_boolean_t in_allow_user_interaction);
+kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in_selection_hints,
+ kim_boolean in_allow_user_interaction);
/*!
* \param in_selection_hints a selection hints object to modify
* \brief Get whether or not KIM may interact with the user to select an identity.
* \sa kim_selection_hints_set_allow_user_interaction
*/
-kim_error_t kim_selection_hints_get_allow_user_interaction (kim_selection_hints_t in_selection_hints,
- kim_boolean_t *out_allow_user_interaction);
+kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints in_selection_hints,
+ kim_boolean *out_allow_user_interaction);
/*!
* \param in_selection_hints a selection hints object to modify
* \brief Set whether or not KIM will use cached mappings for this selection hints object.
* \sa kim_selection_hints_get_remember_identity
*/
-kim_error_t kim_selection_hints_set_remember_identity (kim_selection_hints_t in_selection_hints,
- kim_boolean_t in_remember_identity);
+kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_selection_hints,
+ kim_boolean in_remember_identity);
/*!
* \param in_selection_hints a selection hints object to modify
* \brief Get whether or not KIM will use cache mappings for this selection hints object.
* \sa kim_selection_hints_set_remember_identity
*/
-kim_error_t kim_selection_hints_get_remember_identity (kim_selection_hints_t in_selection_hints,
- kim_boolean_t *out_remember_identity);
+kim_error kim_selection_hints_get_remember_identity (kim_selection_hints in_selection_hints,
+ kim_boolean *out_remember_identity);
/*!
* \param in_selection_hints the selection hints to add to the cache.
* \brief Choose a client identity based on selection hints.
*/
-kim_error_t kim_selection_hints_get_identity (kim_selection_hints_t in_selection_hints,
- kim_identity_t *out_identity);
+kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hints,
+ kim_identity *out_identity);
/*!
* \param in_selection_hints the selection hints to add to the cache.
* replacing any existing entry.
*/
-kim_error_t kim_selection_hints_remember_identity (kim_selection_hints_t in_selection_hints,
- kim_identity_t in_identity);
+kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selection_hints,
+ kim_identity in_identity);
/*!
* \param in_selection_hints the selection hints to remove from the cache.
* \brief Remove an entry for the selection hints from the selection hints cache.
*/
-kim_error_t kim_selection_hints_forget_identity (kim_selection_hints_t in_selection_hints);
+kim_error kim_selection_hints_forget_identity (kim_selection_hints in_selection_hints);
/*!
* \param io_selection_hints the selection hints object to be freed. Set to NULL on exit.
* \brief Free memory associated with a selection hints object.
*/
-void kim_selection_hints_free (kim_selection_hints_t *io_selection_hints);
+void kim_selection_hints_free (kim_selection_hints *io_selection_hints);
/*!@}*/
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Copy a string.
*/
-kim_error_t kim_string_copy (kim_string_t *out_string,
- const kim_string_t in_string);
+kim_error kim_string_copy (kim_string *out_string,
+ const kim_string in_string);
/*!
* \param in_string a string.
* \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure.
* \brief Compare two strings.
*/
-kim_error_t kim_string_compare (kim_string_t in_string,
- kim_string_t in_compare_to_string,
- kim_comparison_t *out_comparison);
+kim_error kim_string_compare (kim_string in_string,
+ kim_string in_compare_to_string,
+ kim_comparison *out_comparison);
/*!
* \param io_string a string to be freed. Set to NULL on exit.
* \brief Free memory associated with a string.
*/
-void kim_string_free (kim_string_t *io_string);
+void kim_string_free (kim_string *io_string);
/*!@}*/
/*!
* The KIM String type. See \ref kim_string_overview for more information.
*/
-typedef int32_t kim_error_code_t;
+typedef int32_t kim_error_code;
/*!
* A time value represented in seconds since January 1, 1970.
*/
-typedef int64_t kim_time_t;
+typedef int64_t kim_time;
/*!
* A duration represented in seconds.
*/
-typedef int64_t kim_lifetime_t;
+typedef int64_t kim_lifetime;
/*!
* An quantity, usually used to return the number of elements in an array.
*/
-typedef uint64_t kim_count_t;
+typedef uint64_t kim_count;
/*!
* A boolean value. 0 means false, all other values mean true.
*/
-typedef int kim_boolean_t;
+typedef int kim_boolean;
/*!
* A comparison between two sortable objects.
* See #kim_comparison_is_less_than(), #kim_comparison_is_equal() and
* #kim_comparison_is_greater_than()
*/
-typedef int kim_comparison_t;
+typedef int kim_comparison;
/*!
* Convenience macro for interpreting #kim_comparison_t.
/*!
* The KIM String type. See \ref kim_string_overview for more information.
*/
-typedef const char *kim_string_t;
+typedef const char *kim_string;
struct kim_error_opaque;
/*!
* A KIM Error object. See \ref kim_error_overview for more information.
*/
-typedef struct kim_error_opaque *kim_error_t;
+typedef struct kim_error_opaque *kim_error;
struct kim_identity_opaque;
/*!
* A KIM Principal object. See \ref kim_identity_overview for more information.
*/
-typedef struct kim_identity_opaque *kim_identity_t;
+typedef struct kim_identity_opaque *kim_identity;
struct kim_options_opaque;
/*!
* A KIM Options object. See \ref kim_options_overview for more information.
*/
-typedef struct kim_options_opaque *kim_options_t;
+typedef struct kim_options_opaque *kim_options;
struct kim_selection_hints_opaque;
/*!
* A KIM Selection Hints object. See \ref kim_selection_hints_overview for more information.
*/
-typedef struct kim_selection_hints_opaque *kim_selection_hints_t;
+typedef struct kim_selection_hints_opaque *kim_selection_hints;
struct kim_favorite_identities_opaque;
/*!
* A KIM Favorite Realms object. See \ref kim_favorite_identities_overview for more information.
*/
-typedef struct kim_favorite_identities_opaque *kim_favorite_identities_t;
+typedef struct kim_favorite_identities_opaque *kim_favorite_identities;
struct kim_preferences_opaque;
/*!
* A KIM Preferences object. See \ref kim_preferences_overview for more information.
*/
-typedef struct kim_preferences_opaque *kim_preferences_t;
+typedef struct kim_preferences_opaque *kim_preferences;
struct kim_ccache_iterator_opaque;
/*!
* A KIM CCache Iterator object. See \ref kim_credential_cache_collection for more information.
*/
-typedef struct kim_ccache_iterator_opaque *kim_ccache_iterator_t;
+typedef struct kim_ccache_iterator_opaque *kim_ccache_iterator;
struct kim_ccache_opaque;
/*!
* A KIM CCache object. See \ref kim_ccache_overview for more information.
*/
-typedef struct kim_ccache_opaque *kim_ccache_t;
+typedef struct kim_ccache_opaque *kim_ccache;
struct kim_credential_iterator_opaque;
/*!
* A KIM Credential Iterator object. See \ref kim_credential_iterator_t for more information.
*/
-typedef struct kim_credential_iterator_opaque *kim_credential_iterator_t;
+typedef struct kim_credential_iterator_opaque *kim_credential_iterator;
struct kim_credential_opaque;
/*!
* A KIM Credential object. See \ref kim_credential_overview for more information.
*/
-typedef struct kim_credential_opaque *kim_credential_t;
+typedef struct kim_credential_opaque *kim_credential;
/*!@}*/
projects / krb5.git / commitdiff