From e6161f3ef211d64c0f616ccc12f819026d44a0e3 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Thu, 17 Jul 2008 17:02:41 +0000 Subject: [PATCH] Removed _t suffix from KIM types git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20534 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kim/kim_ccache.h | 102 +-- src/include/kim/kim_credential.h | 956 +++++++++++++------------- src/include/kim/kim_error.h | 14 +- src/include/kim/kim_identity.h | 62 +- src/include/kim/kim_options.h | 126 ++-- src/include/kim/kim_preferences.h | 110 +-- src/include/kim/kim_selection_hints.h | 108 +-- src/include/kim/kim_string.h | 12 +- src/include/kim/kim_types.h | 34 +- 9 files changed, 762 insertions(+), 762 deletions(-) diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index ad3ee1626..c04381edc 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -262,7 +262,7 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get a ccache iterator to enumerate ccaches in the cache collection. */ -kim_error_t kim_ccache_iterator_create (kim_ccache_iterator_t *out_ccache_iterator); +kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator); /*! * \param in_ccache_iterator a ccache iterator object. @@ -272,14 +272,14 @@ kim_error_t kim_ccache_iterator_create (kim_ccache_iterator_t *out_ccache_iterat * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the next ccache in the cache collection. */ -kim_error_t kim_ccache_iterator_next (kim_ccache_iterator_t in_ccache_iterator, - kim_ccache_t *out_ccache); +kim_error kim_ccache_iterator_next (kim_ccache_iterator in_ccache_iterator, + kim_ccache *out_ccache); /*! * \param io_ccache_iterator a ccache iterator object to be freed. Set to NULL on exit. * \brief Free memory associated with a ccache iterator. */ -void kim_ccache_iterator_free (kim_ccache_iterator_t *io_ccache_iterator); +void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator); /*!@}*/ @@ -299,9 +299,9 @@ void kim_ccache_iterator_free (kim_ccache_iterator_t *io_ccache_iterator); * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Acquire a new initial credential and store it in a ccache. */ -kim_error_t kim_ccache_create_new (kim_ccache_t *out_ccache, - kim_identity_t in_client_identity, - kim_options_t in_options); +kim_error kim_ccache_create_new (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options); /*! * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired @@ -314,9 +314,9 @@ kim_error_t kim_ccache_create_new (kim_ccache_t *out_ccache, * \brief Find a ccache containing a valid initial credential in the cache collection, or if * unavailable, acquire and store a new initial credential. */ -kim_error_t kim_ccache_create_new_if_needed (kim_ccache_t *out_ccache, - kim_identity_t in_client_identity, - kim_options_t in_options); +kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options); /*! * \param out_ccache on exit, a ccache object for a ccache containing a TGT @@ -325,8 +325,8 @@ kim_error_t kim_ccache_create_new_if_needed (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Find a ccache for a client identity in the cache collection. */ -kim_error_t kim_ccache_create_from_client_identity (kim_ccache_t *out_ccache, - kim_identity_t in_client_identity); +kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, + kim_identity in_client_identity); /*! * \param out_ccache on exit, a new ccache object containing an initial credential @@ -339,10 +339,10 @@ kim_error_t kim_ccache_create_from_client_identity (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Acquire a new initial credential from a keytab and store it in a ccache. */ -kim_error_t kim_ccache_create_from_keytab (kim_ccache_t *out_ccache, - kim_identity_t in_identity, - kim_options_t in_options, - kim_string_t in_keytab); +kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, + kim_identity in_identity, + kim_options in_options, + kim_string in_keytab); /*! * \param out_ccache on exit, a ccache object for the default ccache. @@ -350,7 +350,7 @@ kim_error_t kim_ccache_create_from_keytab (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the default ccache. */ -kim_error_t kim_ccache_create_from_default (kim_ccache_t *out_ccache); +kim_error kim_ccache_create_from_default (kim_ccache *out_ccache); /*! * \param out_ccache on exit, a ccache object for the ccache identified by @@ -362,9 +362,9 @@ kim_error_t kim_ccache_create_from_default (kim_ccache_t *out_ccache); * KIM-aware and should be avoided whenever possible. * \brief Get a ccache for a ccache type and name. */ -kim_error_t kim_ccache_create_from_type_and_name (kim_ccache_t *out_ccache, - kim_string_t in_type, - kim_string_t in_name); +kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, + kim_string in_type, + kim_string in_name); /*! * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. @@ -374,7 +374,7 @@ kim_error_t kim_ccache_create_from_type_and_name (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get a ccache for a krb5 ccache. */ -kim_error_t kim_ccache_create_from_krb5_ccache (kim_ccache_t *out_ccache, +kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, krb5_context in_krb5_context, krb5_ccache in_krb5_ccache); @@ -385,8 +385,8 @@ kim_error_t kim_ccache_create_from_krb5_ccache (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy a ccache. */ -kim_error_t kim_ccache_copy (kim_ccache_t *out_ccache, - kim_ccache_t in_ccache); +kim_error kim_ccache_copy (kim_ccache *out_ccache, + kim_ccache in_ccache); /*! * \param in_ccache a ccache object. @@ -396,7 +396,7 @@ kim_error_t kim_ccache_copy (kim_ccache_t *out_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get a krb5 ccache for a ccache. */ -kim_error_t kim_ccache_get_krb5_ccache (kim_ccache_t in_ccache, +kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache, krb5_context in_krb5_context, krb5_ccache *out_krb5_ccache); @@ -406,8 +406,8 @@ kim_error_t kim_ccache_get_krb5_ccache (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the name of a ccache. */ -kim_error_t kim_ccache_get_name (kim_ccache_t in_ccache, - kim_string_t *out_name); +kim_error kim_ccache_get_name (kim_ccache in_ccache, + kim_string *out_name); /*! * \param in_ccache a ccache object. @@ -415,8 +415,8 @@ kim_error_t kim_ccache_get_name (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the type of a ccache. */ -kim_error_t kim_ccache_get_type (kim_ccache_t in_ccache, - kim_string_t *out_type); +kim_error kim_ccache_get_type (kim_ccache in_ccache, + kim_string *out_type); /*! * \param in_ccache a ccache object. @@ -427,8 +427,8 @@ kim_error_t kim_ccache_get_type (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the type and name for a ccache in display format. */ -kim_error_t kim_ccache_get_display_name (kim_ccache_t in_ccache, - kim_string_t *out_display_name); +kim_error kim_ccache_get_display_name (kim_ccache in_ccache, + kim_string *out_display_name); /*! * \param in_ccache a ccache object. @@ -437,8 +437,8 @@ kim_error_t kim_ccache_get_display_name (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the client identity for a ccache. */ -kim_error_t kim_ccache_get_client_identity (kim_ccache_t in_ccache, - kim_identity_t *out_client_identity); +kim_error kim_ccache_get_client_identity (kim_ccache in_ccache, + kim_identity *out_client_identity); /*! * \param in_ccache a ccache object. @@ -452,8 +452,8 @@ kim_error_t kim_ccache_get_client_identity (kim_ccache_t in_ccache, * TGTs at all, it will return the first valid non-TGT credential. If you only want * TGTs, use kim_credential_is_tgt() to verify that \a out_credential is a tgt. */ -kim_error_t kim_ccache_get_valid_credential (kim_ccache_t in_ccache, - kim_credential_t *out_credential); +kim_error kim_ccache_get_valid_credential (kim_ccache in_ccache, + kim_credential *out_credential); /*! * \param in_ccache a ccache object. @@ -462,8 +462,8 @@ kim_error_t kim_ccache_get_valid_credential (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the time when the credentials in the ccache become valid. */ -kim_error_t kim_ccache_get_start_time (kim_ccache_t in_ccache, - kim_time_t *out_start_time); +kim_error kim_ccache_get_start_time (kim_ccache in_ccache, + kim_time *out_start_time); /*! * \param in_ccache a ccache object. @@ -472,8 +472,8 @@ kim_error_t kim_ccache_get_start_time (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the time when the credentials in the ccache will expire. */ -kim_error_t kim_ccache_get_expiration_time (kim_ccache_t in_ccache, - kim_time_t *out_expiration_time); +kim_error kim_ccache_get_expiration_time (kim_ccache in_ccache, + kim_time *out_expiration_time); /*! * \param in_ccache a ccache object. @@ -482,8 +482,8 @@ kim_error_t kim_ccache_get_expiration_time (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the time when the credentials in the ccache will no longer be renewable. */ -kim_error_t kim_ccache_get_renewal_expiration_time (kim_ccache_t in_ccache, - kim_time_t *out_renewal_expiration_time); +kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache, + kim_time *out_renewal_expiration_time); /*! * \param io_ccache a ccache object which will be set to the default ccache. @@ -492,7 +492,7 @@ kim_error_t kim_ccache_get_renewal_expiration_time (kim_ccache_t in_ccache, * KIM-aware and should be avoided whenever possible. * \brief Set a ccache to the default ccache. */ -kim_error_t kim_ccache_set_default (kim_ccache_t io_ccache); +kim_error kim_ccache_set_default (kim_ccache io_ccache); /*! * \param in_ccache a ccache object containing the TGT credential to be verified. @@ -507,10 +507,10 @@ kim_error_t kim_ccache_set_default (kim_ccache_t io_ccache); * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Verify the TGT in a ccache. */ -kim_error_t kim_ccache_verify (kim_ccache_t in_ccache, - kim_identity_t in_service_identity, - kim_string_t in_keytab, - kim_boolean_t in_fail_if_no_service_key); +kim_error kim_ccache_verify (kim_ccache in_ccache, + kim_identity in_service_identity, + kim_string in_keytab, + kim_boolean in_fail_if_no_service_key); /*! * \param in_ccache a ccache object containing a TGT to be renewed. @@ -518,8 +518,8 @@ kim_error_t kim_ccache_verify (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Renew the TGT in a ccache. */ -kim_error_t kim_ccache_renew (kim_ccache_t in_ccache, - kim_options_t in_options); +kim_error kim_ccache_renew (kim_ccache in_ccache, + kim_options in_options); /*! * \param in_ccache a ccache object containing a TGT to be validated. @@ -527,8 +527,8 @@ kim_error_t kim_ccache_renew (kim_ccache_t in_ccache, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Validate the TGT in a ccache. */ -kim_error_t kim_ccache_validate (kim_ccache_t in_ccache, - kim_options_t in_options); +kim_error kim_ccache_validate (kim_ccache in_ccache, + kim_options in_options); /*! * \param io_ccache a ccache object to be destroyed. Set to NULL on exit. @@ -537,13 +537,13 @@ kim_error_t kim_ccache_validate (kim_ccache_t in_ccache, * \note Frees memory associated with the ccache. Do not call kim_ccache_free() * after calling this function. */ -kim_error_t kim_ccache_destroy (kim_ccache_t *io_ccache); +kim_error kim_ccache_destroy (kim_ccache *io_ccache); /*! * \param io_ccache a ccache object to be freed. Set to NULL on exit. * \brief Free memory associated with a ccache. */ -void kim_ccache_free (kim_ccache_t *io_ccache); +void kim_ccache_free (kim_ccache *io_ccache); /*!@}*/ diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h index 03fe50c49..adb21c316 100644 --- a/src/include/kim/kim_credential.h +++ b/src/include/kim/kim_credential.h @@ -28,490 +28,490 @@ #ifdef __cplusplus extern "C" { #endif - + #include #include -/*! - * \addtogroup kim_types_reference - * @{ - */ + /*! + * \addtogroup kim_types_reference + * @{ + */ -/*! - * Possible credential states. Credentials may be: - * \li valid - The credential can be used. - * \li expired - The credential's lifetime has been exceeded. - * \li not_yet_valid - The credential is post dated and the time when - * it becomes valid has not yet been reached. - * \li needs_validation - The credential is post-dated and although - * the time when it becomes valid has been reached - * it has not yet been validated. - * \li address_mismatch - The credential contains IP address(es) which do - * not match the host's local address(es). - */ -enum kim_credential_state_enum { - kim_credentials_state_valid = 0, - kim_credentials_state_expired = 1, - kim_credentials_state_not_yet_valid = 2, - kim_credentials_state_needs_validation = 3, - kim_credentials_state_address_mismatch = 4 -}; - -/*! - * The state of a credential. See #kim_credential_state_enum for - * possible values. - */ -typedef int kim_credential_state_t; + /*! + * Possible credential states. Credentials may be: + * \li valid - The credential can be used. + * \li expired - The credential's lifetime has been exceeded. + * \li not_yet_valid - The credential is post dated and the time when + * it becomes valid has not yet been reached. + * \li needs_validation - The credential is post-dated and although + * the time when it becomes valid has been reached + * it has not yet been validated. + * \li address_mismatch - The credential contains IP address(es) which do + * not match the host's local address(es). + */ + enum kim_credential_state_enum { + kim_credentials_state_valid = 0, + kim_credentials_state_expired = 1, + kim_credentials_state_not_yet_valid = 2, + kim_credentials_state_needs_validation = 3, + kim_credentials_state_address_mismatch = 4 + }; + + /*! + * The state of a credential. See #kim_credential_state_enum for + * possible values. + */ + typedef int kim_credential_state; + + /*! @} */ + + /*! + * \page kim_credential_overview KIM Credential Overview + * + * \section kim_credential_introduction Introduction + * + * A Kerberos credential (also called a "Kerberos ticket") is a time-limited + * token issued by a KDC which authenticates the entity named by the credential's + * client identity to the service named by the credential's service identity. + * + * The kim_credential object contains a single Kerberos credential. KIM credentials + * objects are always copies of credentials, not references to credentials + * stored in the cache collection. Modifying credential objects in the ccache + * collection will not change any existing KIM credential objects. + * + * KIM credential APIs are intended for applications and system + * tools which manage credentials for the user. They are not a substitute for + * krb5 and GSSAPI functions which obtain service credentials for the purpose + * of authenticating a client to an application server. + * + * \note Many of the APIs listed below have equivalent functions which + * operate on ccaches. In most cases applications will want to use the + * ccache versions of these APIs since they automatically store any + * newly created credentials. See \ref kim_ccache_overview for more + * information. + * + * + * \section kim_credential_acquire_new Acquiring New Credentials + * + * KIM provides the #kim_credential_create_new() API for acquiring new + * credentials. Credentials can either be obtained for a specific + * client identity or by specifying #KIM_IDENTITY_ANY to allow + * the user to choose. Typically callers of this API obtain the client + * identity using #kim_selection_hints_get_identity(). Depending on the + * kim_options specified, #kim_credential_create_new() may present a + * GUI or command line prompt to obtain information from the user. + * + * KIM provides the #kim_credential_create_from_keytab() to create credentials + * using a keytab. A keytab is an on-disk copy of a client identity's secret + * key. Typically sites use keytabs for client identities that identify a + * machine or service and protect the keytab with disk permissions. Because + * a keytab is sufficient to obtain credentials, keytabs will normally only + * be readable by root, Administrator or some other privileged account. + * Typically applications use credentials obtained from keytabs to obtain + * credentials for batch processes. These keytabs and credentials are usually + * for a special identity used for the batch process rather than a user + * identity. + * + * + * \section kim_credential_validate Validating Credentials + * + * A credential with a start time in the future (ie: after the issue date) + * is called a post-dated credential. Because the KDC administrator may + * wish to disable a identity, once the start time is reached, all post-dated + * credentials must be validated before they can be used. Otherwise an + * attacker using a compromised account could acquire lots of post-dated + * credentials to circumvent the acccount being disabled. + * + * KIM provides the #kim_credential_validate() API to validate a credential. + * Note that this API replaces the credential object with a new validated + * credential object. If you wish to store the new credential in the + * ccache collection you must either call #kim_credential_store() on the + * validated credential or use #kim_ccache_validate() instead. + * + * + * \section kim_credential_renew Renewing Credentials + * + * A renewable credential can be used to obtain a new identical credential + * without resending secret information (such as a password) to the KDC. + * A credential may only be renewed during its renewal lifetime and while + * valid. + * + * KIM provides the #kim_credential_renew() API to renew a credential. + * Note that this API replaces the credential object with a new renewed + * credential object. If you wish to store the new credential in the + * ccache collection you must either call #kim_credential_store() on the + * renewed credential or use #kim_ccache_renew() instead. + * + * + * \section kim_credential_storing Storing Credentials in the Cache Collection + * + * KIM credential objects may be stored in the ccache collection using + * #kim_credential_store(). This function runs any KIM authentication + * plugins on the credential and if the plugins return successfully, creates a + * new ccache for the credential's client identity in the cache collection + * and stores the credential in that ccache. Any existing ccaches and credentials + * for that client identity will be overwritten. #kim_credential_store() may + * optionally return a kim_ccache object for the new ccache if you need to perform + * further operations on the new ccache. + * + * Most of the time if you plan to store the credentials you are manipulating, you + * should use one of KIM ccache APIs. These functions perform the same operations + * except that they also call #kim_credential_store() any time the credential object + * changes. See \ref kim_ccache_overview for more information. + * + * + * \section kim_credential_iterator Iterating over the Credentials in a CCache + * + * KIM provides a simple iterator API for iterating over the credentials + * in a ccache. First, call #kim_credential_iterator_create() to obtain + * an iterator for a ccache. Then loop calling #kim_credential_iterator_next() + * until either you find the credential you are looking for or the API + * returns a NULL credential, indicating that there are no more + * credentials in the ccache. When you are done with the iterator, call + * #kim_credential_iterator_free(). + * + * \note #kim_credential_iterator_next() returns credential objects which + * must be freed with #kim_credential_free() to avoid leaking memory. + * + * + * \section kim_credential_verify Verifying Credentials + * + * When a program acquires TGT credentials for the purpose of authenticating + * itself to the machine it is running on, it is insufficient for the machine + * to assume that the caller is authorized just because it got credentials. + * Instead, the credentials must be verified using a key the local machine. + * The reason this is necessary is because an attacker can trick the + * machine into obtaining credentials from any KDC, including malicious ones + * with the same realm name as the local machine's realm. This exploit is + * called the Zanarotti attack. + * + * In order to avoid the Zanarotti attack, the local machine must authenticate + * the process in the same way an application server would authenticate a client. + * Like an application server, the local machine must have its own identity in + * its realm and a keytab for that identity on its local disk. However, + * rather than forcing system daemons to use the network-oriented calls in the + * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to + * verify credentials directly. + * + * The most common reason for using #kim_credential_verify() is user login. + * If the local machine wants to use Kerberos to verify the username and password + * provided by the user, it must call #kim_credential_verify() on the credentials + * it obtains to make sure they are really from a KDC it trusts. Another common + * case is a server which is only using Kerberos internally. For example an + * LDAP or web server might use a username and password obtained over the network + * to get Kerberos credentials. In order to make sure they aren't being tricked + * into talking to the wrong KDC, these servers must also call + * #kim_credential_verify(). + * + * The Zanarotti attack is only a concern if the act of accessing the machine + * gives the process special access. Thus a managed cluster machine with + * Kerberos-authenticated networked home directories does not need to call + * #kim_credential_verify(). Even though an attacker can log in as any user on + * the cluster machine, the attacker can't actually access any of the user's data + * or use any of their privileges because those are all authenticated via + * Kerberized application servers (and thus require actually having credentials + * for the real local realm). + * + * #kim_credential_verify() provides an option to + * return success even if the machine's host key is not present. This option + * exists for sites which have a mix of different machines, some of which are + * vulnerable to the Zanarotti attack and some are not. If this option is used, + * it is the responsiblity of the machine's maintainer to obtain a keytab + * for their machine if it needs one. + * + * + * \section kim_credential_properties Examining Credential Properties + * + * \li #kim_credential_get_client_identity() + * returns the credential's client identity. + * + * \li #kim_credential_get_service_identity() + * returns the credential's service identity. + * + * \li #kim_credential_is_tgt() + * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are + * credentials for the krbtgt service: a service identity of the form "krbtgt/@". + * These credentials allow the entity named by the client identity to obtain + * additional service credentials without resending shared secrets (such as a password) + * to the KDC. Kerberos uses TGTs to provide single sign-on authentication. + * + * \li #kim_credential_is_valid() + * returns whether the credential is valid and if not why the credential is not valid. + * + * \li #kim_credential_get_start_time() + * returns when the credential will become valid. + * Credentials may be "post-dated" which means that their lifetime starts sometime + * in the future. Note that when a post-dated credential's start time is reached, + * the credential must be validated. See \ref kim_credential_validate for more information. + * + * \li #kim_credential_get_expiration_time() + * returns when the credential will expire. + * Credentials are time limited by the lifetime of the credential. While you can + * request a credential of any lifetime, the KDC limits the credential lifetime + * to a administrator-defined maximum. Typically credential lifetime range from 10 + * to 21 hours. + * + * \li #kim_credential_get_renewal_expiration_time() + * returns when the credential will no longer be renewable. + * Valid credentials may be renewed up until their renewal expiration time. + * Renewing credentials acquires a fresh set of credentials with a full lifetime + * without resending secrets to the KDC (such as a password). If credentials are + * not renewable, this function will return an error. + * + * + * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for + * information on specific APIs. + */ + + /*! + * \defgroup kim_credential_iterator_reference KIM Credential Iterator Reference Documentation + * @{ + */ + + /*! + * \param out_credential_iterator on exit, a credential iterator object for \a in_ccache. + * Must be freed with kim_credential_iterator_free(). + * \param in_ccache a ccache object. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get a credential iterator to enumerate credentials in a ccache. + */ + + kim_error kim_credential_iterator_create (kim_credential_iterator *out_credential_iterator, + kim_ccache in_ccache); + + /*! + * \param in_credential_iterator a credential iterator object. + * \param out_credential on exit, the next credential in the ccache iterated by + * \a in_credential_iterator. Must be freed with + * kim_credential_free(). If there are no more credentials + * this argument will be set to NULL. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the next credential in a ccache. + */ + + kim_error kim_credential_iterator_next (kim_credential_iterator in_credential_iterator, + kim_credential *out_credential); + + /*! + * \param io_credential_iterator a credential iterator object to be freed. Set to NULL on exit. + * \brief Free memory associated with a credential iterator. + */ + void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterator); + + /*!@}*/ + + /*! + * \defgroup kim_credential_reference KIM Credential Reference Documentation + * @{ + */ + + /*! + * \param out_credential on exit, a new credential object containing a newly acquired + * initial credential. Must be freed with kim_credential_free(). + * \param in_client_identity a client identity to obtain a credential for. Specify NULL to + * allow the user to choose the identity + * \param in_options options to control credential acquisition. + * \note Depending on the kim_options specified, #kim_credential_create_new() may + * present a GUI or command line prompt to obtain information from the user. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Acquire a new initial credential. + * \sa kim_ccache_create_new + */ + kim_error kim_credential_create_new (kim_credential *out_credential, + kim_identity in_client_identity, + kim_options in_options); + + /*! + * \param out_credential on exit, a new credential object containing an initial credential + * for \a in_identity obtained using \a in_keytab. + * Must be freed with kim_credential_free(). + * \param in_identity a client identity to obtain a credential for. Specify NULL for + * the first identity in the keytab. + * \param in_options options to control credential acquisition. + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Acquire a new initial credential from a keytab. + * \sa kim_ccache_create_from_keytab + */ + kim_error kim_credential_create_from_keytab (kim_credential *out_credential, + kim_identity in_identity, + kim_options in_options, + kim_string in_keytab); + + /*! + * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds. + * Must be freed with kim_credential_free(). + * \param in_krb5_context the krb5 context used to create \a in_krb5_creds. + * \param in_krb5_creds a krb5 credential object. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Copy a credential from a krb5 credential object. + */ + kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential, + krb5_context in_krb5_context, + krb5_creds *in_krb5_creds); + + /*! + * \param out_credential on exit, a new credential object which is a copy of \a in_credential. + * Must be freed with kim_credential_free(). + * \param in_credential a credential object. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Copy a credential object. + */ + kim_error kim_credential_copy (kim_credential *out_credential, + kim_credential in_credential); + + /*! + * \param in_credential a credential object. + * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds. + * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential. + * Must be freed with krb5_free_creds(). + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get a krb5 credentials object for a credential object. + */ + kim_error kim_credential_get_krb5_creds (kim_credential in_credential, + krb5_context in_krb5_context, + krb5_creds **out_krb5_creds); + + /*! + * \param in_credential a credential object. + * \param out_client_identity on exit, an identity object containing the client identity of + * \a in_credential. Must be freed with kim_identity_free(). + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the client identity of a credential object. + */ + kim_error kim_credential_get_client_identity (kim_credential in_credential, + kim_identity *out_client_identity); + + /*! + * \param in_credential a credential object. + * \param out_service_identity on exit, an identity object containing the service identity of + * \a in_credential. Must be freed with kim_identity_free(). + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the service identity of a credential object. + */ + kim_error kim_credential_get_service_identity (kim_credential in_credential, + kim_identity *out_service_identity); + + /*! + * \param in_credential a credential object. + * \param out_is_tgt on exit, whether or not the credential is a TGT. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Check if a credential is a ticket granting ticket. + */ + kim_error kim_credential_is_tgt (kim_credential in_credential, + kim_boolean *out_is_tgt); + + /*! + * \param in_credential a credential object. + * \param out_state on exit, the state of the credential. See #kim_credential_state_enum + * for the possible values of \a out_state. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Check the state of a credential (valid, expired, postdated, etc). + */ + kim_error kim_credential_get_state (kim_credential in_credential, + kim_credential_state *out_state); + + /*! + * \param in_credential a credential object. + * \param out_start_time on exit, the time when \a in_credential becomes valid. + * May be in the past or future. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the time when the credentials become valid. + * \sa kim_ccache_get_start_time + */ + kim_error kim_credential_get_start_time (kim_credential in_credential, + kim_time *out_start_time); + + /*! + * \param in_credential a credential object. + * \param out_expiration_time on exit, the time when \a in_credential will expire. + * May be in the past or future. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the time when the credentials will expire. + * \sa kim_ccache_get_expiration_time + */ + kim_error kim_credential_get_expiration_time (kim_credential in_credential, + kim_time *out_expiration_time); + + /*! + * \param in_credential a credential object. + * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer + * be renewable. May be in the past or future. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Get the time when the credentials will no longer be renewable. + * \sa kim_ccache_get_renewal_expiration_time + */ + kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credential, + kim_time *out_renewal_expiration_time); + + + /*! + * \param in_credential a credential object. + * \param in_client_identity a client identity. + * \param out_ccache on exit, a ccache object containing \a in_credential with the client + * identity \a in_client_identity. Must be freed with kim_ccache_free(). + * Specify NULL if you don't want this return value. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Store a credential in a ccache in the cache collection. + */ + kim_error kim_credential_store (kim_credential in_credential, + kim_identity in_client_identity, + kim_ccache *out_ccache); + + /*! + * \param in_credential a TGT credential to be verified. + * \param in_service_identity a service identity to look for in the keytab. Specify + * KIM_IDENTITY_ANY to use the default service identity + * (usually host/@). + * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. + * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity + * in the host's keytab will cause a failure. + * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to + * the Zanarotti attack if the host has no keytab installed. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Verify a TGT credential. + * \sa kim_ccache_verify + */ + kim_error kim_credential_verify (kim_credential in_credential, + kim_identity in_service_identity, + kim_string in_keytab, + kim_boolean in_fail_if_no_service_key); + + /*! + * \param io_credential a TGT credential to be renewed. On exit, the old credential + * object will be freed and \a io_credential will be replaced + * with a new renewed credential. The new credential must be freed + * with kim_credential_free(). + * \param in_options initial credential options. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Renew a TGT credential. + * \sa kim_ccache_renew + */ + kim_error kim_credential_renew (kim_credential *io_credential, + kim_options in_options); + + /*! + * \param io_credential a credential object to be validated. On exit, the old credential + * object will be freed and \a io_credential will be replaced + * with a new validated credential. The new credential must be freed + * with kim_credential_free(). + * \param in_options initial credential options. + * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. + * \brief Validate a TGT credential. + * \sa kim_ccache_validate + */ + kim_error kim_credential_validate (kim_credential *io_credential, + kim_options in_options); + + /*! + * \param io_credential the credential object to be freed. Set to NULL on exit. + * \brief Free memory associated with a credential object. + */ + void kim_credential_free (kim_credential *io_credential); + + /*!@}*/ -/*! @} */ -/*! - * \page kim_credential_overview KIM Credential Overview - * - * \section kim_credential_introduction Introduction - * - * A Kerberos credential (also called a "Kerberos ticket") is a time-limited - * token issued by a KDC which authenticates the entity named by the credential's - * client identity to the service named by the credential's service identity. - * - * The kim_credential_t object contains a single Kerberos credential. KIM credentials - * objects are always copies of credentials, not references to credentials - * stored in the cache collection. Modifying credential objects in the ccache - * collection will not change any existing KIM credential objects. - * - * KIM credential APIs are intended for applications and system - * tools which manage credentials for the user. They are not a substitute for - * krb5 and GSSAPI functions which obtain service credentials for the purpose - * of authenticating a client to an application server. - * - * \note Many of the APIs listed below have equivalent functions which - * operate on ccaches. In most cases applications will want to use the - * ccache versions of these APIs since they automatically store any - * newly created credentials. See \ref kim_ccache_overview for more - * information. - * - * - * \section kim_credential_acquire_new Acquiring New Credentials - * - * KIM provides the #kim_credential_create_new() API for acquiring new - * credentials. Credentials can either be obtained for a specific - * client identity or by specifying #KIM_IDENTITY_ANY to allow - * the user to choose. Typically callers of this API obtain the client - * identity using #kim_selection_hints_get_identity(). Depending on the - * kim_options specified, #kim_credential_create_new() may present a - * GUI or command line prompt to obtain information from the user. - * - * KIM provides the #kim_credential_create_from_keytab() to create credentials - * using a keytab. A keytab is an on-disk copy of a client identity's secret - * key. Typically sites use keytabs for client identities that identify a - * machine or service and protect the keytab with disk permissions. Because - * a keytab is sufficient to obtain credentials, keytabs will normally only - * be readable by root, Administrator or some other privileged account. - * Typically applications use credentials obtained from keytabs to obtain - * credentials for batch processes. These keytabs and credentials are usually - * for a special identity used for the batch process rather than a user - * identity. - * - * - * \section kim_credential_validate Validating Credentials - * - * A credential with a start time in the future (ie: after the issue date) - * is called a post-dated credential. Because the KDC administrator may - * wish to disable a identity, once the start time is reached, all post-dated - * credentials must be validated before they can be used. Otherwise an - * attacker using a compromised account could acquire lots of post-dated - * credentials to circumvent the acccount being disabled. - * - * KIM provides the #kim_credential_validate() API to validate a credential. - * Note that this API replaces the credential object with a new validated - * credential object. If you wish to store the new credential in the - * ccache collection you must either call #kim_credential_store() on the - * validated credential or use #kim_ccache_validate() instead. - * - * - * \section kim_credential_renew Renewing Credentials - * - * A renewable credential can be used to obtain a new identical credential - * without resending secret information (such as a password) to the KDC. - * A credential may only be renewed during its renewal lifetime and while - * valid. - * - * KIM provides the #kim_credential_renew() API to renew a credential. - * Note that this API replaces the credential object with a new renewed - * credential object. If you wish to store the new credential in the - * ccache collection you must either call #kim_credential_store() on the - * renewed credential or use #kim_ccache_renew() instead. - * - * - * \section kim_credential_storing Storing Credentials in the Cache Collection - * - * KIM credential objects may be stored in the ccache collection using - * #kim_credential_store(). This function runs any KIM authentication - * plugins on the credential and if the plugins return successfully, creates a - * new ccache for the credential's client identity in the cache collection - * and stores the credential in that ccache. Any existing ccaches and credentials - * for that client identity will be overwritten. #kim_credential_store() may - * optionally return a kim_ccache_t object for the new ccache if you need to perform - * further operations on the new ccache. - * - * Most of the time if you plan to store the credentials you are manipulating, you - * should use one of KIM ccache APIs. These functions perform the same operations - * except that they also call #kim_credential_store() any time the credential object - * changes. See \ref kim_ccache_overview for more information. - * - * - * \section kim_credential_iterator_t Iterating over the Credentials in a CCache - * - * KIM provides a simple iterator API for iterating over the credentials - * in a ccache. First, call #kim_credential_iterator_create() to obtain - * an iterator for a ccache. Then loop calling #kim_credential_iterator_next() - * until either you find the credential you are looking for or the API - * returns a NULL credential, indicating that there are no more - * credentials in the ccache. When you are done with the iterator, call - * #kim_credential_iterator_free(). - * - * \note #kim_credential_iterator_next() returns credential objects which - * must be freed with #kim_credential_free() to avoid leaking memory. - * - * - * \section kim_credential_verify Verifying Credentials - * - * When a program acquires TGT credentials for the purpose of authenticating - * itself to the machine it is running on, it is insufficient for the machine - * to assume that the caller is authorized just because it got credentials. - * Instead, the credentials must be verified using a key the local machine. - * The reason this is necessary is because an attacker can trick the - * machine into obtaining credentials from any KDC, including malicious ones - * with the same realm name as the local machine's realm. This exploit is - * called the Zanarotti attack. - * - * In order to avoid the Zanarotti attack, the local machine must authenticate - * the process in the same way an application server would authenticate a client. - * Like an application server, the local machine must have its own identity in - * its realm and a keytab for that identity on its local disk. However, - * rather than forcing system daemons to use the network-oriented calls in the - * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to - * verify credentials directly. - * - * The most common reason for using #kim_credential_verify() is user login. - * If the local machine wants to use Kerberos to verify the username and password - * provided by the user, it must call #kim_credential_verify() on the credentials - * it obtains to make sure they are really from a KDC it trusts. Another common - * case is a server which is only using Kerberos internally. For example an - * LDAP or web server might use a username and password obtained over the network - * to get Kerberos credentials. In order to make sure they aren't being tricked - * into talking to the wrong KDC, these servers must also call - * #kim_credential_verify(). - * - * The Zanarotti attack is only a concern if the act of accessing the machine - * gives the process special access. Thus a managed cluster machine with - * Kerberos-authenticated networked home directories does not need to call - * #kim_credential_verify(). Even though an attacker can log in as any user on - * the cluster machine, the attacker can't actually access any of the user's data - * or use any of their privileges because those are all authenticated via - * Kerberized application servers (and thus require actually having credentials - * for the real local realm). - * - * #kim_credential_verify() provides an option to - * return success even if the machine's host key is not present. This option - * exists for sites which have a mix of different machines, some of which are - * vulnerable to the Zanarotti attack and some are not. If this option is used, - * it is the responsiblity of the machine's maintainer to obtain a keytab - * for their machine if it needs one. - * - * - * \section kim_credential_properties Examining Credential Properties - * - * \li #kim_credential_get_client_identity() - * returns the credential's client identity. - * - * \li #kim_credential_get_service_identity() - * returns the credential's service identity. - * - * \li #kim_credential_is_tgt() - * returns whether the credential is a TGT (ie: "ticket-granting ticket"). TGTs are - * credentials for the krbtgt service: a service identity of the form "krbtgt/@". - * These credentials allow the entity named by the client identity to obtain - * additional service credentials without resending shared secrets (such as a password) - * to the KDC. Kerberos uses TGTs to provide single sign-on authentication. - * - * \li #kim_credential_is_valid() - * returns whether the credential is valid and if not why the credential is not valid. - * - * \li #kim_credential_get_start_time() - * returns when the credential will become valid. - * Credentials may be "post-dated" which means that their lifetime starts sometime - * in the future. Note that when a post-dated credential's start time is reached, - * the credential must be validated. See \ref kim_credential_validate for more information. - * - * \li #kim_credential_get_expiration_time() - * returns when the credential will expire. - * Credentials are time limited by the lifetime of the credential. While you can - * request a credential of any lifetime, the KDC limits the credential lifetime - * to a administrator-defined maximum. Typically credential lifetime range from 10 - * to 21 hours. - * - * \li #kim_credential_get_renewal_expiration_time() - * returns when the credential will no longer be renewable. - * Valid credentials may be renewed up until their renewal expiration time. - * Renewing credentials acquires a fresh set of credentials with a full lifetime - * without resending secrets to the KDC (such as a password). If credentials are - * not renewable, this function will return an error. - * - * - * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for - * information on specific APIs. - */ - -/*! - * \defgroup kim_credential_iterator_reference KIM Credential Iterator Reference Documentation - * @{ - */ - -/*! - * \param out_credential_iterator on exit, a credential iterator object for \a in_ccache. - * Must be freed with kim_credential_iterator_free(). - * \param in_ccache a ccache object. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get a credential iterator to enumerate credentials in a ccache. - */ - -kim_error_t kim_credential_iterator_create (kim_credential_iterator_t *out_credential_iterator, - kim_ccache_t in_ccache); - -/*! - * \param in_credential_iterator a credential iterator object. - * \param out_credential on exit, the next credential in the ccache iterated by - * \a in_credential_iterator. Must be freed with - * kim_credential_free(). If there are no more credentials - * this argument will be set to NULL. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the next credential in a ccache. - */ - -kim_error_t kim_credential_iterator_next (kim_credential_iterator_t in_credential_iterator, - kim_credential_t *out_credential); - -/*! - * \param io_credential_iterator a credential iterator object to be freed. Set to NULL on exit. - * \brief Free memory associated with a credential iterator. - */ -void kim_credential_iterator_free (kim_credential_iterator_t *io_credential_iterator); - -/*!@}*/ - -/*! - * \defgroup kim_credential_reference KIM Credential Reference Documentation - * @{ - */ - -/*! - * \param out_credential on exit, a new credential object containing a newly acquired - * initial credential. Must be freed with kim_credential_free(). - * \param in_client_identity a client identity to obtain a credential for. Specify NULL to - * allow the user to choose the identity - * \param in_options options to control credential acquisition. - * \note Depending on the kim_options specified, #kim_credential_create_new() may - * present a GUI or command line prompt to obtain information from the user. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Acquire a new initial credential. - * \sa kim_ccache_create_new - */ -kim_error_t kim_credential_create_new (kim_credential_t *out_credential, - kim_identity_t in_client_identity, - kim_options_t in_options); - -/*! - * \param out_credential on exit, a new credential object containing an initial credential - * for \a in_identity obtained using \a in_keytab. - * Must be freed with kim_credential_free(). - * \param in_identity a client identity to obtain a credential for. Specify NULL for - * the first identity in the keytab. - * \param in_options options to control credential acquisition. - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Acquire a new initial credential from a keytab. - * \sa kim_ccache_create_from_keytab - */ -kim_error_t kim_credential_create_from_keytab (kim_credential_t *out_credential, - kim_identity_t in_identity, - kim_options_t in_options, - kim_string_t in_keytab); - -/*! - * \param out_credential on exit, a new credential object which is a copy of \a in_krb5_creds. - * Must be freed with kim_credential_free(). - * \param in_krb5_context the krb5 context used to create \a in_krb5_creds. - * \param in_krb5_creds a krb5 credential object. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Copy a credential from a krb5 credential object. - */ -kim_error_t kim_credential_create_from_krb5_creds (kim_credential_t *out_credential, - krb5_context in_krb5_context, - krb5_creds *in_krb5_creds); - -/*! - * \param out_credential on exit, a new credential object which is a copy of \a in_credential. - * Must be freed with kim_credential_free(). - * \param in_credential a credential object. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Copy a credential object. - */ -kim_error_t kim_credential_copy (kim_credential_t *out_credential, - kim_credential_t in_credential); - -/*! - * \param in_credential a credential object. - * \param in_krb5_context a krb5 context which will be used to create \a out_krb5_creds. - * \param out_krb5_creds on exit, a new krb5 creds object which is a copy of \a in_credential. - * Must be freed with krb5_free_creds(). - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get a krb5 credentials object for a credential object. - */ -kim_error_t kim_credential_get_krb5_creds (kim_credential_t in_credential, - krb5_context in_krb5_context, - krb5_creds **out_krb5_creds); - -/*! - * \param in_credential a credential object. - * \param out_client_identity on exit, an identity object containing the client identity of - * \a in_credential. Must be freed with kim_identity_free(). - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the client identity of a credential object. - */ -kim_error_t kim_credential_get_client_identity (kim_credential_t in_credential, - kim_identity_t *out_client_identity); - -/*! - * \param in_credential a credential object. - * \param out_service_identity on exit, an identity object containing the service identity of - * \a in_credential. Must be freed with kim_identity_free(). - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the service identity of a credential object. - */ -kim_error_t kim_credential_get_service_identity (kim_credential_t in_credential, - kim_identity_t *out_service_identity); - -/*! - * \param in_credential a credential object. - * \param out_is_tgt on exit, whether or not the credential is a TGT. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Check if a credential is a ticket granting ticket. - */ -kim_error_t kim_credential_is_tgt (kim_credential_t in_credential, - kim_boolean_t *out_is_tgt); - -/*! - * \param in_credential a credential object. - * \param out_state on exit, the state of the credential. See #kim_credential_state_enum - * for the possible values of \a out_state. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Check the state of a credential (valid, expired, postdated, etc). - */ -kim_error_t kim_credential_get_state (kim_credential_t in_credential, - kim_credential_state_t *out_state); - -/*! - * \param in_credential a credential object. - * \param out_start_time on exit, the time when \a in_credential becomes valid. - * May be in the past or future. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the time when the credentials become valid. - * \sa kim_ccache_get_start_time - */ -kim_error_t kim_credential_get_start_time (kim_credential_t in_credential, - kim_time_t *out_start_time); - -/*! - * \param in_credential a credential object. - * \param out_expiration_time on exit, the time when \a in_credential will expire. - * May be in the past or future. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the time when the credentials will expire. - * \sa kim_ccache_get_expiration_time - */ -kim_error_t kim_credential_get_expiration_time (kim_credential_t in_credential, - kim_time_t *out_expiration_time); - -/*! - * \param in_credential a credential object. - * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer - * be renewable. May be in the past or future. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Get the time when the credentials will no longer be renewable. - * \sa kim_ccache_get_renewal_expiration_time - */ -kim_error_t kim_credential_get_renewal_expiration_time (kim_credential_t in_credential, - kim_time_t *out_renewal_expiration_time); - - -/*! - * \param in_credential a credential object. - * \param in_client_identity a client identity. - * \param out_ccache on exit, a ccache object containing \a in_credential with the client - * identity \a in_client_identity. Must be freed with kim_ccache_free(). - * Specify NULL if you don't want this return value. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Store a credential in a ccache in the cache collection. - */ -kim_error_t kim_credential_store (kim_credential_t in_credential, - kim_identity_t in_client_identity, - kim_ccache_t *out_ccache); - -/*! - * \param in_credential a TGT credential to be verified. - * \param in_service_identity a service identity to look for in the keytab. Specify - * KIM_IDENTITY_ANY to use the default service identity - * (usually host/@). - * \param in_keytab a path to a keytab. Specify NULL for the default keytab location. - * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity - * in the host's keytab will cause a failure. - * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to - * the Zanarotti attack if the host has no keytab installed. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Verify a TGT credential. - * \sa kim_ccache_verify - */ -kim_error_t kim_credential_verify (kim_credential_t in_credential, - kim_identity_t in_service_identity, - kim_string_t in_keytab, - kim_boolean_t in_fail_if_no_service_key); - -/*! - * \param io_credential a TGT credential to be renewed. On exit, the old credential - * object will be freed and \a io_credential will be replaced - * with a new renewed credential. The new credential must be freed - * with kim_credential_free(). - * \param in_options initial credential options. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Renew a TGT credential. - * \sa kim_ccache_renew - */ -kim_error_t kim_credential_renew (kim_credential_t *io_credential, - kim_options_t in_options); - -/*! - * \param io_credential a credential object to be validated. On exit, the old credential - * object will be freed and \a io_credential will be replaced - * with a new validated credential. The new credential must be freed - * with kim_credential_free(). - * \param in_options initial credential options. - * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. - * \brief Validate a TGT credential. - * \sa kim_ccache_validate - */ -kim_error_t kim_credential_validate (kim_credential_t *io_credential, - kim_options_t in_options); - -/*! - * \param io_credential the credential object to be freed. Set to NULL on exit. - * \brief Free memory associated with a credential object. - */ -void kim_credential_free (kim_credential_t *io_credential); - -/*!@}*/ - - #ifdef __cplusplus } #endif diff --git a/src/include/kim/kim_error.h b/src/include/kim/kim_error.h index 8a6a4d576..081585c41 100644 --- a/src/include/kim/kim_error.h +++ b/src/include/kim/kim_error.h @@ -37,13 +37,13 @@ extern "C" { * The kim_error_t returned when no error occurred. * Does not need to be freed with kim_error_free(). */ -#define KIM_NO_ERROR ((kim_error_t) NULL) +#define KIM_NO_ERROR ((kim_error) NULL) /*! * \ingroup kim_types_reference * The kim_error_code_t for KIM_NO_ERROR. */ -#define KIM_NO_ERROR_ECODE ((kim_error_code_t) 0) +#define KIM_NO_ERROR_ECODE ((kim_error_code) 0) /*! * \page kim_error_overview KIM Error Overview @@ -85,8 +85,8 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy an error. */ -kim_error_t kim_error_copy (kim_error_t *out_error, - kim_error_t in_error); +kim_error kim_error_copy (kim_error *out_error, + kim_error in_error); /*! * \param in_error an error object. @@ -94,7 +94,7 @@ kim_error_t kim_error_copy (kim_error_t *out_error, * by \a in_error. On failure, #KIM_PARAMETER_ECODE. * \brief Get a numerical error code for an error. */ -kim_error_code_t kim_error_get_code (kim_error_t in_error); +kim_error_code kim_error_get_code (kim_error in_error); /*! * \param in_error an error object. @@ -103,13 +103,13 @@ kim_error_code_t kim_error_get_code (kim_error_t in_error); * invalid. * \brief Get a text description of an error. */ -kim_string_t kim_error_get_display_string (kim_error_t in_error); +kim_string kim_error_get_display_string (kim_error in_error); /*! * \param io_error the error object to be freed. Set to NULL on exit. * \brief Free memory associated with an error. */ -void kim_error_free (kim_error_t *io_error); +void kim_error_free (kim_error *io_error); /*!@}*/ diff --git a/src/include/kim/kim_identity.h b/src/include/kim/kim_identity.h index 9ee7fc00e..14fce8cc4 100644 --- a/src/include/kim/kim_identity.h +++ b/src/include/kim/kim_identity.h @@ -37,7 +37,7 @@ extern "C" { * \ingroup kim_types_reference * Constant to specify any Kerberos identity is acceptable. */ -#define KIM_IDENTITY_ANY ((kim_identity_t) NULL) +#define KIM_IDENTITY_ANY ((kim_identity) NULL) /*! * \page kim_identity_overview KIM Identity Overview @@ -130,8 +130,8 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create a identity from a string. */ -kim_error_t kim_identity_create_from_string (kim_identity_t *out_identity, - kim_string_t in_string); +kim_error kim_identity_create_from_string (kim_identity *out_identity, + kim_string in_string); /*! * \param out_identity on exit, a new identity object. Must be freed with kim_identity_free(). @@ -145,9 +145,9 @@ kim_error_t kim_identity_create_from_string (kim_identity_t *out_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create a identity from a realm and component strings. */ -kim_error_t kim_identity_create_from_components (kim_identity_t *out_identity, - kim_string_t in_realm, - kim_string_t in_1st_component, +kim_error kim_identity_create_from_components (kim_identity *out_identity, + kim_string in_realm, + kim_string in_1st_component, ...); /*! @@ -158,7 +158,7 @@ kim_error_t kim_identity_create_from_components (kim_identity_t *out_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create an identity object from a krb5_principal. */ -kim_error_t kim_identity_create_from_krb5_principal (kim_identity_t *out_identity, +kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity, krb5_context in_krb5_context, krb5_principal in_krb5_principal); @@ -169,8 +169,8 @@ kim_error_t kim_identity_create_from_krb5_principal (kim_identity_t *out_identit * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy an identity object. */ -kim_error_t kim_identity_copy (kim_identity_t *out_identity, - kim_identity_t in_identity); +kim_error kim_identity_copy (kim_identity *out_identity, + kim_identity in_identity); /*! @@ -183,9 +183,9 @@ kim_error_t kim_identity_copy (kim_identity_t *out_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Compare identity objects for equivalency. */ -kim_error_t kim_identity_compare (kim_identity_t in_identity, - kim_identity_t in_compare_to_identity, - kim_comparison_t *out_comparison); +kim_error kim_identity_compare (kim_identity in_identity, + kim_identity in_compare_to_identity, + kim_comparison *out_comparison); /*! * \param in_identity an identity object. * \param out_string on exit, a string representation of \a in_identity. @@ -194,8 +194,8 @@ kim_error_t kim_identity_compare (kim_identity_t in_identity, * \brief Get the string representation of a identity. * \note Special characters such as '@' and '/' will be escaped with '\'. */ -kim_error_t kim_identity_get_string (kim_identity_t in_identity, - kim_string_t *out_string); +kim_error kim_identity_get_string (kim_identity in_identity, + kim_string *out_string); /*! @@ -209,8 +209,8 @@ kim_error_t kim_identity_get_string (kim_identity_t in_identity, * because it does not uniquely specify a principal. * The result of this function should \em only be used to display to the user. */ -kim_error_t kim_identity_get_display_string (kim_identity_t in_identity, - kim_string_t *out_display_string); +kim_error kim_identity_get_display_string (kim_identity in_identity, + kim_string *out_display_string); /*! * \param in_identity an identity object. @@ -219,8 +219,8 @@ kim_error_t kim_identity_get_display_string (kim_identity_t in_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the realm string of an identity. */ -kim_error_t kim_identity_get_realm (kim_identity_t in_identity, - kim_string_t *out_realm_string); +kim_error kim_identity_get_realm (kim_identity in_identity, + kim_string *out_realm_string); /*! * \param in_identity an identity object. @@ -228,8 +228,8 @@ kim_error_t kim_identity_get_realm (kim_identity_t in_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the number of components of an identity. */ -kim_error_t kim_identity_get_number_of_components (kim_identity_t in_identity, - kim_count_t *out_number_of_components); +kim_error kim_identity_get_number_of_components (kim_identity in_identity, + kim_count *out_number_of_components); /*! * \param in_identity an identity object. @@ -239,9 +239,9 @@ kim_error_t kim_identity_get_number_of_components (kim_identity_t in_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the Nth component of an identity. */ -kim_error_t kim_identity_get_component_at_index (kim_identity_t in_identity, - kim_count_t in_index, - kim_string_t *out_component_string); +kim_error kim_identity_get_component_at_index (kim_identity in_identity, + kim_count in_index, + kim_string *out_component_string); /*! * \param in_identity an identity object. @@ -252,7 +252,7 @@ kim_error_t kim_identity_get_component_at_index (kim_identity_t in_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the krb5_principal representation of an identity. */ -kim_error_t kim_identity_get_krb5_principal (kim_identity_t in_identity, +kim_error kim_identity_get_krb5_principal (kim_identity in_identity, krb5_context in_krb5_context, krb5_principal *out_krb5_principal); @@ -263,7 +263,7 @@ kim_error_t kim_identity_get_krb5_principal (kim_identity_t in_identity, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the gss_name_t representation of an identity. */ -kim_error_t kim_identity_get_gss_name (kim_identity_t in_identity, +kim_error kim_identity_get_gss_name (kim_identity in_identity, gss_name_t *out_gss_name); /*! @@ -275,8 +275,8 @@ kim_error_t kim_identity_get_gss_name (kim_identity_t in_identity, * the password. It uses the \a in_options structure to obtain information about the desired * prompter and current password. */ -kim_error_t kim_identity_change_password (kim_identity_t in_identity, - kim_options_t in_options); +kim_error kim_identity_change_password (kim_identity in_identity, + kim_options in_options); /*! * \param in_identity an identity object whose password will be changed. @@ -288,15 +288,15 @@ kim_error_t kim_identity_change_password (kim_identity_t in_identity, * to change the password. It uses the \a in_options structure to obtain information about * the desired prompter and current password. */ -kim_error_t kim_identity_change_password_to_password (kim_identity_t in_identity, - kim_options_t in_options, - kim_string_t in_new_password); +kim_error kim_identity_change_password_to_password (kim_identity in_identity, + kim_options in_options, + kim_string in_new_password); /*! * \param io_identity the identity object to be freed. Set to NULL on exit. * \brief Free memory associated with an identity. */ -void kim_identity_free (kim_identity_t *io_identity); +void kim_identity_free (kim_identity *io_identity); /*!@}*/ diff --git a/src/include/kim/kim_options.h b/src/include/kim/kim_options.h index ebdb791e1..969950152 100644 --- a/src/include/kim/kim_options.h +++ b/src/include/kim/kim_options.h @@ -39,7 +39,7 @@ extern "C" { /*! * Specifies the user's default options. */ -#define KIM_OPTIONS_DEFAULT ((kim_options_t) NULL) +#define KIM_OPTIONS_DEFAULT ((kim_options) NULL) /*! * Specifies that credentials should be valid immediately. @@ -62,44 +62,44 @@ enum kim_prompt_type_enum { * The prompt callback used to display a prompt to the user. * See \ref kim_options_custom_prompt_callback for more information. */ -typedef kim_error_code_t (*kim_prompt_callback_t) (kim_options_t *io_options, +typedef kim_error_code (*kim_prompt_callback_t) (kim_options *io_options, kim_prompt_type_t in_type, - kim_string_t in_title, - kim_string_t in_message, - kim_string_t in_description, + kim_string in_title, + kim_string in_message, + kim_string in_description, void **out_reply); /*! * The default prompt callback. * See \ref kim_options_custom_prompt_callback for more information. */ -kim_error_code_t kim_prompt_callback_default (kim_options_t *io_options, +kim_error_code kim_prompt_callback_default (kim_options *io_options, kim_prompt_type_t in_type, - kim_string_t in_title, - kim_string_t in_message, - kim_string_t in_description, + kim_string in_title, + kim_string in_message, + kim_string in_description, void **out_reply); /*! * The graphical prompt callback. * See \ref kim_options_custom_prompt_callback for more information. */ -kim_error_code_t kim_prompt_callback_gui (kim_options_t *io_options, +kim_error_code kim_prompt_callback_gui (kim_options *io_options, kim_prompt_type_t in_type, - kim_string_t in_title, - kim_string_t in_message, - kim_string_t in_description, + kim_string in_title, + kim_string in_message, + kim_string in_description, void **out_reply); /*! * The command line prompt callback. * See \ref kim_options_custom_prompt_callback for more information. */ -kim_error_code_t kim_prompt_callback_cli (kim_options_t *io_options, +kim_error_code kim_prompt_callback_cli (kim_options *io_options, kim_prompt_type_t in_type, - kim_string_t in_title, - kim_string_t in_message, - kim_string_t in_description, + kim_string in_title, + kim_string in_message, + kim_string in_description, void **out_reply); /*! @@ -108,11 +108,11 @@ kim_error_code_t kim_prompt_callback_cli (kim_options_t *io_options, * \note Using this callback may prevent the user from authenicating. * See \ref kim_options_custom_prompt_callback for more information. */ -kim_error_code_t kim_prompt_callback_none (kim_options_t *io_options, +kim_error_code kim_prompt_callback_none (kim_options *io_options, kim_prompt_type_t in_type, - kim_string_t in_title, - kim_string_t in_message, - kim_string_t in_description, + kim_string in_title, + kim_string in_message, + kim_string in_description, void **out_reply); /*! @} */ @@ -295,7 +295,7 @@ kim_error_code_t kim_prompt_callback_none (kim_options_t *io_options, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create new options with default values. */ -kim_error_t kim_options_create (kim_options_t *out_options); +kim_error kim_options_create (kim_options *out_options); /*! * \param out_options on exit, a new options object which is a copy of \a in_options. @@ -304,8 +304,8 @@ kim_error_t kim_options_create (kim_options_t *out_options); * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy options. */ -kim_error_t kim_options_copy (kim_options_t *out_options, - kim_options_t in_options); +kim_error kim_options_copy (kim_options *out_options, + kim_options in_options); /*! * \param io_options an options object to modify. @@ -316,7 +316,7 @@ kim_error_t kim_options_copy (kim_options_t *out_options, * #kim_prompt_callback_default * \sa kim_options_get_prompt_callback() */ -kim_error_t kim_options_set_prompt_callback (kim_options_t io_options, +kim_error kim_options_set_prompt_callback (kim_options io_options, kim_prompt_callback_t in_prompt_callback); /*! @@ -330,7 +330,7 @@ kim_error_t kim_options_set_prompt_callback (kim_options_t io_options, * #kim_prompt_callback_default * \sa kim_options_set_prompt_callback() */ -kim_error_t kim_options_get_prompt_callback (kim_options_t in_options, +kim_error kim_options_get_prompt_callback (kim_options in_options, kim_prompt_callback_t *out_prompt_callback); /*! @@ -344,7 +344,7 @@ kim_error_t kim_options_get_prompt_callback (kim_options_t in_options, * NULL (no data is set by default) * \sa kim_options_get_data() */ -kim_error_t kim_options_set_data (kim_options_t io_options, +kim_error kim_options_set_data (kim_options io_options, const void *in_data); /*! @@ -359,7 +359,7 @@ kim_error_t kim_options_set_data (kim_options_t io_options, * NULL (no data is set by default) * \sa kim_options_set_data() */ -kim_error_t kim_options_get_data (kim_options_t in_options, +kim_error kim_options_get_data (kim_options in_options, const void **out_data); /*! @@ -376,7 +376,7 @@ kim_error_t kim_options_get_data (kim_options_t in_options, * NULL (no response is set by default) * \sa kim_options_get_prompt_response() */ -kim_error_t kim_options_set_prompt_response (kim_options_t io_options, +kim_error kim_options_set_prompt_response (kim_options io_options, kim_prompt_type_t in_prompt_type, void *in_response); @@ -396,7 +396,7 @@ kim_error_t kim_options_set_prompt_response (kim_options_t io_options, * NULL (no response is set by default) * \sa kim_options_set_prompt_response() */ -kim_error_t kim_options_get_prompt_response (kim_options_t in_options, +kim_error kim_options_get_prompt_response (kim_options in_options, kim_prompt_type_t in_prompt_type, void **out_response); @@ -413,8 +413,8 @@ kim_error_t kim_options_get_prompt_response (kim_options_t in_options, * 0, indicating "now". The credential will be valid immediately. * \sa kim_options_get_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate() */ -kim_error_t kim_options_set_start_time (kim_options_t io_options, - kim_time_t in_start_time); +kim_error kim_options_set_start_time (kim_options io_options, + kim_time in_start_time); /*! * \param in_options an options object. @@ -429,8 +429,8 @@ kim_error_t kim_options_set_start_time (kim_options_t io_options, * 0, indicating "now". The credential will be valid immediately. * \sa kim_options_set_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate() */ -kim_error_t kim_options_get_start_time (kim_options_t in_options, - kim_time_t *out_start_time); +kim_error kim_options_get_start_time (kim_options in_options, + kim_time *out_start_time); /*! * \param io_options an options object to modify. @@ -444,8 +444,8 @@ kim_error_t kim_options_get_start_time (kim_options_t in_options, * \par Default value * Read from the user's preferences and the Kerberos configuration. 10 hours if unspecified. */ -kim_error_t kim_options_set_lifetime (kim_options_t io_options, - kim_lifetime_t in_lifetime); +kim_error kim_options_set_lifetime (kim_options io_options, + kim_lifetime in_lifetime); /*! * \param in_options an options object. @@ -459,8 +459,8 @@ kim_error_t kim_options_set_lifetime (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. 10 hours if unspecified. * \sa kim_options_set_lifetime() */ -kim_error_t kim_options_get_lifetime (kim_options_t in_options, - kim_lifetime_t *out_lifetime); +kim_error kim_options_get_lifetime (kim_options in_options, + kim_lifetime *out_lifetime); /*! * \param io_options an options object to modify. @@ -472,8 +472,8 @@ kim_error_t kim_options_get_lifetime (kim_options_t in_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_get_renewable() */ -kim_error_t kim_options_set_renewable (kim_options_t io_options, - kim_boolean_t in_renewable); +kim_error kim_options_set_renewable (kim_options io_options, + kim_boolean in_renewable); /*! * \param in_options an options object. @@ -485,8 +485,8 @@ kim_error_t kim_options_set_renewable (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_set_renewable() */ -kim_error_t kim_options_get_renewable (kim_options_t in_options, - kim_boolean_t *out_renewable); +kim_error kim_options_get_renewable (kim_options in_options, + kim_boolean *out_renewable); /*! * \param io_options an options object to modify. @@ -500,8 +500,8 @@ kim_error_t kim_options_get_renewable (kim_options_t in_options, * Read from the user's preferences and the Kerberos configuration. 7 days if unspecified. * \sa kim_options_get_renewal_lifetime(), kim_identity_renew(), kim_credential_renew(), kim_ccache_renew() */ -kim_error_t kim_options_set_renewal_lifetime (kim_options_t io_options, - kim_lifetime_t in_renewal_lifetime); +kim_error kim_options_set_renewal_lifetime (kim_options io_options, + kim_lifetime in_renewal_lifetime); /*! * \param in_options an options object. @@ -516,8 +516,8 @@ kim_error_t kim_options_set_renewal_lifetime (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. 7 days if unspecified. * \sa kim_options_set_renewal_lifetime(), kim_identity_renew(), kim_credential_renew(), kim_ccache_renew() */ -kim_error_t kim_options_get_renewal_lifetime (kim_options_t in_options, - kim_lifetime_t *out_renewal_lifetime); +kim_error kim_options_get_renewal_lifetime (kim_options in_options, + kim_lifetime *out_renewal_lifetime); /*! * \param io_options an options object to modify. @@ -529,8 +529,8 @@ kim_error_t kim_options_get_renewal_lifetime (kim_options_t in_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_get_forwardable() */ -kim_error_t kim_options_set_forwardable (kim_options_t io_options, - kim_boolean_t in_forwardable); +kim_error kim_options_set_forwardable (kim_options io_options, + kim_boolean in_forwardable); /*! * \param in_options an options object. @@ -542,8 +542,8 @@ kim_error_t kim_options_set_forwardable (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_set_forwardable() */ -kim_error_t kim_options_get_forwardable (kim_options_t in_options, - kim_boolean_t *out_forwardable); +kim_error kim_options_get_forwardable (kim_options in_options, + kim_boolean *out_forwardable); /*! * \param io_options an options object to modify. @@ -555,8 +555,8 @@ kim_error_t kim_options_get_forwardable (kim_options_t in_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_get_proxiable() */ -kim_error_t kim_options_set_proxiable (kim_options_t io_options, - kim_boolean_t in_proxiable); +kim_error kim_options_set_proxiable (kim_options io_options, + kim_boolean in_proxiable); /*! * \param in_options an options object. @@ -568,8 +568,8 @@ kim_error_t kim_options_set_proxiable (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_set_proxiable() */ -kim_error_t kim_options_get_proxiable (kim_options_t in_options, - kim_boolean_t *out_proxiable); +kim_error kim_options_get_proxiable (kim_options in_options, + kim_boolean *out_proxiable); /*! * \param io_options an options object to modify. @@ -581,8 +581,8 @@ kim_error_t kim_options_get_proxiable (kim_options_t in_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_get_addressless() */ -kim_error_t kim_options_set_addressless (kim_options_t io_options, - kim_boolean_t in_addressless); +kim_error kim_options_set_addressless (kim_options io_options, + kim_boolean in_addressless); /*! * \param in_options an options object. @@ -594,8 +594,8 @@ kim_error_t kim_options_set_addressless (kim_options_t io_options, * Read from the user's preferences and the Kerberos configuration. TRUE if unspecified. * \sa kim_options_set_addressless() */ -kim_error_t kim_options_get_addressless (kim_options_t in_options, - kim_boolean_t *out_addressless); +kim_error kim_options_get_addressless (kim_options in_options, + kim_boolean *out_addressless); /*! * \param io_options an options object to modify. @@ -606,8 +606,8 @@ kim_error_t kim_options_get_addressless (kim_options_t in_options, * NULL, indicating "krbtgt@", the ticket granting ticket (TGT) service. * \sa kim_options_get_service_name() */ -kim_error_t kim_options_set_service_name (kim_options_t io_options, - kim_string_t in_service_name); +kim_error kim_options_set_service_name (kim_options io_options, + kim_string in_service_name); /*! * \param in_options an options object. @@ -619,14 +619,14 @@ kim_error_t kim_options_set_service_name (kim_options_t io_options, * NULL, indicating "krbtgt@", the ticket granting ticket (TGT) service. * \sa kim_options_set_service_name() */ -kim_error_t kim_options_get_service_name (kim_options_t in_options, - kim_string_t *out_service_name); +kim_error kim_options_get_service_name (kim_options in_options, + kim_string *out_service_name); /*! * \param io_options the options object to be freed. Set to NULL on exit. * \brief Free memory associated with an options object. */ -void kim_options_free (kim_options_t *io_options); +void kim_options_free (kim_options *io_options); /*!@}*/ diff --git a/src/include/kim/kim_preferences.h b/src/include/kim/kim_preferences.h index 17ca351ed..052ac455d 100644 --- a/src/include/kim/kim_preferences.h +++ b/src/include/kim/kim_preferences.h @@ -100,7 +100,7 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create a new favorite identities list. */ -kim_error_t kim_favorite_identities_create (kim_favorite_identities_t *out_favorite_identities); +kim_error kim_favorite_identities_create (kim_favorite_identities *out_favorite_identities); /*! * \param out_favorite_identities on exit, a new favorite identities object which is @@ -110,8 +110,8 @@ kim_error_t kim_favorite_identities_create (kim_favorite_identities_t *out_favor * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy a favorite identities list. */ -kim_error_t kim_favorite_identities_copy (kim_favorite_identities_t *out_favorite_identities, - kim_favorite_identities_t in_favorite_identities); +kim_error kim_favorite_identities_copy (kim_favorite_identities *out_favorite_identities, + kim_favorite_identities in_favorite_identities); /*! * \param in_favorite_identities a favorite identities object. @@ -119,8 +119,8 @@ kim_error_t kim_favorite_identities_copy (kim_favorite_identities_t *out_favorit * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the number of identities in a favorite identities list. */ -kim_error_t kim_favorite_identities_get_number_of_identities (kim_favorite_identities_t in_favorite_identities, - kim_count_t *out_number_of_identities); +kim_error kim_favorite_identities_get_number_of_identities (kim_favorite_identities in_favorite_identities, + kim_count *out_number_of_identities); /*! * \param in_favorite_identities a favorite identities object. @@ -130,17 +130,17 @@ kim_error_t kim_favorite_identities_get_number_of_identities (kim_favorite_ident * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Get the Nth identity in a favorite identities list. */ -kim_error_t kim_favorite_identities_get_identity_at_index (kim_favorite_identities_t in_favorite_identities, - kim_count_t in_index, - kim_identity_t *out_identity); +kim_error kim_favorite_identities_get_identity_at_index (kim_favorite_identities in_favorite_identities, + kim_count in_index, + kim_identity *out_identity); /*! * \param io_favorite_identities a favorite identities object. * \param in_identity an identity string to add to \a in_favorite_identities. * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Add an identity to a favorite identities list. */ -kim_error_t kim_favorite_identities_add_identity (kim_favorite_identities_t io_favorite_identities, - kim_identity_t in_identity); +kim_error kim_favorite_identities_add_identity (kim_favorite_identities io_favorite_identities, + kim_identity in_identity); /*! * \param io_favorite_identities a favorite identities object. @@ -148,22 +148,22 @@ kim_error_t kim_favorite_identities_add_identity (kim_favorite_identities_t io_f * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Remove an identity from a identities list. */ -kim_error_t kim_favorite_identities_remove_identity (kim_favorite_identities_t io_favorite_identities, - kim_identity_t in_identity); +kim_error kim_favorite_identities_remove_identity (kim_favorite_identities io_favorite_identities, + kim_identity in_identity); /*! * \param io_favorite_identities a favorite identities object. * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Empty a favorite identities list. */ -kim_error_t kim_favorite_identities_remove_all_identities (kim_favorite_identities_t io_favorite_identities); +kim_error kim_favorite_identities_remove_all_identities (kim_favorite_identities io_favorite_identities); /*! * \param io_favorite_identities the favorite identities object to be freed. Set to NULL on exit. * \brief Free memory associated with an identities list. */ -void kim_favorite_identities_free (kim_favorite_identities_t *io_favorite_identities); +void kim_favorite_identities_free (kim_favorite_identities *io_favorite_identities); /*!@}*/ @@ -250,7 +250,7 @@ void kim_favorite_identities_free (kim_favorite_identities_t *io_favorite_identi * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create a new preferences object from the current user's preferences. */ -kim_error_t kim_preferences_create (kim_preferences_t *out_preferences); +kim_error kim_preferences_create (kim_preferences *out_preferences); /*! * \param out_preferences on exit, a new preferences object which is a copy of in_preferences. @@ -259,8 +259,8 @@ kim_error_t kim_preferences_create (kim_preferences_t *out_preferences); * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy a preferences object. */ -kim_error_t kim_preferences_copy (kim_preferences_t *out_preferences, - kim_preferences_t in_preferences); +kim_error kim_preferences_copy (kim_preferences *out_preferences, + kim_preferences in_preferences); /*! * \param io_preferences a preferences object to modify. @@ -269,8 +269,8 @@ kim_error_t kim_preferences_copy (kim_preferences_t *out_preferences, * \brief Set the user's preferred options. * \sa kim_preferences_get_options() */ -kim_error_t kim_preferences_set_options (kim_preferences_t io_preferences, - kim_options_t in_options); +kim_error kim_preferences_set_options (kim_preferences io_preferences, + kim_options in_options); /*! * \param in_preferences a preferences object. @@ -280,8 +280,8 @@ kim_error_t kim_preferences_set_options (kim_preferences_t io_preferences, * \brief Get the user's preferred options. * \sa kim_preferences_set_options() */ -kim_error_t kim_preferences_get_options (kim_preferences_t in_preferences, - kim_options_t *out_options); +kim_error kim_preferences_get_options (kim_preferences in_preferences, + kim_options *out_options); /*! * \param io_preferences a preferences object to modify. @@ -291,8 +291,8 @@ kim_error_t kim_preferences_get_options (kim_preferences_t in_preferences, * \brief Set whether or not to remember the last options the user used to acquire a credential. * \sa kim_preferences_get_remember_options() */ -kim_error_t kim_preferences_set_remember_options (kim_preferences_t io_preferences, - kim_boolean_t in_remember_options); +kim_error kim_preferences_set_remember_options (kim_preferences io_preferences, + kim_boolean in_remember_options); /*! * \param in_preferences a preferences object. @@ -302,8 +302,8 @@ kim_error_t kim_preferences_set_remember_options (kim_preferences_t io_preferenc * \brief Get whether or not to remember the last options the user used to acquire a credential. * \sa kim_preferences_set_remember_options() */ -kim_error_t kim_preferences_get_remember_options (kim_preferences_t in_preferences, - kim_boolean_t *out_remember_options); +kim_error kim_preferences_get_remember_options (kim_preferences in_preferences, + kim_boolean *out_remember_options); /*! * \param io_preferences a preferences object to modify. @@ -312,8 +312,8 @@ kim_error_t kim_preferences_get_remember_options (kim_preferences_t in_preferen * \brief Set the user's preferred client identity. * \sa kim_preferences_get_client_identity() */ -kim_error_t kim_preferences_set_client_identity (kim_preferences_t io_preferences, - kim_identity_t in_client_identity); +kim_error kim_preferences_set_client_identity (kim_preferences io_preferences, + kim_identity in_client_identity); /*! * \param in_preferences a preferences object. @@ -323,8 +323,8 @@ kim_error_t kim_preferences_set_client_identity (kim_preferences_t io_preference * \brief Get the user's preferred client identity. * \sa kim_preferences_set_client_identity() */ -kim_error_t kim_preferences_get_client_identity (kim_preferences_t in_preferences, - kim_identity_t *out_client_identity); +kim_error kim_preferences_get_client_identity (kim_preferences in_preferences, + kim_identity *out_client_identity); /*! * \param io_preferences a preferences object to modify. @@ -334,8 +334,8 @@ kim_error_t kim_preferences_get_client_identity (kim_preferences_t in_preferenc * \brief Set whether or not to remember the last client identity the user acquired a credential for. * \sa kim_preferences_get_remember_client_identity() */ -kim_error_t kim_preferences_set_remember_client_identity (kim_preferences_t io_preferences, - kim_boolean_t in_remember_client_identity); +kim_error kim_preferences_set_remember_client_identity (kim_preferences io_preferences, + kim_boolean in_remember_client_identity); /*! * \param in_preferences a preferences object. @@ -345,8 +345,8 @@ kim_error_t kim_preferences_set_remember_client_identity (kim_preferences_t io_p * \brief Get whether or not to remember the last client identity the user acquired a credential for. * \sa kim_preferences_set_remember_client_identity() */ -kim_error_t kim_preferences_get_remember_client_identity (kim_preferences_t in_preferences, - kim_boolean_t *out_remember_client_identity); +kim_error kim_preferences_get_remember_client_identity (kim_preferences in_preferences, + kim_boolean *out_remember_client_identity); /*! * \param io_preferences a preferences object to modify. @@ -356,8 +356,8 @@ kim_error_t kim_preferences_get_remember_client_identity (kim_preferences_t in_ * \brief Set the minimum credential lifetime for GUI credential lifetime controls. * \sa kim_preferences_get_minimum_lifetime() */ -kim_error_t kim_preferences_set_minimum_lifetime (kim_preferences_t io_preferences, - kim_lifetime_t in_minimum_lifetime); +kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences, + kim_lifetime in_minimum_lifetime); /*! * \param in_preferences a preferences object. @@ -367,8 +367,8 @@ kim_error_t kim_preferences_set_minimum_lifetime (kim_preferences_t io_preferenc * \brief Get the minimum credential lifetime for GUI credential lifetime controls. * \sa kim_preferences_set_minimum_lifetime() */ -kim_error_t kim_preferences_get_minimum_lifetime (kim_preferences_t in_preferences, - kim_lifetime_t *out_minimum_lifetime); +kim_error kim_preferences_get_minimum_lifetime (kim_preferences in_preferences, + kim_lifetime *out_minimum_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -378,8 +378,8 @@ kim_error_t kim_preferences_get_minimum_lifetime (kim_preferences_t in_preferen * \brief Set the maximum credential lifetime for GUI credential lifetime controls. * \sa kim_preferences_get_maximum_lifetime() */ -kim_error_t kim_preferences_set_maximum_lifetime (kim_preferences_t io_preferences, - kim_lifetime_t in_maximum_lifetime); +kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences, + kim_lifetime in_maximum_lifetime); /*! * \param in_preferences a preferences object. @@ -389,8 +389,8 @@ kim_error_t kim_preferences_set_maximum_lifetime (kim_preferences_t io_preferenc * \brief Get the maximum credential lifetime for GUI credential lifetime controls. * \sa kim_preferences_set_maximum_lifetime() */ -kim_error_t kim_preferences_get_maximum_lifetime (kim_preferences_t in_preferences, - kim_lifetime_t *out_maximum_lifetime); +kim_error kim_preferences_get_maximum_lifetime (kim_preferences in_preferences, + kim_lifetime *out_maximum_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -401,8 +401,8 @@ kim_error_t kim_preferences_get_maximum_lifetime (kim_preferences_t in_preferen * \brief Set the minimum credential renewal lifetime for GUI credential lifetime controls. * \sa kim_preferences_get_minimum_renewal_lifetime() */ -kim_error_t kim_preferences_set_minimum_renewal_lifetime (kim_preferences_t io_preferences, - kim_lifetime_t in_minimum_renewal_lifetime); +kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_preferences, + kim_lifetime in_minimum_renewal_lifetime); /*! * \param in_preferences a preferences object. @@ -412,8 +412,8 @@ kim_error_t kim_preferences_set_minimum_renewal_lifetime (kim_preferences_t io_p * \brief Get the minimum credential renewal lifetime for GUI credential lifetime controls. * \sa kim_preferences_set_minimum_renewal_lifetime() */ -kim_error_t kim_preferences_get_minimum_renewal_lifetime (kim_preferences_t in_preferences, - kim_lifetime_t *out_minimum_renewal_lifetime); +kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences in_preferences, + kim_lifetime *out_minimum_renewal_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -424,8 +424,8 @@ kim_error_t kim_preferences_get_minimum_renewal_lifetime (kim_preferences_t in_ * \brief Set the maximum credential renewal lifetime for GUI credential lifetime controls. * \sa kim_preferences_get_minimum_renewal_lifetime() */ -kim_error_t kim_preferences_set_maximum_renewal_lifetime (kim_preferences_t io_preferences, - kim_lifetime_t in_maximum_renewal_lifetime); +kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_preferences, + kim_lifetime in_maximum_renewal_lifetime); /*! * \param in_preferences a preferences object. @@ -435,8 +435,8 @@ kim_error_t kim_preferences_set_maximum_renewal_lifetime (kim_preferences_t io_p * \brief Get the maximum credential renewal lifetime for GUI credential lifetime controls. * \sa kim_preferences_set_minimum_renewal_lifetime() */ -kim_error_t kim_preferences_get_maximum_renewal_lifetime (kim_preferences_t in_preferences, - kim_lifetime_t *out_maximum_renewal_lifetime); +kim_error kim_preferences_get_maximum_renewal_lifetime (kim_preferences in_preferences, + kim_lifetime *out_maximum_renewal_lifetime); /*! * \param io_preferences a preferences object to modify. @@ -447,8 +447,8 @@ kim_error_t kim_preferences_get_maximum_renewal_lifetime (kim_preferences_t in_ * \brief Set the user's preferred list of identities. * \sa kim_preferences_get_favorite_identities() */ -kim_error_t kim_preferences_set_favorite_identities (kim_preferences_t io_preferences, - kim_favorite_identities_t in_favorite_identities); +kim_error kim_preferences_set_favorite_identities (kim_preferences io_preferences, + kim_favorite_identities in_favorite_identities); /*! * \param in_preferences a preferences object. @@ -459,8 +459,8 @@ kim_error_t kim_preferences_set_favorite_identities (kim_preferences_t i * \brief Get the user's preferred list of identities. * \sa kim_preferences_set_favorite_identities() */ -kim_error_t kim_preferences_get_favorite_identities (kim_preferences_t in_preferences, - kim_favorite_identities_t *out_favorite_identities); +kim_error kim_preferences_get_favorite_identities (kim_preferences in_preferences, + kim_favorite_identities *out_favorite_identities); /*! * \param in_preferences a preferences object. @@ -468,13 +468,13 @@ kim_error_t kim_preferences_get_favorite_identities (kim_preferences_t * \brief Synchronize a preferences object with the user's preferences, writing pending changes * and reading any changes applied by other processes. */ -kim_error_t kim_preferences_synchronize (kim_preferences_t in_preferences); +kim_error kim_preferences_synchronize (kim_preferences in_preferences); /*! * \param io_preferences the preferences object to be freed. Set to NULL on exit. * \brief Free memory associated with a preferences object. */ -void kim_preferences_free (kim_preferences_t *io_preferences); +void kim_preferences_free (kim_preferences *io_preferences); /*!@}*/ diff --git a/src/include/kim/kim_selection_hints.h b/src/include/kim/kim_selection_hints.h index 42ec1f0cd..9acfc5ac3 100644 --- a/src/include/kim/kim_selection_hints.h +++ b/src/include/kim/kim_selection_hints.h @@ -227,8 +227,8 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Create a new selection hints object. */ -kim_error_t kim_selection_hints_create (kim_selection_hints_t *out_selection_hints, - kim_string_t in_application_identifier); +kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints, + kim_string in_application_identifier); /*! * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints. @@ -237,8 +237,8 @@ kim_error_t kim_selection_hints_create (kim_selection_hints_t *out_selection_hin * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy a selection hints object. */ -kim_error_t kim_selection_hints_copy (kim_selection_hints_t *out_selection_hints, - kim_selection_hints_t in_selection_hints); +kim_error kim_selection_hints_copy (kim_selection_hints *out_selection_hints, + kim_selection_hints in_selection_hints); /*! * \param io_selection_hints a selection hints object to modify. @@ -247,8 +247,8 @@ kim_error_t kim_selection_hints_copy (kim_selection_hints_t *out_selection_hints * \brief Set the preferred service identity. * \sa kim_selection_hints_get_service_identity_hint() */ -kim_error_t kim_selection_hints_set_service_identity_hint (kim_selection_hints_t io_selection_hints, - kim_identity_t in_service_identity); +kim_error kim_selection_hints_set_service_identity_hint (kim_selection_hints io_selection_hints, + kim_identity in_service_identity); /*! * \param in_selection_hints a selection hints object. @@ -258,8 +258,8 @@ kim_error_t kim_selection_hints_set_service_identity_hint (kim_selection_hints_t * \brief Get the preferred service identity. * \sa kim_selection_hints_set_service_identity_hint() */ -kim_error_t kim_selection_hints_get_service_identity_hint (kim_selection_hints_t in_selection_hints, - kim_identity_t *out_service_identity); +kim_error kim_selection_hints_get_service_identity_hint (kim_selection_hints in_selection_hints, + kim_identity *out_service_identity); /*! * \param io_selection_hints a selection hints object to modify. @@ -268,8 +268,8 @@ kim_error_t kim_selection_hints_get_service_identity_hint (kim_selection_hints_t * \brief Set the preferred client realm. * \sa kim_selection_hints_get_client_realm_hint() */ -kim_error_t kim_selection_hints_set_client_realm_hint (kim_selection_hints_t io_selection_hints, - kim_string_t in_client_realm); +kim_error kim_selection_hints_set_client_realm_hint (kim_selection_hints io_selection_hints, + kim_string in_client_realm); /*! * \param in_selection_hints a selection hints object. @@ -279,8 +279,8 @@ kim_error_t kim_selection_hints_set_client_realm_hint (kim_selection_hints_t io_ * \brief Get the preferred client realm. * \sa kim_selection_hints_set_client_realm_hint() */ -kim_error_t kim_selection_hints_get_client_realm_hint (kim_selection_hints_t in_selection_hints, - kim_string_t *out_client_realm); +kim_error kim_selection_hints_get_client_realm_hint (kim_selection_hints in_selection_hints, + kim_string *out_client_realm); /*! * \param io_selection_hints a selection hints object to modify. @@ -289,8 +289,8 @@ kim_error_t kim_selection_hints_get_client_realm_hint (kim_selection_hints_t in * \brief Set the preferred user name. * \sa kim_selection_hints_get_user_hint() */ -kim_error_t kim_selection_hints_set_user_hint (kim_selection_hints_t io_selection_hints, - kim_string_t in_user); +kim_error kim_selection_hints_set_user_hint (kim_selection_hints io_selection_hints, + kim_string in_user); /*! * \param in_selection_hints a selection hints object. @@ -300,8 +300,8 @@ kim_error_t kim_selection_hints_set_user_hint (kim_selection_hints_t io_selectio * \brief Get the preferred user name. * \sa kim_selection_hints_set_user_hint() */ -kim_error_t kim_selection_hints_get_user_hint (kim_selection_hints_t in_selection_hints, - kim_string_t *out_user); +kim_error kim_selection_hints_get_user_hint (kim_selection_hints in_selection_hints, + kim_string *out_user); /*! @@ -311,8 +311,8 @@ kim_error_t kim_selection_hints_get_user_hint (kim_selection_hints_t in_selecti * \brief Set the preferred service realm. * \sa kim_selection_hints_get_service_realm_hint() */ -kim_error_t kim_selection_hints_set_service_realm_hint (kim_selection_hints_t io_selection_hints, - kim_string_t in_service_realm); +kim_error kim_selection_hints_set_service_realm_hint (kim_selection_hints io_selection_hints, + kim_string in_service_realm); /*! * \param io_selection_hints a selection hints object. @@ -322,8 +322,8 @@ kim_error_t kim_selection_hints_set_service_realm_hint (kim_selection_hints_t io * \brief Get the preferred service realm. * \sa kim_selection_hints_set_service_realm_hint() */ -kim_error_t kim_selection_hints_get_service_realm_hint (kim_selection_hints_t io_selection_hints, - kim_string_t *out_service_realm); +kim_error kim_selection_hints_get_service_realm_hint (kim_selection_hints io_selection_hints, + kim_string *out_service_realm); /*! * \param io_selection_hints a selection hints object to modify. @@ -332,8 +332,8 @@ kim_error_t kim_selection_hints_get_service_realm_hint (kim_selection_hints_t i * \brief Set the preferred service name. * \sa kim_selection_hints_get_service_hint() */ -kim_error_t kim_selection_hints_set_service_hint (kim_selection_hints_t io_selection_hints, - kim_string_t in_service); +kim_error kim_selection_hints_set_service_hint (kim_selection_hints io_selection_hints, + kim_string in_service); /*! * \param in_selection_hints a selection hints object. @@ -343,8 +343,8 @@ kim_error_t kim_selection_hints_set_service_hint (kim_selection_hints_t io_selec * \brief Get the preferred service name. * \sa kim_selection_hints_set_service_hint() */ -kim_error_t kim_selection_hints_get_service_hint (kim_selection_hints_t in_selection_hints, - kim_string_t *out_service); +kim_error kim_selection_hints_get_service_hint (kim_selection_hints in_selection_hints, + kim_string *out_service); /*! * \param io_selection_hints a selection hints object to modify. @@ -353,8 +353,8 @@ kim_error_t kim_selection_hints_get_service_hint (kim_selection_hints_t in_sele * \brief Set the preferred server host name. * \sa kim_selection_hints_get_server_hint() */ -kim_error_t kim_selection_hints_set_server_hint (kim_selection_hints_t io_selection_hints, - kim_string_t in_server); +kim_error kim_selection_hints_set_server_hint (kim_selection_hints io_selection_hints, + kim_string in_server); /*! * \param in_selection_hints a selection hints object. @@ -364,8 +364,8 @@ kim_error_t kim_selection_hints_set_server_hint (kim_selection_hints_t io_select * \brief Get the preferred server host name. * \sa kim_selection_hints_set_server_hint() */ -kim_error_t kim_selection_hints_get_server_hint (kim_selection_hints_t in_selection_hints, - kim_string_t *out_server); +kim_error kim_selection_hints_get_server_hint (kim_selection_hints in_selection_hints, + kim_string *out_server); /*! * \param io_selection_hints a selection hints object to modify. @@ -377,8 +377,8 @@ kim_error_t kim_selection_hints_get_server_hint (kim_selection_hints_t in_selec * \brief Set the application name for use in user interaction. * \sa kim_selection_hints_get_application_name() */ -kim_error_t kim_selection_hints_set_application_name (kim_selection_hints_t io_selection_hints, - kim_string_t in_application_name); +kim_error kim_selection_hints_set_application_name (kim_selection_hints io_selection_hints, + kim_string in_application_name); /*! * \param in_selection_hints a selection hints object. @@ -388,8 +388,8 @@ kim_error_t kim_selection_hints_set_application_name (kim_selection_hints_t io_s * \brief Get the application name for use in user interaction. * \sa kim_selection_hints_set_application_name() */ -kim_error_t kim_selection_hints_get_application_name (kim_selection_hints_t in_selection_hints, - kim_string_t *out_application_name); +kim_error kim_selection_hints_get_application_name (kim_selection_hints in_selection_hints, + kim_string *out_application_name); /*! * \param io_selection_hints a selection hints object to modify. @@ -401,8 +401,8 @@ kim_error_t kim_selection_hints_get_application_name (kim_selection_hints_t in_ * \brief Set the strings used to prompt the user to select the identity. * \sa kim_selection_hints_get_explanation() */ -kim_error_t kim_selection_hints_set_explanation (kim_selection_hints_t io_selection_hints, - kim_string_t in_explanation); +kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_hints, + kim_string in_explanation); /*! * \param in_selection_hints a selection hints object. @@ -413,8 +413,8 @@ kim_error_t kim_selection_hints_set_explanation (kim_selection_hints_t io_select * \brief Get the strings used to prompt the user to select the identity. * \sa kim_selection_hints_set_explanation() */ -kim_error_t kim_selection_hints_get_explanation (kim_selection_hints_t in_selection_hints, - kim_string_t *out_explanation); +kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection_hints, + kim_string *out_explanation); /*! @@ -424,8 +424,8 @@ kim_error_t kim_selection_hints_get_explanation (kim_selection_hints_t in_selec * \brief Set the options which will be used if credentials need to be acquired. * \sa kim_selection_hints_get_options() */ -kim_error_t kim_selection_hints_set_options (kim_selection_hints_t io_selection_hints, - kim_options_t in_options); +kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hints, + kim_options in_options); /*! * \param in_selection_hints a selection hints object. @@ -436,8 +436,8 @@ kim_error_t kim_selection_hints_set_options (kim_selection_hints_t io_selection_ * \brief Get the options which will be used if credentials need to be acquired. * \sa kim_selection_hints_set_options() */ -kim_error_t kim_selection_hints_get_options (kim_selection_hints_t in_selection_hints, - kim_options_t *out_options); +kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hints, + kim_options *out_options); /*! * \param in_selection_hints a selection hints object to modify @@ -448,8 +448,8 @@ kim_error_t kim_selection_hints_get_options (kim_selection_hints_t in_selection * \brief Set whether or not KIM may interact with the user to select an identity. * \sa kim_selection_hints_get_allow_user_interaction */ -kim_error_t kim_selection_hints_set_allow_user_interaction (kim_selection_hints_t in_selection_hints, - kim_boolean_t in_allow_user_interaction); +kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in_selection_hints, + kim_boolean in_allow_user_interaction); /*! * \param in_selection_hints a selection hints object to modify @@ -461,8 +461,8 @@ kim_error_t kim_selection_hints_set_allow_user_interaction (kim_selection_hints_ * \brief Get whether or not KIM may interact with the user to select an identity. * \sa kim_selection_hints_set_allow_user_interaction */ -kim_error_t kim_selection_hints_get_allow_user_interaction (kim_selection_hints_t in_selection_hints, - kim_boolean_t *out_allow_user_interaction); +kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints in_selection_hints, + kim_boolean *out_allow_user_interaction); /*! * \param in_selection_hints a selection hints object to modify @@ -473,8 +473,8 @@ kim_error_t kim_selection_hints_get_allow_user_interaction (kim_selection_hints_ * \brief Set whether or not KIM will use cached mappings for this selection hints object. * \sa kim_selection_hints_get_remember_identity */ -kim_error_t kim_selection_hints_set_remember_identity (kim_selection_hints_t in_selection_hints, - kim_boolean_t in_remember_identity); +kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_selection_hints, + kim_boolean in_remember_identity); /*! * \param in_selection_hints a selection hints object to modify @@ -485,8 +485,8 @@ kim_error_t kim_selection_hints_set_remember_identity (kim_selection_hints_t in_ * \brief Get whether or not KIM will use cache mappings for this selection hints object. * \sa kim_selection_hints_set_remember_identity */ -kim_error_t kim_selection_hints_get_remember_identity (kim_selection_hints_t in_selection_hints, - kim_boolean_t *out_remember_identity); +kim_error kim_selection_hints_get_remember_identity (kim_selection_hints in_selection_hints, + kim_boolean *out_remember_identity); /*! * \param in_selection_hints the selection hints to add to the cache. @@ -499,8 +499,8 @@ kim_error_t kim_selection_hints_get_remember_identity (kim_selection_hints_t in * \brief Choose a client identity based on selection hints. */ -kim_error_t kim_selection_hints_get_identity (kim_selection_hints_t in_selection_hints, - kim_identity_t *out_identity); +kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hints, + kim_identity *out_identity); /*! * \param in_selection_hints the selection hints to add to the cache. @@ -510,8 +510,8 @@ kim_error_t kim_selection_hints_get_identity (kim_selection_hints_t in_selection * replacing any existing entry. */ -kim_error_t kim_selection_hints_remember_identity (kim_selection_hints_t in_selection_hints, - kim_identity_t in_identity); +kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selection_hints, + kim_identity in_identity); /*! * \param in_selection_hints the selection hints to remove from the cache. @@ -519,14 +519,14 @@ kim_error_t kim_selection_hints_remember_identity (kim_selection_hints_t in_sele * \brief Remove an entry for the selection hints from the selection hints cache. */ -kim_error_t kim_selection_hints_forget_identity (kim_selection_hints_t in_selection_hints); +kim_error kim_selection_hints_forget_identity (kim_selection_hints in_selection_hints); /*! * \param io_selection_hints the selection hints object to be freed. Set to NULL on exit. * \brief Free memory associated with a selection hints object. */ -void kim_selection_hints_free (kim_selection_hints_t *io_selection_hints); +void kim_selection_hints_free (kim_selection_hints *io_selection_hints); /*!@}*/ diff --git a/src/include/kim/kim_string.h b/src/include/kim/kim_string.h index eb5277ef5..77b3abe61 100644 --- a/src/include/kim/kim_string.h +++ b/src/include/kim/kim_string.h @@ -54,8 +54,8 @@ extern "C" { * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Copy a string. */ -kim_error_t kim_string_copy (kim_string_t *out_string, - const kim_string_t in_string); +kim_error kim_string_copy (kim_string *out_string, + const kim_string in_string); /*! * \param in_string a string. @@ -65,15 +65,15 @@ kim_error_t kim_string_copy (kim_string_t *out_string, * \return On success, #KIM_NO_ERROR. On failure, an error object representing the failure. * \brief Compare two strings. */ -kim_error_t kim_string_compare (kim_string_t in_string, - kim_string_t in_compare_to_string, - kim_comparison_t *out_comparison); +kim_error kim_string_compare (kim_string in_string, + kim_string in_compare_to_string, + kim_comparison *out_comparison); /*! * \param io_string a string to be freed. Set to NULL on exit. * \brief Free memory associated with a string. */ -void kim_string_free (kim_string_t *io_string); +void kim_string_free (kim_string *io_string); /*!@}*/ diff --git a/src/include/kim/kim_types.h b/src/include/kim/kim_types.h index 7898e626e..b342ad778 100644 --- a/src/include/kim/kim_types.h +++ b/src/include/kim/kim_types.h @@ -39,27 +39,27 @@ extern "C" { /*! * The KIM String type. See \ref kim_string_overview for more information. */ -typedef int32_t kim_error_code_t; +typedef int32_t kim_error_code; /*! * A time value represented in seconds since January 1, 1970. */ -typedef int64_t kim_time_t; +typedef int64_t kim_time; /*! * A duration represented in seconds. */ -typedef int64_t kim_lifetime_t; +typedef int64_t kim_lifetime; /*! * An quantity, usually used to return the number of elements in an array. */ -typedef uint64_t kim_count_t; +typedef uint64_t kim_count; /*! * A boolean value. 0 means false, all other values mean true. */ -typedef int kim_boolean_t; +typedef int kim_boolean; /*! * A comparison between two sortable objects. @@ -71,7 +71,7 @@ typedef int kim_boolean_t; * See #kim_comparison_is_less_than(), #kim_comparison_is_equal() and * #kim_comparison_is_greater_than() */ -typedef int kim_comparison_t; +typedef int kim_comparison; /*! * Convenience macro for interpreting #kim_comparison_t. @@ -91,67 +91,67 @@ typedef int kim_comparison_t; /*! * The KIM String type. See \ref kim_string_overview for more information. */ -typedef const char *kim_string_t; +typedef const char *kim_string; struct kim_error_opaque; /*! * A KIM Error object. See \ref kim_error_overview for more information. */ -typedef struct kim_error_opaque *kim_error_t; +typedef struct kim_error_opaque *kim_error; struct kim_identity_opaque; /*! * A KIM Principal object. See \ref kim_identity_overview for more information. */ -typedef struct kim_identity_opaque *kim_identity_t; +typedef struct kim_identity_opaque *kim_identity; struct kim_options_opaque; /*! * A KIM Options object. See \ref kim_options_overview for more information. */ -typedef struct kim_options_opaque *kim_options_t; +typedef struct kim_options_opaque *kim_options; struct kim_selection_hints_opaque; /*! * A KIM Selection Hints object. See \ref kim_selection_hints_overview for more information. */ -typedef struct kim_selection_hints_opaque *kim_selection_hints_t; +typedef struct kim_selection_hints_opaque *kim_selection_hints; struct kim_favorite_identities_opaque; /*! * A KIM Favorite Realms object. See \ref kim_favorite_identities_overview for more information. */ -typedef struct kim_favorite_identities_opaque *kim_favorite_identities_t; +typedef struct kim_favorite_identities_opaque *kim_favorite_identities; struct kim_preferences_opaque; /*! * A KIM Preferences object. See \ref kim_preferences_overview for more information. */ -typedef struct kim_preferences_opaque *kim_preferences_t; +typedef struct kim_preferences_opaque *kim_preferences; struct kim_ccache_iterator_opaque; /*! * A KIM CCache Iterator object. See \ref kim_credential_cache_collection for more information. */ -typedef struct kim_ccache_iterator_opaque *kim_ccache_iterator_t; +typedef struct kim_ccache_iterator_opaque *kim_ccache_iterator; struct kim_ccache_opaque; /*! * A KIM CCache object. See \ref kim_ccache_overview for more information. */ -typedef struct kim_ccache_opaque *kim_ccache_t; +typedef struct kim_ccache_opaque *kim_ccache; struct kim_credential_iterator_opaque; /*! * A KIM Credential Iterator object. See \ref kim_credential_iterator_t for more information. */ -typedef struct kim_credential_iterator_opaque *kim_credential_iterator_t; +typedef struct kim_credential_iterator_opaque *kim_credential_iterator; struct kim_credential_opaque; /*! * A KIM Credential object. See \ref kim_credential_overview for more information. */ -typedef struct kim_credential_opaque *kim_credential_t; +typedef struct kim_credential_opaque *kim_credential; /*!@}*/ -- 2.26.2