2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
39 #define INIT_FIELD(C, T, E, D, F) \
40 (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
41 "libdefaults", F, NULL)
43 #define INIT_FLAG(C, O, V, D, F) \
45 if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
51 * Set the list of etypes `ret_etypes' from the configuration variable
55 static krb5_error_code
56 set_etypes (krb5_context context,
58 krb5_enctype **ret_enctypes)
61 krb5_enctype *etypes = NULL;
63 etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
67 for(i = 0; etypes_str[i]; i++);
68 etypes = malloc((i+1) * sizeof(*etypes));
70 krb5_config_free_strings (etypes_str);
71 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
74 for(j = 0, k = 0; j < i; j++) {
76 if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
78 if (krb5_enctype_valid(context, e) != 0)
82 etypes[k] = ETYPE_NULL;
83 krb5_config_free_strings(etypes_str);
85 *ret_enctypes = etypes;
93 static krb5_error_code
94 copy_etypes (krb5_context context,
95 krb5_enctype *enctypes,
96 krb5_enctype **ret_enctypes)
100 for (i = 0; enctypes[i]; i++)
104 *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);
105 if (*ret_enctypes == NULL) {
106 krb5_set_error_message(context, ENOMEM,
107 N_("malloc: out of memory", ""));
110 memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i);
116 * read variables from the configuration file and set in `context'
119 static krb5_error_code
120 init_context_from_config_file(krb5_context context)
124 krb5_enctype *tmptypes;
126 INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
127 INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
128 INIT_FIELD(context, int, max_retries, 3, "max_retries");
130 INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
132 ret = set_etypes (context, "default_etypes", &tmptypes);
135 free(context->etypes);
136 context->etypes = tmptypes;
138 ret = set_etypes (context, "default_etypes_des", &tmptypes);
141 free(context->etypes_des);
142 context->etypes_des = tmptypes;
144 /* default keytab name */
147 tmp = getenv("KRB5_KTNAME");
149 context->default_keytab = tmp;
151 INIT_FIELD(context, string, default_keytab,
152 KEYTAB_DEFAULT, "default_keytab_name");
154 INIT_FIELD(context, string, default_keytab_modify,
155 NULL, "default_keytab_modify_name");
157 INIT_FIELD(context, string, time_fmt,
158 "%Y-%m-%dT%H:%M:%S", "time_format");
160 INIT_FIELD(context, string, date_fmt,
161 "%Y-%m-%d", "date_format");
163 INIT_FIELD(context, bool, log_utc,
168 /* init dns-proxy slime */
169 tmp = krb5_config_get_string(context, NULL, "libdefaults",
172 roken_gethostby_setup(context->http_proxy, tmp);
173 krb5_free_host_realm (context, context->default_realms);
174 context->default_realms = NULL;
177 krb5_addresses addresses;
180 krb5_set_extra_addresses(context, NULL);
181 adr = krb5_config_get_strings(context, NULL,
185 memset(&addresses, 0, sizeof(addresses));
186 for(a = adr; a && *a; a++) {
187 ret = krb5_parse_address(context, *a, &addresses);
189 krb5_add_extra_addresses(context, &addresses);
190 krb5_free_addresses(context, &addresses);
193 krb5_config_free_strings(adr);
195 krb5_set_ignore_addresses(context, NULL);
196 adr = krb5_config_get_strings(context, NULL,
200 memset(&addresses, 0, sizeof(addresses));
201 for(a = adr; a && *a; a++) {
202 ret = krb5_parse_address(context, *a, &addresses);
204 krb5_add_ignore_addresses(context, &addresses);
205 krb5_free_addresses(context, &addresses);
208 krb5_config_free_strings(adr);
211 INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
212 INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
213 /* prefer dns_lookup_kdc over srv_lookup. */
214 INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
215 INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
216 INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
217 INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
218 INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
219 context->default_cc_name = NULL;
220 context->default_cc_name_set = 0;
222 ret = krb5_config_get_bool_default(context, NULL, FALSE,
224 "allow_weak_crypto", NULL);
226 krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
227 krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
228 krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
229 krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
230 krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
231 krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
237 static krb5_error_code
238 cc_ops_register(krb5_context context)
240 context->cc_ops = NULL;
241 context->num_cc_ops = 0;
243 krb5_cc_register(context, &krb5_acc_ops, TRUE);
244 krb5_cc_register(context, &krb5_fcc_ops, TRUE);
245 krb5_cc_register(context, &krb5_mcc_ops, TRUE);
247 krb5_cc_register(context, &krb5_scc_ops, TRUE);
250 krb5_cc_register(context, &krb5_kcm_ops, TRUE);
255 static krb5_error_code
256 kt_ops_register(krb5_context context)
258 context->num_kt_types = 0;
259 context->kt_types = NULL;
261 krb5_kt_register (context, &krb5_fkt_ops);
262 krb5_kt_register (context, &krb5_wrfkt_ops);
263 krb5_kt_register (context, &krb5_javakt_ops);
264 krb5_kt_register (context, &krb5_mkt_ops);
265 #ifndef HEIMDAL_SMALLER
266 krb5_kt_register (context, &krb5_akf_ops);
268 krb5_kt_register (context, &krb5_any_ops);
274 * Initializes the context structure and reads the configuration file
275 * /etc/krb5.conf. The structure should be freed by calling
276 * krb5_free_context() when it is no longer being used.
278 * @param context pointer to returned context
280 * @return Returns 0 to indicate success. Otherwise an errno code is
281 * returned. Failure means either that something bad happened during
282 * initialization (typically ENOMEM) or that Kerberos should not be
288 krb5_error_code KRB5_LIB_FUNCTION
289 krb5_init_context(krb5_context *context)
297 /* should have a run_once */
298 #if defined(HEIMDAL_LOCALEDIR)
299 bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
302 p = calloc(1, sizeof(*p));
306 p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
307 if (p->mutex == NULL) {
311 HEIMDAL_MUTEX_init(p->mutex);
313 ret = krb5_get_default_config_files(&files);
316 ret = krb5_set_config_files(p, files);
317 krb5_free_config_files(files);
321 /* init error tables */
328 krb5_free_context(p);
336 * Make a copy for the Kerberos 5 context, allocated krb5_contex shoud
337 * be freed with krb5_free_context().
339 * @param in the Kerberos context to copy
340 * @param out the copy of the Kerberos, set to NULL error.
342 * @return Returns 0 to indicate success. Otherwise an kerberos et
343 * error code is returned, see krb5_get_error_message().
348 krb5_error_code KRB5_LIB_FUNCTION
349 krb5_copy_context(krb5_context context, krb5_context *out)
356 p = calloc(1, sizeof(*p));
358 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
362 p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
363 if (p->mutex == NULL) {
364 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
368 HEIMDAL_MUTEX_init(p->mutex);
371 if (context->default_cc_name)
372 p->default_cc_name = strdup(context->default_cc_name);
373 if (context->default_cc_name_env)
374 p->default_cc_name_env = strdup(context->default_cc_name_env);
376 if (context->etypes) {
377 ret = copy_etypes(context, context->etypes, &p->etypes);
381 if (context->etypes_des) {
382 ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
387 if (context->default_realms) {
388 ret = krb5_copy_host_realm(context,
389 context->default_realms, &p->default_realms);
394 ret = _krb5_config_copy(context, context->cf, &p->cf);
398 /* XXX should copy */
404 if(context->warn_dest != NULL)
408 ret = krb5_set_extra_addresses(p, context->extra_addresses);
411 ret = krb5_set_extra_addresses(p, context->ignore_addresses);
415 ret = _krb5_copy_send_to_kdc_func(p, context);
424 krb5_free_context(p);
429 * Frees the krb5_context allocated by krb5_init_context().
431 * @param context context to be freed.
436 void KRB5_LIB_FUNCTION
437 krb5_free_context(krb5_context context)
439 if (context->default_cc_name)
440 free(context->default_cc_name);
441 if (context->default_cc_name_env)
442 free(context->default_cc_name_env);
443 free(context->etypes);
444 free(context->etypes_des);
445 krb5_free_host_realm (context, context->default_realms);
446 krb5_config_file_free (context, context->cf);
447 free_error_table (context->et_list);
448 free(context->cc_ops);
449 free(context->kt_types);
450 krb5_clear_error_message(context);
451 if(context->warn_dest != NULL)
452 krb5_closelog(context, context->warn_dest);
453 krb5_set_extra_addresses(context, NULL);
454 krb5_set_ignore_addresses(context, NULL);
455 krb5_set_send_to_kdc_func(context, NULL, NULL);
456 if (context->mutex != NULL) {
457 HEIMDAL_MUTEX_destroy(context->mutex);
458 free(context->mutex);
460 memset(context, 0, sizeof(*context));
465 * Reinit the context from a new set of filenames.
467 * @param context context to add configuration too.
468 * @param filenames array of filenames, end of list is indicated with a NULL filename.
470 * @return Returns 0 to indicate success. Otherwise an kerberos et
471 * error code is returned, see krb5_get_error_message().
476 krb5_error_code KRB5_LIB_FUNCTION
477 krb5_set_config_files(krb5_context context, char **filenames)
480 krb5_config_binding *tmp = NULL;
481 while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
482 ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
483 if(ret != 0 && ret != ENOENT && ret != EACCES) {
484 krb5_config_file_free(context, tmp);
490 /* with this enabled and if there are no config files, Kerberos is
491 considererd disabled */
495 krb5_config_file_free(context, context->cf);
497 ret = init_context_from_config_file(context);
501 static krb5_error_code
502 add_file(char ***pfilenames, int *len, char *file)
504 char **pp = *pfilenames;
507 for(i = 0; i < *len; i++) {
508 if(strcmp(pp[i], file) == 0) {
514 pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
528 * `pq' isn't free, it's up the the caller
531 krb5_error_code KRB5_LIB_FUNCTION
532 krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
547 l = strsep_copy(&q, ":", NULL, 0);
552 krb5_free_config_files(pp);
555 l = strsep_copy(&p, ":", fn, l + 1);
556 ret = add_file(&pp, &len, fn);
558 krb5_free_config_files(pp);
566 for (i = 0; pq[i] != NULL; i++) {
569 krb5_free_config_files(pp);
572 ret = add_file(&pp, &len, fn);
574 krb5_free_config_files(pp);
585 * Prepend the filename to the global configuration list.
587 * @param filelist a filename to add to the default list of filename
588 * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
590 * @return Returns 0 to indicate success. Otherwise an kerberos et
591 * error code is returned, see krb5_get_error_message().
596 krb5_error_code KRB5_LIB_FUNCTION
597 krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
600 char **defpp, **pp = NULL;
602 ret = krb5_get_default_config_files(&defpp);
606 ret = krb5_prepend_config_files(filelist, defpp, &pp);
607 krb5_free_config_files(defpp);
616 * Get the global configuration list.
618 * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
620 * @return Returns 0 to indicate success. Otherwise an kerberos et
621 * error code is returned, see krb5_get_error_message().
626 krb5_error_code KRB5_LIB_FUNCTION
627 krb5_get_default_config_files(char ***pfilenames)
629 const char *files = NULL;
631 if (pfilenames == NULL)
634 files = getenv("KRB5_CONFIG");
636 files = krb5_config_file;
638 return krb5_prepend_config_files(files, NULL, pfilenames);
642 * Free a list of configuration files.
644 * @param filenames list to be freed.
646 * @return Returns 0 to indicate success. Otherwise an kerberos et
647 * error code is returned, see krb5_get_error_message().
652 void KRB5_LIB_FUNCTION
653 krb5_free_config_files(char **filenames)
656 for(p = filenames; *p != NULL; p++)
662 * Returns the list of Kerberos encryption types sorted in order of
663 * most preferred to least preferred encryption type. Note that some
664 * encryption types might be disabled, so you need to check with
665 * krb5_enctype_valid() before using the encryption type.
667 * @return list of enctypes, terminated with ETYPE_NULL. Its a static
668 * array completed into the Kerberos library so the content doesn't
674 const krb5_enctype * KRB5_LIB_FUNCTION
675 krb5_kerberos_enctypes(krb5_context context)
677 static const krb5_enctype p[] = {
678 ETYPE_AES256_CTS_HMAC_SHA1_96,
679 ETYPE_AES128_CTS_HMAC_SHA1_96,
682 ETYPE_ARCFOUR_HMAC_MD5,
692 * set `etype' to a malloced list of the default enctypes
695 static krb5_error_code
696 default_etypes(krb5_context context, krb5_enctype **etype)
698 const krb5_enctype *p;
699 krb5_enctype *e = NULL, *ep;
702 p = krb5_kerberos_enctypes(context);
704 for (i = 0; p[i] != ETYPE_NULL; i++) {
705 if (krb5_enctype_valid(context, p[i]) != 0)
707 ep = realloc(e, (n + 2) * sizeof(*e));
710 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
715 e[n + 1] = ETYPE_NULL;
723 * Set the default encryption types that will be use in communcation
724 * with the KDC, clients and servers.
726 * @param context Kerberos 5 context.
727 * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
729 * @return Returns 0 to indicate success. Otherwise an kerberos et
730 * error code is returned, see krb5_get_error_message().
735 krb5_error_code KRB5_LIB_FUNCTION
736 krb5_set_default_in_tkt_etypes(krb5_context context,
737 const krb5_enctype *etypes)
739 krb5_enctype *p = NULL;
743 for (i = 0; etypes[i]; ++i) {
745 ret = krb5_enctype_valid(context, etypes[i]);
752 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
755 memmove(p, etypes, i * sizeof(krb5_enctype));
758 free(context->etypes);
764 * Get the default encryption types that will be use in communcation
765 * with the KDC, clients and servers.
767 * @param context Kerberos 5 context.
768 * @param etypes Encryption types, array terminated with
769 * ETYPE_NULL(0), caller should free array with krb5_xfree():
771 * @return Returns 0 to indicate success. Otherwise an kerberos et
772 * error code is returned, see krb5_get_error_message().
777 krb5_error_code KRB5_LIB_FUNCTION
778 krb5_get_default_in_tkt_etypes(krb5_context context,
779 krb5_enctype **etypes)
785 if(context->etypes) {
786 for(i = 0; context->etypes[i]; i++);
790 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
793 memmove(p, context->etypes, i * sizeof(krb5_enctype));
795 ret = default_etypes(context, &p);
804 * Return the error string for the error code. The caller must not
807 * @param context Kerberos 5 context.
808 * @param code Kerberos error code.
810 * @return the error message matching code
815 const char* KRB5_LIB_FUNCTION
816 krb5_get_err_text(krb5_context context, krb5_error_code code)
818 const char *p = NULL;
820 p = com_right(context->et_list, code);
829 * Init the built-in ets in the Kerberos library.
831 * @param context kerberos context to add the ets too
836 void KRB5_LIB_FUNCTION
837 krb5_init_ets(krb5_context context)
839 if(context->et_list == NULL){
840 krb5_add_et_list(context, initialize_krb5_error_table_r);
841 #if defined(HEIMDAL_LOCALEDIR)
842 bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR);
845 krb5_add_et_list(context, initialize_asn1_error_table_r);
846 #if defined(HEIMDAL_LOCALEDIR)
847 bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR);
850 krb5_add_et_list(context, initialize_heim_error_table_r);
851 #if defined(HEIMDAL_LOCALEDIR)
852 bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR);
855 krb5_add_et_list(context, initialize_k524_error_table_r);
856 #if defined(HEIMDAL_LOCALEDIR)
857 bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR);
861 krb5_add_et_list(context, initialize_hx_error_table_r);
862 #if defined(HEIMDAL_LOCALEDIR)
863 bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR);
870 * Make the kerberos library default to the admin KDC.
872 * @param context Kerberos 5 context.
873 * @param flag boolean flag to select if the use the admin KDC or not.
878 void KRB5_LIB_FUNCTION
879 krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
881 context->use_admin_kdc = flag;
885 * Make the kerberos library default to the admin KDC.
887 * @param context Kerberos 5 context.
889 * @return boolean flag to telling the context will use admin KDC as the default KDC.
894 krb5_boolean KRB5_LIB_FUNCTION
895 krb5_get_use_admin_kdc (krb5_context context)
897 return context->use_admin_kdc;
901 * Add extra address to the address list that the library will add to
902 * the client's address list when communicating with the KDC.
904 * @param context Kerberos 5 context.
905 * @param addresses addreses to add
907 * @return Returns 0 to indicate success. Otherwise an kerberos et
908 * error code is returned, see krb5_get_error_message().
913 krb5_error_code KRB5_LIB_FUNCTION
914 krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
917 if(context->extra_addresses)
918 return krb5_append_addresses(context,
919 context->extra_addresses, addresses);
921 return krb5_set_extra_addresses(context, addresses);
925 * Set extra address to the address list that the library will add to
926 * the client's address list when communicating with the KDC.
928 * @param context Kerberos 5 context.
929 * @param addresses addreses to set
931 * @return Returns 0 to indicate success. Otherwise an kerberos et
932 * error code is returned, see krb5_get_error_message().
937 krb5_error_code KRB5_LIB_FUNCTION
938 krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
940 if(context->extra_addresses)
941 krb5_free_addresses(context, context->extra_addresses);
943 if(addresses == NULL) {
944 if(context->extra_addresses != NULL) {
945 free(context->extra_addresses);
946 context->extra_addresses = NULL;
950 if(context->extra_addresses == NULL) {
951 context->extra_addresses = malloc(sizeof(*context->extra_addresses));
952 if(context->extra_addresses == NULL) {
953 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
957 return krb5_copy_addresses(context, addresses, context->extra_addresses);
961 * Get extra address to the address list that the library will add to
962 * the client's address list when communicating with the KDC.
964 * @param context Kerberos 5 context.
965 * @param addresses addreses to set
967 * @return Returns 0 to indicate success. Otherwise an kerberos et
968 * error code is returned, see krb5_get_error_message().
973 krb5_error_code KRB5_LIB_FUNCTION
974 krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
976 if(context->extra_addresses == NULL) {
977 memset(addresses, 0, sizeof(*addresses));
980 return krb5_copy_addresses(context,context->extra_addresses, addresses);
984 * Add extra addresses to ignore when fetching addresses from the
985 * underlaying operating system.
987 * @param context Kerberos 5 context.
988 * @param addresses addreses to ignore
990 * @return Returns 0 to indicate success. Otherwise an kerberos et
991 * error code is returned, see krb5_get_error_message().
996 krb5_error_code KRB5_LIB_FUNCTION
997 krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1000 if(context->ignore_addresses)
1001 return krb5_append_addresses(context,
1002 context->ignore_addresses, addresses);
1004 return krb5_set_ignore_addresses(context, addresses);
1008 * Set extra addresses to ignore when fetching addresses from the
1009 * underlaying operating system.
1011 * @param context Kerberos 5 context.
1012 * @param addresses addreses to ignore
1014 * @return Returns 0 to indicate success. Otherwise an kerberos et
1015 * error code is returned, see krb5_get_error_message().
1020 krb5_error_code KRB5_LIB_FUNCTION
1021 krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
1023 if(context->ignore_addresses)
1024 krb5_free_addresses(context, context->ignore_addresses);
1025 if(addresses == NULL) {
1026 if(context->ignore_addresses != NULL) {
1027 free(context->ignore_addresses);
1028 context->ignore_addresses = NULL;
1032 if(context->ignore_addresses == NULL) {
1033 context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
1034 if(context->ignore_addresses == NULL) {
1035 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
1039 return krb5_copy_addresses(context, addresses, context->ignore_addresses);
1043 * Get extra addresses to ignore when fetching addresses from the
1044 * underlaying operating system.
1046 * @param context Kerberos 5 context.
1047 * @param addresses list addreses ignored
1049 * @return Returns 0 to indicate success. Otherwise an kerberos et
1050 * error code is returned, see krb5_get_error_message().
1055 krb5_error_code KRB5_LIB_FUNCTION
1056 krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
1058 if(context->ignore_addresses == NULL) {
1059 memset(addresses, 0, sizeof(*addresses));
1062 return krb5_copy_addresses(context, context->ignore_addresses, addresses);
1066 * Set version of fcache that the library should use.
1068 * @param context Kerberos 5 context.
1069 * @param version version number.
1071 * @return Returns 0 to indicate success. Otherwise an kerberos et
1072 * error code is returned, see krb5_get_error_message().
1077 krb5_error_code KRB5_LIB_FUNCTION
1078 krb5_set_fcache_version(krb5_context context, int version)
1080 context->fcache_vno = version;
1085 * Get version of fcache that the library should use.
1087 * @param context Kerberos 5 context.
1088 * @param version version number.
1090 * @return Returns 0 to indicate success. Otherwise an kerberos et
1091 * error code is returned, see krb5_get_error_message().
1096 krb5_error_code KRB5_LIB_FUNCTION
1097 krb5_get_fcache_version(krb5_context context, int *version)
1099 *version = context->fcache_vno;
1104 * Runtime check if the Kerberos library was complied with thread support.
1106 * @return TRUE if the library was compiled with thread support, FALSE if not.
1112 krb5_boolean KRB5_LIB_FUNCTION
1113 krb5_is_thread_safe(void)
1115 #ifdef ENABLE_PTHREAD_SUPPORT
1123 * Set if the library should use DNS to canonicalize hostnames.
1125 * @param context Kerberos 5 context.
1126 * @param flag if its dns canonicalizion is used or not.
1131 void KRB5_LIB_FUNCTION
1132 krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
1135 context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1137 context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
1141 * Get if the library uses DNS to canonicalize hostnames.
1143 * @param context Kerberos 5 context.
1145 * @return return non zero if the library uses DNS to canonicalize hostnames.
1150 krb5_boolean KRB5_LIB_FUNCTION
1151 krb5_get_dns_canonicalize_hostname (krb5_context context)
1153 return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
1157 * Get current offset in time to the KDC.
1159 * @param context Kerberos 5 context.
1160 * @param sec seconds part of offset.
1161 * @param usec micro seconds part of offset.
1163 * @return returns zero
1168 krb5_error_code KRB5_LIB_FUNCTION
1169 krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
1172 *sec = context->kdc_sec_offset;
1174 *usec = context->kdc_usec_offset;
1179 * Set current offset in time to the KDC.
1181 * @param context Kerberos 5 context.
1182 * @param sec seconds part of offset.
1183 * @param usec micro seconds part of offset.
1185 * @return returns zero
1190 krb5_error_code KRB5_LIB_FUNCTION
1191 krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
1193 context->kdc_sec_offset = sec;
1195 context->kdc_usec_offset = usec;
1200 * Get max time skew allowed.
1202 * @param context Kerberos 5 context.
1204 * @return timeskew in seconds.
1209 time_t KRB5_LIB_FUNCTION
1210 krb5_get_max_time_skew (krb5_context context)
1212 return context->max_skew;
1216 * Set max time skew allowed.
1218 * @param context Kerberos 5 context.
1219 * @param t timeskew in seconds.
1224 void KRB5_LIB_FUNCTION
1225 krb5_set_max_time_skew (krb5_context context, time_t t)
1227 context->max_skew = t;