diff options
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/k5-int.h | 3 | ||||
-rw-r--r-- | src/include/krb5/krb5.hin | 43 |
2 files changed, 26 insertions, 20 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f178991..45f7cce 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -257,8 +257,7 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" #define KRB5_CONF_V4_REALM "v4_realm" #define KRB5_CONF_ASTERISK "*" -#define KRB5_CCCONF_FAST_AVAIL "fast_avail" - +#define KRB5_CONF_FAST_AVAIL "fast_avail" /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 94d054e..9e5c385 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -930,7 +930,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 #define TKT_FLG_OK_AS_DELEGATE 0x00040000 #define TKT_FLG_ANONYMOUS 0x00020000 -#define TKT_FLG_ENC_PA_REP 0x10000 +#define TKT_FLG_ENC_PA_REP 0x00010000 /* #define TKT_FLG_RESERVED 0x00008000 */ /* #define TKT_FLG_RESERVED 0x00004000 */ /* #define TKT_FLG_RESERVED 0x00002000 */ @@ -1035,7 +1035,6 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define KRB5_PADATA_ENCRYPTED_CHALLENGE 138 #define KRB5_ENCPADATA_REQ_ENC_PA_REP 149 - #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 #define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ @@ -2271,35 +2270,43 @@ krb5_get_init_creds_opt_set_pa(krb5_context context, krb5_get_init_creds_opt *opt, const char *attr, const char *value); +/** + * This API sets a ccache name that will contain some TGT on calls to + * t_init_creds functions. If set, this ccache will be used for FAST + * (draft-ietf-krb-wg-preauth-framework) to protect the AS-REQ from observation + * and active attack. If the fast_ccache_name is set, then FAST may be + * required by the client library. In this and future versions, FAST will be + * used if available; krb5_get_init_creds_opt_set_fast_flags() may be used to + * require that the request fail is FAST is unavailable. In MIT Kerberos 1.7 + * setting the fast ccache at all required that FAST be present or the request + * would fail. + */ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, -/**This API sets a ccache name that will contain some TGT on calls to - get_init_creds functions. If set, this ccache will be used for FAST - (draft-ietf-krb-wg-preauth-framework) to protect the AS-REQ from - observation and active attack. If the fast_ccache_name is set, then FAST - may be required by the client library. In this and future versions, FAST - will be used if available; krb5_get_init_creds_opt_set_fast_flags() may be - used to require that the request fail is FAST is unavailable. In MIT - Kerberos 1.7 setting the fast ccache at all required that FAST be present - or the request would fail.*/ krb5_get_init_creds_opt *opt, const char *fast_ccache_name); -/**Set a ccache where resulting credentials will be stored. If set, then the +/** + * Set a ccache where resulting credentials will be stored. If set, then the * krb5_get_init_creds family of APIs will write out credentials to the given * ccache. Setting an output ccache is desirable both because it simplifies * calling code and because it permits the krb5_get_init_creds APIs to write * out configuration information about the realm to the ccache. */ krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_set_out_ccache -(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache); +krb5_get_init_creds_opt_set_out_ccache(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_ccache ccache); + krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_set_fast_flags -(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags); +krb5_get_init_creds_opt_set_fast_flags(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_flags flags); + krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_get_fast_flags -(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags *out_flags); +krb5_get_init_creds_opt_get_fast_flags(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_flags *out_flags); /* Fast flags*/ #define KRB5_FAST_REQUIRED 1l<<0 /*!< Require KDC to support FAST*/ |