diff options
Diffstat (limited to 'tests/tap/kerberos.h')
-rw-r--r-- | tests/tap/kerberos.h | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/tests/tap/kerberos.h b/tests/tap/kerberos.h index c34f891..26f45f9 100644 --- a/tests/tap/kerberos.h +++ b/tests/tap/kerberos.h @@ -5,7 +5,7 @@ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>. * * Written by Russ Allbery <eagle@eyrie.org> - * Copyright 2006, 2007, 2009, 2011, 2012, 2013 + * Copyright 2006, 2007, 2009, 2011, 2012, 2013, 2014 * The Board of Trustees of the Leland Stanford Junior University * * Permission is hereby granted, free of charge, to any person obtaining a @@ -46,17 +46,21 @@ struct kerberos_config { char *username; /* The local (non-realm) part of principal. */ char *realm; /* The realm part of the principal. */ char *password; /* The password. */ + char *pkinit_principal; /* Principal for PKINIT authentication. */ + char *pkinit_cert; /* Path to certificates for PKINIT. */ }; /* * Whether to skip all tests (by calling skip_all) in kerberos_setup if - * certain configuration information isn't available. + * certain configuration information isn't available. "_BOTH" means that the + * tests require both keytab and password, but PKINIT is not required. */ enum kerberos_needs { TAP_KRB_NEEDS_NONE = 0x00, TAP_KRB_NEEDS_KEYTAB = 0x01, TAP_KRB_NEEDS_PASSWORD = 0x02, - TAP_KRB_NEEDS_BOTH = 0x01 | 0x02 + TAP_KRB_NEEDS_BOTH = 0x01 | 0x02, + TAP_KRB_NEEDS_PKINIT = 0x04 }; BEGIN_DECLS @@ -73,11 +77,11 @@ BEGIN_DECLS * the principal field will be NULL. If the files exist but loading them * fails, or authentication fails, kerberos_setup calls bail. * - * kerberos_cleanup will be set up to run from an atexit handler. This means - * that any child processes that should not remove the Kerberos ticket cache - * should call _exit instead of exit. The principal will be automatically - * freed when kerberos_cleanup is called or if kerberos_setup is called again. - * The caller doesn't need to worry about it. + * kerberos_cleanup will be run as a cleanup function normally, freeing all + * resources and cleaning up temporary files on process exit. It can, + * however, be called directly if for some reason the caller needs to delete + * the Kerberos environment again. However, normally the caller can just call + * kerberos_setup again. */ struct kerberos_config *kerberos_setup(enum kerberos_needs) __attribute__((__malloc__)); |